{"id":13641514,"url":"https://github.com/labsai/eddi","last_synced_at":"2026-04-23T01:01:05.793Z","repository":{"id":11919816,"uuid":"70809374","full_name":"labsai/EDDI","owner":"labsai","description":"Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus.","archived":false,"fork":false,"pushed_at":"2026-04-15T23:11:02.000Z","size":141323,"stargazers_count":291,"open_issues_count":0,"forks_count":102,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-04-16T01:02:40.654Z","etag":null,"topics":["a2a","ai-agents","ai-orchestration","chatbot","conversation-memory","conversational-ai","docker","enterprise-ai","java","langchain4j","llm","mcp-client","mcp-server","mongodb","multi-agent","postgres","quarkus","rag"],"latest_commit_sha":null,"homepage":"https://eddi.labs.ai","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/labsai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2016-10-13T13:29:22.000Z","updated_at":"2026-04-15T23:02:29.000Z","dependencies_parsed_at":"2024-02-28T23:33:38.210Z","dependency_job_id":"3af6ab1b-caba-42f1-8cdf-2c637315c985","html_url":"https://github.com/labsai/EDDI","commit_stats":{"total_commits":1502,"total_committers":20,"mean_commits":75.1,"dds":"0.21837549933422107","last_synced_commit":"ee4088470372bf7ed501dd863070a251b6ee0087"},"previous_names":[],"tags_count":47,"template":false,"template_full_name":null,"purl":"pkg:github/labsai/EDDI","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labsai%2FEDDI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labsai%2FEDDI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labsai%2FEDDI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labsai%2FEDDI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/labsai","download_url":"https://codeload.github.com/labsai/EDDI/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labsai%2FEDDI/sbom","scorecard":{"id":1246106,"data":{"date":"2026-04-15T23:02:39Z","repo":{"name":"github.com/labsai/EDDI","commit":"ca4ee0c5a81854cdfad10a29b8eb8f5fdad86b95"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:11","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yml:14","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:8","Warn: topLevel 'actions' permission set to 'write': .github/workflows/docker-pull-notify.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-pull-notify.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/redhat-certify.yml:28","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:12","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-pull-notify.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/labsai/EDDI/docker-pull-notify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-pull-notify.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/labsai/EDDI/docker-pull-notify.yml/main?enable=pin","Warn: containerImage not pinned by hash: src/main/docker/Dockerfile.jvm:81: pin your Docker image by updating registry.access.redhat.com/ubi9/openjdk-25-runtime:1.24 to registry.access.redhat.com/ubi9/openjdk-25-runtime:1.24@sha256:a433d34a6aec42fa0391754c5af49e7e40512632b0f2ceca95022b3f1d5a6adf","Warn: containerImage not pinned by hash: src/main/docker/Dockerfile.native:17: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:9.7 to registry.access.redhat.com/ubi9/ubi-minimal:9.7@sha256:fe688da81a696387ca53a4c19231e99289591f990c904ef913c51b6e87d4e4df","Warn: containerImage not pinned by hash: src/main/docker/Dockerfile.native-micro:20: pin your Docker image by updating quay.io/quarkus/quarkus-micro-image:2.0 to quay.io/quarkus/quarkus-micro-image:2.0@sha256:5395cd1f9dd9b1c1c30cfb2b428564611968ad3896fe843413a2b6ff4200d8d7","Warn: downloadThenRun not pinned by hash: install.sh:272","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:263","Info: 26 out of 28 GitHub-owned GitHubAction dependencies pinned","Info: 4 out of 4 third-party GitHubAction dependencies pinned","Info: 0 out of 2 downloadThenRun dependencies pinned","Info: 0 out of 3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 7 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:96"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":10,"reason":"2 out of 2 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 7 contributing companies or organizations","details":["Info: found contributions from: EdtechFoundry, are almaas as, gnowbe, labsai, labsai @gnowbe, mend, resourcify.de"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]},"last_synced_at":"2026-04-16T01:06:30.005Z","repository_id":11919816,"created_at":"2026-04-16T01:06:30.005Z","updated_at":"2026-04-16T01:06:30.005Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32161325,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T17:06:48.269Z","status":"ssl_error","status_checked_at":"2026-04-22T17:06:19.037Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["a2a","ai-agents","ai-orchestration","chatbot","conversation-memory","conversational-ai","docker","enterprise-ai","java","langchain4j","llm","mcp-client","mcp-server","mongodb","multi-agent","postgres","quarkus","rag"],"created_at":"2024-08-02T01:01:21.403Z","updated_at":"2026-04-23T01:01:05.754Z","avatar_url":"https://github.com/labsai.png","language":"Java","readme":"![EDDI