agentos-api (the app) and agentos-db (Postgres with pgvector). Production runs the same files plus the compose.prod.yaml override; the full flow is on the deploy page.
Manage
Production auth
Token-Based Authorization is on by default. Without aJWT_VERIFICATION_KEY or JWT_JWKS_FILE, the app refuses to serve traffic in production. The platform’s job is to keep your data private, so the safe default is refuse to start.
Token-Based Auth gives you three things:
- No public access. The server rejects requests without a valid token.
- Per-request identity. Middleware parses the token and extracts the
user_id,session_id, and custom claims. Each request is tied to a user and session, giving you auditability and traceability. - Granular permissions. User tokens can run an agent and view their own sessions. Admin tokens read everyone’s sessions and test any agent.
authorization=False in app/main.py and restart. Use this only inside a private network behind another auth layer. Without it, anyone who finds your public URL can access your platform.
Customize
Add an agent
Add an agent
Ask your coding agent to run Register it in Local containers hot-reload on save. For production, rebuild with
/create-new-agent, or do it by hand. Create agents/my_agent.py:app/main.py:docker compose -f compose.yaml -f compose.prod.yaml up -d --build.Change the model
Change the model
app/settings.py defines default_model(), used by every agent. Change it in one place:anthropic to pyproject.toml, set the provider key in your env, and regenerate pins:docker compose up -d --build. For production:Add tools
Add tools
Agno ships 100+ toolkits. See Toolkits.
Add dependencies
Add dependencies
- Edit
pyproject.toml. - Regenerate pins:
./scripts/generate_requirements.sh(addupgradeto refresh every pin). - Rebuild locally with
docker compose up -d --build, or in production withdocker compose -f compose.yaml -f compose.prod.yaml up -d --build.
Enable Slack
Enable Slack
Set both variables in Apply with
.env:docker compose up -d (in production, docker compose -f compose.yaml -f compose.prod.yaml up -d). The interface activates automatically and routes messages to Agent Builder; change the agent= argument in app/main.py to point at another agent. See Slack setup.Toggle scheduled workflows
Toggle scheduled workflows
The deployment check runs daily by default (
ENABLE_DEPLOY_CHECK=True); it is deterministic and free. Scheduled evals are off by default (ENABLE_SCHEDULED_EVALS=False) because they use model calls. Both workflows stay runnable on demand regardless.Format, validate, and run evals
The format, validate, and eval scripts run on the host and need a venv. Set it up once:./scripts/mcp_check.sh runs inside the container, so it needs no venv.
Environment variables
Troubleshooting
The API never comes up after docker compose up
The API never comes up after docker compose up
The first build takes a few minutes. Read
docker compose logs agentos-api and fix what you find.Compose errors on !reset or !override
Compose errors on !reset or !override
The production override uses Compose merge tags that need Docker Compose v2.24.4 or newer. Upgrade Docker Compose and rerun.
App refuses to serve in production
App refuses to serve in production
JWT auth is on whenever
RUNTIME_ENV is not dev. Set JWT_VERIFICATION_KEY or JWT_JWKS_FILE in .env and recreate the container with docker compose -f compose.yaml -f compose.prod.yaml up -d. To opt out inside a private network behind another auth layer, set authorization=False in app/main.py.Changing DB_PASS has no effect
Changing DB_PASS has no effect
Postgres reads the password only when the Or reinitialize with
pgdata volume is first initialized. On a host that already ran the dev Compose, the database keeps the old password and the API blocks waiting for it. Change the password in place and set .env to match:docker compose down -v, which deletes all platform data.Deployment check flags a misconfigured URL
Deployment check flags a misconfigured URL
AGENTOS_URL is still the localhost default. Set it in .env to your public URL and recreate the container with docker compose -f compose.yaml -f compose.prod.yaml up -d. Hosted chat apps also need this URL for their /mcp connector.