geckon01/local-deep-research
1
0
Fork 0
mirror of https://github.com/LearningCircuit/local-deep-research.git synced 2026-06-15 19:46:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba0912056c5b78bf2c8a1fb15eef202d72fec401
local-deep-research/docs/MIGRATION_GUIDE_v1.md
LearningCircuit 7d8fdee7dd fix: unify SettingsManagers, fix env var bugs (#2070) 
* fix: unify SettingsManagers, fix env var bugs, delete duplicate

Two parallel SettingsManager implementations existed (settings/manager.py
and web/services/settings_manager.py) that diverged accidentally, each
with different bugs. This unifies them into a single implementation.

Bug fixes in settings/manager.py:
- get_setting() now checks env vars when setting is not in DB (was
  jumping straight to return default, ignoring env override)
- get_all_settings() now type-converts env overrides through
  get_typed_setting_value() (was storing raw strings like "true"
  instead of True)
- create_or_update_setting() now correctly checks db_setting.editable
  (was checking input dict's .editable which caused AttributeError)
- Added missing ui_element types: textarea, multiselect

Features added to settings/manager.py:
- get_bool_setting() method (required by rag_routes.py)
- default_settings now loads all 18 JSON files via rglob (was only
  loading 1 file with 370 settings, now loads 526)

All production and test imports updated from web.services.settings_manager
to settings.manager. Duplicate web/services/settings_manager.py deleted.

314 tests pass across 7 test files. 9 new tests cover bug fixes.

* test: add 29 tests for unified SettingsManager coverage gaps (#2071)

Cover create_or_update_setting (8 tests), default_settings property (4),
_ensure_settings_initialized (2), new UI element types textarea/multiselect/
range (4), _emit_settings_changed error resilience (3), plus edge cases
for get_setting check_env=False, get_all_settings with locked settings,
get_bool_setting with integers, parse_boolean edge cases, and env override
type conversion for text settings.

* fix: add missing abstract methods, env var defaults override, and type bug (#2074)

- Add get_bool_setting() and get_settings_snapshot() abstract methods to
  ISettingsManager base class so the interface contract is complete
- Fix create_or_update_setting: use setting_obj.type directly instead of
  SettingType[setting_obj.type.upper()] which fails when type is already
  a SettingType enum from the Pydantic model
- Add env var override in get_all_settings() defaults loop so settings
  not yet in DB can still be overridden via LDR_* environment variables
- Fix test_get_all_settings_db_error to expect defaults on DB failure
  (graceful degradation after unification)

* refactor: deduplicate provider availability checks and settings wrapper (#2054) (#2068)

- Delegate 5 provider availability functions in llm_config.py to their
  existing provider class is_available() methods (OpenAI, Anthropic,
  CustomOpenAIEndpoint, Ollama, LMStudio)
- Extract _get_or_create_status() helper in queue_service.py to
  eliminate duplicated QueueStatus lookup-or-create pattern
- Centralize get_llm_setting_from_snapshot() in thread_settings.py,
  replacing 6 identical copy-pasted wrappers across provider files
- Update test mock targets to reflect new delegation pattern

* fix: add missing abstract method implementations to InMemorySettingsManager

InMemorySettingsManager was missing get_bool_setting() and
get_settings_snapshot() implementations required by the ISettingsManager
ABC, causing TypeError on instantiation and cascading failures in
LLM unit tests, REST API tests, and Puppeteer auth tests.

* fix: convert web SettingType to database SettingType in create_or_update_setting

The PR changed `type=SettingType[setting_obj.type.upper()]` to
`type=setting_obj.type`, but setting_obj.type is a web model SettingType
(str, Enum) while Setting.type expects the database SettingType (enum.Enum).
This causes a 500 error when creating new settings via PUT endpoint.

Use `.name` for cleaner enum-to-enum conversion instead of `.upper()`.

* fix: add multiselect type conversion and warn on untyped env overrides (#2080)

Address review feedback from @djpetti on PR #2070:

1. Replace multiselect `lambda x: x` with `_parse_multiselect()` that
   properly handles env var strings — parses JSON arrays (e.g.
   '["markdown","latex"]') and comma-separated values (e.g.
   'markdown,latex') while passing through lists from SQLAlchemy
   unchanged.

2. Log a warning when get_setting() encounters an env var override for
   a setting not in defaults, returning the raw string without type
   conversion. This surfaces settings that should be added to a
   defaults JSON file to get proper type information.

Tests: 14 new tests (111 total in test_settings_manager.py, 0 failures)

* test: add tests for consolidated UI element-to-type mapping

Verifies single canonical _UI_ELEMENT_TO_SETTING_TYPE is reused by
both InMemorySettingsManager and SettingsManager.
2026-02-11 06:59:07 +01:00

7.4 KiB
Raw Blame History

Migration Guide: LDR v0.x to v1.0

Overview

Local Deep Research v1.0 introduces significant security and architectural improvements:

  • User Authentication: All access now requires authentication
  • Per-User Encrypted Databases: Each user has their own encrypted SQLCipher database
  • Settings Snapshots: Thread-safe settings management for concurrent operations
  • New API Structure: Reorganized endpoints under blueprint prefixes

Breaking Changes

1. Authentication Required

v0.x: Open access, no authentication

# Direct API access
from local_deep_research.api import quick_summary
result = quick_summary("query")

v1.0: Authentication required

from local_deep_research.api import quick_summary
from local_deep_research.settings import SettingsManager
from local_deep_research.database.session_context import get_user_db_session

