2026-03-12 22:18:18 +08:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
#
|
|
|
|
|
# deploy.sh - Build and start (or stop) DeerFlow production services
|
|
|
|
|
#
|
|
|
|
|
# Usage:
|
|
|
|
|
# deploy.sh [up] — build images and start containers (default)
|
|
|
|
|
# deploy.sh down — stop and remove containers
|
|
|
|
|
#
|
|
|
|
|
# Must be run from the repo root directory.
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
CMD="${1:-up}"
|
|
|
|
|
|
|
|
|
|
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
|
|
|
cd "$REPO_ROOT"
|
|
|
|
|
|
|
|
|
|
DOCKER_DIR="$REPO_ROOT/docker"
|
|
|
|
|
COMPOSE_CMD=(docker compose -p deer-flow -f "$DOCKER_DIR/docker-compose.yaml")
|
|
|
|
|
|
|
|
|
|
# ── Colors ────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
GREEN='\033[0;32m'
|
|
|
|
|
BLUE='\033[0;34m'
|
|
|
|
|
YELLOW='\033[1;33m'
|
|
|
|
|
RED='\033[0;31m'
|
|
|
|
|
NC='\033[0m'
|
|
|
|
|
|
|
|
|
|
# ── DEER_FLOW_HOME ────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
if [ -z "$DEER_FLOW_HOME" ]; then
|
|
|
|
|
export DEER_FLOW_HOME="$REPO_ROOT/backend/.deer-flow"
|
|
|
|
|
fi
|
|
|
|
|
echo -e "${BLUE}DEER_FLOW_HOME=$DEER_FLOW_HOME${NC}"
|
|
|
|
|
mkdir -p "$DEER_FLOW_HOME"
|
|
|
|
|
|
|
|
|
|
# ── DEER_FLOW_REPO_ROOT (for skills host path in DooD) ───────────────────────
|
|
|
|
|
|
|
|
|
|
export DEER_FLOW_REPO_ROOT="$REPO_ROOT"
|
|
|
|
|
|
|
|
|
|
# ── config.yaml ───────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
if [ -z "$DEER_FLOW_CONFIG_PATH" ]; then
|
|
|
|
|
export DEER_FLOW_CONFIG_PATH="$REPO_ROOT/config.yaml"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$DEER_FLOW_CONFIG_PATH" ]; then
|
|
|
|
|
# Try to seed from repo (config.example.yaml is the canonical template)
|
|
|
|
|
if [ -f "$REPO_ROOT/config.example.yaml" ]; then
|
|
|
|
|
cp "$REPO_ROOT/config.example.yaml" "$DEER_FLOW_CONFIG_PATH"
|
|
|
|
|
echo -e "${GREEN}✓ Seeded config.example.yaml → $DEER_FLOW_CONFIG_PATH${NC}"
|
|
|
|
|
echo -e "${YELLOW}⚠ config.yaml was seeded from the example template.${NC}"
|
|
|
|
|
echo " Edit $DEER_FLOW_CONFIG_PATH and set your model API keys before use."
|
|
|
|
|
else
|
|
|
|
|
echo -e "${RED}✗ No config.yaml found.${NC}"
|
|
|
|
|
echo " Run 'make config' from the repo root to generate one,"
|
|
|
|
|
echo " then set the required model API keys."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo -e "${GREEN}✓ config.yaml: $DEER_FLOW_CONFIG_PATH${NC}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# ── extensions_config.json ───────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
if [ -z "$DEER_FLOW_EXTENSIONS_CONFIG_PATH" ]; then
|
|
|
|
|
export DEER_FLOW_EXTENSIONS_CONFIG_PATH="$REPO_ROOT/extensions_config.json"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$DEER_FLOW_EXTENSIONS_CONFIG_PATH" ]; then
|
|
|
|
|
if [ -f "$REPO_ROOT/extensions_config.json" ]; then
|
|
|
|
|
cp "$REPO_ROOT/extensions_config.json" "$DEER_FLOW_EXTENSIONS_CONFIG_PATH"
|
|
|
|
|
echo -e "${GREEN}✓ Seeded extensions_config.json → $DEER_FLOW_EXTENSIONS_CONFIG_PATH${NC}"
|
|
|
|
|
else
|
|
|
|
|
# Create a minimal empty config so the gateway doesn't fail on startup
|
|
|
|
|
echo '{"mcpServers":{},"skills":{}}' > "$DEER_FLOW_EXTENSIONS_CONFIG_PATH"
|
|
|
|
|
echo -e "${YELLOW}⚠ extensions_config.json not found, created empty config at $DEER_FLOW_EXTENSIONS_CONFIG_PATH${NC}"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo -e "${GREEN}✓ extensions_config.json: $DEER_FLOW_EXTENSIONS_CONFIG_PATH${NC}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ── BETTER_AUTH_SECRET ───────────────────────────────────────────────────────
