[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-LearningCircuit--local-deep-research":3,"tool-LearningCircuit--local-deep-research":62},[4,18,26,36,46,54],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手,旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚,能够直接接入你日常使用的各类通讯渠道,包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息,OpenClaw 都能即时响应,甚至支持在 macOS、iOS 和 Android 设备上进行语音交互,并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地,用户无需依赖云端服务即可享受快速、私密的智能辅助,真正实现了“你的数据,你做主”。其独特的技术亮点在于强大的网关架构,将控制平面与核心助手分离,确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者,以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力(支持 macOS、Linux 及 Windows WSL2),即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",158594,2,"2026-04-16T23:34:05",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":42,"last_commit_at":43,"category_tags":44,"status":17},8272,"opencode","anomalyco\u002Fopencode","OpenCode 是一款开源的 AI 编程助手(Coding Agent),旨在像一位智能搭档一样融入您的开发流程。它不仅仅是一个代码补全插件,而是一个能够理解项目上下文、自主规划任务并执行复杂编码操作的智能体。无论是生成全新功能、重构现有代码,还是排查难以定位的 Bug,OpenCode 都能通过自然语言交互高效完成,显著减少开发者在重复性劳动和上下文切换上的时间消耗。\n\n这款工具专为软件开发者、工程师及技术研究人员设计,特别适合希望利用大模型能力来提升编码效率、加速原型开发或处理遗留代码维护的专业人群。其核心亮点在于完全开源的架构,这意味着用户可以审查代码逻辑、自定义行为策略,甚至私有化部署以保障数据安全,彻底打破了传统闭源 AI 助手的“黑盒”限制。\n\n在技术体验上,OpenCode 提供了灵活的终端界面(Terminal UI)和正在测试中的桌面应用程序,支持 macOS、Windows 及 Linux 全平台。它兼容多种包管理工具,安装便捷,并能无缝集成到现有的开发环境中。无论您是追求极致控制权的资深极客,还是渴望提升产出的独立开发者,OpenCode 都提供了一个透明、可信",144296,1,"2026-04-16T14:50:03",[13,45],"插件",{"id":47,"name":48,"github_repo":49,"description_zh":50,"stars":51,"difficulty_score":32,"last_commit_at":52,"category_tags":53,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":55,"name":56,"github_repo":57,"description_zh":58,"stars":59,"difficulty_score":32,"last_commit_at":60,"category_tags":61,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具,它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言,它提供了一条从输入提示词到获取模型响应的最短路径,无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点,让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用,还是执行复杂的 Git 操作,gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口,具备出色的逻辑推理能力;内置 Google 搜索、文件操作及 Shell 命令执行等实用工具;更独特的是,它支持 MCP(模型上下文协议),允许用户灵活扩展自定义集成,连接如图像生成等外部能力。此外,个人谷歌账号即可享受免费的额度支持,且项目基于 Apache 2.0 协议完全开源,是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[45,13,15,14],{"id":63,"github_repo":64,"name":65,"description_en":66,"description_zh":67,"ai_summary_zh":68,"readme_en":69,"readme_zh":70,"quickstart_zh":71,"use_case_zh":72,"hero_image_url":73,"owner_login":74,"owner_name":75,"owner_avatar_url":76,"owner_bio":75,"owner_company":75,"owner_location":75,"owner_email":75,"owner_twitter":75,"owner_website":75,"owner_url":77,"languages":78,"stars":106,"forks":107,"last_commit_at":108,"license":109,"difficulty_score":10,"env_os":110,"env_gpu":111,"env_ram":112,"env_deps":113,"category_tags":121,"github_topics":123,"view_count":32,"oss_zip_url":75,"oss_zip_packed_at":75,"status":17,"created_at":143,"updated_at":144,"faqs":145,"releases":146},8123,"LearningCircuit\u002Flocal-deep-research","local-deep-research","Local Deep Research achieves ~95% on SimpleQA benchmark (tested with GPT-4.1-mini). Supports local and cloud LLMs (Ollama, Google, Anthropic, ...). Searches 10+ sources - arXiv, PubMed, web, and your private documents. Everything Local & Encrypted.","local-deep-research 是一款由用户完全掌控的 AI 深度研究助手,旨在提供私密、透明且高效的信息检索体验。它不仅能像专业研究员一样自主规划搜索路径、整合多方信息并生成带引用的报告,更在 SimpleQA 基准测试中取得了约 95% 的高准确率。\n\n这款工具主要解决了传统在线 AI 服务存在的数据隐私泄露风险以及“黑盒”操作不透明的问题。通过支持本地化部署,所有数据处理和存储均在用户自己的设备上完成,并结合 SQLCipher 加密技术确保数据库安全,让用户真正拥有数据主权。同时,它打破了模型限制,既支持 Ollama 等本地大模型,也能灵活接入 Google、Anthropic 等云端服务。\n\nlocal-deep-research 非常适合注重隐私的研究人员、需要处理敏感文档的企业开发者,以及希望构建个人知识库的技术爱好者。其独特亮点在于强大的混合搜索能力:能同时检索 arXiv、PubMed 等专业学术库、公开互联网以及用户上传的私有文档,将分散的信息源整合为统一的可搜索知识网络。无论是进行严谨的学术调研,还是分析内部业务资料,它都能提供一个安全、可靠且可解释的智","local-deep-research 是一款由用户完全掌控的 AI 深度研究助手,旨在提供私密、透明且高效的信息检索体验。它不仅能像专业研究员一样自主规划搜索路径、整合多方信息并生成带引用的报告,更在 SimpleQA 基准测试中取得了约 95% 的高准确率。\n\n这款工具主要解决了传统在线 AI 服务存在的数据隐私泄露风险以及“黑盒”操作不透明的问题。通过支持本地化部署,所有数据处理和存储均在用户自己的设备上完成,并结合 SQLCipher 加密技术确保数据库安全,让用户真正拥有数据主权。同时,它打破了模型限制,既支持 Ollama 等本地大模型,也能灵活接入 Google、Anthropic 等云端服务。\n\nlocal-deep-research 非常适合注重隐私的研究人员、需要处理敏感文档的企业开发者,以及希望构建个人知识库的技术爱好者。其独特亮点在于强大的混合搜索能力:能同时检索 arXiv、PubMed 等专业学术库、公开互联网以及用户上传的私有文档,将分散的信息源整合为统一的可搜索知识网络。无论是进行严谨的学术调研,还是分析内部业务资料,它都能提供一个安全、可靠且可解释的智能研究环境。","# Local Deep Research\n\n\u003Cdiv align=\"center\">\n\n[![GitHub stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fstargazers)\n[![Docker Pulls](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Flocaldeepresearch\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Flocaldeepresearch\u002Flocal-deep-research)\n[![PyPI Downloads](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fdm\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fpypi.org\u002Fproject\u002Flocal-deep-research\u002F)\n\n[![Trendshift](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FLearningCircuit_local-deep-research_readme_bbada6ddd5d3.png)](https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F14116)\n\n[![Commits](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcommit-activity\u002Fm\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcommits\u002Fmain)\n[![Last Commit](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcommits\u002Fmain)\n\n[![SimpleQA Accuracy](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSimpleQA-~95%25_Accuracy-gold?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks)\n[![SQLCipher](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDatabase-SQLCipher_Encrypted-red?style=for-the-badge&logo=sqlite&logoColor=white)](docs\u002FSQLCIPHER_INSTALL.md)\n\n\u003C!-- Well-known security scanners that visitors will recognize -->\n[![OpenSSF Scorecard](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FLearningCircuit_local-deep-research_readme_8e349da30a07.png)](https:\u002F\u002Fsecurityscorecards.dev\u002Fviewer\u002F?uri=github.com\u002FLearningCircuit\u002Flocal-deep-research)\n[![CodeQL](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcodeql.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fsecurity\u002Fcode-scanning)\n[![Semgrep](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsemgrep.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsemgrep.yml)\n\n[![🔧 Pre-commit](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpre-commit.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpre-commit.yml)\n\n[![🐳 Docker Publish](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdocker-publish.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdocker-publish.yml)\n[![📦 PyPI Publish](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpublish.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpublish.yml)\n\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F1352043059562680370?style=for-the-badge&logo=discord)](https:\u002F\u002Fdiscord.gg\u002FttcqQeFcJ3)\n[![Reddit](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FReddit-r\u002FLocalDeepResearch-FF4500?style=for-the-badge&logo=reddit)](https:\u002F\u002Fwww.reddit.com\u002Fr\u002FLocalDeepResearch\u002F)\n[![YouTube](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FYouTube-Channel-red?style=for-the-badge&logo=youtube)](https:\u002F\u002Fwww.youtube.com\u002F@local-deep-research)\n\n\n**AI-powered research assistant for deep, agentic research**\n\n*Performs deep, agentic research using multiple LLMs and search engines with proper citations*\n\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pfxgLX-MxMY&t=1999\">\n ▶️ Watch Review by The Art Of The Terminal\n\u003C\u002Fa>\n\n\u003C\u002Fdiv>\n\n## 🚀 What is Local Deep Research?\n\nAI research assistant you control. Run locally for privacy, use any LLM and build your own searchable knowledge base. You own your data and see exactly how it works.\n\n## ⚡ Quick Start\n\n\n\n**Option 1: Docker Run (Linux)**\n```bash\n# Step 1: Pull and run Ollama\ndocker run -d -p 11434:11434 --name ollama ollama\u002Follama\ndocker exec ollama ollama pull gpt-oss:20b\n\n# Step 2: Pull and run SearXNG for optimal search results\ndocker run -d -p 8080:8080 --name searxng searxng\u002Fsearxng\n\n# Step 3: Pull and run Local Deep Research\ndocker run -d -p 5000:5000 --network host \\\n --name local-deep-research \\\n --volume \"deep-research:\u002Fdata\" \\\n -e LDR_DATA_DIR=\u002Fdata \\\n localdeepresearch\u002Flocal-deep-research\n```\n\n**Option 2: Docker Compose**\n\nCPU-only (all platforms):\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && docker compose up -d\n```\n\nWith NVIDIA GPU (Linux):\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && \\\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.gpu.override.yml && \\\ndocker compose -f docker-compose.yml -f docker-compose.gpu.override.yml up -d\n```\n\nOpen http:\u002F\u002Flocalhost:5000 after ~30 seconds. For GPU setup, environment variables, and more, see the [Docker Compose Guide](docs\u002Fdocker-compose-guide.md).\n\n**Option 3: pip install**\n```bash\npip install local-deep-research\n```\n> Works on Windows, macOS, and Linux. SQLCipher encryption is included via pre-built wheels — no compilation needed.\n> PDF export on Windows requires Pango ([setup guide](https:\u002F\u002Fdoc.courtbouillon.org\u002Fweasyprint\u002Fstable\u002Ffirst_steps.html)).\n> If you encounter issues with encryption, set `export LDR_BOOTSTRAP_ALLOW_UNENCRYPTED=true` to use standard SQLite instead.\n\n[More install options →](#-installation-options)\n\n## 🏗️ How It Works\n\n### Research\n\nYou ask a complex question. LDR:\n- Does the research for you automatically\n- Searches across web, academic papers, and your own documents\n- Synthesizes everything into a report with proper citations\n\nChoose from 20+ research strategies for quick facts, deep analysis, or academic research.\n\n**New: LangGraph Agent Strategy** — An autonomous agentic research mode where the LLM decides what to search, which specialized engines to use (arXiv, PubMed, Semantic Scholar, etc.), and when to synthesize. Early results are promising — it adaptively switches between search engines based on what it finds and collects significantly more sources than pipeline-based strategies. Select `langgraph-agent` in Settings to try it.\n\n### Build Your Knowledge Base\n\n```mermaid\nflowchart LR\n R[Research] --> D[Download Sources]\n D --> L[(Library)]\n L --> I[Index & Embed]\n I --> S[Search Your Docs]\n S -.-> R\n```\n\nEvery research session finds valuable sources. Download them directly into your encrypted library—academic papers from ArXiv, PubMed articles, web pages. LDR extracts text, indexes everything, and makes it searchable. Next time you research, ask questions across your own documents and the live web together. Your knowledge compounds over time.\n\n## 🛡️ Security\n\n\u003Cdiv align=\"center\">\n\n\u003C!-- Static Analysis (additional scanners beyond CodeQL\u002FSemgrep) -->\n[![DevSkim](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdevskim.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdevskim.yml)\n[![Bearer](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fbearer.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fbearer.yml)\n\n\u003C!-- Dependency & Secrets Scanning -->\n[![Gitleaks](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fgitleaks-main.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fgitleaks-main.yml)\n[![OSV-Scanner](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fosv-scanner.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fosv-scanner.yml)\n[![npm-audit](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fnpm-audit.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fnpm-audit.yml)\n[![Retire.js](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fretirejs.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fretirejs.yml)\n\n\u003C!-- Container Security -->\n[![Container Security](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcontainer-security.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcontainer-security.yml)\n[![Dockle](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdockle.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdockle.yml)\n[![Hadolint](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fhadolint.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fhadolint.yml)\n[![Checkov](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcheckov.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcheckov.yml)\n\n\u003C!-- Workflow & Runtime Security -->\n[![Zizmor](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fzizmor-security.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fzizmor-security.yml)\n[![OWASP ZAP](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fowasp-zap-scan.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fowasp-zap-scan.yml)\n[![Security Tests](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsecurity-tests.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsecurity-tests.yml)\n\n\u003C\u002Fdiv>\n\n```mermaid\nflowchart LR\n U1[User A] --> D1[(Encrypted DB)]\n U2[User B] --> D2[(Encrypted DB)]\n```\n\nYour data stays yours. Each user gets their own isolated SQLCipher database encrypted with AES-256 (Signal-level security). No password recovery means true zero-knowledge—even server admins can't read your data. Run fully local with Ollama + SearXNG and nothing ever leaves your machine.\n\n**In-memory credentials**: Like all applications that use secrets at runtime — including [password managers](https:\u002F\u002Fwww.ise.io\u002Fcasestudies\u002Fpassword-manager-hacking\u002F), browsers, and API clients — credentials are held in plain text in process memory during active sessions. This is an [industry-wide accepted reality](https:\u002F\u002Fcheatsheetseries.owasp.org\u002Fcheatsheets\u002FSecrets_Management_Cheat_Sheet.html), not specific to LDR: if an attacker can read process memory, they can also read any in-process decryption key. We mitigate this with session-scoped credential lifetimes and core dump exclusion. Ideas for further improvements are always welcome via [GitHub Issues](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues). See our [Security Policy](SECURITY.md) for details.