Lyrie AILyrie AI
Changelog
CHANGELOGv0.2

Lyrie Omega v0.2 — Sharper Scans, Fewer False Positives, Rock-Solid Stability

May 5, 2026

v0.2 — Sharper Scans, Fewer False Positives, Rock-Solid Stability

We've been heads-down on two things since the initial release: making sure scans actually finish cleanly every time, and raising the bar on what counts as a real finding. Here's what shipped.

Reliability

  • Scans no longer hang mid-run. We tracked down a class of issues where certain scanning processes would stall and never terminate. The entire scan lifecycle now has proper cleanup — if something gets stuck, Lyrie kills it and moves on instead of leaving it in limbo.

  • Cancellation works the way you'd expect. Hitting "Cancel" on a running scan now immediately stops all enrichment and background work. Previously, parts of the pipeline could keep running after you cancelled. Fixed.

  • Partial completions are handled gracefully. If a scan finishes some checks but can't complete others (network issues, target timeouts, etc.), you'll now see a clear Completed — Partial status with everything we did find, instead of a vague error.

  • Orphaned background tasks are cleaned up automatically. A hardened reaper process now catches and terminates any scan workers that outlive their parent job. No more phantom processes eating resources.

  • Improved service stability. Resolved an intermittent issue where the core API service would restart unexpectedly under certain scan loads. It's solid now.

Scan Quality

  • Completely rewritten analysis engine. The logic that evaluates and reports findings has been rebuilt from scratch. The old version was too noisy — it would flag things that weren't actually exploitable, or describe real issues in ways that weren't actionable. The new engine is tuned for precision: fewer findings, but every one matters.

  • Stack-aware scanning. OMEGA now understands more common technology stacks out of the box — including Firebase, NextAuth, Supabase, Vercel, and others. Instead of running generic checks, it tailors its approach based on what your app is actually built with. This means more relevant findings and fewer false positives from checks that don't apply to your stack.

  • Authenticated probing is now standard. Where possible, scans will attempt to test routes and endpoints behind authentication. This catches the bugs that matter most — the ones an attacker would find after getting past your login page.

  • Smarter pacing. Scans now follow tempo-aware request pacing, reducing the chance of being rate-limited or flagged by upstream infrastructure while still being thorough.

Deduplication

  • Duplicate findings are caught on both sides. We added deduplication at the scan engine level and in the dashboard. If the same vulnerability is found by multiple tools or across multiple scan runs, you'll see it once — not five times. Your findings list now reflects real, unique issues.

What's Next

We're continuing to push on scan depth, coverage for more frameworks, and tighter integration between HEX and OMEGA results. If you run into anything off, reach out — we read every report.

— The Lyrie Team