DATA/deerflow-factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: hardened DeerFlow factory

Browse Source 
Vendored deer-flow upstream (bytedance/deer-flow) plus prompt-injection
hardening:

- New deerflow.security package: content_delimiter, html_cleaner,
  sanitizer (8 layers — invisible chars, control chars, symbols, NFC,
  PUA, tag chars, horizontal whitespace collapse with newline/tab
  preservation, length cap)
- New deerflow.community.searx package: web_search, web_fetch,
  image_search backed by a private SearX instance, every external
  string sanitized and wrapped in <<<EXTERNAL_UNTRUSTED_CONTENT>>>
  delimiters
- All native community web providers (ddg_search, tavily, exa,
  firecrawl, jina_ai, infoquest, image_search) replaced with hard-fail
  stubs that raise NativeWebToolDisabledError at import time, so a
  misconfigured tool.use path fails loud rather than silently falling
  back to unsanitized output
- Native client back-doors (jina_client.py, infoquest_client.py)
  stubbed too
- Native-tool tests quarantined under tests/_disabled_native/
  (collect_ignore_glob via local conftest.py)
- Sanitizer Layer 7 fix: only collapse horizontal whitespace, preserve
  newlines and tabs so list/table structure survives
- Hardened runtime config.yaml references only the searx-backed tools
- Factory overlay (backend/) kept in sync with deer-flow tree as a
  reference / source

See HARDENING.md for the full audit trail and verification steps.
This commit is contained in:
DATA
2026-04-12 14:23:57 +02:00
commit 6de0bf9f5b
889 changed files with 173052 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
deer-flow/skills/public/chart-visualization/references/generate_district_map.md Normal file
View File

@@ -0,0 +1,28 @@
# generate_district_map — 行政区地图(中国)
## 功能概述
生成中国境内省/市/区/县的覆盖或热力图,可展示指标区间、类别或区域组成,适用于区域销售、政策覆盖等场景。
## 输入字段
### 必填
- `title`: string必填且≤16 字,描述地图主题。
- `data`: object必填承载行政区配置及指标信息。
- `data.name`: string必填中国境内的行政区关键词需明确到省/市/区/县。
### 可选
- `data.style.fillColor`: string自定义无数据区域的填充色。
- `data.colors`: string[],枚举或连续色带,默认提供 10 色列表。
- `data.dataType`: string枚举 `number`/`enum`,决定颜色映射方式。
- `data.dataLabel`: string指标名称`GDP`)。
- `data.dataValue`: string指标值或枚举标签。
- `data.dataValueUnit`: string指标单位`万亿`)。
- `data.showAllSubdistricts`: boolean默认 `false`,是否展示全部下级行政区。
- `data.subdistricts[]`: array<object>,用于下钻各子区域,元素至少含 `name`,可附 `dataValue``style.fillColor`
- `width`: number默认 `1600`,设置图宽。
- `height`: number默认 `1000`,设置图高。
## 使用建议
名称必须精确到行政层级,避免模糊词;若配置 `subdistricts`,需同时开启 `showAllSubdistricts`;地图只支持中国境内且依赖高德数据。
## 返回结果
- 返回地图图像 URL并在 `_meta.spec` 中保留完整输入;若配置了 `SERVICE_ID`,生成记录会同步到“我的地图”小程序。