Releases: j3ssie/osmedeus
osmedeus v5.0.1
Osmedeus v5.0.1 - Enhanced LLM & Agent Integration
This release introduces the agent-acp step type, enabling Osmedeus workflows to spawn and orchestrate external AI coding agents via the Agent Communication Protocol (ACP). Delegate tasks to real agent binaries — Claude Code, Codex, OpenCode, or Gemini — directly from your workflow YAML.
Built-in agents:
| Agent | Command |
|---|---|
claude-code |
npx -y @zed-industries/claude-code-acp@latest |
codex |
npx -y @zed-industries/codex-acp |
opencode |
opencode acp |
gemini |
gemini --experimental-acp |
Workflow example:
steps:
- name: analyze
type: agent-acp
agent: claude-code
cwd: "{{Output}}"
messages:
- role: user
content: "Analyze the scan results and create a summary report."
exports:
analysis: "{{acp_output}}"CLI usage:
osmedeus agent "analyze this codebase"
osmedeus agent --agent codex "explain main.go"
osmedeus agent --listAPI endpoint: POST /osm/api/agent/chat/completions — OpenAI-compatible chat format with concurrency control.
Agentic LLM Executor
- LLM-based agentic loop with tool calling, max iterations, and stop conditions
- 20+ preset tools:
bash,read_file,http_get,grep_regex,run_module,run_flow, and more - Sub-agent orchestration via
spawn_agentwith recursive depth limits - Agent memory management with sliding window, summarization, and session persistence
- Structured output via JSON schema enforcement
SARIF Integration
- Parse and import SAST results from Semgrep, Trivy, Kingfisher, and Bearer
db_import_sarif()for database ingestion with severity mapping and deduplicationconvert_sarif_to_markdown()for human-readable vulnerability reports
Workflow Engine Improvements
- Decision routing — Conditional branching with switch/case syntax and param-based JS evaluation
- Linter enhancements — Comprehensive undefined variable detection with built-in variable awareness
- Webhook triggers — UUID-based run execution with authentication key support
- Snapshot improvements — Workspace export/import with replay support
- Workflow help metadata — Artifact optional flag, search/filter improvements
Utility Functions
- Nmap integration —
nmap_to_jsonl(),run_nmap(),db_import_port_assets()for port scan processing - Tmux sessions —
tmux_run(),tmux_capture(),tmux_send()for background process management - Agent functions —
run_agent()for executing ACP agents from JS context within workflows
Cloud Infrastructure (Still WIP)
- Multi-provider support: DigitalOcean, AWS, GCP, Linode, Azure with Pulumi integration
- Distributed scanning with
osmedeus cloud run -f <flow> -t <target> --instances N - Cost controls and automatic infrastructure cleanup
Enhanced UI Dashboard
- Updated dashboard build with latest Next.js artifacts
Full Changelog: v5.0.0...v5.0.1
osmedeus v0.0.0-nightly
Nightly Build
Note: This is a nightly build, not a tagged release. Even though you enjoy the latest features, things may change when the official release.
Built from commit: bbba135
osmedeus v5.0.0
Osmedeus v5.0 is a major milestone with a complete rewrite and redesign of the core architecture, delivering a cleaner, more flexible, and more powerful orchestration engine for security automation.
✨ What's New
Core Architecture
- Next-Generation Engine - Complete rewrite with a modular, plugin-based architecture
- Declarative YAML Workflows - Define reconnaissance pipelines using simple, readable YAML syntax
- Two Workflow Types - Modules for single execution units, Flows for multi-module orchestration
- Decision Routing - Conditional workflow branching with switch/case syntax
- Template Engine - Powerful variable interpolation with built-in and custom variables
Execution & Scaling
- Multiple Runners - Execute on local host, Docker containers, or remote machines via SSH
- Distributed Execution - Scale with Redis-based master-worker pattern for parallel scanning
- Event-Driven Triggers - Cron scheduling, file watching, and event-based workflow triggers
Integrations
- REST API Server - Manage and trigger workflows programmatically
- Database Support - SQLite (default) and PostgreSQL for asset tracking
- Cloud Storage - S3-compatible storage for artifact management
- Notifications - Telegram bot and webhook integrations
- LLM Integration - AI-powered workflow steps with chat completions and embeddings
Developer Experience
- Beautiful UI - Visualize results and workflow diagrams
- Utility Functions - Rich function library for file operations, string manipulation, and JSON processing
Refer to the Documentation here for more usage and and how to install.
| CLI Usage | Web UI Assets | Web UI Workflow |
|---|---|---|
 |
 |
 |
osmedeus v5.0.0-beta
Osmedeus v5.0 is a major milestone with a complete rewrite and redesign of the core architecture, delivering a cleaner, more flexible, and more powerful orchestration engine for security automation.
🔥 Why It Matters
Osmedeus v5.0 lays the foundation for the next generation of security orchestration with cleaner internals, extensible design, and a vastly improved user experience.
osmedeus v4.7.1
Changelog
- 6f7271f Added the workspace name in the scanning endpoint
