@arikusi/deepseek-mcp-server 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/README.md +44 -5
- package/dist/config.d.ts +3 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +8 -0
- package/dist/config.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/server.js +1 -1
- package/dist/transport-http.d.ts +15 -2
- package/dist/transport-http.d.ts.map +1 -1
- package/dist/transport-http.js +46 -9
- package/dist/transport-http.js.map +1 -1
- package/package.json +5 -5
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [1.8.0] - 2026-06-14
|
|
11
|
+
|
|
12
|
+
### Security
|
|
13
|
+
- **Missing authentication on the self-hosted HTTP endpoint.** In HTTP transport mode the server holds your `DEEPSEEK_API_KEY` and uses it for every `deepseek_chat` call, yet `POST /mcp` had no authentication and the server bound to `0.0.0.0`, so any client that could reach the port could initialize a session, enumerate tools, and invoke them. The defaults now bind to loopback and an optional bearer token guards the endpoint. Reported independently; advisory and CVE coordination in progress.
|
|
14
|
+
|
|
15
|
+
### Changed
|
|
16
|
+
- HTTP transport now binds to `127.0.0.1` by default (configurable via `HTTP_HOST`). The SDK's DNS rebinding protection is active on loopback. Binding to `0.0.0.0` without a token prints a startup security warning.
|
|
17
|
+
- `docker-compose.yml` publishes the port to `127.0.0.1` only, and the README's `docker run` example does the same.
|
|
18
|
+
- **Minimum Node.js is now 20.** Node 18 reached end of life in April 2025 and the test toolchain (vitest 4) no longer runs on it. The published package follows suit (`engines.node` is `>=20.0.0`); CI tests on Node 20, 22, and 24.
|
|
19
|
+
|
|
20
|
+
### Added
|
|
21
|
+
- `HTTP_AUTH_TOKEN`: when set, `POST/GET/DELETE /mcp` require `Authorization: Bearer <token>` (constant-time comparison). `/health` stays open for probes.
|
|
22
|
+
- `HTTP_ALLOWED_HOSTS`: comma-separated allowed `Host` headers, keeping DNS rebinding protection when binding to `0.0.0.0`.
|
|
23
|
+
- `SECURITY.md` with the disclosure policy and self-hosted HTTP hardening guidance.
|
|
24
|
+
- Auth and host-binding tests (`src/transport-auth.test.ts`).
|
|
25
|
+
|
|
26
|
+
### Fixed
|
|
27
|
+
- Bumped `@modelcontextprotocol/sdk` to 1.29.0 and `vitest`/`@vitest/coverage-v8` to 4.1.8, clearing all transitive `npm audit` advisories (13 to 0).
|
|
28
|
+
|
|
10
29
|
## [1.7.0] - 2026-04-22
|
|
11
30
|
|
|
12
31
|
### Security
|
package/README.md
CHANGED
|
@@ -429,6 +429,9 @@ The server is configured via environment variables. All settings except `DEEPSEE
|
|
|
429
429
|
| `ENABLE_MULTIMODAL` | `false` | Enable multimodal (image) input support |
|
|
430
430
|
| `TRANSPORT` | `stdio` | Transport mode: `stdio` or `http` |
|
|
431
431
|
| `HTTP_PORT` | `3000` | HTTP server port (when TRANSPORT=http) |
|
|
432
|
+
| `HTTP_HOST` | `127.0.0.1` | Bind address for HTTP transport. Loopback by default so a fresh run is not exposed. Set to `0.0.0.0` to accept remote connections (do this only with auth or a proxy in front) |
|
|
433
|
+
| `HTTP_AUTH_TOKEN` | _(unset)_ | When set, `POST /mcp` requires `Authorization: Bearer <token>`. `/health` stays open. Strongly recommended whenever the port is reachable beyond localhost |
|
|
434
|
+
| `HTTP_ALLOWED_HOSTS` | _(unset)_ | Comma-separated list of allowed `Host` headers for DNS rebinding protection when binding to `0.0.0.0` (e.g. `mcp.example.com,localhost`) |
|
|
432
435
|
|
|
433
436
|
**Example with custom config:**
|
|
434
437
|
```bash
|
|
@@ -559,10 +562,39 @@ curl http://localhost:3000/health
|
|
|
559
562
|
|
|
560
563
|
The MCP endpoint is available at `POST /mcp` (Streamable HTTP protocol).
