Z3r0 v0.2.0

Added

• Added WorkProject attack-chain graphing with assets, findings, attack paths, and auditable record snapshots.
• Added project workspace views for graph exploration, record review, and richer project editing.
• Added Mermaid diagram enforcement and rendering in playground transcripts.

Changed

• Refined WorkProject tool contracts around assets, findings, task summaries, shared task updates, graph edges, and attack paths.
• Improved project graph layout, task label wrapping, and frontend resource presentation.
• Repositioned README and landing copy around authorized red-team research and controlled multi-agent workflows.

Fixed

• Consolidated WorkProject record snapshot flow and hardened record persistence.
• Aligned generated API contracts, frontend constants, and backend tool schemas for WorkProject records.
• Moved JWT authentication from bearer authorization to the custom access-token header contract.

Z3r0 v0.1.1

Highlights

• Added paginated read_subagent_task(run_id, offset) result/error reads so large subagent outputs can be consumed in chunks.
• Kept subagent result bodies out of completion notifications; parent agents now read the full body through read_subagent_task.
• Improved subagent runtime stability by giving each subagent driver its own bound agent graph, keeping streams alive across main agent graph rebinds.

Fixes

• Hardened instance config refresh so runtime config is reapplied from disk, rebuilds report whether a restart happened, and config state is restored on rebuild failure.
• Replaced frontend-only random row IDs in system config with stable agent codes.
• Stored sandbox image size as bigint.

UI / Build

• Added subtle playground message scrollbars that appear during wheel, touch, and keyboard scrolling.
• Split Vite app and landing entry structure with dedicated app config and landing root.
• Updated generated OpenAPI/types for the subagent task response shape.

Z3r0 v0.1.0

First public preview release of Z3r0, a controlled multi-agent workbench for authorized security assessment, code auditing, internal review, and controlled research.

Highlights

• Multi-agent security workflow with a lead CSO agent and specialist agents for code audit, intelligence, penetration validation, reverse engineering, and cryptography review.
• FastAPI backend with authentication, persisted sessions, timeline replay, system configuration, work projects, sandbox images, sandbox containers, and agent session APIs.
• React workbench with playground chat, session replay, subagent progress, sandbox selection, file manager, shell access, image previews, and admin resource pages.
• Docker-backed sandbox execution for controlled command execution, async jobs, browser/noVNC workflows, file access, and security tooling.
• Interrupt-driven agent runtime with resumable turns, async sandbox command completion, subagent delegation, notification recovery, and context compaction.
• Persistent timeline event log for live streaming and replay.
• Docker Compose production quickstart with PostgreSQL and bundled frontend serving.

Deployment

cp .z3r0/config.json.example .z3r0/config.json
docker compose -f docker-compose.prod.yml up -d --build

Before deployment, update the encryption key, bootstrap admin password, model provider credentials, and database credentials.

See QUICKSTART.md or QUICKSTART_zh.md for setup details.

Security Notice

Z3r0 is intended only for lawful, explicitly authorized security testing, code auditing, internal review, controlled research, and training environments. Do not use it against third-party systems without clear authorization.

The production Compose setup mounts /var/run/docker.sock; deploy only on trusted, isolated hosts. Default PostgreSQL and pgAdmin credentials are for local evaluation and should be changed before network exposure.