This directory contains a lightweight, fully self-contained Retrieval-Augmented Generation (RAG) server designed to provide context from historical, finished SysReptor Penetration tests. It exposes an easy-to-use REST API so that other AI agents can query the dataset locally or across a network.
- Retrieval Only: It returns raw JSON chunks containing Executive Summaries, Technical Summaries, and Findings based on semantic vector similarity.
- Fast & Local: Powered by
ChromaDBand theall-MiniLM-L6-v2embedding model. It does not require any OpenAI/external API keys to run the database. - Scrubbed Data: All data inside the vector database has had customer names, IP addresses, domains, and heuristic passwords scrubbed.
To deploy this RAG server on another machine, follow these steps:
- Move files: Copy this entire directory (specifically
rag_server.py,ingest_data.py,scrubbed_rag_data.json, andrequirements-rag.txt) to the target server. - Setup agents to use this RAG Move the agent_workflows to the local machine running the agent, so the agent can have the proper system prompt to know how to use this rag server
- Setup virtual environment:
python3 -m venv venv source venv/bin/activate - Install Dependencies:
pip install -r requirements-rag.txt
- Ingest Data: Create the local vector database instance in the
./chroma_dbfolder:python3 ingest_data.py
- Run the Server: Start the FastAPI server. It is configured to listen on
0.0.0.0, meaning it will be accessible from any network interface on port8000:(Alternatively, usepython3 rag_server.py
nohup python3 rag_server.py &to run in the background)
If you are an AI assistant trying to use the knowledge inside this RAG server, you can interface with it using standard HTTP requests (e.g., curl or requests library in Python).
POST http://<server_ip>:8000/query
| Field | Type | Required | Description |
|---|---|---|---|
query |
string |
Yes | The natural language question you are trying to answer. |
num_results |
int |
No | Number of chunks to return (Default: 5). |
filter_type |
string |
No | Specifically scope results. Valid options: "finding", "executive_summary", "technical_summary". Defaults to returning everything combined. |
curl -X POST http://127.0.0.0:8000/query \
-H "Content-Type: application/json" \
-d '{
"query": "How do we write an executive summary regarding ransomware?",
"num_results": 3,
"filter_type": "executive_summary"
}'{
"results": [
{
"content": "The objective of the assessment was to identify vulnerabilities within...",
"metadata": {
"project_id": "70ba26e4-2b69-4142-bfc5-77be90335990",
"type": "executive_summary"
},
"distance": 0.42
}
]
}- If your initial query doesn't yield exactly what you want, try rephrasing the
querystring with different keywords. This uses Semantic Vector Search, so phrasing matters. - Always check the
typeinside themetadatato ensure you are referencing the correct part of a report (e.g. don't paste an executive summary snippet into a finding template!).