releases.shpreview
Moonshot AI/Kimi CLI

Kimi CLI

Mon
Wed
Fri
JunJulAugSepOctNovDecJanFebMarAprMay
Less
More
Releases34Avg10/moVersionsv1.13.0 to v1.46.0
All ReleasesChangelog

v1.46.0

  • Shell: Support styled text in welcome tips
  • ACP: Replay session history on load
  • Core: Prevent TTY hang on exit
  • Core: Close MCP connections during shutdown

v1.45.0

  • Shell: /clear is now an alias for /new — both commands start a new session; previously /clear only cleared context without creating a new session
  • Shell: Fix misleading "Quota exceeded" prefix shown on every 403 error

v1.44.0

  • Shell: Add slash command alias resolution — aliases such as /h, ?, and status now resolve to their canonical commands (/help, /usage); the completer and help output display alias matches as /name (alias) for clarity
  • Shell: Fix /usage alias registration — the alias was incorrectly stored as "/status" instead of "status", causing alias lookup to fail

v1.43.0

  • Security: Bump pillow to 12.2.0 to address CVE-2026-25990 (out-of-bounds write when loading PSD images); unblocks installs in environments that gate on the older pinned version
  • Shell: Fix missing visual spacing in the shell UI — add blank lines after user input echoes, content blocks, tool call results, notifications, error panels, and steer inputs so consecutive elements no longer collapse together
  • Shell: Restore markdown link highlighting (bright blue underlined text and cyan underlined URLs) and add underline separators to h2-h6 headings; adjust table rendering to use square box borders with visible edges
  • Core: Include completion timestamp and elapsed duration in background task terminal notifications, and add finished_at and duration_s to the notification payload for easier tracking
  • MCP: Stop FastMCP OAuth startup from printing Authlib deprecation warnings by upgrading the MCP client stack to FastMCP 3.2.4
  • MCP: Store OAuth MCP tokens in ~/.kimi/mcp-oauth/ using FastMCP 3's persistent storage API; users with existing OAuth MCP authorizations may need to run kimi mcp auth <name> once after upgrading

v1.42.0

  • Shell: Switch the Windows shell backend from PowerShell to Git Bash, so the Shell tool now runs commands through bash.exe (POSIX semantics) instead of powershell.exe. Windows users get the same Unix-style command syntax (&&, ||, |, /dev/null, grep, sed, etc.) as Linux/macOS. Requires Git for Windows installed: kimi-cli locates bash.exe via the KIMI_CLI_GIT_BASH_PATH env override → where.exe git → standard install paths (C:\Program Files\Git\bin\bash.exe); if none resolve, kimi-cli prints an install hint and exits at startup
  • Shell: Defend against hallucinated CMD-style 2>nul redirects on Windows by rewriting them to 2>/dev/null before reaching git-bash — without this defense git-bash would create a file literally named nul (a Windows reserved device name) that breaks git add . and git clone; on Linux/macOS, >nul is a legitimate redirect to a file named nul and is left untouched
  • File: Accept POSIX-form paths on Windows in ReadFile, WriteFile, StrReplaceFile, Glob, and Grep — these tools now recognize /c/Users/foo (Git Bash style), /cygdrive/c/Users/foo (Cygwin style), and \\server\share (UNC) in addition to native Windows paths, automatically converting to native form for filesystem operations
  • Shell: Clear partial streamed output when an LLM step is retried — previously, if a step failed mid-stream (e.g. rate limit or server error), the incomplete text and unfinished tool-call blocks from the aborted attempt would remain on screen and be mixed with the new attempt's output. The shell UI now discards the partial state and prints a retry banner showing the reason, attempt count, and wait time; print mode also discards buffered assistant messages on retry
  • Wire: Bump protocol version to 1.10 — add StepRetry event emitted when a step attempt fails and will be retried, carrying attempt count, wait time, and error details
  • Core: Stop plan-mode and afk-mode workflow prompts from being injected into subagents — subagents share session-level mode state for persistence, but their YAMLs typically exclude root workflow tools such as EnterPlanMode, ExitPlanMode, and AskUserQuestion. These prompt injections are now root-only. Tool-level read-only checks under plan mode are unchanged, so behavior compatibility is preserved

v1.41.0

  • Plugin: Support installing plugins directly from a .zip URL — kimi plugin install now accepts HTTP(S) URLs ending in .zip (e.g. GitHub/GitLab archive links like .../archive/refs/heads/main.zip) and downloads + extracts them before resolving plugin.json, in addition to the existing git URL, local directory, and local zip-file sources
  • Shell: Enable clipboard image paste on headless Linux over SSH — when pyperclip is unavailable (e.g. DISPLAY is not set), Ctrl-V now falls back to xclip or wl-paste so remote clipboard bridges can still inject images; also prevents a UI crash from built-in clipboard shortcuts when pyperclip is broken

