The perfect companion for KiloCode โ A production-ready AI Gateway with native MCP Server, Ollama local inference, Docker management, and enterprise-grade security. Zero API costs. Full privacy. Runs entirely on your machine.
๐ Quick Start ยท ๐ KiloCode Integration ยท ๐ Docs ยท ๐๏ธ Architecture ยท ๐ Security
๐ช๐ธ Leer en Espaรฑol ยท ๐ GitHub Pages
PeanutAgent Enterprise is a full-stack AI Agent Management Platform that acts as a secure, intelligent gateway between your development tools and AI models. It bridges the gap between local LLMs and enterprise-grade tooling.
|
KiloCode discovers and uses your local Ollama models as native tools via the Model Context Protocol. 7 tools, 4 resources, 2 prompts โ all spec-compliant. Use PeanutAgent as a free, private AI backend for KiloCode. No API costs, no data leaving your machine. Supports qwen2.5, llama3.2, codellama, and any Ollama model. Manage containers directly from KiloCode via MCP tools. List, start, stop, inspect, and stream logs โ all from your IDE. |
JWT httpOnly cookies ยท TOTP 2FA (RFC 6238) ยท scrypt password hashing ยท AES-256-GCM encrypted secrets ยท Immutable SHA-256 audit chain. Next.js 15 dashboard with real-time metrics, agent management, Docker control, WebSocket terminal, and a dedicated KiloCode MCP integration page. OpenClaw Orchestrator implements Smooth Weighted Round-Robin (Nginx algorithm) across agents with health-based routing and per-agent metrics. |
New Enterprise Dashboard โ Redesigned with glassmorphism, neon effects, animated metrics, and a cyberpunk-inspired dark theme.
Dashboard Features:
- ๐ Dark glassmorphism design with backdrop blur effects
- โจ Animated stat cards with sparkline charts and live counters
- ๐ข Real-time status indicators with neon glow effects
- ๐ System metrics with animated progress bars
- โก Quick actions panel for instant navigation
- ๐ Platform overview with security status
- ๐ค Agent list with health monitoring and latency display
- ๐ณ Docker containers panel with live status
- ๐จ Cyber grid background with ambient glow effects
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PeanutAgent Enterprise v2.0.0 โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Next.js 15 Dashboard โ Fastify API Gateway โ
โ (Port 3000) โ (Port 3001) โ
โ โโโโโโโโโโโโโโโโโโโโโ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โข Auth (2FA TOTP) โ โข OpenClaw Orchestrator (SWRR) โ
โ โข Agent Management โ โข JWT Auth (httpOnly cookies) โ
โ โข Docker Management โ โข TOTP 2FA Verification โ
โ โข Audit Log Viewer โ โข Immutable Audit Chain (SHA-256) โ
โ โข WebSocket Terminal โ โข Adaptive Rate Limiting โ
โ โข KiloCode MCP Page โ โข Docker Management API โ
โ โข Settings โ โข Kilo Code Bridge (AES-256-GCM) โ
โ โ โข MCP Server (7 tools, 4 resources) โ
โ โ โข Health Monitoring (30s intervals) โ
โ โ โข WebSocket Terminal โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Data & Infrastructure โ
โ SQLite (WAL mode) โ Ollama LLM โ Docker Socket โ OpenTelemetry โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MCP Protocol (2024-11-05)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ KiloCode IDE โ
โ peanut_dispatch_agent ยท peanut_docker_* ยท peanut_list_agents โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
The gateway follows strict DDD principles with four layers:
| Layer | Path | Responsibility |
|---|---|---|
| Domain | src/domain/ |
Pure business entities (Agent, User, AuditEntry) with invariant enforcement |
| Application | src/application/ |
Use cases & services (AuthService, OpenClawService, DockerService, CryptoService) |
| Infrastructure | src/infrastructure/ |
SQLite repositories, Kilo client, MCP Server |
| Interface | src/interfaces/ |
Fastify HTTP routes, WebSocket terminal handler |
| Requirement | Version | Notes |
|---|---|---|
| Node.js | โฅ 20.0.0 |
LTS recommended |
| pnpm | โฅ 9.0.0 |
npm i -g pnpm |
| Docker | Any | Optional, for container management |
| Python | โฅ 3.10 |
Optional, for Python agent |
| Ollama | Latest | For local LLM inference |
# 1. Clone the repository
git clone https://github.com/your-org/peanut-agent.git
cd peanut-agent
# 2. Install all dependencies (monorepo)
pnpm install
# 3. Build shared types package
pnpm --filter @peanut/shared-types build
# 4. Configure environment
cp services/gateway/.env.example services/gateway/.env
# Generate secrets (required)
echo "JWT_SECRET=$(openssl rand -hex 32)"
echo "KILO_ENCRYPTION_KEY=$(openssl rand -hex 32)"
# โ Paste these values into services/gateway/.env
# 5. Start the API Gateway (port 3001)
pnpm --filter @peanut/gateway dev
# 6. Start the Dashboard (port 3000) โ in a new terminal
pnpm --filter @peanut/dashboard devOpen http://localhost:3000 and login with:
- Email:
admin@peanut.local - Password:
PeanutAdmin@2024!
