├── dockerignore - hidden ├── NOTICE ├── gitignore - hidden ├── LICENSE ├── entrypoint.sh ├── Dockerfile ├── env.example - hidden ├── docker-compose-observability.yml ├── docker-compose.yml ├── docker-compose-langfuse.yml └── EULA.md /dockerignore - hidden: -------------------------------------------------------------------------------- 1 | frontend/coverage 2 | frontend/dist 3 | frontend/node_modules 4 | frontend/ssl 5 | 6 | **/*.log 7 | **/*.env 8 | **/.DS_Store 9 | **/Thumbs.db 10 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | PentAGI, Fully fully autonomous AI Agent capable of performing complex penetration testing tasks. 2 | 3 | Copyright 2025 PentAGI Development Team 4 | 5 | Licensed under MIT License. See LICENSE and EULA for terms. 6 | -------------------------------------------------------------------------------- /gitignore - hidden: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .env 3 | .env.* 4 | !.env.example 5 | 6 | backend/tmp 7 | backend/build 8 | 9 | frontend/coverage 10 | frontend/dist 11 | frontend/node_modules 12 | frontend/ssl 13 | node_modules 14 | 15 | .cursorrules 16 | .cursorignore 17 | .cursor/ 18 | 19 | build/* 20 | data/* 21 | !.gitkeep 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 PentAGI Development Team 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export SERVER_SSL_KEY=${SERVER_SSL_KEY:-ssl/server.key} 4 | export SERVER_SSL_CRT=${SERVER_SSL_CRT:-ssl/server.crt} 5 | SERVER_SSL_CSR=ssl/service.csr 6 | SERVER_SSL_CA_KEY=ssl/service_ca.key 7 | SERVER_SSL_CA_CRT=ssl/service_ca.crt 8 | 9 | if [ -f "$SERVER_SSL_KEY" ] && [ -f "$SERVER_SSL_CRT" ]; then 10 | echo "service ssl crt and key already exist" 11 | elif [ "$SERVER_USE_SSL" = "true" ]; then 12 | echo "Gen service ssl key and crt" 13 | openssl genrsa -out ${SERVER_SSL_CA_KEY} 4096 14 | openssl req \ 15 | -new -x509 -days 3650 \ 16 | -key ${SERVER_SSL_CA_KEY} \ 17 | -subj "/C=US/ST=NY/L=NY/O=PentAGI/OU=Project/CN=PentAGI CA" \ 18 | -out ${SERVER_SSL_CA_CRT} 19 | openssl req \ 20 | -newkey rsa:4096 \ 21 | -sha256 \ 22 | -nodes \ 23 | -keyout ${SERVER_SSL_KEY} \ 24 | -subj "/C=US/ST=NY/L=NY/O=PentAGI/OU=Project/CN=localhost" \ 25 | -out ${SERVER_SSL_CSR} 26 | 27 | echo "subjectAltName=DNS:pentagi.local" > extfile.tmp 28 | echo "keyUsage=critical,digitalSignature,keyAgreement" >> extfile.tmp 29 | 30 | openssl x509 -req \ 31 | -days 730 \ 32 | -extfile extfile.tmp \ 33 | -in ${SERVER_SSL_CSR} \ 34 | -CA ${SERVER_SSL_CA_CRT} -CAkey ${SERVER_SSL_CA_KEY} -CAcreateserial \ 35 | -out ${SERVER_SSL_CRT} 36 | 37 | rm extfile.tmp 38 | 39 | cat ${SERVER_SSL_CA_CRT} >> ${SERVER_SSL_CRT} 40 | 41 | chmod g+r ${SERVER_SSL_KEY} 42 | chmod g+r ${SERVER_SSL_CA_KEY} 43 | fi 44 | 45 | exec "$@" 46 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | 3 | # STEP 1: Build the frontend 4 | FROM node:23-slim as fe-build 5 | 6 | ENV NODE_ENV=production 7 | ENV VITE_BUILD_MEMORY_LIMIT=4096 8 | ENV NODE_OPTIONS="--max-old-space-size=4096" 9 | 10 | WORKDIR /frontend 11 | 12 | # Install build essentials 13 | RUN apt-get update && apt-get install -y \ 14 | ca-certificates \ 15 | tzdata \ 16 | gcc \ 17 | g++ \ 18 | make \ 19 | git 20 | 21 | COPY ./backend/pkg/graph/schema.graphqls ../backend/pkg/graph/ 22 | COPY frontend/ . 23 | 24 | # Install dependencies with package manager detection for SBOM 25 | RUN --mount=type=cache,target=/root/.npm \ 26 | npm ci --include=dev 27 | 28 | # Build frontend with optimizations and parallel processing 29 | RUN npm run build -- \ 30 | --mode production \ 31 | --minify esbuild \ 32 | --outDir dist \ 33 | --emptyOutDir \ 34 | --sourcemap false \ 35 | --target es2020 36 | 37 | # STEP 2: Build the backend 38 | FROM golang:1.24-bookworm as be-build 39 | 40 | ENV CGO_ENABLED=0 41 | ENV GO111MODULE=on 42 | 43 | # Install build essentials 44 | RUN apt-get update && apt-get install -y \ 45 | ca-certificates \ 46 | tzdata \ 47 | gcc \ 48 | g++ \ 49 | make \ 50 | git \ 51 | musl-dev 52 | 53 | WORKDIR /backend 54 | 55 | COPY backend/ . 56 | 57 | # Download dependencies with module detection for SBOM 58 | RUN --mount=type=cache,target=/go/pkg/mod \ 59 | go mod download 60 | 61 | # Build backend 62 | RUN go build -trimpath -o /pentagi ./cmd/pentagi 63 | 64 | # Build ctester utility 65 | RUN go build -trimpath -o /ctester ./cmd/ctester 66 | 67 | # Build ftester utility 68 | RUN go build -trimpath -o /ftester ./cmd/ftester 69 | 70 | # Build etester utility 71 | RUN go build -trimpath -o /etester ./cmd/etester 72 | 73 | # STEP 3: Build the final image 74 | FROM alpine:3.21 75 | 76 | # Create non-root user and docker group with specific GID 77 | RUN addgroup -g 998 docker && \ 78 | addgroup -S pentagi && \ 79 | adduser -S pentagi -G pentagi && \ 80 | addgroup pentagi docker 81 | 82 | # Install required packages 83 | RUN apk --no-cache add ca-certificates openssl shadow 84 | 85 | ADD entrypoint.sh /opt/pentagi/bin/ 86 | 87 | RUN chmod +x /opt/pentagi/bin/entrypoint.sh 88 | 89 | RUN mkdir -p \ 90 | /opt/pentagi/bin \ 91 | /opt/pentagi/ssl \ 92 | /opt/pentagi/fe \ 93 | /opt/pentagi/logs \ 94 | /opt/pentagi/data \ 95 | /opt/pentagi/conf 96 | 97 | COPY --from=be-build /pentagi /opt/pentagi/bin/pentagi 98 | COPY --from=be-build /ctester /opt/pentagi/bin/ctester 99 | COPY --from=be-build /ftester /opt/pentagi/bin/ftester 100 | COPY --from=be-build /etester /opt/pentagi/bin/etester 101 | COPY --from=fe-build /frontend/dist /opt/pentagi/fe 102 | 103 | # Copy provider configuration files 104 | COPY examples/configs/openrouter.provider.yml /opt/pentagi/conf/ 105 | COPY examples/configs/deepinfra.provider.yml /opt/pentagi/conf/ 106 | COPY examples/configs/deepseek.provider.yml /opt/pentagi/conf/ 107 | COPY examples/configs/custom-openai.provider.yml /opt/pentagi/conf/ 108 | 109 | COPY LICENSE /opt/pentagi/LICENSE 110 | COPY NOTICE /opt/pentagi/NOTICE 111 | COPY EULA.md /opt/pentagi/EULA 112 | COPY EULA.md /opt/pentagi/fe/EULA.md 113 | 114 | RUN chown -R pentagi:pentagi /opt/pentagi 115 | 116 | WORKDIR /opt/pentagi 117 | 118 | USER pentagi 119 | 120 | ENTRYPOINT ["/opt/pentagi/bin/entrypoint.sh", "/opt/pentagi/bin/pentagi"] 121 | 122 | # Image Metadata 123 | LABEL org.opencontainers.image.source="https://github.com/vxcontrol/pentagi" 124 | LABEL