Banner Image](/screenshots/EDDI-Readme-banner-image.webp)\n\n# E.D.D.I — Multi-Agent Orchestration Middleware for Conversational AI\n\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12355/badge)](https://www.bestpractices.dev/projects/12355) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/labsai/EDDI/badge)](https://securityscorecards.dev/viewer/?uri=github.com/labsai/EDDI) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/2c5d183d4bd24dbaa77427cfbf5d4074)](https://app.codacy.com/organizations/gh/labsai/dashboard?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=labsai/EDDI\u0026utm_campaign=Badge_Grade)\n\n[![CI](https://github.com/labsai/EDDI/actions/workflows/ci.yml/badge.svg)](https://github.com/labsai/EDDI/actions/workflows/ci.yml) [![CodeQL](https://github.com/labsai/EDDI/actions/workflows/codeql.yml/badge.svg)](https://github.com/labsai/EDDI/actions/workflows/codeql.yml) ![Tests](https://img.shields.io/badge/tests-5%2C100%2B-brightgreen) ![Coverage](https://img.shields.io/badge/coverage-%3E80%25-brightgreen)\n\n[![Docker Pulls](https://img.shields.io/docker/pulls/labsai/eddi)](https://hub.docker.com/r/labsai/eddi) [![Repository: AI Ready](https://img.shields.io/badge/Repository-AI_Ready-blueviolet?logo=robot)](AGENTS.md)\n\n**E.D.D.I** (Enhanced Dialog Driven Interface) is a production-grade, **config-driven multi-agent orchestration middleware** for conversational AI. It coordinates users, AI agents, and business systems through **intelligent routing, persistent memory, and API orchestration** — without writing code.\n\nBuilt with **Java 25** and **Quarkus**. Ships as a **Red Hat-certified Docker image**. Native support for **MCP** (Model Context Protocol), **A2A** (Agent-to-Agent), **Slack**, **OpenAPI**, and **OAuth 2.0**.\n\n**Latest version: 6.0.2** · [Website](https://eddi.labs.ai/) · [Documentation](https://docs.labs.ai/) · License: Apache 2.0\n\n---\n\n## 📑 Table of Contents\n\n- [🏁 Quick Start](#-quick-start)\n- [💡 Why EDDI?](#-why-eddi)\n- [📸 See It In Action](#-see-it-in-action)\n- [✨ Features](#-features)\n- [🧩 Quarkus SDK](#-quarkus-sdk)\n- [📖 Documentation](#-documentation)\n- [📋 Compliance \u0026 Privacy](#-compliance--privacy)\n- [🏗️ Development](#️-development)\n - [Prerequisites](#prerequisites)\n - [Quarkus Dev Mode](#quarkus-dev-mode)\n - [Maven Command Reference](#maven-command-reference)\n - [Build \u0026 Docker](#build--docker)\n - [Kubernetes](#️-kubernetes)\n- [🤝 Contributing](#-contributing)\n- [🔒 Security](#-security)\n- [📜 Code of Conduct](#-code-of-conduct)\n\n---\n\n## 🏁 Quick Start\n\nThe fastest way to get EDDI running is the **one-command installer**. It sets up EDDI + your choice of database via Docker Compose, deploys the [Agent Father](docs/agent-father-deep-dive.md) starter agent, and walks you through creating your first AI agent.\n\n**Linux / macOS / WSL2:**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/labsai/EDDI/main/install.sh | bash\n```\n\n**Windows (PowerShell):**\n\n```powershell\niwr -useb https://raw.githubusercontent.com/labsai/EDDI/main/install.ps1 | iex\n```\n\n\u003e **Note:** If your Antivirus blocks this command as \"malicious content\", securely download and run it instead:\n\u003e\n\u003e ```powershell\n\u003e Invoke-WebRequest -Uri \"https://raw.githubusercontent.com/labsai/EDDI/main/install.ps1\" -OutFile \"install.ps1\"\n\u003e Unblock-File .\\install.ps1\n\u003e .\\install.ps1\n\u003e ```\n\nRequires [Docker](https://docs.docker.com/get-docker/). The wizard auto-generates a unique vault encryption key for secret management.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e🔧 Installer options\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nbash install.sh --defaults # All defaults, no prompts\nbash install.sh --db=postgres --with-auth # PostgreSQL + Keycloak\nbash install.sh --full # Everything enabled (DB + auth + monitoring)\nbash install.sh --local # Build Docker image from local source\n```\n\nThe `--local` flag is for contributors testing pre-release builds:\n\n```bash\n./mvnw package -DskipTests # Build the Java app\nbash install.sh --local # Build Docker image + start containers\n```\n\n\u003c/details\u003e\n\n### 🔄 Updating\n\nThe installer creates an `eddi` CLI wrapper that makes updating easy:\n\n```bash\neddi update\n```\n\nThis pulls the latest Docker image from the registry and restarts the containers. It works even when the same tag (e.g. `latest`) was re-published — Docker always checks the remote digest for changes.\n\n\u003e **`eddi` command not found?