release/v0.58.0

.gitignore

@@ -21,13 +21,6 @@ myenv/
 
 **/error-*.log
 
-
-# hosting/
-! hosting/docker-compose/oss/.env.oss.dev.example
-! hosting/docker-compose/oss/.env.oss.gh.example
-! hosting/docker-compose/ee/.env.ee.dev.example
-! hosting/docker-compose/ee/.env.ee.gh.example
-
 # examples/
 examples/**/config.toml
 examples/**/agenta.py

.gitleaks.toml

@@ -0,0 +1,32 @@
+title = "Agenta Gitleaks Configuration"
+version = 2
+
+[extend]
+useDefault = true
+
+[allowlist]
+paths = [
+  # ---------------------------------------------------------------- PUBLIC DOCS
+  '''^website/docs/reference/api/.*\.mdx''',
+  '''^core/docs/docs/reference/api/.*\.mdx''',
+  '''^docs/docs/reference/api/.*\.mdx''',
+  '''^docs/.docusaurus/.*''',
+  # -------------------------------------------------------------- WEB ARTIFACTS
+  '''^.*/\.pnpm-store/.*''',
+  '''^.*/public/__env\.js$''',
+  '''^.*/\.next/.*''',
+  # -------------------------------------------------------------- ALL ENV FILES
+  '''^.*\.env.*$''',
+  # ----------------------------------------------------------------------------
+]
+regexes = [
+  # ------------------------------------------------------------ FALSE POSITIVES
+  '''is_completion=True''',
+  '''YOUR_API_KEY''',
+  '''_SECRET_KEY''',
+  # ----------------------------------------------------------------------------
+]
+
+# USEFUL GITLEAKS COMMANDS
+# gitleaks --config .gitleaks.toml --exit-code 1 --verbose git
+# gitleaks --config .gitleaks.toml --exit-code 1 --verbose detect --no-git

.pre-commit-config.yaml

@@ -3,6 +3,12 @@ repos:
     hooks:
       - id: gitleaks-pre-commit
         name: gitleaks git (staged only)
-        entry: echo "Aloha"
+        entry: bash -c 'gitleaks --config .gitleaks.toml --exit-code 1 --verbose git --staged'
         language: system
         pass_filenames: false
+      - id: gitleaks-pre-push
+        name: gitleaks git (pre-push, scan diff)
+        entry: bash -c 'gitleaks --config .gitleaks.toml --exit-code 1 --verbose git --log-opts "$(git merge-base HEAD "origin/$(git rev-parse --abbrev-ref HEAD)" 2>/dev/null || git merge-base HEAD origin/main)..HEAD"'
+        language: system
+        stages: [pre-push]
+        pass_filenames: false

CONTRIBUTING.md

@@ -40,4 +40,9 @@ We had many zombie issues and PRs (assigned but inactive) in the past. We want t
 - An issue may only be assigned to one person for up to one week (three days for very simple issues). If the issue remains unsolved after a week, it will be unassigned and made available to others.
 - Any pull request (PR) left inactive by the author for over a week will be closed. The author can reopen it if they wish to continue.
 
-We look forward to seeing your contributions to Agenta!
+We look forward to seeing your contributions to Agenta!
+
+## Contributor License Agreement
+If you want to contribute, we need you to sign a Contributor License Agreement. We need this to avoid potential intellectual property problems in the future. You can sign the agreement by clicking a button. Here is how it works:
+
+After you open a PR, a bot will automatically comment asking you to sign the agreement. Click on the link in the comment, login with your Github account, and sign the agreement.

LICENSE

@@ -1,6 +1,16 @@
-The MIT License
+Copyright (c) 2023–2025
+Agentatech UG (haftungsbeschränkt), doing business as “Agenta”
+
+Portions of this software are licensed as follows:
 
-Copyright (c) Agentatech UG (haftungsbeschränkt)
+- All content that resides under any "ee/" directory of this repository, if
+such directories exist, are licensed under the license defined in "ee/LICENSE".
+- All third party components incorporated into the Agenta Software are licensed
+under the original license provided by the owner of the applicable component.
+- Content outside of the above mentioned directories or restrictions above is
+available under the "MIT Expat" license as defined below.
+
+The MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -266,4 +266,4 @@ This project follows the [all-contributors](https://github.com/all-contributors/
 
 ## Disabling Anonymized Tracking
 
-By default, Agenta automatically reports anonymized basic usage statistics. This helps us understand how Agenta is used and track its overall usage and growth. This data does not include any sensitive information. To disable anonymized telemetry set `AGENTA_TELEMETRY_ENABLED` to `false` in your `.env` file.
+By default, Agenta automatically reports anonymized basic usage statistics. This helps us understand how Agenta is used and track its overall usage and growth. This data does not include any sensitive information. To disable anonymized telemetry set `AGENTA_TELEMETRY_ENABLED` to `false` in your `.env` file.

SECURITY.md

@@ -1,19 +1,76 @@
 # Security Policy
+
 ## Reporting a Vulnerability
 
 If you believe you have found a security vulnerability in any Agenta repository, please report it to us through coordinated disclosure.
 
-Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
+**Do not** report security vulnerabilities via public GitHub issues, pull requests, or discussions.
+
+Instead, please send an email to **[email protected]**.
+
+---
+
+## Information to Include
+
+Please include as much of the following as you can to help us reproduce and resolve the issue:
+
+- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting).
+- Full paths of source files related to the issue.
+- The location of the affected source code (tag, branch, commit SHA, or direct URL).
+- Any special configuration or environment required to reproduce.
+- Step-by-step instructions to reproduce.
+- Proof-of-concept or exploit code (if possible).
+- Expected vs actual behaviour and potential impact.
+- Your contact details and disclosure timeline preference.
+
+---
+
+## Our Process
+
+- **Acknowledgement**: We will acknowledge receipt within **3 business days**.
+- **Triage**: We aim to complete an initial triage within **7 calendar days** and will share severity and next steps.
+- **Remediation & Disclosure**: For critical vulnerabilities we aim to release a fix or mitigation within **30 days**. For other issues, typically within **90 days**. We will coordinate any public disclosure with you.
+- We will provide status updates as needed during remediation.
+
+---
+
+## Safe Harbor
+
+We respect and protect good-faith security research. If you follow this policy:
+
+- We will not initiate legal action against you for good-faith testing conducted as part of coordinated disclosure.
+- Do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the issue.
+- Do not disrupt production services or attempt destructive actions.
+
+---
+
+## Scope Exclusions
+
+The following are **out of scope**:
+
+- Third-party services not operated by Agenta.
+- Physical security attacks or social engineering of personnel.
+- Low-risk informational issues without security impact (e.g., generic version banners).
+- Denial-of-service attacks (**we will not accept DoS testing against production**).
+
+---
+
+## Recognition & Credits
+
+If you report a valid vulnerability and want public recognition, tell us how you wish to be credited (full name, handle, company, or anonymous). Recognition is discretionary and will be coordinated with you.
+
+---
+
+## Emergency / Out-of-band
+
+If email is unavailable and you need an immediate or urgent channel, contact our general line: **[email protected]** (monitored during business hours). For truly critical emergencies, include “EMERGENCY / SECURITY” in the subject line of your email.
 
-Instead, please send an email to [email protected].
+---
 
-Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+## Contact retention & privacy
 
-    The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
-    Full paths of source file(s) related to the manifestation of the issue
-    The location of the affected source code (tag/branch/commit or direct URL)
-    Any special configuration required to reproduce the issue
-    Step-by-step instructions to reproduce the issue
-    Proof-of-concept or exploit code (if possible)
-    Impact of the issue, including how an attacker might exploit the issue
+- Report metadata will be retained for incident tracking and compliance.
+- Personal data you provide will be handled according to our privacy policy.
+- We will only share reporter data internally on a need-to-know basis.
 