|
|
561
564
|
|
|
565
|
+
**Securing the endpoint (read before exposing it).** In self-hosted HTTP mode the
|
|
566
|
+
server holds your `DEEPSEEK_API_KEY` and uses it for every `deepseek_chat` call.
|
|
567
|
+
Anyone who can reach `POST /mcp` can invoke tools and spend that key, so the
|
|
568
|
+
endpoint must not sit open on a public interface. The defaults are built around
|
|
569
|
+
this:
|
|
570
|
+
|
|
571
|
+
1. `HTTP_HOST` defaults to `127.0.0.1`, so a plain run only listens on loopback and the SDK's DNS rebinding protection is active. Nothing off the machine can reach it.
|
|
572
|
+
2. To accept remote connections, set `HTTP_HOST=0.0.0.0`, but then set `HTTP_AUTH_TOKEN` as well so `/mcp` requires `Authorization: Bearer <token>`. If you bind to `0.0.0.0` without a token, the server prints a loud warning on startup.
|
|
573
|
+
3. For an internet-facing deployment, put an authenticating reverse proxy with TLS in front and set `HTTP_ALLOWED_HOSTS` to your real hostname(s).
|
|
574
|
+
|
|
575
|
+
```bash
|
|
576
|
+
# Exposed deployment with a bearer token
|
|
577
|
+
TRANSPORT=http HTTP_HOST=0.0.0.0 HTTP_PORT=3000 \
|
|
578
|
+
HTTP_AUTH_TOKEN=$(openssl rand -hex 32) \
|
|
579
|
+
HTTP_ALLOWED_HOSTS=mcp.example.com \
|
|
580
|
+
DEEPSEEK_API_KEY=your-key node dist/index.js
|
|
581
|
+
|
|
582
|
+
# Calling it
|
|
583
|
+
curl -X POST http://mcp.example.com:3000/mcp \
|
|
584
|
+
-H "Authorization: Bearer YOUR_TOKEN" \
|
|
585
|
+
-H "Content-Type: application/json" \
|
|
586
|
+
-H "Accept: application/json, text/event-stream" \
|
|
587
|
+
-d '{"jsonrpc":"2.0","method":"initialize","params":{"capabilities":{}},"id":1}'
|
|
588
|
+
```
|
|
589
|
+
|
|
590
|
+
`HTTP_AUTH_TOKEN` is a static gateway token for the self-hosted endpoint and is
|
|
591
|
+
unrelated to your DeepSeek key. It is separate from the hosted BYOK endpoint
|
|
592
|
+
above, where clients pass their own DeepSeek key as the bearer.
|
|
593
|
+
|
|
562
594
|
**Session isolation (1.7.0+):** In HTTP transport each connected MCP session
|
|
563
595
|
gets its own `McpServer` instance and its own `SessionStore`. Conversation
|
|
564
596
|
history, session listings, and deletions are scoped to the MCP session that
|
|
565
|
-
created them
|
|
597
|
+
created them, so one client cannot read, enumerate, or wipe another client's
|
|
566
598
|
sessions. STDIO transport is single-tenant by nature and unaffected.
|
|
567
599
|
|
|
568
600
|
### Docker
|
|
@@ -571,14 +603,21 @@ sessions. STDIO transport is single-tenant by nature and unaffected.
|
|
|
571
603
|
# Build
|
|
572
604
|
docker build -t deepseek-mcp-server .
|
|
573
605
|
|
|
574
|
-
# Run
|
|
575
|
-
docker run -d -p 3000:3000
|
|
606
|
+
# Run, reachable only from the host's loopback, with a bearer token
|
|
607
|
+
docker run -d -p 127.0.0.1:3000:3000 \
|
|
608
|
+
-e DEEPSEEK_API_KEY=your-key \
|
|
609
|
+
-e HTTP_AUTH_TOKEN=your-token \
|
|
610
|
+
deepseek-mcp-server
|
|
576
611
|
|
|
577
612
|
# Or use docker-compose
|
|
578
|
-
DEEPSEEK_API_KEY=your-key docker compose up -d
|
|
613
|
+
DEEPSEEK_API_KEY=your-key HTTP_AUTH_TOKEN=your-token docker compose up -d
|
|
579
614
|
```
|
|
580
615
|
|
|
581
|
-
The
|
|
616
|
+
The image runs HTTP transport on port 3000 with a health check. Inside the
|
|
617
|
+
container it binds `0.0.0.0` (required for the port mapping to work), so control
|
|
618
|
+
exposure at the publish layer: the example above and the bundled
|
|
619
|
+
`docker-compose.yml` publish to `127.0.0.1` only. If you publish the port on a
|
|
620
|
+
public interface, set `HTTP_AUTH_TOKEN`.