|
|
|
|
|
# Required by Next.js in production. Generated once and persisted so auth
|
|
|
|
|
# sessions survive container restarts.
|
|
|
|
|
|
|
|
|
|
_secret_file="$DEER_FLOW_HOME/.better-auth-secret"
|
|
|
|
|
if [ -z "$BETTER_AUTH_SECRET" ]; then
|
|
|
|
|
if [ -f "$_secret_file" ]; then
|
|
|
|
|
export BETTER_AUTH_SECRET
|
|
|
|
|
BETTER_AUTH_SECRET="$(cat "$_secret_file")"
|
|
|
|
|
echo -e "${GREEN}✓ BETTER_AUTH_SECRET loaded from $_secret_file${NC}"
|
|
|
|
|
else
|
|
|
|
|
export BETTER_AUTH_SECRET
|
|
|
|
|
BETTER_AUTH_SECRET="$(python3 -c 'import secrets; print(secrets.token_hex(32))')"
|
|
|
|
|
echo "$BETTER_AUTH_SECRET" > "$_secret_file"
|
|
|
|
|
chmod 600 "$_secret_file"
|
|
|
|
|
echo -e "${GREEN}✓ BETTER_AUTH_SECRET generated → $_secret_file${NC}"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# ── detect_sandbox_mode ───────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
detect_sandbox_mode() {
|
|
|
|
|
local sandbox_use=""
|
|
|
|
|
local provisioner_url=""
|
|
|
|
|
|
|
|
|
|
[ -f "$DEER_FLOW_CONFIG_PATH" ] || { echo "local"; return; }
|
|
|
|
|
|
|
|
|
|
sandbox_use=$(awk '
|
|
|
|
|
/^[[:space:]]*sandbox:[[:space:]]*$/ { in_sandbox=1; next }
|
|
|
|
|
in_sandbox && /^[^[:space:]#]/ { in_sandbox=0 }
|
|
|
|
|
in_sandbox && /^[[:space:]]*use:[[:space:]]*/ {
|
|
|
|
|
line=$0; sub(/^[[:space:]]*use:[[:space:]]*/, "", line); print line; exit
|
|
|
|
|
}
|
|
|
|
|
' "$DEER_FLOW_CONFIG_PATH")
|
|
|
|
|
|
|
|
|
|
provisioner_url=$(awk '
|
|
|
|
|
/^[[:space:]]*sandbox:[[:space:]]*$/ { in_sandbox=1; next }
|
|
|
|
|
in_sandbox && /^[^[:space:]#]/ { in_sandbox=0 }
|
|
|
|
|
in_sandbox && /^[[:space:]]*provisioner_url:[[:space:]]*/ {
|
|
|
|
|
line=$0; sub(/^[[:space:]]*provisioner_url:[[:space:]]*/, "", line); print line; exit
|
|
|
|
|
}
|
|
|
|
|
' "$DEER_FLOW_CONFIG_PATH")
|
|
|
|
|
|
refactor: split backend into harness (deerflow.*) and app (app.*) (#1131)
* refactor: extract shared utils to break harness→app cross-layer imports
Move _validate_skill_frontmatter to src/skills/validation.py and
CONVERTIBLE_EXTENSIONS + convert_file_to_markdown to src/utils/file_conversion.py.
This eliminates the two reverse dependencies from client.py (harness layer)
into gateway/routers/ (app layer), preparing for the harness/app package split.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: split backend/src into harness (deerflow.*) and app (app.*)
Physically split the monolithic backend/src/ package into two layers:
- **Harness** (`packages/harness/deerflow/`): publishable agent framework
package with import prefix `deerflow.*`. Contains agents, sandbox, tools,
models, MCP, skills, config, and all core infrastructure.
- **App** (`app/`): unpublished application code with import prefix `app.*`.
Contains gateway (FastAPI REST API) and channels (IM integrations).
Key changes:
- Move 13 harness modules to packages/harness/deerflow/ via git mv
- Move gateway + channels to app/ via git mv
- Rename all imports: src.* → deerflow.* (harness) / app.* (app layer)
- Set up uv workspace with deerflow-harness as workspace member
- Update langgraph.json, config.example.yaml, all scripts, Docker files
- Add build-system (hatchling) to harness pyproject.toml
- Add PYTHONPATH=. to gateway startup commands for app.* resolution
- Update ruff.toml with known-first-party for import sorting
- Update all documentation to reflect new directory structure
Boundary rule enforced: harness code never imports from app.
All 429 tests pass. Lint clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add harness→app boundary check test and update docs
Add test_harness_boundary.py that scans all Python files in
packages/harness/deerflow/ and fails if any `from app.*` or
`import app.*` statement is found. This enforces the architectural
rule that the harness layer never depends on the app layer.
Update CLAUDE.md to document the harness/app split architecture,
import conventions, and the boundary enforcement test.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add config versioning with auto-upgrade on startup
When config.example.yaml schema changes, developers' local config.yaml
files can silently become outdated. This adds a config_version field and
auto-upgrade mechanism so breaking changes (like src.* → deerflow.*
renames) are applied automatically before services start.