\n\n**Supply Chain Security**: Docker images are signed with [Cosign](https:\u002F\u002Fgithub.com\u002Fsigstore\u002Fcosign), include SLSA provenance attestations, and attach SBOMs. Verify with:\n```bash\ncosign verify localdeepresearch\u002Flocal-deep-research:latest\n```\n\n**Security Transparency**: Scanner suppressions are documented with justifications in [Security Alerts Assessment](.github\u002FSECURITY_ALERTS.md), [Scorecard Compliance](.github\u002FSECURITY_SCORECARD.md), [Container CVE Suppressions](.trivyignore), and [SAST Rule Rationale](bearer.yml). Some alerts (Dependabot, code scanning) can only be dismissed or are very difficult to suppress outside the [GitHub Security tab](https:\u002F\u002Fdocs.github.com\u002Fen\u002Fcode-security\u002Fdependabot\u002Fdependabot-alerts\u002Fviewing-and-updating-dependabot-alerts), so the files above do not cover every dismissed finding.\n\n[Detailed Architecture →](docs\u002Farchitecture.md) | [Security Policy →](SECURITY.md) | [Security Review Process →](docs\u002FSECURITY_REVIEW_PROCESS.md)\n\n### 🔒 Privacy & Data\n\nLocal Deep Research contains **no telemetry, no analytics, and no tracking**. We do not collect, transmit, or store any data about you or your usage. No analytics SDKs, no phone-home calls, no crash reporting, no external scripts. Usage metrics stay in your local encrypted database.\n\nThe only network calls LDR makes are ones **you** initiate: search queries (to engines you configure), LLM API calls (to your chosen provider), and notifications (only if you set up Apprise).\n\nSince we don't collect any usage data, we rely on you to tell us what works, what's broken, and what you'd like to see next — [bug reports](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues), feature ideas, and even which features you love or never use all help us improve LDR.\n\n## 📊 Performance\n\n**~95% accuracy on SimpleQA benchmark** (preliminary results)\n- Tested with GPT-4.1-mini + SearXNG + focused-iteration strategy\n- Comparable to state-of-the-art AI research systems\n- Local models can achieve similar performance with proper configuration\n- [Community benchmarks & leaderboard →](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks) | [Browse on Hugging Face →](https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002Flocal-deep-research\u002Fldr-benchmarks)\n\n## ✨ Key Features\n\n### 🔍 Research Modes\n- **Quick Summary** - Get answers in 30 seconds to 3 minutes with citations\n- **Detailed Research** - Comprehensive analysis with structured findings\n- **Report Generation** - Professional reports with sections and table of contents\n- **Document Analysis** - Search your private documents with AI\n\n### 🛠️ Advanced Capabilities\n- **[LangChain Integration](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)** - Use any vector store as a search engine\n- **[REST API](docs\u002Fapi-quickstart.md)** - Authenticated HTTP access with per-user databases\n- **[Benchmarking](docs\u002FBENCHMARKING.md)** - Test and optimize your configuration\n- **[Analytics Dashboard](docs\u002Fanalytics-dashboard.md)** - Track costs, performance, and usage metrics\n- **Real-time Updates** - WebSocket support for live research progress\n- **Export Options** - Download results as PDF or Markdown\n- **Research History** - Save, search, and revisit past research\n- **Adaptive Rate Limiting** - Intelligent retry system that learns optimal wait times\n- **Keyboard Shortcuts** - Navigate efficiently (ESC, Ctrl+Shift+1-5)\n- **Per-User Encrypted Databases** - Secure, isolated data storage for each user\n\n### 📰 News & Research Subscriptions\n- **Automated Research Digests** - Subscribe to topics and receive AI-powered research summaries\n- **Customizable Frequency** - Daily, weekly, or custom schedules for research updates\n- **Smart Filtering** - AI filters and summarizes only the most relevant developments\n- **Multi-format Delivery** - Get updates as markdown reports or structured summaries\n- **Topic & Query Support** - Track specific searches or broad research areas\n\n### 🌐 Search Sources\n\n#### Free Search Engines\n- **Academic**: arXiv, PubMed, Semantic Scholar\n- **General**: Wikipedia, SearXNG\n- **Technical**: GitHub, Elasticsearch\n- **Historical**: Wayback Machine\n- **News**: The Guardian, Wikinews\n\n#### Premium Search Engines\n- **Tavily** - AI-powered search\n- **Google** - Via SerpAPI or Programmable Search Engine\n- **Brave Search** - Privacy-focused web search\n\n#### Custom Sources\n- **Local Documents** - Search your files with AI\n- **LangChain Retrievers** - Any vector store or database\n- **Meta Search** - Combine multiple engines intelligently\n\nLDR respects `robots.txt` and identifies itself honestly when fetching web pages — no stealth or anti-detection techniques. In rare cases this means a page that blocks automated access won't be fetched, which we consider the right trade-off.\n\n[Full Search Engines Guide →](docs\u002Fsearch-engines.md)\n\n## 📦 Installation Options\n\nFor most users, the [Quick Start](#-quick-start) above is all you need.\n\n| Method | Best for | Guide |\n|--------|----------|-------|\n| Docker Compose | Most users (recommended) | [Docker Compose Guide](docs\u002Fdocker-compose-guide.md) |\n| Docker | Minimal setup | [Installation Guide](docs\u002Finstallation.md#docker) |\n| pip | Developers, Python integration | [pip Guide](docs\u002Finstall-pip.md) |\n| Unraid | Unraid servers | [Unraid Guide](docs\u002Fdeployment\u002Funraid.md) |\n\n[All installation options →](docs\u002Finstallation.md)\n\n## 💻 Usage Examples\n\n### Python API\n```python\nfrom local_deep_research.api import LDRClient, quick_query\n\n# Option 1: Simplest - one line research\nsummary = quick_query(\"username\", \"password\", \"What is quantum computing?\")\nprint(summary)\n\n# Option 2: Client for multiple operations\nclient = LDRClient()\nclient.login(\"username\", \"password\")\nresult = client.quick_research(\"What are the latest advances in quantum computing?\")\nprint(result[\"summary\"])\n```\n\n### HTTP API\n\n*The code example below shows the basic API structure - for working examples, see the link below*\n\n```python\nimport requests\nfrom bs4 import BeautifulSoup\n\n# Create session and authenticate\nsession = requests.Session()\nlogin_page = session.get(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Flogin\")\nsoup = BeautifulSoup(login_page.text, \"html.parser\")\nlogin_csrf = soup.find(\"input\", {\"name\": \"csrf_token\"}).get(\"value\")\n\n# Login and get API CSRF token\nsession.post(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Flogin\",\n data={\"username\": \"user\", \"password\": \"pass\", \"csrf_token\": login_csrf})\ncsrf = session.get(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Fcsrf-token\").json()[\"csrf_token\"]\n\n# Make API request\nresponse = session.post(\"http:\u002F\u002Flocalhost:5000\u002Fapi\u002Fstart_research\",\n json={\"query\": \"Your research question\"},\n headers={\"X-CSRF-Token\": csrf})\n```\n\n🚀 **[Ready-to-use HTTP API Examples → examples\u002Fapi_usage\u002Fhttp\u002F](examples\u002Fapi_usage\u002Fhttp\u002F)**\n- ✅ **Automatic user creation** - works out of the box\n- ✅ **Complete authentication** with CSRF handling\n- ✅ **Result retry logic** - waits until research completes\n- ✅ **Progress monitoring** and error handling\n\n### Command Line Tools\n\n```bash\n# Run benchmarks from CLI\npython -m local_deep_research.benchmarks --dataset simpleqa --examples 50\n\n# Manage rate limiting\npython -m local_deep_research.web_search_engines.rate_limiting status\npython -m local_deep_research.web_search_engines.rate_limiting reset\n```\n\n## 🔗 Enterprise Integration\n\nConnect LDR to your existing knowledge base:\n\n```python\nfrom local_deep_research.api import quick_summary\n\n# Use your existing LangChain retriever\nresult = quick_summary(\n query=\"What are our deployment procedures?\",\n retrievers={\"company_kb\": your_retriever},\n search_tool=\"company_kb\"\n)\n```\n\nWorks with: FAISS, Chroma, Pinecone, Weaviate, Elasticsearch, and any LangChain-compatible retriever.\n\n[Integration Guide →](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)\n\n## 🔌 MCP Server (Claude Integration)\n\nLDR provides an MCP (Model Context Protocol) server that allows AI assistants like Claude Desktop and Claude Code to perform deep research.\n\n> ⚠️ **Security Note**: This MCP server is designed for **local use only** via STDIO transport (e.g., Claude Desktop). It has no built-in authentication or rate limiting. Do not expose over a network without implementing proper security controls. See the [MCP Security Guide](https:\u002F\u002Fmodelcontextprotocol.io\u002Fdocs\u002Fconcepts\u002Fsecurity) for network deployment requirements.\n\n### Installation\n\n```bash\n# Install with MCP extras\npip install \"local-deep-research[mcp]\"\n```\n\n### Claude Desktop Configuration\n\nAdd to your `claude_desktop_config.json`:\n\n```json\n{\n \"mcpServers\": {\n \"local-deep-research\": {\n \"command\": \"ldr-mcp\",\n \"env\": {\n \"LDR_LLM_PROVIDER\": \"openai\",\n \"LDR_LLM_OPENAI_API_KEY\": \"sk-...\"\n }\n }\n }\n}\n```\n\n### Claude Code Configuration\n\nAdd to your `.mcp.json` (project-level) or `~\u002F.claude\u002Fmcp.json` (global):\n\n```json\n{\n \"mcpServers\": {\n \"local-deep-research\": {\n \"command\": \"ldr-mcp\",\n \"env\": {\n \"LDR_LLM_PROVIDER\": \"ollama\",\n \"LDR_LLM_OLLAMA_URL\": \"http:\u002F\u002Flocalhost:11434\"\n }\n }\n }\n}\n```\n\n### Available Tools\n\n| Tool | Description | Duration | LLM Cost |\n|------|-------------|----------|----------|\n| `search` | Raw results from a specific engine (arxiv, pubmed, wikipedia, ...) | 5-30s | None |\n| `quick_research` | Fast research summary | 1-5 min | Yes |\n| `detailed_research` | Comprehensive analysis | 5-15 min | Yes |\n| `generate_report` | Full markdown report | 10-30 min | Yes |\n| `analyze_documents` | Search local collections | 30s-2 min | Yes |\n| `list_search_engines` | List available search engines | instant | None |\n| `list_strategies` | List research strategies | instant | None |\n| `get_configuration` | Get current config | instant | None |\n\n### Individual Search Engines\n\nThe `search` tool lets you query specific search engines directly and get raw results (title, link, snippet) — no LLM processing, no cost, fast. This is especially useful for **monitoring and subscriptions** where you want to check for new content regularly without burning LLM tokens.\n\n```\n# Search arXiv for recent papers\nsearch(query=\"transformer architecture improvements\", engine=\"arxiv\")\n\n# Search PubMed for medical literature\nsearch(query=\"CRISPR clinical trials 2024\", engine=\"pubmed\")\n\n# Search Wikipedia for quick facts\nsearch(query=\"quantum error correction\", engine=\"wikipedia\")\n\n# Search OpenClaw for legal case law\nsearch(query=\"copyright fair use precedents\", engine=\"openclaw\")\n\n# Use list_search_engines() to see all available engines\n```\n\n### Example Usage\n\n```\n\"Use quick_research to find information about quantum computing applications\"\n\"Search arxiv for recent papers on diffusion models\"\n\"Generate a detailed research report on renewable energy trends\"\n```\n\n## 📊 Performance & Analytics\n\n### Benchmark Results\nEarly experiments on small SimpleQA dataset samples:\n\n| Configuration | Accuracy | Notes |\n|--------------|----------|--------|\n| gpt-4.1-mini + SearXNG + focused_iteration | 90-95% | Limited sample size |\n| gpt-4.1-mini + Tavily + focused_iteration | 90-95% | Limited sample size |\n| gemini-2.0-flash-001 + SearXNG | 82% | Single test run |\n\nNote: These are preliminary results from initial testing. Performance varies significantly based on query types, model versions, and configurations. [Run your own benchmarks →](docs\u002FBENCHMARKING.md)\n\n**Full community leaderboard:** The community maintains a growing collection of benchmark results across models, strategies, and search engines in a dedicated repo with CI-validated submissions and auto-generated leaderboards:\n\n- **[GitHub: LearningCircuit\u002Fldr-benchmarks](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks)** — submit your results here\n- **[Hugging Face: local-deep-research\u002Fldr-benchmarks](https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002Flocal-deep-research\u002Fldr-benchmarks)** — browse leaderboards and download CSVs\n\n### Benchmark Contributors\n\nThanks to the community members who have contributed benchmark runs:\n\n\u003C!-- BENCHMARK_CONTRIBUTORS:START -->\n\u003C!-- BENCHMARK_CONTRIBUTORS:END -->\n\n[See all contributors →](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks\u002Fblob\u002Fmain\u002FCONTRIBUTORS.md)\n\n### Built-in Analytics Dashboard\nTrack costs, performance, and usage with detailed metrics. [Learn more →](docs\u002Fanalytics-dashboard.md)\n\n## 🤖 Supported LLMs\n\n### Local Models (via Ollama)\n- Llama 3, Mistral, Gemma, DeepSeek\n- LLM processing stays local (search queries still go to web)\n- No API costs\n\n### Cloud Models\n- OpenAI (GPT-4, GPT-3.5)\n- Anthropic (Claude 3)\n- Google (Gemini)\n- 100+ models via OpenRouter\n\n[Model Setup →](docs\u002Fenv_configuration.md)\n\n## 📚 Documentation\n\n### Getting Started\n- [Installation Guide](docs\u002Finstallation.md)\n- [Frequently Asked Questions](docs\u002Ffaq.md)\n- [API Quickstart](docs\u002Fapi-quickstart.md)\n- [Configuration Guide](docs\u002Fenv_configuration.md)\n- [Full Configuration Reference](docs\u002FCONFIGURATION.md)\n\n### Core Features\n- [All Features Guide](docs\u002Ffeatures.md)\n- [Search Engines Guide](docs\u002Fsearch-engines.md)\n- [Analytics Dashboard](docs\u002Fanalytics-dashboard.md)\n\n### Advanced Features\n- [LangChain Integration](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)\n- [Benchmarking System](docs\u002FBENCHMARKING.md)\n- [Elasticsearch Setup](docs\u002Felasticsearch_search_engine.md)\n- [SearXNG Setup](docs\u002FSearXNG-Setup.md)\n\n### Development\n- [Docker Compose Guide](docs\u002Fdocker-compose-guide.md)\n- [Development Guide](docs\u002Fdeveloping.md)\n- [Security Guide](docs\u002Fsecurity\u002FCODEQL_GUIDE.md)\n- [Release Guide](docs\u002FRELEASE_GUIDE.md)\n\n### Examples & Tutorials\n- [API Examples](examples\u002Fapi_usage\u002F)\n- [Benchmark Examples](examples\u002Fbenchmarks\u002F)\n- [Optimization Examples](examples\u002Foptimization\u002F)\n\n## 📰 Featured In\n\n> \"Local Deep Research **deserves special mention** for those who prioritize privacy... **tuned to use open-source LLMs** that can run on consumer GPUs or even CPUs. Journalists, researchers, or companies with sensitive topics can investigate information **without queries ever hitting an external server**.