v1.1.0 — stable release

What's new in v1.1.0

This release marks the end of the alpha phase. The platform is significantly more stable, secure, and feature-complete than the initial release.

Security

• Full JWT authentication system — admin/user roles, first-run setup wizard, force password change on first login
• API key for CLI/MCP — login once, reuse until expiry
• Auto-generated SECRET_KEY on first launch (no more hardcoded default)
• Docker socket proxy — restricts container API access, prevents escape
• PostgreSQL bound to localhost only
• Path traversal prevention on assessment names
• shlex.quote sanitization on all shell commands
• CORS tightened — wildcard * rejected at startup

Features

• PDF report generation — export any assessment as a professional report
• CVSS 4.0 scoring — automatic score calculation on findings cards
• Attack timeline — auto-generated event log per assessment
• Notifications — Telegram, Slack, Email with optional PDF attachment
• Assessment templates — start from predefined methodologies
• aida-pentest container — built-in lightweight pentesting environment (~2 GB), no Exegol required
• LAN / production mode — Nginx reverse proxy via ./start.sh --lan
• Docker Hub images — docker-compose.hub.yml for zero-build installs
• python_exec MCP tool — run Python directly in the container
• http_request MCP tool — structured HTTP requests from AI workflows
• Duplicate assessment — clone with granular copy options
• Kimi CLI support — alternative to Claude in aida.py
• User management — admin-only page, password reset, role toggle
• Alembic migrations — proper DB schema versioning

Fixes

• Pydantic validation errors displayed in modals (not swallowed)
• Real-time WebSocket updates on Dashboard and Commands page
• Container discovery fallback when configured container is unavailable
• CORS configuration for LAN/network access
• Various UI polish (focus rings, filter resets, popup close on outside click)

Deployment note

Run locally or on your LAN. Do not expose the web interface to the public internet without HTTPS, a firewall, and strong credentials in .env.

What's Changed

• feat: replace Exegol with lightweight aida-pentest container by @Vasco0x4 in #7
• feat: add Qwen Code CLI support to AIDA launcher by @Hatook257 in #6
• auth hardening, user roles, timeline, notifications, templates & search by @Vasco0x4 in #16
• feat: platform enhancements — timeline, notifications, templates, search filters by @kuffsit in #8
• chore(deps): bump axios from 1.12.2 to 1.15.0 in /frontend by @dependabot[bot] in #17

New Contributors

• @kuffsit made their first contribution in #8
• @Hatook257 made their first contribution in #6
• @dependabot[bot] made their first contribution in #17

AIDA v1.0.0-alpha - Initial Public Release

AI-Driven Security Assessment platform connecting AI assistants to 400+ pentesting tools via MCP protocol.

What is AIDA?

AIDA bridges the gap between AI assistants and real penetration testing by providing:

• Direct execution of 400+ security tools via Exegol container
• MCP integration compatible with Claude, Gemini, GPT, and other AI clients
• Web dashboard for tracking findings, commands, and assessment progress
• Structured workflow from reconnaissance to exploitation
• Auto-documentation with severity-based finding cards

Key Features

• Direct Tool Execution - nmap, sqlmap, ffuf, nuclei, subfinder, and 400+ more
• Persistent Memory - Full context maintained across sessions in PostgreSQL
• Automatic Documentation - Findings tracked as cards with severity, proof, and technical analysis
• Attack Chains - AI connects discoveries to build multi-step exploits
• Adaptive Testing - Methodology adjusts based on findings, not fixed patterns

What's Included

• FastAPI backend with MCP server
• React frontend dashboard
• Docker Compose orchestration
• Exegol integration for pentesting tools
• PostgreSQL database for persistence
• Complete documentation (Installation, User Guide, Architecture, MCP Tools)
• CLI wrapper for easy AI integration

Alpha Release - Known Limitations

This is an alpha release intended for early adopters and security professionals.

• Local use only recommended - Do NOT expose publicly without additional hardening
• No authentication system yet - Anyone with access can view/modify assessments
• Bugs and rough edges - Some error messages use browser alerts, WebSocket reconnections may need manual refresh
• Database credentials - Change defaults in .env before deployment

Coming Soon

• Authentication and user management system
• Refined UI/UX (replacing alerts with modals)
• Production-ready Docker configuration
• Enhanced error handling
• Lighter Docker image alternative

Quick Start

# Clone and start
git clone https://github.com/Vasco0x4/AIDA.git
cd AIDA
./start.sh

# Open dashboard
open http://localhost:5173

See INSTALLATION.md for complete setup guide.

Documentation

• Installation Guide - Setup with your AI client
• User Guide - How to use the platform
• Architecture - Technical deep dive
• MCP Tools - Complete tools reference

Reporting Issues

Found a bug? Have a feature request? Open an issue

Contact

For questions or commercial licensing: Vasco0x4@proton.me

---

Use at your own risk. Run locally. Don't expose to internet. AGPL v3 licensed.