Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Kevin2523/nextAuditAi/llms.txt

Use this file to discover all available pages before exploring further.

NextAudit AI’s persistence layer is built around three databases, each serving a distinct role. PostgreSQL handles AI embedding storage and Flowise metadata using the pgvector extension. MySQL provides the relational backend that FleetDM requires for host inventory and policy state. Redis delivers the fast in-memory caching and session storage that FleetDM depends on for live queries and distributed coordination.

PostgreSQL — AI embeddings and Flowise

PostgreSQL is a custom-built image that packages the pgvector extension alongside the standard PostgreSQL 14 runtime. The EMBEDDING_SIZE environment variable is passed into the container at startup and used to configure the vector column dimensions when the schema is initialized.

Image

In development, PostgreSQL is built from the local ./postgres context, which applies the custom pgvector installation and any initialization scripts:
postgres:
  build: ./postgres

Full service definition

postgres:
  container_name: postgres
  environment:
    POSTGRES_USER: ${POSTGRES_USER}
    POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    POSTGRES_DB: ${POSTGRES_DB}
    EMBEDDING_SIZE: ${EMBEDDING_SIZE}
  ports:
    - "${POSTGRES_PORT}:5432"
  volumes:
    - postgres_data:/var/lib/postgresql/data
  restart: unless-stopped
  healthcheck:
    test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB"]
    interval: 5s
    timeout: 5s
    retries: 10

Environment variables

VariableDescription
POSTGRES_USERSuperuser and application user created on first init
POSTGRES_PASSWORDPassword for POSTGRES_USER
POSTGRES_DBDefault database created on first init; used by both Flowise and pgvector
EMBEDDING_SIZEVector dimension for pgvector columns — must match the embedding model configured in Flowise

Health check

The pg_isready command checks that PostgreSQL is accepting connections on the default port for the configured user and database. Flowise waits for this check to pass before starting. 
healthcheck:
  test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB"]
  interval: 5s
  timeout: 5s
  retries: 10

Volume

volumes:
  - postgres_data:/var/lib/postgresql/data
All database files are persisted in postgres_data. This includes both Flowise application tables and the pgvector embedding tables.
EMBEDDING_SIZE is consumed during schema initialization on first startup. Changing it after the database has been created requires dropping and recreating the vector columns or re-initializing the volume.

MySQL — FleetDM backend

MySQL 8 is the relational backend for FleetDM. It stores all host records, enrolled agents, osquery packs, scheduled queries, policy definitions, results, and vulnerability findings. The linux/x86_64 platform pin ensures compatibility with the FleetDM image’s expected architecture.

Full service definition

mysql:
  image: mysql:8
  platform: linux/x86_64
  environment:
    - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    - MYSQL_DATABASE=${MYSQL_DATABASE}
    - MYSQL_USER=${MYSQL_USER}
    - MYSQL_PASSWORD=${MYSQL_PASSWORD}
  ports:
    - "3306:3306"
  volumes:
    - mysql:/var/lib/mysql
  cap_add:
    - SYS_NICE
  restart: unless-stopped
  healthcheck:
    test:
      [
        "CMD-SHELL",
        "mysqladmin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD --silent || exit 1",
      ]
    interval: 10s
    timeout: 5s
    retries: 12

Environment variables

VariableDescription
MYSQL_ROOT_PASSWORDRoot account password; required by the MySQL image
MYSQL_DATABASEDatabase created on first init; referenced by FLEET_MYSQL_DATABASE
MYSQL_USERApplication user created on first init
MYSQL_PASSWORDPassword for MYSQL_USER; used by FleetDM to connect

Health check

mysqladmin ping probes the MySQL server over TCP. Fleet waits for this check to succeed before running fleet prepare db. 
healthcheck:
  test:
    [
      "CMD-SHELL",
      "mysqladmin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD --silent || exit 1",
    ]
  interval: 10s
  timeout: 5s
  retries: 12
cap_add: SYS_NICE allows MySQL to use real-time scheduling priorities, which reduces latency jitter on busy hosts. This is standard practice for MySQL containers.

Volume

volumes:
  - mysql:/var/lib/mysql

Redis — FleetDM cache and sessions

Redis 6 provides in-memory storage for FleetDM’s distributed session management, live query fan-out, and inter-process state. Append-only file (AOF) persistence is enabled so the cache survives container restarts without full data loss.

Full service definition

redis:
  image: redis:6
  command: ["redis-server", "--appendonly", "yes"]
  ports:
    - "6379:6379"
  volumes:
    - redis:/data
  restart: unless-stopped
  healthcheck:
    test: ["CMD", "redis-cli", "ping"]
    interval: 10s
    timeout: 5s
    retries: 12

Append-only persistence

The --appendonly yes flag passed to redis-server enables AOF persistence. Every write operation is logged to the AOF file in the redis:/data volume before the acknowledgment is sent to the client, ensuring data survives an unclean shutdown.

Health check

redis-cli ping sends a PING command to the Redis server and expects a PONG response. Fleet waits for this check before starting. 
healthcheck:
  test: ["CMD", "redis-cli", "ping"]
  interval: 10s
  timeout: 5s
  retries: 12

Volume

volumes:
  - redis:/data

Summary

PostgreSQL

AI embeddings, Flowise metadata, and pgvector similarity search. Custom image with configurable EMBEDDING_SIZE. Used by Flowise.

MySQL

FleetDM application state: hosts, policies, queries, and vulnerability results. Standard mysql:8 image on linux/x86_64. Used by FleetDM.

Redis

In-memory cache for FleetDM sessions and live query coordination. AOF persistence enabled. Used by FleetDM.

Build docs developers (and LLMs) love

Get started for freeTalk to us