{"id":"bytedance-deer-flow","name":"deer-flow","homepage":"https://deerflow.tech","repo_url":"https://github.com/bytedance/deer-flow","category":"ai-ml","subcategories":[],"tags":["ai-agents","agentic-framework","superagent","langchain","langgraph","mcp","sandbox","multi-agent","memory","tool-use","python"],"what_it_does":"DeerFlow (2.0) is an open-source long-horizon “super agent” harness that orchestrates sub-agents, memory, and sandboxed execution to perform complex tasks over minutes to hours, with extensible skills/tools and support for configurable model providers (Python/Node ecosystem) and integrations like MCP servers and messaging (IM) channels.","use_cases":["Long-horizon agentic workflows (research, planning, coding) with sub-agents","Sandboxed tool execution (local, Docker, or Kubernetes) for safer runs","Integrating external capabilities via MCP servers/skills","Running agent entrypoints through IM channels (Telegram/Slack/Feishu)","Providing long-term memory with loadable/reviewable memory fixtures"],"not_for":["Applications needing a simple single-purpose API wrapper","Environments requiring strict, documented operational SLAs without additional engineering","Use without careful security review when enabling external tool/sandbox integrations"],"best_when":"You want a configurable agent orchestration framework that can manage multi-step work, tool usage, and isolated execution environments, and you can handle model/provider credentials securely.","avoid_when":"You cannot control or constrain sandbox/tool access, or you require highly deterministic, low-latency interactions with minimal operational complexity.","alternatives":["LangGraph-based agent servers (DIY orchestration)","Semantic Kernel / Microsoft AutoGen (agent orchestration frameworks)","CrewAI or similar multi-agent frameworks","Custom super-agent harness built on LangChain/LangGraph plus a queue/worker and sandbox layer"],"af_score":52.5,"security_score":57.0,"reliability_score":30.0,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T12:58:23.249714+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OpenAI-compatible API keys (env/config)","Provider-specific API keys via config.yaml","OAuth token flows for HTTP/SSE MCP servers (client_credentials, refresh_token)","Messaging channel authentication (Telegram bot token, Slack bot/app tokens, Feishu/Lark app_id/app_secret)","CLI/OAuth handoff for Claude Code (multiple env/file options; credentials JSON paths)"],"oauth":true,"scopes":false,"notes":"Auth mechanisms are configuration-driven. For MCP servers, README states OAuth token flows are supported for HTTP/SSE. For IM channels, tokens/credentials are configured in config.yaml/.env. No fine-grained scope granularity is described for DeerFlow’s own auth in the provided excerpt."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source project; costs depend on chosen model provider APIs and any optional external services (e.g., InfoQuest, tracing providers)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":52.5,"security_score":57.0,"reliability_score":30.0,"mcp_server_quality":65.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"No explicit error-code schema or retry guidance for agent runtime errors was included in the provided excerpt.","auth_complexity":45.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":50.0,"secret_handling":70.0,"security_notes":"README shows extensive credential configuration via environment variables and provider config, and indicates OAuth token flows for MCP servers and token-based auth for IM channels. However, the excerpt does not provide detailed security guarantees (e.g., TLS/HTTP enforcement specifics, secret redaction/logging behavior, or dependency/CVE posture). The presence of sandbox modes suggests an intended isolation layer, but operational misconfiguration remains a risk.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":35.0,"error_recovery":35.0,"idempotency_support":null,"idempotency_notes":null,"pagination_style":null,"retry_guidance_documented":null,"known_agent_gotchas":["Sandbox execution mode selection (local vs Docker vs Kubernetes) affects isolation/security and operational behavior","Token-cap differences across provider adapters (e.g., Codex Responses endpoint rejecting certain token caps) may require configuration adjustments","Some CLI integrations require explicit credential export/handoff (e.g., Claude Code on macOS) and may not auto-detect Keychain"]}}