Changelog

All notable changes to Cyberstrike CLI are documented here. For the full release history with downloadable assets, see GitHub Releases.

v1.1.11

• Fixed Fixed skill loading performance - eliminated 4.3s cold-start delay
• Fixed Fixed first message response time (19.9s → <1s with lazy loading)
• Fixed Fixed permission log spam creating 11GB log files
• Fixed Fixed duplicate skill warnings (15,214 → DEBUG level)
• Fixed Fixed undefined permission rule errors
• Fixed Fixed TypeScript agent type errors in skill tool
• Fixed Protected SKILL.md files from Prettier formatting (added to .prettierignore)
• Improved Agent initialization: 4.3s → ~500ms (lightweight directory scan)
• Improved First message: 19.9s → <1s (lazy skill loading)
• Improved Log files: 11GB/3min → <100MB (debug level + filtered logs)
• Improved Startup: Silenced 15,214 duplicate skill warnings

v1.1.10

• Added MITRE ATT&CK Integration: 691 enterprise techniques with Atomic Red Team tests
• Added 332 techniques now include 2,000+ copy-paste ready test commands
• Added Coverage: Credential Access, Defense Evasion, Discovery, Execution, Persistence, etc.
• Added Example: T1558.003 Kerberoasting (7 Atomic tests), T1003.001 LSASS Memory (5 tests)
• Added CIS Benchmarks: 1,500+ hardening and compliance checks
• Added Cloud Providers: AWS, Azure, GCP, Google Workspace
• Added Server Software: Apache HTTP Server 2.2/2.4, Apache Cassandra 3.11/4.0/4.1/5.0, Apache Tomcat 7/8/9/10
• Added Container/Orchestration: Docker v1.6/1.7/1.8, Kubernetes
• Added Operating Systems: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
• Added OWASP WSTG: 125 web application security testing skills
• Added NIST: Security controls and frameworks
• Added Lazy Loading: Skills loaded on-demand, zero context pollution
• Added Relevance-based scoring algorithm
• Added Pagination with feedback
• Added Search by: keyword, tech_stack, CWE ID, category, tags
• Added 7,633 skills indexed in-memory
• Added CIS skill recommendations integration
• Added Automated compliance checks

v1.1.9

• Added cyberstrike web — Launches CyberStrike with built-in Web UI on localhost:4096
• Added cyberstrike serve — Headless server mode for remote access via Cloudflare Tunnel
• Added app.cyberstrike.io — Connect to any CyberStrike instance using the hosted Hub UI. Enter your CF tunnel URL and password to connect from anywhere.
• Added Hub Connect Screen — First-time users on app.cyberstrike.io see a connect screen to choose localhost or enter a remote tunnel URL
• Added Password Auth — Set CYBERSTRIKE_SERVER_PASSWORD for remote access. Unicode-safe Basic auth with automatic loopback bypass for local use.
• Added Plugin tools (subfinder, nmap, nuclei, etc.) each appear as separate entries with tool counts
• Added User-configured MCP servers (dnsx, sqlmap, katana, etc.) added via bolt.config.json are also visible
• Added Each Bolt-sourced tool shows a “bolt” badge identifying the source server
• Security osint (37 tools) — OSINT reconnaissance and intelligence gathering
• Security cve (23 tools) — CVE/NVD/EPSS/KEV/GHSA/OSV vulnerability intelligence
• Security github-security (39 tools) — GitHub security scanning with 45 checks
• Improved CORS and auth fixes for CF tunnel remote access
• Improved Retry provider API calls on 5xx server errors
• Improved Bump minimatch and dompurify for security patches
• Improved MCP/Bolt config persisted to global scope
• Improved Web UI bundled in npm package, auto-installed to ~/.cyberstrike/web/

v1.1.5

• Improved Theme hot-reload support
• Improved Select first item automatically when filtering lists
• Fixed Clear palette cache on theme change
• Fixed Encode non-ASCII directory paths in HTTP headers

v1.1.4

• Improved Auto-fallback to available port when default port (4096) is busy
• Improved Add --beta flag to install script for beta channel installs
• Fixed Update @opentui/core and @opentui/solid to 0.1.88
• Fixed Fix scoped package names in uninstall script
• Fixed Correct npm install commands and domain references on website

v1.1.3

• Security Add offensive security agent prompts for all specialized agents
• Security Harden publish script
• Fixed Add billing header for OAT token auth on Sonnet/Opus models — fixes 401 errors with certain API configurations

v1.1.2

• Added Rename opencode → cyberstrike in bin launcher script
• Added Publish only on manual workflow trigger, not on every push
• Added Remove AUR and Homebrew from publish pipeline

v1.1.1

• Added Vulnerability reporting and request normalization models
• Added Web security testing infrastructure (credentials, roles, objects, functions)
• Added report_vulnerability tool with severity and impact tracking
• Added Web proxy agent tools for endpoint analysis and credential management
• Security Vulnerability testing and proxy analysis agent prompts
• Security Extended agent definitions with proxy agents and vulnerability testers
• Security Request context prepending for vulnerability agents
• Added Vulnerability, request, and web context API endpoints
• Added Vulnerability and web context views in TUI session sidebar
• Added Sync context handlers for vulnerability and web security data
• Added Integrated vulnerability reporting into CLI commands
• Added Migrated all NPM packages to @cyberstrike-io/ scope
• Added Redesigned SVG banners, reordered README headers
• Added Added NPM keywords for discoverability
• Fixed Default server port to 4096
• Fixed Fixed migration folder timestamps and loader validation

v0.1.0

• Added 13+ specialized security agents (web, mobile, cloud, network, proxy testers)
• Added 120+ OWASP WSTG test cases
• Added 15+ LLM provider support (OpenAI, Anthropic, Google, AWS Bedrock, Azure, and more)
• Added TUI + Web interfaces
• Added Plugin system for custom agents and tools

Version Format

Cyberstrike follows Semantic Versioning:

Badge Legend

• Added New feature or capability
• Fixed Bug fix
• Improved Enhancement to existing feature
• Security Security-related update
• Breaking Breaking change
• Deprecated Feature marked for removal

Pre-release Versions