DevSecOps LangGraph
This repository is an amalgamation of best-in-class tools in Security and AI, arranged to work together with minimum configuration. Practically it serves as the entire backend for the Arkavo forum.
Components of this repo include
- Ollama - The best-in-class open-source LLM management solution
- Keycloak - The best-in-class open-source identity and auth solution
- OpenTDF - The best-in-class Attribute-Based Access Control (ABAC) addendum to Keycloak
- Org - Handles needs of organizations using Arkavo forum - Events, Communications, Permissions
- Nginx-Proxy - Serves the other services as HTTPS
- AICouncil - Recommends improvements to this repo in real time
graph LR
%% Define components
Keycloak["Keycloak+DB"]
OpenTDF["OpenTDF+DB"]
OrgBackend["Org-Backend"]
ReactFrontend["React-Frontend"]
%% Connections with labels
OpenTDF -->|Authenticates with| Keycloak
OrgBackend -->|Authenticates with| Keycloak
ReactFrontend -->|Authenticates with| Keycloak
ReactFrontend -->|Interacts with| OpenTDF
ReactFrontend -->|Interacts with| OrgBackend
Tools are included to enforce OWASP best practices, run continuous AI-driven penetration testing, and provide implementation feedback on request. An AI Council engages in consistant dialogue about the "main" and "dev" branch and may make pull requests according to Robert's Rules of Order following in vivo testing.
ANTHROPIC_API_KEY=abc
GITLAB_URL=http://gitlab.localhost
GITLAB_REPOSITORY=def
OPENBAO_URL=http://gitlab.localhost:8020
OPENBAO_TOKEN=ghiollama install llama3.2
ollama install deepseek-coder-v2uv add langgraph langsmith langchain_anthropicuv add langchain_community duckduckgo-search langchain-ollama python-gitlab dockeruv add urllib3==1.26.5
uv add langgraph==0.2.50This guide helps you set up GitLab Community Edition using Docker Compose on Colima.
- Colima installed and running
- Docker and Docker Compose installed
- At least 4GB of RAM allocated to Colima
- At least 50GB of disk space
- Start Colima with sufficient resources:
colima start --cpu 4 --memory 8 --disk 50- Add GitLab hostname to your hosts file:
sudo echo "127.0.0.1 gitlab.localhost" >> /etc/hosts- Start GitLab:
docker-compose uprootpassword:
docker-compose exec gitlab grep 'Password:' /etc/gitlab/initial_root_password- Wait for GitLab to start (this may take a few minutes)
- Access GitLab at
http://gitlab.localhost - The first time you visit, you'll be asked to set a password for the root user
- Default username is
root
- Initial startup may take 5-10 minutes
- The first password you set will be for the root user
- SSH is available on port 2224
- HTTP is available on port 80
- HTTPS is available on port 443
Stop GitLab:
docker compose downBackup GitLab:
docker compose exec gitlab gitlab-backup createView logs:
docker compose logs -f gitlabMinimum recommended specifications for production use:
- CPU: 4 cores
- RAM: 8GB
- Storage: 50GB
If GitLab fails to start:
- Check logs:
docker compose logs -f gitlab - Ensure sufficient system resources
- Verify all ports are available
- Check file permissions in mounted volumes
For persistent permission issues:
sudo chown -R 998:998 gitlab/Graph
graph TD
%% Current System Structure
START((START))
haiku[haiku]
llama[llama]
deepseek[deepseek]
tools[tools]
gitlab[gitlab]
secrets[secrets]
END((END))
%% Styling
classDef default fill:#bbf,stroke:#333,stroke-width:1px;
classDef router fill:#f9f,stroke:#333,stroke-width:2px;
classDef eend fill:#f96,stroke:#333,stroke-width:2px;
classDef sstart fill:#9f9,stroke:#333,stroke-width:2px;
class START sstart;
class END eend;
class haiku,llama,deepseek,tools,gitlab,secrets default;