feat: add DeepSeek provider support across the gateway

[etnperlong]

Summary

Adds DeepSeek as a first-class provider and wires it through the core gateway, HTTP transport, docs, config schema, and UI metadata so it can be selected and used consistently across the product.

Changes

• Implemented the DeepSeek provider, including request/response conversion and provider-specific handling.
• Added cached content support for DeepSeek operations.
• Registered DeepSeek in core provider selection and gateway integration paths.
• Updated config schema, OpenAPI docs, and provider documentation so DeepSeek is discoverable and configurable.
• Added UI constants/icons/log display updates so DeepSeek appears consistently in the interface.
• Included provider tests and CI wiring updates for validation.

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (React)
• Docs

How to test

go version
make test-core PROVIDER=deepseek
make build

cd ui
npm run build

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: de9e47c6-32ff-4983-8fd7-b1ccca33391a

📥 Commits

Reviewing files that changed from the base of the PR and between 762453d and 79fa819.

📒 Files selected for processing (18)

• .github/workflows/pr-tests.yml
• .github/workflows/release-pipeline.yml
• core/bifrost.go
• core/providers/deepseek/cachedcontents.go
• core/providers/deepseek/deepseek.go
• core/providers/deepseek/deepseek_test.go
• core/schemas/bifrost.go
• docs/deployment-guides/config-json/schema-reference.mdx
• docs/docs.json
• docs/openapi/openapi.json
• docs/openapi/schemas/inference/common.yaml
• docs/overview.mdx
• docs/providers/supported-providers/deepseek.mdx
• docs/providers/supported-providers/overview.mdx
• transports/config.schema.json
• ui/lib/constants/config.ts
• ui/lib/constants/icons.tsx
• ui/lib/constants/logs.ts

✅ Files skipped from review due to trivial changes (6)

• docs/deployment-guides/config-json/schema-reference.mdx
• docs/providers/supported-providers/overview.mdx
• docs/openapi/openapi.json
• docs/providers/supported-providers/deepseek.mdx
• docs/overview.mdx
• docs/openapi/schemas/inference/common.yaml

🚧 Files skipped from review as they are similar to previous changes (12)

• docs/docs.json
• core/providers/deepseek/deepseek_test.go
• core/providers/deepseek/cachedcontents.go
• ui/lib/constants/logs.ts
• .github/workflows/pr-tests.yml
• core/schemas/bifrost.go
• ui/lib/constants/icons.tsx
• ui/lib/constants/config.ts
• .github/workflows/release-pipeline.yml
• core/providers/deepseek/deepseek.go
• core/bifrost.go
• transports/config.schema.json

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added DeepSeek as a supported OpenAI-compatible chat provider (streaming & non-streaming), tool calling, model listing, and Responses-via-chat fallback.

• Documentation

  • Added DeepSeek provider guide, docs nav entry, support matrix, schema and OpenAPI updates.

• UI

  • Added DeepSeek icon, model placeholder, provider label, and marked API key as required.

• Tests

  • Added comprehensive DeepSeek provider tests.

• Chores

  • CI updated to provide DEEPSEEK_API_KEY and allow DeepSeek endpoints.

Walkthrough

Adds DeepSeek as a built-in provider: implements a DeepSeekProvider (chat, streaming, list-models), wires it into the provider factory, adds tests, docs, UI icons/constants, config/OpenAPI/schema entries, and exposes DEEPSEEK_API_KEY and api.deepseek.com in CI workflows.

