7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
262 lines
7.4 KiB
Markdown
262 lines
7.4 KiB
Markdown
# Migration Guide: LDR v0.x to v1.0
|
|
|
|
## Overview
|
|
|
|
Local Deep Research v1.0 introduces significant security and architectural improvements:
|
|
|
|
- **User Authentication**: All access now requires authentication
|
|
- **Per-User Encrypted Databases**: Each user has their own encrypted SQLCipher database
|
|
- **Settings Snapshots**: Thread-safe settings management for concurrent operations
|
|
- **New API Structure**: Reorganized endpoints under blueprint prefixes
|
|
|
|
## Breaking Changes
|
|
|
|
### 1. Authentication Required
|
|
|
|
**v0.x**: Open access, no authentication
|
|
```python
|
|
# Direct API access
|
|
from local_deep_research.api import quick_summary
|
|
result = quick_summary("query")
|
|
```
|
|
|
|
**v1.0**: Authentication required
|
|
```python
|
|
from local_deep_research.api import quick_summary
|
|
from local_deep_research.settings import SettingsManager
|
|
from local_deep_research.database.session_context import get_user_db_session
|
|
|
|
# Must authenticate first
|
|
with get_user_db_session(username="user", password="pass") as session:
|
|
settings_manager = SettingsManager(session)
|
|
settings_snapshot = settings_manager.get_all_settings()
|
|
|
|
result = quick_summary(
|
|
"query",
|
|
settings_snapshot=settings_snapshot # Required parameter
|
|
)
|
|
```
|
|
|
|
### 2. HTTP API Changes
|
|
|
|
#### Endpoint Structure
|
|
- **v0.x**: `/api/v1/quick_summary`
|
|
- **v1.0**: `/api/start_research`
|
|
|
|
#### Authentication Flow
|
|
```python
|
|
import requests
|
|
|
|
# v1.0 requires session-based authentication
|
|
session = requests.Session()
|
|
|
|
# 1. Login
|
|
session.post(
|
|
"http://localhost:5000/auth/login",
|
|
json={"username": "user", "password": "pass"}
|
|
)
|
|
|
|
# 2. Get CSRF token for state-changing operations
|
|
csrf = session.get("http://localhost:5000/auth/csrf-token").json()["csrf_token"]
|
|
|
|
# 3. Make API requests with CSRF token
|
|
response = session.post(
|
|
"http://localhost:5000/api/start_research",
|
|
json={"query": "test"},
|
|
headers={"X-CSRF-Token": csrf}
|
|
)
|
|
```
|
|
|
|
### 3. Database Changes
|
|
|
|
#### v0.x
|
|
- Single shared database: `ldr.db`
|
|
- No encryption
|
|
- Direct database access from any thread
|
|
|
|
#### v1.0
|
|
- Per-user databases: `encrypted_databases/{username}.db`
|
|
- SQLCipher encryption with user passwords
|
|
- Thread-local session management
|
|
- In-memory queue tracking (no more service_db)
|
|
|
|
### 4. Settings Management
|
|
|
|
#### v0.x
|
|
```python
|
|
# Direct settings access
|
|
from local_deep_research.config import get_db_setting
|
|
value = get_db_setting("llm.provider")
|
|
```
|
|
|
|
#### v1.0
|
|
```python
|
|
# Settings require context
|
|
from local_deep_research.settings import SettingsManager
|
|
|
|
# Within authenticated session
|
|
settings_manager = SettingsManager(session)
|
|
value = settings_manager.get_setting("llm.provider")
|
|
|
|
# Or use settings snapshot for thread safety
|
|
settings_snapshot = settings_manager.get_all_settings()
|
|
```
|
|
|
|
## Migration Steps
|
|
|
|
### 1. Update Dependencies
|
|
|
|
```bash
|
|
pip install --upgrade local-deep-research
|
|
```
|
|
|
|
### 2. Create User Accounts
|
|
|
|
Users must create accounts through the web interface:
|
|
|
|
1. Start the server: `python -m local_deep_research.web.app`
|
|
2. Open http://localhost:5000
|
|
3. Click "Register" and create an account
|
|
4. Configure LLM providers and API keys in Settings
|
|
|
|
### 3. Update Programmatic Code
|
|
|
|
#### Before (v0.x):
|
|
```python
|
|
from local_deep_research.api import (
|
|
quick_summary,
|
|
detailed_research,
|
|
generate_report
|
|
)
|
|
|
|
# Direct usage
|
|
result = quick_summary("What is AI?")
