From 37e6571e0c2f92e3c06ac0d56c48d9289784f429 Mon Sep 17 00:00:00 2001 From: Evgeny Kiriyak <224408464+evkir@users.noreply.github.com> Date: Sat, 20 Jun 2026 08:17:30 +0300 Subject: [PATCH 1/3] chore: bump version to 1.0.0 --- cyberai/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cyberai/version.py b/cyberai/version.py index d6f7234..2fd38bb 100644 --- a/cyberai/version.py +++ b/cyberai/version.py @@ -1,3 +1,3 @@ -__version__ = "0.5.0" +__version__ = "1.0.0" __author__ = "evkir" __description__ = "CyberAI — AI-native multi-agent pentest platform" From 18f6a4811e44fba7c164bcbaf4588572c0789e79 Mon Sep 17 00:00:00 2001 From: Evgeny Kiriyak <224408464+evkir@users.noreply.github.com> Date: Sat, 20 Jun 2026 08:18:46 +0300 Subject: [PATCH 2/3] docs: comprehensive CHANGELOG for v1.0 --- CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b446f83..8ea9f97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,36 @@ All notable changes to CyberAI are documented here. +## [1.0.0] - 2026-06-20 +### Production Release — STANDOFF complete +The 30-day STANDOFF is done: a non-working skeleton is now a production-ready +AI-native multi-agent pentest platform. CLI, web dashboard and MCP server all +operational; ~120 commits across five phases. This release tags the cumulative +result of weeks 1-4 plus the polish sprint. + +### Highlights by phase +- **Week 1 — Reanimation:** unified `ScanSession`, `BaseAgent` contract, + rewritten orchestrator, all 4 agents migrated, end-to-end `--dry-run` + pipeline with smoke coverage. +- **Week 2 — Hardening:** Pydantic result schemas, prompt-injection defense at + phase boundaries, command-injection-safe nmap with caching, EPSS enrichment, + NVD API key + rate limiting, datetime/pyproject modernization, real e2e tests. +- **Week 3 — Acceleration:** async pipeline (`AsyncOrchestrator`), cost tracking + with budget caps, Anthropic prompt caching, native LLM tool calling, + structured outputs, SQLite audit log + session replay. +- **Week 4 — Differentiation:** OOB-driven exploitation (phantom-grid v2.0), + Nuclei exploit engine, Web3 audit track (Slither + Immunefi severity), + MCP server, LLM-as-Judge report validation, bug-bounty scope import, + FastAPI dashboard with SSE live progress. +- **Polish:** full documentation sprint (README, agent API reference, OOB and + Web3 workflow guides), PyPI trusted publishing on tag. + +### Added +- `release.yml` workflow: PyPI trusted publishing triggered on `v*` tags. + +### Changed +- Version bumped to 1.0.0 — first stable release. + ## [0.5.0] - 2026-06-18 ### Differentiated Platform — Week 4 Week 4 gives CyberAI its unique edge: out-of-band-driven exploitation, a From a129814f3b24d63343b1f5277434f29a40509559 Mon Sep 17 00:00:00 2001 From: Evgeny Kiriyak <224408464+evkir@users.noreply.github.com> Date: Sat, 20 Jun 2026 08:19:44 +0300 Subject: [PATCH 3/3] ci: publish to PyPI on tag --- .github/workflows/release.yml | 52 +++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..570bc06 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,52 @@ +name: Publish to PyPI + +on: + push: + tags: + - "v*" + +jobs: + build: + name: Build distribution + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - name: Install build backend + run: | + python -m pip install --upgrade pip + pip install build + + - name: Build sdist and wheel + run: python -m build + + - name: Upload distribution artifacts + uses: actions/upload-artifact@v4 + with: + name: dist + path: dist/ + + publish: + name: Publish to PyPI + needs: build + runs-on: ubuntu-latest + environment: pypi + permissions: + id-token: write + + steps: + - name: Download distribution artifacts + uses: actions/download-artifact@v4 + with: + name: dist + path: dist/ + + - name: Publish to PyPI (trusted publishing) + uses: pypa/gh-action-pypi-publish@release/v1