CAI v1.0.4: smarter routing, stronger prompt security and a more responsive CLI

Alias Robotics -

Today we’re releasing CAI v1.0.4, a focused update that improves how CAI operates day-to-day: how it routes tasks, how it handles untrusted inputs, and how it behaves during long-running operations.

This version is less about adding new surface features and more about making the system more predictable, more robust and more aligned with real-world cybersecurity workflows.

A single entrypoint: the Selection Agent

One of the most important changes in v1.0.4 is the introduction of the Selection Agent as the default front-line agent.

Instead of requiring users to decide which specialist to use upfront, CAI now:

  • Starts every interaction through a single conversational entrypoint
  • Dynamically selects the best specialist agent for each turn
  • Delegates execution while keeping context consistent

This simplifies day-to-day usage while preserving control.

For operators who want explicit behavior:

  • You can still pin any agent using /agent [NAME/NUMBER]
  • CAI will continue using that agent until you change it

Automatic routing when you want it. Explicit control when you need it.

Stronger system prompts, built for cybersecurity

v1.0.4 reinforces how CAI composes its system prompts by introducing:

Cybersecurity baseline contracts

Execution rules, output quality expectations, and untrusted-content handling are now embedded directly into prompt composition.

Modular micro-profiles

Specialized markdown-based profiles for domains such as:

  • Red team
  • Blue team
  • Bug bounty
  • CTF
  • Reverse engineering
  • Active Directory
  • Web security
  • Reporting

These profiles include:

  • Instruction hierarchy
  • ReAct-style reasoning guidance
  • OWASP-aligned guardrails where relevant

They load modularly and adapt based on environment configuration (e.g. unrestricted vs standard deployments).

Prompt-layer security: treating content as data, not instructions

When CAI_UNRESTRICTED is off (default in most deployments), CAI now applies an additional cybersecurity-oriented prompt layer that:

  • Treats external content and tool output as data, not instructions
  • Requires explicit user confirmation before acting on embedded instructions
  • Reduces susceptibility to prompt injection and jailbreak attempts

In unrestricted environments, this layer can be relaxed depending on operator preferences.

This reflects a core principle in CAI: prompt injection is not a user mistake, it’s an architectural problem.

A more responsive and “aware” CLI

Long-running operations are now easier to follow and reason about.

v1.0.4 introduces a redesigned wait UX:

  • Unified feedback for both model execution and tool usage
  • Context-aware status messages during long waits
  • Consistent rendering across stderr, footer, and result rails

The result is a CLI that feels:

  • More responsive
  • More transparent
  • Less “stuck” during complex operations

Reliability improvements across the CLI

This release also includes a set of high-impact fixes and hardening work:

Parallel and execution stability

Better model alias resolution across external workers

  • Unique agent IDs to prevent collisions
  • Improved summary output consistency

Queue and session handling

  • Simpler /queue model (priority removed)
  • New /queue move behavior
  • Cleaner session resume (/resume) with proper spinner handling

Sensitive command handling

  • Fixed Ctrl+C behavior during approval prompts
  • Improved guard presentation for sensitive commands (e.g. sudo)

Output and memory handling

  • Fixes for large JSONL memory files
  • Removal of duplicate tool output blocks
  • Cleaner terminal rendering without unnecessary redraws

Parallel, layout, and terminal polish

We’ve also refined how CAI looks and behaves in practice:

  • Improved /parallel workflows and command consistency
  • Markdown-style rendering for tool outputs
  • Better table visualization in intermediate outputs
  • Cleaner agent labeling and summary views
  • Terminal title integration (with proper restore on exit)

Minimal installations are also simpler now:

  • Graph layout no longer depends on NetworkX

Faster startup and less overhead

Performance improvements include:

  • Lazy initialization of Rich Live rendering
  • Non-blocking update checks at startup
  • Reduced redundant preprocessing in chat completion paths

These changes reduce friction without changing how CAI behaves.

Documentation, where you need it

Environment variables are now directly accessible from the CLI:

  • /help shows the full environment reference
  • /help var [NAME] provides detailed explanations
  • /config list shows current runtime values

This keeps documentation close to where operators actually work.

CAI v1.0.4: more control, less friction

CAI v1.0.4 is about operational maturity.

It makes routing simpler, prompts safer, and the CLI more reliable—without taking control away from the operator.

In practice, this means less friction in daily use, better handling of real-world inputs, and more predictable behavior across long sessions.

And that’s where CAI continues to focus:
evidence-based, controllable automation for cybersecurity workflows.