HKUDS · xor-xe · Apr 6, 2026 · Apr 9, 2026 · Apr 9, 2026
diff --git a/.env.example b/.env.example
@@ -10,6 +10,7 @@
 # --------------------------------------------
 BACKEND_PORT=8001
 FRONTEND_PORT=3782
+POCKETBASE_PORT=8090
 
 # --------------------------------------------
 # LLM (Required)
@@ -50,3 +51,60 @@ NEXT_PUBLIC_API_BASE=
 # --------------------------------------------
 # Keep this false in production.
 DISABLE_SSL_VERIFY=false
+
+# --------------------------------------------
+# PocketBase (Optional — auth + storage sidecar)
+# --------------------------------------------
+# Leave POCKETBASE_URL blank to use the built-in SQLite/JSON backend (default).
+# Set it to enable PocketBase for auth, sessions, and KB storage.
+#
+# When running via Docker Compose, PocketBase is always started but only used
+# if POCKETBASE_URL is set here.
+#
+# Local Docker:  POCKETBASE_URL=http://pocketbase:8090
+# Local bare:    POCKETBASE_URL=http://localhost:8090
+POCKETBASE_URL=
+
+# Admin credentials used by the Python backend to manage collections.
+# Set these after running the PocketBase container for the first time.
+POCKETBASE_ADMIN_EMAIL=
+POCKETBASE_ADMIN_PASSWORD=
+
+# Public PocketBase URL for OAuth redirects (remote server deployments only).
+# Leave blank when browsing from the same machine running Docker.
+POCKETBASE_EXTERNAL_URL=
+
+# --------------------------------------------
+# Authentication (Optional)
+# --------------------------------------------
+# Set AUTH_ENABLED=true to require login when hosting publicly.
+# Leave as false for local/localhost usage — no login needed.
+AUTH_ENABLED=false
+
+# Secret key used to sign JWT tokens. Set to a long random string.
+# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
+AUTH_SECRET=
+
+# How long login sessions last in hours (default: 24)
+AUTH_TOKEN_EXPIRE_HOURS=24
+
+# Must match AUTH_ENABLED above so the frontend knows to show the login page.
+NEXT_PUBLIC_AUTH_ENABLED=false
+
+# --- Multi-user setup (recommended) ---
+# With AUTH_ENABLED=true and no AUTH_USERNAME/AUTH_PASSWORD_HASH set, navigate
+# to /register in the browser. The first user to register is automatically
+# granted admin privileges and can manage other users from /admin/users.
+# Users are stored in data/user/auth_users.json.
+
+# --- Single-user env-var setup (legacy / simple) ---
+# Alternatively, set AUTH_USERNAME and AUTH_PASSWORD_HASH directly.
+# This user is always treated as admin. When auth_users.json exists, it takes
+# priority and these env vars are ignored.
+
+# Username for the single admin account (single-user mode only).
