Documentation Index
Fetch the complete documentation index at: https://docs.hill90.com/llms.txt
Use this file to discover all available pages before exploring further.
Services
Hill90 is composed of application services, infrastructure services, and an observability stack.
Application Services
| Service | Language | URL | Description |
|---|
| API | TypeScript (Express) | api.hill90.com | REST API gateway — agent CRUD, model management, user profiles |
| AI (Model-Router) | Python (FastAPI) | Internal only | Policy-gated LLM inference gateway for agents |
| Knowledge (AKM) | Python (FastAPI) | Internal only | Persistent agent memory with hybrid search (FTS + pgvector) and shared knowledge library |
| MCP | Python (FastAPI) | ai.hill90.com/mcp | Model Context Protocol gateway (JWT-authenticated) |
| Agentbox | Python (Starlette/uvicorn) | Internal only | Sandboxed agent runtime containers |
| Keycloak | Java | auth.hill90.com | OIDC/OAuth2 identity provider |
| UI | TypeScript (Next.js) | hill90.com | Frontend application with Auth.js v5 session management |
API Service
The API service is the primary REST gateway and control plane. It handles:
- Agent lifecycle management (create, configure, start, stop, delete)
- Agent container operations (status, logs, config generation)
- Provider connections and user model management (BYOK)
- Model policy management and assignment
- Usage tracking queries
- Knowledge entry browsing and search (proxied from AKM)
- User profile and avatar management
- JWT validation via Keycloak
AI Service (Model-Router)
The AI service is an internal model-router gateway — it is not publicly accessible. Agent containers reach it on the internal network to perform LLM inference. It enforces model access policies (allowed models, rate limits, token budgets), resolves user-owned model configurations, and proxies requests to LLM providers. Supports chat completions (streaming and non-streaming) and embeddings.
Knowledge Service (AKM)
The Agent Knowledge Manager provides persistent memory for agent containers and hosts the shared knowledge library. Agents write knowledge entries (plans, decisions, journals, research notes) that survive across sessions.
Search uses a hybrid approach: PostgreSQL full-text search (tsvector/GIN) combined with pgvector semantic similarity. During ingestion, content is chunked and embedded using text-embedding-3-small (1536-dimensional vectors via LiteLLM). Queries run both FTS and vector similarity, then merge results with reciprocal rank fusion for better recall than either method alone.
Shared Knowledge Library lets users curate collections of documents (text/markdown and web pages) that agents can search during inference. Collections have owner-scoped or shared visibility. Web page ingestion includes SSRF protection (blocked private/loopback CIDRs, DNS pre-check, redirect validation).
The service also provides append-only journaling, intelligent context assembly with configurable token budgets, and aggregate quality metrics (zero-result rates, ingest health, source/corpus stats). Knowledge is scoped per agent — agents cannot read each other’s private entries, but can search shared collections. Users can browse and search their agents’ knowledge via the API service proxy.
Agentbox
Each agent runs in a sandboxed container with policy-gated functions:
- Shell — Command execution with binary allowlists and deny patterns
- Filesystem — File operations with path restrictions and read-only mode
- Identity — Agent personality (SOUL.md) and rules (RULES.md), loaded at startup
- Health — HTTP health endpoint for Docker healthcheck
Agentbox containers are network-isolated and can only communicate with the AI service (for inference) and Knowledge service (for memory). They cannot reach the public internet or other services.
MCP Service
The MCP (Model Context Protocol) gateway exposes tool-augmented AI capabilities at ai.hill90.com/mcp. All requests require Keycloak JWT authentication. This is the only publicly routed service on the ai.hill90.com hostname.
Keycloak
Keycloak provides centralized identity management:
- User registration and login
- OIDC/OAuth2 token issuance
- Role-based access control (user, admin)
- Account management
The Next.js frontend provides:
- Keycloak-backed authentication (via Auth.js v5)
- Agent management dashboard
- User profile and avatar management
Infrastructure Services
| Service | URL | Description |
|---|
| Traefik | traefik.hill90.com (VPN-only) | Reverse proxy, load balancer, automatic HTTPS |
| DNS Manager | Internal only | DNS-01 challenge webhook for Let’s Encrypt |
| Portainer | portainer.hill90.com (VPN-only) | Docker container management UI |
| PostgreSQL | Internal only | Relational database |
| MinIO | storage.hill90.com (VPN-only) | S3-compatible object storage |
| OpenBao | vault.hill90.com (VPN-only) | Secrets management (vault) |
| LiteLLM | litellm.hill90.com (VPN-only) | LLM proxy for provider API routing (internal to AI service); admin dashboard exposed via Tailscale |
LiteLLM
LiteLLM is a stateless LLM proxy that routes inference requests to provider APIs (OpenAI, Anthropic). The AI service (model-router) reaches LiteLLM on the internal Docker network at http://litellm:4000 — it is not publicly accessible for API traffic. The admin dashboard is exposed at litellm.hill90.com for operational visibility, restricted to the Tailscale network (VPN-only).
Observability Stack
| Service | Description |
|---|
| Prometheus | Metrics collection and alerting |
| Grafana | Dashboards and data exploration (grafana.hill90.com, VPN-only) |
| Loki | Log aggregation |
| Tempo | Distributed tracing |
| Promtail | Log collector (ships to Loki) |
| Node Exporter | Host-level metrics |
| cAdvisor | Container metrics |
| postgres-exporter | PostgreSQL metrics |