|
|
```
|
|
|
|
#### After (v1.0):
|
|
```python
|
|
from local_deep_research.api import quick_summary
|
|
from local_deep_research.settings import SettingsManager
|
|
from local_deep_research.database.session_context import get_user_db_session
|
|
|
|
def run_research(username, password, query):
|
|
with get_user_db_session(username, password) as session:
|
|
settings_manager = SettingsManager(session)
|
|
settings_snapshot = settings_manager.get_all_settings()
|
|
|
|
return quick_summary(
|
|
query=query,
|
|
settings_snapshot=settings_snapshot,
|
|
# Other parameters remain the same
|
|
iterations=2,
|
|
questions_per_iteration=3
|
|
)
|
|
```
|
|
|
|
### 4. Update HTTP API Calls
|
|
|
|
Create a wrapper for authenticated requests:
|
|
|
|
```python
|
|
class LDRClient:
|
|
def __init__(self, base_url="http://localhost:5000"):
|
|
self.base_url = base_url
|
|
self.session = requests.Session()
|
|
self.csrf_token = None
|
|
|
|
def login(self, username, password):
|
|
response = self.session.post(
|
|
f"{self.base_url}/auth/login",
|
|
json={"username": username, "password": password}
|
|
)
|
|
if response.status_code == 200:
|
|
self.csrf_token = self.session.get(
|
|
f"{self.base_url}/auth/csrf-token"
|
|
).json()["csrf_token"]
|
|
return response
|
|
|
|
def start_research(self, query, **kwargs):
|
|
return self.session.post(
|
|
f"{self.base_url}/api/start_research",
|
|
json={"query": query, **kwargs},
|
|
headers={"X-CSRF-Token": self.csrf_token}
|
|
)
|
|
|
|
# Usage
|
|
client = LDRClient()
|
|
client.login("user", "pass")
|
|
result = client.start_research("What is quantum computing?")
|
|
```
|
|
|
|
### 5. Update Configuration
|
|
|
|
#### API Keys
|
|
API keys are now stored encrypted in per-user databases. Users must:
|
|
1. Login to the web interface
|
|
2. Go to Settings
|
|
3. Re-enter API keys for LLM providers
|
|
|
|
#### Custom LLMs
|
|
Custom LLM registrations now require settings context:
|
|
|
|
```python
|
|
# v1.0 custom LLM with settings support
|
|
def create_custom_llm(model_name=None, temperature=None, settings_snapshot=None):
|
|
# Access settings from snapshot if needed
|
|
api_key = settings_snapshot.get("llm.custom.api_key", {}).get("value")
|
|
return CustomLLM(api_key=api_key, model=model_name, temperature=temperature)
|
|
```
|
|
|
|
## Common Issues and Solutions
|
|
|
|
### Issue: "No settings context available in thread"
|
|
**Solution**: Pass `settings_snapshot` parameter to all API calls
|
|
|
|
### Issue: "Encrypted database requires password"
|
|
**Solution**: Ensure you're using `get_user_db_session()` with credentials
|
|
|
|
### Issue: CSRF token errors
|
|
**Solution**: Get fresh CSRF token before state-changing requests
|
|
|
|
### Issue: Old endpoints return 404
|
|
**Solution**: Update to new endpoint structure (see mapping above)
|
|
|
|
### Issue: Rate limiting not working
|
|
**Solution**: Rate limits are now per-user; ensure proper authentication
|
|
|
|
## Backward Compatibility
|
|
|
|
For temporary backward compatibility, you can:
|
|
|
|
1. Set environment variable: `LDR_USE_SHARED_DB=1` (not recommended)
|
|
2. Create a compatibility wrapper for your existing code
|
|
|
|
```python
|
|
# compatibility.py
|
|
import os
|
|
os.environ["LDR_USE_SHARED_DB"] = "1" # Use at your own risk
|
|
|
|
def quick_summary_compat(query, **kwargs):
|
|
# Minimal compatibility wrapper
|
|
# Note: This bypasses security features!
|
|
from local_deep_research.api import quick_summary
|
|
return quick_summary(query, settings_snapshot={}, **kwargs)
|
|
```
|
|
|
|
⚠️ **Warning**: Compatibility mode bypasses security features and is not recommended for production use.
|
|
|
|
## Benefits of v1.0
|
|
|
|
1. **Security**: Encrypted databases protect sensitive API keys and research data
|
|
2. **Multi-User**: Multiple users can work simultaneously without conflicts
|
|
3. **Performance**: Cached settings and thread-local sessions improve speed
|
|
4. **Reliability**: Thread-safe operations prevent race conditions
|
|
5. **Privacy**: User data is completely isolated
|
|
|
|
## Getting Help
|
|
|
|
- Check the [API Quick Start Guide](api-quickstart.md)
|
|
- See [examples/api_usage](../examples/api_usage/) for updated examples
|
|
- Join our [Discord](https://discord.gg/ttcqQeFcJ3) for migration support
|
|
- Report issues on [GitHub](https://github.com/LearningCircuit/local-deep-research/issues)
|