Skip to main content
hc
Submit
toolsSource-backedReview first Safety Privacy

DeerFlow

ByteDance long-horizon super-agent harness for research, coding, creation, subagents, skills, memory, sandboxes, MCP server support, messaging channels, LangGraph workflows, and Docker or local development.

by ByteDance·added 2026-06-18·
CLI
HarnessCLI
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • DeerFlow orchestrates subagents, skills, memory, sandboxes, file-system access, bash access, MCP server support, messaging integrations, and model-provider calls; review each enabled capability before using real projects.
  • The setup wizard can write model keys to `.env` and generate `config.yaml`; keep secret-bearing files out of commits, screenshots, prompts, and support issues.
  • Sandbox and file-write settings determine whether agents can execute code, write files, run bash commands, or use containerized environments. Keep destructive and write-capable tools disabled until reviewed.
  • MCP server and messaging channel modes can expose agent workflows to other clients or chat systems; bind endpoints carefully and restrict users, tokens, and allowed tools.
  • Production Docker mode starts long-running services; size the host, persistence, network exposure, logs, and backup strategy before sharing it with a team.

Privacy notes

  • Prompts, research queries, source files, generated reports, memory entries, skills, sandbox artifacts, model responses, web search results, MCP payloads, chat messages, logs, and config files may contain sensitive data.
  • Configured model providers, web search providers, messaging platforms, MCP clients, sandbox services, and observability integrations may receive task data depending on enabled features.
  • Claude Code and Codex CLI provider routes may read local auth files or OAuth tokens according to configuration; do not expose those files to the app unless that path is intended.
  • Define retention, deletion, workspace separation, and export policies before using DeerFlow with customer data, private repositories, regulated documents, or production credentials.

Prerequisites

  • Python 3.12 or newer and Node.js 22 or newer for the documented development paths.
  • Docker if using the recommended Docker development or production paths.
  • uv, pnpm, Make, and platform shell support for the repository commands.
  • At least one model provider configured in `config.yaml`, with non-production API keys or CLI auth while evaluating.
  • A policy for sandbox mode, bash access, file-write tools, web search, MCP server exposure, messaging channels, and persistent runtime data before shared use.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
45 minutes
Difficulty
advanced
Tool listing metadata
Pricing
free
Disclosure
editorial
Application category
DeveloperApplication
Operating system
Cross-platform
Full copyable content
git clone https://github.com/bytedance/deer-flow.git
cd deer-flow
make setup

About this resource

Overview

DeerFlow is a ByteDance open-source super-agent harness for long-horizon agent workflows. It combines subagents, memory, skills, sandboxes, tools, messaging channels, MCP server support, and LangGraph-based backend components for tasks that can take minutes or hours across research, coding, and content creation.

This is useful for searches around DeerFlow, ByteDance DeerFlow, deer-flow, DeerFlow MCP, DeerFlow skills, DeerFlow memory, super agent harness, long-horizon AI agent, LangGraph super agent, Claude Code provider, and Codex provider.

Install

The repository documents a setup wizard from the project root:

git clone https://github.com/bytedance/deer-flow.git
cd deer-flow
make setup

The setup flow asks for model, web search, and execution preferences and can prepare config.yaml and .env. For Docker evaluation, the agent-oriented install guide recommends preparing Docker prerequisites first and starting services separately. Do not assume the app is running until the launch command has been executed and reviewed.

Core Capabilities

Area DeerFlow Coverage
Agent Harness Long-horizon super-agent workflow for research, coding, and creation
Subagents Isolated subagents for decomposed workstreams
Skills Extensible skills that agents can use during workflows
Memory Long-term memory and persistent runtime state for repeated work
Sandboxes Docker and sandbox execution modes for safer task isolation
MCP MCP server support documented as an advanced path
Messaging IM channels and messaging integrations for agent interaction
Models Hosted model APIs, OpenAI-compatible routes, Claude Code OAuth, Codex CLI, OpenRouter, vLLM, and other configured providers
Deployment Docker development, production Docker, and local development paths
Frontend Next.js frontend with dashboard-oriented dependencies and pnpm workspace tooling

MCP and Agent Fit

DeerFlow belongs in an MCP and agent directory because it is not just another chat UI. It is an agent harness that can coordinate subagents, invoke tools, persist memory, run inside sandboxes, expose MCP server behavior, and route work through coding-agent credentials such as Claude Code or Codex CLI when configured.

The important boundary is configuration. Model providers, bash access, file-write tools, sandbox mode, messaging channels, and MCP server exposure should all be reviewed before a DeerFlow deployment touches a private codebase or shared team account.

Use Cases

  • Run long-horizon research or report-generation workflows.
  • Coordinate coding and creation tasks with subagents and skills.
  • Evaluate a LangGraph-backed super-agent harness.
  • Route models through hosted APIs, OpenAI-compatible gateways, Codex CLI, or Claude Code OAuth.
  • Use Docker-backed development or production services for a persistent agent workspace.
  • Experiment with MCP server integration around a larger agent runtime.
  • Compare DeerFlow with OpenHands, Hermes Agent, MetaGPT, CAMEL-AI, Qwen-Agent, AG2, CrewAI, LangGraph, and mcp-agent.

Source Review

Verified on 2026-06-18:

  • GitHub reports bytedance/deer-flow as an MIT-licensed ByteDance repository with active development, 71,000+ stars, and 9,000+ forks.
  • The repository description presents DeerFlow as a long-horizon SuperAgent harness for researching, coding, and creating with sandboxes, memories, tools, skills, subagents, and message gateway support.
  • The README describes DeerFlow 2.0 as a super-agent harness that orchestrates subagents, memory, and sandboxes powered by extensible skills.
  • The README documents setup through make setup, Docker and local development paths, deployment sizing guidance, sandbox mode, MCP server support, IM channels, LangSmith and Langfuse tracing, skills and tools, Claude Code integration, subagents, sandbox/file-system behavior, context engineering, and long-term memory.
  • Install.md is explicitly written for coding agents and instructs agents to avoid reading secret-bearing files while preparing Docker or local setup.
  • backend/pyproject.toml declares Python >=3.12, FastAPI, LangGraph SDK, messaging dependencies, and deerflow-harness.
  • The Makefile documents setup, doctor, config, install, development, Docker, and production commands.

Safety and Privacy

DeerFlow can run unattended, call model providers, use web search, invoke tools, run bash commands, write files, use sandboxes, expose MCP behavior, and connect to messaging channels. Treat the generated configuration and runtime directory as operational state, not sample-only data.

For evaluation, use a throwaway clone, sandbox credentials, test model keys, and non-production documents. Before team use, review host sizing, CORS/origin settings, single-worker gateway behavior, persistent storage, logs, backups, network exposure, and which tools are allowed to write or execute.

Duplicate Check

Checked current content/tools/, content/mcp/, content/agents/, content/skills/, guides, collections, README output, open pull requests, and repository-wide content for bytedance/deer-flow, DeerFlow, deer-flow, ByteDance DeerFlow, DeerFlow MCP, DeerFlow skills, DeerFlow memory, super agent harness, long-horizon AI agent, LangGraph super agent, Claude Code provider, and Codex provider. No dedicated DeerFlow tools entry, exact source URL duplicate, target file, or open duplicate PR was found.

#deerflow#bytedance#ai-agents#super-agent#langgraph#skills#memory#mcp#sandboxes#subagents

Source citations

Add this badge to your README

Show that DeerFlow is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/tools/deerflow.svg)](https://heyclau.de/entry/tools/deerflow)

How it compares

DeerFlow side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldDeerFlow

ByteDance long-horizon super-agent harness for research, coding, creation, subagents, skills, memory, sandboxes, MCP server support, messaging channels, LangGraph workflows, and Docker or local development.

Open dossier 		Hermes Agent

Nous Research AI agent with terminal UI, messaging gateway, skills, memory, MCP integration, scheduled automations, subagents, terminal backends, OpenClaw migration, model switching, and persistent cross-session workflows.

Open dossier 		Browser Harness

MIT-licensed CDP browser-control harness from Browser Use that lets Claude Code, Codex, and other coding agents connect to a real or cloud Chrome browser, use screenshots and coordinate clicks, edit task-specific helpers, and optionally learn reusable domain skills for web automation workflows.

Open dossier 		Letta

Open-source platform for stateful agents with long-term memory, Letta Code local CLI agents, hosted Letta API agents, Python and TypeScript clients, skills, subagents, custom tools, MCP dependencies, and persistent agent state.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorytoolstoolstoolstools
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorByteDanceNous ResearchBrowser UseLetta
Added2026-06-182026-06-182026-06-182026-06-18
Platforms
CLI
CodexCLI
CodexCLI
CLI
Source repo
Safety notesDeerFlow orchestrates subagents, skills, memory, sandboxes, file-system access, bash access, MCP server support, messaging integrations, and model-provider calls; review each enabled capability before using real projects. The setup wizard can write model keys to `.env` and generate `config.yaml`; keep secret-bearing files out of commits, screenshots, prompts, and support issues. Sandbox and file-write settings determine whether agents can execute code, write files, run bash commands, or use containerized environments. Keep destructive and write-capable tools disabled until reviewed. MCP server and messaging channel modes can expose agent workflows to other clients or chat systems; bind endpoints carefully and restrict users, tokens, and allowed tools. Production Docker mode starts long-running services; size the host, persistence, network exposure, logs, and backup strategy before sharing it with a team.Hermes Agent can run tools, shell commands, terminal sessions, scheduled jobs, subagents, skills, MCP servers, messaging gateways, and remote backends; review permissions before using it on sensitive systems. The README documents one-line shell installers for some platforms. Inspect installer scripts and prefer isolated package installs or disposable environments when evaluating the agent. OpenClaw migration can import settings, memories, skills, command allowlists, messaging settings, API keys, audio assets, and workspace instructions; use dry-run and non-secret presets before migrating real profiles. Scheduled automations and messaging gateways can run unattended and deliver results to external chat systems, so restrict allowed users, home directories, credentials, and write-capable tools. Terminal backends such as local shell, Docker, SSH, Singularity, Modal, and Daytona can touch local files, containers, remote hosts, cloud sandboxes, and GPU infrastructure.Browser Harness can connect agents to a real logged-in Chrome profile. Remote debugging may expose active sessions, extensions, bookmarks, history, page content, downloads, uploads, and account actions to the agent. The documented Way 1 setup uses the user's everyday Chrome profile through `chrome://inspect/#remote-debugging`; require explicit user consent before attaching to sensitive accounts. The documented Way 2 setup launches Chrome with a non-default `--user-data-dir` and remote debugging port; keep that isolated profile separate from everyday browser data. Remote Browser Use Cloud sessions require `BROWSER_USE_API_KEY`, may use proxies, can persist profile state, and can continue billing until timeout or shutdown. Agents using Browser Harness can edit `agent-workspace/agent_helpers.py` and optional domain-skill files; review generated helper code and public skill contributions before reuse. Browser automation can submit forms, send messages, purchase items, scrape websites, change account settings, and upload files. Keep destructive or account-writing tasks behind confirmation.Letta is designed for persistent stateful agents; memory blocks, agent state, skills, subagents, and tool outputs can influence future behavior long after the original request. Letta Code runs agents locally in a terminal context and can be used for coding and computer tasks; scope file access, command execution, network access, and approvals before use. Custom tools, web search, fetch tools, MCP dependencies, sandbox integrations, external-tools extras, and subagents can mutate external systems or retrieve sensitive data if misconfigured. Hosted Letta API usage requires API-key handling, data-retention review, access control, workspace separation, and auditability before production user data is stored. Long-term memory should have explicit update, correction, deletion, export, and review paths so stale or sensitive memories do not silently persist.
Privacy notesPrompts, research queries, source files, generated reports, memory entries, skills, sandbox artifacts, model responses, web search results, MCP payloads, chat messages, logs, and config files may contain sensitive data. Configured model providers, web search providers, messaging platforms, MCP clients, sandbox services, and observability integrations may receive task data depending on enabled features. Claude Code and Codex CLI provider routes may read local auth files or OAuth tokens according to configuration; do not expose those files to the app unless that path is intended. Define retention, deletion, workspace separation, and export policies before using DeerFlow with customer data, private repositories, regulated documents, or production credentials.Conversation history, memory files, user profiles, skill outputs, session search indexes, tool arguments, tool results, model responses, gateway messages, audio transcripts, and logs may contain sensitive data. Model providers, messaging platforms, search/image/TTS/browser tool gateways, MCP servers, and remote terminal backends may receive prompts, files, commands, account identifiers, or generated outputs depending on configuration. OpenClaw migration may copy memories, persona files, skills, API keys, messaging settings, command allowlists, TTS assets, and workspace instructions into the Hermes profile. Keep provider keys, bot tokens, OAuth grants, migrated secrets, workspace paths, generated summaries, and session search data out of public prompts, screenshots, issues, and examples.Browser Harness workflows can expose page screenshots, DOM text, URLs, cookies-backed login state, account data, downloads, uploads, form inputs, and extracted website data to the agent and configured model providers. Profile sync for Browser Use Cloud is documented as cookies-only, but it still moves browser authentication material into a remote browser environment. Cloud browser live URLs, proxy settings, profile identifiers, daemon logs, `/tmp` socket or pid files, and copied support artifacts may reveal browsing activity or account context. Public domain-skill PRs should not include secrets, private selectors tied to confidential apps, customer data, screenshots, credentials, tokens, or personal browsing history.Agent memory, memory blocks, persona data, user profile data, prompts, messages, tool arguments, tool outputs, files, traces, logs, API responses, and subagent state may contain sensitive personal or business data. Do not store secrets, private credentials, regulated records, private repository content, customer data, or sensitive personal attributes in persistent memory unless the retention and access policy allows it. When using hosted Letta, Letta Code, MCP dependencies, external tools, provider APIs, databases, telemetry, or cloud sandboxes, review where data is sent, stored, retained, and deleted. If agents self-improve or update memory automatically, add review and rollback controls for incorrect, stale, private, or user-contested memories.
Prerequisites
  • Python 3.12 or newer and Node.js 22 or newer for the documented development paths.
  • Docker if using the recommended Docker development or production paths.
  • uv, pnpm, Make, and platform shell support for the repository commands.
  • At least one model provider configured in `config.yaml`, with non-production API keys or CLI auth while evaluating.
  • Python 3.11 through 3.13 for the packaged Python project.
  • uv, pipx, or another isolated Python application installer.
  • Model provider credentials for Nous Portal, OpenRouter, NovitaAI, NVIDIA NIM, OpenAI-compatible endpoints, or another configured provider.
  • A clear tool and terminal-backend policy before enabling local shell, Docker, SSH, Singularity, Modal, Daytona, browser, search, messaging, or MCP features.
  • Python 3.11 or newer, uv, git, and a durable local checkout for editable installation.
  • A Chrome or Chromium-based browser that can be attached through Chrome remote debugging, or a Browser Use Cloud API key for cloud browsers.
  • Codex, Claude Code, or another agent host that can read the Browser Harness `SKILL.md` instructions.
  • A clear boundary for which browser profile, logged-in sites, cloud browser sessions, downloads, uploads, and account actions the agent may access.
  • Python 3.11 or newer for the open-source `letta` package, or Node.js 18+ for Letta Code workflows.
  • A decision between local Letta Code, local/self-hosted Letta server, and hosted Letta API usage.
  • Letta API credentials or local server credentials when using hosted or API-backed agents.
  • A model/provider configuration for the selected Letta route, plus any required OpenAI, Anthropic, Google, Mistral, Bedrock, or local-model credentials.
Install
git clone https://github.com/bytedance/deer-flow.git && cd deer-flow && make setup
uv tool install hermes-agent
git clone https://github.com/browser-use/browser-harness && cd browser-harness && uv tool install -e .
pip install letta
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.