** The CLI lives at `~/.eddi/eddi` (Linux/macOS) or `~/.eddi/eddi.cmd` (Windows). Either restart your terminal so the PATH takes effect, or use the full path:\n\u003e\n\u003e ```bash\n\u003e # Linux / macOS\n\u003e ~/.eddi/eddi update\n\u003e\n\u003e # Windows (PowerShell)\n\u003e \u0026 \"$HOME\\.eddi\\eddi.cmd\" update\n\u003e ```\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eManual update (without the CLI)\u003c/strong\u003e\u003c/summary\u003e\n\nIf the `eddi` CLI isn't available, run the equivalent docker commands from your install directory (`~/.eddi` by default):\n\n```bash\ncd ~/.eddi\ndocker compose --env-file .env -f docker-compose.yml pull\ndocker compose --env-file .env -f docker-compose.yml up -d\n```\n\nAdjust the `-f` flags to match your setup (e.g. add `-f docker-compose.auth.yml` if using Keycloak).\n\n\u003c/details\u003e\n\n### 🐳 Docker Compose (Manual)\n\nIf you prefer manual control over Docker Compose:\n\n```bash\n# Default (EDDI + MongoDB)\ndocker compose up\n\n# PostgreSQL instead of MongoDB\nEDDI_DATASTORE_TYPE=postgres docker compose -f docker-compose.yml -f docker-compose.postgres.yml up\n\n# With Keycloak authentication\ndocker compose -f docker-compose.yml -f docker-compose.auth.yml up\n\n# With Prometheus + Grafana monitoring\ndocker compose -f docker-compose.yml -f docker-compose.monitoring.yml up\n\n# Full stack (all overlays)\ndocker compose -f docker-compose.yml -f docker-compose.auth.yml \\\n -f docker-compose.monitoring.yml -f docker-compose.nats.yml up\n```\n\nAvailable compose overlays: `docker-compose.auth.yml` (Keycloak), `docker-compose.monitoring.yml` (Prometheus+Grafana), `docker-compose.nats.yml` (NATS JetStream), `docker-compose.postgres.yml` / `docker-compose.postgres-only.yml`, `docker-compose.local.yml` (build from source).\n\n```bash\ndocker pull labsai/eddi # Pull latest from Docker Hub\n```\n\n→ [hub.docker.com/r/labsai/eddi](https://hub.docker.com/r/labsai/eddi)\n\n---\n\n## 💡 Why EDDI?\n\nMost multi-agent frameworks (LangGraph, CrewAI, AutoGen) are Python/Node libraries — great for prototyping, hard to govern in production. EDDI approaches from the opposite direction: **a deterministic engine built to safely govern non-deterministic AI.**\n\n| Dimension | Typical Python/Node Frameworks | EDDI |\n| ------------------ | ---------------------------------------- | --------------------------------------------------------------------------- |\n| **Concurrency** | GIL or single-threaded event loop | Java 25 Virtual Threads — true OS-level parallelism |\n| **Agent Logic** | Embedded in application code | Versioned JSON configurations — update behavior without redeployment |\n| **Security Model** | Often relies on sandboxed code execution | No dynamic code execution at all; envelope-encrypted vault, SSRF protection |\n| **Compliance** | Requires custom implementation | GDPR, HIPAA, EU AI Act infrastructure built-in |\n| **Audit Trail** | Application-level logging | HMAC-SHA256 immutable ledger with cryptographic agent signing |\n| **Deployment** | pip/npm + manual infrastructure | One-command Docker install, Kubernetes/OpenShift-ready |\n\n\u003e _\"The engine is strict so the AI can be creative.\"_ — [Project Philosophy](docs/project-philosophy.md)\n\n---\n\n## 📸 See It In Action\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e📊 Dashboard\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-dashboard-1.png\" alt=\"EDDI Dashboard\" /\u003e\n\u003cp\u003e\u003cem\u003ePlatform overview with active agents, workflows, quick actions, and recent conversations\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e🤖 Agent Fleet\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-agents-1.png\" alt=\"Agents List\" /\u003e\n\u003cp\u003e\u003cem\u003eAll deployed agents at a glance with status, descriptions, and one-click chat\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e💬 Live Conversation\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-conversation-1.png\" alt=\"Conversation View\" /\u003e\n\u003cp\u003e\u003cem\u003eReal-time conversation with visible actions, step timing, and tool calls\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e🗣️ Multi-Agent Debate\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-group-conversations-1.png\" alt=\"Group Conversations\" /\u003e\n\u003cp\u003e\u003cem\u003ePeer Review with phased discussion: Opinion → Critique → Revision → Synthesis\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e🛡️ Secrets Vault\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-secret-vault-1.png\" alt=\"Secrets Vault\" /\u003e\n\u003cp\u003e\u003cem\u003eEnvelope-encrypted secrets with rotation tracking, checksums, and per-agent access control\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e💰 Tenant Quotas\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-quotas-1.png\" alt=\"Tenant Quotas\" /\u003e\n\u003cp\u003e\u003cem\u003eRate limits, cost budgets, and live usage monitoring per