\"\n>\n> — [Medium: Open-Source Deep Research AI Assistants](https:\u002F\u002Fmedium.com\u002F@leucopsis\u002Fopen-source-deep-research-ai-assistants-157462a59c14)\n\n### News & Articles\n- [Korben.info](https:\u002F\u002Fkorben.info\u002Flocal-deep-research-alternative-gratuite-recherche-ia-sourcee.html) - French tech blog (\"Sherlock Holmes numérique\")\n- [Roboto.fr](https:\u002F\u002Fwww.roboto.fr\u002Fblog\u002Flocal-deep-research-l-alternative-open-source-gratuite-deep-research-d-openai) - \"L'alternative open-source gratuite à Deep Research d'OpenAI\"\n- [KDJingPai AI Tools](https:\u002F\u002Fwww.kdjingpai.com\u002Fen\u002Flocal-deep-research\u002F) - AI productivity tools coverage\n- [AI Sharing Circle](https:\u002F\u002Faisharenet.com\u002Fen\u002Flocal-deep-research\u002F) - AI resources coverage\n\n### Community Discussions\n- [Hacker News](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=43330164) - 190+ points, community discussion\n- [LangChain Twitter\u002FX](https:\u002F\u002Fx.com\u002FLangChainAI\u002Fstatus\u002F1901347759757902038) - Official LangChain promotion\n- [LangChain LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Flangchain_local-deep-research-an-ai-research-activity-7307113456095137792-cXRH) - 400+ likes\n\n### International Coverage\n\n#### 🇨🇳 Chinese\n- [Juejin (掘金)](https:\u002F\u002Fjuejin.cn\u002Fpost\u002F7481604667589885991) - Developer community\n- [Cnblogs (博客园)](https:\u002F\u002Fwww.cnblogs.com\u002Fqife122\u002Fp\u002F18955032) - Developer blogs\n- [GitHubDaily (Twitter\u002FX)](https:\u002F\u002Fx.com\u002FGitHub_Daily\u002Fstatus\u002F1900169979313741846) - Influential tech account\n- [Zhihu (知乎)](https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F30886269290) - Tech community\n- [A姐分享](https:\u002F\u002Fwww.ahhhhfs.com\u002F68713\u002F) - AI resources\n- [CSDN](https:\u002F\u002Fblog.csdn.net\u002Fgitblog_01198\u002Farticle\u002Fdetails\u002F147061415) - Installation guide\n- [NetEase (网易)](https:\u002F\u002Fwww.163.com\u002Fdy\u002Farticle\u002FJQKAS50205567BLV.html) - Tech news portal\n\n#### 🇯🇵 Japanese\n- [note.com: 調査革命:Local Deep Research徹底活用法](https:\u002F\u002Fnote.com\u002Fr7038xx\u002Fn\u002Fnb3b74debbb30) - Comprehensive tutorial\n- [Qiita: Local Deep Researchを試す](https:\u002F\u002Fqiita.com\u002Forca13\u002Fitems\u002F635f943287c45388d48f) - Docker setup guide\n- [LangChainJP (Twitter\u002FX)](https:\u002F\u002Fx.com\u002FLangChainJP\u002Fstatus\u002F1902918110073807073) - Japanese LangChain community\n\n#### 🇰🇷 Korean\n- [PyTorch Korea Forum](https:\u002F\u002Fdiscuss.pytorch.kr\u002Ft\u002Flocal-deep-research\u002F6476) - Korean ML community\n- [GeekNews (Hada.io)](https:\u002F\u002Fnews.hada.io\u002Ftopic?id=19707) - Korean tech news\n\n### Reviews & Analysis\n- [BSAIL Lab: How useful is Deep Research in Academia?](https:\u002F\u002Fuflbsail.net\u002Funcategorized\u002Fhow-useful-is-deep-research-in-academia\u002F) - Academic review by contributor [@djpetti](https:\u002F\u002Fgithub.com\u002Fdjpetti)\n- [The Art Of The Terminal: Use Local LLMs Already!](https:\u002F\u002Fyoutu.be\u002FpfxgLX-MxMY?t=1999) - Comprehensive review of local AI tools, featuring LDR's research capabilities (embeddings now work!)\n\n### Related Projects\n- [SearXNG LDR-Academic](https:\u002F\u002Fgithub.com\u002Fporespellar\u002Fsearxng-LDR-academic) - Academic-focused SearXNG fork with 12 research engines (arXiv, Google Scholar, PubMed, etc.) designed for LDR\n- [DeepWiki Documentation](https:\u002F\u002Fdeepwiki.com\u002FLearningCircuit\u002Flocal-deep-research) - Third-party documentation and guides\n\n> **Note:** Third-party projects and articles are independently maintained. We link to them as useful resources but cannot guarantee their code quality or security.\n\n## 🤝 Community & Support\n\n- [Discord](https:\u002F\u002Fdiscord.gg\u002FttcqQeFcJ3) - Get help and share research techniques\n- [Reddit](https:\u002F\u002Fwww.reddit.com\u002Fr\u002FLocalDeepResearch\u002F) - Updates and showcases\n- [GitHub Issues](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues) - Bug reports\n\n## 🚀 Contributing\n\nWe welcome contributions of all sizes — from typo fixes to new features. The key rule: **keep PRs small and atomic** (one change per PR). For larger changes, please open an issue or start a discussion first — we want to protect your time and make sure your effort leads to a successful merge rather than a misaligned PR. See our [Contributing Guide](CONTRIBUTING.md) to get started.\n\n## Acknowledgements\n\nLocal Deep Research is built on the work of many open-access initiatives, academic databases, and open-source projects. We are grateful to:\n\n### Academic & Research Data\n\n| Source | What It Provides | License |\n|--------|-----------------|---------|\n| [OpenAlex](https:\u002F\u002Fopenalex.org) | Academic metadata for ~280K sources and ~120K institutions, including DOAJ status | CC0 |\n| [DOAJ](https:\u002F\u002Fdoaj.org) | Directory of Open Access Journals — open-access verification (via OpenAlex) | CC0 |\n| [arXiv](https:\u002F\u002Farxiv.org) | Preprints in physics, mathematics, CS, and more | Various (see arXiv license) |\n| [PubMed \u002F NCBI](https:\u002F\u002Fpubmed.ncbi.nlm.nih.gov) | Biomedical and life sciences literature | Public domain (US Gov) |\n| [Semantic Scholar](https:\u002F\u002Fwww.semanticscholar.org) | Cross-discipline academic search with citation data | [Terms](https:\u002F\u002Fwww.semanticscholar.org\u002Fproduct\u002Fapi\u002Flicense) |\n| [NASA ADS](https:\u002F\u002Fui.adsabs.harvard.edu) | Astrophysics, physics, and astronomy papers | [Terms](https:\u002F\u002Fui.adsabs.harvard.edu\u002Fhelp\u002Fterms\u002F) |\n| [Zenodo](https:\u002F\u002Fzenodo.org) | Open research data, datasets, and software | Various per record |\n| [PubChem](https:\u002F\u002Fpubchem.ncbi.nlm.nih.gov) | Chemistry and biochemistry database | Public domain (US Gov) |\n| [Stop Predatory Journals](https:\u002F\u002Fpredatoryjournals.org) | Predatory journal\u002Fpublisher blacklist | MIT |\n| [JabRef](https:\u002F\u002Fgithub.com\u002FJabRef\u002Fabbrv.jabref.org) | Journal abbreviation database | CC0 |\n\n### Knowledge & Content Sources\n\n[Wikipedia](https:\u002F\u002Fwww.wikipedia.org) • [OpenLibrary](https:\u002F\u002Fopenlibrary.org) • [Project Gutenberg](https:\u002F\u002Fwww.gutenberg.org) • [GitHub](https:\u002F\u002Fgithub.com) • [Stack Exchange](https:\u002F\u002Fstackexchange.com) • [The Guardian](https:\u002F\u002Fwww.theguardian.com) • [Wayback Machine](https:\u002F\u002Fweb.archive.org)\n\n### Infrastructure & Frameworks\n\n[LangChain](https:\u002F\u002Fgithub.com\u002Fhwchase17\u002Flangchain) • [Ollama](https:\u002F\u002Follama.ai) • [SearXNG](https:\u002F\u002Fsearxng.org\u002F) • [FAISS](https:\u002F\u002Fgithub.com\u002Ffacebookresearch\u002Ffaiss)\n\n### Support Open Access\n\nThese projects run on donations and grants, not paywalls. If Local Deep Research is useful to you, consider giving back to the open-access ecosystem that makes it possible:\n\n- [arXiv](https:\u002F\u002Farxiv.org\u002Fabout\u002Fgive) — free preprints for physics, math, CS, and more\n- [PubMed \u002F NLM](https:\u002F\u002Fwww.nlm.nih.gov\u002Fpubs\u002Fdonations\u002Fdonations.html) — open biomedical literature\n- [Wikipedia \u002F Wikimedia](https:\u002F\u002Fdonate.wikimedia.org) — the free encyclopedia\n- [Internet Archive](https:\u002F\u002Farchive.org\u002Fdonate) — the Wayback Machine and open digital library\n- [DOAJ](https:\u002F\u002Fdoaj.org\u002Fsupport) — curating and verifying open-access journals worldwide\n- [OpenAlex](https:\u002F\u002Fopenalex.org) — open scholarly metadata (sponsored by [OurResearch](https:\u002F\u002Fourresearch.org))\n- [Project Gutenberg](https:\u002F\u002Fwww.gutenberg.org\u002Fdonate\u002F) — free ebooks since 1971\n\n## 📄 License\n\nMIT License - see [LICENSE](LICENSE) file.\n\n**Dependencies:** All third-party packages use permissive licenses (MIT, Apache-2.0, BSD, etc.) - see [allowlist](.github\u002Fworkflows\u002Fdependency-review.yml#L50-L68)\n","# 本地深度研究\n\n\u003Cdiv align=\"center\">\n\n[![GitHub 星标](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fstargazers)\n[![Docker 拉取次数](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Flocaldeepresearch\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Flocaldeepresearch\u002Flocal-deep-research)\n[![PyPI 下载量](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fdm\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fpypi.org\u002Fproject\u002Flocal-deep-research\u002F)\n\n[![Trendshift](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FLearningCircuit_local-deep-research_readme_bbada6ddd5d3.png)](https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F14116)\n\n[![提交频率](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcommit-activity\u002Fm\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcommits\u002Fmain)\n[![最近一次提交](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002FLearningCircuit\u002Flocal-deep-research?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcommits\u002Fmain)\n\n[![SimpleQA 准确率](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSimpleQA-~95%25_Accuracy-gold?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks)\n[![SQLCipher](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDatabase-SQLCipher_Encrypted-red?style=for-the-badge&logo=sqlite&logoColor=white)](docs\u002FSQLCIPHER_INSTALL.md)\n\n\u003C!-- 大家熟悉的知名安全扫描工具 -->\n[![OpenSSF Scorecard](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FLearningCircuit_local-deep-research_readme_8e349da30a07.png)](https:\u002F\u002Fsecurityscorecards.dev\u002Fviewer\u002F?uri=github.com\u002FLearningCircuit\u002Flocal-deep-research)\n[![CodeQL](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcodeql.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fsecurity\u002Fcode-scanning)\n[![Semgrep](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsemgrep.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsemgrep.yml)\n\n[![🔧 Pre-commit](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpre-commit.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpre-commit.yml)\n\n[![🐳 Docker 发布](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdocker-publish.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdocker-publish.yml)\n[![📦 PyPI 发布](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpublish.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fpublish.yml)\n\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F1352043059562680370?style=for-the-badge&logo=discord)](https:\u002F\u002Fdiscord.gg\u002FttcqQeFcJ3)\n[![Reddit](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FReddit-r\u002FLocalDeepResearch-FF4500?style=for-the-badge&logo=reddit)](https:\u002F\u002Fwww.reddit.com\u002Fr\u002FLocalDeepResearch\u002F)\n[![YouTube](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FYouTube-Channel-red?style=for-the-badge&logo=youtube)](https:\u002F\u002Fwww.youtube.com\u002F@local-deep-research)\n\n\n**由 AI 驱动的深度、自主型研究助手**\n\n*利用多个大语言模型和搜索引擎进行深度、自主型研究,并附有规范的引用*\n\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pfxgLX-MxMY&t=1999\">\n ▶️ 观看 The Art Of The Terminal 的评测\n\u003C\u002Fa>\n\n\u003C\u002Fdiv>\n\n## 🚀 什么是本地深度研究?\n\n一款由您掌控的 AI 研究助手。可在本地运行以保护隐私,支持任意大语言模型,并可构建您自己的可搜索知识库。数据完全归您所有,您可以清楚地了解其运作方式。\n\n## ⚡ 快速入门\n\n\n\n**选项 1:Docker 运行(Linux)**\n```bash\n# 第一步:拉取并运行 Ollama\ndocker run -d -p 11434:11434 --name ollama ollama\u002Follama\ndocker exec ollama ollama pull gpt-oss:20b\n\n# 第二步:拉取并运行 SearXNG 以获得最佳搜索结果\ndocker run -d -p 8080:8080 --name searxng searxng\u002Fsearxng\n\n# 第三步:拉取并运行本地深度研究\ndocker run -d -p 5000:5000 --network host \\\n --name local-deep-research \\\n --volume \"deep-research:\u002Fdata\" \\\n -e LDR_DATA_DIR=\u002Fdata \\\n localdeepresearch\u002Flocal-deep-research\n```\n\n**选项 2:Docker Compose**\n\n仅 CPU(所有平台):\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && docker compose up -d\n```\n\n配备 NVIDIA GPU(Linux):\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && \\\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.gpu.override.yml && \\\ndocker compose -f docker-compose.yml -f docker-compose.gpu.override.yml up -d\n```\n\n约 30 秒后打开 http:\u002F\u002Flocalhost:5000。有关 GPU 设置、环境变量等更多信息,请参阅 [Docker Compose 指南](docs\u002Fdocker-compose-guide.md)。\n\n**选项 3:pip 安装**\n```bash\npip install local-deep-research\n```\n> 支持 Windows、macOS 和 Linux。通过预编译的 wheel 包含 SQLCipher 加密功能,无需自行编译。\n> 在 Windows 上导出 PDF 文件需要 Pango([设置指南](https:\u002F\u002Fdoc.courtbouillon.org\u002Fweasyprint\u002Fstable\u002Ffirst_steps.html))。\n> 如果遇到加密问题,可设置 `export LDR_BOOTSTRAP_ALLOW_UNENCRYPTED=true`,以使用标准 SQLite 替代。\n\n[更多安装选项 →](#-installation-options)\n\n## 🏗️ 工作原理\n\n### 研究\n\n您提出一个复杂的问题。LDR:\n- 自动为您完成研究\n- 横跨网络、学术论文以及您自己的文档进行搜索\n- 将所有内容综合成一份带有规范引用的报告\n\n从 20 多种研究策略中选择,以获取快速事实、深入分析或进行学术研究。