Skip to content

arikusi/deepseek-mcp-server

MCP Developer Tools

MCP server that provides a hosted or self‑hosted endpoint for DeepSeek AI with chat, multi‑turn sessions, function calling, thinking mode and cost tracking

Track releases GitHub
TypeScript Latest v1.7.0 · 1mo ago Security brief →

Features

  • Multi‑turn conversation context via session_id
  • Automatic model fallback with circuit breaker protection
  • Thinking mode for step‑by‑step reasoning
  • OpenAI‑compatible function calling (up to 128 tools)
  • Cache‑aware cost tracking and usage statistics

Recent releases

View all 20 releases →
v1.7.0 Breaking risk
⚠ Upgrade required
  • HTTP transport users must upgrade immediately; client code relying on shared session state across HTTP sessions must be refactored to use per‑session instances.
  • Call `UsageTracker.setSessionSource()` to wire `activeSessions` correctly for STDIO vs. HTTP transports; in HTTP mode it will report 0 by design.
Breaking changes
  • Each HTTP session now receives its own `SessionStore` instance; conversation history, listings, and deletions are scoped per-session.
  • `SessionStore.getInstance()` and `SessionStore.resetInstance()` removed; construct instances with `new SessionStore()` and pass explicitly to tool registration functions.
Security fixes
  • CVE pending: Cross-session data exposure in HTTP transport fixed by isolating each HTTP session's `SessionStore` to prevent unauthorized access to other clients' conversation history and session enumeration/deletion capabilities.
Notable features
  • Added integration test (`src/transport-isolation.test.ts`) verifying per-HTTP‑session store isolation.
  • Added unit tests confirming independent `SessionStore` instances have no cross-store effects on `clear`, `delete`, or `list` operations.
Full changelog

Security

Cross-session data exposure in HTTP transport (high severity). The SessionStore was a process-wide singleton shared across all connected HTTP clients. In HTTP transport mode, any client that provided another client's session_id to deepseek_chat would read that client's conversation history. The deepseek_sessions tool compounded this by letting any client enumerate all active session IDs (list), delete any session (delete), or wipe every tenant's sessions at once (clear).

STDIO transport was unaffected — each STDIO client runs its own server process, so there was no shared state to leak.

Full advisory and CVE coordination pending.

Changed

  • BREAKING (HTTP transport only). Each HTTP session now gets an isolated SessionStore instance. Conversation history, session listings, and session deletion are scoped to the HTTP session that created them. Clients on the same server no longer share session state.
  • SessionStore is no longer a singleton. SessionStore.getInstance() and SessionStore.resetInstance() have been removed. Construct instances with new SessionStore() and pass them explicitly to registerChatTool, registerSessionsTool, and registerAllTools.
  • UsageTracker.getStats().activeSessions is wired to the STDIO store via UsageTracker.setSessionSource(). In HTTP transport it reports 0 by design — a process-wide count across isolated stores would be both meaningless and a minor cross-tenant information leak.

Added

  • SessionStore isolation tests: independent instances, no shared state, no cross-store effects on clear/delete/list.
  • HTTP transport integration test (src/transport-isolation.test.ts) proving each serverFactory invocation produces a fresh store and that user-supplied session_id collisions across HTTP sessions do not merge data.

Upgrade

npm install @arikusi/[email protected]

Users on STDIO transport: no action needed beyond the upgrade.

Users on HTTP transport: upgrade immediately. Session data is now correctly scoped per HTTP session — if your client relied on cross-client session sharing, that behaviour was the vulnerability and must be reworked.

View release on GitHub
v1.6.0 New feature
Notable features
  • Transparent reasoner routing through chat with thinking mode enabled
  • Model‑aware parameter filtering for thinking requests
Full changelog

What's New

All deepseek-reasoner requests are now transparently routed through deepseek-chat with thinking:{type:"enabled"}. This is possible because both model names point to the same DeepSeek V3.2 model - deepseek-chat is non-thinking mode, deepseek-reasoner is thinking mode.