org.opencontainers.image.description="Fully autonomous AI Agents system capable of performing complex penetration testing tasks" 125 | LABEL org.opencontainers.image.authors="PentAGI Development Team" 126 | LABEL org.opencontainers.image.licenses="MIT License" 127 | -------------------------------------------------------------------------------- /env.example - hidden: -------------------------------------------------------------------------------- 1 | # PentAGI Environment Variables 2 | 3 | CORS_ORIGINS=http://localhost:*,https://localhost:* 4 | 5 | COOKIE_SIGNING_SALT=salt # change this to improve security 6 | 7 | # Allow to interact with user while executing tasks 8 | ASK_USER= 9 | 10 | ## LLM Providers 11 | OPEN_AI_KEY= 12 | OPEN_AI_SERVER_URL=https://api.openai.com/v1 13 | 14 | ANTHROPIC_API_KEY= 15 | ANTHROPIC_SERVER_URL=https://api.anthropic.com/v1 16 | 17 | ## Custom LLM provider 18 | LLM_SERVER_URL= 19 | LLM_SERVER_KEY= 20 | LLM_SERVER_MODEL= 21 | LLM_SERVER_CONFIG_PATH= 22 | LLM_SERVER_LEGACY_REASONING= 23 | 24 | ## Embedding 25 | EMBEDDING_URL= 26 | EMBEDDING_KEY= 27 | EMBEDDING_MODEL= 28 | EMBEDDING_PROVIDER= 29 | EMBEDDING_BATCH_SIZE= 30 | 31 | ## Summarizer 32 | SUMMARIZER_PRESERVE_LAST= 33 | SUMMARIZER_USE_QA= 34 | SUMMARIZER_SUM_MSG_HUMAN_IN_QA= 35 | SUMMARIZER_LAST_SEC_BYTES= 36 | SUMMARIZER_MAX_BP_BYTES= 37 | SUMMARIZER_MAX_QA_SECTIONS= 38 | SUMMARIZER_MAX_QA_BYTES= 39 | SUMMARIZER_KEEP_QA_SECTIONS= 40 | 41 | ## Assistant 42 | ASSISTANT_USE_AGENTS= 43 | ASSISTANT_SUMMARIZER_PRESERVE_LAST= 44 | ASSISTANT_SUMMARIZER_LAST_SEC_BYTES= 45 | ASSISTANT_SUMMARIZER_MAX_BP_BYTES= 46 | ASSISTANT_SUMMARIZER_MAX_QA_SECTIONS= 47 | ASSISTANT_SUMMARIZER_MAX_QA_BYTES= 48 | ASSISTANT_SUMMARIZER_KEEP_QA_SECTIONS= 49 | 50 | ## HTTP proxy to use it in isolation environment 51 | PROXY_URL= 52 | 53 | ## Scraper URLs and settings 54 | SCRAPER_PUBLIC_URL= 55 | SCRAPER_PRIVATE_URL=https://someuser:somepass@scraper/ 56 | LOCAL_SCRAPER_USERNAME=someuser 57 | LOCAL_SCRAPER_PASSWORD=somepass 58 | LOCAL_SCRAPER_MAX_CONCURRENT_SESSIONS=10 59 | 60 | ## Web server settings 61 | PUBLIC_URL=https://localhost:8443 62 | STATIC_DIR= 63 | STATIC_URL= 64 | SERVER_PORT=8443 65 | SERVER_HOST=0.0.0.0 66 | SERVER_SSL_CRT= 67 | SERVER_SSL_KEY= 68 | SERVER_USE_SSL=true 69 | 70 | ## OAuth google 71 | OAUTH_GOOGLE_CLIENT_ID= 72 | OAUTH_GOOGLE_CLIENT_SECRET= 73 | 74 | ## OAuth github 75 | OAUTH_GITHUB_CLIENT_ID= 76 | OAUTH_GITHUB_CLIENT_SECRET= 77 | 78 | ## DuckDuckGo search engine API 79 | DUCKDUCKGO_ENABLED= 80 | 81 | ## Google search engine API 82 | GOOGLE_API_KEY= 83 | GOOGLE_CX_KEY= 84 | 85 | ## Traversaal search engine API 86 | TRAVERSAAL_API_KEY= 87 | 88 | ## Tavily search engine API 89 | TAVILY_API_KEY= 90 | 91 | ## Perplexity search engine API 92 | PERPLEXITY_API_KEY= 93 | PERPLEXITY_MODEL= 94 | PERPLEXITY_CONTEXT_SIZE= 95 | 96 | ## Langfuse observability settings 97 | LANGFUSE_BASE_URL= 98 | LANGFUSE_PROJECT_ID= 99 | LANGFUSE_PUBLIC_KEY= 100 | LANGFUSE_SECRET_KEY= 101 | 102 | ## OpenTelemetry observability settings 103 | OTEL_HOST= 104 | 105 | ## Docker client settings to run primary terminal container 106 | DOCKER_HOST=unix:///var/run/docker.sock 107 | DOCKER_TLS_VERIFY= 108 | DOCKER_CERT_PATH= 109 | 110 | ## Docker settings inside primary terminal container 111 | DOCKER_INSIDE=true # enable to use docker socket 112 | DOCKER_NET_ADMIN=true # enable to use net_admin capability 113 | DOCKER_SOCKET=/var/run/docker.sock # path on host machine 114 | DOCKER_NETWORK=pentagi-network # must be exist 115 | DOCKER_PUBLIC_IP=0.0.0.0 # public ip of host machine 116 | DOCKER_WORK_DIR= 117 | DOCKER_DEFAULT_IMAGE= 118 | DOCKER_DEFAULT_IMAGE_FOR_PENTEST= 119 | 120 | # Postgres (pgvector) settings 121 | PENTAGI_POSTGRES_USER=postgres 122 | PENTAGI_POSTGRES_PASSWORD=postgres # change this to improve security 123 | PENTAGI_POSTGRES_DB=pentagidb 124 | 125 | 126 | # Langfuse Environment Variables 127 | 128 | ## Langfuse Postgres 129 | LANGFUSE_POSTGRES_USER=postgres 130 | LANGFUSE_POSTGRES_PASSWORD=postgres # change this to improve security 131 | LANGFUSE_POSTGRES_DB=langfuse 132 | LANGFUSE_POSTGRES_VERSION=16 133 | 134 | ## Langfuse Clickhouse 135 | LANGFUSE_CLICKHOUSE_USER=clickhouse 136 | LANGFUSE_CLICKHOUSE_PASSWORD=clickhouse # change this to improve security 137 | LANGFUSE_CLICKHOUSE_URL=http://langfuse-clickhouse:8123 138 | LANGFUSE_CLICKHOUSE_MIGRATION_URL=clickhouse://langfuse-clickhouse:9000 139 | LANGFUSE_CLICKHOUSE_CLUSTER_ENABLED=false 140 | 141 | ## Langfuse S3 142 | LANGFUSE_S3_BUCKET=langfuse 143 | LANGFUSE_S3_REGION=auto 144 | LANGFUSE_S3_ACCESS_KEY_ID=accesskey # change this to improve security 145 | LANGFUSE_S3_SECRET_ACCESS_KEY=secretkey # change this to improve security 146 | LANGFUSE_S3_ENDPOINT=http://langfuse-minio:9000 147 | LANGFUSE_S3_FORCE_PATH_STYLE=true 148 | LANGFUSE_S3_EVENT_UPLOAD_PREFIX=events/ 149 | LANGFUSE_S3_MEDIA_UPLOAD_PREFIX=media/ 150 | 151 | ## Langfuse Redis 152 | LANGFUSE_REDIS_HOST=langfuse-redis 153 | LANGFUSE_REDIS_PORT=6379 154 | LANGFUSE_REDIS_AUTH=redispassword # change this to improve security 155 | 156 | ## Langfuse web app security settings 157 | LANGFUSE_SALT=salt # change this to improve security 158 | LANGFUSE_ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000 # change this to improve security 159 | 160 | ## Langfuse web app nextauth settings 161 | LANGFUSE_NEXTAUTH_URL=http://localhost:4000 162 | LANGFUSE_NEXTAUTH_SECRET=secret # change this to improve security 163 | 164 | ## Langfuse extra settings 165 | LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=true 166 | LANGFUSE_TELEMETRY_ENABLED=false 167 | LANGFUSE_LOG_LEVEL=info 168 | 169 | ## Langfuse init settings 170 | LANGFUSE_INIT_ORG_ID=ocm47619l0000872mcd2dlbqwb 171 | LANGFUSE_INIT_ORG_NAME=PentAGI Org 172 | LANGFUSE_INIT_PROJECT_ID=cm47619l0000872mcd2dlbqwb 173 | LANGFUSE_INIT_PROJECT_NAME=PentAGI 174 | LANGFUSE_INIT_PROJECT_PUBLIC_KEY=pk-lf-00000000-0000-0000-0000-000000000000 # change this to improve security 175 | LANGFUSE_INIT_PROJECT_SECRET_KEY=sk-lf-00000000-0000-0000-0000-000000000000 # change this to improve security 176 | LANGFUSE_INIT_USER_EMAIL=admin@pentagi.com 177 | LANGFUSE_INIT_USER_NAME=admin 178 | LANGFUSE_INIT_USER_PASSWORD=password # change this to improve security 