damn-vulnerable-ai-agent

docs: wire attack-to-defense funnel + add real RAGBot-AIM A/B demo GIF

fix(docs,test): correct docker tag, expose 7014-7016, reconcile 17-agent count

ci: opt release.yml into Node 24 for v4-line actions (#50)

Merge pull request #49 from opena2a-org/fix/dvaa-0.9.1-papercuts

Merge pull request #48 from opena2a-org/chore/release-0.9.0

chore(release): 0.9.1 — drain 0.9.0 known-issues

chore(release): 0.9.0

Merge pull request #47 from opena2a-org/feat/research-agent-llm-mode

Merge pull request #46 from opena2a-org/docs/demo-build-agnostic-language

fix(chat,narration): harden --llm override + surface LLM fallback errors

feat: LLM-mode narration for the research agents (dvaa chat --llm)

fix(chat): refuse --llm against non-loopback host without explicit opt-in

docs: agnostic language in DEMO_BUILD.md

feat: interactive research-agent demo (dvaa chat) + SSRF guard (#45)

Update AIM enforcement details in DEMO_BUILD.md

feat: add cloud-mode AIM reporter for live dashboard view (#44)

docs: add STATUS.md (reference-only) and status badge (#43)

Add AIM-secured 15th agent and dvaa demo aim-ab runner (#42)

fix(cli): resolve hackmyagent across all npm install layouts (#41)

chore(release): bump version to 0.8.3 (#40)

fix(telemetry): treat exit 1 as success (attack demo ran ≠ failure) (#39)

fix(telemetry): await flush() before process.exit so subcommand events land (#38)

feat(0.8.1): wire @opena2a/telemetry — first canary integration (#37)

fix(ux): retired Claude model, kill-chain offline mode, disabled textarea, tutor markdown, + release-smoke checklist (#36)

feat(v0.8.0)!: port move 3000→7000, dashboard-initiated HMA scans, dvaa CLI (#35)