v1.40.0

  • Core: Fix --yolo mode unintentionally preventing the model from calling AskUserQuestion — yolo used to inject a system reminder telling the model it was in "non-interactive mode" and must not ask, and the ask-user tool auto-dismissed in yolo. Both were wrong: yolo only bypasses permission approvals; it does not mean "the user is gone". Yolo no longer injects model guidance, and the user remains reachable through AskUserQuestion
  • CLI: Split permission bypass from unattended execution — --yolo bypasses permission approvals while the user is still at the terminal, while --afk / /afk means away-from-keyboard: AskUserQuestion is auto-dismissed and approvals are handled automatically. --print now uses runtime AFK behavior instead of yolo, matching its non-interactive execution model. The status bar shows yolo and afk independently, and /yolo and /afk toggle their own flag without disturbing the other
  • Config: Replace skip_yolo_prompt_injection with skip_afk_prompt_injection now that yolo no longer injects model guidance. The old config key is ignored if present
  • Shell: Fix /yolo toggling producing misleading UI messages when afk is also active — /yolo used to read the combined auto-approval state, so pressing it under afk would claim approval was now required even though afk still handled approvals automatically. /yolo now reads and writes only the yolo flag, leaving afk alone
  • Web: Fix AI title generation overwriting a manually-set title when the LLM call finishes after the user has already renamed the session — the final write now reloads state and yields to a title_generated flag set by another request
  • Web: Surface session rename, archive, unarchive, and title generation failures as toast notifications instead of only logging to the console
  • Web: Keep tool media previews visible when tool details are collapsed — images and videos returned by tools now render below the tool card instead of inside the collapsible detail area, so preview thumbnails remain accessible after collapsing a tool
  • Kosong: Fix stale API key after OAuth token refresh in Kimi provider — on_retryable_error now reads the current api_key from the live client instead of the cached _api_key, so that OAuth token refreshes applied via client.api_key are preserved when the client is rebuilt after a retryable error
  • Core: Approval requests no longer auto-timeout after 5 minutes, which previously surfaced as Rejected by user; active foreground and subagent approvals now wait indefinitely for user response
  • Shell: Fix /usage remaining quota rendering — the progress bar, warning colors, and % left label now all use the remaining quota ratio consistently, so high remaining quota shows as green/full and near-exhausted quota shows as yellow or red
  • Shell: Show active background agent task count in the prompt status bar — the existing ⚙ bash: N badge only counted background Shell tasks and filtered out background Agent subagents, so when many subagents were running the prompt looked idle and users could not tell work was in progress; the toolbar now renders ⚙ bash: N and ⚙ agent: N as two independent badges (each hidden when its count is 0) and drops the agent badge first when the terminal is too narrow to fit both
  • Auth: Fix managed model list refresh silently failing for OAuth users with expired tokens — the background /models sync now detects 401 responses, forces an OAuth token refresh, and retries with the refreshed token; if the refresh fails or the refreshed token is still rejected, it falls back to the originally configured static API key instead of skipping the provider
  • Core: Fix connection recovery not triggering OAuth refresh when the retry returns 401 — after recreating the HTTP client on APIConnectionError or APITimeoutError, the retry now re-enters the full recovery path so a subsequent 401 correctly refreshes the OAuth token instead of bubbling to the user as an unrecoverable error
  • Shell: Echo /skill:* and /flow:* inputs in the transcript so workflow commands stay visible after enter; operational slash commands like /usage and /model remain hidden
  • Core: Raise default max_steps_per_turn from 500 to 1000 so long-running agents are less likely to hit the per-turn limit