# Must authenticate first
with get_user_db_session(username="user", password="pass") as session:
    settings_manager = SettingsManager(session)
    settings_snapshot = settings_manager.get_all_settings()

    result = quick_summary(
        "query",
        settings_snapshot=settings_snapshot  # Required parameter
    )

2. HTTP API Changes

Endpoint Structure

  • v0.x: /api/v1/quick_summary
  • v1.0: /api/start_research

Authentication Flow

import requests

# v1.0 requires session-based authentication
session = requests.Session()

# 1. Login
session.post(
    "http://localhost:5000/auth/login",
    json={"username": "user", "password": "pass"}
)

# 2. Get CSRF token for state-changing operations
csrf = session.get("http://localhost:5000/auth/csrf-token").json()["csrf_token"]

# 3. Make API requests with CSRF token
response = session.post(
    "http://localhost:5000/api/start_research",
    json={"query": "test"},
    headers={"X-CSRF-Token": csrf}
)

3. Database Changes

v0.x

  • Single shared database: ldr.db
  • No encryption
  • Direct database access from any thread

v1.0

  • Per-user databases: encrypted_databases/{username}.db
  • SQLCipher encryption with user passwords
  • Thread-local session management
  • In-memory queue tracking (no more service_db)

4. Settings Management

v0.x

# Direct settings access
from local_deep_research.config import get_db_setting
value = get_db_setting("llm.provider")

v1.0

# Settings require context
from local_deep_research.settings import SettingsManager

# Within authenticated session
settings_manager = SettingsManager(session)
value = settings_manager.get_setting("llm.provider")

# Or use settings snapshot for thread safety
settings_snapshot = settings_manager.get_all_settings()

Migration Steps

1. Update Dependencies

pip install --upgrade local-deep-research

2. Create User Accounts

Users must create accounts through the web interface:

  1. Start the server: python -m local_deep_research.web.app
  2. Open http://localhost:5000
  3. Click "Register" and create an account
  4. Configure LLM providers and API keys in Settings

3. Update Programmatic Code

Before (v0.x):

from local_deep_research.api import (
    quick_summary,
    detailed_research,
    generate_report
)

# Direct usage
result = quick_summary("What is AI?")

After (v1.0):

from local_deep_research.api import quick_summary
from local_deep_research.settings import SettingsManager
from local_deep_research.database.session_context import get_user_db_session

def run_research(username, password, query):
    with get_user_db_session(username, password) as session:
        settings_manager = SettingsManager(session)
        settings_snapshot = settings_manager.get_all_settings()

        return quick_summary(
            query=query,
            settings_snapshot=settings_snapshot,
            # Other parameters remain the same
            iterations=2,
            questions_per_iteration=3
        )

4. Update HTTP API Calls

Create a wrapper for authenticated requests:

class LDRClient:
    def __init__(self, base_url="http://localhost:5000"):
        self.base_url = base_url
        self.session = requests.Session()
        self.csrf_token = None

    def login(self, username, password):
        response = self.session.post(
            f"{self.base_url}/auth/login",
            json={"username": username, "password": password}
        )
        if response.status_code == 200:
            self.csrf_token = self.session.get(
                f"{self.base_url}/auth/csrf-token"
            ).json()["csrf_token"]
        return response

    def start_research(self, query, **kwargs):
        return self.session.post(
            f"{self.base_url}/api/start_research",
            json={"query": query, **kwargs},
            headers={"X-CSRF-Token": self.csrf_token}
        )

# Usage
client = LDRClient()
client.login("user", "pass")
result = client.start_research("What is quantum computing?")

5. Update Configuration

API Keys

API keys are now stored encrypted in per-user databases. Users must:

  1. Login to the web interface
  2. Go to Settings
  3. Re-enter API keys for LLM providers

Custom LLMs

Custom LLM registrations now require settings context:

# v1.0 custom LLM with settings support
def create_custom_llm(model_name=None, temperature=None, settings_snapshot=None):
    # Access settings from snapshot if needed
    api_key = settings_snapshot.get("llm.custom.api_key", {}).get("value")
    return CustomLLM(api_key=api_key, model=model_name, temperature=temperature)

Common Issues and Solutions

Issue: "No settings context available in thread"

Solution: Pass settings_snapshot parameter to all API calls

Issue: "Encrypted database requires password"

Solution: Ensure you're using get_user_db_session() with credentials

Issue: CSRF token errors

Solution: Get fresh CSRF token before state-changing requests

Issue: Old endpoints return 404

Solution: Update to new endpoint structure (see mapping above)

Issue: Rate limiting not working

Solution: Rate limits are now per-user; ensure proper authentication

Backward Compatibility

For temporary backward compatibility, you can:

  1. Set environment variable: LDR_USE_SHARED_DB=1 (not recommended)
  2. Create a compatibility wrapper for your existing code
# compatibility.py
import os
os.environ["LDR_USE_SHARED_DB"] = "1"  # Use at your own risk

def quick_summary_compat(query, **kwargs):
    # Minimal compatibility wrapper
    # Note: This bypasses security features!
    from local_deep_research.api import quick_summary
    return quick_summary(query, settings_snapshot={}, **kwargs)

⚠️ Warning: Compatibility mode bypasses security features and is not recommended for production use.

Benefits of v1.0

  1. Security: Encrypted databases protect sensitive API keys and research data
  2. Multi-User: Multiple users can work simultaneously without conflicts
  3. Performance: Cached settings and thread-local sessions improve speed
  4. Reliability: Thread-safe operations prevent race conditions
  5. Privacy: User data is completely isolated

Getting Help

Reference in New Issue View Git Blame Copy Permalink