Skip to content

docs: fix documentation issues #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

docs: fix documentation issues #513

wants to merge 4 commits into from

Conversation

@DEENUU1
Copy link

@DEENUU1 DEENUU1 commented Nov 29, 2025

Summary

This PR addresses multiple documentation issues to improve accuracy and add missing security guidance.

Changes

Issue Title Change
1 Fix SubAgent.prompt → system_prompt naming Fixed field name in README.md and libs/deepagents/README.md
2 Document Windows O_NOFOLLOW limitation Added "Windows Symlink Protection" section to README.md
3 Remove async_create_deep_agent mention Removed deprecated function reference from libs/deepagents/README.md
4 Add execute tool security documentation Added "Security Considerations" section to README.md

Files Changed

  • README.md
  • libs/deepagents/README.md

Detailed Changes

1 - Fix SubAgent.prompt → system_prompt naming

The README documentation used prompt as a SubAgent field name, but the actual code uses system_prompt. Updated:

  • SubAgent TypedDict definition in both READMEs
  • Field description from prompt to system_prompt

2 - Document Windows O_NOFOLLOW limitation

Added documentation explaining that O_NOFOLLOW symlink protection is not available on Windows, with recommended mitigations:

  • Use virtual_mode=True
  • Additional path validation
  • Awareness of symlink risks

3 - Remove async_create_deep_agent mention

The README incorrectly suggested importing async_create_deep_agent, which doesn't exist. Updated to correctly explain async usage via ainvoke()/astream().

4 - Add execute tool security documentation

Added comprehensive "Security Considerations" section including:

  • Execute tool risks table (Command Injection, Data Access, Network Access, System Damage)
  • Recommended security practices (sandboxing, virtual mode, unprivileged user, logging)
  • Trust model explanation

@DEENUU1
docs: fix SubAgent.prompt → system_prompt naming
b02f7c0 
  The README documentation used `prompt` as a SubAgent field name,
  but the actual code uses `system_prompt`. This caused confusion
  for users following the documentation.

  - Update SubAgent TypedDict definition in README.md
  - Update SubAgent TypedDict definition in libs/deepagents/README.md
  - Update field description from `prompt` to `system_prompt`
@DEENUU1
docs: remove async_create_deep_agent mention
bf5116f 
  The README incorrectly suggested importing async_create_deep_agent,
  which doesn't exist. The function was folded into create_deep_agent.
  Updated to correctly explain async usage via ainvoke()/astream().
@DEENUU1
docs: add execute tool security documentation
bc590ef 
  Add 'Security Considerations' section to README.md documenting:
  - Execute tool risks and mitigations
  - Recommended security practices (sandboxing, virtual mode)
  - Trust model explanation
@DEENUU1
docs: document Windows O_NOFOLLOW limitation
06bf915 
  Add Windows Symlink Protection section explaining that O_NOFOLLOW
  is not available on Windows and recommending mitigations.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DEENUU1