Skip to main content

What is Hill90?

Hill90 is a production-ready microservices platform hosted on a single VPS. It provides:
  • A REST API for managing AI agents, model access, and user profiles
  • Sandboxed agent containers with configurable tools and resource limits
  • Policy-gated LLM inference with bring-your-own-key (BYOK) model management
  • Persistent agent knowledge — memory that survives across sessions, with full-text search
  • A Model Context Protocol (MCP) gateway for tool-augmented AI
  • A Next.js frontend with Keycloak-backed authentication
  • Full observability via the LGTM stack (Loki, Grafana, Tempo, Prometheus)
All services run as Docker containers, orchestrated with Docker Compose, behind a Traefik reverse proxy that provides automatic HTTPS.

Technology Stack

LayerTechnologies
LanguagesTypeScript (Node.js), Python
FrameworksExpress, FastAPI, Next.js
IdentityKeycloak 26 (OIDC/OAuth2), Auth.js v5
InfrastructureDocker Engine, Docker Compose, Traefik
DataPostgreSQL, MinIO (S3-compatible)
SecretsOpenBao (vault), encrypted backup
ObservabilityPrometheus, Grafana, Loki, Tempo, OpenTelemetry
CI/CDGitHub Actions
DNSAutomated via Hostinger DNS API
CertificatesLet’s Encrypt (HTTP-01 + DNS-01)

Architecture at a Glance

Internet
   |
Traefik (reverse proxy, automatic HTTPS)
   |
   +-- API Service (Express, TypeScript)
   +-- MCP Gateway (FastAPI, Python)
   +-- Keycloak (Identity Provider)
   +-- UI (Next.js)
   |
Internal Network
   +-- AI Service / Model-Router (FastAPI, Python)
   +-- Knowledge Service / AKM (FastAPI, Python)
   +-- PostgreSQL
   +-- MinIO (S3 storage)
   +-- Observability Stack (Prometheus, Grafana, Loki, Tempo)
   |
Agent Network
   +-- Agentbox containers → AI Service, Knowledge Service
Traffic enters through Traefik, which handles TLS termination, routing, and load balancing. Public services use HTTP-01 certificates, while admin-only services use DNS-01 certificates and are restricted to the VPN network. The AI service and Knowledge service are internal-only — agent containers communicate with them on an isolated network.

Next Steps

Quickstart

Set up your environment and make your first API call.

Authentication

Understand how authentication and authorization work.