v1.39.0

  • Skill: Fix project-scope skills being ignored and user-scope skills silently winning name conflicts — the system prompt now groups discovered skills under ### Project / ### User / ### Extra / ### Built-in headings so the model can tell where each skill came from, and when the same name exists in multiple scopes the more specific scope wins (Project > User > Extra > Built-in) so a project's own .kimi/skills/foo or .claude/skills/foo correctly overrides a user-level or bundled foo instead of the other way around
  • Skill: Accept single-file <name>.md skills alongside the canonical <name>/SKILL.md subdirectory layout — useful when migrating a flat markdown collection into a skills directory; name defaults to the filename stem (frontmatter name: still wins if set), description follows the same three-step chain as subdirectory skills (frontmatter description: → first non-empty body line, capped at 240 characters → "No description provided." placeholder), and if a flat and a subdirectory skill share a name in the same directory the subdirectory wins with a warning
  • Skill: Add extra_skill_dirs config field for pulling in custom skill directories on top of the built-in / user / project auto-discovery — each entry may be an absolute path, a ~-prefixed path (expanded against $HOME), or a path relative to the project root (the nearest .git ancestor of the work directory, not the current working directory); non-existent entries are silently skipped and symlink/trailing-slash duplicates canonicalize to a single root so a path listed twice or aliased to an already-discovered directory does not render twice in the system prompt
  • Skill: Harden discovery against OSError from is_dir / iterdir (for example when an extra_skill_dirs entry points at a directory with restricted permissions) — affected entries are logged and skipped instead of aborting the whole skill-discovery pass
  • Core: Fix DeepSeek V4 (and other OpenAI-compatible thinking-mode backends) returning 400 The reasoning_content in the thinking mode must be passed back to the API when a tool call follows a reasoning turn — openai_legacy providers now default reasoning_key to "reasoning_content" so the response's reasoning is stored in history and round-tripped automatically on subsequent turns. An optional reasoning_key field is also added to LLMProvider to override the field name (e.g. "reasoning" for non-standard gateways) or disable round-tripping entirely by setting it to ""
  • Core: Add skip_yolo_prompt_injection config option to suppress the system reminder normally injected when yolo mode is active — useful when building custom applications on top of KimiSoul that do not need the non-interactive mode hint
  • Kimi: Add KIMI_MODEL_THINKING_KEEP environment variable that forwards its value verbatim to the Moonshot API as thinking.keep, enabling Preserved Thinking (e.g. export KIMI_MODEL_THINKING_KEEP=all to retain historical reasoning_content across turns); effective only for Moonshot models supporting Preserved Thinking (e.g. kimi-k2.6 / kimi-k2-thinking), unset or empty string preserves the previous behavior and omits the field, and the override only applies when the current model is actually in thinking mode so the API never receives a thinking.keep without the companion thinking.type. Note that keep=all increases input tokens and API cost because history reasoning is resent
  • Kosong: Fix Kimi.with_extra_body silently dropping previously set thinking.type when a later call added another thinking.* field — the thinking sub-dict is now merged field-by-field instead of shallow-replaced, so composing with_thinking(...) with with_extra_body({"thinking": {...}}) preserves both contributions
  • Kosong: Fix Kimi provider sending empty content alongside tool_calls, which caused 400 "text content is empty" errors from the Moonshot API. When an assistant message has tool calls and its visible content is effectively empty (no text or only whitespace/think parts), the content field is now omitted entirely
  • Shell: Fix approval request feedback text cursor rendering — the block cursor now correctly renders at the actual cursor position instead of always being pinned to the end of the line; when the cursor is in the middle of the text, the character under the cursor is drawn with reverse video (mimicking a terminal's native block cursor)
  • Kosong: Fix Moonshot 400 At path 'properties.X': type is not defined when an MCP server exposes tools whose parameter schemas have enum-only or otherwise type-less properties (seen with the JetBrains Rider MCP's truncateMode) — the Kimi provider now patches each tool's schema in-flight to fill in a JSON Schema type (inferred from enum/const values when possible, else defaulted to "string"), so the whole session no longer fails every request with a schema validation error; OpenAI and Anthropic paths are unaffected
  • Skill: Project-scope skill discovery now walks up to the nearest .git ancestor before looking for .kimi/skills / .claude/skills / .codex/skills / .agents/skills, so skills defined at the repository root are picked up even when kimi-cli is launched from a subdirectory (for example inside a monorepo package). Falls back to the work directory itself when no .git marker is found, so we never walk up into an unrelated parent tree.
  • Skill: Change the default of merge_all_available_skills from false to true. kimi-cli now merges all existing user- and project-level brand skill directories (.kimi/skills, .claude/skills, .codex/skills) by default instead of only using the first one found, so users who keep skills in multiple brand directories — for example both ~/.kimi/skills and ~/.claude/skills — see every skill out of the box. Behavior change: users who previously relied on the first-match default can restore it by setting merge_all_available_skills = false in their config.

v1.38.0

  • Shell: Fix Rejected by user misleading message when an approval modal times out — after the 300s safety timeout, the tool call now rejects with Rejected: approval timed out, so users returning to their session after stepping away can tell the rejection was a timeout rather than a manual rejection. Pass --yolo/-y to auto-approve tool calls if you regularly leave sessions unattended
  • Auth: Fix OAuth users being forced to /login again after an unrelated refresh-token rotation race — when a concurrently-running kimi-cli instance (terminal, VS Code extension, or kimi -p one-shot) legitimately rotated the refresh token, the current instance's now-stale refresh request would come back with a 401, and a TOCTOU window between the "did another instance rotate?" disk check and the delete_tokens call could wipe the credentials file even though a valid rotated token was about to be written to it; the in-memory cache is still cleared so truly revoked tokens surface on the next request, but the file is preserved so a concurrent instance's freshly-rotated token can be recovered, and an eventual /login still overwrites it atomically
  • Kosong: Fix parallel tool results being split into multiple user messages in Anthropic provider — consecutive tool-result-only user messages are now merged into a single message, complying with the Anthropic Messages API spec that all tool_use blocks in an assistant turn must be answered within one user message; this fixes 400 errors on strict Anthropic-compatible backends (e.g. DeepSeek /anthropic endpoint) and prevents the official backend from silently teaching the model to avoid parallel tool calls

