Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nicolas344/Sentinel-SoftServe/llms.txt

Use this file to discover all available pages before exploring further.

The docker-compose.yml at the root of the repository defines the entire Sentinel infrastructure. A single command boots all fourteen services — the FastAPI backend, the React frontend, the observability pipeline (Prometheus, Alertmanager, Loki, Promtail, Grafana), the AI layer (ChromaDB, LangFuse), and a demo PostgreSQL instance with its exporter — wired together on a shared Docker network.

Start the stack

docker compose up -d
Pass --build on the first run or after pulling new code to rebuild the backend and frontend images:
docker compose up -d --build

Services

The following services are started by docker compose up -d:
ServiceContainer nameDescription
backendsentinel-backendFastAPI + LangGraph agent engine
frontendsentinel-frontendReact + Vite dashboard
cadvisorsentinel-cadvisorDocker container metrics collector
prometheussentinel-prometheusMetrics storage and alert evaluation
alertmanagersentinel-alertmanagerRoutes Prometheus alerts to the backend webhook
lokisentinel-lokiLog aggregation storage
promtailsentinel-promtailLog collector — ships Docker logs to Loki
langfusesentinel-langfuseSelf-hosted LangFuse v2 agent observability UI
langfuse-dbsentinel-langfuse-dbPostgreSQL 15 backing store for LangFuse
postgres-demosentinel-postgres-demoDemo PostgreSQL instance for incident simulation
postgres-exportersentinel-postgres-exporterExports demo PostgreSQL metrics to Prometheus
podman-exportersentinel-podman-exporterExports Podman container metrics to Prometheus
chromadbsentinel-chromadbVector database for runbook RAG and episodic memory
grafanasentinel-grafanaMetrics and logs dashboards

Port mappings

Every service binds to localhost only. The table below lists the host port each service is reachable on:
ServiceHost portContainer portURL
backend80008000http://localhost:8000
frontend51735173http://localhost:5173
cadvisor80808080http://localhost:8080
prometheus90909090http://localhost:9090
alertmanager90939093http://localhost:9093
loki31003100http://localhost:3100
langfuse30013000http://localhost:3001
postgres-demo54335432postgresql://sentinel:sentinel123@localhost:5433/sentinel_demo
postgres-exporter91879187http://localhost:9187
podman-exporter98829882http://localhost:9882
chromadb80018000http://localhost:8001
grafana30003000http://localhost:3000 — credentials: admin / sentinel123
langfuse-db and promtail do not expose ports to the host — they are only accessible within the Docker network by their service names.

Volumes

Docker Compose creates named volumes to persist data between restarts:
VolumeServiceWhat it persists
prometheus_dataprometheusPrometheus TSDB (time-series metrics)
loki_datalokiLoki log chunks and indexes
grafana_datagrafanaGrafana dashboards, data sources, and settings
langfuse_datalangfuse-dbLangFuse PostgreSQL database
chroma_datachromadbChromaDB vector collections (runbooks + episodic memory)
backend_envbackendPython virtualenv — isolates it from the host to prevent WatchFiles storms
chroma_cachebackendONNX embedding model (~79 MB) — avoids re-downloading on every restart
postgres_demo_datapostgres-demoDemo PostgreSQL data directory
The backend service also bind-mounts ./Backend:/app (source hot-reload) and ${HOME}/.kube:/root/.kube:ro (Kubernetes config).

Special considerations

Docker socket (cAdvisor and backend)

Both cadvisor and backend mount the Docker socket:
volumes:
  - /var/run/docker.sock:/var/run/docker.sock:rw
This allows cAdvisor to collect per-container CPU and memory metrics, and allows the backend’s DockerAgent to inspect, restart, and interact with containers programmatically.
Mounting the Docker socket grants the container root-equivalent access to the Docker daemon. This is intentional for a local dev/demo environment but should be reviewed before deploying to a shared or production host.

Podman socket (Linux only)

The backend mounts the Podman rootless socket to enable the PodmanAgent:
volumes:
  - /run/user/1000/podman/podman.sock:/run/podman/podman.sock:rw
The podman-exporter service also requires this socket for Prometheus metrics.
The Podman socket at /run/user/1000/podman/podman.sock is only available on Linux hosts with Podman installed and the rootless socket activated (systemctl --user enable --now podman.socket). On macOS with Docker Desktop this path does not exist — Docker Compose will silently skip the bind mount and the Podman-specific features will be unavailable.If your Linux user has a UID other than 1000, update the volume path in docker-compose.yml and the PODMAN_HOST environment variable accordingly.

Kubernetes kubeconfig

The backend mounts your local ~/.kube directory read-only so the KubernetesAgent can reach the cluster configured in your kubeconfig:
volumes:
  - ${HOME}/.kube:/root/.kube:ro
The backend reads the config from /root/.kube/config inside the container (controlled by KUBECONFIG=/root/.kube/config).

Docker Desktop and the Kubernetes API server

When running Kubernetes through Docker Desktop, the API server listens on 127.0.0.1:6443 on the host — an address that is not reachable from inside Docker containers. To expose it to the backend, run a kubectl proxy on your LAN IP before starting the demo:
# Replace 192.168.x.x with your machine's LAN IP (ifconfig | grep "inet 192")
kubectl proxy --port=8555 --address=192.168.x.x --accept-hosts='.*' &
Then set K8S_PROXY_URL in docker-compose.yml (or Backend/.env) to the proxy URL:
K8S_PROXY_URL=http://192.168.x.x:8555
Leave K8S_PROXY_URL empty if your Kubernetes cluster is reachable directly from inside containers (e.g., a remote cluster or a Linux host running kind/minikube).

Useful commands

1

Stop the stack

Stops all containers without removing volumes or images:
docker compose down
To also remove named volumes (resets all persisted state):
docker compose down -v
2

View logs

Stream logs from a single service:
docker compose logs -f backend
Stream logs from all services at once:
docker compose logs -f
3

Restart a single service

docker compose restart backend
4

Rebuild after code changes

docker compose up -d --build backend frontend

Build docs developers (and LLMs) love