Download Latest Version 1.2.0 source code.zip (31.3 MB)
Email in envelope

Get an email when there's a new version of PentAGI

Home / v1.2.0
Name Modified Size InfoDownloads / Week
Parent folder
1.2.0 source code.tar.gz 2026-03-26 30.8 MB
0
1.2.0 source code.zip 2026-03-26 31.3 MB
3 3 weekly downloads
README.md 2026-03-26 9.4 kB
0
Totals: 3 Items   62.1 MB 3
> πŸš€ **PentAGI 1.2 - Enhanced AI Capabilities!** Major upgrade bringing latest reasoning models, token caching, comprehensive analytics, and REST API access for seamless integration with automation platforms. [![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/2xrMh7qX6m)β €[![Telegram](https://img.shields.io/badge/Telegram-2CA5E0?logo=telegram&logoColor=white)](https://t.me/+Ka9i6CNwe71hMWQy)

🎯 Major Features

🧠 Latest Reasoning Models Support - Complete integration of cutting-edge AI models with native reasoning capabilities:

  • Gemini 2.5/3.0 family with thinking tokens support
  • Anthropic Claude Sonnet 4+ with extended reasoning
  • DeepSeek R1 and Kimi K2.5 in reasoning mode
  • OpenAI o-series models with signature thoughts
  • OpenRouter and OpenAI-compatible endpoints with reasoning content preservation

πŸ’° Token Caching & Cost Optimization - Intelligent prompt caching reduces input token costs by 40-70% in multi-turn agent conversations:

  • Native caching support for Anthropic (ephemeral cache controls) and Gemini (pre-created content caching)
  • Automatic cache hit tracking with detailed analytics
  • Particularly effective for long-context penetration testing sessions
  • Standardized cache token reporting across all providers

πŸ“Š Usage Analytics & Monitoring - Comprehensive REST API endpoints for detailed resource utilization tracking:

  • Token usage breakdown by agent type (researcher/developer/executor)
  • Cost analysis with cache read/write separation
  • Execution time metrics per flow and subtask
  • Tool call frequency statistics
  • Foundation for visual analytics dashboard (coming in v1.3)

πŸ”‘ API Token Management - JWT-based API authentication enables programmatic access to PentAGI:

  • Generate and manage API tokens through web interface
  • Full REST and GraphQL API access for automation
  • OpenAPI specifications for client code generation in any language
  • Integration-ready for n8n, OpenClaw, Claude Desktop, and custom solutions
  • Foundation for official MCP server (planned for future releases)

πŸ” Sploitus Integration - Experimental support for vulnerability search engine:

  • Cloudflare-protected service requires IP reputation verification
  • Use built-in ftester utility to check your IP reputation before enabling
  • Configure via SPLOITUS_ENABLED environment variable

πŸ“‘ Langfuse v3 Observability - Complete migration to Langfuse v3 standard with enhanced LLM operations tracking:

  • Observation type separation: Spans, Generations, Agents, Tools, Chains, Retrievers, Evaluators, Embeddings, Guardrails
  • Enhanced message chain visualization with Playground mode navigation
  • Detailed Score metrics and execution time logging
  • Improved variable and metadata tracking across all observation types

πŸš€ New Features

  • Reasoning Content Preservation: Smart message chain summarization that maintains reasoning signatures for models requiring strict conversation structure
  • Tool Call ID Templates: Configurable tool call ID format enforcement for LLM backends with strict validation requirements
  • User Preferences System: Favorite flows management with persistent preferences storage
  • GraphQL Subscriptions: Real-time flow updates with user-specific event publishing
  • Docker Build Versioning: Embedded version and revision information in container images with dedicated build scripts for Linux/macOS/Windows
  • Enhanced Error Diagnostics: Stop reason included in error messages (e.g., length indicates need to increase max_tokens)
  • PDF Report Generation: Export flow results to PDF using @react-pdf/renderer library
  • User Favorites: Add and manage favorite flows with dedicated GraphQL mutations
  • Podman Support: Official documentation for running PentAGI with Podman in rootless mode

🎨 UI/UX Improvements

  • Enhanced Theme Handling: Improved dark/light/system theme switching with automatic system preference detection
  • Better Authentication Flow: Safe return URL handling with validation to prevent open redirect vulnerabilities
  • Google OAuth Fix: Resolved CORS issues and improved cookie handling for Google OAuth integration
  • Flow Subscriptions: Real-time flow updates in UI via GraphQL subscriptions with user-scoped events
  • Settings Form Validation: Stronger password requirements with visibility toggles
  • Enhanced Report Generation: Fixed markdown rendering issues in flow reports

πŸ› Key Fixes

  • Resource Leak Prevention: Fixed response body leaks in browser tool, added tar header size validation in terminal operations, properly close tarWriter to prevent incomplete archives (#101)
  • Security Hardening:
  • OAuth state parameter validation with explicit CSRF checks (#101)
  • Session expiry enforcement in authentication middleware
  • SameSite cookie attributes for CSRF protection
  • Browser tool HTTP client timeout (30s) to prevent indefinite hangs
  • Authorization string typos fixed (trailing quotes causing ACL failures)
  • TLS Configuration: Respect EXTERNAL_SSL_INSECURE config in Langfuse client, load custom CA certificates from EXTERNAL_SSL_CA_PATH, use system cert pool as base (#132)
  • Terminal Command Logic: Corrected terminal command handling logic (#124)
  • Swagger Documentation: Fixed missing closing quotes in OpenAPI annotations
  • Code Quality: Removed debug console.log statements from production code
  • Traversaal API: Updated integration after vendor-side API specification changes
  • Nil Pointer Checks: Added nil checks for Langfuse client before ForceFlush operations

πŸ”§ Infrastructure Improvements

  • LangChainGo v0.1.14-update.1: Major dependency update with 6 months of accumulated improvements:
  • Signature thoughts support for Anthropic, Gemini, OpenAI providers
  • Message chain caching for Gemini and Anthropic with token savings tracking
  • Standardized usage format across all providers with unified field names
  • Comprehensive test coverage for LLM scenarios including multi-turn conversations, function calling, caching validation
  • Migrated Google AI provider to google.golang.org/genai from deprecated SDK
  • Bedrock Converse API support for Anthropic Claude models
  • Enhanced streaming with proper resource cleanup (memory leak fixes)
  • Alpine 3.23.3: Updated base Docker image with latest security patches
  • Model Updates: Switched from deprecated gemini-2.0-flash-lite to gemini-2.5-flash-lite with adjusted pricing
  • GitHub Actions Modernization: Upgraded all workflows for Node 24 compatibility
  • Dependency Security Updates:
  • axios 1.13.2 β†’ 1.13.5
  • lodash 4.17.21 β†’ 4.17.23
  • diff 5.2.0 β†’ 5.2.2
  • jspdf 4.1.0 β†’ 4.2.0
  • External Network Access: Comprehensive documentation for configuring PentAGI accessibility from other machines with firewall setup instructions
  • Entrypoint Script: SSL certificate generation management for enhanced security setup

πŸ”„ Performance & Architecture

  • Standardized Token Usage: All LLM providers now return consistent token fields (PromptTokens, CompletionTokens, TotalTokens, CacheCreationTokens, CacheReadTokens)
  • Enhanced Logging: Enriched log fields with flow/task/subtask IDs for better traceability
  • Observation Framework: Refactored observability with W3C Trace Context compliance (newSpanID/newTraceID functions)
  • Chain Summarization: Enhanced algorithm with critical guarantees preserving last N QA sections even if exceeding size limits, ensuring reasoning signatures retention
  • Improved Metadata Handling: Stop reason tracking in generation metadata for better observability

πŸ“š Documentation

  • Typo Fixes: Comprehensive typo corrections across documentation and code comments (#121):
  • "PegtAGI" β†’ "PentAGI" in frontend README
  • "Depp Infra" β†’ "Deep Infra", "Traversal" β†’ "Traversaal" in EULA
  • OAuth environment variable names aligned with .env.example
  • Fixed filename typos (sreenshots.go β†’ screenshots.go, wizard-integation β†’ wizard-integration)
  • External Access Guide: Step-by-step instructions for PENTAGI_LISTEN_IP, PUBLIC_URL, CORS_ORIGINS configuration
  • Podman Documentation: Running PentAGI with Podman in rootless mode with non-privileged ports

πŸ“– Documentation: For detailed setup instructions, visit the README and Quick Start Guide

New Contributors

Full Changelog: https://github.com/vxcontrol/pentagi/compare/v1.1.0...v1.2.0

Source: README.md, updated 2026-03-26