-
-### Professional Reports
-
-
-
-*One-click export to PDF / Markdown / JSON* (Quick mode shown, not Agent mode report)
-
-[View Full Agent Audit Report Example](https://lintsinghua.github.io/)
-
-
-
----
-
-## Overview
-
-**DeepAudit** is a next-generation code security audit platform based on **Multi-Agent collaborative architecture**. It's not just a static scanning tool, but simulates the thinking patterns of security experts through autonomous collaboration of multiple agents (**Orchestrator**, **Recon**, **Analysis**, **Verification**), achieving deep code understanding, vulnerability discovery, and **automated sandbox PoC verification**.
-
-We are committed to solving three major pain points of traditional SAST tools:
-- **High false positive rate** — Lack of semantic understanding, massive false positives consume manpower
-- **Business logic blind spots** — Cannot understand cross-file calls and complex logic
-- **Lack of verification methods** — Don't know if vulnerabilities are actually exploitable
-
-Users only need to import a project, and DeepAudit automatically starts working: identify tech stack → analyze potential risks → generate scripts → sandbox verification → generate report, ultimately outputting a professional audit report.
-
-> **Core Philosophy**: Let AI attack like a hacker, defend like an expert.
-
-## Why Choose DeepAudit?
-
-
-
-| Traditional Audit Pain Points | DeepAudit Solutions |
-| :--- | :--- |
-| **Low manual audit efficiency** Can't keep up with CI/CD iteration speed, slowing release process | **Multi-Agent Autonomous Audit** AI automatically orchestrates audit strategies, 24/7 automated execution |
-| **Too many false positives** Lack of semantic understanding, spending lots of time cleaning noise daily | **RAG Knowledge Enhancement** Combining code semantics with context, significantly reducing false positives |
-| **Data privacy concerns** Worried about core source code leaking to cloud AI, can't meet compliance requirements | **Ollama Local Deployment Support** Data stays on-premises, supports Llama3/DeepSeek and other local models |
-| **Can't confirm authenticity** Outsourced projects have many vulnerabilities, don't know which are truly exploitable | **Sandbox PoC Verification** Automatically generate and execute attack scripts, confirm real vulnerability impact |
-
-
-
----
-
-## System Architecture
-
-### Architecture Diagram
-
-DeepAudit adopts microservices architecture, driven by the Multi-Agent engine at its core.
-
-
-
-
-
-### Audit Workflow
-
-| Step | Phase | Responsible Agent | Main Actions |
-|:---:|:---:|:---:|:---|
-| 1 | **Strategy Planning** | **Orchestrator** | Receive audit task, analyze project type, formulate audit plan, dispatch tasks to sub-agents |
-| 2 | **Information Gathering** | **Recon Agent** | Scan project structure, identify frameworks/libraries/APIs, extract attack surface (Entry Points) |
-| 3 | **Vulnerability Discovery** | **Analysis Agent** | Combine RAG knowledge base with AST analysis, deep code review, discover potential vulnerabilities |
-| 4 | **PoC Verification** | **Verification Agent** | **(Critical)** Write PoC scripts, execute in Docker sandbox. Self-correct and retry if failed |
-| 5 | **Report Generation** | **Orchestrator** | Aggregate all findings, filter out verified false positives, generate final report |
-
-### Project Structure
-
-```text
-DeepAudit/
-├── backend/ # Python FastAPI Backend
-│ ├── app/
-│ │ ├── agents/ # Multi-Agent Core Logic
-│ │ │ ├── orchestrator.py # Commander: Task Orchestration
-│ │ │ ├── recon.py # Scout: Asset Identification
-│ │ │ ├── analysis.py # Analyst: Vulnerability Discovery
-│ │ │ └── verification.py # Verifier: Sandbox PoC
-│ │ ├── core/ # Core Config & Sandbox Interface
-│ │ ├── models/ # Database Models
-│ │ └── services/ # RAG, LLM Service Wrappers
-│ └── tests/ # Unit Tests
-├── frontend/ # React + TypeScript Frontend
-│ ├── src/
-│ │ ├── components/ # UI Component Library
-│ │ ├── pages/ # Page Routes
-│ │ └── stores/ # Zustand State Management
-├── docker/ # Docker Deployment Config
-│ ├── sandbox/ # Security Sandbox Image Build
-│ └── postgres/ # Database Initialization
-└── docs/ # Detailed Documentation
-```
-
----
-
-## Quick Start
-
-### Option 1: One-Line Deployment (Recommended)
-
-Using pre-built Docker images, no need to clone code, start with one command:
-
-```bash
-curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/v3.0.0/docker-compose.prod.yml | docker compose -f - up -d
-```
-
-
-💡 Configure Docker Registry Mirrors (Optional, for faster image pulling) (Click to expand)
-
-If pulling images is still slow, you can configure Docker registry mirrors. Edit the Docker configuration file and add the following mirror sources:
-
-**Linux / macOS**: Edit `/etc/docker/daemon.json`
-
-**Windows**: Right-click Docker Desktop icon → Settings → Docker Engine
-
-```json
-{
- "registry-mirrors": [
- "https://docker.1ms.run",
- "https://dockerproxy.com",
- "https://hub.rat.dev"
- ]
-}
-```
-
-Restart Docker service after saving:
-
-```bash
-# Linux
-sudo systemctl restart docker
-
-# macOS / Windows
-# Restart Docker Desktop application
-```
-
-
-
-> **Success!** Visit http://localhost:3000 to start exploring.
