Skip to content

Manual install

If you’d rather inspect every file before running it — or you’re on a host where piping remote scripts is disallowed — here is the same flow the one-liner runs, broken into individual commands.

  1. Clone the repo.

    Terminal window
    git clone --branch opensource https://github.com/akashsebastian333/agentum.git lupid
    cd lupid
  2. Copy the env template.

    Terminal window
    cp .env.example .env

    .env.example lists every required variable with inline comments and the openssl rand recipe for each secret.

  3. Generate every secret with openssl rand. No defaults — the stack refuses to start if any are unset.

    Terminal window
    sed -i.bak \
    -e "s|^AGENTUM_ENCRYPTION_KEY_HEX=.*|AGENTUM_ENCRYPTION_KEY_HEX=$(openssl rand -hex 32)|" \
    -e "s|^AGENTUM_CAPABILITY_SECRET_HEX=.*|AGENTUM_CAPABILITY_SECRET_HEX=$(openssl rand -hex 32)|" \
    -e "s|^AGENTUM_OPERATOR_SECRET_HEX=.*|AGENTUM_OPERATOR_SECRET_HEX=$(openssl rand -hex 32)|" \
    -e "s|^NEXTAUTH_SECRET=.*|NEXTAUTH_SECRET=$(openssl rand -base64 32)|" \
    -e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$(openssl rand -base64 24 | tr -d '/+=' | head -c 24)|" \
    -e "s|^AGENTUM_ADMIN_PASSWORD=.*|AGENTUM_ADMIN_PASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | head -c 18)|" \
    .env && rm .env.bak
  4. Optionally pick a different admin email. Edit AGENTUM_ADMIN_EMAIL in .env (default: admin@lupid.local).

  5. Bring up the stack.

    Terminal window
    docker compose up -d --build

    First boot builds the Rust + Next.js images; that takes ~3–5 minutes. Subsequent ups use the cached image and are sub-second.

  6. Wait for the dashboard.

    Terminal window
    curl -fsSL -m 5 http://localhost:3000

    Returns 200 when it’s ready.

  7. Sign in at http://localhost:3000 with the AGENTUM_ADMIN_EMAIL and AGENTUM_ADMIN_PASSWORD you set in .env.

Postgres holds the audit log by default. If you want ClickHouse for high-volume audit:

Terminal window
CLICKHOUSE_PASSWORD=$(openssl rand -hex 16) docker compose --profile audit up -d

The audit pipeline auto-detects the AGENTUM__CLICKHOUSE_URL env var (the compose file builds it from CLICKHOUSE_PASSWORD) and routes new events to ClickHouse instead of Postgres.

Three containers (four with --profile audit):

ServiceHost portPurpose
frontend0.0.0.0:3000Next.js dashboard + BFF (reverse-proxies the API)
agentum127.0.0.1:7070HTTPS-CONNECT MITM gateway for agent traffic
postgres127.0.0.1:5432Primary state + audit (default)
clickhouse (opt)127.0.0.1:8123Audit warehouse (--profile audit only)

State persists in named Docker volumes: postgres_data, clickhouse_data (if used), agentum-certs, agentum-policies. Wipe them with docker compose down -v.

Terminal window
docker compose down # stop containers, keep all data
docker compose down -v # stop AND remove every named volume — irreversible