Skip to main content

Introduction

PentAGI uses environment variables for all configuration settings. The .env.example file in the repository contains all available configuration options with inline documentation. This page provides an overview of the configuration structure and key settings.

Configuration File Structure

PentAGI’s configuration is organized into several logical sections:

Core Settings

Installation ID, license keys, and server configuration

LLM Providers

OpenAI, Anthropic, Gemini, Bedrock, Ollama, and custom providers

Search Engines

DuckDuckGo, Google, Tavily, Traversaal, Perplexity, and Searxng

Security

SSL/TLS, authentication, OAuth, and secrets management

Observability

Langfuse, Grafana, OpenTelemetry, and monitoring

Setting Up Configuration

The interactive installer automatically creates and configures your .env file: 
# Download and run the installer
./installer
The installer will:
  • Verify system requirements
  • Create .env file with optimal defaults
  • Configure LLM providers and search engines
  • Generate secure credentials
  • Set up SSL certificates

Option 2: Manual Configuration

  1. Copy the example file:
curl -o .env https://raw.githubusercontent.com/vxcontrol/pentagi/master/.env.example
  1. Download provider configuration examples:
curl -o example.custom.provider.yml https://raw.githubusercontent.com/vxcontrol/pentagi/master/examples/configs/custom-openai.provider.yml
curl -o example.ollama.provider.yml https://raw.githubusercontent.com/vxcontrol/pentagi/master/examples/configs/ollama-llama318b.provider.yml
  1. Edit the .env file to add your API keys and configure settings
  2. Remove inline comments if using as an envFile in IDEs: 
perl -i -pe 's/\s+#.*$//' .env

Core Settings

These are the foundational configuration options for PentAGI:
INSTALLATION_ID
string
Installation identifier for PentAGI Cloud API communication
LICENSE_KEY
string
License key for PentAGI Cloud API access
ASK_USER
boolean
default:"false"
Allow PentAGI to interact with users during task execution
PROXY_URL
string
Global HTTP proxy URL for all LLM providers and external systems (for network isolation)Example: http://proxy.example.com:8080

Server Configuration

Configure how the PentAGI server listens and serves requests:

Docker Compose Settings

PENTAGI_LISTEN_IP
string
default:"127.0.0.1"
IP address for PentAGI to bind to on the host machine
PENTAGI_LISTEN_PORT
number
default:"8443"
Port for PentAGI to listen on (host machine)
PENTAGI_DATA_DIR
string
default:"pentagi-data"
Directory path or volume name for persistent data storage
PENTAGI_SSL_DIR
string
default:"pentagi-ssl"
Directory path or volume name for SSL certificates
PENTAGI_DOCKER_SOCKET
string
default:"/var/run/docker.sock"
Path to Docker socket on the host machine
PENTAGI_DOCKER_CERT_PATH
string
default:"./docker-ssl"
Path to Docker TLS certificates on host for remote Docker connections

Internal Container Settings

SERVER_PORT
number
default:"8443"
Port the server listens on inside the container
SERVER_HOST
string
default:"0.0.0.0"
Host address the server binds to inside the container
SERVER_USE_SSL
boolean
default:"true"
Enable HTTPS for the web server
SERVER_SSL_CRT
string
Path to custom SSL certificate file inside the container
SERVER_SSL_KEY
string
Path to custom SSL private key file inside the container
STATIC_DIR
string
Directory for static files inside the container
STATIC_URL
string
URL path prefix for serving static files

Database Configuration

PentAGI uses PostgreSQL with pgvector for persistent storage:
PENTAGI_POSTGRES_USER
string
default:"postgres"
PostgreSQL username
PENTAGI_POSTGRES_PASSWORD
string
default:"postgres"
PostgreSQL password
Change this default value in production environments
PENTAGI_POSTGRES_DB
string
default:"pentagidb"
PostgreSQL database name
PGVECTOR_LISTEN_IP
string
default:"127.0.0.1"
IP address for PostgreSQL to bind to on host
PGVECTOR_LISTEN_PORT
number
default:"5432"
PostgreSQL port on host machine

Scraper Configuration

The scraper service provides isolated browser automation:
SCRAPER_PUBLIC_URL
string
Public URL for scraper service (for external/public targets)
SCRAPER_PRIVATE_URL
string
default:"https://someuser:somepass@scraper/"
Private URL for scraper service (for internal/local targets with authentication)
LOCAL_SCRAPER_USERNAME
string
default:"someuser"
Username for scraper basic authentication
Change this default value for security
LOCAL_SCRAPER_PASSWORD
string
default:"somepass"
Password for scraper basic authentication
Change this default value for security
LOCAL_SCRAPER_MAX_CONCURRENT_SESSIONS
number
default:"10"
Maximum number of concurrent browser sessions
SCRAPER_LISTEN_IP
string
default:"127.0.0.1"
IP address for scraper to bind to on host
SCRAPER_LISTEN_PORT
number
default:"9443"
Scraper HTTPS port on host machine

Docker Execution Settings

Configure how PentAGI manages Docker containers for task execution:

Docker Client Configuration

DOCKER_HOST
string
default:"unix:///var/run/docker.sock"
Docker host connection (socket or TCP)Examples:
  • unix:///var/run/docker.sock - Local socket
  • tcp://remote-host:2376 - Remote Docker over TLS
DOCKER_TLS_VERIFY
boolean
Enable TLS verification for remote Docker connections
DOCKER_CERT_PATH
string
Path to Docker TLS certificates inside the container

Container Execution Settings

DOCKER_INSIDE
boolean
default:"true"
Enable Docker socket access inside containers
DOCKER_NET_ADMIN
boolean
default:"true"
Enable NET_ADMIN capability for network operations
DOCKER_SOCKET
string
default:"/var/run/docker.sock"
Path to Docker socket on host (for mounting into containers)
DOCKER_NETWORK
string
Default Docker network for created containers
DOCKER_WORK_DIR
string
Default working directory inside containers
DOCKER_PUBLIC_IP
string
default:"0.0.0.0"
Public IP address of host machine for port bindings
DOCKER_DEFAULT_IMAGE
string
Default Docker image for general tasks
DOCKER_DEFAULT_IMAGE_FOR_PENTEST
string
Default Docker image specifically for penetration testing tasks

Assistant Configuration

Control default behavior for AI assistants:
ASSISTANT_USE_AGENTS
boolean
default:"false"
Default value for agent delegation when creating new assistants
  • false: New assistants start without agent delegation
  • true: New assistants start with agent delegation enabled
Users can override this setting in the UI when creating/editing assistants

Embedding Configuration

Configure vector embeddings for semantic search:
EMBEDDING_URL
string
URL for embedding service API endpoint
EMBEDDING_KEY
string
API key for embedding service authentication
EMBEDDING_MODEL
string
Model name to use for generating embeddings
EMBEDDING_PROVIDER
string
Embedding provider identifier (e.g., openai, cohere)
EMBEDDING_BATCH_SIZE
number
Number of texts to embed in a single batch request
EMBEDDING_STRIP_NEW_LINES
boolean
Remove newline characters from text before embedding

Summarizer Configuration

Control context window management and conversation summarization:

Global Summarizer Settings

SUMMARIZER_PRESERVE_LAST
boolean
default:"true"
Keep all messages in the last section intact without summarization
SUMMARIZER_USE_QA
boolean
default:"true"
Use question-answer pair summarization strategy
SUMMARIZER_SUM_MSG_HUMAN_IN_QA
boolean
default:"false"
Summarize human messages within QA pairs
SUMMARIZER_LAST_SEC_BYTES
number
default:"51200"
Maximum byte size for the last section (50KB)
SUMMARIZER_MAX_BP_BYTES
number
default:"16384"
Maximum byte size for a single body pair (16KB)
SUMMARIZER_MAX_QA_SECTIONS
number
default:"10"
Maximum number of QA pair sections to preserve
SUMMARIZER_MAX_QA_BYTES
number
default:"65536"
Maximum byte size for QA pair sections (64KB)
SUMMARIZER_KEEP_QA_SECTIONS
number
default:"1"
Number of recent QA sections to keep without summarization

Assistant Summarizer Settings

ASSISTANT_SUMMARIZER_PRESERVE_LAST
boolean
default:"true"
Preserve all messages in assistant’s last section
ASSISTANT_SUMMARIZER_LAST_SEC_BYTES
number
default:"76800"
Maximum byte size for assistant’s last section (75KB)
ASSISTANT_SUMMARIZER_MAX_BP_BYTES
number
default:"16384"
Maximum byte size for a single body pair in assistant context (16KB)
ASSISTANT_SUMMARIZER_MAX_QA_SECTIONS
number
default:"7"
Maximum QA sections to preserve in assistant context
ASSISTANT_SUMMARIZER_MAX_QA_BYTES
number
default:"76800"
Maximum byte size for assistant’s QA sections (75KB)
ASSISTANT_SUMMARIZER_KEEP_QA_SECTIONS
number
default:"3"
Number of recent QA sections to preserve without summarization

Graphiti Knowledge Graph

Optional knowledge graph integration for semantic understanding:
GRAPHITI_ENABLED
boolean
default:"false"
Enable Graphiti knowledge graph integration
GRAPHITI_TIMEOUT
number
default:"30"
Timeout in seconds for Graphiti API requests
GRAPHITI_URL
string
default:"http://graphiti:8000"
Graphiti service URL
GRAPHITI_MODEL_NAME
string
LLM model name for entity extraction (e.g., gpt-5-mini)
NEO4J_USER
string
default:"neo4j"
Neo4j database username (used by Graphiti)
NEO4J_DATABASE
string
default:"neo4j"
Neo4j database name
NEO4J_PASSWORD
string
default:"devpassword"
Neo4j database password
Change this default value in production
NEO4J_URI
string
default:"bolt://neo4j:7687"
Neo4j connection URI

Next Steps

Configure LLM Providers

Set up OpenAI, Anthropic, Gemini, Bedrock, or Ollama

Configure Search Engines

Enable DuckDuckGo, Google, Tavily, and more

Security Settings

Configure SSL, authentication, and secrets

Set Up Observability

Enable Langfuse, Grafana, and OpenTelemetry

Build docs developers (and LLMs) love

Get started for freeTalk to us