\n\n**新增:LangGraph 代理策略** — 一种自主的代理式研究模式,由大语言模型决定搜索内容、使用哪些专业引擎(如 arXiv、PubMed、Semantic Scholar 等),以及何时进行综合。初步结果令人鼓舞——它会根据所发现的内容自适应地切换搜索引擎,并收集到比基于流水线的策略多得多的资料。在设置中选择 `langgraph-agent` 即可尝试。\n\n### 构建您的知识库\n\n```mermaid\nflowchart LR\n R[研究] --> D[下载来源]\n D --> L[(图书馆)]\n L --> I[索引与嵌入]\n I --> S[搜索您的文档]\n S -.-> R\n```\n\n每次研究都会找到有价值的资料。您可以直接将其下载到您的加密图书馆中——例如来自 arXiv 的学术论文、PubMed 文章以及网页内容。LDR 会提取文本、建立索引,并使其可搜索。下次研究时,您可以同时查询您自己的文档和实时网络,从而实现知识的不断积累。\n\n## 🛡️ 安全\n\n\u003Cdiv align=\"center\">\n\n\u003C!-- 静态分析(除 CodeQL\u002FSemgrep 外的其他扫描器) -->\n[![DevSkim](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdevskim.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdevskim.yml)\n[![Bearer](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fbearer.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fbearer.yml)\n\n\u003C!-- 依赖与密钥扫描 -->\n[![Gitleaks](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fgitleaks-main.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fgitleaks-main.yml)\n[![OSV-Scanner](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fosv-scanner.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fosv-scanner.yml)\n[![npm-audit](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fnpm-audit.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fnpm-audit.yml)\n[![Retire.js](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fretirejs.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fretirejs.yml)\n\n\u003C!-- 容器安全 -->\n[![Container Security](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcontainer-security.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcontainer-security.yml)\n[![Dockle](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdockle.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fdockle.yml)\n[![Hadolint](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fhadolint.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fhadolint.yml)\n[![Checkov](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcheckov.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fcheckov.yml)\n\n\u003C!-- 工作流与运行时安全 -->\n[![Zizmor](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fzizmor-security.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fzizmor-security.yml)\n[![OWASP ZAP](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fowasp-zap-scan.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fowasp-zap-scan.yml)\n[![Security Tests](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsecurity-tests.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Factions\u002Fworkflows\u002Fsecurity-tests.yml)\n\n\u003C\u002Fdiv>\n\n```mermaid\nflowchart LR\n U1[用户 A] --> D1[(加密数据库)]\n U2[用户 B] --> D2[(加密数据库)]\n```\n\n您的数据始终属于您。每位用户都拥有独立的、采用 AES-256 加密的 SQLCipher 数据库(信号级别的安全性)。由于不提供密码恢复功能,因此实现了真正的零知识保护——即使是服务器管理员也无法读取您的数据。您可以完全在本地运行 LDR,结合 Ollama 和 SearXNG,确保所有数据都不会离开您的设备。\n\n**内存中的凭据**:如同所有在运行时使用敏感信息的应用程序一样——包括 [密码管理器](https:\u002F\u002Fwww.ise.io\u002Fcasestudies\u002Fpassword-manager-hacking\u002F)、浏览器和 API 客户端——凭据会在活动会话期间以明文形式存储在进程内存中。这是整个行业普遍接受的事实(参见 [OWASP 密钥管理备忘录](https:\u002F\u002Fcheatsheetseries.owasp.org\u002Fcheatsheets\u002FSecrets_Management_Cheat_Sheet.html)),并非 LDR 特有的问题:如果攻击者能够读取进程内存,他们同样可以获取任何正在使用的解密密钥。我们通过限制凭据的有效期仅限于当前会话,并排除核心转储文件来降低这一风险。如果您有进一步改进的想法,欢迎随时通过 [GitHub Issues](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues) 提出。更多详情请参阅我们的 [安全策略](SECURITY.md)。\n\n**供应链安全**:Docker 镜像已使用 [Cosign](https:\u002F\u002Fgithub.com\u002Fsigstore\u002Fcosign) 进行签名,包含 SLSA 来源证明,并附带 SBOM 文件。您可以通过以下命令验证:\n```bash\ncosign verify localdeepresearch\u002Flocal-deep-research:latest\n```\n\n**安全透明度**:扫描器抑制规则及其理由均已记录在 [安全警报评估](.github\u002FSECURITY_ALERTS.md)、[评分卡合规性](.github\u002FSECURITY_SCORECARD.md)、[容器 CVE 抑制列表](.trivyignore)以及 [SAST 规则依据](bearer.yml)中。部分警报(如 Dependabot 和代码扫描)只能在 [GitHub 安全选项卡](https:\u002F\u002Fdocs.github.com\u002Fen\u002Fcode-security\u002Fdependabot\u002Fdependabot-alerts\u002Fviewing-and-updating-dependabot-alerts)中被忽略或难以抑制,因此上述文件并未涵盖所有被忽略的发现。\n\n[详细架构 →](docs\u002Farchitecture.md) | [安全策略 →](SECURITY.md) | [安全审查流程 →](docs\u002FSECURITY_REVIEW_PROCESS.md)\n\n### 🔒 隐私与数据\n\nLocal Deep Research **不包含任何遥测、分析或跟踪功能**。我们不会收集、传输或存储关于您或您的使用情况的任何数据。没有分析 SDK,没有主动上报,没有崩溃报告,也没有外部脚本。使用指标仅保留在您本地的加密数据库中。\n\nLDR 唯一的网络请求均由 **您** 主动发起:搜索查询(向您配置的搜索引擎发送)、LLM API 调用(向您选择的服务提供商发送)以及通知(仅当您设置了 Apprise 时才会发送)。\n\n由于我们不收集任何使用数据,因此我们依赖您的反馈来了解哪些功能有效、哪些存在问题,以及您希望未来看到哪些新功能——无论是 [错误报告](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues)、功能建议,还是您喜欢或从未使用过的功能,这些都能帮助我们不断改进 LDR。\n\n## 📊 性能\n\n**SimpleQA 基准测试准确率约 95%**(初步结果)\n- 测试环境为 GPT-4.1-mini + SearXNG + 精准迭代策略\n- 性能可与最先进的 AI 研究系统相媲美\n- 本地模型在适当配置下也能达到类似效果\n- [社区基准测试与排行榜 →](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks) | [在 Hugging Face 上浏览 →](https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002Flocal-deep-research\u002Fldr-benchmarks)\n\n## ✨ 核心功能\n\n### 🔍 研究模式\n- **快速摘要**:在 30 秒至 3 分钟内获得带有引用的答案\n- **详细研究**:提供结构化的综合分析结果\n- **报告生成**:生成包含章节和目录的专业报告\n- **文档分析**:利用 AI 搜索您的私人文档\n\n### 🛠️ 高级功能\n- **[LangChain 集成](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)** - 使用任何向量存储作为搜索引擎\n- **[REST API](docs\u002Fapi-quickstart.md)** - 带有用户专属数据库的认证 HTTP 访问\n- **[基准测试](docs\u002FBENCHMARKING.md)** - 测试并优化您的配置\n- **[分析仪表板](docs\u002Fanalytics-dashboard.md)** - 跟踪成本、性能和使用指标\n- **实时更新** - 支持 WebSocket,可查看研究进度\n- **导出选项** - 将结果下载为 PDF 或 Markdown 格式\n- **研究历史** - 保存、搜索并重新访问过往的研究记录\n- **自适应限流** - 智能重试系统,可学习最佳等待时间\n- **键盘快捷键** - 高效导航(ESC、Ctrl+Shift+1-5)\n- **用户加密数据库** - 为每位用户提供安全、隔离的数据存储\n\n### 📰 新闻与研究订阅\n- **自动化研究摘要** - 订阅感兴趣的主题,接收由 AI 驱动的研究摘要\n- **可定制频率** - 每日、每周或自定义时间表获取研究更新\n- **智能过滤** - AI 仅筛选并总结最相关的内容\n- **多格式交付** - 可以以 Markdown 报告或结构化摘要的形式接收更新\n- **主题与查询支持** - 追踪特定搜索或广泛的研究领域\n\n### 🌐 搜索引擎\n\n#### 免费搜索引擎\n- **学术类**: arXiv、PubMed、Semantic Scholar\n- **通用类**: Wikipedia、SearXNG\n- **技术类**: GitHub、Elasticsearch\n- **历史类**: Wayback Machine\n- **新闻类**: The Guardian、Wikinews\n\n#### 付费搜索引擎\n- **Tavily** - 基于 AI 的搜索引擎\n- **Google** - 通过 SerpAPI 或 Programmable Search Engine\n- **Brave Search** - 注重隐私的网页搜索引擎\n\n#### 自定义来源\n- **本地文档** - 使用 AI 搜索您的文件\n- **LangChain 检索器** - 任何向量存储或数据库\n- **元搜索引擎** - 智能整合多个引擎\n\nLDR 会尊重 `robots.txt` 文件,并在抓取网页时如实声明身份——不使用任何隐身或反检测技术。在极少数情况下,这意味着会被阻止自动访问的页面将不会被抓取,我们认为这是合理的权衡。\n\n[完整搜索引擎指南 →](docs\u002Fsearch-engines.md)\n\n## 📦 安装选项\n\n对于大多数用户来说,上方的【快速入门】已足够。\n\n| 方法 | 适用人群 | 指南 |\n|--------|----------|-------|\n| Docker Compose | 多数用户(推荐) | [Docker Compose 指南](docs\u002Fdocker-compose-guide.md) |\n| Docker | 极简部署 | [安装指南](docs\u002Finstallation.md#docker) |\n| pip | 开发者、Python 集成 | [pip 指南](docs\u002Finstall-pip.md) |\n| Unraid | Unraid 服务器 | [Unraid 指南](docs\u002Fdeployment\u002Funraid.md) |\n\n[所有安装选项 →](docs\u002Finstallation.md)\n\n## 💻 使用示例\n\n### Python API\n```python\nfrom local_deep_research.api import LDRClient, quick_query\n\n# 方案一:最简单——一行代码完成研究\nsummary = quick_query(\"username\", \"password\", \"什么是量子计算?\")\nprint(summary)\n\n# 方案二:适用于多次操作的客户端\nclient = LDRClient()\nclient.login(\"username\", \"password\")\nresult = client.quick_research(\"量子计算领域的最新进展有哪些?\")\nprint(result[\"summary\"])\n```\n\n### HTTP API\n\n*以下代码示例展示了基本的 API 结构——实际可用的示例请参见下方链接*\n\n```python\nimport requests\nfrom bs4 import BeautifulSoup\n\n# 创建会话并进行认证\nsession = requests.Session()\nlogin_page = session.get(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Flogin\")\nsoup = BeautifulSoup(login_page.text, \"html.parser\")\nlogin_csrf = soup.find(\"input\", {\"name\": \"csrf_token\"}).get(\"value\")\n\n# 登录并获取 API CSRF 令牌\nsession.post(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Flogin\",\n data={\"username\": \"user\", \"password\": \"pass\", \"csrf_token\": login_csrf})\ncsrf = session.get(\"http:\u002F\u002Flocalhost:5000\u002Fauth\u002Fcsrf-token\").json()[\"csrf_token\"]\n\n# 发送 API 请求\nresponse = session.post(\"http:\u002F\u002Flocalhost:5000\u002Fapi\u002Fstart_research\",\n json={\"query\": \"您的研究问题\"},\n headers={\"X-CSRF-Token\": csrf})\n```\n\n🚀 **[开箱即用的 HTTP API 示例 → examples\u002Fapi_usage\u002Fhttp\u002F](examples\u002Fapi_usage\u002Fhttp\u002F)** \n- ✅ **自动创建用户**——无需额外配置即可使用 \n- ✅ **完整的认证流程**,包含 CSRF 处理 \n- ✅ **结果重试逻辑**——等待研究完成后再返回结果 \n- ✅ **进度监控**和错误处理 \n\n### 命令行工具\n\n```bash\n# 从命令行运行基准测试\npython -m local_deep_research.benchmarks --dataset simpleqa --examples 50\n\n# 管理限流设置\npython -m local_deep_research.web_search_engines.rate_limiting status\npython -m local_deep_research.web_search_engines.rate_limiting reset\n```\n\n## 🔗 企业级集成\n\n将 LDR 连接到您现有的知识库:\n\n```python\nfrom local_deep_research.api import quick_summary\n\n# 使用您现有的 LangChain 检索器\nresult = quick_summary(\n query=\"我们的部署流程是什么?\",\n retrievers={\"company_kb\": your_retriever},\n search_tool=\"company_kb\"\n)\n```\n\n兼容:FAISS、Chroma、Pinecone、Weaviate、Elasticsearch 以及任何与 LangChain 兼容的检索器。\n\n[集成指南 →](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)\n\n## 🔌 MCP 服务器(Claude 集成)\n\nLDR 提供一个 MCP(模型上下文协议)服务器,允许像 Claude Desktop 和 Claude Code 这样的 AI 助手执行深度研究。\n\n> ⚠️ **安全提示**:此 MCP 服务器专为通过 STDIO 传输的**本地使用**而设计(例如,Claude Desktop)。它没有内置的身份验证或限流机制。请勿将其暴露在公共网络上,除非实施适当的安全控制措施。有关网络部署要求,请参阅 [MCP 安全指南](https:\u002F\u002Fmodelcontextprotocol.io\u002Fdocs\u002Fconcepts\u002Fsecurity)。\n\n### 安装\n\n```bash\n# 安装时包含 MCP 扩展\npip install \"local-deep-research[mcp]\"\n```\n\n### Claude Desktop 配置\n\n在您的 `claude_desktop_config.json` 中添加:\n\n```json\n{\n \"mcpServers\": {\n \"local-deep-research\": {\n \"command\": \"ldr-mcp\",\n \"env\": {\n \"LDR_LLM_PROVIDER\": \"openai\",\n \"LDR_LLM_OPENAI_API_KEY\": \"sk-...\"\n }\n }\n }\n}\n```\n\n### Claude Code 配置\n\n在您的 `.mcp.json`(项目级别)或 `~\u002F.claude\u002Fmcp.json`(全局级别)中添加:\n\n```json\n{\n \"mcpServers\": {\n \"local-deep-research\": {\n \"command\": \"ldr-mcp\",\n \"env\": {\n \"LDR_LLM_PROVIDER\": \"ollama\",\n \"LDR_LLM_OLLAMA_URL\": \"http:\u002F\u002Flocalhost:11434\"\n }\n }\n }\n}\n```\n\n### 可用工具\n\n| 工具 | 描述 | 耗时 | LLM 成本 |\n|------|-------------|----------|----------|\n| `search` | 来自特定引擎的原始搜索结果(arxiv、pubmed、wikipedia 等) | 5-30秒 | 无 |\n| `quick_research` | 快速研究摘要 | 1-5分钟 | 是 |\n| `detailed_research` | 全面分析 | 5-15分钟 | 是 |\n| `generate_report` | 完整 Markdown 报告 | 10-30分钟 | 是 |\n| `analyze_documents` | 搜索本地文档库 | 30秒-2分钟 | 是 |\n| `list_search_engines` | 列出可用的搜索引擎 | 即时 | 无 |\n| `list_strategies` | 列出研究策略 | 即时 | 无 |\n| `get_configuration` | 获取当前配置 | 即时 | 无 |\n\n### 各个搜索引擎\n\n`search` 工具允许您直接查询特定的搜索引擎并获取原始结果(标题、链接、摘要片段)——无需 LLM 处理,不产生费用,速度极快。这尤其适用于 **监控和订阅** 场景,您希望定期检查新内容而无需消耗 LLM 的 token。\n\n```\n# 在 arXiv 上搜索近期论文\nsearch(query=\"transformer 架构改进\", engine=\"arxiv\")\n\n# 在 PubMed 上搜索医学文献\nsearch(query=\"CRISPR 临床试验 2024\", engine=\"pubmed\")\n\n# 在 Wikipedia 上搜索快速事实\nsearch(query=\"量子纠错\", engine=\"wikipedia\")\n\n# 在 OpenClaw 上搜索法律判例\nsearch(query=\"版权合理使用先例\", engine=\"openclaw\")\n\n# 使用 list_search_engines() 查看所有可用引擎\n```\n\n### 使用示例\n\n```\n\"使用 quick_research 查找关于量子计算应用的信息\"\n\"在 arxiv 上搜索关于扩散模型的最新论文\"\n\"生成一份关于可再生能源趋势的详细研究报告\"\n```\n\n## 📊 性能与分析\n\n### 基准测试结果\n早期在小型 SimpleQA 数据集样本上的实验:\n\n| 配置 | 准确率 | 备注 |\n|--------------|----------|--------|\n| gpt-4.1-mini + SearXNG + focused_iteration | 90-95% | 样本量有限 |\n| gpt-4.1-mini + Tavily + focused_iteration | 90-95% | 样本量有限 |\n| gemini-2.0-flash-001 + SearXNG | 82% | 单次测试运行 |\n\n注意:这些是初步测试的早期结果。性能会因查询类型、模型版本和配置的不同而显著变化。[运行您自己的基准测试 →](docs\u002FBENCHMARKING.md)\n\n**完整的社区排行榜:** 社区维护着一个不断增长的基准测试结果集合,涵盖不同模型、策略和搜索引擎,并通过 CI 验证提交和自动生成排行榜:\n\n- **[GitHub: LearningCircuit\u002Fldr-benchmarks](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks)** — 在这里提交您的结果\n- **[Hugging Face: local-deep-research\u002Fldr-benchmarks](https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002Flocal-deep-research\u002Fldr-benchmarks)** — 浏览排行榜并下载 CSV 文件\n\n### 基准测试贡献者\n\n感谢为基准测试运行做出贡献的社区成员:\n\n\u003C!-- BENCHMARK_CONTRIBUTORS:START -->\n\u003C!-- BENCHMARK_CONTRIBUTORS:END -->\n\n[查看所有贡献者 →](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Fldr-benchmarks\u002Fblob\u002Fmain\u002FCONTRIBUTORS.md)\n\n### 内置分析仪表板\n通过详细的指标跟踪成本、性能和使用情况。[了解更多 →](docs\u002Fanalytics-dashboard.md)\n\n## 🤖 支持的 LLM\n\n### 本地模型(通过 Ollama)\n- Llama 3、Mistral、Gemma、DeepSeek\n- LLM 处理完全在本地进行(搜索请求仍会发送到网络)\n- 无 API 费用\n\n### 云上模型\n- OpenAI(GPT-4、GPT-3.5)\n- Anthropic(Claude 3)\n- Google(Gemini)\n- 通过 OpenRouter 支持 100 多种模型\n\n[模型设置 →](docs\u002Fenv_configuration.md)\n\n## 📚 文档\n\n### 入门指南\n- [安装指南](docs\u002Finstallation.md)\n- [常见问题解答](docs\u002Ffaq.md)\n- [API 快速入门](docs\u002Fapi-quickstart.md)\n- [配置指南](docs\u002Fenv_configuration.md)\n- [完整配置参考](docs\u002FCONFIGURATION.md)\n\n### 核心功能\n- [所有功能指南](docs\u002Ffeatures.md)\n- [搜索引擎指南](docs\u002Fsearch-engines.md)\n- [分析仪表板](docs\u002Fanalytics-dashboard.md)\n\n### 进阶功能\n- [LangChain 集成](docs\u002FLANGCHAIN_RETRIEVER_INTEGRATION.md)\n- [基准测试系统](docs\u002FBENCHMARKING.md)\n- [Elasticsearch 设置](docs\u002Felasticsearch_search_engine.md)\n- [SearXNG 设置](docs\u002FSearXNG-Setup.md)\n\n### 开发相关\n- [Docker Compose 指南](docs\u002Fdocker-compose-guide.md)\n- [开发指南](docs\u002Fdeveloping.md)\n- [安全指南](docs\u002Fsecurity\u002FCODEQL_GUIDE.md)\n- [发布指南](docs\u002FRELEASE_GUIDE.md)\n\n### 示例与教程\n- [API 示例](examples\u002Fapi_usage\u002F)\n- [基准测试示例](examples\u002Fbenchmarks\u002F)\n- [优化示例](examples\u002Foptimization\u002F)\n\n## 📰 特别报道\n\n> “Local Deep Research 对于那些重视隐私的人来说值得特别提及……它经过优化,可以使用开源 LLM,在消费级 GPU 甚至 CPU 上运行。记者、研究人员或涉及敏感话题的企业可以在 **查询从未触及外部服务器** 的情况下进行信息调查。”