github HKUDS/DeepTutor v1.3.8
DeepTutor-v1.3.8
on GitHub

4 hours ago

DeepTutor v1.3.8 Release Notes

Release Date: 2026.05.08

v1.3.8 brings DeepTutor's optional multi-user mode into the main release line.
It keeps local single-user installs unchanged while adding authenticated shared
deployments with isolated user workspaces, admin-managed access, and clearer
deployment guidance.

Highlights

Multi-User Workspaces

  • Authentication can gate shared deployments - enabling AUTH_ENABLED
    adds login, registration, JWT sessions, and a first-user admin flow.
  • Each user gets isolated data - ordinary users work under
    multi-user/<uid>/ with separate chat history, memory, notebooks, and
    knowledge bases, while admins keep the main workspace.
  • Admin grants control access - /admin/users lets admins create users and
    assign allowed model profiles, knowledge bases, skills, and copied spaces
    without exposing API keys.

Safer Runtime Boundaries

  • Knowledge and RAG stay scoped - assigned knowledge bases are visible with
    badges, and non-admin RAG calls no longer fall back silently to admin data.
  • Model routing honors grants - non-admin chat turns use an assigned model
    profile and fail early if no LLM is available.
  • Settings are redacted for users - non-admin settings show theme, language,
    and model summaries, while provider secrets and endpoints remain admin-only.

Deployment and UI

  • Frontend auth routes are included - /login, /register, auth-aware
    middleware, logout controls, and admin navigation are wired into the web app.
  • Multi-user docs are now first-class - README and translated READMEs
    document setup, workspace layout, audit logs, env vars, and production
    caveats.
  • Optional PocketBase remains documented - PocketBase can still be used as a
    sidecar path, but true multi-user deployments should leave POCKETBASE_URL
    unset and use the built-in JSON/SQLite backend.

Tests

  • Added multi-user tests for identity migration, first-admin registration,
    grants, settings restrictions, scoped interface preferences, skill access, and
    RAG fallback prevention.
  • Added status-redaction coverage so non-admin users do not receive provider
    model or search endpoint details.

Upgrade Notes

  • Existing local installs stay in single-user mode unless AUTH_ENABLED=true.
  • For real multi-user deployments, set AUTH_ENABLED=true, keep
    POCKETBASE_URL blank, create the first admin through /register, and assign
    models before ordinary users start chat turns.
  • New deployment state is stored under multi-user/; back up both data/ and
    multi-user/ before upgrading shared instances.
  • Multi-worker deployments should bootstrap the first admin carefully because
    first-user promotion is protected by an in-process lock.

Full Changelog: v1.3.7...v1.3.8

Check out latest releases or
releases around HKUDS/DeepTutor v1.3.8

Don't miss a new DeepTutor release

NewReleases is sending notifications on new releases.

Get notifications