Standalone DeepSeek API agentic CLI with MCP host capability. 5th AI-agent native MCP host in the LCV workspace, after Claude Code, Codex CLI, Gemini Code Assist, and Grok CLI.
Install. npm install -g @lcv-ideas-software/deepseek-cli (npmjs.com) or npm install -g @lcv-ideas-software/deepseek-cli --registry=https://npm.pkg.github.com (GitHub Packages mirror).
Status. Alpha. Current release: v00.01.02 (npm package 0.1.2). See CHANGELOG.md for the release history. This is the first standalone ship of an LCV-maintained DeepSeek CLI as an MCP host. Pre-v0.1.0 it lived only as a peer subprocess inside cross-review-v1 (bin name cross-review-v1-deepseek-cli). The embedded peer-CLI continues to ship in @lcv-ideas-software/cross-review-v1 and coexists with this standalone variant — same evolution pattern as grok-cli. Public tags follow the organization display-tag standard (v00.00.00) while npm packages keep SemVer.
The version history at a glance:
| Release | Scope |
|---|---|
v00.01.02 |
Patch — CodeQL js/polynomial-redos alert fix at dist/index.js:260. Operator-flagged 2026-05-06 after Code Scanning surfaced a high-security_severity warning on the endpoint() helper. Replaced String(baseUrl).replace(/\/+$/, "") (polynomial-ReDoS regex) with non-regex string operation while (base.endsWith("/")) base = base.slice(0, -1). Behavior unchanged — both forms strip trailing slashes from the base URL. The new form is definitively non-polynomial and CodeQL-clean. Practical exploitability of the prior regex was essentially zero (baseUrl source is operator-controlled: DEEPSEEK_BASE_URL env or --base-url CLI flag, not arbitrary user input). No public API change. Patch bump (no behavior change). |
v00.01.01 |
Patch — repository governance + sponsors infrastructure. Adds .github/FUNDING.yml (GitHub Sponsors → LCV org + custom https://deepseek-cli.lcv.dev/), site/ (GitHub Pages sponsor page + CNAME + LCV branding assets), .github/workflows/pages.yml + format-public.yml, .github/CODEOWNERS, SECURITY.md, THIRDPARTY.md, CONTRIBUTING.md. package.json files[] now includes THIRDPARTY.md + SECURITY.md (ship in npm tarball). GitHub repo settings (operator-side, replicated 2026-05-06): 8/8 secret_scanning settings byte-equal to grok-cli + ruleset "Protect main baseline" with deletion/non_fast_forward/code_scanning CodeQL all-thresholds + admin bypass + CodeQL Default Setup configured. No runtime change — dist/index.js byte-equal to v0.1.0. Smoke 5/5 GREEN unchanged. Patch bump (no behavior change). |
v00.01.00 |
Initial release — Tier 6 ship from the post-v1.12.0 backlog (operator directive 2026-05-06). Forks the embedded peer-CLI at cross-review-v1/src/deepseek-cli.js (v1.12.2) into a standalone repository + npm package, polished for the MCP host use case. Internal name renamed from cross-review-v1-deepseek-cli to deepseek (5 occurrences in dist/index.js); CLI behavior identical to the embedded variant otherwise. New reviewer-configs/deepseek-cli.mcp.json ships with the operator-mandated 4-server allowlist (ultrathink + code-reasoning + cross-review-v1 + cross-review-v2); same set is enforced as DEFAULT_ALLOWED_MCP_SERVERS in dist/index.js. New 5-step smoke (scripts/smoke.js) covers --version, --help, unknown-arg rejection, and two drift guards: (4) module-export shape vs allowlist + (5) mcpServers keys in the JSON config vs allowlist. GHA workflows mirror grok-cli template (auto-tag + ci + publish + dependabot-automerge). Coexistence with embedded cross-review-v1-deepseek-cli preserved per operator directive 2026-05-06. Initial bump (first standalone release). |
deepseek-cli is an interactive and headless command-line agent for DeepSeek models. It uses the DeepSeek chat-completions API (https://api.deepseek.com/chat/completions) for model calls and exposes:
- Headless prompt → response. Read prompt from stdin (and optionally append a
--prompt <text>fragment), call the DeepSeek API, write the response to stdout. - MCP host capability. Optionally load MCP servers from a JSON config (default
reviewer-configs/deepseek-cli.mcp.json) and expose their tools to the model asfunction-shaped tools. Tool calls are dispatched back to the MCP servers via stdio transports. - Bounded tool-use loop. Up to
--max-tool-turnsrounds of tool-call/tool-result exchange before the loop terminates; default is8. - Reasoning controls.
