Skip to content

1.2.0

Choose a tag to compare

View all tags
@asdek asdek released this 25 Feb 16:26
v1.2.0
b90ea47
This commit was signed with the committer’s verified signature.
asdek Dmitry Ng
GPG key ID: 955A172DFDB77CC3
Verified
Learn about vigilant mode.

🚀 PentAGI 1.2 - Enhanced AI Capabilities! Major upgrade bringing latest reasoning models, token caching, comprehensive analytics, and REST API access for seamless integration with automation platforms.

DiscordTelegram

🎯 Major Features

🧠 Latest Reasoning Models Support - Complete integration of cutting-edge AI models with native reasoning capabilities:

  • Gemini 2.5/3.0 family with thinking tokens support
  • Anthropic Claude Sonnet 4+ with extended reasoning
  • DeepSeek R1 and Kimi K2.5 in reasoning mode
  • OpenAI o-series models with signature thoughts
  • OpenRouter and OpenAI-compatible endpoints with reasoning content preservation

💰 Token Caching & Cost Optimization - Intelligent prompt caching reduces input token costs by 40-70% in multi-turn agent conversations:

  • Native caching support for Anthropic (ephemeral cache controls) and Gemini (pre-created content caching)
  • Automatic cache hit tracking with detailed analytics
  • Particularly effective for long-context penetration testing sessions
  • Standardized cache token reporting across all providers

📊 Usage Analytics & Monitoring - Comprehensive REST API endpoints for detailed resource utilization tracking:

  • Token usage breakdown by agent type (researcher/developer/executor)
  • Cost analysis with cache read/write separation
  • Execution time metrics per flow and subtask
  • Tool call frequency statistics
  • Foundation for visual analytics dashboard (coming in v1.3)

🔑 API Token Management - JWT-based API authentication enables programmatic access to PentAGI:

  • Generate and manage API tokens through web interface
  • Full REST and GraphQL API access for automation
  • OpenAPI specifications for client code generation in any language
  • Integration-ready for n8n, OpenClaw, Claude Desktop, and custom solutions
  • Foundation for official MCP server (planned for future releases)

🔍 Sploitus Integration - Experimental support for vulnerability search engine:

  • Cloudflare-protected service requires IP reputation verification
  • Use built-in ftester utility to check your IP reputation before enabling
  • Configure via SPLOITUS_ENABLED environment variable

📡 Langfuse v3 Observability - Complete migration to Langfuse v3 standard with enhanced LLM operations tracking:

  • Observation type separation: Spans, Generations, Agents, Tools, Chains, Retrievers, Evaluators, Embeddings, Guardrails
  • Enhanced message chain visualization with Playground mode navigation
  • Detailed Score metrics and execution time logging
  • Improved variable and metadata tracking across all observation types

🚀 New Features

  • Reasoning Content Preservation: Smart message chain summarization that maintains reasoning signatures for models requiring strict conversation structure
  • Tool Call ID Templates: Configurable tool call ID format enforcement for LLM backends with strict validation requirements
  • User Preferences System: Favorite flows management with persistent preferences storage
  • GraphQL Subscriptions: Real-time flow updates with user-specific event publishing
  • Docker Build Versioning: Embedded version and revision information in container images with dedicated build scripts for Linux/macOS/Windows
  • Enhanced Error Diagnostics: Stop reason included in error messages (e.g., length indicates need to increase max_tokens)
  • PDF Report Generation: Export flow results to PDF using @react-pdf/renderer library
  • User Favorites: Add and manage favorite flows with dedicated GraphQL mutations
  • Podman Support: Official documentation for running PentAGI with Podman in rootless mode

🎨 UI/UX Improvements

  • Enhanced Theme Handling: Improved dark/light/system theme switching with automatic system preference detection
  • Better Authentication Flow: Safe return URL handling with validation to prevent open redirect vulnerabilities
  • Google OAuth Fix: Resolved CORS issues and improved cookie handling for Google OAuth integration
  • Flow Subscriptions: Real-time flow updates in UI via GraphQL subscriptions with user-scoped events
  • Settings Form Validation: Stronger password requirements with visibility toggles
  • Enhanced Report Generation: Fixed markdown rendering issues in flow reports

🐛 Key Fixes

  • Resource Leak Prevention: Fixed response body leaks in browser tool, added tar header size validation in terminal operations, properly close tarWriter to prevent incomplete archives (#101)
  • Security Hardening:
    • OAuth state parameter validation with explicit CSRF checks (#101)
    • Session expiry enforcement in authentication middleware
    • SameSite cookie attributes for CSRF protection
    • Browser tool HTTP client timeout (30s) to prevent indefinite hangs
    • Authorization string typos fixed (trailing quotes causing ACL failures)
  • TLS Configuration: Respect EXTERNAL_SSL_INSECURE config in Langfuse client, load custom CA certificates from EXTERNAL_SSL_CA_PATH, use system cert pool as base (#132)
  • Terminal Command Logic: Corrected terminal command handling logic (#124)
  • Swagger Documentation: Fixed missing closing quotes in OpenAPI annotations
  • Code Quality: Removed debug console.log statements from production code
  • Traversaal API: Updated integration after vendor-side API specification changes
  • Nil Pointer Checks: Added nil checks for Langfuse client before ForceFlush operations

🔧 Infrastructure Improvements

  • LangChainGo v0.1.14-update.1: Major dependency update with 6 months of accumulated improvements:
    • Signature thoughts support for Anthropic, Gemini, OpenAI providers
    • Message chain caching for Gemini and Anthropic with token savings tracking
    • Standardized usage format across all providers with unified field names
    • Comprehensive test coverage for LLM scenarios including multi-turn conversations, function calling, caching validation
    • Migrated Google AI provider to google.golang.org/genai from deprecated SDK
    • Bedrock Converse API support for Anthropic Claude models
    • Enhanced streaming with proper resource cleanup (memory leak fixes)
  • Alpine 3.23.3: Updated base Docker image with latest security patches
  • Model Updates: Switched from deprecated gemini-2.0-flash-lite to gemini-2.5-flash-lite with adjusted pricing
  • GitHub Actions Modernization: Upgraded all workflows for Node 24 compatibility
  • Dependency Security Updates:
    • axios 1.13.2 → 1.13.5
    • lodash 4.17.21 → 4.17.23
    • diff 5.2.0 → 5.2.2
    • jspdf 4.1.0 → 4.2.0
  • External Network Access: Comprehensive documentation for configuring PentAGI accessibility from other machines with firewall setup instructions
  • Entrypoint Script: SSL certificate generation management for enhanced security setup

🔄 Performance & Architecture

  • Standardized Token Usage: All LLM providers now return consistent token fields (PromptTokens, CompletionTokens, TotalTokens, CacheCreationTokens, CacheReadTokens)
  • Enhanced Logging: Enriched log fields with flow/task/subtask IDs for better traceability
  • Observation Framework: Refactored observability with W3C Trace Context compliance (newSpanID/newTraceID functions)
  • Chain Summarization: Enhanced algorithm with critical guarantees preserving last N QA sections even if exceeding size limits, ensuring reasoning signatures retention
  • Improved Metadata Handling: Stop reason tracking in generation metadata for better observability

📚 Documentation

  • Typo Fixes: Comprehensive typo corrections across documentation and code comments (#121):
    • "PegtAGI" → "PentAGI" in frontend README
    • "Depp Infra" → "Deep Infra", "Traversal" → "Traversaal" in EULA
    • OAuth environment variable names aligned with .env.example
    • Fixed filename typos (sreenshots.go → screenshots.go, wizard-integation → wizard-integration)
  • External Access Guide: Step-by-step instructions for PENTAGI_LISTEN_IP, PUBLIC_URL, CORS_ORIGINS configuration
  • Podman Documentation: Running PentAGI with Podman in rootless mode with non-privileged ports

📖 Documentation: For detailed setup instructions, visit the README and Quick Start Guide

New Contributors

Full Changelog: v1.1.0...v1.2.0

Contributors

Vaibhavee, s-b-repo, and 4 other contributors
Assets 2
Loading