github/deer-flow
1
0
Fork 0
mirror of https://github.com/bytedance/deer-flow.git synced 2026-05-16 13:43:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,554 Commits 41 Branches 2 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
Willem Jiang
34e3f5c9d4 feat(sandbox): harden local file access and mask host paths 
- enforce local sandbox file tools to only accept /mnt/user-data paths
- add path traversal checks against thread workspace/uploads/outputs roots
- preserve requested virtual paths in tool error messages (no host path leaks)
- mask local absolute paths in bash output back to virtual sandbox paths
- update bash tool guidance to prefer thread-local venv + python -m pip
- add regression tests for path mapping, masking, and access restrictions

Fixes #968
 2026-03-05 22:07:45 +08:00
JeffJiang
d24a66ffd3
Refactor base paths with centralized path management (#901) 
* Initial plan

* refactor: centralize path management and improve memory storage configuration

* fix: update memory storage path in config.example.yaml for clarity

* Initial plan

* Address PR #901 review comments: security fixes and documentation improvements

Co-authored-by: foreleven <4785594+foreleven@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: foreleven <4785594+foreleven@users.noreply.github.com>
 2026-02-25 21:30:33 +08:00
JeffJiang
300e5a519a
Adds Kubernetes sandbox provisioner support (#35) 
* Adds Kubernetes sandbox provisioner support

* Improves Docker dev setup by standardizing host paths

Replaces hardcoded host paths with a configurable root directory,
making the development environment more portable and easier to use
across different machines. Automatically sets the root path if not
already defined, reducing manual setup steps.
 2026-02-12 11:02:09 +08:00
hetao
9bf3a12c30 feat: send custom event 2026-02-06 17:48:15 +08:00
hetaoBackend
adbb03fc26 fix: fix sandbox cp issue 2026-01-20 22:08:36 +08:00
DanielWalnut
1397f30f24 feat: implement lazy sandbox and thread data initialization (#11) 
Defer sandbox acquisition and thread directory creation until first use to improve performance and reduce resource usage.

Changes:
- Add lazy_init parameter to SandboxMiddleware (default: true)
- Add ensure_sandbox_initialized() helper for lazy sandbox acquisition
- Update all sandbox tools to use lazy initialization
- Add lazy_init parameter to ThreadDataMiddleware (default: true)
- Create thread directories on-demand in AioSandboxProvider
- LocalSandbox already creates directories on write (no changes needed)

Benefits:
- Saves 1-2s Docker container startup for conversations without tools
- Reduces unnecessary directory creation and file system operations
- Backward compatible with lazy_init=false option

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-18 13:38:34 +08:00
DanielWalnut
aa030410fc feat: fix todos (#9) 2026-01-17 23:23:12 +08:00
DanielWalnut
b44144dd2c feat: support function factory (#4) 2026-01-15 22:05:54 +08:00
DanielWalnut
a39f799a7e fix: fix local path for local sandbox (#3) 2026-01-15 14:37:00 +08:00
Henry Li
de2d18561a feat: integrated with sandbox 2026-01-14 12:32:34 +08:00
Henry Li
e5c69cb7ee docs: update tool docs 2026-01-14 09:12:03 +08:00
Henry Li
57a02acb59 feat: add sandbox and local impl 2026-01-14 07:19:34 +08:00