\n>\n> — [Medium: 开源深度研究 AI 助手](https:\u002F\u002Fmedium.com\u002F@leucopsis\u002Fopen-source-deep-research-ai-assistants-157462a59c14)\n\n### 新闻与文章\n- [Korben.info](https:\u002F\u002Fkorben.info\u002Flocal-deep-research-alternative-gratuite-recherche-ia-sourcee.html) - 法国科技博客(“数字夏洛克·福尔摩斯”)\n- [Roboto.fr](https:\u002F\u002Fwww.roboto.fr\u002Fblog\u002Flocal-deep-research-l-alternative-open-source-gratuite-deep-research-d-openai) - “OpenAI Deep Research 的免费开源替代方案”\n- [KDJingPai AI 工具](https:\u002F\u002Fwww.kdjingpai.com\u002Fen\u002Flocal-deep-research\u002F) - AI 生产力工具专题报道\n- [AI Sharing Circle](https:\u002F\u002Faisharenet.com\u002Fen\u002Flocal-deep-research\u002F) - AI 资源专题报道\n\n### 社区讨论\n- [Hacker News](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=43330164) - 获得 190 多个赞,引发社区讨论\n- [LangChain Twitter\u002FX](https:\u002F\u002Fx.com\u002FLangChainAI\u002Fstatus\u002F1901347759757902038) - LangChain 官方推广\n- [LangChain LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fposts\u002Flangchain_local-deep-research-an-ai-research-activity-7307113456095137792-cXRH) - 获得 400 多个赞\n\n### 国际报道\n\n#### 🇨🇳 中文\n- [Juejin (掘金)](https:\u002F\u002Fjuejin.cn\u002Fpost\u002F7481604667589885991) - 开发者社区\n- [Cnblogs (博客园)](https:\u002F\u002Fwww.cnblogs.com\u002Fqife122\u002Fp\u002F18955032) - 开发者博客\n- [GitHubDaily (Twitter\u002FX)](https:\u002F\u002Fx.com\u002FGitHub_Daily\u002Fstatus\u002F1900169979313741846) - 有影响力的科技账号\n- [Zhihu (知乎)](https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F30886269290) - 科技社区\n- [A姐分享](https:\u002F\u002Fwww.ahhhhfs.com\u002F68713\u002F) - AI资源\n- [CSDN](https:\u002F\u002Fblog.csdn.net\u002Fgitblog_01198\u002Farticle\u002Fdetails\u002F147061415) - 安装指南\n- [NetEase (网易)](https:\u002F\u002Fwww.163.com\u002Fdy\u002Farticle\u002FJQKAS50205567BLV.html) - 科技新闻门户\n\n#### 🇯🇵 日语\n- [note.com: 调查革命:Local Deep Research彻底活用法](https:\u002F\u002Fnote.com\u002Fr7038xx\u002Fn\u002Fnb3b74debbb30) - 综合教程\n- [Qiita: Local Deep Researchを试す](https:\u002F\u002Fqiita.com\u002Forca13\u002Fitems\u002F635f943287c45388d48f) - Docker设置指南\n- [LangChainJP (Twitter\u002FX)](https:\u002F\u002Fx.com\u002FLangChainJP\u002Fstatus\u002F1902918110073807073) - 日本LangChain社区\n\n#### 🇰🇷 韩语\n- [PyTorch Korea Forum](https:\u002F\u002Fdiscuss.pytorch.kr\u002Ft\u002Flocal-deep-research\u002F6476) - 韩国机器学习社区\n- [GeekNews (Hada.io)](https:\u002F\u002Fnews.hada.io\u002Ftopic?id=19707) - 韩国科技新闻\n\n### 评论与分析\n- [BSAIL Lab: 学术界中Deep Research有多有用?](https:\u002F\u002Fuflbsail.net\u002Funcategorized\u002Fhow-useful-is-deep-research-in-academia\u002F) - 贡献者[@djpetti](https:\u002F\u002Fgithub.com\u002Fdjpetti)的学术评论\n- [The Art Of The Terminal: 现在就使用本地LLM吧!](https:\u002F\u002Fyoutu.be\u002FpfxgLX-MxMY?t=1999) - 关于本地AI工具的全面评测,重点介绍了LDR的研究能力(嵌入现在已支持!)\n\n### 相关项目\n- [SearXNG LDR-Academic](https:\u002F\u002Fgithub.com\u002Fporespellar\u002Fsearxng-LDR-academic) - 面向学术界的SearXNG分支,内置12个研究引擎(arXiv、Google Scholar、PubMed等),专为LDR设计\n- [DeepWiki Documentation](https:\u002F\u002Fdeepwiki.com\u002FLearningCircuit\u002Flocal-deep-research) - 第三方文档和指南\n\n> **注:** 第三方项目和文章由独立维护。我们仅将其链接作为有用的资源,并不保证其代码质量或安全性。\n\n## 🤝 社区与支持\n\n- [Discord](https:\u002F\u002Fdiscord.gg\u002FttcqQeFcJ3) - 获取帮助并分享研究技巧\n- [Reddit](https:\u002F\u002Fwww.reddit.com\u002Fr\u002FLocalDeepResearch\u002F) - 最新动态与成果展示\n- [GitHub Issues](https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fissues) - 错误报告\n\n## 🚀 贡献方式\n\n我们欢迎各种形式的贡献——从修正错别字到新增功能。关键原则是:**保持PR小而原子化**(每个PR只包含一项更改)。对于较大的改动,请先提交问题或发起讨论——我们希望保护您的时间,并确保您的努力能成功合并,而不是导致方向不符的PR。请参阅我们的[贡献指南](CONTRIBUTING.md)以开始贡献。\n\n## 致谢\n\nLocal Deep Research建立在众多开放获取倡议、学术数据库和开源项目的基础上。我们衷心感谢以下机构和个人:\n\n### 学术与研究数据\n\n| 来源 | 提供内容 | 许可协议 |\n|--------|-----------------|---------|\n| [OpenAlex](https:\u002F\u002Fopenalex.org) | 约28万条学术元数据及约12万家机构信息,包括DOAJ状态 | CC0 |\n| [DOAJ](https:\u002F\u002Fdoaj.org) | 开放获取期刊目录——通过OpenAlex进行开放获取验证 | CC0 |\n| [arXiv](https:\u002F\u002Farxiv.org) | 物理、数学、计算机科学等领域预印本 | 多种许可(详见arXiv许可) |\n| [PubMed \u002F NCBI](https:\u002F\u002Fpubmed.ncbi.nlm.nih.gov) | 生物医学及生命科学文献 | 公有领域(美国政府) |\n| [Semantic Scholar](https:\u002F\u002Fwww.semanticscholar.org) | 跨学科学术搜索,附带引用数据 | [条款](https:\u002F\u002Fwww.semanticscholar.org\u002Fproduct\u002Fapi\u002Flicense) |\n| [NASA ADS](https:\u002F\u002Fui.adsabs.harvard.edu) | 天体物理学、物理学和天文学论文 | [条款](https:\u002F\u002Fui.adsabs.harvard.edu\u002Fhelp\u002Fterms\u002F) |\n| [Zenodo](https:\u002F\u002Fzenodo.org) | 开放研究数据、数据集和软件 | 每条记录许可各不相同 |\n| [PubChem](https:\u002F\u002Fpubchem.ncbi.nlm.nih.gov) | 化学与生物化学数据库 | 公有领域(美国政府) |\n| [Stop Predatory Journals](https:\u002F\u002Fpredatoryjournals.org) | 攻击性期刊\u002F出版商黑名单 | MIT |\n| [JabRef](https:\u002F\u002Fgithub.com\u002FJabRef\u002Fabbrv.jabref.org) | 期刊缩写数据库 | CC0 |\n\n### 知识与内容来源\n\n[Wikipedia](https:\u002F\u002Fwww.wikipedia.org) • [OpenLibrary](https:\u002F\u002Fopenlibrary.org) • [Project Gutenberg](https:\u002F\u002Fwww.gutenberg.org) • [GitHub](https:\u002F\u002Fgithub.com) • [Stack Exchange](https:\u002F\u002Fstackexchange.com) • [The Guardian](https:\u002F\u002Fwww.theguardian.com) • [Wayback Machine](https:\u002F\u002Fweb.archive.org)\n\n### 基础设施与框架\n\n[LangChain](https:\u002F\u002Fgithub.com\u002Fhwchase17\u002Flangchain) • [Ollama](https:\u002F\u002Follama.ai) • [SearXNG](https:\u002F\u002Fsearxng.org\u002F) • [FAISS](https:\u002F\u002Fgithub.com\u002Ffacebookresearch\u002Ffaiss)\n\n### 支持开放获取\n\n这些项目依靠捐赠和资助运行,而非付费墙。如果Local Deep Research对您有所帮助,请考虑回馈那些使其成为可能的开放获取生态系统:\n\n- [arXiv](https:\u002F\u002Farxiv.org\u002Fabout\u002Fgive) — 为物理、数学、计算机科学等领域提供免费预印本\n- [PubMed \u002F NLM](https:\u002F\u002Fwww.nlm.nih.gov\u002Fpubs\u002Fdonations\u002Fdonations.html) — 提供开放的生物医学文献\n- [Wikipedia \u002F Wikimedia](https:\u002F\u002Fdonate.wikimedia.org) — 自由百科全书\n- [Internet Archive](https:\u002F\u002Farchive.org\u002Fdonate) — Wayback Machine和开放数字图书馆\n- [DOAJ](https:\u002F\u002Fdoaj.org\u002Fsupport) — 整理并验证全球范围内的开放获取期刊\n- [OpenAlex](https:\u002F\u002Fopenalex.org) — 开放的学术元数据(由[OurResearch](https:\u002F\u002Fourresearch.org)赞助)\n- [Project Gutenberg](https:\u002F\u002Fwww.gutenberg.org\u002Fdonate\u002F) — 自1971年以来一直提供免费电子书\n\n## 📄 许可协议\n\nMIT许可证 - 详见[LICENSE](LICENSE)文件。\n\n**依赖项:** 所有第三方包均采用宽松许可(MIT、Apache-2.0、BSD等) - 详情见[允许列表](.github\u002Fworkflows\u002Fdependency-review.yml#L50-L68)","# Local Deep Research 快速上手指南\n\nLocal Deep Research 是一款由 AI 驱动的本地深度研究助手。它支持完全本地化运行,保护隐私,允许用户连接任意大语言模型(LLM)和搜索引擎,自动执行深度调研并生成带引用的报告。\n\n## 环境准备\n\n在开始之前,请确保您的系统满足以下要求:\n\n* **操作系统**:Linux、macOS 或 Windows。\n* **容器运行时(推荐)**:已安装 Docker 和 Docker Compose。\n * 若使用 NVIDIA GPU 加速,需安装 NVIDIA Container Toolkit。\n* **Python 环境(可选)**:若不使用 Docker,需安装 Python 3.8+ 及 pip。\n* **网络环境**:能够访问 Docker Hub 或 PyPI(国内用户建议配置镜像源加速)。\n\n> **注意**:本工具设计为“零遥测”,所有数据默认存储在本地加密数据库中,不会上传至外部服务器。\n\n## 安装步骤\n\n推荐使用 **Docker Compose** 方式进行部署,这是最简便且跨平台兼容性最好的方案。\n\n### 方案一:使用 Docker Compose(推荐)\n\n#### 1. CPU 模式(适用于所有平台)\n直接下载官方配置文件并启动服务:\n\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && docker compose up -d\n```\n\n#### 2. GPU 模式(仅限 Linux + NVIDIA 显卡)\n如需启用 GPU 加速,需额外下载 GPU 覆盖配置文件:\n\n```bash\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.yml && \\\ncurl -O https:\u002F\u002Fraw.githubusercontent.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fmain\u002Fdocker-compose.gpu.override.yml && \\\ndocker compose -f docker-compose.yml -f docker-compose.gpu.override.yml up -d\n```\n\n> **国内加速提示**:如果 `curl` 下载缓慢,可手动访问 GitHub 仓库下载上述 `.yml` 文件到当前目录,然后执行 `docker compose up -d`。若拉取镜像速度慢,请配置 Docker 国内镜像加速器。\n\n### 方案二:使用 Pip 安装\n\n适用于希望直接在原生环境中运行的开发者:\n\n```bash\npip install local-deep-research\n```\n\n* **Windows 用户注意**:如需导出 PDF 报告,需预先安装 Pango 库(参考 [WeasyPrint 安装指南](https:\u002F\u002Fdoc.courtbouillon.org\u002Fweasyprint\u002Fstable\u002Ffirst_steps.html))。\n* **加密选项**:默认包含 SQLCipher 加密支持。若遇到加密库兼容性问题,可设置环境变量 `export LDR_BOOTSTRAP_ALLOW_UNENCRYPTED=true` 以使用标准 SQLite。\n\n### 方案三:手动 Docker 运行(高级用户)\n\n若需自定义组件(如指定 Ollama 模型或 SearXNG 配置),可分步启动:\n\n```bash\n# 1. 启动 Ollama (本地 LLM 服务)\ndocker run -d -p 11434:11434 --name ollama ollama\u002Follama\ndocker exec ollama ollama pull gpt-oss:20b\n\n# 2. 启动 SearXNG (聚合搜索引擎)\ndocker run -d -p 8080:8080 --name searxng searxng\u002Fsearxng\n\n# 3. 启动 Local Deep Research\ndocker run -d -p 5000:5000 --network host \\\n --name local-deep-research \\\n --volume \"deep-research:\u002Fdata\" \\\n -e LDR_DATA_DIR=\u002Fdata \\\n localdeepresearch\u002Flocal-deep-research\n```\n\n## 基本使用\n\n安装完成后,按照以下步骤开始第一次深度研究:\n\n1. **访问界面**\n 在浏览器中打开:\n ```text\n http:\u002F\u002Flocalhost:5000\n ```\n *首次启动可能需要约 30 秒初始化时间。*\n\n2. **配置模型(首次使用)**\n 进入设置页面,确认 LLM 后端已连接(默认指向本地 Ollama 或其他兼容 API),并选择搜索策略。\n * 推荐尝试新推出的 **`langgraph-agent`** 策略,它能自主决定搜索路径和引擎切换,适合复杂课题。\n\n3. **开始研究**\n 在输入框中输入复杂的研究问题(例如:“分析 2024 年量子计算在药物发现领域的最新进展”)。\n 系统将自动执行以下流程:\n * **搜索**:遍历网页、学术论文库及您本地的文档库。\n * **综合**:利用 LLM 整合信息,生成结构化报告。\n * **引用**:自动标注所有信息来源。\n\n4. **构建知识库**\n 研究过程中获取的高质量来源(如 ArXiv 论文、网页文章)可直接下载并存储到您的本地加密库中。系统会自动提取文本并建立索引,后续研究时可同时检索本地文档和实时网络内容,实现知识的累积效应。","某生物科技公司的高级研究员正在紧急撰写一份关于\"CRISPR 基因编辑脱靶效应”的内部评估报告,需要综合最新学术论文、临床数据及公司私有实验记录。\n\n### 没有 local-deep-research 时\n- **信息孤岛严重**:研究员需手动在 arXiv、PubMed 和公司加密硬盘间反复切换,难以将公开文献与内部私有数据关联分析。\n- **隐私合规风险**:使用云端 AI 工具处理未发表的实验数据时,面临敏感数据泄露的隐患,不符合公司严格的数据安全规定。\n- **溯源效率低下**:人工整理数十篇文献的引用来源耗时费力,且容易遗漏关键证据或出现引用错误,导致报告可信度存疑。\n- **模型选择受限**:被迫依赖单一云厂商的模型,无法根据任务难度灵活切换本地轻量模型或云端高性能模型以平衡成本与效果。\n\n### 使用 local-deep-research 后\n- **全域知识融合**:local-deep-research 自动同时检索 arXiv、PubMed 等十余个公开源及本地加密文档,一键生成跨源头的深度综合分析。\n- **数据本地闭环**:所有数据处理、索引构建及推理过程均在本地完成并通过 SQLCipher 加密,确保核心实验数据绝不流出内网。\n- **精准自动引证**:工具生成的报告自带精确到段落的引用标注,直接对应原始文献或内部文档页码,大幅缩短事实核查时间。\n- **灵活模型调度**:研究员可自由配置后端,用本地 Ollama 处理常规摘要,仅在复杂推理时调用云端 GPT-4.1-mini,实现性能与隐私的最优解。\n\nlocal-deep-research 让研究员在绝对安全的环境下,像拥有私人专家团队一样高效完成跨公私域数据的深度科研洞察。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FLearningCircuit_local-deep-research_c215b5ed.png","LearningCircuit",null,"https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002FLearningCircuit_f9304ed9.png","https:\u002F\u002Fgithub.com\u002FLearningCircuit",[79,83,87,91,95,99,103],{"name":80,"color":81,"percentage":82},"Python","#3572A5",84.1,{"name":84,"color":85,"percentage":86},"JavaScript","#f1e05a",12,{"name":88,"color":89,"percentage":90},"HTML","#e34c26",2.3,{"name":92,"color":93,"percentage":94},"CSS","#663399",1.5,{"name":96,"color":97,"percentage":98},"Shell","#89e051",0.1,{"name":100,"color":101,"percentage":102},"Dockerfile","#384d54",0,{"name":104,"color":105,"percentage":102},"Jinja","#a52a22",4312,410,"2026-04-15T23:05:31","MIT","Linux, macOS, Windows","非必需。支持通过 Docker Compose 覆盖文件启用 NVIDIA GPU(仅限 Linux),未指定具体型号、显存大小或 CUDA 版本要求。","未说明",{"notes":114,"python":115,"dependencies":116},"1. 推荐使用 Docker 部署(提供 CPU 和 GPU 两种 compose 配置)。2. 核心依赖为外部服务:需自行运行 Ollama(本地 LLM)和 SearXNG(搜索引擎)。3. 数据库默认使用 SQLCipher 加密,若遇问题可设置环境变量使用标准 SQLite。4. Windows 用户若需导出 PDF,需额外安装 Pango 库。5. 无遥测和数据追踪,完全本地运行以保护隐私。","未说明(通过 pip 安装,包含预构建 wheel)",[117,118,119,120],"Ollama (推荐 gpt-oss:20b)","SearXNG","SQLCipher","WeasyPrint (Windows PDF 导出需 Pango)",[13,14,35,122],"其他",[124,125,126,127,128,129,130,131,132,133,134,135,136,65,137,138,139,140,141,142],"academia","arxiv","brave","deep-research","local","local-llm","mistral","pubmed","research","research-tool","retrieval-augmented-generation","searxng","self-hosted","home-automation","homeserver","ollama","anthropic","openai","encryption","2026-03-27T02:49:30.150509","2026-04-17T08:25:16.516280",[],[147,152,157,162,167,172,177,182,187,192,197,202,207,212,217,222,227,232,237,242],{"id":148,"version":149,"summary_zh":150,"released_at":151},289144,"v1.5.6","\u003C!-- 发布说明由 .github\u002Frelease.yml 中的配置在 main 分支上生成 -->\n\n## 变更内容\n### 🔒 安全更新\n* 修复(安全):抑制 gitleaks 对占位符 API 密钥的误报,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3367 中完成\n* 安全:修复通过用户可写设置绕过的通知 SSRF 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3143 中完成\n* 修复:为链接渲染器更新 v17 token API,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3384 中完成\n* 杂项:抑制 CVE-2026-27456 并忽略 Gitleaks #7625,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3391 中完成\n* 修复:将历史提交加入白名单,以处理不必要的 API 密钥占位符,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3397 中完成\n### 💥 重大变更\n* 性能:将 PBKDF2 密钥派生延迟到引擎缓存未命中时执行,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3378 中完成\n### ✨ 新功能\n* 修复(ci):为 Dockerfile 更改添加 Hadolint PR 触发器,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3232 中完成\n* 杂项(hooks):添加 pre-commit 钩子,强制对睡眠测试使用 @pytest.mark.slow 标记,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3260 中完成\n* 性能:将下载管理器分页逻辑移至 SQL,并支持批量 PDF 预览,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3387 中完成\n* 功能:为图书馆页面添加服务器端分页功能,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3388 中完成\n### 🐛 错误修复\n* 性能:将图书馆页面分页逻辑移至 SQL,并支持批量 blob 检查,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3291 中完成\n* 修复:用 PDFStorageManager.pdf_exists 类方法替换虚假的 'auto' 存储模式,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3256 中完成\n* 修复:为 research_resources.document_id 列添加缺失的迁移脚本,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3386 中完成\n* 修复:更新因分页和 PDF 存储更改而中断的测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3396 中完成\n### ⚡ 性能改进\n* 性能:用轻量级下拉查询替换重量级聚合查询,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3389 中完成\n### 📚 文档\n* 更新 README 中的 Docker Compose 部分,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3368 中完成\n* 修订 README,强调代理式研究,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3369 中完成\n### 🔧 CI\u002FCD 与维护\n* 🤖 由 @github-actions[bot] 更新依赖项,见 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3358\n* 杂项(deps):升级 github\u002Fcodeql-action","2026-04-04T15:49:40",{"id":153,"version":154,"summary_zh":155,"released_at":156},289145,"v1.5.5","\u003C!-- 使用 .github\u002Frelease.yml 中的配置生成的发布说明 -->\n\n## 变更内容\n### 🔒 安全更新\n* 修复(依赖):添加 lodash\u002Flodash-es 的覆盖项,以防止易受攻击的传递性解析,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3361 中完成\n### 优化\n* 修复:将 QueuePool 大小增加至 10\u002F20,以防止连接超时,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3355 中完成\n### ⬆️ 依赖升级\n* 杂项(依赖):将 npm_and_yarn 组中 \u002Ftests\u002Faccessibility_tests 目录下的 lodash 从 4.17.23 升级至 4.18.1,由 @dependabot[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3360 中完成\n### 其他变更\n* 杂项:将补丁版本号提升至 1.5.5,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3354 中完成\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.5.4...v1.5.5","2026-04-02T20:38:59",{"id":158,"version":159,"summary_zh":160,"released_at":161},289146,"v1.5.4","\u003C!