tenant\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eMore screenshots: LLM Config, Logs, User Memory, Schedules, Agent Detail\u003c/strong\u003e\u003c/summary\u003e\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e⚡ LLM Task Configuration\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-agents-llm-config-1.png\" alt=\"LLM Configuration\" /\u003e\n\u003cp\u003e\u003cem\u003eSystem prompt, model parameters, cascading, RAG, context window, and budget settings\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e📋 Real-Time Logs\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-logs-1.png\" alt=\"Logs\" /\u003e\n\u003cp\u003e\u003cem\u003eLive log stream with per-call cost tracking, token counts, warnings, and errors\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e🧠 Persistent User Memory\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-user-data-1.png\" alt=\"User Data\" /\u003e\n\u003cp\u003e\u003cem\u003eCross-session memory with categorized entries, visibility scoping, and conflict detection\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e⏰ Scheduled Execution\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-schedules-1.png\" alt=\"Schedules\" /\u003e\n\u003cp\u003e\u003cem\u003eCron jobs and heartbeats with fire history, retry logic, and dead-letter tracking\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003e🔧 Agent Detail\u003c/strong\u003e\u003c/p\u003e\n\u003cimg src=\"screenshots/eddi-v6-screenshot-agents-detail-1.png\" alt=\"Agent Detail\" /\u003e\n\u003cp\u003e\u003cem\u003eFull agent config: environments, workflows, A2A, security, capabilities, and memory policy\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003c/details\u003e\n\n---\n\n## ✨ Features\n\n### 🤖 Multi-Agent Orchestration\n\n- 🔀 **Intelligent Routing** — Direct conversations to different agents based on context, rules, and intent\n- 🗣️ **Group Conversations** — Multi-agent debates with 5 built-in discussion styles: Round Table, Peer Review, Devil's Advocate, Delphi, and Debate\n- 💬 **Slack Integration** — Deploy agents to Slack channels and run multi-agent debates directly in threads\n- 🪆 **Nested Groups** — Compose groups of groups for tournament brackets, red-team vs blue-team, and panel reviews\n- 👥 **Managed Conversations** — Intent-based auto-routing with one conversation per user per intent\n- 🎯 **Capability Matching** — Discover and route to agents by skill, confidence score, and custom attributes\n- 🧙 **Agent Father** — Meta-agent that creates other agents through conversation (ships out of the box)\n\n### 🧠 LLM Provider Support (12 Providers)\n\n| Category | Providers |\n| -------------------- | --------------------------------------------------------------------- |\n| **Cloud APIs** | OpenAI · Anthropic Claude · Google Gemini · Mistral AI |\n| **Enterprise Cloud** | Azure OpenAI · Amazon Bedrock · Oracle GenAI · Google Vertex AI |\n| **Self-Hosted** | Ollama · Jlama · Hugging Face |\n| **Compatible** | Any OpenAI-compatible endpoint (DeepSeek, Cohere, etc.) via `baseUrl` |\n\n### 🔗 Standards \u0026 Interoperability\n\nEDDI implements open standards — not proprietary APIs:\n\n| Standard | Role | What It Enables |\n| -------------------------------------------------------------------- | ------------------------------- | -------------------------------------------------------------------------------------------------------- |\n| **[MCP](https://modelcontextprotocol.io/)** (Model Context Protocol) | Server (42 tools) + Client | Control EDDI from Claude Desktop, Cursor, or any MCP client. Connect agents to external MCP tool servers |\n| **[A2A](https://google.github.io/A2A/)** (Agent-to-Agent Protocol) | Full implementation | Cross-platform agent communication, Agent Cards, and skill discovery |\n| **[OpenAPI](https://www.openapis.org/)** 3.1 | Native generation + consumption | Auto-generated spec. Paste any OpenAPI spec → get a fully deployed API-calling agent |\n| **OAuth 2.0 / OIDC** | Keycloak integration | Authentication, authorization, and multi-tenant isolation |\n| **SSE** (Server-Sent Events) | Streaming transport | Real-time chat responses, group discussion feeds, and live log streaming |\n\n### 💭 Memory \u0026 Context Management\n\n- 💾 **Persistent User Memory** — Agents remember facts, preferences, and context across conversations via structured key-value entries with visibility scoping (`global`, `agent`, `group`)\n- 🧠 **LLM Memory Tools** — Built-in tools agents can call to read, write, and search their own persistent memory\n- 💤 **Dream Consolidation** — Background memory maintenance: stale entry pruning, contradiction detection, and fact summarization (inspired by [Anthropic's](https://www.anthropic.com/research) research on background memory consolidation)\n- 🪟 **Token-Aware Windowing** — Intelligent context packing with model-specific tokenizer support and anchored opening steps\n- 📝 **Rolling Summary** — Incremental LLM-powered summarization of older turns with a **Conversation Recall Tool** for drill-back into compressed history\n- 🔧 **Property Extraction** — Config-driven slot-filling with `longTerm` / `conversation` / `step` scoping — EDDI's importance extraction mechanism\n- 🛡️ **Memory Policy (Commit Flags)** — Strict write discipline marks failed task output as uncommitted (hidden from LLM context) and injects concise error digests for graceful degradation\n- 🔄 **Conversation State** — Full history with undo/redo support\n\n### 📚 RAG (Retrieval-Augmented Generation)\n\n- 📦 **7 Embedding Providers** — OpenAI, Ollama, Azure OpenAI, Mistral, Bedrock, Cohere, Vertex AI\n- 🗄️ **5 Vector Stores** — pgvector, In-Memory, MongoDB Atlas, Elasticsearch, Qdrant\n- 🌐 **httpCall RAG** — Zero-infrastructure RAG via any search API (BM25, Elasticsearch, custom)\n- 📥 **REST Ingestion API** — Async document ingestion with status tracking\n\n### 🛠️ Built-In AI Agent Tools\n\n| Tool | Description |\n| ---------------------------------------------- | ----------------------------------------------------------------------------- |\n| 🔍 **Web Search** | DuckDuckGo or Google Custom Search |\n| 🧮 **Calculator** | Sandboxed recursive-descent math parser (no `eval()`, no code injection) |\n| 🌐 **Web Scraper** | SSRF-protected content extraction from web pages |\n| 📄 **PDF Reader** | SSRF-protected document extraction |\n| ☁️ **Weather** · 🕐 **DateTime** | Real-time data tools |\n| 📊 **Data Formatter** · 📝 **Text Summarizer** | Data transformation tools |\n| 🔌 **HTTP Calls as Tools** | Expose your own REST APIs as LLM-callable tools with full security sandboxing |\n| 🧠 **User Memory** | Read/write/search persistent user memory |\n| 🔙 **Conversation Recall** | Drill back into summarized conversation history |\n| 📎 **Multimodal Attachments** | Image, PDF, audio, and video input with MIME-based routing |\n\n### ⏰ Scheduled Execution \u0026 Heartbeats\n\n- 🫀 **Heartbeat Triggers** — Periodic agent wake-ups at configurable intervals for proactive behavior (inspired by [OpenClaw's](https://openclaw.ai) heartbeat architecture)\n- ⏲️ **Cron Scheduling** — Standard cron expressions for timed agent execution\n- 🔄 **Conversation Strategies** — `persistent` (reuse same conversation across fires) or `new` (fresh context each time)\n- 📊 **Fire Logging** — Complete execution history with status, duration, cost tracking, and retry logic\n- 🌙 **Dream Cycles** — Scheduled background memory consolidation with cost ceilings per run\n\n### 📈 Smart Model Cascading\n\n- 📉 **Cost Optimization** — Try cheap/fast models first, escalate to powerful models only when confidence is low\n- 📊 **4 Confidence Strategies** — Structured output, heuristic, judge model, or none\n- 💰 **Per-Conversation Budgets** — Automatic cost tracking with budget caps and eviction\n- 🏢 **Tenant Cost Ceilings** — Monthly cost budgets per tenant with automatic enforcement\n\n### 🔐 Enterprise Security \u0026 Compliance\n\n\u003cdetails open\u003e\n\u003csummary\u003e\u003cstrong\u003eSecurity Architecture\u003c/strong\u003e\u003c/summary\u003e\n\n- 🏦 **Secrets Vault** — Envelope encryption (PBKDF2 + AES-256) with tenant-scoped DEK/KEK rotation. Never plaintext in DB\n- 🛡️ **SSRF Protection** — All tools validate URLs against private IPs, internal hostnames, and non-HTTP schemes before any request\n- 🔒 **Sandboxed Evaluation** — Recursive-descent math parser only. No `eval()`, no script engines, no reflection-based execution\n- 🔑 **OAuth 2.0 / Keycloak** — Multi-tenant authentication, authorization, and role-based access control\n- ✍️ **Agent Signing** — Ed25519 cryptographic identity per agent; audit entries signed with agent private keys\n- 🚫 **No Dynamic Code Execution** — Custom logic runs in external MCP servers, outside the EDDI security perimeter\n\n\u003c/details\u003e\n\n\u003cdetails open\u003e\n\u003csummary\u003e\u003cstrong\u003eRegulatory Compliance\u003c/strong\u003e\u003c/summary\u003e\n\n| Regulation | EDDI Support |\n| ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- |\n| **[EU AI Act](https://artificialintelligenceact.eu/)** | Immutable HMAC-SHA256 audit ledger, decision traceability, risk classification guidance |\n| **[GDPR](https://gdpr.eu/)** | Cascading data erasure (Art. 17), data portability (Art. 15/20), restriction of processing (Art. 18), per-category retention, pseudonymization |\n| **[CCPA](https://oag.ca.gov/privacy/ccpa)** | Right to delete, right to know, data portability |\n| **[HIPAA](https://www.hhs.gov/hipaa/)** | Deployment guide, BAA template, LLM provider BAA matrix, session timeout guidance |\n| **International** | PIPEDA 🇨🇦 · LGPD 🇧🇷 · APPI 🇯🇵 · POPIA 🇿🇦 · PDPA 🇸🇬🇹🇭🇲🇾 · PIPL 🇨🇳 compatibility documented |\n\n- 📜 **Audit Ledger** — Every agent decision recorded in a write-once, HMAC-secured, append-only ledger\n- 🔍 **Compliance Startup