mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-07-10 00:18:36 +00:00
|
Some checks are pending
Backend Blocking IO / backend-blocking-io (push) Waiting to run
Unit Tests / backend-unit-tests (push) Waiting to run
E2E Tests / e2e-tests (push) Waiting to run
Frontend Unit Tests / frontend-unit-tests (push) Waiting to run
Lint Check / lint-backend (push) Waiting to run
Lint Check / lint-frontend (push) Waiting to run
Replay E2E (front-back contract) / Layer 1 — backend golden (no API key) (push) Waiting to run
Replay E2E (front-back contract) / Layer 2 — full-stack render (no API key) (push) Waiting to run
build_run_config() copied every top-level request key (except
configurable/context) verbatim into the LangGraph RunnableConfig, including
recursion_limit. The server default of 100 was fully overridable by the caller
with no upper bound, so a request like {"config": {"recursion_limit": 100000000}}
could make a single run execute effectively unbounded LangGraph super-steps
(each >= 1 LLM call), enabling runaway API cost / DoS.
Validate the client value server-side and clamp it into a safe range:
- valid positive ints are capped at a configurable ceiling
(AppConfig.max_recursion_limit, default 1000 to match the existing
frontend/public-skill default so legitimate deep runs are unaffected)
- invalid/non-positive/bool/None values fall back to the 100 server default
- applied on both the configurable and the LangGraph >= 0.6.0 context paths
- WARNING logged on clamp for observability
Add unit tests (including a configurable-ceiling case), expose
max_recursion_limit in config.example.yaml (config_version 16), and document
the ceiling/fallback in backend/docs/API.md.
Co-authored-by: DengY11 <DengY11@users.noreply.github.com>
|
||
|---|---|---|
| .. | ||
| API.md | ||
| APPLE_CONTAINER.md | ||
| ARCHITECTURE.md | ||
| AUTH_DESIGN.md | ||
| AUTH_TEST_DOCKER_GAP.md | ||
| AUTH_TEST_PLAN.md | ||
| AUTH_UPGRADE.md | ||
| AUTO_TITLE_GENERATION.md | ||
| BLOCKING_IO_DETECTION.md | ||
| CONFIGURATION.md | ||
| FILE_UPLOAD.md | ||
| GUARDRAILS.md | ||
| IM_CHANNEL_CONNECTIONS.md | ||
| MCP_SERVER.md | ||
| memory-settings-sample.json | ||
| MEMORY_IMPROVEMENTS.md | ||
| MEMORY_IMPROVEMENTS_SUMMARY.md | ||
| MEMORY_SETTINGS_REVIEW.md | ||
| middleware-execution-flow.md | ||
| PATH_EXAMPLES.md | ||
| plan_mode_usage.md | ||
| README.md | ||
| REPLAY_E2E.md | ||
| rfc-create-deerflow-agent.md | ||
| rfc-extract-shared-modules.md | ||
| rfc-grep-glob-tools.md | ||
| SANDBOX_MEMORY_PROFILING.md | ||
| SETUP.md | ||
| SSO.md | ||
| STREAMING.md | ||
| summarization.md | ||
| task_tool_improvements.md | ||
| TITLE_GENERATION_IMPLEMENTATION.md | ||
| TODO.md | ||
| TUI.md | ||
Documentation
This directory contains detailed documentation for the DeerFlow backend.
Quick Links
| Document | Description |
|---|---|
| ARCHITECTURE.md | System architecture overview |
| API.md | Complete API reference |
| AUTH_DESIGN.md | User authentication, CSRF, and per-user isolation design |
| CONFIGURATION.md | Configuration options |
| SETUP.md | Quick setup guide |
Feature Documentation
| Document | Description |
|---|---|
| STREAMING.md | Token-level streaming design: Gateway vs DeerFlowClient paths, stream_mode semantics, per-id dedup |
| FILE_UPLOAD.md | File upload functionality |
| PATH_EXAMPLES.md | Path types and usage examples |
| SANDBOX_MEMORY_PROFILING.md | Sandbox memory baseline and runtime comparison guide |
| summarization.md | Context summarization feature |
| plan_mode_usage.md | Plan mode with TodoList |
| AUTO_TITLE_GENERATION.md | Automatic title generation |
Development
| Document | Description |
|---|---|
| TODO.md | Planned features and known issues |
Getting Started
- New to DeerFlow? Start with SETUP.md for quick installation
- Configuring the system? See CONFIGURATION.md
- Understanding the architecture? Read ARCHITECTURE.md
- Building integrations? Check API.md for API reference
Document Organization
docs/
├── README.md # This file
├── ARCHITECTURE.md # System architecture
├── API.md # API reference
├── AUTH_DESIGN.md # User authentication and isolation design
├── CONFIGURATION.md # Configuration guide
├── SETUP.md # Setup instructions
├── FILE_UPLOAD.md # File upload feature
├── PATH_EXAMPLES.md # Path usage examples
├── summarization.md # Summarization feature
├── plan_mode_usage.md # Plan mode feature
├── STREAMING.md # Token-level streaming design
├── AUTO_TITLE_GENERATION.md # Title generation
├── TITLE_GENERATION_IMPLEMENTATION.md # Title implementation details
└── TODO.md # Roadmap and issues