-- 使用 .github\u002Frelease.yml 中的配置在 main 分支生成的发布说明 -->\n\n## 变更内容\n### 💥 重大变更\n* 修复:增加 QueuePool 大小,以防止连接超时,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3353 中提出\n* 修复(测试):将池大小断言与源代码对齐,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3356 中提出\n### 🔧 CI\u002FCD 与维护\n* 🤖 更新依赖项,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3350 中完成\n* 杂项:同步 pdm.lock 与 pyproject.toml,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3357 中完成\n### 其他变更\n* 杂项:将补丁版本号提升至 1.5.4,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3352 中完成\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.5.3...v1.5.4","2026-04-02T09:58:48",{"id":163,"version":164,"summary_zh":165,"released_at":166},289147,"v1.5.3","\u003C!-- 发布说明由 .github\u002Frelease.yml 中的配置生成,基于 main 分支 -->\n\n## 变更内容\n### 其他变更\n* chore: 由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3345 中将补丁版本号升级至 1.5.3\n* [codex] 修复 loguru 的占位符格式化问题,由 @harqian 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3343 中完成\n\n## 新贡献者\n* @harqian 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3343 中完成了首次贡献\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.5.2...v1.5.3","2026-04-01T21:39:25",{"id":168,"version":169,"summary_zh":170,"released_at":171},289148,"v1.5.2","\u003C!-- 发布说明由 .github\u002Frelease.yml 配置生成 -->\n\n## 变更内容\n### 🔒 安全更新\n* 修复:上下文窗口默认值、兼容性测试跳过、Pygments CVE 以及 pip 安装门控,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3334 中完成\n### 💥 重大变更\n* 修复:实现最小化 QueuePool 并定期释放资源以防止文件描述符耗尽(替代方案),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3340 中完成\n* 修复:将 langgraph-agent 的默认本地上下文窗口大小提升至 18432,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3342 中完成\n### ✨ 新功能\n* 功能新增:添加 langgraph_agent 设置部分,并将默认迭代次数提升至 50 次,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3336 中完成\n* 修复:将“Token 使用随时间变化”图表移至详情页顶部,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3341 中完成\n* 修复:在图表中增加总 Token 数,并在 VRAM 警告中提及指标页面,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3344 中完成\n### 🐛 错误修复\n* 修复(测试):检测 _get_setting() 模式并更新警告信息断言,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3347 中完成\n* 修复:添加 mcp.servers 默认设置以修复 CI 完整性测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3349 中完成\n### 🔧 CI\u002FCD 与维护\n* 杂项(依赖):将 actions\u002Fcheckout 从 6.0.0 升级至 6.0.2,由 @dependabot[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3303 中完成\n### 其他变更\n* 杂项:将补丁版本号提升至 1.5.2,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3333 中完成\n\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.5.1...v1.5.2","2026-04-01T07:22:45",{"id":173,"version":174,"summary_zh":175,"released_at":176},289149,"v1.5.1","\u003C!-- 发布说明由 .github\u002Frelease.yml 配置生成 -->\n\n## 变更内容\n### ✨ 新功能\n* 修复:将本地上下文窗口默认值从 10000 改为 8192,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3328 中完成\n### 🐛 问题修复\n* 修复 (ci):当上一个 PyPI 版本存在损坏的依赖时,跳过兼容性测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3331 中完成\n* 修复 (test):防止临时目录清理时导致的不稳定的速率限制测试失败,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3335 中完成\n### 🐍 Python 相关变更\n* 修复:明确 LangGraph 代理提示适用于研究场景,而非聊天场景,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3329 中完成\n### 其他变更\n* 杂项:将补丁版本号升级至 1.5.1,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3320 中完成\n* 杂项:将补丁版本号升级至 1.5.1,由 @github-actions[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3330 中完成\n* 修复:上下文窗口默认值设为 8192、跳过兼容性测试、修复 pygments 的 CVE 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3332 中完成\n\n\n**完整更新日志**:https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.5.0...v1.5.1","2026-03-31T15:56:16",{"id":178,"version":179,"summary_zh":180,"released_at":181},289150,"v1.5.0","\u003C!-- 使用 .github\u002Frelease.yml 中的配置在 main 分支生成的发布说明 -->\n\n## 变更内容\n\n### 核心功能\n* Langgraph 代理\n\n### 🔒 安全更新\n* 修复(安全):在 link_analytics 中对域名 href 使用 encodeURI,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3243 中完成\n* 修复(Web):在 WebAPIException 处理器中使用 logger.error,并移除误导性注释,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3249 中完成\n* 修复(安全):对 innerHTML 中的服务器数据进行转义,以防止存储型 XSS 攻击,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3220 中完成\n* 杂项(安全):添加 eslint-plugin-no-unsanitized 插件,用于检测 innerHTML XSS 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3250 中完成\n* 修复(可访问性):提升认证页面的可访问性,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3156 中完成\n* 可访问性:下拉菜单 ARIA 属性、表格作用域、页面标题、侧边栏标签以及外部链接的 rel 属性,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3164 中完成\n* 修复:在 run_subscription_now 中使用已认证用户的 ID,而非硬编码的“anonymous”,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3117 中完成\n* 修复(安全):在将错误信息存储到数据库之前对其进行清理,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3122 中完成\n* 修复(安全):将注销接口限制为仅支持 POST 请求,以防止 CSRF 攻击,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3144 中完成\n* 安全:在异常日志消息中对 API 密钥进行清理,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3132 中完成\n* 修复(供应链):将 pre-commit 钩子固定到特定的提交 SHA 值,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3101 中完成\n* 修复(安全):消除密钥创建过程中的 TOCTOU 竞争条件,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3128 中完成\n* 重构:在队列处理器和凭据存储中使用元组代替冒号分隔的字符串,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3137 中完成\n* 安全:限制 unbounded search_cache 的大小,并在钩子中覆盖 logger.exception,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3148 中完成\n* 安全:在 PDF 流程的标题和元数据中对 HTML 进行转义,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3082 中完成\n* 安全:通过 cap_drop 和 security_opt 加强 Docker 容器的安全性,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3083 中完成\n* 安全:修复 MCP 引擎验证时的 fail-open 问题,并添加 collection_name 验证,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F3084 中完成\n* 修复:修正 default_settings.json 中的数据质量问题,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLe","2026-03-30T17:31:52",{"id":183,"version":184,"summary_zh":185,"released_at":186},289151,"v1.4.0","\u003C!-- 发行说明由 .github\u002Frelease.yml 中的配置在 main 分支上生成 -->\n\n\n\n## 新增核心功能\n重要提示:新增的备份系统会将您的硬盘占用量翻倍,因为会将整个数据库作为备份保存。如果您在数据库中存储了大量 PDF 文件,这一点可能会非常明显。\n\n- ReAct 代理\n- 图书馆和历史记录条目的语义搜索\n- 数据库备份\n- Alembic 迁移\n\n## 变更内容\n### 🔒 安全更新\n* 测试(安全):添加白名单\u002F配置一致性测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2848 中完成\n* 修复:加强模块路径规范化中的前缀边界检查,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2847 中完成\n* 修复:移除 SearchTracker 单例 — 测试修复,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2836 中完成\n* 修复:从存储工厂中移除已废弃的 _request_storage 代码,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2864 中完成\n* 修复:将 dynaconf 从 3.2.12 升级至 3.2.13(CVE-2026-33154),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2878 中完成\n* 修复:移除速率限制跟踪器单例,以防止多用户状态泄漏,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2863 中完成\n* 修复(安全):针对性加固 — 缓存、过期凭据、TTL、不安全的日志记录,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2850 中完成\n* 测试:为 data_sanitizer 和 log_sanitizer 添加 92 项覆盖率测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2891 中完成\n* 修复:针对性安全加固 — 凭证暴露途径,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2886 中完成\n* 修复:为搜索缓存键添加按用户隔离机制,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2866 中完成\n* 修复:防止在重启后丢失加密数据库密码而导致研究失败的情况,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2816 中完成\n* 修复:抑制测试文件中的 DevSkim 误报,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2947 中完成\n* 移除:专用的 vLLM 提供者(改用 openai_endpoint),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2949 中完成\n* 重构:将引擎模块路径从设置数据库迁移到硬编码注册表,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2843 中完成\n* 修复:将 NewsScheduler 的密码存储迁移到 CredentialStoreBase,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2868 中完成\n* CI:将 bandit || true 替换为 --exit-zero 并加入崩溃检测,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2951 中完成\n* CI:传播镜像固定验证失败信息,由 @LearningCircuit 在 https:\u002F\u002F","2026-03-28T06:54:01",{"id":188,"version":189,"summary_zh":190,"released_at":191},289152,"v1.3.60","\u003C!-- 使用 .github\u002Frelease.yml 中的配置在 main 分支生成的发布说明 -->\n\n## 变更内容\n### 🔒 安全更新\n* 修复(ci):解决 yauzl 漏洞,该漏洞曾阻止发布流程通过,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2711 中完成\n* 修复(安全):在所有测试 lockfile 中解决 yauzl 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2713 中完成\n* 修复(安全):抑制 Grype 扫描中的 CVE-2026-4105 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2718 中完成\n* 修复(安全):抑制 Grype 扫描中的 CVE-2026-4105 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2719 中完成\n* 修复(安全):将 pyjwt 升级至 2.12.1(GHSA-752w-5fwx-jx9f),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2720 中完成\n* 修复(安全):抑制 Grype 扫描中的 CVE-2025-13462 和 CVE-2026-2673 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2722 中完成\n* 修复(安全):解决 CVE-2026-2219、yauzl 和 tmp 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2748 中完成\n* 功能:检测 finally\u002Fexcept 块中的裸 .close() 调用,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2765 中完成\n* 修复:抑制 5 条误报的安全扫描告警,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2822 中完成\n* 修复:在安全白名单中规范化绝对模块路径,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2823 中完成\n* 修复:将 step-security\u002Fharden-runner 从 v2.15.1 升级至 v2.16.0,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2827 中完成\n* 修复:为引用密钥的工作流添加环境声明,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2828 中完成\n* 修复:抑制 Grype 扫描中 2 个无法修复的 Python 3.14.3 CVE 漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2833 中完成\n* 修复:将 pypdf 从 6.8.0 升级至 6.9.1(CVE-2026-33123),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2834 中完成\n* 修复:规范化 full_search_module 路径,并移除已失效的 serpapi 引用,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2826 中完成\n* 杂项(依赖):将 npm_and_yarn 组中的 socket.io-parser 从 4.2.5 升级至 4.2.6,在 1 个目录中完成,由 @dependabot[bot] 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2835 中完成\n\n### ✨ 新功能\n* 修复:在 4 处 expanduser().resolve() 的位置添加 expandvars(),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2681 中完成\n* 功能:添加 ARIA 属性以提升无障碍性,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1989 中完成\n* 测试:为未测试的战略方法新增 79 个纯逻辑测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLe","2026-03-18T19:03:02",{"id":193,"version":194,"summary_zh":195,"released_at":196},289153,"v1.3.59","\u003C!-- 发布说明由 .github\u002Frelease.yml 中的配置生成 -->\n\n## 变更内容\n### 🔒 安全更新\n* 安全:将全局调度器控制置于配置项之后,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2035 中实现\n* 安全:将调度器的 GET 端点范围限定为当前用户,并强化装饰器功能,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2551 中实现\n* 安全:在 mcp-tests 中将 step-security\u002Fharden-runner 升级至 v2.14.2,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2561 中完成\n* 安全:修复调度器端点作用域问题(继 #2551 之后),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2559 中完成\n* 测试:在 10 个测试覆盖不足的模块中新增 132 个高价值测试(第 5 轮),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2569 中实现\n* 修复:处理 SSE 生成器和下载路由中的认证错误,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2564 中完成\n* 修复:为 pip-audit 的 OSV 失败添加重试逻辑,并对 Trivy SARIF 文件上传进行保护,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2518 中实现\n* 功能:向 BaseSearchEngine 添加共享辅助方法,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2272 中实现\n* 修复:强制执行 API 认证,并缩小 CSRF 免除范围,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1957 中完成\n* 安全:修复多个认证和重定向漏洞,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2168 中完成\n* 测试:为面向浏览器的 API 端点添加端到端的 CSRF 流程测试,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2585 中实现\n* 修复:移除 CORS 通配符,限制 CSP 的 connect-src 指令,并使用日志记录器,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1960 中完成\n* 修复:从生产环境的 Docker 镜像中移除未使用的 Chrome(包含 10 个 CVE),由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2583 中完成\n* 安全:在受 SSRF 保护的 HTTP 请求中验证重定向目标,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1949 中实现\n* 重构:移除 server_config.json — 现仅使用环境变量配置服务器设置,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2505 中完成\n* 文档:为 SSRF 安全模式添加解释性注释,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2607 中完成\n* 功能:在会话过期时自动关闭空闲数据库连接,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2592 中实现\n* 安全:为文件读取操作添加路径遍历防护,由 @LearningCircuit 在 https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1890 中完成\n* 功能:将安全加固功能移至 security\u002F 模块,由 @LearningCircuit 在 https:\u002F\u002Fgit 中完成","2026-03-11T23:42:47",{"id":198,"version":199,"summary_zh":200,"released_at":201},289154,"v1.3.58","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* refactor(csrf): complete CSRF token deduplication across all JS files by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2453\n* docs: add security transparency links to README by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2463\n* security: add Nuclei DAST scanner by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1975\n* security: harden session username access across all routes by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2268\n* fix: SSRF & debug mode security hardening by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1961\n* security: complete session username hardening for missed routes by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2478\n* chore: remove detect-secrets pre-commit hook (redundant with gitleaks) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2476\n* fix: improve 5 setting descriptions and widen tooltip by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2485\n* test: add 134 high-value tests across 4 modules by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2498\n* fix: remove local engine dead code and standardize null byte rejection by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2500\n* security: replace gosu with setpriv, suppress 8 unfixable CVEs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2501\n* chore: add .grype.yaml to suppress false positive and unfixable CVEs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2503\n* chore: suppress all remaining Grype alerts (140 CVEs) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2511\n* chore(deps): bump step-security\u002Fharden-runner from v2.14.0 to v2.14.2 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2522\n* ci: fix docker\u002Fbuild-push-action version pin in grype.yml by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2523\n* ci: pin trivy-version to v0.69.2 (security incident workaround) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2524\n* security: defense-in-depth for post-login redirect (CWE-601) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2521\n* chore(deps): bump lxml-html-clean >=0.4.4 (CVE-2026-28350) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2528\n* chore(security): suppress CVE-2026-23865 (libfreetype6 OOB read) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2531\n* security: fix GHSA-vxmw-7h4f-hqxh false positive for