deer-flow

DeerFlow (2.0) is an open-source long-horizon “super agent” harness that orchestrates sub-agents, memory, and sandboxed execution to perform complex tasks over minutes to hours, with extensible skills/tools and support for configurable model providers (Python/Node ecosystem) and integrations like MCP servers and messaging (IM) channels.

Evaluated Mar 29, 2026 (0d ago)

Homepage ↗ Repo ↗ Ai Ml ai-agents agentic-framework superagent langchain langgraph mcp sandbox multi-agent memory tool-use python

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

README shows extensive credential configuration via environment variables and provider config, and indicates OAuth token flows for MCP servers and token-based auth for IM channels. However, the excerpt does not provide detailed security guarantees (e.g., TLS/HTTP enforcement specifics, secret redaction/logging behavior, or dependency/CVE posture). The presence of sandbox modes suggests an intended isolation layer, but operational misconfiguration remains a risk.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You want a configurable agent orchestration framework that can manage multi-step work, tool usage, and isolated execution environments, and you can handle model/provider credentials securely.

Avoid When

You cannot control or constrain sandbox/tool access, or you require highly deterministic, low-latency interactions with minimal operational complexity.

Use Cases

• Long-horizon agentic workflows (research, planning, coding) with sub-agents
• Sandboxed tool execution (local, Docker, or Kubernetes) for safer runs
• Integrating external capabilities via MCP servers/skills
• Running agent entrypoints through IM channels (Telegram/Slack/Feishu)
• Providing long-term memory with loadable/reviewable memory fixtures

Not For

• Applications needing a simple single-purpose API wrapper
• Environments requiring strict, documented operational SLAs without additional engineering
• Use without careful security review when enabling external tool/sandbox integrations

Interface

REST API

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

Methods: OpenAI-compatible API keys (env/config) Provider-specific API keys via config.yaml OAuth token flows for HTTP/SSE MCP servers (client_credentials, refresh_token) Messaging channel authentication (Telegram bot token, Slack bot/app tokens, Feishu/Lark app_id/app_secret) CLI/OAuth handoff for Claude Code (multiple env/file options; credentials JSON paths)

OAuth: Yes Scopes: No

Auth mechanisms are configuration-driven. For MCP servers, README states OAuth token flows are supported for HTTP/SSE. For IM channels, tokens/credentials are configured in config.yaml/.env. No fine-grained scope granularity is described for DeerFlow’s own auth in the provided excerpt.

Pricing

Free tier: No

Requires CC: No

Open-source project; costs depend on chosen model provider APIs and any optional external services (e.g., InfoQuest, tracing providers).

Agent Metadata

Idempotent

Unknown

Retry Guidance

Not documented

Known Gotchas

⚠ Sandbox execution mode selection (local vs Docker vs Kubernetes) affects isolation/security and operational behavior
⚠ Token-cap differences across provider adapters (e.g., Codex Responses endpoint rejecting certain token caps) may require configuration adjustments
⚠ Some CLI integrations require explicit credential export/handoff (e.g., Claude Code on macOS) and may not auto-detect Keychain

Alternatives

LangGraph-based agent servers (DIY orchestration) Semantic Kernel / Microsoft AutoGen (agent orchestration frameworks) CrewAI or similar multi-agent frameworks Custom super-agent harness built on LangChain/LangGraph plus a queue/worker and sandbox layer

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for deer-flow.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-29.