Skip to content

DeepTutor

AI Agents & Assistants

An agent‑native personalized tutoring platform that delivers AI‑driven, persistent chat and research assistants.

Track releases GitHub
Python Latest v1.4.2 · 6d ago Security brief →

Features

  • Agent‑native TutorBot providing persistent, autonomous AI tutors
  • Multi‑user deployments with per‑user workspaces
  • CLI interface for agent‑native interaction (deeptutor CLI)
  • Three‑layer memory architecture for contextual reasoning
  • Integrated visualizer and research tools (Deep Research/Solve/Question)

Recent releases

View all 40 releases →
Upgrade now
v1.4.2 Mixed
Auth

Upgrade Notes, Tests, ver1-4-1.md

Open
Upgrade now
v1.4.1 Breaking risk
RCE / SSRF Auth RBAC

Shell exec disabled + resource isolation

Open
Review required
v1.4.0 Breaking risk
Auth Breaking upgrade

Reasoning effort normalization + turn recovery

Open
Review required
v1.4.0-beta Breaking risk
Auth RBAC Dependencies +1 more

Auto Mode + Memory v2 + Chat tools

Open
v1.3.10 Breaking risk
⚠ Upgrade required
  • If using Matrix with E2EE, install the `matrix-e2e` extra or its requirements file and ensure libolm is available.
  • `DISABLE_SSL_VERIFY=true` is allowed only in non‑production environments; it remains blocked when ENVIRONMENT=prod or production.
Breaking changes
  • Matrix no longer installs E2EE by default; `deeptutor[matrix-e2e]` or `requirements/matrix-e2e.txt` must be used to enable encrypted rooms.
Notable features
  • Remote single‑user Docker works out of the box again when AUTH_ENABLED=false without extra CORS settings.
  • `DISABLE_SSL_VERIFY` now propagates to all OpenAI SDK paths for self‑signed LLM endpoints (blocked in prod).
  • Code blocks are protected from citation rewrite, preserving array indexes and other code content.
Full changelog

DeepTutor v1.3.10 Release Notes

Release Date: 2026.05.10

v1.3.10 is a focused reliability release for the issues reported after v1.3.9.
It restores smoother remote Docker access, makes self-signed LLM endpoints work
consistently across SDK-backed providers, protects code snippets from citation
rewrites, and splits Matrix E2EE into an explicit opt-in dependency.

Highlights

Remote Docker and CORS Recovery

  • Remote single-user Docker works out of the box again - when
    AUTH_ENABLED=false, DeepTutor now accepts browser origins over HTTP/HTTPS so
    LAN or remote-server frontends no longer hit the v1.3.8/v1.3.9 CORS
    regression reported in #463.
  • Authenticated deployments stay explicit - when AUTH_ENABLED=true, CORS
    still requires a concrete allowlist through CORS_ORIGIN or CORS_ORIGINS,
    preserving the credentialed-auth safety boundary.
  • Multiple deployment origins are supported - CORS_ORIGINS accepts comma
    or newline separated values, and both Docker Compose files pass the setting
    through to the backend container.
  • Settings no longer drop network flags - CORS_ORIGIN, CORS_ORIGINS, and
    DISABLE_SSL_VERIFY are part of the canonical .env write order.

Provider TLS and Rendering Fixes

  • DISABLE_SSL_VERIFY now reaches OpenAI SDK paths - OpenAI-compatible,
    Azure OpenAI, executor, TutorBot, and legacy embedding SDK clients all receive
    a shared httpx.AsyncClient(verify=False) when the flag is enabled, fixing
    self-signed HTTPS LLM endpoints reported in #464.
  • Production still blocks unsafe TLS bypasses - ENVIRONMENT=prod or
    ENVIRONMENT=production rejects DISABLE_SSL_VERIFY, with a single warning
    logged in non-production use.
  • Code blocks keep array indexes intact - Markdown citation linkification now
    masks fenced and inline code before rewriting references, so values[0] stays
    code instead of becoming a #references citation link (#468).

Matrix Install Compatibility

  • Matrix no longer installs E2EE by default - the standard matrix extra and
    requirements/matrix.txt now use plain matrix-nio, avoiding the
    python-olm / libolm build failures seen on macOS Python 3.14 and Apple
    Clang 21 (#462).
  • Encrypted rooms are an explicit add-on - install deeptutor[matrix-e2e]
    or requirements/matrix-e2e.txt when E2EE support is needed and libolm is
    available.
  • Runtime failures are clearer - Matrix defaults to non-E2EE mode, and
    enabling E2EE without crypto dependencies now raises an actionable install
    message instead of failing at import time.

Multi-User Runtime Compatibility

  • Default workspace paths stay stable outside user scope - when no current
    multi-user context is active, path resolution falls back to the default data
    workspace rather than forcing an admin scope.
  • Legacy test and monkeypatch hooks remain available - session and settings
    routers keep compatibility shims used by tests and older integrations.
  • Local agent artifacts are ignored - .claude/ is now excluded from Git so
    local worktrees and agent metadata do not accidentally enter releases.

Tests

  • Added CORS setting tests for unauthenticated remote origins and authenticated
    explicit allowlists.
  • Added shared OpenAI SDK HTTP-client tests across provider-core, Azure,
    executors, TutorBot, and embedding adapters.
  • Added Markdown display tests for prose citations, fenced code, inline code,
    and explicit backticked citations.
  • Added Matrix dependency split tests to keep default installs free of
    matrix-nio[e2e].
  • Re-ran targeted Python tests, web node tests, Ruff checks, and diff whitespace
    validation for the release patch.

Upgrade Notes

  • If you run remote Docker with AUTH_ENABLED=false, no extra CORS setting is
    required for normal HTTP/HTTPS browser origins.
  • If you run a shared or authenticated deployment with AUTH_ENABLED=true, set
    CORS_ORIGIN or CORS_ORIGINS to the exact frontend origin(s), for example
    https://learn.example.com.
  • Use DISABLE_SSL_VERIFY=true only for local, self-signed, or air-gapped test
    LLM endpoints. It remains blocked in ENVIRONMENT=prod and
    ENVIRONMENT=production.
  • Matrix installs are now non-E2EE by default. For encrypted Matrix rooms,
    install .[matrix-e2e] or requirements/matrix-e2e.txt, ensure libolm is
    present, and set e2ee_enabled=true in the Matrix channel config.
  • If you previously installed .[matrix] only to get non-encrypted Matrix
    messaging, reinstalling after this release should no longer require native
    libolm build tooling.

Full Changelog: https://github.com/HKUDS/DeepTutor/compare/v1.3.9...v1.3.10

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
24,509
Forks
3,321
Languages
Python TypeScript Astro
View on GitHub Documentation

Community & Support

Discord Community

Similar tools

learn-coding-agent
ZeroClaw
chacosoldier/compabob
Goose
AgentKit SEO

Beta — feedback welcome: [email protected]