Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

262 lines
7.4 KiB
Markdown

# Migration Guide: LDR v0.x to v1.0
## Overview
Local Deep Research v1.0 introduces significant security and architectural improvements:
- **User Authentication**: All access now requires authentication
- **Per-User Encrypted Databases**: Each user has their own encrypted SQLCipher database
- **Settings Snapshots**: Thread-safe settings management for concurrent operations
- **New API Structure**: Reorganized endpoints under blueprint prefixes
## Breaking Changes
### 1. Authentication Required
**v0.x**: Open access, no authentication
```python
# Direct API access
from local_deep_research.api import quick_summary
result = quick_summary("query")
```
**v1.0**: Authentication required
```python
from local_deep_research.api import quick_summary
from local_deep_research.settings import SettingsManager
from local_deep_research.database.session_context import get_user_db_session
# Must authenticate first
with get_user_db_session(username="user", password="pass") as session:
settings_manager = SettingsManager(session)
settings_snapshot = settings_manager.get_all_settings()
result = quick_summary(
"query",
settings_snapshot=settings_snapshot # Required parameter
)
```
### 2. HTTP API Changes
#### Endpoint Structure
- **v0.x**: `/api/v1/quick_summary`
- **v1.0**: `/api/start_research`
#### Authentication Flow
```python
import requests
# v1.0 requires session-based authentication
session = requests.Session()
# 1. Login
session.post(
"http://localhost:5000/auth/login",
json={"username": "user", "password": "pass"}
)
# 2. Get CSRF token for state-changing operations
csrf = session.get("http://localhost:5000/auth/csrf-token").json()["csrf_token"]
# 3. Make API requests with CSRF token
response = session.post(
"http://localhost:5000/api/start_research",
json={"query": "test"},
headers={"X-CSRF-Token": csrf}
)
```
### 3. Database Changes
#### v0.x
- Single shared database: `ldr.db`
- No encryption
- Direct database access from any thread
#### v1.0
- Per-user databases: `encrypted_databases/{username}.db`
- SQLCipher encryption with user passwords
- Thread-local session management
- In-memory queue tracking (no more service_db)
### 4. Settings Management
#### v0.x
```python
# Direct settings access
from local_deep_research.config import get_db_setting
value = get_db_setting("llm.provider")
```
#### v1.0
```python
# Settings require context
from local_deep_research.settings import SettingsManager
# Within authenticated session
settings_manager = SettingsManager(session)
value = settings_manager.get_setting("llm.provider")
# Or use settings snapshot for thread safety
settings_snapshot = settings_manager.get_all_settings()
```
## Migration Steps
### 1. Update Dependencies
```bash
pip install --upgrade local-deep-research
```
### 2. Create User Accounts
Users must create accounts through the web interface:
1. Start the server: `python -m local_deep_research.web.app`
2. Open http://localhost:5000
3. Click "Register" and create an account
4. Configure LLM providers and API keys in Settings
### 3. Update Programmatic Code
#### Before (v0.x):
```python
from local_deep_research.api import (
quick_summary,
detailed_research,
generate_report
)
# Direct usage
result = quick_summary("What is AI?")
```
#### After (v1.0):
```python
from local_deep_research.api import quick_summary
from local_deep_research.settings import SettingsManager
from local_deep_research.database.session_context import get_user_db_session
def run_research(username, password, query):
with get_user_db_session(username, password) as session:
settings_manager = SettingsManager(session)
settings_snapshot = settings_manager.get_all_settings()
return quick_summary(
query=query,
settings_snapshot=settings_snapshot,
# Other parameters remain the same
iterations=2,
questions_per_iteration=3
)
```
### 4. Update HTTP API Calls
Create a wrapper for authenticated requests:
```python
class LDRClient:
def __init__(self, base_url="http://localhost:5000"):
self.base_url = base_url
self.session = requests.Session()
self.csrf_token = None
def login(self, username, password):
response = self.session.post(
f"{self.base_url}/auth/login",
json={"username": username, "password": password}
)
if response.status_code == 200:
self.csrf_token = self.session.get(
f"{self.base_url}/auth/csrf-token"
).json()["csrf_token"]
return response
def start_research(self, query, **kwargs):
return self.session.post(
f"{self.base_url}/api/start_research",
json={"query": query, **kwargs},
headers={"X-CSRF-Token": self.csrf_token}
)
# Usage
client = LDRClient()
client.login("user", "pass")
result = client.start_research("What is quantum computing?")
```
### 5. Update Configuration
#### API Keys
API keys are now stored encrypted in per-user databases. Users must:
1. Login to the web interface
2. Go to Settings
3. Re-enter API keys for LLM providers
#### Custom LLMs
Custom LLM registrations now require settings context:
```python
# v1.0 custom LLM with settings support
def create_custom_llm(model_name=None, temperature=None, settings_snapshot=None):
# Access settings from snapshot if needed
api_key = settings_snapshot.get("llm.custom.api_key", {}).get("value")
return CustomLLM(api_key=api_key, model=model_name, temperature=temperature)
```
## Common Issues and Solutions
### Issue: "No settings context available in thread"
**Solution**: Pass `settings_snapshot` parameter to all API calls
### Issue: "Encrypted database requires password"
**Solution**: Ensure you're using `get_user_db_session()` with credentials
### Issue: CSRF token errors
**Solution**: Get fresh CSRF token before state-changing requests
### Issue: Old endpoints return 404
**Solution**: Update to new endpoint structure (see mapping above)
### Issue: Rate limiting not working
**Solution**: Rate limits are now per-user; ensure proper authentication
## Backward Compatibility
For temporary backward compatibility, you can:
1. Set environment variable: `LDR_USE_SHARED_DB=1` (not recommended)
2. Create a compatibility wrapper for your existing code
```python
# compatibility.py
import os
os.environ["LDR_USE_SHARED_DB"] = "1" # Use at your own risk
def quick_summary_compat(query, **kwargs):
# Minimal compatibility wrapper
# Note: This bypasses security features!
from local_deep_research.api import quick_summary
return quick_summary(query, settings_snapshot={}, **kwargs)
```
⚠️ **Warning**: Compatibility mode bypasses security features and is not recommended for production use.
## Benefits of v1.0
1. **Security**: Encrypted databases protect sensitive API keys and research data
2. **Multi-User**: Multiple users can work simultaneously without conflicts
3. **Performance**: Cached settings and thread-local sessions improve speed
4. **Reliability**: Thread-safe operations prevent race conditions
5. **Privacy**: User data is completely isolated
## Getting Help
- Check the [API Quick Start Guide](api-quickstart.md)
- See [examples/api_usage](../examples/api_usage/) for updated examples
- Join our [Discord](https://discord.gg/ttcqQeFcJ3) for migration support
- Report issues on [GitHub](https://github.com/LearningCircuit/local-deep-research/issues)