Changes

DeepSeek Provider Implementation & Integration

Layer / File(s)	Summary
Data Shape & Registry core/schemas/bifrost.go, transports/config.schema.json, docs/openapi/schemas/inference/common.yaml, docs/openapi/openapi.json, docs/docs.json, docs/deployment-guides/config-json/schema-reference.mdx	Adds DeepSeek to ModelProvider enum and StandardProviders; registers providers.deepseek in config schema; OpenAPI schema/JSON and docs navigation updated.
Core Provider Implementation core/providers/deepseek/deepseek.go	Adds DeepSeekProvider type and constructor with unary/stream HTTP clients, network config and flags; implements ListModels, ChatCompletion, ChatCompletionStream, Responses/ResponsesStream; many ops return unsupported-operation errors.
Cached Content Stubs core/providers/deepseek/cachedcontents.go	Implements cached-content lifecycle methods that deterministically return unsupported-operation errors.
Factory Wiring core/bifrost.go	Imports core/providers/deepseek and extends createBaseProvider to construct a DeepSeekProvider for schemas.DeepSeek.
Tests core/providers/deepseek/deepseek_test.go	Adds TestDeepSeek suite (skips unless DEEPSEEK_API_KEY set) and httptest unit tests verifying /chat/completions and /models request paths, auth header behavior, and unsupported TextCompletion.
CI/CD & Runner Security .github/workflows/pr-tests.yml, .github/workflows/release-pipeline.yml	Injects DEEPSEEK_API_KEY into test/release job environments and adds api.deepseek.com:443 to allowed endpoints across test and release jobs; updates notify curl invocation.
UI Constants & Iconography ui/lib/constants/config.ts, ui/lib/constants/icons.tsx, ui/lib/constants/logs.ts	Adds deepseek to model placeholders and key-required map, introduces ProviderIcons.deepseek SVG, and adds provider name/label entries.
Documentation & API Specs docs/providers/supported-providers/deepseek.mdx, docs/overview.mdx, docs/providers/supported-providers/overview.mdx, docs/deployment-guides/config-json/schema-reference.mdx, docs/docs.json, docs/openapi/openapi.json	Adds DeepSeek docs page, provider card and matrix entry, config examples referencing env.DEEPSEEK_API_KEY, navigation entry, and updates OpenAPI/provider lists.

Sequence Diagram

sequenceDiagram
    participant Client
    participant BifrostCore
    participant DeepSeekProvider
    participant DeepSeekAPI

    rect rgba(100, 150, 255, 0.5)
    Note over Client,DeepSeekAPI: Chat Completion Flow
    Client->>BifrostCore: ChatCompletion(deepseek/<model>, messages)
    BifrostCore->>DeepSeekProvider: ChatCompletion(key, request)
    DeepSeekProvider->>DeepSeekProvider: build headers (Authorization Bearer from key)
    DeepSeekProvider->>DeepSeekAPI: POST /chat/completions (body, headers)
    DeepSeekAPI->>DeepSeekProvider: JSON response {choices: [...]}
    DeepSeekProvider->>BifrostCore: BifrostChatResponse
    BifrostCore->>Client: Unified response
    end

    rect rgba(150, 200, 100, 0.5)
    Note over Client,DeepSeekAPI: Model Listing Flow
    Client->>BifrostCore: ListModels()
    BifrostCore->>DeepSeekProvider: ListModels()
    DeepSeekProvider->>DeepSeekAPI: GET /models
    DeepSeekAPI->>DeepSeekProvider: {data: [{id}, ...]}
    DeepSeekProvider->>BifrostCore: BifrostListModelsResponse
    BifrostCore->>Client: Unified model list
    end

    rect rgba(200, 150, 100, 0.5)
    Note over Client,DeepSeekAPI: Streaming Chat Flow
    Client->>BifrostCore: ChatCompletionStream(...)
    BifrostCore->>DeepSeekProvider: ChatCompletionStream(...)
    DeepSeekProvider->>DeepSeekAPI: POST /chat/completions?stream=true
    DeepSeekAPI->>DeepSeekProvider: SSE / chunked stream
    DeepSeekProvider->>BifrostCore: chan BifrostStreamChunk
    BifrostCore->>Client: Stream chunks
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 A nibble, a hop—DeepSeek joins the trail,
Chats and streams now answer without fail,
Models listed, headers set, CI keys aligned,
Docs penned, icons placed, provider configured and signed,
A tiny hop to celebrate code well-designed.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding DeepSeek provider support across the gateway, which aligns with the scope of files modified and objectives stated.
Description check	✅ Passed	The description covers the essential sections (Summary, Changes, Type, Affected areas, How to test) but lacks explicit Breaking changes and Security considerations sections from the template.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.1)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies"