By routing through deepseek-chat + thinking, we get full feature parity including function calling, which the raw deepseek-reasoner API does not support.

Model Routing Table

| User selects | Sent to API | Thinking | Function calling |
|---|---|---|---|
| deepseek-chat | deepseek-chat | Off | Yes |
| deepseek-chat + thinking:enabled | deepseek-chat + thinking | On | Yes |
| deepseek-reasoner | deepseek-chat + thinking | On | Yes |

Changes

Added

  • Transparent reasoner routing through chat + thinking mode
  • Model-aware parameter filtering for thinking mode

Fixed

  • Function calling now works with deepseek-reasoner (via transparent routing)
  • Sampling parameters (temperature, top_p, etc.) properly filtered for reasoning requests
  • Thinking parameter passed as top-level property instead of extra_body (OpenAI SDK v6 compatibility)
  • Corrected model capabilities in deepseek://models resource

Full Changelog: https://github.com/arikusi/deepseek-mcp-server/compare/v1.5.2...v1.6.0

View release on GitHub
v1.5.2 Bug fix

Rejects non‑POST requests on `/mcp` endpoint to prevent indefinite hangs.

Full changelog

Bug Fix

  • fix: reject non-POST requests on /mcp endpoint — External GET requests caused the stateless MCP transport to hang indefinitely, triggering Cloudflare Worker "code hung" errors on all requests. Now returns 405 for non-POST methods.

Updates

  • Add Official MCP Registry, Smithery, LobeHub badges to README
  • Add websiteUrl to server.json
  • Bump version to 1.5.2
View release on GitHub
v1.5.1 Security relevant
⚠ Upgrade required
  • Update @modelcontextprotocol/sdk to at least ^1.27.1 and wrangler to at least ^4.71.0.
Security fixes
  • CVE-2026-25536 — cross-client data leak patched by updating @modelcontextprotocol/sdk to ^1.27.1
  • CVE-2026-0933 — OS command injection vulnerability patched by updating wrangler to ^4.71.0
Full changelog

Fixed

  • Update @modelcontextprotocol/sdk to ^1.27.1 to patch cross-client data leak vulnerability (CVE-2026-25536)
  • Update wrangler to ^4.71.0 to patch OS command injection vulnerability (CVE-2026-0933)

Changed

  • Circuit breaker is now per-model instead of shared across all models. If one model becomes unhealthy, the other remains available independently.
View release on GitHub
v1.5.0 New feature
Notable features
  • Cloudflare Workers remote BYOK endpoint hosted at https://deepseek-mcp.tahirl.com/mcp
  • Stateless MCP server on Cloudflare edge network with zero cold start latency
  • Internal streaming of DeepSeek API responses to avoid timeouts
Full changelog

Cloudflare Workers Remote Endpoint (BYOK)

Added

  • Remote Endpoint: Hosted BYOK endpoint at https://deepseek-mcp.tahirl.com/mcp
  • Cloudflare Worker: Stateless MCP server on edge network, zero cold start
  • Internal Streaming: Worker streams DeepSeek API responses to prevent timeout

Quick Start (Remote)

claude mcp add --transport http deepseek \
  https://deepseek-mcp.tahirl.com/mcp \
  --header "Authorization: Bearer YOUR_DEEPSEEK_API_KEY"

Full changelog: https://github.com/arikusi/deepseek-mcp-server/compare/v1.4.3...v1.5.0

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
11
Forks
7
Languages
TypeScript JavaScript Dockerfile
Downloads/week
265 ↓27%
NPM Maintainers
1 Single npm maintainer
Contributors
1
TypeScript
Types included ✓
View on GitHub View on npm

Install & Platforms

Install via
npm

Similar tools

yuna0x0/hackmd-mcp
Jpisnice/shadcn-ui-mcp-server
Swih/mistral-mcp
Jovancoding/Network-AI
WiseVision/mcp_server_ros_2

Beta — feedback welcome: [email protected]