# 1. Configure secrets
cp .env.example .env
# Edit .env: set JWT_SECRET and KILO_ENCRYPTION_KEY
# 2. Launch all services
docker compose up -d
# Services:
# Dashboard: http://localhost:3000
# Gateway: http://localhost:3001
# MCP Server: http://localhost:3001/mcp
# Ollama: http://localhost:11434ollama pull qwen2.5:7b # Recommended for coding tasks
ollama pull llama3.2:3b # Lightweight, fast responses
ollama pull codellama:7b # Code-specialized model
ollama pull nomic-embed-text # For RAG memory embeddingsConnect KiloCode to PeanutAgent in under 30 seconds.
PeanutAgent v2.0.0 ships a full MCP (Model Context Protocol) Server that KiloCode discovers natively. This gives you free, private AI inference directly inside your IDE.
Option A: Via KiloCode UI
- Open KiloCode in VS Code
- Click the MCP icon in the sidebar
- Add Server โ Enter URL:
http://localhost:3001/mcp
Option B: Edit config directly
Edit ~/.kilo/mcp_settings.json:
{
"mcpServers": {
"peanut-agent": {
"url": "http://localhost:3001/mcp",
"description": "PeanutAgent Enterprise โ Local AI Gateway"
}
}
}Option C: Via Dashboard
Open http://localhost:3000/dashboard/kilocode โ copy the pre-configured settings with one click.
// Discover available local models
peanut_list_agents({ onlineOnly: true })
// Run a coding task on local Ollama โ free, private, no API costs
peanut_dispatch_agent({
message: "Refactor this function to use async/await",
context: [{ role: "user", content: "Here is the code: ..." }]
})
// Manage Docker containers
peanut_docker_list({ all: false })
peanut_docker_control({ containerId: "my-api", action: "restart" })
peanut_docker_logs({ containerId: "my-api", tail: 50 }){
"name": "PeanutLocal",
"slug": "peanut-local",
"roleDefinition": "You are a local AI assistant powered by PeanutAgent and Ollama. Use peanut_dispatch_agent for all AI tasks โ completely free and private.",
"groups": ["read", "edit", "command"],
"customInstructions": "Always prefer local Ollama models via peanut_dispatch_agent. Use peanut_list_agents to discover available models. Prefer qwen2.5:7b for coding tasks."
}| Tool | Description | Auth Required |
|---|---|---|
peanut_dispatch_agent |
Send tasks to local Ollama agents โ free, private inference | โ |
peanut_list_agents |
Discover available local AI agents with health status | โ |
peanut_docker_list |
List Docker containers with status and metrics | โ |
peanut_docker_control |
Start, stop, or restart Docker containers | โ |
peanut_docker_logs |
Retrieve container logs for debugging | โ |
peanut_gateway_status |
Check PeanutAgent gateway health and version | โ |
peanut_kilo_complete |
Proxy completions through PeanutAgent to Kilo Code API | โ |
| Resource URI | Description |
|---|---|
peanut://agents |
All registered AI agents with health and metrics |
peanut://docker/containers |
Running Docker containers |
peanut://gateway/health |
Gateway health and status |
peanut://audit/recent |
Last 50 audit log entries |
| Scenario | Benefit |
|---|---|
| Local development | Use Ollama models (qwen2.5, llama3.2) โ zero API costs |
| Privacy-sensitive code | All inference stays on your machine โ no data leaks |
| Docker workflows | Manage containers directly from KiloCode |
| Hybrid setup | Route simple tasks to local, complex to cloud |
| Offline work | Full AI coding assistance without internet |
peanut-agent/
โโโ apps/
โ โโโ dashboard/ # Next.js 15 Admin Dashboard
โ โโโ src/app/
โ โ โโโ auth/login/ # Authentication page
โ โ โโโ dashboard/
โ โ โโโ kilocode/ # ๐ KiloCode MCP integration page
โ โ โโโ agents/ # Agent management
โ โ โโโ docker/ # Docker management
โ โ โโโ audit/ # Immutable audit log viewer
โ โ โโโ terminal/ # WebSocket terminal
โ โ โโโ settings/ # Platform settings
โ โโโ src/components/ # Reusable UI components (Radix UI)
โ โโโ src/lib/ # API client, auth utilities
โ
โโโ services/
โ โโโ gateway/ # Fastify API Gateway (TypeScript, DDD)