179 | 180 | ## Langfuse SDK sync settings 181 | LANGFUSE_SDK_CI_SYNC_PROCESSING_ENABLED=false 182 | LANGFUSE_READ_FROM_POSTGRES_ONLY=false 183 | LANGFUSE_READ_FROM_CLICKHOUSE_ONLY=true 184 | LANGFUSE_RETURN_FROM_CLICKHOUSE=true 185 | 186 | ## Langfuse license settings 187 | LANGFUSE_EE_LICENSE_KEY= 188 | 189 | ## Langfuse OpenTelemetry settings 190 | LANGFUSE_OTEL_EXPORTER_OTLP_ENDPOINT= 191 | LANGFUSE_OTEL_SERVICE_NAME= 192 | 193 | ## Langfuse custom oauth2 settings 194 | LANGFUSE_AUTH_CUSTOM_CLIENT_ID= 195 | LANGFUSE_AUTH_CUSTOM_CLIENT_SECRET= 196 | LANGFUSE_AUTH_CUSTOM_ISSUER= 197 | LANGFUSE_AUTH_CUSTOM_NAME=PentAGI 198 | LANGFUSE_AUTH_CUSTOM_SCOPE=openid email profile 199 | LANGFUSE_AUTH_CUSTOM_CLIENT_AUTH_METHOD=client_secret_post 200 | LANGFUSE_AUTH_CUSTOM_ALLOW_ACCOUNT_LINKING=true 201 | 202 | ## Langfuse auth settings 203 | LANGFUSE_AUTH_DISABLE_SIGNUP=false # disable signup if PentAGI OAuth2 is used 204 | LANGFUSE_AUTH_SESSION_MAX_AGE=240 205 | 206 | ## Langfuse allowed organization creators 207 | LANGFUSE_ALLOWED_ORGANIZATION_CREATORS=admin@pentagi.com 208 | 209 | ## Langfuse default settings for new users 210 | LANGFUSE_DEFAULT_ORG_ID=ocm47619l0000872mcd2dlbqwb 211 | LANGFUSE_DEFAULT_PROJECT_ID=cm47619l0000872mcd2dlbqwb 212 | LANGFUSE_DEFAULT_ORG_ROLE=VIEWER 213 | LANGFUSE_DEFAULT_PROJECT_ROLE=VIEWER 214 | -------------------------------------------------------------------------------- /docker-compose-observability.yml: -------------------------------------------------------------------------------- 1 | volumes: 2 | grafana-data: 3 | driver: local 4 | victoriametrics-data: 5 | driver: local 6 | clickhouse-data: 7 | driver: local 8 | 9 | networks: 10 | observability-network: 11 | driver: bridge 12 | external: true 13 | name: observability-network 14 | langfuse-network: 15 | driver: bridge 16 | external: true 17 | name: langfuse-network 18 | pentagi-network: 19 | driver: bridge 20 | external: true 21 | name: pentagi-network 22 | 23 | services: 24 | 25 | grafana: 26 | image: grafana/grafana:11.4.0 27 | restart: unless-stopped 28 | container_name: grafana 29 | hostname: grafana 30 | expose: 31 | - 3000/tcp 32 | ports: 33 | - 127.0.0.1:3000:3000 34 | environment: 35 | GF_USERS_ALLOW_SIGN_UP: false 36 | GF_EXPLORE_ENABLED: true 37 | GF_ALERTING_ENABLED: true 38 | GF_UNIFIED_ALERTING_ENABLED: true 39 | GF_FEATURE_TOGGLES_ENABLE: traceToMetrics,alertingSimplifiedRouting,alertingQueryAndExpressionsStepMode 40 | volumes: 41 | - ./observability/grafana/config:/etc/grafana:rw 42 | - ./observability/grafana/dashboards:/var/lib/grafana/dashboards:rw 43 | - grafana-data:/var/lib/grafana:rw 44 | logging: 45 | options: 46 | max-size: 50m 47 | max-file: '7' 48 | networks: 49 | - observability-network 50 | 51 | node-exporter: 52 | image: prom/node-exporter:v1.8.2 53 | restart: unless-stopped 54 | command: 55 | - --path.procfs=/host/proc 56 | - --path.sysfs=/host/sys 57 | - --collector.filesystem.ignored-mount-points 58 | - ^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/) 59 | container_name: node_exporter 60 | hostname: node-exporter 61 | expose: 62 | - 9100/tcp 63 | volumes: 64 | - /proc:/host/proc:ro 65 | - /sys:/host/sys:ro 66 | - /:/rootfs:ro 67 | deploy: 68 | mode: global 69 | depends_on: 70 | otel: 71 | condition: service_started 72 | logging: 73 | options: 74 | max-size: 50m 75 | max-file: '7' 76 | networks: 77 | - observability-network 78 | 79 | cadvisor: 80 | image: gcr.io/cadvisor/cadvisor:v0.51.0 81 | restart: unless-stopped 82 | command: 83 | - --store_container_labels=false 84 | - --docker_only=true 85 | - --disable_root_cgroup_stats=true 86 | container_name: cadvisor 87 | hostname: cadvisor 88 | expose: 89 | - 8080/tcp 90 | volumes: 91 | - /:/rootfs:ro 92 | - /var/run:/var/run:rw 93 | - /sys:/sys:ro 94 | - /var/lib/docker/:/var/lib/docker:ro 95 | depends_on: 96 | otel: 97 | condition: service_started 98 | logging: 99 | options: 100 | max-size: 50m 101 | max-file: '7' 102 | networks: 103 | - observability-network 104 | 105 | otel: 106 | image: otel/opentelemetry-collector-contrib:0.116.1 107 | restart: unless-stopped 108 | entrypoint: 109 | - '/otelcol-contrib' 110 | - '--config' 111 | - '/etc/otel/config.yml' 112 | - '--set' 113 | - 'service.telemetry.logs.level=warn' 114 | container_name: otel 115 | hostname: otelcol 116 | expose: 117 | - 8148/tcp 118 | - 4318/tcp 119 | ports: 120 | - 127.0.0.1:8148:8148 121 | - 127.0.0.1:4318:4318 122 | extra_hosts: 123 | - host.docker.internal:host-gateway 124 | volumes: 125 | - ./observability/otel:/etc/otel:rw 126 | logging: 127 | options: 128 | max-size: 50m 129 | max-file: '7' 130 | networks: 131 | - observability-network 132 | - langfuse-network 133 | - pentagi-network 134 | 135 | victoriametrics: 136 | image: victoriametrics/victoria-metrics:v1.108.1 137 | restart: unless-stopped 138 | command: 139 | - --storageDataPath=/storage 140 | - --graphiteListenAddr=:2003 141 | - --opentsdbListenAddr=:4242 142 | - --httpListenAddr=:8428 143 | - --influxListenAddr=:8089 144 | - --selfScrapeInterval=10s 145 | container_name: victoriametrics 146 | hostname: victoriametrics 147 | expose: 148 | - 8428/tcp 149 | volumes: 150 | - victoriametrics-data:/storage:rw 151 | logging: 152 | options: 153 | max-size: 50m 154 | max-file: '7' 155 | networks: 156 | - observability-network 157 | 158 | clickstore: 159 | image: clickhouse/clickhouse-server:24 160 | restart: unless-stopped 161 | container_name: clickstore 162 | hostname: clickstore 163 | expose: 164 | - 9000/tcp 165 | environment: 166 | CLICKHOUSE_DB: jaeger 167 | CLICKHOUSE_USER: clickhouse 168 | CLICKHOUSE_PASSWORD: clickhouse 169 | ulimits: 170 | nofile: 171 | hard: 262144 172 | soft: 262144 173 | volumes: 174 | - ./observability/clickhouse/prometheus.xml:/etc/clickhouse-server/config.d/prometheus.xml:ro 175 | - clickhouse-data:/var/lib/clickhouse:rw 176 | healthcheck: 177 | test: wget --no-verbose --tries=1 --spider http://localhost:8123/ping || exit 1 178 | interval: 5s 179 | timeout: 5s 180 | retries: 10 181 | start_period: 1s 182 | logging: 183 | options: 184 | max-size: 50m 185 | max-file: '7' 186 | networks: 187 | - observability-network 188 | 189 | loki: 190 | image: grafana/loki:3.3.2 191 | restart: unless-stopped 192 | command: -config.file=/etc/loki/config.yml 193 | container_name: loki 194 | hostname: loki 195 | expose: 196 | - 3100/tcp 197 | volumes: 198 | - ./observability/loki/config.yml:/etc/loki/config.yml:ro 199 | logging: 200 | options: 201 | max-size: 50m 202 | max-file: '7' 203 | networks: 204 | - observability-network 205 | 206 | jaeger: 207 | image: jaegertracing/all-in-one:1.56.0 208 | restart: unless-stopped 209 | entrypoint: > 210 | /bin/sh -c ' 211 | if [ "$$(uname -m)" = "x86_64" ]; then 212 | ARCH="amd64" 213 | elif [ "$$(uname -m)" = "aarch64" ]; then 214 | ARCH="arm64" 215 | else 216 | echo "Unsupported architecture" 217 | sleep 30 218 | exit 1 219 | fi && 220 | /go/bin/all-in-one-linux 221 | --grpc-storage-plugin.binary=/etc/jaeger/bin/jaeger-clickhouse-linux-$$ARCH 222 | --grpc-storage-plugin.configuration-file=/etc/jaeger/plugin-config.yml 223 | --grpc-storage-plugin.log-level=info' 224 | container_name: jaeger 225 | hostname: jaeger 226 | expose: 227 | - 16686/tcp 228 | - 14250/tcp 229 | - 14268/tcp 230 | - 5778/tcp 231 | - 5775/udp 232 | - 6831/udp 233 | - 6832/udp 234 | ulimits: 235 | nofile: 236 | hard: 65000 237 | soft: 65000 238 | nproc: 65535 239 | volumes: 240 | - ./observability/jaeger:/etc/jaeger:rw 241 | environment: 242 | SPAN_STORAGE_TYPE: grpc-plugin 243 | depends_on: 244 | clickstore: 245 | condition: service_healthy 246 | logging: 247 | options: 248 | max-size: 50m 249 | max-file: '7' 250 | networks: 251 | - observability-network 252 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | volumes: 2 | pentagi-data: 3 | driver: local 4 | pentagi-ssl: 5 | driver: local 6 | scraper-ssl: 7 | driver: local 8 | pentagi-postgres-data: 9 | driver: local 10 | 11 | networks: 12 | pentagi-network: 13 | driver: bridge 14 | name: pentagi-network 15 | observability-network: 16 | driver: bridge 17 | name: observability-network 18 | langfuse-network: 19 | driver: bridge 20 | name: langfuse-network 21 | 22 | services: 23 | 24 | pentagi: 25 | image: vxcontrol/pentagi:latest 26 | restart: unless-stopped 27 | container_name: pentagi 28 | hostname: pentagi 29 | expose: 30 | - 8443/tcp 31 | ports: 32 | - 127.0.0.1:8443:8443 33 | depends_on: 34 | - pgvector 35 | environment: 36 | - DOCKER_GID=998 37 | - CORS_ORIGINS=${CORS_ORIGINS:-} 38 | - COOKIE_SIGNING_SALT=${COOKIE_SIGNING_SALT:-} 39 | - ASK_USER=${ASK_USER:-false} 40 | - OPEN_AI_KEY=${OPEN_AI_KEY:-} 41 | - OPEN_AI_SERVER_URL=${OPEN_AI_SERVER_URL:-} 42 | - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-} 43 | - ANTHROPIC_SERVER_URL=${ANTHROPIC_SERVER_URL:-} 44 | - LLM_SERVER_URL=${LLM_SERVER_URL:-} 45 | - LLM_SERVER_KEY=${LLM_SERVER_KEY:-} 46 | - LLM_SERVER_MODEL=${LLM_SERVER_MODEL:-} 47 | - LLM_SERVER_CONFIG_PATH=${LLM_SERVER_CONFIG_PATH:-} 48 | - LLM_SERVER_LEGACY_REASONING=${LLM_SERVER_LEGACY_REASONING:-} 49 | - EMBEDDING_URL=${EMBEDDING_URL:-} 50 | - EMBEDDING_KEY=${EMBEDDING_KEY:-} 51 | - EMBEDDING_MODEL=${EMBEDDING_MODEL:-} 52 | - EMBEDDING_PROVIDER=${EMBEDDING_PROVIDER:-} 53 | - EMBEDDING_BATCH_SIZE=${EMBEDDING_BATCH_SIZE:-} 54 | - SUMMARIZER_PRESERVE_LAST=${SUMMARIZER_PRESERVE_LAST:-} 55 | - SUMMARIZER_USE_QA=${SUMMARIZER_USE_QA:-} 56 | - SUMMARIZER_SUM_MSG_HUMAN_IN_QA=${SUMMARIZER_SUM_MSG_HUMAN_IN_QA:-} 57 | - SUMMARIZER_LAST_SEC_BYTES=${SUMMARIZER_LAST_SEC_BYTES:-} 58 | - SUMMARIZER_MAX_BP_BYTES=${SUMMARIZER_MAX_BP_BYTES:-} 59 | - SUMMARIZER_MAX_QA_SECTIONS=${SUMMARIZER_MAX_QA_SECTIONS:-} 60 | - SUMMARIZER_MAX_QA_BYTES=${SUMMARIZER_MAX_QA_BYTES:-} 61 | - SUMMARIZER_KEEP_QA_SECTIONS=${SUMMARIZER_KEEP_QA_SECTIONS:-} 62 | - ASSISTANT_USE_AGENTS=${ASSISTANT_USE_AGENTS:-} 63 | - ASSISTANT_SUMMARIZER_PRESERVE_LAST=${ASSISTANT_SUMMARIZER_PRESERVE_LAST:-} 64 | - ASSISTANT_SUMMARIZER_LAST_SEC_BYTES=${ASSISTANT_SUMMARIZER_LAST_SEC_BYTES:-} 65 | - ASSISTANT_SUMMARIZER_MAX_BP_BYTES=${ASSISTANT_SUMMARIZER_MAX_BP_BYTES:-} 66 | - ASSISTANT_SUMMARIZER_MAX_QA_SECTIONS=${ASSISTANT_SUMMARIZER_MAX_QA_SECTIONS:-} 67 | - ASSISTANT_SUMMARIZER_MAX_QA_BYTES=${ASSISTANT_SUMMARIZER_MAX_QA_BYTES:-} 68 | - ASSISTANT_SUMMARIZER_KEEP_QA_SECTIONS=${ASSISTANT_SUMMARIZER_KEEP_QA_SECTIONS:-} 69 | - PROXY_URL=${PROXY_URL:-} 70 | - SCRAPER_PUBLIC_URL=${SCRAPER_PUBLIC_URL:-} 71 | - SCRAPER_PRIVATE_URL=${SCRAPER_PRIVATE_URL:-} 72 | - PUBLIC_URL=${PUBLIC_URL:-} 73 | - STATIC_DIR=${STATIC_DIR:-} 74 | - STATIC_URL=${STATIC_URL:-} 75 | - SERVER_PORT=${SERVER_PORT:-8443} 76 | - SERVER_HOST=${SERVER_HOST:-0.0.0.0} 77 | - SERVER_SSL_CRT=${SERVER_SSL_CRT:-} 78 | - SERVER_SSL_KEY=${SERVER_SSL_KEY:-} 79 | - SERVER_USE_SSL=${SERVER_USE_SSL:-true} 80 | - OAUTH_GOOGLE_CLIENT_ID=${OAUTH_GOOGLE_CLIENT_ID:-} 81 | - OAUTH_GOOGLE_CLIENT_SECRET=${OAUTH_GOOGLE_CLIENT_SECRET:-} 82 | - OAUTH_GITHUB_CLIENT_ID=${OAUTH_GITHUB_CLIENT_ID:-} 83 | - OAUTH_GITHUB_CLIENT_SECRET=${OAUTH_GITHUB_CLIENT_SECRET:-} 84 | - DATABASE_URL=postgres://${PENTAGI_POSTGRES_USER:-postgres}:${PENTAGI_POSTGRES_PASSWORD:-postgres}@pgvector:5432/${PENTAGI_POSTGRES_DB:-pentagidb}?sslmode=disable 85 | - DUCKDUCKGO_ENABLED=${DUCKDUCKGO_ENABLED:-true} 86 | - GOOGLE_API_KEY=${GOOGLE_API_KEY:-} 87 | - GOOGLE_CX_KEY=${GOOGLE_CX_KEY:-} 88 | - TRAVERSAAL_API_KEY=${TRAVERSAAL_API_KEY:-} 89 | - TAVILY_API_KEY=${TAVILY_API_KEY:-} 90 | - PERPLEXITY_API_KEY=${PERPLEXITY_API_KEY:-} 91 | - PERPLEXITY_MODEL=${PERPLEXITY_MODEL:-sonar} 92 | - PERPLEXITY_CONTEXT_SIZE=${PERPLEXITY_CONTEXT_SIZE:-low} 93 | - LANGFUSE_BASE_URL=${LANGFUSE_BASE_URL:-} 94 | - LANGFUSE_PROJECT_ID=${LANGFUSE_PROJECT_ID:-} 95 | - LANGFUSE_PUBLIC_KEY=${LANGFUSE_PUBLIC_KEY:-} 96 | - LANGFUSE_SECRET_KEY=${LANGFUSE_SECRET_KEY:-} 97 | - OTEL_HOST=${OTEL_HOST:-} 98 | - DOCKER_HOST=${DOCKER_HOST:-unix:///var/run/docker.sock} 99 | - DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-} 100 | - DOCKER_CERT_PATH=${DOCKER_CERT_PATH:-} 101 | - DOCKER_INSIDE=${DOCKER_INSIDE:-false} 102 | - DOCKER_NET_ADMIN=${DOCKER_NET_ADMIN:-false} 103 | - DOCKER_SOCKET=${DOCKER_SOCKET:-} 104 | - DOCKER_NETWORK=${DOCKER_NETWORK:-} 105 | - DOCKER_PUBLIC_IP=${DOCKER_PUBLIC_IP:-} 106 | - DOCKER_WORK_DIR=${DOCKER_WORK_DIR:-} 107 | - DOCKER_DEFAULT_IMAGE=${DOCKER_DEFAULT_IMAGE:-} 108 | - DOCKER_DEFAULT_IMAGE_FOR_PENTEST=${DOCKER_DEFAULT_IMAGE_FOR_PENTEST:-} 109 | logging: 110 | options: 111 | max-size: 50m 112 | max-file: '7' 113 | volumes: 114 | - pentagi-data:/opt/pentagi/data 115 | - pentagi-ssl:/opt/pentagi/ssl 116 | - /var/run/docker.sock:/var/run/docker.sock 117 | user: root:root # while using docker.sock 118 | networks: 119 | - pentagi-network 120 | - observability-network 121 | - langfuse-network 122 | 123 | pgvector: 124 | image: vxcontrol/pgvector:latest 125 | restart: unless-stopped 126 | container_name: pgvector 127 | hostname: pgvector 128 | expose: 129 | - 5432/tcp 130 | ports: 131 | - 127.0.0.1:5432:5432 132 | environment: 133 | POSTGRES_USER: ${PENTAGI_POSTGRES_USER:-postgres} 134 | POSTGRES_PASSWORD: ${PENTAGI_POSTGRES_PASSWORD:-postgres} 135 | POSTGRES_DB: ${PENTAGI_POSTGRES_DB:-pentagidb} 136 | logging: 137 | options: 138 | max-size: 50m 139 | max-file: '7' 140 | volumes: 141 | - pentagi-postgres-data:/var/lib/postgresql/data 142 | networks: 143 | - pentagi-network 144 | 145 | pgexporter: 146 | image: quay.io/prometheuscommunity/postgres-exporter:v0.16.0 147 | restart: unless-stopped 148 | depends_on: 149 | - pgvector 150 | container_name: pgexporter 151 | hostname: pgexporter 152 | expose: 153 | - 9187/tcp 154 | ports: 155 | - 127.0.0.1:9187:9187 156 | environment: 157 | - DATA_SOURCE_NAME=pgvector:5432/${PENTAGI_POSTGRES_DB:-pentagidb}?sslmode=disable 158 | - DATA_SOURCE_USER=${PENTAGI_POSTGRES_USER:-postgres} 159 | - DATA_SOURCE_PASS=${PENTAGI_POSTGRES_PASSWORD:-postgres} 160 | logging: 161 | options: 162 | max-size: 50m 163 | max-file: '7' 164 | networks: 165 | - pentagi-network 166 | 167 | scraper: 168 | image: vxcontrol/scraper:latest 169 | restart: unless-stopped 170 | container_name: scraper 171 | hostname: scraper 172 | expose: 173 | - 443/tcp 174 | ports: 175 | - 127.0.0.1:9443:443 176 | environment: 177 | - MAX_CONCURRENT_SESSIONS=${LOCAL_SCRAPER_MAX_CONCURRENT_SESSIONS:-10} 178 | - USERNAME=${LOCAL_SCRAPER_USERNAME:-someuser} 179 | - PASSWORD=${LOCAL_SCRAPER_PASSWORD:-somepass} 180 | logging: 181 | options: 182 | max-size: 50m 183 | max-file: '7' 184 | volumes: 185 | - scraper-ssl:/usr/src/app/ssl 186 | networks: 187 | - pentagi-network 188 | shm_size: 2g 189 | -------------------------------------------------------------------------------- /docker-compose-langfuse.yml: -------------------------------------------------------------------------------- 1 | volumes: 2 | langfuse-postgres-data: 3 | driver: local 4 | langfuse-clickhouse-data: 5 | driver: local 6 | langfuse-clickhouse-logs: 7 | driver: local 8 | langfuse-minio-data: 9 | driver: local 10 | 11 | networks: 12 | langfuse-network: 13 | driver: bridge 14 | external: true 15 | name: langfuse-network 16 | pentagi-network: 17 | driver: bridge 18 | external: true 19 | name: pentagi-network 20 | 21 | services: 22 | langfuse-worker: 23 | image: langfuse/langfuse-worker:3 24 | restart: unless-stopped 25 | container_name: langfuse-worker 26 | hostname: langfuse-worker 27 | depends_on: &langfuse-depends-on 28 | postgres: 29 | condition: service_healthy 30 | minio: 31 | condition: service_healthy 32 | redis: 33 | condition: service_healthy 34 | clickhouse: 35 | condition: service_healthy 36 | environment: &langfuse-worker-env 37 | DATABASE_URL: postgresql://${LANGFUSE_POSTGRES_USER:-postgres}:${LANGFUSE_POSTGRES_PASSWORD:-postgres}@langfuse-postgres:5432/${LANGFUSE_POSTGRES_DB:-langfuse} 38 | SALT: ${LANGFUSE_SALT:-myglobalsalt} # change this to a random string 39 | ENCRYPTION_KEY: ${LANGFUSE_ENCRYPTION_KEY:-0000000000000000000000000000000000000000000000000000000000000000} # generate via `openssl rand -hex 32` 40 | TELEMETRY_ENABLED: ${LANGFUSE_TELEMETRY_ENABLED:-false} 41 | LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES: ${LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES:-true} 42 | OTEL_EXPORTER_OTLP_ENDPOINT: ${LANGFUSE_OTEL_EXPORTER_OTLP_ENDPOINT:-} 43 | OTEL_SERVICE_NAME: ${LANGFUSE_OTEL_SERVICE_NAME:-langfuse} 44 | CLICKHOUSE_MIGRATION_URL: ${LANGFUSE_CLICKHOUSE_MIGRATION_URL:-clickhouse://langfuse-clickhouse:9000} 45 | CLICKHOUSE_URL: ${LANGFUSE_CLICKHOUSE_URL:-http://langfuse-clickhouse:8123} 46 | CLICKHOUSE_USER: ${LANGFUSE_CLICKHOUSE_USER:-clickhouse} 47 | CLICKHOUSE_PASSWORD: ${LANGFUSE_CLICKHOUSE_PASSWORD:-clickhouse} 48 | CLICKHOUSE_CLUSTER_ENABLED: ${LANGFUSE_CLICKHOUSE_CLUSTER_ENABLED:-false} 49 | LANGFUSE_S3_EVENT_UPLOAD_BUCKET: ${LANGFUSE_S3_BUCKET:-langfuse} 50 | LANGFUSE_S3_EVENT_UPLOAD_REGION: ${LANGFUSE_S3_REGION:-auto} 51 | LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID: ${LANGFUSE_S3_ACCESS_KEY_ID:-minio} 52 | LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY: ${LANGFUSE_S3_SECRET_ACCESS_KEY:-miniosecret} 53 | LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT: ${LANGFUSE_S3_ENDPOINT:-http://langfuse-minio:9000} 54 | LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE: ${LANGFUSE_S3_FORCE_PATH_STYLE:-true} 55 | LANGFUSE_S3_EVENT_UPLOAD_PREFIX: ${LANGFUSE_S3_EVENT_UPLOAD_PREFIX:-events/} 56 | LANGFUSE_S3_MEDIA_UPLOAD_BUCKET: ${LANGFUSE_S3_BUCKET:-langfuse} 57 | LANGFUSE_S3_MEDIA_UPLOAD_REGION: ${LANGFUSE_S3_REGION:-auto} 58 | LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID: ${LANGFUSE_S3_ACCESS_KEY_ID:-minio} 59 | LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY: ${LANGFUSE_S3_SECRET_ACCESS_KEY:-miniosecret} 60 | LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT: ${LANGFUSE_S3_ENDPOINT:-http://langfuse-minio:9000} 61 | LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE: ${LANGFUSE_S3_FORCE_PATH_STYLE:-true} 62 | LANGFUSE_S3_MEDIA_UPLOAD_PREFIX: ${LANGFUSE_S3_MEDIA_UPLOAD_PREFIX:-media/} 63 | REDIS_HOST: ${LANGFUSE_REDIS_HOST:-langfuse-redis} 64 | REDIS_PORT: ${LANGFUSE_REDIS_PORT:-6379} 65 | REDIS_AUTH: ${LANGFUSE_REDIS_AUTH:-myredissecret} 66 | logging: 67 | options: 68 | max-size: 50m 69 | max-file: '7' 70 | networks: 71 | - langfuse-network 72 | 73 | langfuse-web: 74 | image: langfuse/langfuse:3 75 | restart: unless-stopped 76 | container_name: langfuse-web 77 | hostname: langfuse-web 78 | depends_on: *langfuse-depends-on 79 | expose: 80 | - 3000/tcp 81 | ports: 82 | - 127.0.0.1:4000:3000 83 | environment: 84 | <<: *langfuse-worker-env 85 | NEXTAUTH_URL: ${LANGFUSE_NEXTAUTH_URL:-http://localhost:4000} 86 | NEXTAUTH_SECRET: ${LANGFUSE_NEXTAUTH_SECRET:-mysecret} 87 | LANGFUSE_LOG_LEVEL: ${LANGFUSE_LOG_LEVEL:-debug} 88 | LANGFUSE_INIT_ORG_ID: ${LANGFUSE_INIT_ORG_ID:-ocm47619l0000872mcd2dlbqwb} 89 | LANGFUSE_INIT_ORG_NAME: ${LANGFUSE_INIT_ORG_NAME:-PentAGI Demo} 90 | LANGFUSE_INIT_PROJECT_ID: ${LANGFUSE_INIT_PROJECT_ID:-cm47619l0000872mcd2dlbqwb} 91 | LANGFUSE_INIT_PROJECT_NAME: ${LANGFUSE_INIT_PROJECT_NAME:-PentAGI} 92 | LANGFUSE_INIT_PROJECT_PUBLIC_KEY: ${LANGFUSE_INIT_PROJECT_PUBLIC_KEY:-pk-lf-5946031c-ae6c-4451-98d2-9882a59e1707} # change this to a random string 93 | LANGFUSE_INIT_PROJECT_SECRET_KEY: ${LANGFUSE_INIT_PROJECT_SECRET_KEY:-sk-lf-d9035680-89dd-4950-8688-7870720bf359} # change this to a random string 94 | LANGFUSE_INIT_USER_EMAIL: ${LANGFUSE_INIT_USER_EMAIL:-admin@pentagi.com} 95 | LANGFUSE_INIT_USER_NAME: ${LANGFUSE_INIT_USER_NAME:-admin} 96 | LANGFUSE_INIT_USER_PASSWORD: ${LANGFUSE_INIT_USER_PASSWORD:-P3nTagIsD0d} # change this to a random password 97 | LANGFUSE_SDK_CI_SYNC_PROCESSING_ENABLED: ${LANGFUSE_SDK_CI_SYNC_PROCESSING_ENABLED:-false} 98 | LANGFUSE_READ_FROM_POSTGRES_ONLY: ${LANGFUSE_READ_FROM_POSTGRES_ONLY:-false} 99 | LANGFUSE_READ_FROM_CLICKHOUSE_ONLY: ${LANGFUSE_READ_FROM_CLICKHOUSE_ONLY:-true} 100 | LANGFUSE_RETURN_FROM_CLICKHOUSE: ${LANGFUSE_RETURN_FROM_CLICKHOUSE:-true} 101 | # langfuse enterprise license key 102 | LANGFUSE_EE_LICENSE_KEY: ${LANGFUSE_EE_LICENSE_KEY:-} 103 | # custom oauth2 104 | AUTH_CUSTOM_CLIENT_ID: ${LANGFUSE_AUTH_CUSTOM_CLIENT_ID} 105 | AUTH_CUSTOM_CLIENT_SECRET: ${LANGFUSE_AUTH_CUSTOM_CLIENT_SECRET} 106 | AUTH_CUSTOM_ISSUER: ${LANGFUSE_AUTH_CUSTOM_ISSUER} 107 | AUTH_CUSTOM_NAME: ${LANGFUSE_AUTH_CUSTOM_NAME} 108 | AUTH_CUSTOM_SCOPE: ${LANGFUSE_AUTH_CUSTOM_SCOPE:-openid email profile} 109 | AUTH_CUSTOM_ALLOW_ACCOUNT_LINKING: ${LANGFUSE_AUTH_CUSTOM_ALLOW_ACCOUNT_LINKING:-true} 110 | AUTH_CUSTOM_CLIENT_AUTH_METHOD: ${LANGFUSE_AUTH_CUSTOM_CLIENT_AUTH_METHOD} 111 | AUTH_DISABLE_SIGNUP: ${LANGFUSE_AUTH_DISABLE_SIGNUP} 112 | LANGFUSE_ALLOWED_ORGANIZATION_CREATORS: ${LANGFUSE_ALLOWED_ORGANIZATION_CREATORS} 113 | AUTH_SESSION_MAX_AGE: ${LANGFUSE_AUTH_SESSION_MAX_AGE:-240} 114 | LANGFUSE_DEFAULT_ORG_ID: ${LANGFUSE_DEFAULT_ORG_ID:-ocm47619l0000872mcd2dlbqwb} 115 | LANGFUSE_DEFAULT_PROJECT_ID: ${LANGFUSE_DEFAULT_PROJECT_ID:-cm47619l0000872mcd2dlbqwb} 116 | LANGFUSE_DEFAULT_ORG_ROLE: ${LANGFUSE_DEFAULT_ORG_ROLE:-VIEWER} 117 | LANGFUSE_DEFAULT_PROJECT_ROLE: ${LANGFUSE_DEFAULT_PROJECT_ROLE:-VIEWER} 118 | logging: 119 | options: 120 | max-size: 50m 121 | max-file: '7' 122 | networks: 123 | - langfuse-network 124 | - pentagi-network 125 | 126 | clickhouse: 127 | image: clickhouse/clickhouse-server 128 | restart: unless-stopped 129 | user: "101:101" 130 | container_name: langfuse-clickhouse 131 | hostname: langfuse-clickhouse 132 | environment: 133 | CLICKHOUSE_DB: ${LANGFUSE_CLICKHOUSE_DB:-default} 134 | CLICKHOUSE_USER: ${LANGFUSE_CLICKHOUSE_USER:-clickhouse} 135 | CLICKHOUSE_PASSWORD: ${LANGFUSE_CLICKHOUSE_PASSWORD:-clickhouse} 136 | volumes: 137 | - langfuse-clickhouse-data:/var/lib/clickhouse 138 | - langfuse-clickhouse-logs:/var/log/clickhouse-server 139 | healthcheck: 140 | test: wget --no-verbose --tries=1 --spider http://localhost:8123/ping || exit 1 141 | interval: 5s 142 | timeout: 5s 143 | retries: 10 144 | start_period: 1s 145 | logging: 146 | options: 147 | max-size: 50m 148 | max-file: '7' 149 | networks: 150 | - langfuse-network 151 | 152 | minio: 153 | image: minio/minio 154 | restart: unless-stopped 155 | container_name: langfuse-minio 156 | hostname: langfuse-minio 157 | command: server /data --console-address ":9001" --address ":9000" --json 158 | environment: 159 | MINIO_ROOT_USER: ${LANGFUSE_S3_ACCESS_KEY_ID:-minio} 160 | MINIO_ROOT_PASSWORD: ${LANGFUSE_S3_SECRET_ACCESS_KEY:-miniosecret} 161 | MINIO_BUCKET_NAME: ${LANGFUSE_S3_BUCKET:-langfuse} 162 | MINIO_UPDATE: off 163 | entrypoint: | 164 | /bin/sh -c ' 165 | isAlive() { mc ready local >/dev/null 2>&1; } # check if Minio is alive 166 | minio $0 "$@" --quiet & echo $! > /tmp/minio.pid # start Minio in the background 167 | until isAlive; do sleep 1; done # wait until Minio is alive 168 | echo "MinIO is ready. Proceeding with setup..." 169 | mc alias set myminio http://localhost:9000 $$MINIO_ROOT_USER $$MINIO_ROOT_PASSWORD 170 | mc mb myminio/$$MINIO_BUCKET_NAME/ --ignore-existing # create test bucket 171 | mc anonymous set public myminio/$$MINIO_BUCKET_NAME # make the test bucket public 172 | mc admin update myminio/$$MINIO_BUCKET_NAME # update test bucket 173 | echo "MinIO is configured. Trying to restart Minio..." 174 | kill -s INT $$(cat /tmp/minio.pid) # try to stop Minio 175 | while [ -e "/proc/$$(cat /tmp/minio.pid)" ]; do sleep 0.5; done # wait until Minio is stopped 176 | rm /tmp/minio.pid # remove the pid file 177 | echo "MinIO is configured and running..." 178 | exec minio $0 "$@" # start Minio in the foreground 179 | ' 180 | volumes: 181 | - langfuse-minio-data:/data 182 | healthcheck: 183 | test: ["CMD", "mc", "ready", "local"] 184 | interval: 3s 185 | timeout: 5s 186 | retries: 5 187 | start_period: 1s 188 | logging: 189 | options: 190 | max-size: 50m 191 | max-file: '7' 192 | networks: 193 | - langfuse-network 194 | 195 | redis: 196 | image: redis:7 197 | restart: unless-stopped 198 | container_name: langfuse-redis 199 | hostname: langfuse-redis 200 | command: > 201 | --requirepass ${LANGFUSE_REDIS_AUTH:-myredissecret} 202 | healthcheck: 203 | test: ["CMD", "redis-cli", "ping"] 204 | interval: 3s 205 | timeout: 10s 206 | retries: 10 207 | logging: 208 | options: 209 | max-size: 50m 210 | max-file: '7' 211 | networks: 212 | - langfuse-network 213 | 214 | postgres: 215 | image: postgres:${LANGFUSE_POSTGRES_VERSION:-latest} 216 | restart: unless-stopped 217 | container_name: langfuse-postgres 218 | hostname: langfuse-postgres 219 | environment: 220 | POSTGRES_USER: ${LANGFUSE_POSTGRES_USER:-postgres} 221 | POSTGRES_PASSWORD: ${LANGFUSE_POSTGRES_PASSWORD:-postgres} 222 | POSTGRES_DB: ${LANGFUSE_POSTGRES_DB:-langfuse} 223 | volumes: 224 | - langfuse-postgres-data:/var/lib/postgresql/data 225 | healthcheck: 226 | test: ["CMD-SHELL", "pg_isready -U $${LANGFUSE_POSTGRES_USER:-postgres}"] 227 | interval: 3s 228 | timeout: 3s 229 | retries: 10 230 | logging: 231 | options: 232 | max-size: 50m 233 | max-file: '7' 234 | networks: 235 | - langfuse-network 