Agent v0 오픈 소스 다중 에이전트 AI 오케스트레이션 터미널

The universal multi-agent AI orchestration terminal. Coordinated intelligence for any desire. Agent v0 is a powerful framework for deploying fleets of specialized AI agents. While optimized for security researchers and developers, its modular architecture allows anyone to orchestrate complex, parallel workflows — from creative content creation and data analysis to automated research and technical troubleshooting — all from a single, secure terminal interface. Current version: v1.4.4 | Security Architecture | Releases - Features - Architecture - Security Implementation - Supported AI Providers - Installation - Configuration - Usage - Self-Updater - Agent Roles - Tool Integration - Skill System - Bot Integrations - Project Structure - License - CLI-first — Full terminal interface with interactive REPL, no GUI required - Multi-agent orchestration — A central "Agentic" orchestrator decomposes tasks, delegates to specialized subordinate agents, and synthesizes results - Model-agnostic — Route tasks to Anthropic Claude, OpenAI GPT, or Google Gemini - OS-level sandboxing — Agents are confined to assigned workspaces using bubblewrap (Linux) or sandbox-exec (macOS) - Hash-chained audit logs — Tamper-evident, append-only SHA-256 chained audit trail for every agent action - Encrypted keystore — API keys and secrets encrypted at rest with Argon2id key derivation - Permission enforcement — Fine-grained per-agent policies for filesystem, network, API access, and inter-agent messaging - Real tool execution — Agents use Bash, Grep, Glob, FileRead/Write/Edit, and WebFetch with iterative tool-call loops - YAML-based skills — Modular, extensible skill definitions for recon, code analysis, forensics, threat intel, and reporting - Persistent daemon — Background daemon with Unix socket IPC; tasks survive CLI disconnection - Bot integrations — Telegram, Discord, and WhatsApp adapters for remote task submission - Smart self-updater — agent-v0 update checks GitHub releases, diffs files, and rebuilds only what changed - Web dashboard — HTTPS web UI with Socket.IO for real-time task monitoring - Cost tracking — Per-agent, per-session token usage and cost breakdown +------------------+ | CLI / REPL | | (commander.js) | +--------+---------+ | Unix Domain Socket | +--------+---------+ | Daemon | | (process manager | | heartbeat, IPC) | +--------+---------+ | +--------+---------+ | Agentic | | (orchestrator) | | intent parsing | | task decompose | | result synthesis | +--------+---------+ | +--------------------+--------------------+ | | | | | +----+----+ +---+---+ +--+---+ +---+---+ +---+---+ | Recon | | Code | |Forens| |OSINT | |Report | | Agent | | Agent | |Agent | |Agent | |Agent | +---------+ +-------+ +------+ +------+ +-------+ | | | | | +----------+---------+---------+----------+ | +--------+---------+ | AgentToolkit | | per-agent tools | | workspace sandbox| | audit logging | +--------+---------+ | +--------+---------+ | Gateway Router | | rate limiting | | cost tracking | | fallback routing | +--------+---------+ | +--------------------+--------------------+ | | | Anthropic OpenAI Gemini - User submits a task via CLI, REPL, web dashboard, or bot message - Agentic (the orchestrator) parses intent from natural language - Tasks are decomposed into discrete subtasks with dependency ordering - Subtasks are delegated to specialized agents running concurrently - Each agent executes within its sandbox using assigned tools and skills - Agents make iterative tool calls (Bash, Grep, FileRead, WebFetch, etc.) with results fed back to the model - The Gateway Router handles all model API calls with rate limiting and fallback - Results are aggregated and synthesized back to the user - Every action is recorded in the hash-chained audit log Agent v0 implements defense-in-depth security across multiple layers. The core security infrastructure is built in Rust for memory safety and performance, with additional hardening in the TypeScript and Python layers. - Linux: Bubblewrap — Each agent runs in isolated PID, mount, network, and user namespaces via bwrap - macOS: Sandbox.framework — Each agent runs in an Apple sandbox profile via sandbox-exec with deny-by-default policy - Seccomp Filtering (Linux) — Restricts syscalls to a minimal allowlist per agent role - Path Guards (all platforms) — Filesystem access confined to the agent's workspace; all traversal attempts blocked - Auto-detection — The runtime selects the best available sandbox backend automatically - SHA-256 Hash Chain — Each log entry includes the hash of the previous entry, creating a tamper-evident chain - Constant-Time Verification — Hash comparisons use subtle::ConstantTimeEq to prevent timing side-channels - Append-Only Writer — Log files are opened in append mode; entries cannot be modified - Sensitive Data Redaction — Secrets are automatically masked before logging - Argon2id Key Derivation — Master key derived from user passphrase (memory-hard, GPU/ASIC resistant) - AES-256-GCM E