WEB: Auth for serve --http

[Hmbown]

Summary

Basic-auth via DEEPSEEK_SERVER_PASSWORD, with localhost bypass when env is not set.

Acceptance criteria

• Browser prompts on first visit.
• Cookie persists.
• No auth for 127.0.0.1 by default.

Files

crates/app-server/src/auth.rs (new); apps/web/

Size

S

Source

Source tag: WEB. Add exact upstream/opencode source links during implementation if they are not already known. Do not copy external code blindly; port the behavior into this repo's architecture.

Filed from 2026-05-02 v0.8.8 intake.

[merchloubna70-dot]

Hey @Hmbown — sharing a product perspective as a contributor who's been sending PRs today.

DeepSeek-TUI's moat is being terminal-native: single binary, zero runtime deps, works over SSH, integrates naturally with pipes and tmux. A web UI moves in the opposite direction.

Concerns:

• Competing with Claude.ai / ChatGPT / every AI chat interface — a race that's hard to win as a solo dev
• Two UI surfaces to maintain indefinitely
• Dilutes the "works anywhere a shell works" value proposition that drew terminal users here

Better fit IMO: VS Code extension (#461) — developer meets TUI in their editor, no browser required. Or deepseek serve for programmatic local access without any UI.

See longer discussion at #471.

Happy to help with anything that keeps TUI as a first-class terminal tool. Feel free to reach out: wangfengcsu@qq.com 🐋

[merchloubna70-dot]

One more thought on this: rather than a web UI, a first-class CLI/API mode would be more valuable long-term.

Why a CLI layer matters:

• CI/CD pipelines can call deepseek exec directly — automated code review, test generation, doc updates on every push
• Other tools can integrate via deepseek serve + ACP protocol — editors, scripts, custom agents
• Developers script their own workflows: git diff | deepseek exec --auto "review this"
• No browser, no auth flow, no UI state — just stdin/stdout, the unix way

The existing deepseek exec --auto is already close. Formalising it with a stable API surface (JSON output, exit codes, streaming) would make it a platform other tools build on — not just an end-user app.

Web UIs come and go. A solid CLI becomes infrastructure.

Happy to contribute toward that direction. wangfengcsu@qq.com 🐋