Z3r0 v0.1.0

First public preview release of Z3r0, a controlled multi-agent workbench for authorized security assessment, code auditing, internal review, and controlled research.

Highlights

• Multi-agent security workflow with a lead CSO agent and specialist agents for code audit, intelligence, penetration validation, reverse engineering, and cryptography review.
• FastAPI backend with authentication, persisted sessions, timeline replay, system configuration, work projects, sandbox images, sandbox containers, and agent session APIs.
• React workbench with playground chat, session replay, subagent progress, sandbox selection, file manager, shell access, image previews, and admin resource pages.
• Docker-backed sandbox execution for controlled command execution, async jobs, browser/noVNC workflows, file access, and security tooling.
• Interrupt-driven agent runtime with resumable turns, async sandbox command completion, subagent delegation, notification recovery, and context compaction.
• Persistent timeline event log for live streaming and replay.
• Docker Compose production quickstart with PostgreSQL and bundled frontend serving.

Deployment

cp .z3r0/config.json.example .z3r0/config.json
docker compose -f docker-compose.prod.yml up -d --build

Before deployment, update the encryption key, bootstrap admin password, model provider credentials, and database credentials.

See QUICKSTART.md or QUICKSTART_zh.md for setup details.

Security Notice

Z3r0 is intended only for lawful, explicitly authorized security testing, code auditing, internal review, controlled research, and training environments. Do not use it against third-party systems without clear authorization.

The production Compose setup mounts /var/run/docker.sock; deploy only on trusted, isolated hosts. Default PostgreSQL and pgAdmin credentials are for local evaluation and should be changed before network exposure.