Public attestation reports
We run Delimit's merge gate against recognizable open-source API surfaces and publish the output. Each report is reproducible byte-for-byte from the cited commits and ships under the Delimit team byline. No relationship to the projects under analysis is implied.
- 2026-05-06/Twilio (twilio/twilio-oai)
Twilio v2010 OpenAPI: 55 days under a merge gate
Between 2026-02-18 and 2026-04-14, three librarian regenerations of the canonical Twilio Voice / SMS / Messaging OpenAPI produced four additive enum values on a single PCI capture field and nothing else on the wire. 197 operations unchanged, 0 breaking changes. Here is what compatibility-as-discipline looks like under the gate.
read the report - 2026-05-06/Supabase Auth (supabase/auth)
Supabase Auth OpenAPI: 57 days under a merge gate
Between 2026-03-02 and 2026-04-28, one commit touched the Supabase Auth (GoTrue) OpenAPI: a WebAuthn relying-party config hardening that drops two required fields from the MFA verify endpoint. info.version stayed latest. Here is what a small, surgical, intentional break looks like under the gate.
read the report - 2026-05-05/Stripe (stripe/openapi)
Stripe v1 OpenAPI: 57 days under a merge gate
Between 2026-02-23 and 2026-04-20, Stripe shipped 125 changes across its public OpenAPI: 19 breaking, 106 additive, 414 endpoints unchanged, info.version cleanly bumped from clover to dahlia. Here is what disciplined versioning looks like under the gate.
read the report - 2026-05-04/cal.com (calcom/cal.com)
cal.com v2 OpenAPI: 60 days under a merge gate
Between 2026-03-05 and 2026-05-03, cal.com v2 dropped from 174 endpoints to 82 and renamed itself Cal.diy. info.version stayed 1.0.0. Here is what the merge gate saw.
read the report