mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-07-10 00:18:36 +00:00
* feat(scripts): add redacted community support bundle generator Add `make support-bundle` (scripts/support_bundle.py) to help users file high-signal, privacy-safe GitHub issues for local setup/config/runtime problems. The command produces: - `*-issue-summary.md` to paste into the issue body - `*-issue-draft.md` scaffold for AI-assisted filing (REQUIRED placeholders, never invents repro/expected/summary facts) - an optional evidence zip under `.deer-flow/support-bundles/` containing a stable `triage.json` plus redacted environment/config/extensions/git/doctor evidence Privacy: secrets are redacted across config values, URL userinfo, query strings, CLI flags, custom headers, bearer/sk- tokens, and home paths. The bundle never includes `.env`, raw conversation messages, or user file contents; optional `--thread-id` adds file manifests only. `thread_id` input is validated against path traversal. Wire it into the Makefile, AGENTS.md, README/README_zh, CONTRIBUTING, and the bug-report issue template. Covered by backend/tests/test_support_bundle.py. * fix(scripts): redact MCP env values by default in support bundle Address PR #3886 review (willem-bd, P2): the key-name allowlist let literal secrets under non-standard env keys (e.g. SUPABASE_SERVICE_ROLE_KEY, R2_ACCESS_KEY, hardcoded AIza… keys) leak verbatim into the bundle that users are told is safe to share publicly. Mask all MCP `env` values by default, keeping only `$VAR`/`${VAR}` references visible, and broaden SECRET_KEY_RE (access_key, pwd, private_key). Add tests for non-keyword env secrets, broadened key names, and end-to-end zip redaction. |
||
|---|---|---|
| .. | ||
| wizard | ||
| _detector_cli.py | ||
| check.py | ||
| check.sh | ||
| cleanup-containers.sh | ||
| config-upgrade.sh | ||
| configure.py | ||
| deploy.sh | ||
| detect_blocking_io_static.py | ||
| detect_thread_boundaries.py | ||
| detect_uv_extras.py | ||
| docker.sh | ||
| doctor.py | ||
| export_claude_code_oauth.py | ||
| load_memory_sample.py | ||
| run-with-git-bash.cmd | ||
| sandbox_memory_profile.py | ||
| scan_changed_blocking_io.py | ||
| serve.sh | ||
| setup-sandbox.sh | ||
| setup_wizard.py | ||
| start-daemon.sh | ||
| support_bundle.py | ||
| sync_labels.py | ||
| tool-error-degradation-detection.sh | ||
| wait-for-port.sh | ||