-
----
-
-### Option 2: Clone and Deploy
-
-Suitable for users who need custom configuration or secondary development:
-
-```bash
-# 1. Clone project
-git clone https://github.com/lintsinghua/DeepAudit.git && cd DeepAudit
-
-# 2. Configure environment variables
-cp backend/env.example backend/.env
-# Edit backend/.env and fill in your LLM API Key
-
-# 3. One-click start
-docker compose up -d
-```
-
-> First startup will automatically build the sandbox image, which may take a few minutes.
-
----
-
-## Development Guide
-
-For developers doing secondary development and debugging.
-
-### Requirements
-- Python 3.11+
-- Node.js 20+
-- PostgreSQL 15+
-- Docker (for sandbox)
-
-### 1. Backend Setup
-
-```bash
-cd backend
-# Use uv for environment management (recommended)
-uv sync
-source .venv/bin/activate
-
-# Start API service
-uvicorn app.main:app --reload
-```
-
-### 2. Frontend Setup
-
-```bash
-cd frontend
-pnpm install
-pnpm dev
-```
-
-### 3. Sandbox Environment
-
-Development mode requires pulling the sandbox image locally:
-
-```bash
-docker pull ghcr.io/lintsinghua/deepaudit-sandbox:latest
-```
-
----
-
-## Multi-Agent Intelligent Audit
-
-### Supported Vulnerability Types
-
-
-
----
-
-## Acknowledgements
-
-Thanks to the following open-source projects for their support:
-
-[FastAPI](https://fastapi.tiangolo.com/) · [LangChain](https://langchain.com/) · [LangGraph](https://langchain-ai.github.io/langgraph/) · [ChromaDB](https://www.trychroma.com/) · [LiteLLM](https://litellm.ai/) · [Tree-sitter](https://tree-sitter.github.io/) · [Kunlun-M](https://github.com/LoRexxar/Kunlun-M) · [Strix](https://github.com/usestrix/strix) · [React](https://react.dev/) · [Vite](https://vitejs.dev/) · [Radix UI](https://www.radix-ui.com/) · [TailwindCSS](https://tailwindcss.com/) · [shadcn/ui](https://ui.shadcn.com/)
-
----
-
-## Important Security Notice
-
-### Legal Compliance Statement
-1. **Any unauthorized vulnerability testing, penetration testing, or security assessment is prohibited**
-2. This project is only for cybersecurity academic research, teaching, and learning purposes
-3. It is strictly prohibited to use this project for any illegal purposes or unauthorized security testing
-
-### Vulnerability Reporting Responsibility
-1. When discovering any security vulnerabilities, please report them through legitimate channels promptly
-2. It is strictly prohibited to use discovered vulnerabilities for illegal activities
-3. Comply with national cybersecurity laws and regulations, maintain cyberspace security
-
-### Usage Restrictions
-- Only for educational and research purposes in authorized environments
-- Prohibited for security testing on unauthorized systems
-- Users are fully responsible for their own actions
-
-### Disclaimer
-The author is not responsible for any direct or indirect losses caused by the use of this project. Users bear full legal responsibility for their own actions.
-
----
-
-## Detailed Security Policy
-
-For detailed information about installation policy, disclaimer, code privacy, API usage security, and vulnerability reporting, please refer to [DISCLAIMER.md](DISCLAIMER.md) and [SECURITY.md](SECURITY.md) files.
-
-### Quick Reference
-- **Code Privacy Warning**: Your code will be sent to the selected LLM provider's servers
-- **Sensitive Code Handling**: Use local models for sensitive code
-- **Compliance Requirements**: Comply with data protection and privacy laws
-- **Vulnerability Reporting**: Report security issues through legitimate channels
-
-.png)
-
-*首页快速进入 Multi-Agent 深度审计*
-
-
-
-*一键导出 PDF / Markdown / JSON*(图中为快速模式,非Agent模式报告)
-
-👉 [查看Agent审计完整报告示例](https://lintsinghua.github.io/)
-
-
-
-
-