236 | -------------------------------------------------------------------------------- /EULA.md: -------------------------------------------------------------------------------- 1 | # PentAGI End User License Agreement 2 | 3 | ## Introduction 4 | 5 | This **End User License Agreement (EULA)** governs the terms and conditions for the use of PentAGI, an advanced AI-powered penetration testing tool. This product is provided by the **PentAGI Development Team**, and is distributed in the form of [source code](https://github.com/vxcontrol/pentagi) available on GitHub under the MIT license as well as [pre-built Docker images](https://hub.docker.com/r/vxcontrol/pentagi) available on Docker Hub. 6 | 7 | Users agree to this EULA when downloading either the source code or the Docker images or by accessing the product's interface through its web UI. It is the user's responsibility to ensure compliance with all applicable laws and standards when utilizing PentAGI. This product is intended for lawful penetration testing purposes and research purposes only and does not inherently possess tools used for executing cyber attacks. Instead, it facilitates the download of publicly available penetration testing tools such as those from Kali Linux or other similar distributions. 8 | 9 | PentAGI operates independently of services provided by the Developers and allows users to self-deploy all components. Users initiate interaction through a web user interface, which is part of the product itself. Integration with external LLM providers and search systems requires careful oversight by the user to ensure data compliance, including regulations like GDPR. 10 | 11 | The **PentAGI Development Team** can be contacted via GitHub or through the email address [info@pentagi.com](mailto:info@pentagi.com). This document should be reviewed in its entirety to fully understand the terms and legal obligations therein. 12 | 13 | ## License Grant 14 | 15 | Under this EULA, the **PentAGI Development Team** grants you a non-exclusive, non-transferable, revocable license to use the PentAGI software solely for lawful penetration testing purposes. This license is effective when you download the source code or Docker images and remains in effect until terminated as outlined in this agreement. 16 | 17 | The source code of PentAGI is provided under the MIT license, the terms of which are incorporated herein by reference. This EULA governs your use of the PentAGI software as a whole, including any pre-built Docker images and the web UI, and applies in addition to the MIT license. In the event of any conflict between this EULA and the MIT license, the terms of the MIT license shall prevail with respect to the source code. 18 | 19 | You are permitted to use the PentAGI software on your own infrastructure, self-deploying all components according to provided documentation. The license covers usage as allowed by the MIT license under which the source code is distributed, but does not extend to any proprietary tools that may be downloaded or used in conjunction with the PentAGI software. 20 | 21 | You may not sublicense, sell, lease, or distribute the PentAGI software or its derivatives in any form other than stated in the license agreement. Modification and redistribution are permitted under the MIT license conditions; however, the **PentAGI Development Team** holds no responsibility for any alterations not published by them through the official GitHub or Docker Hub pages. 22 | 23 | ## Acceptable Use 24 | 25 | PentAGI is to be used exclusively for authorized penetration testing and security assessments in environments where you have explicit permission from the network owner. You must ensure that all usage complies with applicable laws, standards, and regulations, particularly those concerning cybersecurity and data protection. 26 | 27 | You are solely responsible for the execution and outcomes of any tasks set for AI agents within the PentAGI interface. The logic and actions of the AI agents are strictly determined by the tasks and instructions you provide. The **PentAGI Development Team** does not supervise or control the actions of the AI agents and is not responsible for any consequences arising from their actions. You must verify that all data sent to AI agents, external LLM providers, search systems, or stored within PentAGI complies with legal standards and regulations, including but not limited to GDPR. 28 | 29 | You must not use PentAGI in any critical infrastructure, emergency response systems, or other high-risk environments without proper testing and validation. The software is intended for research and testing purposes only and should not be deployed in production environments without thorough security assessment. 30 | 31 | Using PentAGI for any activity that violates laws or regulations, including but not limited to unauthorized network access, is strictly prohibited. Users found using the software for illegal purposes may have their license revoked and could face further legal consequences, as determined by law enforcement. 32 | 33 | ## Data Privacy and Security 34 | 35 | You acknowledge that PentAGI may process sensitive information during penetration testing activities. You are solely responsible for ensuring that all data processing complies with applicable privacy laws and regulations, including GDPR, CCPA, and other relevant data protection regulations. 36 | 37 | The **PentAGI Development Team** does not collect, store, or process any user data through the software. All data processing occurs locally within your infrastructure or through third-party services that you configure. You are responsible for implementing appropriate security measures to protect any sensitive data processed through PentAGI. 38 | 39 | When using PentAGI's integration capabilities with external services, you must ensure that all data transfers comply with applicable data protection regulations and that you have obtained necessary consents for data processing. 40 | 41 | ## Third-Party Services 42 | 43 | PentAGI integrates with external third-party services, including but not limited to Large Language Model (LLM) providers such as OpenAI, Anthropic, Depp Infra, OpenRouter, and search engines such as Tavily, Traversal, Perplexity, DuckDuckGo and Google. You acknowledge and agree that your use of these third-party services is at your sole discretion and responsibility. 