Checks** — Advisory warnings on boot for TLS and database encryption gaps\n- 🗑️ **GDPR Orchestration** — One-call cascading erasure across 6 stores + audit trail pseudonymization\n- 📤 **Data Portability** — Complete user data export (memories, conversations, audit entries) via REST and MCP\n\n\u003c/details\u003e\n\n### ⚙️ Configuration-Driven Architecture\n\n- 📄 **JSON Configs, Not Code** — Agent behavior defined in versioned, diffable JSON documents\n- 🔧 **Lifecycle Pipeline** — Pluggable task pipeline: Input → Parse → Rules → API/LLM → Output\n- 📦 **Composable Agents** — Agents assembled from reusable, version-controlled workflows and extensions\n- 🧪 **Behavior Rules** — IF-THEN logic engine for routing, orchestration, and business logic\n- 📤 **Import / Export** — Agents portable as ZIP files with automatic secret scrubbing on export\n- 🔄 **Agent Sync** — Live instance-to-instance sync with structural matching, content diffing, and selective resource picking — no ZIP intermediary needed\n- 📝 **Prompt Snippets** — Reusable, versioned system prompt building blocks available as `{{snippets.safety_rules}}`\n- 📎 **Content Type Routing** — MIME-based behavior rule conditions for multimodal attachment routing\n\n### 🚀 Cloud-Native \u0026 Observable\n\n- 🐳 **One-Command Install** — Interactive wizard sets up EDDI + database + starter agent via Docker\n- ☸️ **Kubernetes / OpenShift** — Kustomize overlays, Helm charts, HPA, PDB, NetworkPolicy\n- 📊 **Prometheus \u0026 Grafana** — 50+ Micrometer metrics at `/q/metrics` (tools, vault, memory, scheduling, conversations). Pre-built [Grafana dashboard](docs/monitoring/eddi-grafana-dashboard.json) included\n- 🔭 **OpenTelemetry Tracing** — Per-task distributed traces via OTLP (Jaeger, Tempo, Datadog). Every pipeline task emits spans with `task.id`, `task.type`, `conversation.id`, and `agent.id`\n- 🩺 **Health Checks** — Liveness \u0026 readiness probes at `/q/health/live` and `/q/health/ready`\n- 🔄 **NATS JetStream** — Async event bus for distributed processing\n- ⚡ **Virtual Threads** — Java 25 virtual threads for true OS-level concurrency (no Python GIL or Node.js event loop bottleneck)\n- 🗃️ **DB-Agnostic** — Choose MongoDB or PostgreSQL; switch with one env var. Single Docker image for both\n- 🏗️ **Red Hat Certified** — Container certification with automated preflight checks in CI/CD\n\n\u003e **📖 Monitoring Guide:** See [docs/monitoring/monitoring-guide.md](docs/monitoring/monitoring-guide.md) for architecture overview, metrics reference, alerting rules, and a production checklist.\n\n### 🖥️ Manager Dashboard \u0026 Chat UI\n\n- 🎨 **React 19 Manager** — Modern admin dashboard for agent building, testing, deployment, and monitoring\n- 💬 **Chat Widget** — Embeddable React chat UI with SSE streaming and Keycloak auth\n- 🔍 **Audit Trail Viewer** — Timeline-based compliance and debugging UI\n- 📋 **Logs Panel** — Live SSE log streaming + searchable history\n- 🔑 **Secrets Manager** — Write-only vault UI with copy-reference support\n- 🌍 **11 Languages** — English, German, Spanish, French, Portuguese, Chinese, Japanese, Korean, Arabic (RTL), Hindi, Thai\n\n---\n\n## 🧩 Quarkus SDK\n\nBuilding a Quarkus app that talks to EDDI? Use the **[quarkus-eddi](https://github.com/quarkiverse/quarkus-eddi)** extension:\n\n```xml\n\u003cdependency\u003e\n \u003cgroupId\u003eio.quarkiverse.eddi\u003c/groupId\u003e\n \u003cartifactId\u003equarkus-eddi\u003c/artifactId\u003e\n \u003cversion\u003e6.0.2\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n```java\n@Inject EddiClient eddi;\n\nString answer = eddi.chat(\"my-agent\", \"Hello!\");\n```\n\nFeatures: Dev Services (auto-starts EDDI in dev mode), fluent API, SSE streaming, `@EddiAgent` endpoint wiring, `@EddiTool` MCP bridge. See the [quarkus-eddi README](https://github.com/quarkiverse/quarkus-eddi) for full docs.\n\n---\n\n## 📖 Documentation\n\n| Guide | Description |\n| ------------------------------------------------------------ | -------------------------------------------------- |\n| **[Getting Started](docs/getting-started.md)** | Setup and first steps |\n| **[Developer Quickstart](docs/developer-quickstart.md)** | Build your first agent in 5 minutes |\n| **[Architecture](docs/architecture.md)** | Deep dive into EDDI's design and pipeline |\n| **[LLM Configuration](docs/langchain.md)** | Connecting to 12 LLM providers |\n| **[Behavior Rules](docs/behavior-rules.md)** | Configuring agent routing logic |\n| **[HTTP Calls](docs/httpcalls.md)** | External API integration |\n| **[RAG](docs/rag.md)** | Knowledge base retrieval setup |\n| **[MCP Server](docs/mcp-server.md)** | 42 tools for AI-assisted agent management |\n| **[A2A Protocol](docs/a2a-protocol.md)** | Agent-to-Agent peer communication |\n| **[Slack Integration](docs/slack-integration.md)** | Deploy agents to Slack and run group discussions |\n| **[Group Conversations](docs/group-conversations.md)** | Multi-agent