- Add config_version: 1 to config.example.yaml
- Add startup version check warning in AppConfig.from_file()
- Add scripts/config-upgrade.sh with migration registry for value replacements
- Add `make config-upgrade` target
- Auto-run config-upgrade in serve.sh and start-daemon.sh before starting services
- Add config error hints in service failure messages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix comments
* fix: update src.* import in test_sandbox_tools_security to deerflow.*
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: handle empty config and search parent dirs for config.example.yaml
Address Copilot review comments on PR #1131:
- Guard against yaml.safe_load() returning None for empty config files
- Search parent directories for config.example.yaml instead of only
looking next to config.yaml, fixing detection in common setups
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: correct skills root path depth and config_version type coercion
- loader.py: fix get_skills_root_path() to use 5 parent levels (was 3)
after harness split, file lives at packages/harness/deerflow/skills/
so parent×3 resolved to backend/packages/harness/ instead of backend/
- app_config.py: coerce config_version to int() before comparison in
_check_config_version() to prevent TypeError when YAML stores value
as string (e.g. config_version: "1")
- tests: add regression tests for both fixes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: update test imports from src.* to deerflow.*/app.* after harness refactor
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 22:55:52 +08:00
|
|
|
if [[ "$sandbox_use" == *"deerflow.community.aio_sandbox:AioSandboxProvider"* ]]; then
|
2026-03-12 22:18:18 +08:00
|
|
|
if [ -n "$provisioner_url" ]; then
|
|
|
|
|
echo "provisioner"
|
|
|
|
|
else
|
|
|
|
|
echo "aio"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo "local"
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# ── down ──────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
if [ "$CMD" = "down" ]; then
|
|
|
|
|
# Set minimal env var defaults so docker compose can parse the file without
|
|
|
|
|
# warning about unset variables that appear in volume specs.
|
|
|
|
|
export DEER_FLOW_HOME="${DEER_FLOW_HOME:-$REPO_ROOT/backend/.deer-flow}"
|
|
|
|
|
export DEER_FLOW_CONFIG_PATH="${DEER_FLOW_CONFIG_PATH:-$DEER_FLOW_HOME/config.yaml}"
|
|
|
|
|
export DEER_FLOW_EXTENSIONS_CONFIG_PATH="${DEER_FLOW_EXTENSIONS_CONFIG_PATH:-$DEER_FLOW_HOME/extensions_config.json}"
|
|
|
|
|
export DEER_FLOW_DOCKER_SOCKET="${DEER_FLOW_DOCKER_SOCKET:-/var/run/docker.sock}"
|
|
|
|
|
export DEER_FLOW_REPO_ROOT="${DEER_FLOW_REPO_ROOT:-$REPO_ROOT}"
|
|
|
|
|
export BETTER_AUTH_SECRET="${BETTER_AUTH_SECRET:-placeholder}"
|
|
|
|
|
"${COMPOSE_CMD[@]}" down
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# ── Banner ────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo " DeerFlow Production Deployment"
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# ── Step 1: Detect sandbox mode ──────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
sandbox_mode="$(detect_sandbox_mode)"
|
|
|
|
|
echo -e "${BLUE}Sandbox mode: $sandbox_mode${NC}"
|
|
|
|
|
|
|
|
|
|
if [ "$sandbox_mode" = "provisioner" ]; then
|
|
|
|
|
services=""
|
|
|
|
|
extra_args="--profile provisioner"
|
|
|
|
|
else
|
|
|
|
|
services="frontend gateway langgraph nginx"
|
|
|
|
|
extra_args=""
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ── DEER_FLOW_DOCKER_SOCKET ───────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
if [ -z "$DEER_FLOW_DOCKER_SOCKET" ]; then
|
|
|
|
|
export DEER_FLOW_DOCKER_SOCKET="/var/run/docker.sock"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$sandbox_mode" != "local" ]; then
|
|
|
|
|
if [ ! -S "$DEER_FLOW_DOCKER_SOCKET" ]; then
|
|
|
|
|
echo -e "${RED}⚠ Docker socket not found at $DEER_FLOW_DOCKER_SOCKET${NC}"
|
|
|
|
|
echo " AioSandboxProvider (DooD) will not work."
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${GREEN}✓ Docker socket: $DEER_FLOW_DOCKER_SOCKET${NC}"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# ── Step 2: Build and start ───────────────────────────────────────────────────
|
|
|
|
|
|
|
|
|
|
echo "Building images and starting containers..."
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# shellcheck disable=SC2086
|
|
|
|
|
"${COMPOSE_CMD[@]}" $extra_args up --build -d --remove-orphans $services
|
|
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo " DeerFlow is running!"
|
|
|
|
|
echo "=========================================="
|
|
|
|
|
echo ""
|
|
|
|
|
echo " 🌐 Application: http://localhost:${PORT:-2026}"
|
|
|
|
|
echo " 📡 API Gateway: http://localhost:${PORT:-2026}/api/*"
|
|
|
|
|
echo " 🤖 LangGraph: http://localhost:${PORT:-2026}/api/langgraph/*"
|
|
|
|
|
echo ""
|
|
|
|
|
echo " Manage:"
|
|
|
|
|
echo " make down — stop and remove containers"
|
|
|
|
|
echo " make docker-logs — view logs"
|
|
|
|
|
echo ""
|