44 | 45 | When using self-hosted or local LLM servers compatible with OpenAI API, you are solely responsible for ensuring the security and compliance of these deployments. The PentAGI Development Team bears no responsibility for any data leaks or security issues arising from the use of such local deployments. 46 | 47 | The **PentAGI Development Team** does not control and is not responsible for any content, data, or privacy practices of these third-party services. You are responsible for ensuring that your use of these services, including any data you transmit to them, complies with all applicable laws and regulations, including data protection and privacy laws such as the General Data Protection Regulation (GDPR). 48 | 49 | By using PentAGI's integration with third-party services, you agree to comply with any terms and conditions imposed by those services. The **PentAGI Development Team** disclaims any and all liability arising from your use of third-party services and makes no representations or warranties regarding the functionality or security of these services. 50 | 51 | ## Disclaimer of Warranties 52 | 53 | PentAGI is provided "as is" and "as available," with all faults and without warranty of any kind. To the maximum extent permitted by applicable law, the **PentAGI Development Team** disclaims all warranties, whether express, implied, statutory, or otherwise, regarding the software, including without limitation any warranties of merchantability, fitness for a particular purpose, title, and non-infringement. 54 | 55 | The **PentAGI Development Team** disclaims any liability for actions performed by AI agents within the software, or for any data transmitted to third-party services by the user. 56 | 57 | The Developers do not warrant that the PentAGI software will operate uninterrupted or error-free, that defects will be corrected, or that the software is free of viruses or other harmful components. Your use of the software is at your sole risk, and you assume full responsibility for any costs or losses incurred. 58 | 59 | ## Limitation of Liability 60 | 61 | To the fullest extent permitted by law, in no event shall the **PentAGI Development Team** be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, lost savings, business interruption, or loss of data, arising out of your use or inability to use the PentAGI software, even if advised of the possibility of such damages. 62 | 63 | The **PentAGI Development Team** shall not be liable for any damages or losses resulting from the actions of AI agents operated through PentAGI, or from the use of third-party services integrated with PentAGI. 64 | 65 | The **PentAGI Development Team** shall not be liable for any damages or losses resulting from modifications to the source code, whether made by you or third parties, including but not limited to forks of the GitHub repository or modified Docker images not officially published by the PentAGI Development Team. 66 | 67 | The total cumulative liability of the **PentAGI Development Team** arising from or related to this EULA, whether in contract, tort, or otherwise, shall not exceed the amount paid by you for the software. 68 | 69 | ## Indemnification 70 | 71 | You agree to indemnify, defend, and hold harmless the **PentAGI Development Team**, its members, and any of its contractors, suppliers, or affiliates from and against any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys' fees and costs, arising out of or in any way connected to your use of the PentAGI software, your violation of this EULA, or your violation of any law or the rights of a third party. 72 | 73 | ## Termination 74 | 75 | This EULA is effective until terminated either by you or by the **PentAGI Development Team**. You may terminate this agreement at any time by ceasing all use of the PentAGI software and destroying all copies in your possession. 76 | 77 | The **PentAGI Development Team** reserves the right to terminate this EULA and your access to the software immediately, without notice, if you breach any term of this agreement. Upon termination, you must cease all use of the software and destroy all copies, whether full or partial, in your possession. 78 | 79 | ## Governing Law and Dispute Resolution 80 | 81 | This EULA and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the United Kingdom, without regard to its conflict of law principles. 82 | 83 | Any and all disputes arising under or in connection with this EULA shall be resolved through negotiations. If the parties cannot resolve a dispute through good-faith negotiations within 90 days, they agree to submit the dispute to binding arbitration under the rules of an arbitration body in the United Kingdom. The language of arbitration shall be English. 84 | 85 | ## Miscellaneous Provisions 86 | 87 | This EULA constitutes the entire agreement between you and the **PentAGI Development Team** regarding the use of PentAGI and supersedes all prior agreements and understandings. If any provision of this EULA is found to be invalid or unenforceable, the remainder shall continue to be fully enforceable and effective. 88 | 89 | The **PentAGI Development Team** publishes official updates and versions of the software only on the GitHub repository at [vxcontrol/pentagi](https://github.com/vxcontrol/pentagi) and on Docker Hub at [vxcontrol/pentagi](https://hub.docker.com/r/vxcontrol/pentagi). Any forks, derivative works, or modified versions of the software are not endorsed by the **PentAGI Development Team**, and the team bears no responsibility for such versions. 90 | 91 | The Developers reserve the right to modify this EULA at any time by posting the revised EULA on the official PentAGI GitHub page or notifying users via email. Any modifications will be effective immediately upon posting or notification for the next product versions. 92 | 93 | Failure by either party to enforce any provision of this EULA shall not constitute a waiver of future enforcement of that or any other provision. 94 | --------------------------------------------------------------------------------