Introduction
PentAGI provides a comprehensive GraphQL API for managing autonomous penetration testing workflows, AI agents, and security assessments. The API enables you to create and manage flows, tasks, assistants, and access detailed execution logs.Endpoint
The GraphQL API is available at:GraphQL Playground
An interactive GraphQL playground is available for testing queries:WebSocket Endpoint
For real-time subscriptions, connect to the same endpoint using WebSocket protocol:Key Features
Flow Management
Create and manage penetration testing flows with AI-powered automation
Real-time Updates
Subscribe to live updates via GraphQL subscriptions
Agent Orchestration
Control specialized AI agents for different security tasks
Comprehensive Logging
Access detailed execution logs, terminal output, and agent communications
Core Concepts
Flows
Flows represent complete penetration testing sessions. Each flow:- Has a unique ID and title
- Executes with a specific LLM provider
- Contains multiple tasks and subtasks
- Tracks execution status (created, running, waiting, finished, failed)
- Manages isolated Docker containers (terminals)
Tasks & Subtasks
Tasks are high-level objectives within a flow. Each task:- Can be broken down into subtasks
- Has input, result, and status tracking
- Logs all agent interactions and tool calls
Assistants
Assistants are interactive AI agents that can:- Answer questions about the flow
- Execute follow-up tasks
- Optionally use the full agent team or work independently
Providers
PentAGI supports multiple LLM providers:- OpenAI
- Anthropic
- Google Gemini
- AWS Bedrock
- Ollama (local)
- Custom endpoints
Response Format
All GraphQL responses follow the standard format:Rate Limits
Rate limits depend on your deployment configuration and chosen LLM provider limits.
Next Steps
Authentication
Learn how to authenticate API requests
Flows API
Manage penetration testing flows
Tasks API
Work with tasks and subtasks
Agents API
Control AI agents and view logs