v1.37.0

  • Print: Wait for background tasks before exiting — in one-shot --print mode, the process now waits for running background agents to finish and lets the model process their results, instead of exiting and killing them. The wait is capped at min(max(active_task.timeout_s or agent_task_timeout_s), print_wait_ceiling_s) (default ceiling 1h); on timeout the tasks are killed and the model gets one more turn via a <system-reminder> to summarise before exit
  • Shell/Print: On exit the CLI now lists each background task being killed (id + description) on stderr and waits out the configured grace period before reporting any tasks that have not reached terminal state (split into "still terminating" for workers mid-shutdown vs "stop request failed" for genuinely leaking tasks); keep_alive_on_exit=true still skips the entire path
  • Auth: Auto-refresh the managed model list at startup for OAuth-logged-in users — the CLI now fetches the latest models from the provider's /models endpoint as a background task when the shell launches, so newly released models become available without needing to log out and log back in; failures are silent and never block startup, and custom --config sessions keep their previous behavior
  • Shell: Show the provider-supplied display_name (e.g. k2.6-code-preview) for managed models across the welcome panel, prompt status bar, /model picker, and /model switch confirmation messages; when the backend does not return one, the CLI falls back to the internal model ID as before

v1.36.0

  • Anthropic: Fix Claude Opus 4.7 returning invalid_request_error — Opus 4.7 (which rejects the legacy {type: "enabled", budget_tokens: N} thinking config) now correctly uses adaptive thinking, and the client explicitly sets display: "summarized" so thinking content still streams back (Opus 4.7 silently changed the default to "omitted"); Bedrock/Vertex name variants (e.g., aws/claude-opus-4-7, anthropic.claude-opus-4-7-v1:0) and claude-mythos-preview are also recognised, and future Claude versions ≥ 4.6 are detected automatically via version extrapolation instead of hard-coded substring matching
  • Web: Fix markdown rendering spacing in the web UI — restore proper vertical spacing between paragraphs, lists, code blocks, blockquotes, and headings instead of collapsing all margins to zero
  • Shell: Fix missing loading indicator during active turns — the moon spinner now shows as a fallback whenever the model is working but no other indicator is visible, covering gaps after tool calls finish, between turn start and first step, and when an empty thinking block arrives from the provider
  • Core: Increase default max_steps_per_turn from 100 to 500 to allow longer uninterrupted agent runs out of the box
  • Web: Fix unresponsive copy, download, and preview buttons on rendered code blocks

v1.35.0

  • Shell: Flip show_thinking_stream default to true so fresh installs see the streaming reasoning preview out of the box; set it to false in your config to keep the compact 1.32 indicator
  • Web: Prevent stream watchdog from reconnecting during pending approval or question — the 45-second inactivity watchdog no longer triggers a reconnect while the user is actively handling an approval request or answering a question, preventing interrupted interactions
  • Web: Fix session recovery after stream errors — when a session process exits or hits a read-loop error, stale in-flight prompt IDs are now cleared before broadcasting the error, allowing the frontend to send new messages instead of getting "Session is busy"; the activity status indicator also surfaces the actual error message from the stream
  • Core: Fix Wire server prompt handler leaving sessions stuck busy on uncaught exceptions — SSL errors, connection errors, and other unexpected failures are now caught by a fallback handler and returned as INTERNAL_ERROR, allowing the session to recover instead of hanging indefinitely

v1.34.0

  • Core: Fix CLI crash on TaskStop — stopping a stuck background agent no longer prints Unhandled exception in event loop / Exception None and freezes the terminal; the cancelled task is now kept in the manager's live-tasks dict until its runner finishes cleaning up, preventing Python's GC from reaping the still-pending task
  • Shell: Fix inline diff highlights misaligned on lines containing tabs — raw-code diff offsets are now mapped to rendered positions via expandtabs column tracking so highlight spans land correctly after tab expansion
  • Shell: Add show_thinking_stream config option to opt back into the legacy streaming reasoning preview — when set to true, the live area shows the classic Thinking... spinner above a 6-line scrolling preview of the raw reasoning text and the full reasoning markdown is committed to history when the block ends; defaults to false to keep the compact 1.32 indicator