pypi-publish action by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2535\n### 💥 Breaking Changes\n* refactor: remove deprecated settings-based local search engines by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2344\n* fix: clean up session management issues found during PR #2266 audit by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2471\n* fix: prevent server overload and white page under sustained load by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2326\n* fix: add cleanup_current_thread() to prevent file descriptor leaks by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2495\n* fix: remove dead code and fix socket subscription cleanup from PR #2326 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2492\n* refactor: centralize thread cleanup into @thread_cleanup decorator by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2499\n### ✨ New Features\n* feat: add module.exports guard to api.js + comprehensive CSRF tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2461\n* fix: remove max concurrent researches upper cap by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2409\n* ci: add pre-commit hook for golden master settings sync by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2468\n* docs: link Configuration Reference across docs & fix stale env var docs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2472\n* feat: add golden master regeneration script by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2475\n* test: add 131 tests for FocusedIteration, IterativeRefinement & LLM Registry by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-resear","2026-03-03T23:46:49",{"id":203,"version":204,"summary_zh":205,"released_at":206},289155,"v1.3.57","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* test: add app_factory middleware unit tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2433\n* test: add extended tests for auth decorators module by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2431\n* fix(deps): bump nltk 3.9.2 → 3.9.3 (CVE-2025-14009) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2457\n### 🐛 Bug Fixes\n* fix: resolve WebKit Safari auth navigation test failure by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2434\n### 🔧 CI\u002FCD & Maintenance\n* fix: increase pip-audit OSV API timeout to 120s by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2456\n### ⬆️ Dependencies\n* chore(deps): bump basic-ftp from 5.1.0 to 5.2.0 in \u002Ftests\u002Fpuppeteer in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2436\n* chore(deps): bump basic-ftp from 5.1.0 to 5.2.0 in \u002Ftests\u002Fui_tests in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2438\n* chore(deps): bump basic-ftp from 5.1.0 to 5.2.0 in \u002Ftests in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2439\n* chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2446\n* chore(deps): bump minimatch from 10.2.2 to 10.2.4 in \u002Ftests\u002Fpuppeteer in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2448\n* chore(deps): bump minimatch from 10.2.2 to 10.2.4 in \u002Ftests in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2449\n* chore(deps-dev): bump minimatch from 10.2.2 to 10.2.4 in \u002Ftests\u002Finfrastructure_tests in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2450\n### 🧪 Tests\n* test: add unit tests for research_service helper functions by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2435\n* test: add session cleanup and rate limiter IP tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2432\n* test: add extended tests for UserQueueService and log_utils by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2427\n* test: comprehensive tests for search_system_factory by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2428\n* test: comprehensive tests for ThreadSafeMetricsWriter by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2429\n* test: add CitationHandler factory unit tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2430\n### Other Changes\n* test: comprehensive SessionManager tests with proper mocking by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2425\n* test: add globals and history routes extended tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2440\n* chore: bump patch version to 1.3.57 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2424\n* fix(deps): bump pypdf ~=6.7.1 → ~=6.7.3 to fix CVE-2026-27888 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2459\n\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.56...v1.3.57","2026-02-27T21:19:55",{"id":208,"version":209,"summary_zh":210,"released_at":211},289156,"v1.3.56","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\r\n\r\n## What's Changed\r\n### ✨ New Features\r\n* fix: reduce CI test output noise for easier failure diagnosis by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2423\r\n### 🐛 Bug Fixes\r\n* test: fix disconnect tests to match correct subscription schema by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2416\r\n* fix: add missing search strategy options to validation list by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2411\r\n* fix: sources not accumulating across iterations in source-based strategy by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2412\r\n* fix: race condition in emit_to_subscribers iteration by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2415\r\n* fix: guard flask_session with has_request_context() to prevent background thread crash by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2410\r\n* fix: add missing search.question_context_limit default by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2422\r\n* fix: resolve Hadolint SC2015 warnings in Dockerfile by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2426\r\n* fix: add transaction rollback handling in queue service by @haosenwang1018 in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2414\r\n* fix: clean up socket subscriptions on client disconnect by @haosenwang1018 in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2413\r\n### ⬆️ Dependencies\r\n* chore(deps): bump python from `486b809` to `9006fc6` by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2419\r\n### 🔄 Branch Syncs & Automation\r\n\r\n### Other Changes\r\n\r\n* chore: bump patch version to 1.3.56 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2417\r\n* docs: restore inline comments in SourceBasedSearchStrategy by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2418\r\n\r\n## New Contributors\r\n* @haosenwang1018 made their first contribution in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2413\r\n\r\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.55...v1.3.56","2026-02-25T21:31:27",{"id":213,"version":214,"summary_zh":215,"released_at":216},289157,"v1.3.55","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* ci: fail security gate on open code scanning alerts by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1913\n* fix: settings save crash on plain-string options + scheduler encrypted DB access by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2406\n### ✨ New Features\n* Fix JS timer leaks, DOM growth, and mobile navigation cleanup by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1990\n* test: add 186 high-value tests across 10 files by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2403\n### 🐛 Bug Fixes\n* test: add 27 verified-unique edge-case tests (round 2) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2385\n* fix(tests): resolve 4 failing Mobile Safari Playwright tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2401\n* fix: use to_bool for checkbox env var conversion by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1879\n* fix(test): correct mock paths and providers in langchain LLM integration tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2399\n### ⚡ Performance Improvements\n* fix: remove redundant setupProviderChangeListener() + dead code cleanup by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2404\n### ⬆️ Dependencies\n* chore(deps-dev): bump eslint from 10.0.1 to 10.0.2 in \u002Ftests\u002Fpuppeteer by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2407\n### Other Changes\n* chore: bump patch version to 1.3.55 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2378\n\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.54...v1.3.55","2026-02-24T09:24:37",{"id":218,"version":219,"summary_zh":220,"released_at":221},289158,"v1.3.54","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* fix: patch ajv ReDoS vulnerability (GHSA-2g4f-4pwh-qvx6) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2367\n* fix: SQLCipher mlock() warnings — default cipher_memory_security to OFF by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2355\n* perf: improve history page load performance on mobile by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2360\n* fix(ci): grant contents:write through release workflow chain by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2377\n* fix: remaining bug fixes from PR #1393 (xss-protection, deprecated imports) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2376\n* fix(ci): eliminate false positives in file-whitelist-check.sh by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2381\n* fix(docker): document security model, harden cookiecutter, add CI cap test by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2384\n* chore(security): Document unfixable OS vulnerabilities in .trivyignore by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1467\n* fix(ci): ignore unfixed nltk CVE-2025-14009 in pip-audit by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2386\n* fix(security): patch minimatch ReDoS vulnerability (GHSA-3ppc-4f35-3m26) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2387\n### 💥 Breaking Changes\n* fix(ci): resolve 31 pytest + 10 Playwright failures blocking release #1116 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2396\n### ✨ New Features\n* perf: add defer to all external script tags by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2346\n* feat(ci): add CI gate to release pipeline by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2371\n* chore: add vulture dead code detection (non-blocking CI) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1986\n* fix(docker): add diagnostic error when gosu user-switch fails in LXC by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2373\n### 🐛 Bug Fixes\n* fix: reject negative indices and deduplicate reindex in cross-engine filter by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2160\n* fix(docker): add SETUID\u002FSETGID capabilities for gosu in LXC environments by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2372\n* fix: correct runtime bugs and CI failure masking (from #2039) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2118\n* fix: record search metrics before clearing search context by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2379\n* fix: Advanced Options panel defaults to open and renders all rows by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2364\n* test: add 64 edge-case tests across 7 modules by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2383\n* fix(ci): resolve 9 remaining failures blocking Create Release #1118 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2397\n* fix(ci): fix variable scope issue in Dockle workflow by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1919\n* fix(ci): remove stale CODEOWNERS entries and fix Puppeteer test bugs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2398\n### 📚 Documentation\n* docs: add config docs generator script by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2134\n* docs(faq): add Proxmox LXC troubleshooting for Docker permission errors by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2382\n### 🔧 CI\u002FCD & Maintenance\n* fix(tests): remove toHaveScreenshot assertions causing Safari CI failures by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2369\n* chore: remove PR-blocking config docs check by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2380\n* refactor: remove dead code from disabled file location endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1898\n* chore(deps): bump zizmorcore\u002Fzizmor-action from 0.4.1 to 0.5.0 by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2391\n* chore(deps): bump aquasecurity\u002Ftrivy-action from 0.34.0 to 0.34.1 by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2392\n* chore(deps): bump anchore\u002Fsbom-action f","2026-02-23T21:15:16",{"id":223,"version":224,"summary_zh":225,"released_at":226},289159,"v1.3.53","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* fix: escape untrusted data in innerHTML to prevent DOM-based XSS by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1951\n* fix: remove redundant String() wrapping and revert ||→?? in escapeHtml calls by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2347\n* fix(security): dismiss false-positive Bearer alerts #6916 and #6020 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2343\n* fix(docker): add capabilities for entrypoint chown in LXC environments by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2357\n* docs: document in-memory credential security model by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2359\n### ✨ New Features\n* fix(meta-search): add warning log when settings_snapshot is missing by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2342\n* fix: add failure count tracking to dataset processing by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2064\n* test: add 162 unit tests covering untested functions and edge cases by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2345\n* docs: add development guide and expand SQLCipher troubleshooting by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2117\n* docs: emphasize atomic PRs and welcoming tone in contributing