โ โโโ src/domain/ # Business entities (Agent, User, AuditEntry)
โ โโโ src/application/ # Services (Auth, OpenClaw, Docker, Crypto)
โ โโโ src/infrastructure/ # SQLite repos, Kilo client, MCP server
โ โโโ src/interfaces/ # HTTP routes, WebSocket handler
โ
โโโ packages/
โ โโโ shared-types/ # Shared TypeScript interfaces (incl. MCP types)
โ
โโโ docs/ # Documentation
โ โโโ ARCHITECTURE.md
โ โโโ KILOCODE_INTEGRATION.md
โ โโโ REFLECTION_MEMORY.md
โ โโโ SECURITY.md
โ โโโ TROUBLESHOOTING.md
โ โโโ WIZARD.md
โ
โโโ agent.py # Python AI agent core (local LLM)
โโโ tools.py # Secure tool executor (allowlist-based)
โโโ memory.py # RAG memory system (JSONL + embeddings)
โโโ reflection.py # Reflection loop (auto-correction)
โโโ gateway.py # Console gateway (multi-session)
โโโ web_ui.py # Web gateway (FastAPI + WebSocket)
โโโ docker-compose.yml # Production deployment
โโโ .github/workflows/ # CI/CD pipelines
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Login Flow โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ 1. POST /auth/login โ scrypt verify โ JWT issue โ
โ 2. POST /auth/totp/verify โ TOTP check โ session โ
โ 3. httpOnly + Secure + SameSite=Strict cookie โ
โ 4. 8-hour session expiry, revokable in SQLite โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Feature | Implementation |
|---|---|
| JWT Sessions | httpOnly, Secure, SameSite=Strict cookies ยท 8h expiry |
| TOTP 2FA | RFC 6238 via otplib ยท 10 single-use backup codes |
| Password Hashing | scrypt (N=2ยนโด, r=8, p=1) ยท 64-byte output ยท 32-byte random salt |
| Secret Encryption | AES-256-GCM ยท keys stored in env, never in DB |
| Security Headers | @fastify/helmet ยท HSTS, CSP, X-Frame-Options |
Every action is recorded in a cryptographic fingerprint chain:
Entry N: SHA-256(previousFingerprint + content) โ fingerprint
Entry N+1: SHA-256(fingerprint_N + content) โ fingerprint
Any modification to any entry breaks the chain โ tamper detection is automatic.
| Scope | Limit | Backoff |
|---|---|---|
| Login (per IP) | 10 req/min | Exponential up to 5 min |
| TOTP (per user) | 5 attempts/min | Exponential up to 10 min |
| API Dispatch (per user) | 60 req/min | Standard |
The OpenClaw service implements Smooth Weighted Round-Robin (Nginx algorithm) for intelligent load balancing:
Agents: [{name: A, weight: 5}, {name: B, weight: 3}, {name: C, weight: 2}]
Each request:
1. Increment currentWeight by agent.weight for all agents
2. Select agent with highest currentWeight
3. Subtract totalWeight from selected agent's currentWeight
Result: ~50% โ A, ~30% โ B, ~20% โ C (proportional to weights)
Features:
- Dynamic agent registration/deregistration at runtime
- Health-based routing โ unhealthy agents automatically excluded
- Per-agent metrics: latency, success rate, token usage
- Background health checks every 30 seconds
Authentication
POST /api/v1/auth/login Login (email + password)
POST /api/v1/auth/totp/verify Complete TOTP 2FA verification
POST /api/v1/auth/logout Invalidate session
GET /api/v1/auth/me Get current user profile
POST /api/v1/auth/totp/setup Enable 2FA (returns QR code)
POST /api/v1/auth/password Change password
Agent Management
GET /api/v1/agents List all agents with health status
POST /api/v1/agents Register new agent
PUT /api/v1/agents/:id Update agent configuration
DELETE /api/v1/agents/:id Remove agent
GET /api/v1/agents/:id/health Force health check
POST /api/v1/openclaw/dispatch Send request (auto load-balanced)
Docker Management
GET /api/v1/docker/containers List containers
POST /api/v1/docker/containers Deploy new container
POST /api/v1/docker/containers/:id/start Start container
POST /api/v1/docker/containers/:id/stop Stop container
DELETE /api/v1/docker/containers/:id Remove container
GET /api/v1/docker/containers/:id/metrics Real-time metrics
GET /api/v1/docker/containers/:id/logs Container logs
GET /api/v1/docker/images List local images
Kilo Code Bridge
