0.5.0 - Fire and Blood
New Features
- Added OpenCTI as a first-class threat intelligence provider alongside AlienVault OTX.
- OpenCTI now supports database-backed settings, connection testing, SSL verification, proxy configuration, timeout settings, and a dedicated settings tab.
- Threat intelligence queries now aggregate all enabled real providers by default, and the runtime no longer falls back to the Mock Provider.
- Added the ASP CLI agent API foundation, covering version checks, authentication, Cases, Alerts, Artifacts, Knowledge, Comments, Files, Enrichments, Playbooks, SIEM, Threat Intelligence, and CMDB automation scenarios.
- Added PyPI package metadata for the CLI so the
asp-clipackage provides theaspcommand, and connected it to the GitHub Release workflow. - Added WebSocket realtime events and Inbox realtime refresh foundations for unread counts, message creation, deletion, read state, and comment events.
- Added persisted table preferences and configurable left-pinned table columns.
- Added LLM-friendly documentation output for the docs site, including English
llms.txt,llms-full.txt, per-page Markdown, and lightweight copy/view/download Markdown actions.
Improvements
asp auth loginnow validates the API URL and API key against the authenticated version endpoint before writing local settings.- AlienVault OTX configuration testing now calls an authenticated endpoint to avoid public endpoints making invalid keys look successful.
- OpenCTI, OTX, and SIEM settings icons now better match their semantics.
- Updated multiple frontend Ant Design deprecated props to the v6 recommended APIs.
- Frontend global
messagecalls now useApp.useApp()so they can consume dynamic theme context. - Realtime WebSocket lifecycle handling is more robust and avoids noisy development refresh warnings.
- Alert detail Descriptions rows now fill their configured column span correctly.
- TagList rendering now provides stable keys to avoid React list key warnings.
Fixes
- Fixed UUID-backed cursor pagination failing to serialize cursor IDs, which caused
/api/agent/v1/cases/?page_size=1to return 500. - Fixed cursor decoding logic that assumed integer primary keys even though BaseModel records use UUIDs.
- Fixed CLI login saving settings without first verifying that the server and API key were actually usable.
Deployment and Release Engineering
- The Release workflow now builds and publishes
asp-clito PyPI after creating the GitHub Release. - CLI PyPI publishing uses Trusted Publishing, so no PyPI API token is stored in the repository or GitHub Secrets.
- The release runbook now documents CLI/PyPI publishing steps, version checks, failure handling, and validation commands.
- The CLI version must match the main release version: Git tags use
v0.5.0, while the PyPI package version uses0.5.0. - This release generates
asp-compose-0.5.0.tar.gzand publishes matching GHCR image tags.
Upgrade Notes
If you already deployed 0.4.1, back up first, then update image versions in .env:
ASP_BACKEND_IMAGE=ghcr.io/funnywolf/agentic-soc-platform/asp-backend:0.5.0
ASP_FRONTEND_IMAGE=ghcr.io/funnywolf/agentic-soc-platform/asp-frontend:0.5.0Run the upgrade:
./scripts/upgrade.shTo use the CLI:
pipx install asp-cli==0.5.0Developer Notes
The title of this release borrows the Targaryen house words: Fire and Blood.
The strongest lesson from this cycle is simple: when something feels wrong during development, when the current shape feels uncomfortable, it probably is wrong. Do not assume it will fix itself. Do not leave it alone just because it still runs. It becomes a thorn that sinks deeper over time. You will still have to remove it later, only with more cost and more pain.
This is about the move from MCP to the CLI.
Using MCP early on was useful because it quickly connected agents with platform capabilities. That choice made sense at the time. But as the work continued, the MCP runtime path made deployment, authentication, file access, command behavior, versioning, and user workflow feel less direct. It was not a tiny flaw. It affected the foundation for future agent capabilities.
So 0.5.0 makes the more painful but cleaner choice: the main agent-facing entry point moves toward the CLI. The CLI can be versioned, published to PyPI, called from scripts and skills, and aligned with the existing authentication, API, and release workflow. The MCP work was not wasted; it proved what agents actually need from ASP. But for the platform to keep moving forward, the CLI is the clearer and more controllable base.
Some thorns hurt when you pull them out early. They hurt more when you wait. This release pulls it out.