The local UI lands.

The local review loop

nyx serve opens a React-based triage UI bound to localhost. It gives you finding detail, source context, flow paths, scan history, rules management, and triage decisions that can round-trip through .nyx/triage.json.

The engine underneath

The old BFS taint engine was replaced with block-level analysis over a pruned SSA IR. That opened the door to better path sensitivity, cleaner summaries, phi handling, container taint, and cross-file propagation that can keep more context when code jumps between files.

Symbolic execution also joins the pipeline. Candidate findings can be walked from source to sink to build a concrete witness, prune infeasible paths, and explain where the engine had to cap or bail.

What else shipped

• Hostile-repo hardening for path containment, loopback serving, CSRF tokens, and bounded reads.
• State analysis turned on by default for resource lifecycle and auth-level checks.
• Concrete attack witness strings in output where symbolic execution can build one.
• A 262-case benchmark with rule-level precision, recall, and F1 gates.

Release Notes for today's update can be found here.