v0.1.2

Bug fix

Fixed a startup crash when running openhack from a directory containing a .env file with keys the scanner doesn't define.

Because openhack scans arbitrary target repositories, a target's .env could carry unrelated keys (e.g. gemini_sandbox_proxy_command). pydantic-settings defaults to extra="forbid" and validates every key found in a CWD .env file, so any unknown key aborted the CLI before it started with:

pydantic_core.ValidationError: 1 validation error for Settings
gemini_sandbox_proxy_command
  Extra inputs are not permitted [type=extra_forbidden]

The value was never executed — it only tripped settings validation. Setting extra="ignore" makes openhack skip unrelated keys in a CWD .env (or environment), matching how unknown environment variables were already handled.

Upgrade: pip install --upgrade openhack

Full diff: v0.1.1...v0.1.2

v0.1.1

What's Changed

License

• Switched from AGPL-3.0 to MIT — LICENSE file, package metadata, and README all updated.

Custom endpoint support

• Custom setup redesigned — now asks for what an OpenAI-compatible endpoint actually needs: Base URL → API Key → Model string (free text). No more forced model menu.
• New prompt_caching setting (default on) — disable with /config prompt_caching false or PROMPT_CACHING=0 for endpoints that reject prompt_cache_key (e.g. Groq).
• Auto-recovery — if the endpoint rejects prompt_cache_key, the client retries without it and stops sending it for the rest of the session. Scans self-heal instead of failing.

Setup wizard fixes

• Cancelling setup or login (Ctrl+C / q) now exits cleanly instead of dropping into an unconfigured TUI.
• All text prompts now support full line editing — Option+Left/Right word jump and Option+Delete work on macOS.
• Fixed asyncio.run() cannot be called from a running event loop crash in the custom setup flow.

Other

• /config accepts prompt_caching and openhack_base_url, and applies changes immediately.
• README: new badges and updated docs.

Full Changelog: v0.1.0...v0.1.1

v0.1.0 — First Stable Release

First stable release of OpenHack — an open-source agentic security scanner.

Install

pipx install openhack

What's included

• Multi-agent scan pipeline: recon → hunters → feature deep dive → validation
• Interactive TUI with live trace view and findings browser
• Headless CLI: openhack scan, resume, sessions, classify
• Checkpoint-based resume for interrupted scans
• Framework detection for Next.js, Express, Flask, Django, Rails, Laravel, FastAPI, and more
• Sandbox verification (Beta, requires Docker)
• Browser verification (Beta, requires Docker + Playwright)
• 81 tests, CI on Python 3.11–3.13

Quick start

openhack          # interactive TUI
openhack scan .   # headless scan on current directory

On first run, log in to get $20 in free credits.

v0.1.0b1 — Public Beta

First public beta of OpenHack — an open-source agentic security scanner.

What's included

• Multi-agent scan pipeline: recon → hunters → feature deep dive → validation
• Interactive TUI with live trace view and findings browser
• Headless CLI mode for CI/scripts (openhack scan /path/to/repo)
• Checkpoint-based resume for interrupted scans
• Framework detection for Next.js, Express, Flask, Django, Rails, Laravel, FastAPI, and more
• Sandbox verification (Beta, requires Docker)
• Browser verification (Beta, requires Docker + Playwright)

Install

pipx install openhack

Quick start

openhack          # interactive TUI
openhack scan .   # headless scan on current directory

On first run, log in to get $20 in free credits.

Links

• Docs: https://openhack.com
• Discord: https://discord.gg/openhack