|
|
582
621
|
|
|
583
622
|
## Troubleshooting
|
|
584
623
|
|
package/dist/config.d.ts
CHANGED
|
@@ -24,6 +24,9 @@ declare const ConfigSchema: z.ZodObject<{
|
|
|
24
24
|
http: "http";
|
|
25
25
|
}>>;
|
|
26
26
|
httpPort: z.ZodDefault<z.ZodNumber>;
|
|
27
|
+
httpHost: z.ZodDefault<z.ZodString>;
|
|
28
|
+
httpAuthToken: z.ZodOptional<z.ZodString>;
|
|
29
|
+
httpAllowedHosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
27
30
|
}, z.core.$strip>;
|
|
28
31
|
export type Config = z.infer<typeof ConfigSchema>;
|
|
29
32
|
/**
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,QAAA,MAAM,YAAY
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;iBAqBhB,CAAC;AAEH,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAIlD;;;;GAIG;AACH,wBAAgB,UAAU,IAAI,MAAM,CA8DnC;AAED;;;GAGG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAKlC;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAElC"}
|
package/dist/config.js
CHANGED
|
@@ -22,6 +22,9 @@ const ConfigSchema = z.object({
|
|
|
22
22
|
enableMultimodal: z.boolean().default(false),
|
|
23
23
|
transport: z.enum(['stdio', 'http']).default('stdio'),
|
|
24
24
|
httpPort: z.number().positive().default(3000),
|
|
25
|
+
httpHost: z.string().min(1).default('127.0.0.1'),
|
|
26
|
+
httpAuthToken: z.string().min(1).optional(),
|
|
27
|
+
httpAllowedHosts: z.array(z.string().min(1)).optional(),
|
|
25
28
|
});
|
|
26
29
|
let cachedConfig = null;
|
|
27
30
|
/**
|
|
@@ -64,6 +67,11 @@ export function loadConfig() {
|
|
|
64
67
|
enableMultimodal: process.env.ENABLE_MULTIMODAL === 'true',
|
|
65
68
|
transport: (process.env.TRANSPORT || 'stdio'),
|
|
66
69
|
httpPort: process.env.HTTP_PORT ? parseInt(process.env.HTTP_PORT, 10) : 3000,
|
|
70
|
+
httpHost: process.env.HTTP_HOST || '127.0.0.1',
|
|
71
|
+
httpAuthToken: process.env.HTTP_AUTH_TOKEN || undefined,
|
|
72
|
+
httpAllowedHosts: process.env.HTTP_ALLOWED_HOSTS
|
|
73
|
+
? process.env.HTTP_ALLOWED_HOSTS.split(',').map((h) => h.trim()).filter(Boolean)
|
|
74
|
+
: undefined,
|
|
67
75
|
};
|
|
68
76
|
const result = ConfigSchema.safeParse(raw);
|
|
69
77
|
if (!result.success) {
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC;IAC7D,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACvC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACpD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9C,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACxD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACpD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAC/C,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;IACjD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAChE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACtD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACrD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC;IAC7D,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACvC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACpD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9C,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACxD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACpD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IAC/C,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;IACjD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAChE,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACtD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACrD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC7C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAChD,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAC;AAIH,IAAI,YAAY,GAAkB,IAAI,CAAC;AAEvC;;;;GAIG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE;QAC1C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,0BAA0B;QACpE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,OAAO;QACpD,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe;YACzC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3C,CAAC,CAAC,KAAK;QACT,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW;YACjC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;YACvC,CAAC,CAAC,CAAC;QACL,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;QAC/D,