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Confidence Score: 4/5

Safe to merge for the gateway integration itself; the live CI integration test may fail if DEEPSEEK_API_KEY is populated and the referenced model names are not yet active on the DeepSeek API

The core Go adapter, schema registration, and UI wiring are structurally correct and follow established provider patterns. The open concern is that the integration test targets deepseek-v4-flash and deepseek-v4-pro, model identifiers that do not appear in DeepSeek's current public documentation — if the CI secret is set, every live scenario in the comprehensive test suite will hit an invalid-model error from the API

core/providers/deepseek/deepseek_test.go and docs/providers/supported-providers/deepseek.mdx — both use the unverified model names that may not yet resolve against the live DeepSeek API

Important Files Changed

Filename	Overview
core/providers/deepseek/deepseek.go	New DeepSeek provider implementation delegating to shared OpenAI-compatible handlers; streaming auth pattern matches the established Cerebras/Perplexity pattern
core/providers/deepseek/deepseek_test.go	Unit tests use httptest servers (solid) but the live integration test targets deepseek-v4-flash / deepseek-v4-pro — model identifiers not present in DeepSeek's public docs — which will fail if the secret is set in CI
core/bifrost.go	DeepSeek registered in the provider factory; return pattern (multi-value forwarding) matches Perplexity and Cerebras entries above it
docs/providers/supported-providers/deepseek.mdx	Docs correctly describe root-based endpoint behavior and the config.json key field, but the migration advice references deepseek-v4-flash / deepseek-v4-pro which are not in DeepSeek's current public model list
ui/lib/constants/config.ts	Adds deepseek to ModelPlaceholders and isKeyRequiredByProvider; PROVIDER_SUPPORTED_REQUESTS intentionally omitted (deepseek is not a BaseProvider), consistent with cerebras, groq, and others
.github/workflows/release-pipeline.yml	Consistently adds api.deepseek.com:443 to egress allowlists and DEEPSEEK_API_KEY secret across all relevant job stages

_{Reviews (7): Last reviewed commit: "fix: use correct keys field in DeepSeek ..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release-pipeline.yml:
- Line 215: The workflow sets DEEPSEEK_API_KEY but the blocked-job
allowed-endpoints lists do not include the DeepSeek API host, causing outbound
calls to be blocked; update each allowed-endpoints list used by DeepSeek-calling
jobs to include the DeepSeek API host (e.g., api.deepseek.ai) so requests using
DEEPSEEK_API_KEY can reach the provider, and make the same addition for the
other allowed-endpoints occurrences referenced in the review.

In `@core/providers/deepseek/deepseek_test.go`:
- Around line 81-86: In the httptest handler closure inside deepseek_test.go
where the test server is created (the http.HandlerFunc passed to
httptest.NewServer), replace the fatal test helpers (require.Equal) with
non-fatal assertions (assert.Equal) for the URL path and Authorization header
checks so failures don't call t.FailNow from a goroutine; update imports to
include testify/assert if needed and use assert.Equal(t, "/chat/completions",
r.URL.Path) and assert.Equal(t, "Bearer test-api-key",
r.Header.Get("Authorization")) (same for the other handler at line ~112) so
assertion failures are reported without terminating the goroutine.

