Skip to content

Installation

Prerequisites

Tool Version Notes
Go 1.25+ Build from source only
Docker + Compose v2+ Required for the analysis server (Neo4j + Postgres)
Node.js 18+ UI build only (skippable if using Docker or collector-only)

The collector (agenthound) has zero runtime dependencies -- single static binary, no DB clients, no outbound network calls except to scan targets. The server (agenthound-server) requires Neo4j 4.4+ and PostgreSQL 16+, both provided via Docker Compose.

Homebrew (macOS / Linux)

brew tap adithyan-ak/agenthound
brew install agenthound            # collector only
brew install agenthound-server     # analysis server

Both formulas are published by GoReleaser on every tagged release. Multi-arch (amd64 + arm64).

Docker

Pull pre-built images from GHCR:

docker pull ghcr.io/adithyan-ak/agenthound:latest
docker pull ghcr.io/adithyan-ak/agenthound-server:latest

Or bring up the full stack (server + Neo4j + Postgres) in one command:

git clone https://github.com/adithyan-ak/agenthound.git
cd agenthound
docker compose -f docker/docker-compose.yml up -d

The server binds 127.0.0.1:8080. Neo4j at bolt://localhost:7687, Postgres at localhost:5432.

Build from source

git clone https://github.com/adithyan-ak/agenthound.git
cd agenthound
make build

This produces two binaries:

  • bin/agenthound -- collector (~9 MiB stripped, no DB deps)
  • bin/agenthound-server -- server (includes embedded UI)

The build target runs build-collector (pure Go) then build-server (which first runs ui-build to compile the React SPA into server/internal/api/ui/dist/).

To build just the collector (no Node.js required):

make build-collector
# or directly:
go build -o bin/agenthound ./collector/cmd/agenthound

Via go install

go install github.com/adithyan-ak/agenthound/collector/cmd/agenthound@latest
go install github.com/adithyan-ak/agenthound/server/cmd/agenthound-server@latest

Verify

agenthound version
agenthound-server version

Both print version, commit hash, and build date. On a release build (GoReleaser), the version matches the git tag. On a dev build, it prints dev.

Release signatures

Every release artifact is signed with cosign (keyless, GitHub Actions OIDC). Verify:

cosign verify-blob \
    --bundle agenthound_<version>_checksums.txt.sigstore.json \
    --certificate-identity-regexp 'https://github.com/adithyan-ak/agenthound/.*' \
    --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
    agenthound_<version>_checksums.txt

The signature and Fulcio certificate are bundled into a single checksums.txt.sigstore.json (cosign v3 format).

SBOMs (SPDX JSON, generated by syft) ship alongside every archive.