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;YAC9C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC9C,CAAC,CAAC,OAAO;QACX,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;YAChD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC/C,CAAC,CAAC,EAAE;QACN,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YACnC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC;YACxC,CAAC,CAAC,GAAG;QACP,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,OAAO;QACzD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,eAAe;QAC1D,uBAAuB,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5D,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACrD,CAAC,CAAC,CAAC;QACL,0BAA0B,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;YACnE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,EAAE,CAAC;YACzD,CAAC,CAAC,KAAK;QACT,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;YAClD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC;YAChD,CAAC,CAAC,GAAG;QACP,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM;QAC1D,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,CAAqB;QACjE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI;QAC5E,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,WAAW;QAC9C,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS;QACvD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;YAC9C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YAChF,CAAC,CAAC,SAAS;KACd,CAAC;IAEF,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE3C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACjD,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC,CAAC;QAEJ,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM;YACtB,CAAC,CAAC,oFAAoF;YACtF,CAAC,CAAC,EAAE,CAAC;QAEP,MAAM,IAAI,WAAW,CACnB,kCAAkC,IAAI,EAAE,EACxC,MAAM,CACP,CAAC;IACJ,CAAC;IAED,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;IAC3B,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -3,5 +3,5 @@
|
|
|
3
3
|
* DeepSeek MCP Server
|
|
4
4
|
* Model Context Protocol server for DeepSeek API integration
|
|
5
5
|
*/
|
|
6
|
-
export declare function createSandboxServer(): import("@modelcontextprotocol/sdk/server/mcp
|
|
6
|
+
export declare function createSandboxServer(): import("@modelcontextprotocol/sdk/server/mcp").McpServer;
|
|
7
7
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAmHH,wBAAgB,mBAAmB,6DAWlC"}
|
package/dist/index.js
CHANGED
|
@@ -71,7 +71,11 @@ async function main() {
|
|
|
71
71
|
registerAllResources(s);
|
|
72
72
|
return s;
|
|
73
73
|
};
|
|
74
|
-
await startHttpTransport(serverFactory, config.httpPort
|
|
74
|
+
await startHttpTransport(serverFactory, config.httpPort, {
|
|
75
|
+
host: config.httpHost,
|
|
76
|
+
authToken: config.httpAuthToken,
|
|
77
|
+
allowedHosts: config.httpAllowedHosts,
|
|
78
|
+
});
|
|
75
79
|
}
|
|
76
80
|
else {
|
|
77
81
|
// Stdio transport (default)
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,KAAK,UAAU,IAAI;IACjB,kCAAkC;IAClC,IAAI,CAAC;QACH,UAAU,EAAE,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;YACzC,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAE9B,2EAA2E;IAC3E,2EAA2E;IAC3E,MAAM,iBAAiB,GAAG,IAAI,YAAY,EAAE,CAAC;IAE7C,yCAAyC;IACzC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACtD,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAE7B,oEAAoE;IACpE,2EAA2E;IAC3E,wEAAwE;IACxE,eAAe;IACf,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QAChC,YAAY,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,mCAAmC,OAAO,KAAK,CAAC,CAAC;IAE/D,oEAAoE;IACpE,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;QAEpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC3E,OAAO,CAAC,KAAK,CACX,kEAAkE,CACnE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QAChC,sEAAsE;QACtE,yEAAyE;QACzE,qEAAqE;QACrE,qEAAqE;QACrE,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;YACxC,gBAAgB,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC5C,kBAAkB,CAAC,CAAC,CAAC,CAAC;YACtB,oBAAoB,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,CAAC;QACX,CAAC,CAAC;QACF,MAAM,kBAAkB,CAAC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,KAAK,UAAU,IAAI;IACjB,kCAAkC;IAClC,IAAI,CAAC;QACH,UAAU,EAAE,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;