+AUTH_USERNAME=
+
+# Bcrypt hash of the password. Generate with:
+#   python -c "from deeptutor.services.auth import hash_password; print(hash_password('yourpassword'))"
+AUTH_PASSWORD_HASH=
diff --git a/.gitignore b/.gitignore
@@ -54,6 +54,7 @@ MANIFEST
 # Virtual Environments
 .env
 *.env
+*.env.local
 !.env.example
 env/
 venv/

diff --git a/.secrets.baseline b/.secrets.baseline
@@ -90,10 +90,6 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
-    {
-      "path": "detect_secrets.filters.common.is_baseline_file",
-      "filename": ".secrets.baseline"
-    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -127,41 +123,255 @@
     }
   ],
   "results": {
-    ".github/workflows/docker-publish.yml": [
+    ".env.example_CN": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".env.example_CN",
+        "hashed_secret": "ec417f567082612f8fd6afafe1abcab831fca840",
+        "is_verified": false,
+        "line_number": 19
+      }
+    ],
+    "deeptutor/agents/guide/agents/interactive_agent.py": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "deeptutor/agents/guide/agents/interactive_agent.py",
+        "hashed_secret": "559f33e318ea8360e316ec7409de63272a7daea0",
+        "is_verified": false,
+        "line_number": 88
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "deeptutor/agents/guide/agents/interactive_agent.py",
+        "hashed_secret": "fe9ae166dc80168f37e50564be9e45c016a48cd0",
+        "is_verified": false,
+        "line_number": 89
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "deeptutor/agents/guide/agents/interactive_agent.py",
+        "hashed_secret": "482f1d4d250823ce0ff5fad9dfaf0d471835aedb",
+        "is_verified": false,
+        "line_number": 90
+      }
+    ],
+    "deeptutor/agents/solve/main_solver.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deeptutor/agents/solve/main_solver.py",
+        "hashed_secret": "985b05576c57bdeccfcaf33261ea1c43ce7e3155",
+        "is_verified": false,
+        "line_number": 184
+      }
+    ],
+    "deeptutor/api/routers/system.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deeptutor/api/routers/system.py",
+        "hashed_secret": "985b05576c57bdeccfcaf33261ea1c43ce7e3155",
+        "is_verified": false,
+        "line_number": 160
+      }
+    ],
+    "deeptutor/services/config/provider_runtime.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deeptutor/services/config/provider_runtime.py",
+        "hashed_secret": "985b05576c57bdeccfcaf33261ea1c43ce7e3155",
+        "is_verified": false,
+        "line_number": 331
+      }
+    ],
+    "deeptutor/services/search/base.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deeptutor/services/search/base.py",
+        "hashed_secret": "8ee9d3cc35862a8ad26f9e27fb60db0e22ffe145",
+        "is_verified": false,
+        "line_number": 18
+      }
+    ],
+    "tests/agents/test_base_agent_binding.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/agents/test_base_agent_binding.py",
+        "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd",
+        "is_verified": false,
+        "line_number": 18
+      }
+    ],
+    "tests/core/test_builtin_tools.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/core/test_builtin_tools.py",
+        "hashed_secret": "a62f2225bf70bfaccbc7f1ef2a397836717377de",
+        "is_verified": false,
+        "line_number": 188
+      }
+    ],
+    "tests/services/config/test_embedding_runtime.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_embedding_runtime.py",
+        "hashed_secret": "9aaa910eb49fa1f278c7288f0fa6001c16965716",
+        "is_verified": false,
+        "line_number": 68
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_embedding_runtime.py",
+        "hashed_secret": "985b05576c57bdeccfcaf33261ea1c43ce7e3155",
+        "is_verified": false,
+        "line_number": 134
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_embedding_runtime.py",
+        "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd",
+        "is_verified": false,
+        "line_number": 144
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_embedding_runtime.py",
+        "hashed_secret": "8c895e1fc99e38655efea259aaa5510bde46b81c",
+        "is_verified": false,
+        "line_number": 182
+      }
+    ],
+    "tests/services/config/test_provider_runtime.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_provider_runtime.py",
+        "hashed_secret": "b07bfd6660c8a5e8f47ed4967498d25f095cb7c5",
+        "is_verified": false,
+        "line_number": 95
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_provider_runtime.py",
+        "hashed_secret": "1e8f4accfda4813178f4f6317c767a915bfbf227",
+        "is_verified": false,
+        "line_number": 115
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/config/test_provider_runtime.py",
+        "hashed_secret": "985b05576c57bdeccfcaf33261ea1c43ce7e3155",
+        "is_verified": false,
+        "line_number": 163
+      }
+    ],
+    "tests/services/embedding/test_client_runtime.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/embedding/test_client_runtime.py",
+        "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd",
+        "is_verified": false,
+        "line_number": 35
+      }
+    ],
+    "tests/services/llm/test_config_module.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/llm/test_config_module.py",
+        "hashed_secret": "6b8f36db289d14c3c7ba1bb21147b7a4fa7e7536",
+        "is_verified": false,
+        "line_number": 40
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/llm/test_config_module.py",
+        "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f",
+        "is_verified": false,
+        "line_number": 102
+      }
+    ],
+    "tests/services/llm/test_factory_provider_exec.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/llm/test_factory_provider_exec.py",
+        "hashed_secret": "6b8f36db289d14c3c7ba1bb21147b7a4fa7e7536",
+        "is_verified": false,
+        "line_number": 15
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/llm/test_factory_provider_exec.py",
+        "hashed_secret": "9247e92e3d5c3957c5f5480ec8917b9100baa32d",
+        "is_verified": false,
+        "line_number": 41
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/llm/test_factory_provider_exec.py",
+        "hashed_secret": "627a27ae52d38269376e0117355fefc891b60334",
+        "is_verified": false,
+        "line_number": 84
+      }
+    ],
+    "tests/services/test_model_catalog.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/test_model_catalog.py",
+        "hashed_secret": "f2bb1f20475e99c2af44a6f6844c1329bea9d3d2",
+        "is_verified": false,
+        "line_number": 89
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/test_model_catalog.py",
+        "hashed_secret": "21729167f484c69c93d2a1956dace832faee1e6a",
+        "is_verified": false,
+        "line_number": 107
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/test_model_catalog.py",
+        "hashed_secret": "3090ca86558e326f27cb6f36d0592ed339f108be",
+        "is_verified": false,
+        "line_number": 141
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/services/test_model_catalog.py",
+        "hashed_secret": "c02d46771666140734db6f2e650f2b051f448aad",
+        "is_verified": false,
+        "line_number": 146
+      }
+    ],
+    "tests/test_openrouter_provider.py": [
       {
         "type": "Secret Keyword",
-        "filename": ".github/workflows/docker-publish.yml",
-        "hashed_secret": "a7c6f2bf2a1f9d8b6cd1b1c8d550b25cf6c1f970",
+        "filename": "tests/test_openrouter_provider.py",
+        "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f",
         "is_verified": false,
-        "line_number": 175
+        "line_number": 10
       }
     ],
-    "web/app/guide/page.tsx": [
+    "web/app/(workspace)/guide/hooks/useKaTeXInjection.ts": [
       {
         "type": "Base64 High Entropy String",
-        "filename": "web/app/guide/page.tsx",
+        "filename": "web/app/(workspace)/guide/hooks/useKaTeXInjection.ts",
         "hashed_secret": "559f33e318ea8360e316ec7409de63272a7daea0",
         "is_verified": false,
-        "line_number": 159,
-        "is_secret": false
+        "line_number": 25
       },
       {
         "type": "Base64 High Entropy String",
-        "filename": "web/app/guide/page.tsx",
+        "filename": "web/app/(workspace)/guide/hooks/useKaTeXInjection.ts",
         "hashed_secret": "fe9ae166dc80168f37e50564be9e45c016a48cd0",
         "is_verified": false,
-        "line_number": 161,
-        "is_secret": false
+        "line_number": 27
       },
       {
         "type": "Base64 High Entropy String",
-        "filename": "web/app/guide/page.tsx",
+        "filename": "web/app/(workspace)/guide/hooks/useKaTeXInjection.ts",
         "hashed_secret": "482f1d4d250823ce0ff5fad9dfaf0d471835aedb",
         "is_verified": false,
-        "line_number": 163,
-        "is_secret": false
+        "line_number": 29
       }
     ]
   },
-  "generated_at": "2026-01-14T02:31:46Z"
+  "generated_at": "2026-04-06T16:37:14Z"
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -54,6 +54,7 @@ MANIFEST @@
     # Virtual Environments
     .env
     *.env
+    *.env.local
     !.env.example
     env/
     venv/
@@ Expand Down @@