Manual install
If you’d rather inspect every file before running it — or you’re on a host where piping remote scripts is disallowed — here is the same flow the one-liner runs, broken into individual commands.
-
Clone the repo.
Terminal window git clone --branch opensource https://github.com/akashsebastian333/agentum.git lupidcd lupid -
Copy the env template.
Terminal window cp .env.example .env.env.examplelists every required variable with inline comments and theopenssl randrecipe for each secret. -
Generate every secret with
openssl rand. No defaults — the stack refuses to start if any are unset.Terminal window sed -i.bak \-e "s|^AGENTUM_ENCRYPTION_KEY_HEX=.*|AGENTUM_ENCRYPTION_KEY_HEX=$(openssl rand -hex 32)|" \-e "s|^AGENTUM_CAPABILITY_SECRET_HEX=.*|AGENTUM_CAPABILITY_SECRET_HEX=$(openssl rand -hex 32)|" \-e "s|^AGENTUM_OPERATOR_SECRET_HEX=.*|AGENTUM_OPERATOR_SECRET_HEX=$(openssl rand -hex 32)|" \-e "s|^NEXTAUTH_SECRET=.*|NEXTAUTH_SECRET=$(openssl rand -base64 32)|" \-e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$(openssl rand -base64 24 | tr -d '/+=' | head -c 24)|" \-e "s|^AGENTUM_ADMIN_PASSWORD=.*|AGENTUM_ADMIN_PASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | head -c 18)|" \.env && rm .env.bak -
Optionally pick a different admin email. Edit
AGENTUM_ADMIN_EMAILin.env(default:admin@lupid.local). -
Bring up the stack.
Terminal window docker compose up -d --buildFirst boot builds the Rust + Next.js images; that takes ~3–5 minutes. Subsequent
ups use the cached image and are sub-second. -
Wait for the dashboard.
Terminal window curl -fsSL -m 5 http://localhost:3000Returns 200 when it’s ready.
-
Sign in at
http://localhost:3000with theAGENTUM_ADMIN_EMAILandAGENTUM_ADMIN_PASSWORDyou set in.env.
With the ClickHouse audit warehouse
Section titled “With the ClickHouse audit warehouse”Postgres holds the audit log by default. If you want ClickHouse for high-volume audit:
CLICKHOUSE_PASSWORD=$(openssl rand -hex 16) docker compose --profile audit up -dThe audit pipeline auto-detects the AGENTUM__CLICKHOUSE_URL env var (the compose file
builds it from CLICKHOUSE_PASSWORD) and routes new events to ClickHouse instead of
Postgres.
What’s installed
Section titled “What’s installed”Three containers (four with --profile audit):
| Service | Host port | Purpose |
|---|---|---|
frontend | 0.0.0.0:3000 | Next.js dashboard + BFF (reverse-proxies the API) |
agentum | 127.0.0.1:7070 | HTTPS-CONNECT MITM gateway for agent traffic |
postgres | 127.0.0.1:5432 | Primary state + audit (default) |
clickhouse (opt) | 127.0.0.1:8123 | Audit warehouse (--profile audit only) |
State persists in named Docker volumes: postgres_data, clickhouse_data (if used),
agentum-certs, agentum-policies. Wipe them with docker compose down -v.
Teardown
Section titled “Teardown”docker compose down # stop containers, keep all datadocker compose down -v # stop AND remove every named volume — irreversible