{"id":46547253,"url":"https://github.com/jd-opensource/joysafeter","last_synced_at":"2026-04-08T15:00:42.269Z","repository":{"id":334910785,"uuid":"1133487403","full_name":"jd-opensource/JoySafeter","owner":"jd-opensource","description":"🚀 JoySafeter: An enterprise AI Agent Platform—Not just chatting. building、running、testing, and tracing autonomous Agent Teams with visual orchestration...","archived":false,"fork":false,"pushed_at":"2026-04-02T04:54:09.000Z","size":97561,"stargazers_count":238,"open_issues_count":13,"forks_count":47,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-04-02T17:44:06.070Z","etag":null,"topics":["a2a","agent","agent-platform","agent-studio","agents","coding-agent","deepagents","mcp","memory","multi-agent","openclaw","sandboxing","security","security-tools","skills","vulnerability-detection"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jd-opensource.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-13T12:16:43.000Z","updated_at":"2026-04-02T17:08:03.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jd-opensource/JoySafeter","commit_stats":null,"previous_names":["jd-opensource/joysafeter"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/jd-opensource/JoySafeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jd-opensource%2FJoySafeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jd-opensource%2FJoySafeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jd-opensource%2FJoySafeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jd-opensource%2FJoySafeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jd-opensource","download_url":"https://codeload.github.com/jd-opensource/JoySafeter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jd-opensource%2FJoySafeter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31560476,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["a2a","agent","agent-platform","agent-studio","agents","coding-agent","deepagents","mcp","memory","multi-agent","openclaw","sandboxing","security","security-tools","skills","vulnerability-detection"],"created_at":"2026-03-07T02:39:40.497Z","updated_at":"2026-04-08T15:00:42.263Z","avatar_url":"https://github.com/jd-opensource.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/joysafter.png\" alt=\"JoySafeter\" width=\"80\" /\u003e\u003cbr/\u003e\n  JoySafeter\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eThe AI-native platform for building, orchestrating, and running security agents at scale.\u003c/strong\u003e\u003cbr/\u003e\n  \u003csub\u003eFrom idea to production-grade security automation — in minutes, not months.\u003c/sub\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.apache.org/licenses/LICENSE-2.0\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License: Apache 2.0\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.python.org/downloads/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Python-3.12+-3776AB?logo=python\u0026logoColor=white\" alt=\"Python 3.12+\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://nodejs.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Node.js-20+-339933?logo=nodedotjs\u0026logoColor=white\" alt=\"Node.js 20+\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/langchain-ai/langgraph\"\u003e\u003cimg src=\"https://img.shields.io/badge/LangGraph-1.0+-FF6F00?logo=chainlink\u0026logoColor=white\" alt=\"LangGraph\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://fastapi.tiangolo.com/\"\u003e\u003cimg src=\"https://img.shields.io/badge/FastAPI-0.122+-009688?logo=fastapi\u0026logoColor=white\" alt=\"FastAPI\"\u003e\u003c/a\u003e\n  \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/MCP-Protocol-purple\" alt=\"MCP Protocol\"\u003e\u003c/a\u003e\n  \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/DeepAgents-v0.4-red\" alt=\"DeepAgents v0.4\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  English | \u003ca href=\"./README_CN.md\"\u003e简体中文\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## Why JoySafeter\n\nTraditional security tooling hits a ceiling: scripts are brittle, single agents lack context, and complex scenarios require 2–3 engineers working in parallel. JoySafeter breaks that ceiling.\n\n| Challenge | Traditional Approach | JoySafeter |\n|-----------|---------------------|------------|\n| APK vulnerability analysis | Manual MobSF + engineer review | Autonomous agent: upload → analyze → report |\n| Penetration testing | Fixed scripts, static playbooks | Dynamic DeepAgents that adapt to findings in real time |\n| Tool integration | Custom glue code per tool | 200+ tools via MCP Protocol, zero glue |\n| Scale | Linear headcount growth | Agent teams that multiply capacity |\n\n\u003e JoySafeter defines a new paradigm: **AI-driven Security Operations (AISecOps)** — where multi-agent collaboration, cognitive memory, and scenario-matched skills replace manual coordination.