v1.33.0

  • Shell: Unify managed model display as "Kimi for Code" and drop hardcoded kimi-k2.5 version references from the welcome screen and /login tip

v1.32.0

  • Core: Truncate MCP tool output to 100K characters to prevent context overflow — all content types (text and inline media such as image/audio/video data URLs) share a single character budget; tools like Playwright that return full DOMs (500KB+) or large base64 screenshots are now capped with a truncation notice; oversized media parts are dropped; unsupported MCP content types are gracefully handled instead of crashing the turn
  • CLI: Fix PyInstaller binary missing lazy CLI subcommands — kimi info, kimi export, kimi mcp, kimi plugin, kimi vis, and kimi web now work correctly in the standalone binary distribution
  • Shell: Streamline the thinking indicator into a compact single-line layout — shows a Thinking label with animated dots, elapsed time, token count, and a live tokens/second pulse; finalises with a Thought for Xs · N tokens trace in history

v1.31.0

  • Core: Cap list_directory output as a depth-limited tree to prevent token-limit blowup in large directories — replaces the unbounded flat listing with a 2-level tree (root: 30 entries, child: 10 per subdirectory), dirs-first alphabetical sorting, and "... and N more" truncation hints so the model knows to explore further (fixes #1809)
  • Shell: Add blocking update gate on interactive shell startup — when a newer version is detected (from the existing background check cache), a blocking prompt appears before the shell loads, offering [Enter] to upgrade immediately, [q] to continue and be reminded next time, or [s] to skip reminders for that version; respects the KIMI_CLI_NO_AUTO_UPDATE environment variable; replaces the previous repeating toast notification for available updates
  • Auth: Harden OAuth token refresh to prevent unnecessary re-login — 401 errors now trigger automatic token refresh and retry instead of forcing /login; multiple simultaneous CLI instances coordinate refresh via a cross-process file lock to avoid race conditions; token persistence uses atomic writes with fsync to prevent corruption; adds dynamic refresh threshold, 5xx retry during token refresh, and proper token revocation cleanup
  • Core: Fix agent loop silently stopping when model response contains only thinking content — detect think-only responses (reasoning content with no text or tool calls) as an incomplete response error and retry automatically
  • Core: Fix crash on streaming mid-flight network disconnection — when the OpenAI SDK raises a base APIError (instead of APIConnectionError) during long-running streams, the error is now correctly classified as retryable, enabling automatic retry and connection recovery instead of an unrecoverable crash
  • Shell: Exclude empty current session from /sessions picker — completely empty sessions (no conversation history and no custom title) are no longer shown in the session list; sessions with a custom title are still displayed
  • Shell: Fix slash command completion Enter key behavior — accepting a completion now submits in a single Enter press; auto-submit is limited to slash command completions only; file mention completions (@) accept without submitting so the user can continue editing; re-completion after accepting is suppressed to prevent stale completion state
  • Shell: Add directory scope toggle to /sessions picker — press Ctrl+A to switch between showing sessions for the current working directory only or across all known directories; uses a new full-screen session picker UI with header scope indicator and footer hint bar
  • Shell: Add /btw side question command — ask a quick question during streaming without interrupting the main conversation; uses the same system prompt and tool definitions for prompt cache alignment; responses display in a scrollable modal panel with streaming support
  • Shell: Redesign bottom dynamic area — split the monolithic visualize.py (1865 lines) into a modular package (visualize/) with dedicated modules for input routing, interactive prompts, approval/question panels, and btw modal; unify input semantics with classify_input() for consistent command routing
  • Shell: Add queue and steer dual-channel input during streaming — Enter queues messages for delivery after the current turn; Ctrl+S injects messages immediately into the running turn's context; queued messages display in the prompt area with count indicator and can be recalled with ↑
  • Shell: Add BtwBegin/BtwEnd wire events for cross-client side question support
  • Shell: Improve elapsed time formatting in spinners — durations over 60 seconds now display as "1m 23s" instead of "83s"; sub-second durations show "<1s"
  • Shell: Fix Rich markup injection in btw panel — user questions containing [/] characters are now escaped to prevent broken rendering or style injection in spinner text and panel titles
  • Core: Improve error diagnostics — enrich internal logging coverage, include relevant log files and system manifest in kimi export archives, and surface actionable error messages for common failures (auth, network, timeout, quota)
  • Shell: Gracefully exit with crash report when working directory becomes inaccessible during session — detects CWD loss (external drive unplugged, directory deleted, or filesystem unmounted) and prints a session recovery panel with session ID and work directory before exiting cleanly
  • Shell: Use git ls-files for @ file mention discovery — file completer now queries git ls-files --recurse-submodules with a 5-second timeout as the primary discovery mechanism, falling back to os.walk for non-git repositories; this fixes large repositories (e.g., apache/superset with 65k+ files) where the 1000-file limit caused late-alphabetical directories to be unreachable (fixes #1375)
  • Core: Add shared file_filter module — unifies file mention logic between shell and web UIs via src/kimi_cli/utils/file_filter.py, providing consistent path filtering, ignored directory exclusion, and git-aware file discovery
  • Shell: Prevent path traversal in file mention scope parameter — the scope parameter in file completer requests is now validated to prevent directory traversal attacks
  • Web: Restore unfiltered directory listing in file browser API — file browser endpoint no longer applies git-aware filtering, ensuring all files are visible in the web UI file picker
  • Todo: Refactor SetTodoList to persist state and prevent tool call storms — todos are now persisted to session state (root agent) and independent state files (sub-agents); adds query mode (omit todos to read current state) and clear mode (pass []); includes anti-storm guidance in tool description to prevent repeated calls without progress (fixes #1710)
  • ReadFile: Add total line count to every read response and support negative line_offset for tail mode — the tool now reports Total lines in file: N. in its message so the model can plan subsequent reads; negative line_offset (e.g. -100) reads the last N lines using a sliding window, useful for viewing recent log output without shell commands; the absolute value is capped at 1000 (MAX_LINES)
  • Shell: Fix black background on inline code and code blocks in Markdown rendering — NEUTRAL_MARKDOWN_THEME now overrides all Rich default markdown.* styles to "none", preventing Rich's built-in "cyan on black" from leaking through on non-black terminals

