If you discover a security vulnerability in this repository, please do not open a public issue. Report it privately to the repository maintainer.

Contact: alert@lcvmail.com

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix, if available

We will acknowledge your report within 24 hours and work to resolve it promptly.

deepseek-cli is designed for a single-user trusted workstation. It can read files, write files after confirmation, execute shell commands after confirmation, and connect to configured MCP servers.

Important boundaries:

• Do not expose this CLI as a network service without an authenticating wrapper.
• Do not run it in a directory that contains secrets you do not want the model to read.
• Do not commit .deepseek/, .env, API keys, MCP bearer tokens, or node_modules/.
• MCP server credentials are process environment data. Treat .deepseek/settings.json as sensitive when it contains literal headers; prefer ${VAR} placeholders.

• HTTP/SSE/Streamable HTTP MCP connections use official MCP SDK transports.
• xAI streaming tool calls are emitted only after JSON arguments are complete.
• Tool outputs continue the Responses API conversation as function_call_output.
• Local user settings writes are atomic.
• Top-level crash handlers redact common secret-bearing strings.

• CI runs npm ci and npm test on main and pull requests.
• Dependabot monitors npm and GitHub Actions daily.
• Release publishing uses npm Trusted Publishing with provenance; npmjs.com publication does not require an NPM_TOKEN.