\n\n---\n\n## Real-World Cases\n\n### Case 1 — APK Vulnerability Detection Agent\n\n\u003e Upload an APK. Get an OWASP Mobile Top 10 report. No engineer required.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/APK-case.gif\" alt=\"APK Vulnerability Detection Demo\" width=\"800\" /\u003e\n\u003c/p\u003e\n\n**How it works:**\n\n1. User uploads the APK file\n2. Agent invokes MobSF for static analysis\n3. Extracts critical risk signals — permission abuse, hardcoded secrets, insecure network config\n4. Deep-validates high-severity findings via Frida dynamic instrumentation\n5. Auto-generates a structured report aligned to OWASP Mobile Top 10\n\nThe entire flow — from upload to report — requires zero manual intervention, covering work that traditionally takes 2–3 security engineers.\n\n---\n\n### Case 2 — Penetration Testing Agent\n\n\u003e Describe the target and scope. The agent plans, executes, and adapts — then delivers a report.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/pentest-case.gif\" alt=\"Penetration Testing Agent Demo\" width=\"800\" /\u003e\n\u003c/p\u003e\n\n**How it works:**\n\n1. Open the Workbench and create a new agent\n2. Enable **DeepAgents mode** → select penetration testing skills\n3. Provide an authorized target URL and test requirements\n4. Agent runs autonomously — if it discovers a login page, it automatically triggers auth bypass testing\n5. Download the final report when the run completes\n\n\u003e **Note:** Requires sandbox image `swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/jd-opensource/joysafeter-sandbox:latest` configured in Sandbox Settings.\n\nThis dynamic decision-making — where the agent adapts its next step based on what it finds — is what fixed scripts cannot replicate.\n\n---\n\n## Core Capabilities\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\n### Visual Agent Builder\n\n- **No-code workflow editor** — drag-and-drop nodes with loops, conditionals, and parallel execution\n- **Rapid Mode** — describe in natural language, get a running agent team in minutes\n- **Deep Mode** — visual debugging and step-by-step observability for complex security research\n\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\n### 200+ Security Tools, Ready to Use\n\n- Pre-integrated **Nmap, Nuclei, Trivy**, and more\n- **MCP Protocol** — extend with any tool via Model Context Protocol\n- **30+ pre-built skills** — penetration testing, document analysis, cloud security, and more\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\n### DeepAgents Orchestration\n\n- **Manager-Worker multi-level** agent collaboration\n- **Memory evolution** — long/short-term memory for continuous learning across sessions\n- **Skill system** — versioned, reusable capability units with progressive disclosure\n- **LangGraph engine** — graph-based workflows with full state management\n\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\n### Enterprise Ready\n\n- **Multi-tenancy** — isolated workspaces with role-based access control\n- **Full audit trail** — execution tracing and compliance governance\n- **SSO integration** — GitHub, Google, Microsoft, OIDC (Keycloak, Authentik, GitLab), JD SSO\n- **Multi-tenant sandbox** — per-user isolated code execution, zero state leakage\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n---\n\n## Quick Start\n\n### One-Click Launch (Recommended)\n\n```bash\n./deploy/quick-start.sh\n```\n\nThe script provides an interactive menu to choose your startup mode and customize ports (with conflict detection):\n\n| Mode | Description | Ports Configured |\n|------|-------------|-----------------|\n| **(1) Docker Compose Full Stack** | All services in containers, supports localhost or remote server IP/domain | Frontend, Backend, PostgreSQL, Redis |\n| **(2) Local Frontend Only** | `bun run dev`, supports connecting to remote backend | Frontend (can specify remote backend address) |\n| **(3) Local Backend Only** | `uvicorn --reload`, supports remote DB/Redis | Backend (can specify remote DB/Redis/frontend address) |\n| **(4) Local Frontend + Backend** | Auto-starts middleware, supports exposing via non-localhost address | Frontend, Backend |\n\nAll modes support remote deployment scenarios:\n- **Docker Compose Full Stack** — choose deployment address (localhost or IP/domain) + http/https\n- **Local Frontend Only** — optionally connect to a remote backend API (enter backend IP + port + protocol)\n- **Local Backend Only** — optionally connect to remote PostgreSQL, Redis, and