debate orchestration |\n| **[User Memory](docs/user-memory.md)** | Cross-conversation fact retention |\n| **[Memory Policy](docs/memory-policy.md)** | Commit flags and strict write discipline |\n| **[Model Cascading](docs/model-cascade.md)** | Cost-optimized multi-model routing |\n| **[Scheduling \u0026 Heartbeats](docs/scheduling.md)** | Cron schedules, heartbeats, dream consolidation |\n| **[Agent Sync](docs/agent-sync-guide.md)** | Live instance-to-instance sync and upgrade imports |\n| **[Import / Export](docs/import-export-an-agent.md)** | ZIP-based agent portability and merge |\n| **[Prompt Snippets](docs/prompt-snippets-guide.md)** | Reusable system prompt building blocks |\n| **[Attachments](docs/attachments-guide.md)** | Multimodal attachment pipeline |\n| **[Capability Matching](docs/capability-match-guide.md)** | A2A skill discovery and routing |\n| **[Security](docs/security.md)** | SSRF protection, sandboxing, and hardening |\n| **[Secrets Vault](docs/secrets-vault.md)** | Envelope encryption and auto-vaulting |\n| **[Audit Ledger](docs/audit-ledger.md)** | EU AI Act-compliant audit trail |\n| **[Kubernetes](docs/kubernetes.md)** | Deploy with Kustomize or Helm |\n| **[Monitoring \u0026 Tracing](docs/monitoring/monitoring-guide.md)** | Prometheus, Grafana, OpenTelemetry, alerting |\n| **[Red Hat OpenShift](docs/redhat-openshift.md)** | Certified container, automated release |\n| **[Agent Father Deep Dive](docs/agent-father-deep-dive.md)** | How the meta-agent works |\n| **[Full Documentation](https://docs.labs.ai/)** | Complete documentation site |\n\n---\n\n## 📋 Compliance \u0026 Privacy\n\nEDDI provides built-in infrastructure for regulatory compliance:\n\n| Guide | Covers |\n| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- |\n| **[GDPR / CCPA](docs/gdpr-compliance.md)** | Data erasure, export, Art. 18 restriction of processing, per-category retention, and consent guidance |\n| **[HIPAA](docs/hipaa-compliance.md)** | Healthcare deployment guide — encryption, BAAs, LLM provider matrix, session management |\n| **[EU AI Act](docs/eu-ai-act-compliance.md)** | AI risk classification, decision traceability, immutable audit ledger |\n| **[Privacy \u0026 Data Processing](PRIVACY.md)** | Data flows, LLM provider matrix, international regulations (PIPEDA, LGPD, APPI, POPIA, PDPA, PIPL) |\n| **[Compliance Data Flow](docs/compliance-data-flow.md)** | Single-page data flow diagram for auditors |\n| **[Incident Response](docs/incident-response.md)** | Breach response runbook (GDPR 72h, CCPA 45 days, HIPAA 60 days) |\n\n---\n\n## 🏗️ Development\n\n### Prerequisites\n\n| Tool | Version | Notes |\n| -------------- | ------- | ----------------------------------------------------------------- |\n| **Java (JDK)** | 25 | [Eclipse Temurin](https://adoptium.net/) recommended |\n| **Maven** | 3.9+ | Bundled via `mvnw` / `mvnw.cmd` wrapper — no install needed |\n| **MongoDB** | 6.0+ | Local instance or Docker (`docker run -d -p 27017:27017 mongo:7`) |\n| **Docker** | Latest | For integration tests and container builds |\n\n\u003e **Windows users:** Replace `./mvnw` with `.\\mvnw.cmd` in all commands below.\n\n### Quarkus Dev Mode\n\nDev mode starts the application with **live reload** — code changes are picked up automatically without restarting:\n\n```bash\n# Linux / macOS\n./mvnw compile quarkus:dev\n\n# Windows (PowerShell)\n.\\mvnw.cmd compile quarkus:dev\n```\n\nThen open [http://localhost:7070](http://localhost:7070). The Quarkus Dev UI is available at [http://localhost:7070/q/dev](http://localhost:7070/q/dev).\n\nDev mode also enables:\n\n- **Continuous testing** — press `r` in the terminal to re-run tests on changes\n- **Dev UI** — browse endpoints, CDI beans, configuration, and health checks\n- **Live reload** — Java and resource changes apply instantly\n\n\u003e **💡 Secrets Vault:** To use the secrets vault (storing API keys encrypted), set the master key before starting:\n\u003e\n\u003e ```bash\n\u003e # Linux/macOS\n\u003e export EDDI_VAULT_MASTER_KEY=my-dev-passphrase\n\u003e\n\u003e # Windows (PowerShell)\n\u003e $env:EDDI_VAULT_MASTER_KEY = \"my-dev-passphrase\"\n\u003e\n\u003e # Or in a .env file (already in .gitignore)\n\u003e echo \"EDDI_VAULT_MASTER_KEY=my-dev-passphrase\" \u003e .env\n\u003e ```\n\u003e\n\u003e Without this, the vault is disabled and secret management returns HTTP 503. Any passphrase works for local development. See [Secrets Vault](docs/secrets-vault.md) for production setup.