YACzC,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAC;IACtC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAE9B,2EAA2E;IAC3E,2EAA2E;IAC3E,MAAM,iBAAiB,GAAG,IAAI,YAAY,EAAE,CAAC;IAE7C,yCAAyC;IACzC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACtD,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAE7B,oEAAoE;IACpE,2EAA2E;IAC3E,wEAAwE;IACxE,eAAe;IACf,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QAChC,YAAY,CAAC,WAAW,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,mCAAmC,OAAO,KAAK,CAAC,CAAC;IAE/D,oEAAoE;IACpE,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;QAEpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC3E,OAAO,CAAC,KAAK,CACX,kEAAkE,CACnE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QAChC,sEAAsE;QACtE,yEAAyE;QACzE,qEAAqE;QACrE,qEAAqE;QACrE,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;YACxC,gBAAgB,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC5C,kBAAkB,CAAC,CAAC,CAAC,CAAC;YACtB,oBAAoB,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,CAAC;QACX,CAAC,CAAC;QACF,MAAM,kBAAkB,CAAC,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE;YACvD,IAAI,EAAE,MAAM,CAAC,QAAQ;YACrB,SAAS,EAAE,MAAM,CAAC,aAAa;YAC/B,YAAY,EAAE,MAAM,CAAC,gBAAgB;SACtC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACxD,OAAO,CAAC,KAAK,CACX,uFAAuF,CACxF,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAC9G,CAAC;AACH,CAAC;AAED,iBAAiB;AACjB,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;IACxC,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;IAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;IACnD,OAAO,CAAC,KAAK,CACX,wCAAwC,EACxC,OAAO,EACP,SAAS,EACT,MAAM,CACP,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,6EAA6E;AAC7E,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,aAAa,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,MAAM,CAAC;IAC1C,UAAU,EAAE,CAAC;IACb,MAAM,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;IACxC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC/C,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,mBAAmB;AACnB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/server.js
CHANGED
|
@@ -6,7 +6,7 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
|
6
6
|
import { readFileSync } from 'fs';
|
|
7
7
|
import { dirname, join } from 'path';
|
|
8
8
|
import { fileURLToPath } from 'url';
|
|
9
|
-
let version = '1.
|
|
9
|
+
let version = '1.8.0';
|
|
10
10
|
try {
|
|
11
11
|
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
12
12
|
const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
|
package/dist/transport-http.d.ts
CHANGED
|
@@ -4,6 +4,19 @@
|
|
|
4
4
|
* Each MCP session gets its own McpServer instance; DeepSeekClient is shared.
|
|
5
5
|
*/
|
|
6
6
|
import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
7
|
-
export
|
|
8
|
-
|
|
7
|
+
export interface HttpAppOptions {
|
|
8
|
+
/**
|
|
9
|
+
* Hostname for DNS rebinding protection. Defaults to '127.0.0.1', which makes
|
|
10
|
+
* the SDK auto-enable host-header validation. Set to '0.0.0.0' only when the
|
|
11
|
+
* deployment is meant to be reachable from other hosts (e.g. inside a
|
|
12
|
+
* container) — pair it with authToken and/or allowedHosts.
|
|
13
|
+
*/
|
|
14
|
+
host?: string;
|
|
15
|
+
/** When set, '/mcp' requires `Authorization: Bearer <token>`. '/health' stays open. */
|
|
16
|
+
authToken?: string;
|
|
17
|
+
/** Explicit allowed Host headers — keeps DNS rebinding protection on when binding to 0.0.0.0. */
|
|
18
|
+
allowedHosts?: string[];
|
|
19
|
+
}
|
|
20
|
+
export declare function createHttpApp(serverFactory: () => McpServer, opts?: HttpAppOptions): import("express").Express;
|
|
21
|
+
export declare function startHttpTransport(serverFactory: () => McpServer, port: number, opts?: HttpAppOptions): Promise<void>;
|
|
9
22
|
//# sourceMappingURL=transport-http.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transport-http.d.ts","sourceRoot":"","sources":["../src/transport-http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAMzE,wBAAgB,aAAa,CAAC,aAAa,EAAE,MAAM,SAAS,
|
|
1
|
+