+---

api/ee/LICENSE

@@ -0,0 +1,37 @@
+Agenta Enterprise License (the “Enterprise License”)
+Copyright (c) 2023–2025
+Agentatech UG (haftungsbeschränkt), doing business as “Agenta” (“Agenta”)
+
+With regard to the Agenta Software:
+
+This software and associated documentation files (the "Software") may only be
+used in production, if you (and any entity that you represent) have agreed to,
+and are in compliance with, the Agenta Subscription Terms of Service, available
+at https://agenta.ai/terms (the “Enterprise Terms”), or other
+agreement governing the use of the Software, as agreed by you and Agenta,
+and otherwise have a valid Agenta Enterprise License.
+
+Subject to the foregoing sentence, you are free to modify this Software and
+publish patches to the Software. You agree that Agenta and/or its licensors
+(as applicable) retain all right, title and interest in and to all such
+modifications and/or patches, and all such modifications and/or patches may
+only be used, copied, modified, displayed, distributed, or otherwise exploited
+with a valid Agenta Enterprise License. Notwithstanding the foregoing, you may
+copy and modify the Software for development and testing purposes, without
+requiring a subscription. You agree that Agenta and/or its licensors (as
+applicable) retain all right, title and interest in and to all such
+modifications. You are not granted any other rights beyond what is expressly
+stated herein. Subject to the foregoing, it is forbidden to copy, merge, 
+publish, distribute, sublicense, and/or sell the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+For all third party components incorporated into the Agenta Software, those
+components are licensed under the original license provided by the owner of the
+applicable component.

api/ee/databases/postgres/init-db-ee.sql

@@ -0,0 +1,39 @@
+-- Ensure we are connected to the default postgres database before creating new databases
+\c postgres
+
+-- Create the 'username' role with a password if it doesn't exist
+SELECT 'CREATE ROLE username WITH LOGIN PASSWORD ''password'''
+WHERE NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'username')\gexec
+
+-- Create the 'agenta_ee_core' database if it doesn't exist
+SELECT 'CREATE DATABASE agenta_ee_core'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'agenta_ee_core')\gexec
+
+-- Create the 'agenta_ee_tracing' database if it doesn't exist
+SELECT 'CREATE DATABASE agenta_ee_tracing'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'agenta_ee_tracing')\gexec
+
+-- Create the 'agenta_ee_supertokens' database if it doesn't exist
+SELECT 'CREATE DATABASE agenta_ee_supertokens'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'agenta_ee_supertokens')\gexec
+
+-- Grant necessary permissions to 'username' for both databases
+GRANT ALL PRIVILEGES ON DATABASE agenta_ee_core TO username;
+GRANT ALL PRIVILEGES ON DATABASE agenta_ee_tracing TO username;
+GRANT ALL PRIVILEGES ON DATABASE agenta_ee_supertokens TO username;
+
+
+-- Switch to 'agenta_ee_core' and grant schema permissions
+\c agenta_ee_core
+GRANT ALL ON SCHEMA public TO username;
+
+-- Switch to 'agenta_ee_tracing' and grant schema permissions
+\c agenta_ee_tracing
+GRANT ALL ON SCHEMA public TO username;
+
+-- Switch to 'agenta_ee_supertokens' and grant schema permissions
+\c agenta_ee_supertokens
+GRANT ALL ON SCHEMA public TO username;
+
+-- Return to postgres
+\c postgres

api/ee/databases/postgres/migrations/core/README.md

@@ -0,0 +1,35 @@
+# Migrations with Alembic
+
+Generic single-database configuration with an async dbapi.
+
+## Autogenerate Migrations
+
+One of Alembic's key features is its ability to auto-generate migration scripts. By analyzing the current database state and comparing it with the application's table metadata, Alembic can automatically generate the necessary migration scripts using the `--autogenerate` flag in the alembic revision command.
+
+Note that autogenerate sometimes does not detect all database changes and it is always necessary to manually review (and correct if needed) the candidate migrations that autogenerate produces.
+
+### Making migrations
+
+To make migrations after creating a new table schema or modifying a current column in a table, run the following commands:
+
+```bash
+docker exec -e PYTHONPATH=/app -w /app/ee/databases/postgres/migrations/core agenta-ee-dev-api-1 alembic -c alembic.ini revision --autogenerate -m "migration message"
+```
+
+The above command will create a script that contains the changes that was made to the database schema. Kindly update "migration message" with a message that is clear to indicate what change was made. Here are some examples:
+
+- added username column in users table
+- renamed template_uri to template_repository_uri
+- etc
+
+### Applying Migrations
+
+```bash
+docker exec -e PYTHONPATH=/app -w /app/ee/databases/postgres/migrations/core agenta-ee-dev-api-1 alembic -c alembic.ini upgrade head
+```
+
+The above command will be used to apply the changes in the script created to the database table(s). If you'd like to revert the migration, run the following command:
+
+```bash
+docker exec -e PYTHONPATH=/app -w /app/ee/databases/postgres/migrations/core agenta-ee-dev-api-1 alembic -c alembic.ini downgrade head
+```