Skip to content

2.1.0

Latest
Latest

Choose a tag to compare

View all tags
@asdek asdek released this 29 May 18:25
· 5 commits to main since this release
v2.1.0
a112db2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

PentAGI 2.1 — File Management, Knowledge Base, ToolCall Observability, and Assistant Flow Control

This release adds a complete file management layer (user resource libraries and flow workspace files with container sync), a first-class Knowledge Base with semantic search and anonymization, real-time ToolCall logging, and assistant tools to monitor and steer running flows. It also refreshes model configurations across OpenAI, Anthropic, Gemini, DeepSeek, Qwen, Kimi, and GLM, a broad frontend modernization pass (React 19, Apollo Client v4, Vite 8), and a wide range of stability and security fixes.

DiscordTelegram

Major Features

User Resources & Flow Files

A new file management layer lets users bring their own files into PentAGI and share them with agents.

  • User Resources — a persistent, per-user file library with MD5-deduplicated storage and a virtual path filesystem. Full REST and GraphQL CRUD (upload, mkdir, move, copy, delete, download), real-time subscriptions, and atomic multi-source / multi-path batch operations.
  • Flow files — per-flow workspace files that sync into worker containers at /work/uploads and /work/resources. Files can be pulled back out of a running container and promoted into the user library. Attached files are injected into agent system prompts as a structured <task_files> block, so the assistant is aware of what the user provided.
  • File Manager UI — a reusable tree component with multi-select, keyboard navigation, drag-and-drop, sortable columns, bulk actions, and an overwrite workflow. Used by both the new /resources page and the flow Files tab.
  • Limits and hardening — enforced on both ends: 300 MB per file, 1000 files per request, 2 GB total, 255-byte names. Upload paths are protected against directory traversal and symlink escapes.

Knowledge Base Management

The pgvector memory store is now a first-class, user-manageable resource rather than agent-only auto-storage.

  • GraphQL/REST CRUD plus semantic search over the knowledge store, with admin/user scoping, per-user document ownership, re-embedding on update, and real-time subscriptions.
  • A new /knowledges interface with list and detail pages, a TipTap markdown editor, partial updates, inline rename/delete, and a collapsible semantic-search input (hotkey-accessible).
  • Text anonymization — a new anonymizeText service (GraphQL/REST) to scrub sensitive data, surfaced directly in the knowledge editor.
  • The vector search engine was rewritten onto direct, parameterized SQL queries — fixing a bug where document IDs were dropped and removing unsafe SQL string interpolation.

ToolCall Observability

Individual agent tool calls are now logged through a dedicated provider and exposed via GraphQL queries and subscriptions plus a REST API, giving real-time, inspectable visibility into every command, search, and action an agent performs during a flow.

Assistant Flow Management

The interactive assistant can now observe and steer active flows without leaving the chat. New tools let the assistant read flow status (with multiple detail levels), stop a flow, submit input to a waiting flow, patch subtasks, and block until a task completes. A summarizer cache avoids redundant LLM calls when reporting flow state.

Unified Agent Language Policy

A single, consistent language policy now spans all agent prompts: vector-store and search-engine queries are forced to English for retrieval consistency, while user-facing messages follow the engagement language. Template variables and tool access were aligned with each agent's actual runtime tool set.

New Capabilities

Updated Provider Configurations & Models

Built-in model configurations were refreshed across multiple providers — OpenAI, Anthropic, Gemini, DeepSeek, Qwen, Kimi, and GLM — to match the current model landscape, with updated model lists, pricing, and context windows.

  • Per-role thinking control — reasoning models such as DeepSeek and Qwen now toggle thinking mode per agent role, so utility roles run without thinking (and honor their sampling parameters) while reasoning, tool-use, and security-analysis roles keep it enabled.
  • New reference configurationsvLLM Qwen 3.6 (thinking and non-thinking, including 35B FP8 variants) bundled in the Docker image, and an Azure OpenAI example.
  • Ollama now surfaces a clear, actionable error when the selected model does not support tool/function calling, instead of a deeply nested stack trace.

Per-Model Analytics

A new query surfaces token usage broken down by model and agent type within a single flow, integrated into the flow dashboard.

Configuration

  • TERMINAL_TOOL_TIMEOUT — configurable terminal command timeout (default raised to 1200 seconds, with clamping for out-of-range values).
  • PostgreSQL connection pooling — shared pools for sqlc, GORM, and pgvector with new tunables DB_MAX_OPEN_CONNS, DB_MAX_IDLE_CONNS, and DB_VECTOR_MAX_CONNS.
  • EMBEDDING_MAX_TEXT_BYTES — caps the text size sent to the embedding model.
  • The Settings API now exposes version and isDevelopMode.

Frontend Modernization

A broad pass touched nearly every list and detail page.

  • Unified list tables — URL-synced filtering, pagination, sorting, and column visibility, with multi-column search ("Search in" column picker) and contextual empty states.
  • Detail navigation — Prev/Position/Next navigation between sibling records, with an in-sheet searchable list.
  • Inline actions — rename, finish, and delete directly from flow, template, and knowledge headers and list rows.
  • Per-route document titles — browser tabs now reflect the actual page (including live flow titles), driven by a centralized title registry.
  • Mobile UX — responsive headers that collapse to icon-only buttons, a unified flow attachment/template picker, and a compact dashboard period switcher.
  • Performance — dashboard period-switch interaction latency reduced from 434 ms to 134 ms, the PDF renderer is lazy-loaded (cutting the report route's initial JS by ~1.5 MB), the knowledge provider is scoped to its own routes (avoiding a ~2.1 MB payload on every page), filtering is debounced, and rename/favorite actions update optimistically for instant feedback.
  • Platform upgrades — React 19, Apollo Client v4, Vite 8 (Rolldown), TypeScript 6, Zod v4, the graphql-codegen v6/v7 toolchain, and the shadcn new-york-v4 component style. The frontend test suite grew from 475 to 541 tests.
  • Accessibility — aria-labels across icon-only buttons, form-field id/name fixes, and Radix dialog compliance.

Bug Fixes & Reliability

Flow & Agent Execution

  • Task cancellation — subtask generation now runs under a cancellable context, so cancelling a task no longer reports a false success.
  • Custom prompts — user prompt overrides saved in Settings → Prompts are now actually applied to new assistant and flow sessions (they were silently using the defaults).
  • Malformed tool-call JSON — truncated or invalid LLM arguments now fall back to an empty object instead of triggering LiteLLM 400 errors and infinite retry loops; literal control characters in arguments are sanitized before storage.
  • Subscription backpressure — events are dropped for slow or disconnected subscribers after a timeout, preventing goroutine accumulation.
  • Deadlock fixes — resolved a deadlock in the log worker and a nil-channel deadlock when finishing an assistant session.
  • Browser tool — small/empty page content now returns a warning rather than an error, binary URLs are reported clearly, and a failed screenshot no longer discards successfully fetched page content.

Knowledge & Data

  • Vector search safety hardened (parameterized queries, memory documents excluded at the SQL level).
  • Fixed recursive resource retrieval over GraphQL, and resource move/copy responses now return the correct entries for client cache consistency.

Frontend

  • Fixed a production crash on flow detail pages caused by the minifier stripping function names from document-title components.
  • Eliminated several table state races (filter clearing, pagination URL loops, batched URL updates) and a GraphQL codegen issue that emitted duplicate types and broke the dev server.
  • API token names are no longer lost when a subscription refetches the table mid-edit; the default button type no longer triggers accidental form submits.

Security

  • Flow file uploads are hardened against path traversal and symlink escapes, with size and count limits enforced on both the backend and the frontend.
  • Knowledge vector search uses parameterized queries, removing prior string-interpolated SQL.
  • New endpoints enforce user/admin privilege scoping, with dedicated privileges (anonymize.call, toolcall access) added via migration.
  • Text anonymization is available to scrub sensitive data from stored knowledge.

Documentation

Extensive user-facing documentation was added, including a first-use guide, a pentesting prompt methodology guide, memory lifecycle across flows, capability boundaries, OAuth callback setup, a Docker mirror guide for restricted networks, OSINT integration scenarios, the flow Files tab, DeepSeek V4 migration and pricing, and a clarification that Vertex AI is reachable today only via an OpenAI-compatible gateway. Two design RFCs — flow concurrency with completion webhooks, and MCP client integration — were added under examples/proposals/ as design proposals with no runtime code yet.

Upgrade Notes

  • DeepSeek: deployments using the legacy deepseek-chat / deepseek-reasoner model names should migrate to deepseek-v4-flash / deepseek-v4-pro before the upstream deprecation on 2026-07-24.
  • Database: connection-pool settings were consolidated to DB_MAX_OPEN_CONNS, DB_MAX_IDLE_CONNS, and DB_VECTOR_MAX_CONNS — verify against .env.example.
  • Terminal timeout: TERMINAL_TOOL_TIMEOUT default raised from 600 to 1200 seconds; review if a lower value was intentional.
  • Frontend development now requires pnpm (previously npm).
  • Database migrations apply automatically at startup. After pulling, rebuild and restart: docker compose build && docker compose up -d.

Contributors

Core Team

  • @asdek (Dmitry Nagibin) — User resources & flow files backend, knowledge base API and vector search, ToolCall logging, anonymizer, assistant flow management tools, agent language policy, provider model updates, database connection pooling, and flow reliability fixes
  • @sirozha (Sergey Kozyrenko) — File Manager component, resources/knowledges/flow-files UI, unified list tables and multi-column search, detail navigation, document titles, mobile UX, frontend platform upgrade (React 19 / Apollo v4 / Vite 8), and performance & accessibility work

External Contributors

  • @mason5052 — Custom prompts fix, Ollama tool-support error clarity, DeepSeek V4 migration, flow file upload hardening, and extensive documentation and design RFCs (flow concurrency, MCP client integration, evidence chain)
  • @Kairos-T — Documentation mermaid syntax fix (PR#259)

Full Changelog: v2.0.0...v2.1.0

Assets 2
Loading