{"version":3,"file":"transport-http.d.ts","sourceRoot":"","sources":["../src/transport-http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAMzE,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uFAAuF;IACvF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iGAAiG;IACjG,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAUD,wBAAgB,aAAa,CAAC,aAAa,EAAE,MAAM,SAAS,EAAE,IAAI,GAAE,cAAmB,6BA0GtF;AAED,wBAAsB,kBAAkB,CACtC,aAAa,EAAE,MAAM,SAAS,EAC9B,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,cAAmB,GACxB,OAAO,CAAC,IAAI,CAAC,CAmCf"}
|
package/dist/transport-http.js
CHANGED
|
@@ -6,11 +6,38 @@
|
|
|
6
6
|
import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
|
|
7
7
|
import { createMcpExpressApp } from '@modelcontextprotocol/sdk/server/express.js';
|
|
8
8
|
import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
|
|
9
|
-
import { randomUUID } from 'node:crypto';
|
|
9
|
+
import { randomUUID, timingSafeEqual } from 'node:crypto';
|
|
10
10
|
import { version } from './server.js';
|
|
11
11
|
const transports = {};
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
/** Constant-time string comparison to avoid leaking the token via response timing. */
|
|
13
|
+
function timingSafeStringEqual(a, b) {
|
|
14
|
+
const ab = Buffer.from(a);
|
|
15
|
+
const bb = Buffer.from(b);
|
|
16
|
+
if (ab.length !== bb.length)
|
|
17
|
+
return false;
|
|
18
|
+
return timingSafeEqual(ab, bb);
|
|
19
|
+
}
|
|
20
|
+
export function createHttpApp(serverFactory, opts = {}) {
|
|
21
|
+
const { host = '127.0.0.1', authToken, allowedHosts } = opts;
|
|
22
|
+
const app = createMcpExpressApp(allowedHosts ? { host, allowedHosts } : { host });
|
|
23
|
+
// Optional bearer-token auth guarding the MCP endpoint. Registered before the
|
|
24
|
+
// /mcp route handlers so it runs first. /health is intentionally left open so
|
|
25
|
+
// container/orchestrator health probes work without credentials.
|
|
26
|
+
if (authToken) {
|
|
27
|
+
const expected = `Bearer ${authToken}`;
|
|
28
|
+
app.use('/mcp', (req, res, next) => {
|
|
29
|
+
const provided = req.headers['authorization'];
|
|
30
|
+
if (typeof provided === 'string' && timingSafeStringEqual(provided, expected)) {
|
|
31
|
+
next();
|
|
32
|
+
return;
|
|
33
|
+
}
|
|
34
|
+
res.status(401).json({
|
|
35
|
+
jsonrpc: '2.0',
|
|
36
|
+
error: { code: -32001, message: 'Unauthorized: missing or invalid bearer token' },
|
|
37
|
+
id: null,
|
|
38
|
+
});
|
|
39
|
+
});
|
|
40
|
+
}
|
|
14
41
|
// Health check endpoint
|
|
15
42
|
app.get('/health', (_req, res) => {
|
|
16
43
|
res.json({
|
|
@@ -88,12 +115,22 @@ export function createHttpApp(serverFactory) {
|
|
|
88
115
|
});
|
|
89
116
|
return app;
|
|
90
117
|
}
|
|
91
|
-
export async function startHttpTransport(serverFactory, port) {
|
|
92
|
-
const
|
|
93
|
-
const
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
console.error(`[DeepSeek MCP]
|
|
118
|
+
export async function startHttpTransport(serverFactory, port, opts = {}) {
|
|
119
|
+
const host = opts.host ?? '127.0.0.1';
|
|
120
|
+
const app = createHttpApp(serverFactory, opts);
|
|
121
|
+
const exposed = host === '0.0.0.0' || host === '::';
|
|
122
|
+
if (exposed && !opts.authToken) {
|
|
123
|
+
console.error(`[DeepSeek MCP] SECURITY WARNING: binding to ${host} with no HTTP_AUTH_TOKEN set. ` +
|
|
124
|
+
'The /mcp endpoint is unauthenticated and reachable from any network that can ' +
|
|
125
|
+
'reach this port, so anyone could invoke tools and spend your DEEPSEEK_API_KEY. ' +
|
|
126
|
+
'Set HTTP_AUTH_TOKEN, put an authenticating reverse proxy in front, or bind to ' +
|
|
127
|
+
'127.0.0.1 via HTTP_HOST.');
|
|
128
|
+
}
|
|
129
|
+
const httpServer = app.listen(port, host, () => {
|
|
130
|
+
console.error(`[DeepSeek MCP] HTTP transport listening on http://${host}:${port}`);
|
|
131
|
+
console.error(`[DeepSeek MCP] Health check: http://${host}:${port}/health`);
|
|
132
|
+
console.error(`[DeepSeek MCP] MCP endpoint: http://${host}:${port}/mcp`);
|
|
133
|
+
console.error(`[DeepSeek MCP] Bearer-token auth on /mcp: ${opts.authToken ? 'ENABLED' : 'disabled'}`);
|
|
97
134
|
});
|
|
98
135
|
const shutdown = async () => {
|
|
99
136
|