guide by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2352\n### 🐛 Bug Fixes\n* test: add high-value tests for real functionality + fix infinite recursion bug by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2341\n* fix: use URLS config instead of hardcoded routes in mobile-navigation.js by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2351\n* fix: use text() wrapper for SQLAlchemy 2.0 session health check by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2353\n* fix: Advanced Options panel scrolling with CSS Grid by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2354\n* fix: misleading error messages in settings API endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2356\n* fix: upgrade flask-socketio to 5.6.1 for Flask 3.1.3 compatibility by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2361\n* fix: remove redundant xAI provider registration by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2362\n* fix(ci): handle missing SARIF file in Bearer scan workflow by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2363\n### 🧪 Tests\n* test: use explicit type assertion for text() wrapper check by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2358\n### Other Changes\n* chore: bump patch version to 1.3.53 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2328\n\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.52...v1.3.53","2026-02-22T14:14:30",{"id":228,"version":229,"summary_zh":230,"released_at":231},289160,"v1.3.52","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* fix(security): resolve Bearer scanner false positives (#6916, #6739, #6020) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2316\n* fix: add research blueprint to CSRF exemptions by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2325\n* fix: add input validation and rate limiting to news API endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2274\n* fix(ci): correct SHA\u002Fversion comment mismatches in workflow action pins by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2334\n* fix(deps): patch werkzeug, pypdf, flask security vulnerabilities by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2336\n* feat: token usage analytics + fix context_limit tracking for all providers by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2314\n### ✨ New Features\n* tests: edge case coverage for type conversion functions by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2315\n* fix: guard against None settings and whitespace-only API keys by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2113\n* fix: settings form novalidate, queue limit, and Pydantic deprecation by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2106\n* ci: gate release workflow behind version-change check + concurrency guard by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2337\n* feat(benchmark): add evaluator info and optional examples to YAML export by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2296\n### 🐛 Bug Fixes\n* fix: prevent white page under load by fixing static file MIME types by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2323\n* fix: context leak in search_engine_base.run() + context manager wrappers by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2329\n* fix(ci): allow E2E gate to run on push events from release workflow by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2331\n* fix: remove unimplemented \u002Fnews\u002Finsights and \u002Fnews\u002Fpreferences routes by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2270\n* refactor: extract coerce_setting_for_write() helper + fix api_update_setting type coercion by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2332\n* fix(tests): correct E2E test URLs for subscriptions API and embeddings page by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2338\n* fix: add validation to api_update_setting and version logging at startup by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2339\n### ⬆️ Dependencies\n* chore(deps): bump puppeteer from 24.37.4 to 24.37.5 in \u002Ftests\u002Fui_tests by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2317\n* chore(deps): bump puppeteer from 24.37.4 to 24.37.5 in \u002Ftests by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2318\n### Other Changes\n* chore: bump patch version to 1.3.52 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2324\n* fix: regenerate stale golden master settings snapshot by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2335\n\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.51...v1.3.52","2026-02-21T12:29:35",{"id":233,"version":234,"summary_zh":235,"released_at":236},289161,"v1.3.51","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* fix: remove debug endpoints from news system by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2294\n* fix: prevent context leaks in decorator, scheduler, and services by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2281\n* fix(deps): patch minimatch ReDoS vulnerability (CVE-2026-26996) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2312\n* fix(ci): upgrade trivy-action to v0.34.0 (CVE-2026-26189) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2322\n### 💥 Breaking Changes\n* fix(docker): remove redundant nested volume mount causing permission denied by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2310\n### ✨ New Features\n* feat: auto-save embedding settings with push notifications by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2291\n### 🐛 Bug Fixes\n* fix: prevent context leaks in decorator and subscription scheduler by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2114\n### 📚 Documentation\n* docs: update search iterations help text to suggest 10-20 for focused iteration by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2293\n### 🔧 CI\u002FCD & Maintenance\n* fix(ci): fix WebKit false positives and remove snapshot PNGs from repo by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2259\n### ⬆️ Dependencies\n* chore(deps): bump puppeteer from 24.37.2 to 24.37.3 in \u002Ftests\u002Fui_tests by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2284\n* chore(deps): bump puppeteer from 24.37.3 to 24.37.4 in \u002Ftests\u002Fui_tests by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2305\n* chore(deps): bump puppeteer from 24.37.3 to 24.37.4 in \u002Ftests by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2302\n* chore(deps-dev): bump puppeteer from 24.37.3 to 24.37.4 in \u002Ftests\u002Fapi_tests_with_login by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2304\n* chore(deps): bump puppeteer from 24.37.3 to 24.37.4 in \u002Ftests\u002Fpuppeteer by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2303\n* chore(deps): bump jspdf from 4.1.0 to 4.2.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2309\n* chore(deps): bump puppeteer from 24.37.4 to 24.37.5 in \u002Ftests\u002Fpuppeteer by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2320\n* chore(deps-dev): bump puppeteer from 24.37.4 to 24.37.5 in \u002Ftests\u002Fapi_tests_with_login by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2319\n### 📊 Metrics & Analytics\n* benchmark: Add benchmark for qwen3-4b by @kwhyte7 in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2301\n### Other Changes\n* chore(node): upgrade to Node.js 24 LTS by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2313\n* chore: bump patch version to 1.3.51 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2260\n\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.50...v1.3.51","2026-02-20T08:31:12",{"id":238,"version":239,"summary_zh":240,"released_at":241},289162,"v1.3.50","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\r\n\r\n## What's Changed\r\n### 🔒 Security Updates\r\n* fix: upgrade pip to 26.0 to fix CVE-2026-1703 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1932\r\n* security: add authentication to all news API endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1941\r\n* security: remove sensitive data from log statements by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1947\r\n* security: add rate limiting to settings endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2021\r\n* test: add tests for security\u002Fmodule_whitelist.py by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2018\r\n* security: validate cipher_page_size and kdf_iterations PRAGMA params by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1948\r\n* Add login_required to scheduler endpoints by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1894\r\n* security: fix XSS in markdown rendering paths by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1945\r\n* fix: suppress DevSkim false positives for hash algorithm detection by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1930\r\n* test: add security module test coverage by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2005\r\n* fix: resolve 5 Bearer P0 SAST security alerts by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1934\r\n* feat: add comprehensive Puppeteer E2E tests with CI workflow by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1360\r\n* fix: validate query parameter type in quick_summary endpoint by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2049\r\n* security: fix command injection in cookiecutter GPU detection hook by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1946\r\n* test: add tests for Bearer P0 security fixes by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2081\r\n* ci: run security file write check on all PRs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2090\r\n* fix: resolve zizmor security scanning alerts in CI workflows by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2093\r\n* fix: replace weak hash algorithms in tests by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2094\r\n* Remove sensitive data from debug logs by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1896\r\n* fix: SQLCipher key derivation & crypto security fixes by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1953\r\n* fix: address security vulnerabilities in Pillow and cryptography by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2173\r\n* docs: fix SECURITY_SCORECARD.md inaccuracies and document alert #5688 by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2175\r\n* security: make allow_registrations env-var-only by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2164\r\n* refactor: extract duplicated safeFetch into shared utility by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1998\r\n* fix: UX polish and XSS hardening for embedding provider dropdown by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2196\r\n* fix: suppress code scanning false positives and fix real security issues by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2098\r\n* ci: add pre-commit hook to detect double HTML escaping by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2198\r\n* fix(security): escape API data in details.js and ui.js to prevent XSS by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1865\r\n* fix: harden XSS escaping and add security comments for Bearer scanner alerts by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2162\r\n* test: add 52 high-value tests for security, core logic, and persistence by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2209\r\n* fix(security): harden re-run research feature defensively by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2208\r\n* chore: audit and tighten check-env-vars hook exceptions by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F2212\r\n* security: add pagination bounds to unbounded database queries by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1956\r\n","2026-02-17T20:38:25",{"id":243,"version":244,"summary_zh":245,"released_at":246},289163,"v1.3.49","\u003C!-- Release notes generated using configuration in .github\u002Frelease.yml at main -->\n\n## What's Changed\n### 🔒 Security Updates\n* Add rate limiting to collection upload endpoint by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1892\n* fix: validate model path before filesystem operations (CWE-22) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1910\n* fix: don't expose exception details to users (CWE-209) by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1914\n* ci: add PR trigger for CodeQL scanning by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1911\n* Add CRLF injection protection to redirect URL validation by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1893\n### ✨ New Features\n* Document loaders by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1666\n### 🔧 CI\u002FCD & Maintenance\n* chore(deps): bump actions\u002Fattest-build-provenance from 3.1.0 to 3.2.0 by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1902\n* chore(deps): bump step-security\u002Fharden-runner from 2.13.3 to 2.14.1 by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1903\n* chore(deps): bump anchore\u002Fsbom-action from 0.22.0 to 0.22.1 by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1905\n* fix: ignore hadolint DL3059 to preserve Docker layer caching by @LearningCircuit in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1926\n### ⬆️ Dependencies\n* chore(deps): bump jspdf from 4.0.0 to 4.1.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1924\n### Other Changes\n* Allow npm commands to be cached by docker when building the image by @Parura5726 in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1884\n* chore: auto-bump version to 1.3.49 by @github-actions[bot] in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1907\n\n## New Contributors\n* @Parura5726 made their first contribution in https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fpull\u002F1884\n\n**Full Changelog**: https:\u002F\u002Fgithub.com\u002FLearningCircuit\u002Flocal-deep-research\u002Fcompare\u002Fv1.3.48...v1.3.49","2026-02-03T13:29:15"]