v1.30.0

  • Shell: Refine idle background completion auto-trigger — resumed shell sessions no longer auto-start a foreground turn from stale pending background notifications before the user sends a message, and fresh background completions now wait briefly while the user is actively typing to avoid stealing the prompt or breaking CJK IME composition
  • Core: Fix interrupted foreground turns leaving unbalanced wire events — TurnEnd is now emitted even when a turn exits via cancellation or step interruption, preventing dirty session wire logs from accumulating across resume cycles
  • Core: Improve session startup resilience — --continue/--resume now tolerate malformed context.jsonl records and corrupted subagent, background-task, or notification artifacts; the CLI skips invalid persisted state where possible instead of failing to restore the session
  • CLI: Improve kimi export session export UX — kimi export now previews the previous session for the current working directory and asks for confirmation, showing the session ID, title, and last user-message time; adds --yes to skip confirmation; also fixes explicit session-ID invocations where --output after the argument was incorrectly parsed as a subcommand
  • Grep: Add include_ignored parameter to search files excluded by .gitignore — when set to true, ripgrep's --no-ignore flag is enabled, allowing searches in gitignored artifacts such as build outputs or node_modules; sensitive files (like .env) remain filtered by the sensitive-file protection layer; defaults to false to preserve existing behavior
  • Core: Add sensitive file protection to Grep and Read tools — .env, SSH private keys (id_rsa, id_ed25519, id_ecdsa), and cloud credentials (.aws/credentials, .gcp/credentials) are now detected and blocked; Grep filters them from results with a warning, Read rejects them outright; .env.example/.env.sample/.env.template are exempted
  • Core: Fix parallel foreground subagent approval requests hanging the session — in interactive shell mode, _set_active_approval_sink no longer flushes pending approval requests to the live view sink (which cannot render approval modals); requests stay in the pending queue for the prompt modal path; also adds a 300-second timeout to wait_for_response so that any unresolved approval request eventually raises ApprovalCancelledError instead of hanging forever
  • CLI: Add --session/--resume (-S/-r) flag to resume sessions — without an argument opens an interactive session picker (shell UI only); with a session ID resumes that specific session; replaces the reverted --pick-session/--list-sessions design with a unified optional-value flag
  • CLI: Add CJK-safe shorten() utility — replaces all textwrap.shorten calls so that CJK text without spaces is truncated gracefully instead of collapsing to just the placeholder
  • Core: Fix skills in brand directories (e.g. ~/.kimi/skills/) silently disappearing when a generic directory (~/.config/agents/skills/) exists but is empty — skill directory discovery now searches brand and generic directory groups independently and merges both results, instead of stopping at the first existing directory across all candidates
  • Core: Add merge_all_available_skills config option — when enabled, skills from all existing brand directories (~/.kimi/skills/, ~/.claude/skills/, ~/.codex/skills/) are loaded and merged instead of using only the first one found; same-name skills follow priority order kimi > claude > codex; disabled by default
  • CLI: Add --plan flag and default_plan_mode config option — start new sessions in plan mode via kimi --plan or by setting default_plan_mode = true in ~/.kimi/config.toml; resumed sessions preserve their existing plan mode state
  • Shell: Add /undo and /fork commands for session forking — /undo lets you pick a previous turn and fork a new session with the selected message pre-filled for re-editing; /fork duplicates the entire session history into a new session; the original session is always preserved
  • CLI: Add -r as a short alias for --session and print a resume hint (kimi -r <session-id>) whenever a session exits — covers normal exit, Ctrl-C, /undo, /fork, and /sessions switch so users can always find their way back
  • Core: Fix custom_headers not being passed to non-Kimi providers — OpenAI, Anthropic, Google GenAI, and Vertex AI providers now correctly forward custom headers configured in providers.*.custom_headers

v1.29.0

  • Core: Support hierarchical AGENTS.md loading — the CLI now discovers and merges AGENTS.md files from the git project root down to the working directory, including .kimi/AGENTS.md at each level; deeper files take priority under a 32 KiB budget cap, ensuring the most specific instructions are never truncated
  • Core: Fix empty sessions lingering on disk after exit — sessions created but never used are now cleaned up on all exit paths (failure exit, session switch, unexpected errors), not just on successful exit
  • Shell: Add KIMI_CLI_PASTE_CHAR_THRESHOLD and KIMI_CLI_PASTE_LINE_THRESHOLD environment variables to control when pasted text is folded into a placeholder — lowering these thresholds works around CJK input method breakage after multiline paste on some terminals (e.g., XShell over SSH)
  • Shell: Fix diff panel rendering corruption on terminals without truecolor support (e.g. Xshell) — render_to_ansi no longer hardcodes 24-bit color; Rich now auto-detects terminal capability via COLORTERM/TERM environment variables
  • Web: Fix white screen after CLI upgrade caused by browser caching stale index.html — the server now returns Cache-Control: no-cache for HTML and immutable for hashed assets, preventing 404s on renamed chunks
  • Core: Fix file write converting LF to CRLF on Windows — writetext now opens files with newline="" to prevent Python's universal newline translation from silently converting \n to \r\n
  • Core: Support socks:// proxy scheme — proxy tools like V2RayN set ALL_PROXY=socks://... which httpx/aiohttp don't recognise; the CLI now normalises socks:// to socks5:// at startup so all HTTP clients and subprocesses work correctly behind a SOCKS proxy
  • Shell: Add /title (alias /rename) command to manually set session titles — titles are now stored in state.json alongside other session state; legacy metadata.json is automatically migrated on first load
  • Shell: Fix garbled pager output when MANPAGER is set (e.g. bat) — the console pager now ignores MANPAGER and delegates to pydoc.pager(), preserving PAGER and all platform-specific fallbacks
  • Explore: Enhance explore agent with specialist role, thoroughness levels, and automatic environment context — explore agents now gather repository environment information at launch to improve investigation quality; the main agent is guided to prefer explore for codebase research and plan mode encourages explore-first investigation
  • Shell: Fix tool call display showing raw OSC 8 escape bytes (e.g. 8;id=391551;https://…) instead of clean text — hyperlink sequences are now wrapped as zero-width escapes for prompt_toolkit compatibility, preserving clickable links in supported terminals
  • Core: Add OS and shell information to the system prompt — the model now knows which platform it is running on and receives a Windows-specific instruction to prefer built-in tools over Shell commands, preventing Linux command errors in PowerShell
  • Shell: Fix command parameter description saying "bash command" regardless of platform — the description is now platform-neutral
  • Web: Fix auto-title overwriting manual session rename — when a user renames a session through the web UI, the new title is now preserved and no longer replaced by the auto-generated title