console.error('[DeepSeek MCP] Shutting down HTTP transport...');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transport-http.js","sourceRoot":"","sources":["../src/transport-http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"transport-http.js","sourceRoot":"","sources":["../src/transport-http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,MAAM,UAAU,GAAkD,EAAE,CAAC;AAgBrE,sFAAsF;AACtF,SAAS,qBAAqB,CAAC,CAAS,EAAE,CAAS;IACjD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,aAA8B,EAAE,OAAuB,EAAE;IACrF,MAAM,EAAE,IAAI,GAAG,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;IAC7D,MAAM,GAAG,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAElF,8EAA8E;IAC9E,8EAA8E;IAC9E,iEAAiE;IACjE,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,QAAQ,GAAG,UAAU,SAAS,EAAE,CAAC;QACvC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAC9C,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAC9E,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,+CAA+C,EAAE;gBACjF,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,wBAAwB;IACxB,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,IAAI;YACZ,OAAO;YACP,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE;YACxB,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,uCAAuC;IACvC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,qCAAqC;QACrC,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC,SAAS,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,EAAE,EAAE,EAAE;oBAC3B,UAAU,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC;oBAC3B,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,EAAE,CAAC,CAAC;gBAClE,CAAC;aACF,CAAC,CAAC;YAEH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACvB,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;oBACxB,OAAO,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;oBACvC,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,kBAAkB;QAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,gEAAgE,EAAE;YAClG,EAAE,EAAE,IAAI;SACT,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,+BAA+B,EAAE;gBACjE,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,kCAAkC;IAClC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,CAAC;YACpC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;YAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,+BAA+B,EAAE;gBACjE,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,aAA8B,EAC9B,IAAY,EACZ,OAAuB,EAAE;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,MAAM,GAAG,GAAG,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,CAAC;IACpD,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CACX,+CAA+C,IAAI,gCAAgC;YACjF,+EAA+E;YAC/E,iFAAiF;YACjF,gFAAgF;YAChF,0BAA0B,CAC7B,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;QAC7C,OAAO,CAAC,KAAK,CAAC,qDAAqD,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,KAAK,CAAC,uCAAuC,IAAI,IAAI,IAAI,SAAS,CAAC,CAAC;QAC5E,OAAO,CAAC,KAAK,CAAC,uCAAuC,IAAI,IAAI,IAAI,MAAM,CAAC,CAAC;QACzE,OAAO,CAAC,KAAK,CACX,6CAA6C,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE,CACvF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAChE,KAAK,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,UAAU,CAAC,EAAE,CAAC,CAAC;QACxB,CAAC;QACD,UAAU,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@arikusi/deepseek-mcp-server",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.8.0",
|
|
4
4
|
"mcpName": "io.github.arikusi/deepseek",
|
|
5
5
|
"description": "MCP Server for DeepSeek API integration - enables Claude Code to use DeepSeek Chat and Reasoner models",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -62,18 +62,18 @@
|
|
|
62
62
|
"CHANGELOG.md"
|
|
63
63
|
],
|
|
64
64
|
"dependencies": {
|
|
65
|
-
"@modelcontextprotocol/sdk": "^1.
|
|
65
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
66
66
|
"openai": "^6.27.0",
|
|
67
67
|
"zod": "^4.3.6"
|
|
68
68
|
},
|
|
69
69
|
"devDependencies": {
|
|
70
70
|
"@types/express": "^5.0.6",
|
|
71
71
|
"@types/node": "^22.10.5",
|
|
72
|
-
"@vitest/coverage-v8": "^4.
|
|
72
|
+
"@vitest/coverage-v8": "^4.1.8",
|
|
73
73
|
"typescript": "^5.7.3",
|
|
74
|
-
"vitest": "^4.
|
|
74
|
+
"vitest": "^4.1.8"
|
|
75
75
|
},
|
|
76
76
|
"engines": {
|
|
77
|
-
"node": ">=
|
|
77
|
+
"node": ">=20.0.0"
|
|
78
78
|
}
|
|
79
79
|
}
|