In `@docs/providers/supported-providers/deepseek.mdx`:
- Around line 85-112: Replace the standalone example blocks in the DeepSeek docs
with Mintlify tabbed sections labeled "Web UI", "API", and "config.json": move
the current curl request and any UI usage into the "Web UI" and "API" tabs as
appropriate, and place the JSON config example under the "config.json" tab
(preserve the exact JSON content). Ensure the "config.json" example validates
against transports/config.schema.json and update headings or brief descriptions
inside each tab to match existing style guidelines.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4812c2a-f98c-46c9-b9e6-9efb5654da7e

📥 Commits

Reviewing files that changed from the base of the PR and between 233d11e and 485ac22.

📒 Files selected for processing (18)

• .github/workflows/pr-tests.yml
• .github/workflows/release-pipeline.yml
• core/bifrost.go
• core/providers/deepseek/cachedcontents.go
• core/providers/deepseek/deepseek.go
• core/providers/deepseek/deepseek_test.go
• core/schemas/bifrost.go
• docs/deployment-guides/config-json/schema-reference.mdx
• docs/docs.json
• docs/openapi/openapi.json
• docs/openapi/schemas/inference/common.yaml
• docs/overview.mdx
• docs/providers/supported-providers/deepseek.mdx
• docs/providers/supported-providers/overview.mdx
• transports/config.schema.json
• ui/lib/constants/config.ts
• ui/lib/constants/icons.tsx
• ui/lib/constants/logs.ts

[etnperlong]

I checked the model-name concern against the current DeepSeek docs before changing anything.

Right now the official docs list deepseek-v4-flash and deepseek-v4-pro as the public model IDs. deepseek-chat and deepseek-reasoner are still mentioned, but as legacy compatibility aliases. Because of that, I kept the test, docs, and UI placeholder values on the v4 names and added a short note in the provider docs to make the alias mapping explicit.

References used:

• /quick_start/pricing
• /api/create-chat-completion
• /api/list-models

All three are on https://api-docs.deepseek.com.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/providers/supported-providers/deepseek.mdx (1)

112-130: ⚡ Quick win

Consider adding a network_config example to the config.json tab.

Line 55 explicitly tells users to override network_config.base_url to access DeepSeek's beta endpoints (https://api.deepseek.com/beta), but the config.json tab doesn't illustrate this. Users following the tab to configure DeepSeek will miss this unless they also read the prose above.

📄 Suggested addition

 {
   "providers": {
     "deepseek": {
       "api_keys": [
         {
           "value": "env.DEEPSEEK_API_KEY"
         }
-      ]
+      ],
+      "network_config": {
+        "base_url": "https://api.deepseek.com/beta"
+      }
     }
   }
 }

(Remove network_config from the snippet if it is not a valid schema field, or show it commented-out with a note.)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/providers/supported-providers/deepseek.mdx` around lines 112 - 130,
Update the config.json example in the config.json Tab of the deepseek.mdx docs
to include a network_config example that shows overriding
network_config.base_url (e.g., pointing to https://api.deepseek.com/beta) so
users see how to target the beta endpoint; if network_config is not part of the
real schema, include it as a commented-out example or annotated snippet instead
and add a brief inline note. Reference the existing config.json Tab and the
network_config.base_url field so the change is made alongside the
"providers.deepseek" api_keys example.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/providers/supported-providers/deepseek.mdx`:
- Line 83: The docs line claiming "deepseek-chat and deepseek-reasoner remain
legacy compatibility aliases" is incorrect and understates that those names will
be retired; update the text in docs/providers/supported-providers/deepseek.mdx
to mark `deepseek-chat` and `deepseek-reasoner` as deprecated and being retired
on July 24, 2026, and explicitly instruct users to migrate to
`deepseek-v4-flash` and `deepseek-v4-pro`; ensure the sentence replaces the
alias wording and includes the retirement date and recommended replacements.

