Skip to content

0.5.0 - Fire and Blood

New Features

  • Added OpenCTI as a first-class threat intelligence provider alongside AlienVault OTX.
  • OpenCTI now supports database-backed settings, connection testing, SSL verification, proxy configuration, timeout settings, and a dedicated settings tab.
  • Threat intelligence queries now aggregate all enabled real providers by default, and the runtime no longer falls back to the Mock Provider.
  • Added the ASP CLI agent API foundation, covering version checks, authentication, Cases, Alerts, Artifacts, Knowledge, Comments, Files, Enrichments, Playbooks, SIEM, Threat Intelligence, and CMDB automation scenarios.
  • Added PyPI package metadata for the CLI so the asp-cli package provides the asp command, and connected it to the GitHub Release workflow.
  • Added WebSocket realtime events and Inbox realtime refresh foundations for unread counts, message creation, deletion, read state, and comment events.
  • Added persisted table preferences and configurable left-pinned table columns.
  • Added LLM-friendly documentation output for the docs site, including English llms.txt, llms-full.txt, per-page Markdown, and lightweight copy/view/download Markdown actions.

Improvements

  • asp auth login now validates the API URL and API key against the authenticated version endpoint before writing local settings.
  • AlienVault OTX configuration testing now calls an authenticated endpoint to avoid public endpoints making invalid keys look successful.
  • OpenCTI, OTX, and SIEM settings icons now better match their semantics.
  • Updated multiple frontend Ant Design deprecated props to the v6 recommended APIs.
  • Frontend global message calls now use App.useApp() so they can consume dynamic theme context.
  • Realtime WebSocket lifecycle handling is more robust and avoids noisy development refresh warnings.
  • Alert detail Descriptions rows now fill their configured column span correctly.
  • TagList rendering now provides stable keys to avoid React list key warnings.

Fixes

  • Fixed UUID-backed cursor pagination failing to serialize cursor IDs, which caused /api/agent/v1/cases/?page_size=1 to return 500.
  • Fixed cursor decoding logic that assumed integer primary keys even though BaseModel records use UUIDs.
  • Fixed CLI login saving settings without first verifying that the server and API key were actually usable.

Deployment and Release Engineering

  • The Release workflow now builds and publishes asp-cli to PyPI after creating the GitHub Release.
  • CLI PyPI publishing uses Trusted Publishing, so no PyPI API token is stored in the repository or GitHub Secrets.
  • The release runbook now documents CLI/PyPI publishing steps, version checks, failure handling, and validation commands.
  • The CLI version must match the main release version: Git tags use v0.5.0, while the PyPI package version uses 0.5.0.
  • This release generates asp-compose-0.5.0.tar.gz and publishes matching GHCR image tags.

Upgrade Notes

If you already deployed 0.4.1, back up first, then update image versions in .env:

text
ASP_BACKEND_IMAGE=ghcr.io/funnywolf/agentic-soc-platform/asp-backend:0.5.0
ASP_FRONTEND_IMAGE=ghcr.io/funnywolf/agentic-soc-platform/asp-frontend:0.5.0

Run the upgrade:

bash
./scripts/upgrade.sh

To use the CLI:

bash
pipx install asp-cli==0.5.0

Developer Notes

The title of this release borrows the Targaryen house words: Fire and Blood.

The strongest lesson from this cycle is simple: when something feels wrong during development, when the current shape feels uncomfortable, it probably is wrong. Do not assume it will fix itself. Do not leave it alone just because it still runs. It becomes a thorn that sinks deeper over time. You will still have to remove it later, only with more cost and more pain.

This is about the move from MCP to the CLI.

Using MCP early on was useful because it quickly connected agents with platform capabilities. That choice made sense at the time. But as the work continued, the MCP runtime path made deployment, authentication, file access, command behavior, versioning, and user workflow feel less direct. It was not a tiny flaw. It affected the foundation for future agent capabilities.

So 0.5.0 makes the more painful but cleaner choice: the main agent-facing entry point moves toward the CLI. The CLI can be versioned, published to PyPI, called from scripts and skills, and aligned with the existing authentication, API, and release workflow. The MCP work was not wasted; it proved what agents actually need from ASP. But for the platform to keep moving forward, the CLI is the clearer and more controllable base.

Some thorns hurt when you pull them out early. They hurt more when you wait. This release pulls it out.

Last updated on: