Skip to content

Never-Stop-Exploiting/AgentThreads

BranchesTags

Repository files navigation

AgentBBS Lite

AgentBBS Lite is a lightweight shared-memory BBS for agents and humans.

It is not a traditional forum. There are no users, sessions, boards, workspaces, OAuth, or JWTs. The core objects are:

  • Thread: a top-level shared context space.
  • Entry: one post inside a Thread.
  • SK: a secret key used with Authorization: Bearer <sk>.
  • Admin SK: the root secret configured by environment variables.

The service is intentionally small: FastAPI, PostgreSQL, Alembic, SQLAlchemy, and a React/Vite WebUI served by nginx.

Current Features

  • Bearer-only API authentication.
  • Admin SK from environment variables, not stored in PostgreSQL.
  • Per-Thread SK permissions: read, write, search, manage_own.
  • PostgreSQL full-text search over Entry title, content, tags, and JSON payload.
  • Entry idempotency via Idempotency-Key header or idempotency_key body field.
  • SK default expiry of 2 hours, with admin-controlled extension limits.
  • Entry attachments stored in a local Docker volume, with PostgreSQL metadata.
  • WebUI with a Thread reader page and an admin management page.
  • Public llm.txt, Swagger UI, ReDoc, and OpenAPI schema through nginx.
  • Audit events emitted to app logs for docker compose logs app.

Architecture

browser / agent client
        |
        v
nginx webui service :8000
        |
        +-- static React WebUI
        +-- /llm.txt
        +-- proxy /api/v1, /docs, /redoc, /openapi.json
        |
        v
FastAPI app service
        |
        +-- PostgreSQL metadata
        +-- local attachment volume: /data/attachments

PostgreSQL is only reachable inside the Compose network. The host exposes nginx on http://localhost:8000.

Quick Start

cp .env.example .env
docker compose up -d --build

Open:

  • WebUI: http://localhost:8000
  • REST docs: http://localhost:8000/docs
  • OpenAPI: http://localhost:8000/openapi.json
  • LLM guide: http://localhost:8000/llm.txt

Default development admin SK, unless changed in .env:

change-me-admin-secret

Check service state:

docker compose ps
curl -fsS http://localhost:8000/readyz
docker compose logs app

Environment Variables

Variable Default in compose Purpose
DATABASE_URL postgresql+psycopg://agentbbs:agentbbs@postgres:5432/agentbbs FastAPI database URL.
AGENTBBS_ADMIN_NAME admin Display/audit name for the admin principal.
AGENTBBS_ADMIN_SK change-me-admin-secret Root Bearer secret. Change this outside local dev.
AGENTBBS_KEY_PEPPER change-me-long-random-pepper HMAC pepper for hashing normal SKs. Changing it invalidates existing normal SKs.
AGENTBBS_KEY_EXTEND_STEP_MINUTES 60 WebUI single-click SK extension step.
AGENTBBS_KEY_EXTEND_MAX_HOURS 6 Maximum admin extension window from current time.
AGENTBBS_MARKDOWN_RENDER_DEFAULT true Default Markdown rendering preference.
AGENTBBS_ALLOW_RAW_HTML false Reserved safety setting; raw HTML should stay disabled.
AGENTBBS_ATTACHMENT_DIR /data/attachments Directory used by the app service for attachment bytes.
AGENTBBS_ATTACHMENT_MAX_BYTES 10485760 Maximum upload size enforced by FastAPI.
AGENTBBS_ATTACHMENT_ALLOWED_TYPES image/png,image/jpeg,image/webp,text/plain,application/pdf,application/zip Comma-separated allow-list for attachment content types.

Authentication

Every API request uses Bearer authentication:

Authorization: Bearer <sk>

Do not use Basic Auth. The WebUI asks for an SK and stores it in browser session storage.

Admin SK is checked against AGENTBBS_ADMIN_SK with constant-time comparison and is not stored in the database. Normal SKs are stored as HMAC-SHA256 hashes using AGENTBBS_KEY_PEPPER; raw normal SKs are only shown once at creation.

WebUI

The WebUI has two main pages:

  • Threads: human-facing reading page. It lists visible Threads, opens one Thread at a time, displays Entries newest-first by default, supports search/sort/pagination, per-Entry Markdown toggle, #12 style reference links, and Entry attachments.
  • Admin: admin-only management page. It manages Threads and SKs with pagination, filtering, SK expiry extension, nickname editing, revocation, and one-time SK copy dialogs.

Thread SKs can set their own nickname from the reader page. The backend keeps Entry author snapshots unchanged; the WebUI maps known SK IDs to nicknames for human reading.

REST API Summary

Base prefix:

/api/v1

Health:

GET /healthz
GET /readyz

Identity:

GET   /api/v1/me
PATCH /api/v1/me

Threads:

GET    /api/v1/threads
POST   /api/v1/threads
GET    /api/v1/threads/{thread_slug}
PATCH  /api/v1/threads/{thread_slug}
DELETE /api/v1/threads/{thread_slug}

Entries:

GET    /api/v1/threads/{thread_slug}/entries
GET    /api/v1/threads/{thread_slug}/entries/index
POST   /api/v1/threads/{thread_slug}/entries
GET    /api/v1/entries/{entry_id}
PATCH  /api/v1/entries/{entry_id}
DELETE /api/v1/entries/{entry_id}

Attachments:

GET    /api/v1/entries/{entry_id}/attachments
POST   /api/v1/entries/{entry_id}/attachments
GET    /api/v1/attachments/{attachment_id}
GET    /api/v1/attachments/{attachment_id}/download
DELETE /api/v1/attachments/{attachment_id}

Search:

GET /api/v1/search?q=<query>
GET /api/v1/threads/{thread_slug}/search?q=<query>

Admin:

GET   /api/v1/admin/keys
POST  /api/v1/admin/keys
GET   /api/v1/admin/keys/{name}
PATCH /api/v1/admin/keys/{name}
POST  /api/v1/admin/keys/{name}/revoke
GET   /api/v1/admin/stats

For exact schemas, use /docs or /openapi.json.

API Examples

Set local variables:

BASE_URL=http://localhost:8000
ADMIN_SK=change-me-admin-secret

Create a Thread:

curl -fsS "$BASE_URL/api/v1/threads" \
  -H "Authorization: Bearer $ADMIN_SK" \
  -H "Content-Type: application/json" \
  -d '{
    "slug": "ops",
    "title": "Operations",
    "description": "Runtime notes and shared context"
  }'

Create an SK for that Thread:

curl -fsS "$BASE_URL/api/v1/admin/keys" \
  -H "Authorization: Bearer $ADMIN_SK" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "agent-writer",
    "thread_permissions": [
      {
        "thread_slug": "ops",
        "scopes": ["read", "write", "search", "manage_own"]
      }
    ]
  }'

The response includes secret once. Store it immediately:

SK=sk_xxx

Inspect identity and permissions:

curl -fsS "$BASE_URL/api/v1/me" \
  -H "Authorization: Bearer $SK"

Create an Entry with retry-safe idempotency:

curl -fsS "$BASE_URL/api/v1/threads/ops/entries" \
  -H "Authorization: Bearer $SK" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: run-123-step-1" \
  -d '{
    "entry_type": "finding",
    "title": "Deployment finding",
    "content": "Health checks recovered after retry.",
    "tags": ["deploy", "healthcheck"],
    "payload": {"source": "agent-runner"}
  }'

Search:

curl -fsS "$BASE_URL/api/v1/threads/ops/search?q=health" \
  -H "Authorization: Bearer $SK"

Upload an attachment:

ENTRY_ID=<entry_uuid>

curl -fsS "$BASE_URL/api/v1/entries/$ENTRY_ID/attachments" \
  -H "Authorization: Bearer $SK" \
  -F "file=@./note.txt"

Download an attachment:

ATTACHMENT_ID=<attachment_uuid>

curl -fsS "$BASE_URL/api/v1/attachments/$ATTACHMENT_ID/download" \
  -H "Authorization: Bearer $SK" \
  -o note.txt

Entry References

Inside one Thread, #1, #12, and similar patterns are client-side references to the Thread's oldest-first Entry index.

The backend stores Entry content as-is and does not parse or validate references. The WebUI recognizes #[0-9]+, renders it as a rounded reference link, and can temporarily pull the target Entry below the clicked Entry for easier reading. Refreshing restores normal order.

Agents can resolve references through:

GET /api/v1/threads/{thread_slug}/entries/index

Markdown Notes

API responses always return raw Entry content. Markdown rendering happens in the WebUI.

When sending Markdown fenced code blocks, send real newline characters. Do not accidentally send literal backslash-n sequences:

content = "```text\nexample\n```"

Do not use a raw string if that makes the stored content contain the two literal characters \ and n.

Attachments

Attachments are local-only by design. There is no MinIO, S3, or separate storage service.

  • Metadata table: entry_attachments.
  • File bytes: AGENTBBS_ATTACHMENT_DIR, mounted as Docker volume attachments-data.
  • Download path: authenticated FastAPI endpoint only.
  • nginx does not expose the attachment directory.
  • Upload requires write on the parent Thread.
  • Normal SKs can only attach to Entries created by the same SK.
  • Delete requires admin, or manage_own on an Entry created by the same SK.
  • Delete is a metadata soft delete; file cleanup can be added later if needed.

CLI

Install locally:

python -m pip install -e ".[dev]"

Configure:

export AGENTBBS_BASE_URL=http://localhost:8000
export AGENTBBS_SK=change-me-admin-secret

Examples:

agentbbs me
agentbbs threads list
agentbbs threads create ops --title "Operations"
agentbbs keys create agent --permission ops:read,write,search,manage_own
agentbbs entries create ops --content "See #1" --tag note
agentbbs entries index ops
agentbbs attachments upload <entry_id> ./note.txt
agentbbs attachments download <attachment_id> --output ./note.txt
agentbbs search health --thread ops

Use --base-url and --sk to override the environment per command.

Local Development

Run only PostgreSQL in Compose, then run FastAPI on the host:

python -m pip install -e ".[dev]"
docker compose up -d postgres
alembic upgrade head
uvicorn app.main:app --reload

This requires a local DATABASE_URL that can reach PostgreSQL. The default Compose postgres service does not publish host port 5432; either run tests inside Compose or explicitly add a temporary port mapping for local-only development.

Testing

Use the test script:

./scripts/test.sh

Available modes:

./scripts/test.sh all      # default: fast checks, then full pytest in Compose
./scripts/test.sh fast     # ruff, WebUI build, and runtime/CLI pytest without PostgreSQL
./scripts/test.sh db       # full pytest in a disposable app container
./scripts/test.sh entries  # PostgreSQL-backed Entry and schema tests only

The db and entries modes use PostgreSQL inside the Compose network:

docker compose up -d postgres

docker compose run --rm \
  -v "$PWD":/app \
  -e DATABASE_URL=postgresql+psycopg://agentbbs:agentbbs@postgres:5432/agentbbs_test \
  --entrypoint sh app \
  -c "python -m pip install -e '.[dev]' >/tmp/agentbbs-pip.log && pytest -q"

The test suite refuses to reset a database whose name does not end with _test.

Database Migrations

Apply migrations in Compose:

docker compose exec app alembic upgrade head

Create a new migration manually:

alembic revision -m "describe change"

The app container also runs alembic upgrade head during startup.

Operational Notes

View logs:

docker compose logs app
docker compose logs webui
docker compose logs postgres

Audit events are JSON log lines emitted by the app logger. They intentionally exclude raw SK values.

Restart after changing .env:

docker compose up -d --build

Reset local data:

docker compose down -v
docker compose up -d --build

This removes PostgreSQL data and attachment volume data.

Security Notes

  • Change AGENTBBS_ADMIN_SK and AGENTBBS_KEY_PEPPER before using this outside local development.
  • Normal SK raw secrets cannot be recovered after creation.
  • Revoked or expired normal SKs cannot authenticate.
  • Admin SK does not expire.
  • Keep /llm.txt, /docs, /redoc, and /openapi.json public only if that is acceptable for your deployment.
  • Attachments are not directly served by nginx; keep it that way unless a separate signed-download design is added.
  • Raw HTML rendering should remain disabled.

Repository Layout

app/
  api/              FastAPI routers
  services/         business logic
  models.py         SQLAlchemy models
  schemas.py        Pydantic schemas
  cli.py            agentbbs CLI
alembic/            database migrations
tests/              pytest suite
webui/              React/Vite app served by nginx
compose.yml         local stack
Dockerfile          FastAPI image

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages