deep-research
by u14app
Overview
An AI-powered research assistant that generates comprehensive reports, leverages various LLMs and web search engines, and offers integration as a SaaS or MCP service.
Installation
pnpm install && pnpm run build && pnpm run startEnvironment Variables
- ACCESS_PASSWORD
- GOOGLE_GENERATIVE_AI_API_KEY
- OPENROUTER_API_KEY
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- DEEPSEEK_API_KEY
- XAI_API_KEY
- MISTRAL_API_KEY
- AZURE_API_KEY
- GOOGLE_CLIENT_EMAIL
- GOOGLE_PRIVATE_KEY
- GOOGLE_PRIVATE_KEY_ID
- OPENAI_COMPATIBLE_API_KEY
- TAVILY_API_KEY
- FIRECRAWL_API_KEY
- EXA_API_KEY
- BOCHA_API_KEY
- GOOGLE_VERTEX_LOCATION
- GOOGLE_VERTEX_PROJECT
- AZURE_RESOURCE_NAME
- AZURE_API_VERSION
- POLLINATIONS_API_BASE_URL
- OLLAMA_API_BASE_URL
- MCP_AI_PROVIDER
- MCP_SEARCH_PROVIDER
- MCP_THINKING_MODEL
- MCP_TASK_MODEL
Security Notes
**CRITICAL SSRF VULNERABILITY**: The `/api/crawler` endpoint (in `src/app/api/crawler/route.ts`) directly fetches arbitrary URLs provided in the request body without any validation. This allows an attacker to perform Server-Side Request Forgery (SSRF) to scan internal networks, access sensitive internal services, or trigger actions on other external systems. This is a severe security flaw. **Potential XSS**: `rehypeRaw` is used in `src/components/MagicDown/View.tsx`, which processes raw HTML within markdown. If untrusted input (e.g., from AI models or user edits) contains malicious HTML, it could lead to Cross-Site Scripting (XSS). API key handling via environment variables and signature verification in `middleware.ts` are positive security practices, but do not mitigate the aforementioned critical flaws.
Similar Servers
gpt-researcher
An autonomous AI agent designed for comprehensive online and local document research, capable of generating detailed, factual, and unbiased reports. It also supports integration with AI assistants (like Claude) via the Machine Conversation Protocol (MCP) for deep research capabilities.
modelcontextprotocol
Provides AI assistants with real-time web search, reasoning, and research capabilities through Perplexity's API.
mcp-omnisearch
Provides a unified interface for LLMs to access multiple web search, AI response, content processing, and enhancement tools from various providers through the Model Context Protocol (MCP).
academia_mcp
Provides a server for searching, fetching, analyzing, and reporting on scientific papers and datasets using various APIs and optional LLM-powered tools.