---

Nitpick comments:
In `@docs/providers/supported-providers/deepseek.mdx`:
- Around line 112-130: Update the config.json example in the config.json Tab of
the deepseek.mdx docs to include a network_config example that shows overriding
network_config.base_url (e.g., pointing to https://api.deepseek.com/beta) so
users see how to target the beta endpoint; if network_config is not part of the
real schema, include it as a commented-out example or annotated snippet instead
and add a brief inline note. Reference the existing config.json Tab and the
network_config.base_url field so the change is made alongside the
"providers.deepseek" api_keys example.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 34c4bfa6-f95e-42ae-950e-9250ee3c10d9

📥 Commits

Reviewing files that changed from the base of the PR and between 485ac22 and 51c60ae.

📒 Files selected for processing (3)

• .github/workflows/release-pipeline.yml
• core/providers/deepseek/deepseek_test.go
• docs/providers/supported-providers/deepseek.mdx

🚧 Files skipped from review as they are similar to previous changes (2)

• core/providers/deepseek/deepseek_test.go
• .github/workflows/release-pipeline.yml

[greptile-apps]

The config.json example uses "api_keys" as the field name, but the transport config schema (config.schema.json) defines the field as "keys" and marks it as required. Every other provider doc (vertex, runway, bedrock, azure, etc.) also uses "keys". A user who copies this snippet verbatim will get a silently ignored config — DeepSeek keys won't be registered and all requests will fail with an auth/missing-provider error.

Suggested change

	"deepseek": {
	"api_keys": [
	{
	"value": "env.DEEPSEEK_API_KEY"
	}
	]
	}
	"deepseek": {
	"keys": [
	{
	"value": "env.DEEPSEEK_API_KEY"
	}
	]
	}

[etnperlong]

Good catch — fixed in 1848aa4. Changed api_keys to keys to match the transport config schema and the pattern used in all other provider docs.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/providers/supported-providers/deepseek.mdx`:
- Around line 44-50: Add a single clarifying sentence in the DeepSeek provider
docs that explicitly distinguishes DeepSeek's upstream root-based endpoints
(e.g., "/chat/completions" and "/models") from the Bifrost gateway paths (which
use the "/v1/..." prefix such as "/v1/chat/completions"), so readers understand
the examples under "API" refer to the Bifrost gateway while the listed DeepSeek
paths are the upstream provider paths.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9dbfe00f-28b6-404e-ad5c-e7fc1a5bf5cb

📥 Commits

Reviewing files that changed from the base of the PR and between 1848aa4 and 836ccb0.

📒 Files selected for processing (18)

• .github/workflows/pr-tests.yml
• .github/workflows/release-pipeline.yml
• core/bifrost.go
• core/providers/deepseek/cachedcontents.go
• core/providers/deepseek/deepseek.go
• core/providers/deepseek/deepseek_test.go
• core/schemas/bifrost.go
• docs/deployment-guides/config-json/schema-reference.mdx
• docs/docs.json
• docs/openapi/openapi.json
• docs/openapi/schemas/inference/common.yaml
• docs/overview.mdx
• docs/providers/supported-providers/deepseek.mdx
• docs/providers/supported-providers/overview.mdx
• transports/config.schema.json
• ui/lib/constants/config.ts
• ui/lib/constants/icons.tsx
• ui/lib/constants/logs.ts

✅ Files skipped from review due to trivial changes (4)

• docs/docs.json
• core/providers/deepseek/cachedcontents.go
• docs/openapi/schemas/inference/common.yaml
• core/bifrost.go

🚧 Files skipped from review as they are similar to previous changes (12)

• docs/providers/supported-providers/overview.mdx
• docs/deployment-guides/config-json/schema-reference.mdx
• docs/openapi/openapi.json
• .github/workflows/pr-tests.yml
• transports/config.schema.json
• ui/lib/constants/config.ts
• docs/overview.mdx
• ui/lib/constants/logs.ts
• core/schemas/bifrost.go
• core/providers/deepseek/deepseek_test.go
• .github/workflows/release-pipeline.yml
• core/providers/deepseek/deepseek.go