GET /api/v1/kilo/status Connection status + usage stats
GET /api/v1/kilo/config Configuration (admin only)
PUT /api/v1/kilo/config Update config + API key (AES-256 encrypted)
POST /api/v1/kilo/complete Proxy completion request to Kilo Code API
GET /api/v1/kilo/usage Token usage statistics
MCP Server (v2.0.0)
GET /mcp MCP server discovery (capabilities, tools, resources)
POST /mcp JSON-RPC 2.0 endpoint (all MCP methods)
GET /mcp/events SSE endpoint for real-time updates
Supported JSON-RPC methods: initialize, tools/list, tools/call, resources/list, resources/read, prompts/list, prompts/get, ping
WebSocket Terminal
ws://localhost:3001/ws/terminal Authenticated real-time terminal
# Run all tests (monorepo)
pnpm test
# Gateway unit tests
pnpm --filter @peanut/gateway test
# Gateway with coverage report
pnpm --filter @peanut/gateway test:coverage
# Run specific test file (e.g., MCP server)
cd services/gateway && pnpm vitest run tests/unit/mcp.server.test.ts
# Dashboard tests
pnpm --filter @peanut/dashboard test
# Python agent tests
pytest tests/ -v
# Python with coverage
pytest tests/ -v --cov=. --cov-report=htmlCoverage requirements: 80% lines ยท functions ยท branches ยท statements
| Variable | Required | Default | Description |
|---|---|---|---|
JWT_SECRET |
โ | โ | JWT signing secret (min 32 chars) |
KILO_ENCRYPTION_KEY |
โ | โ | AES-256 key for secrets (64 hex chars) |
PORT |
โ | 3001 |
Gateway HTTP port |
CORS_ORIGIN |
โ | http://localhost:3000 |
Allowed CORS origins |
DATA_DIR |
โ | ./data |
SQLite database directory |
LOG_LEVEL |
โ | info |
Pino log level |
DEFAULT_ADMIN_PASSWORD |
โ | โ | Override initial admin password |
| Variable | Required | Default | Description |
|---|---|---|---|
NEXT_PUBLIC_API_URL |
โ | http://localhost:3001 |
Gateway HTTP URL |
NEXT_PUBLIC_WS_URL |
โ | ws://localhost:3001 |
Gateway WebSocket URL |
GATEWAY_URL |
โ | โ | Internal gateway URL for Next.js rewrites |
The original Python agent runs independently and provides a lightweight local AI interface:
# Interactive setup wizard
python wizard.py
# Console gateway (multi-session, Rich UI)
python gateway.py
# Web gateway (FastAPI + WebSocket)
python web_ui.py
# Open: http://127.0.0.1:18889/Python agent features:
- ๐ Reflection Loop โ Auto-correction with Pydantic schema validation (up to 3 retries)
- ๐ง RAG Memory โ JSONL append-only store with Ollama embeddings + cosine similarity
- ๐ก๏ธ Allowlist Security โ Shell commands restricted to safe read/diagnostic operations
- ๐ฎ Gamification โ Peanut counter system (
~/.peanut-agent/state.json)
| Layer | Technology | Version | Purpose |
|---|---|---|---|
| Backend | Fastify | 4.x | High-performance HTTP server |
| TypeScript | 5.7 | Type safety across the stack | |
| better-sqlite3 | 11.x | Embedded database (WAL mode) | |
| @fastify/jwt | 8.x | JWT authentication | |
| otplib | 12.x | TOTP 2FA (RFC 6238) | |
| Zod | 3.x | Runtime schema validation | |
| Frontend | Next.js | 15.1 | React framework (App Router) |
| React | 19.x | UI library | |
| Radix UI | Latest | Accessible component primitives | |
| Tailwind CSS | 3.x | Utility-first styling | |
| Recharts | 2.x | Real-time metrics charts | |
| AI/ML | Ollama | Latest | Local LLM inference |
| MCP Protocol | 2024-11-05 | KiloCode tool integration | |
| OpenTelemetry | 1.x | Distributed tracing | |
| Testing | Vitest | 3.x | TypeScript unit/integration tests |
| pytest | Latest | Python agent tests | |
| @testing-library/react | 16.x | Dashboard component tests |
Contributions are welcome! Please read CONTRIBUTING.md for:
- Development workflow and branch strategy
- Code style guidelines (ESLint + TypeScript strict mode)
- Test requirements (80% coverage threshold)
- PR review process
MIT โ see LICENSE for details.
Built with โค๏ธ for the KiloCode community
โญ Star on GitHub ยท ๐ Report Bug ยท ๐ก Request Feature
PeanutAgent Enterprise v2.0.0 ยท MIT License ยท Local-First AI