\n\n### Maven Command Reference\n\n| Command | What It Does |\n| ------------------------------------------------------------- | --------------------------------------------------------------------------- |\n| `./mvnw compile quarkus:dev` | **Start dev mode** with live reload (port 7070) |\n| `./mvnw compile` | Compile sources only (fast feedback) |\n| `./mvnw clean compile` | Clean build — delete `target/` and recompile from scratch |\n| `./mvnw test` | Run **unit tests** (excludes `*IT.java` integration tests) |\n| `./mvnw verify -DskipITs` | Compile + unit tests + package (no integration tests) |\n| `./mvnw verify` | **Full build** — compile + unit tests + integration tests (requires Docker) |\n| `./mvnw validate` | Run **Checkstyle** code style checks |\n| `./mvnw formatter:format` | **Auto-format** Java sources using the project Eclipse formatter |\n| `./mvnw package -DskipTests` | Build the JAR without running tests (for `install.sh --local`) |\n| `./mvnw clean package '-Dquarkus.container-image.build=true'` | Build the app **+ Docker image** |\n| `./mvnw package -Plicense-gen -DskipTests` | Generate **third-party licenses** (Red Hat certification) |\n| `./mvnw quarkus:dev -Dsuspend` | Start dev mode and **wait for debugger** on port 5005 |\n| `./mvnw quarkus:dev -Ddebug=false` | Start dev mode **without** the debug agent |\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eCode coverage\u003c/strong\u003e\u003c/summary\u003e\n\nJaCoCo is configured to run automatically during `./mvnw test`. After tests complete, find the coverage report at:\n\n```\ntarget/site/jacoco/index.html\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eUseful system properties\u003c/strong\u003e\u003c/summary\u003e\n\n| Property | Default | Description |\n| ------------------------------------------- | --------------------------- | ---------------------------------------------- |\n| `-Dquarkus.http.port=\u003cport\u003e` | `7070` | Override the HTTP port |\n| `-Dquarkus.mongodb.connection-string=\u003curi\u003e` | `mongodb://localhost:27017` | MongoDB connection |\n| `-Dquarkus.profile=\u003cprofile\u003e` | `dev` | Active Quarkus profile (`dev`, `test`, `prod`) |\n| `-DskipTests` | `false` | Skip all tests |\n| `-DskipITs` | `true` | Skip integration tests only |\n\n\u003c/details\u003e\n\n### Build \u0026 Docker\n\n```bash\n# Build app + Docker image\n./mvnw clean package '-Dquarkus.container-image.build=true'\n\n# Build without container (for install.sh --local)\n./mvnw package -DskipTests\n\n# Generate third-party licenses (Red Hat certification)\n./mvnw package -Plicense-gen -DskipTests\n```\n\n### ☸️ Kubernetes\n\n```bash\n# Quickstart (one-file deployment)\nkubectl apply -f https://raw.githubusercontent.com/labsai/EDDI/main/k8s/quickstart.yaml\n\n# Kustomize overlays\nkubectl apply -k k8s/overlays/mongodb/ # MongoDB backend\nkubectl apply -k k8s/overlays/postgres/ # PostgreSQL backend\n\n# Helm\nhelm install eddi ./helm/eddi --namespace eddi --create-namespace\n```\n\nIncludes overlays for auth (Keycloak), monitoring (Prometheus/Grafana), NATS messaging, Ingress, and production hardening (HPA, PDB, NetworkPolicy).\nSee the [Kubernetes Guide](docs/kubernetes.md) for details.\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Please read our [Contributing Guide](CONTRIBUTING.md) for details on setting up your development environment, code style, commit conventions, and the pull request process.\n\nEvery PR is automatically checked by CI (build + tests), CodeQL (security), dependency review, and AI-powered code review.\n\n## 🔒 Security\n\nEDDI ships with security-by-default for production deployments:\n\n- **Authentication enforced** — `AuthStartupGuard` fails startup if OIDC is disabled in production without explicit opt-out\n- **Secrets encrypted at rest** — Envelope encryption (PBKDF2 → AES-256-GCM) with per-deployment salt. Never plaintext in DB\n- **SSRF protection** — All LLM tool HTTP calls go through `SafeHttpClient` with private IP blocking, redirect validation, and scheme enforcement\n- **Security headers** — `X-Content-Type-Options`, `X-Frame-Options`, `Content-Security-Policy` configured out of the box\n- **CI/CD security gates** — Every push/PR is scanned by:\n - **CodeQL** — Semantic SAST analysis with `security-extended` queries\n - **Trivy** — CVE scanning for both filesystem dependencies and Docker images (blocking on CRITICAL/HIGH)\n - **Gitleaks** — Git history scanning to prevent secret/credential leakage\n - **ZAP** — DAST API scanning against the live Docker image (report-only)\n - **CycloneDX** — SBOM generation for supply chain transparency\n - **Jazzer** — Coverage-guided fuzz testing for security-critical parsers (PathNavigator, MatchingUtilities)\n - All actions SHA-pinned to prevent supply-chain attacks\n\nFor vulnerability reports, see our [Security Policy](SECURITY.md). For architecture details, see [Security Architecture](docs/security.md).\n\n## 📜 Code of Conduct\n\nThis project follows the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md).\n","funding_links":[],"categories":["Prompts","人工智能"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabsai%2Feddi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flabsai%2Feddi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabsai%2Feddi/lists"}