frontend (enter each address and port)\n- **Local Frontend + Backend** — optionally expose services via a non-localhost address\n- Non-localhost deployments automatically update `frontend/.env` CSP whitelist (`NEXT_PUBLIC_CSP_CONNECT_SRC_EXTRA`)\n\n```bash\n./deploy/quick-start.sh --skip-env       # Skip .env file initialization\n./deploy/quick-start.sh --skip-db-init   # Skip database initialization\n```\n\n### Launch by Scenario\n\n```bash\n# ─── Development ────────────────────────────────────────\n./deploy/scripts/dev.sh                  # Docker full-stack dev (containerized frontend + backend)\n./deploy/scripts/dev-local.sh            # Local dev prep (start middleware, run backend/frontend on host)\n./deploy/scripts/dev-backend.sh          # Local backend only (requires middleware running)\n./deploy/scripts/dev-frontend.sh         # Local frontend only (requires backend running)\n\n# ─── Production ─────────────────────────────────────────\n./deploy/scripts/prod.sh                 # Production deploy (pre-built images + docker-compose.prod.yml)\n./deploy/scripts/prod.sh --skip-mcp      # Production without MCP service\n./deploy/scripts/prod.sh --skip-pull     # Skip image pull, use local images\n\n# ─── Middleware / Infrastructure ────────────────────────\n./deploy/scripts/start-middleware.sh     # Start middleware (PostgreSQL + Redis + MCP)\n./deploy/scripts/minimal.sh             # Minimal startup (PostgreSQL + Redis only)\n./deploy/scripts/minimal.sh --with-mcp  # Minimal + MCP service\n./deploy/scripts/stop-middleware.sh      # Stop middleware\n\n# ─── Test / CI ──────────────────────────────────────────\n./deploy/scripts/test.sh                 # Test environment (minimal deps, automation-friendly)\n\n# ─── Install / Check ───────────────────────────────────\n./deploy/install.sh                      # Interactive installation wizard (generates config files)\n./deploy/install.sh --mode dev --non-interactive  # Non-interactive install\n./deploy/scripts/check-env.sh           # Environment preflight (Docker, ports, config files)\n\n# ─── Image Management ──────────────────────────────────\n./deploy/deploy.sh build                 # Build frontend + backend images\n./deploy/deploy.sh build --all           # Build all images (including OpenClaw)\n./deploy/deploy.sh push                  # Build and push to registry\n./deploy/deploy.sh pull                  # Pull latest pre-built images\n```\n\n### Default Ports\n\n| Service | Port | URL |\n|---------|------|-----|\n| Frontend | `3000` | http://localhost:3000 |\n| Backend API | `8000` | http://localhost:8000 |\n| API Docs | `8000/docs` | Swagger UI |\n| PostgreSQL | `5432` | Database |\n| Redis | `6379` | Cache |\n\n\u003e **Prerequisites:** Docker + Docker Compose. See [INSTALL.md](INSTALL.md) for detailed installation guide, [deploy/PRODUCTION_IP_GUIDE.md](deploy/PRODUCTION_IP_GUIDE.md) for production deployment.\n\n---\n\n## Architecture\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/architecture-diagram.png\" alt=\"JoySafeter System Architecture\" width=\"900\" /\u003e\n\u003c/p\u003e\n\n\u003e Full architecture details: [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md)\n\n**Key design principles:**\n\n- **Graph-based execution** — every agent workflow is a stateful LangGraph, enabling pause, resume, and branch\n- **Glass-box observability** — real-time Langfuse tracing of every agent decision and state transition\n- **Layered skill system** — skills are versioned units that compose into workflows without coupling\n\n### User Journey — Quick Start in 9 Steps\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/user-journey-quickstart.png\" alt=\"JoySafeter Quick Start User Journey\" width=\"900\" /\u003e\n\u003c/p\u003e\n\n\u003e **Login** → **Configure Models** → **MCP Tools** → **Skill Management** → **Build Agent** → **Self-Test (Langfuse Trace)** → **Publish** → **Chat UI** → **Run Center**\n\n---\n\n## Tech Stack\n\n| Layer | Technology | Purpose |\n|-------|------------|---------|\n| **Frontend** | Next.js 16, React 19, TypeScript | Server-side rendering, App Router |\n| **UI** | Radix UI, Tailwind CSS, Framer Motion | Accessible, animated components |\n| **State** | Zustand, TanStack Query | Client \u0026 server state |\n| **Workflow Editor** | React Flow | Interactive node-based builder |\n| **Backend** | FastAPI, Python 3.12+ | Async API with OpenAPI docs |\n| **AI Framework** | LangChain, LangGraph, DeepAgents | Agent orchestration \u0026 workflows |\n| **MCP** | mcp 1.20+, fastmcp 2.14+ | Tool protocol support |\n| **Database** | PostgreSQL, SQLAlchemy 2.0 | Async ORM with migrations |\n| **Cache** | Redis | Session cache \u0026 rate limiting |\n| **Observability** | Langfuse, Loguru | Tracing \u0026 structured logging |\n\n---\n\n## What's New\n\n\u003e Full history: [CHANGELOG.md](CHANGELOG.md)\n\n| Tag | Feature | What it means |\n|-----|---------|---------------|\n| **NEW** | **Model Settings Master-Detail** | Redesigned model management page — provider sidebar + detail panel, schema-driven forms, one-click custom model setup |\n| **NEW** | **Model Usage Stats** | Per-model usage logging with StatsTab visualization and SSE test-stream endpoint |\n| **NEW** | **Custom Provider API** | Single `POST /model-providers/custom` endpoint creates provider + credential + model instance in one call |\n| **NEW** | **Skill Versioning \u0026 Collaboration** | Publish, rollback, manage skill versions; invite collaborators with role-based permissions; platform API tokens for CI/CD |\n| **NEW** | **Multi-Tenant Sandbox Engine** | Per-user isolated code execution — zero state leakage between sessions |\n| **NEW** | **Enterprise SSO** | Built-in GitHub / Google / Microsoft templates, plus OIDC and JD SSO |\n| **UPGRADE** | **DeepAgents v0.4** | Latest stability and performance improvements for the multi-agent kernel |\n| **UPGRADE** | **Glass-Box Observability** | Real-time Langfuse tracing of every agent decision and state transition |\n\n---\n\n## Documentation\n\n### Getting Started\n- [INSTALL.md](INSTALL.md) — Installation guide (Docker / manual / pre-built images)\n- [DEVELOPMENT.md](DEVELOPMENT.md) — Local development setup\n- [deploy/README.md](deploy/README.md) — Docker deployment\n- [deploy/PRODUCTION_IP_GUIDE.md](deploy/PRODUCTION_IP_GUIDE.md) — Production deployment\n\n### Deep Dive\n- [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) — Architecture overview\n- [backend/README.md](backend/README.md) — Backend guide\n- [frontend/README.md](frontend/README.md) — Frontend guide\n\n### Tutorials\nSee [docs/tutorials/](docs/tutorials/) for step-by-step guides on model setup, MCP integration, skill development, and more.\n\n### Governance\n- [CONTRIBUTING.md](CONTRIBUTING.md) — Contributing guide\n- [SECURITY.md](SECURITY.md) — Security policy\n- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) — Code of conduct\n\n---\n\n## Community\n\nJoin the WeChat user group for questions and discussion:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/wechat-group-3.png\" alt=\"JoySafeter User Group 3\" width=\"280\" /\u003e\n  \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"docs/assets/wechat-group-4.png\" alt=\"JoySafeter User Group 4\" width=\"280\" /\u003e\n\u003c/p\u003e\n\n---\n\n## Contributing\n\n```bash\ngit clone https://github.com/jd-opensource/JoySafeter.git\ngit checkout -b feature/amazing-feature\ngit commit -m 'feat: add amazing feature'\ngit push origin feature/amazing-feature\n```\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for full guidelines.\n\n---\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE) for details.\n\nThird-party component licenses: [THIRD_PARTY_LICENSES.md](THIRD_PARTY_LICENSES.md)\n\n---\n\n## Acknowledgments\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e\u003ca href=\"https://github.com/langchain-ai/langchain\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/126733545?s=64\" width=\"48\"/\u003e\u003cbr/\u003e\u003csub\u003eLangChain\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/126733545?s=64\" width=\"48\"/\u003e\u003cbr/\u003e\u003csub\u003eLangGraph\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003ca href=\"https://fastapi.tiangolo.com/\"\u003e\u003cimg src=\"https://fastapi.tiangolo.com/img/icon-white.svg\" width=\"48\"/\u003e\u003cbr/\u003e\u003csub\u003eFastAPI\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003ca href=\"https://nextjs.org/\"\u003e\u003cimg src=\"https://assets.vercel.com/image/upload/v1662130559/nextjs/Icon_dark_background.png\" width=\"48\"/\u003e\u003cbr/\u003e\u003csub\u003eNext.js\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003ca href=\"https://www.radix-ui.com/\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/75042455?s=64\" width=\"48\"/\u003e\u003cbr/\u003e\u003csub\u003eRadix UI\u003c/sub\u003e\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eMade with ❤️ by the JoySafeter Team\u003c/sub\u003e\u003cbr/\u003e\n  \u003csub\u003eFor commercial solutions, contact JD Technology Solutions Team at \u003ca href=\"mailto:org.ospo1@jd.com\"\u003eorg.ospo1@jd.com\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjd-opensource%2Fjoysafeter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjd-opensource%2Fjoysafeter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjd-opensource%2Fjoysafeter/lists"}