Z3r0 is an advanced AI-native security assessment workbench designed for use within authorized environments, focusing on security assessments, code auditing, internal reviews, and controlled research. This comprehensive workbench integrates a coordinator-led agent team and Docker-backed tools to streamline the process of planning, discovery, validation, relationship mapping, and attack-path reconstruction in a governed and structured workflow.

Key Features

• Structured Evidence Framework: Z3r0 prioritizes durable facts, ensuring that all evidence is structured, scoped, auditable, and reviewable. The system's WorkProject records preserve all assets, findings, relationship edges, and attack paths as application-owned data, maintaining clarity and separation from transient contexts.
• Role-Governed Agent Team: The agent team operates under defined roles, including a Chief Security Officer and various specialists (e.g., Audit, Intelligence, Penetration, Reverse Engineering, Cryptography). Each role has clearly delineated responsibilities, facilitating organized execution and accountability across security operations.
• Resumable Long-Running Work: With notification-driven workflows, Z3r0 enables background tasks to run without blocking the main execution flow, allowing for seamless transitions and resumption of work.
• Controlled Execution Boundary: Enhanced security is achieved through the use of Docker containers for executing commands and managing tools, preventing unauthorized access to sensitive systems.
• Replayable Timelines: All actions and findings are logged chronologically, allowing reviewers to replay the timeline and trace security assessments comprehensively.

Architecture Overview

Z3r0 comprises multiple layers that work harmoniously:

flowchart TB
  Operator["Authorized Operator"]
  Workbench["React Workbench<br/>Presentation Layer"]
  API["FastAPI API<br/>API Layer"]
  Runtime["Agent Runtime<br/>Orchestration Layer"]
  Drivers["Instance Drivers<br/>Async Scheduling Layer"]
  Notifications["Notification Obligations<br/>Liveness Layer"]
  Graph["Session Agent Graph<br/>Capability Layer"]
  Timeline["Timeline Event Log<br/>Replay Layer"]
  Record["WorkProject Records<br/>Review Layer"]
  Evidence["Evidence Chain<br/>Assets / Findings / Paths"]
  Sandbox["Docker Sandbox<br/>Execution Layer"]
  Tools["Tool Surface<br/>Tool Layer"]
  Models["Model Providers<br/>Model Layer"]
  Events["Event Contract<br/>Streaming Layer"]
  Store[("PostgreSQL Store<br/>Persistence Layer")]

  Operator --> Workbench
  Workbench -->|REST / WebSocket| API
  API --> Runtime
  Runtime --> Drivers
  Runtime --> Graph
  Runtime --> Record
  Runtime --> Sandbox
  Runtime --> Events
  Runtime --> Store
  Drivers --> Notifications
  Notifications --> Runtime
  Events --> Timeline
  Timeline --> Store
  Graph --> Tools
  Graph --> Models
  Sandbox --> Tools
  Record --> Store
  Record --> Evidence
  Evidence --> Workbench
  Events --> Workbench

This structure supports functional separation and enhances stability, enabling a streamlined interface for operators and a robust backend for data persistence and task management.

Security and Compliance

Z3r0 is strictly intended for authorized security testing and auditing. It operates under a legal framework, requiring explicit authorization and defined boundaries before employing any functionality. Unauthorized or harmful activities are strictly prohibited, ensuring that all users remain compliant with relevant laws and regulations.

By maintaining a focus on robust security practices and precise documentation, Z3r0 facilitates proactive security assessments in controlled, reliable environments.