--reasoning-effort high|maxand--thinking enabled|disabledflags; defaults aremaxandenabled. - Forensics-friendly. No persistent state on disk; all configuration is via env vars and CLI flags. Errors are redacted to avoid leaking provider-side details.
echo "Your prompt here" | deepseek -m deepseek-v4-pro
deepseek --helpWhen deepseek-cli is configured as an MCP host (e.g., via lcv-workspace/.deepseek/settings.json), the default allowlist is exactly four MCP servers per operator directive 2026-05-06:
ultrathink— sequential thinking gatecode-reasoning— code-reasoning gatecross-review-v1— peer cross-review (CLI peer-orchestration, v1 semantics)cross-review-v2— peer cross-review (API-first provider, v2 semantics)
This is the minimal viable hard-gate stack: both reasoning gates for substantive work pre-flight, both cross-review versions for convergence pre-commit/ship. Nothing else by default. The default ships in reviewer-configs/deepseek-cli.mcp.json; operators override via --mcp-config <path> or DEEPSEEK_MCP_CONFIG env. Adding a 5th server requires explicit operator approval. Only stdio MCP servers are supported (HTTP/SSE servers are skipped with a warning).
cross-review-v1 continues to ship its own embedded peer-CLI under the bin name cross-review-v1-deepseek-cli. This standalone repository ships under bin name deepseek and is intended as the MCP host. Both coexist — operator directive 2026-05-06: "o standalone DeepSeek MCP host coexistiria com o peer-CLI embedded".
| Variant | Bin name | Default allowlist | Use case |
|---|---|---|---|
Embedded (@lcv-ideas-software/cross-review-v1) |
cross-review-v1-deepseek-cli |
[memory, ultrathink, code-reasoning] |
Peer subprocess invoked by cross-review-v1 when DeepSeek is the peer being asked |
Standalone (@lcv-ideas-software/deepseek-cli) |
deepseek |
[ultrathink, code-reasoning, cross-review-v1, cross-review-v2] |
AI-agent native MCP host |
| Variable | Purpose |
|---|---|
DEEPSEEK_API_KEY |
Required. Authenticates against https://api.deepseek.com. |
DEEPSEEK_BASE_URL |
Override the API base URL. |
DEEPSEEK_MODEL |
Override the default model (deepseek-v4-pro). |
DEEPSEEK_REASONING_EFFORT |
high or max (default max). |
DEEPSEEK_THINKING |
enabled or disabled (default enabled). |
DEEPSEEK_MAX_TOKENS |
Token budget (default 8192). |
DEEPSEEK_TIMEOUT_MS |
Request timeout (default 1200000 = 20min). |
DEEPSEEK_MCP_CONFIG |
Path to MCP config JSON. |
DEEPSEEK_ALLOWED_MCP_SERVERS |
Comma-separated allowlist (overrides default 4-server allowlist). |
DEEPSEEK_MAX_TOOL_TURNS |
Max internal tool-call turns (default 8). |
DEEPSEEK_SYSTEM_PROMPT |
Override the system prompt. |
- API keys come from environment variables only. The CLI does not read or write any provider profile directories.
- Use
${env:VAR}placeholders in.deepseek/settings.jsonrather than inline secrets. - Do not commit
node_modules/,.env,.deepseek/, API keys, or MCP host tokens. - Errors are redacted to avoid leaking provider-side details.
npm test # check syntax + smoke
npm run smoke # smoke only
npm run check # syntax check only
npm pack --dry-run # verify what npm would publish- Do not publish from the workstation.
auto-tag.ymlcreates the org-standard padded display tag (v00.00.00) frompackage.json.publish.ymlpublishes to npmjs.com via npm Trusted Publishing (OIDC) and mirrors to GitHub Packages.
- npm package: https://www.npmjs.com/package/@lcv-ideas-software/deepseek-cli
- GitHub repository: https://github.com/LCV-Ideas-Software/deepseek-cli
- Releases: https://github.com/LCV-Ideas-Software/deepseek-cli/releases
- Sibling embedded peer-CLI:
cross-review-v1
Apache-2.0. See NOTICE for fork provenance and non-affiliation disclaimer.