v1.28.0

  • Core: Fix file write/replace tools freezing the event loop — diff computation (build_diff_blocks) is now offloaded to a thread via asyncio.to_thread, preventing the UI from hanging when editing large files
  • Shell: Fix _watch_root_wire_hub silently dying on handler exceptions — the watcher now catches and logs exceptions (matching the pattern in wire/server.py) and handles QueueShutDown gracefully, preventing approval flow from silently breaking mid-session
  • Core: Skip O(n²) diff computation for huge files (>10 000 lines) — files above the threshold now show a summary block instead of computing a full diff, and unchanged files short-circuit immediately
  • Wire: Add is_summary field to DiffDisplayBlock (Wire 1.8) — marks diff blocks that contain a line-count summary instead of actual diff content, allowing clients to render them appropriately
  • Web: Render large-file diff summaries — when a diff block is marked is_summary, the web UI shows a compact "File too large for inline diff" notice with line counts instead of attempting to compute a diff
  • Auth: Fix OAuth users getting "incorrect API KEY" when running skills or after idle — 401 errors now show a clear "please /login" message instead of the raw API error; the ACP layer correctly triggers re-login flow for VS Code extension users
  • Web: Fix session title generation always failing for OAuth users — the title generator now uses OAuth tokens and refreshes them before calling the model
  • Core: Add timeout protection for Agent tool and HTTP requests — all aiohttp sessions now default to 120 s total / 60 s read timeout; the Agent tool gains an optional timeout parameter (foreground default 10 min, background default 15 min); background agent tasks are marked timed_out on expiry with proper notification semantics
  • Grep: Fix tool hanging and becoming uninterruptible — replaced blocking ripgrepy.run() with async subprocess execution; the tool now responds to Ctrl-C immediately and has a 20-second timeout with partial result return
  • Grep: Add token efficiency improvements — default head_limit of 250 with offset pagination, --hidden search with VCS directory exclusion, files_with_matches sorted by modification time, relative path output, and --max-columns 500 for non-content modes
  • Grep: line_number (-n) now defaults to true in content mode — line numbers are included by default so the model can reference precise code locations
  • Grep: count_matches mode now includes a summary in the message — e.g. "Found 30 total occurrences across 10 files."
  • ACP: Fix ValueError: list.index(x): x not in list crash when ACP is launched via kimi-code or kimi-cli entry-points (e.g. JetBrains AI Assistant)
  • Core: Fix OpenAI-compatible APIs (e.g. One API) returning 400 errors in multi-turn conversations when the server returns reasoning_content by default — reasoning_effort is now auto-set to "medium" when history contains thinking content and reasoning_key is configured
  • Shell: Add /theme command and dark/light theme support — users with light terminal backgrounds can now switch to a light color palette via /theme light or theme = "light" in config.toml; diff highlights, task browser, prompt UI, and MCP status colors all adapt to the selected theme
  • Core: Fix context overflow before compaction — tool result tokens are now estimated and included in the auto-compaction trigger check, preventing "exceeded model token limit" errors when large tool outputs push the context beyond the model limit between API calls
  • Core: Add hooks system (Beta) — configure [[hooks]] in config.toml to run custom shell commands at 13 lifecycle events including PreToolUse, PostToolUse, SessionStart, Stop, etc.; supports regex matching, timeout handling, and blocking operations via exit code 2
  • Shell: Add /hooks command — list all configured hooks with event counts
  • Wire: Add HookTriggered and HookResolved event types (Wire 1.7) — notify clients when hooks start and finish executing, including event type, target, action (allow/block), and duration
  • Wire: Add HookRequest and HookResponse message types — allow wire clients to subscribe to hook events and provide their own handling logic with allow/block decisions
  • CLI: --skills-dir now supports multiple directories and overrides default discovery — when specified, the directories replace user/project skills discovery (repeatable flag)
  • Shell: Fix notification messages leaking into session replay and export — background task notification tags (<notification>, <task-notification>) are now filtered out when resuming a session (/sessions) and when exporting (/export) or importing (/import) conversation history
  • Web: The "Open" button in the workspace header now remembers the last-used application — clicking "Open" directly opens with the previous choice, while the dropdown arrow lets you pick a different app
  • Web: Fix archived sessions count badge showing only the loaded page size — the badge now displays "100+" when more archived sessions exist beyond the first page
  • Shell: Fix pasted text placeholders not expanded in modal answers — clipboard content pasted into approval or question panels is now correctly interpolated before being sent to the model
  • Vis: Add --network / -n flag — launch the visualizer on all network interfaces with auto-detected LAN IP display, matching kimi web behavior
  • Vis: Add /vis slash command — switch from the interactive shell to the tracing visualizer in one step, mirroring the existing /web command
  • Vis: Improve session list performance — async backend scanning, request concurrency limiting, and infinite-scroll pagination prevent browser freezes on large session stores
  • Vis: Add 7 missing wire event types — SteerInput, MCPLoadingBegin/End, Notification, PlanDisplay, ToolCallRequest, and QuestionRequest now display with proper colors and summaries
  • Vis: Show token and cache details in StatusUpdate — each status update now displays context token count, max tokens, input token breakdown with cache hit rate, and MCP connection status
  • Vis: Show structured tool call summaries — ReadFile, Shell, Glob, Grep, Agent, and other tool calls display file paths, commands, or patterns inline instead of just the function name
  • Vis: Add System Prompt card in Context Messages — the _system_prompt entry is rendered as a dedicated blue card showing estimated token count and expandable full content
  • Vis: Show cache hit rate in session header — the stats bar now displays overall cache efficiency (e.g., 89% cache) alongside token counts
  • Vis: Highlight slow operations — time deltas exceeding 10 s appear in amber and those exceeding 60 s in red, making performance bottlenecks immediately visible
  • Vis: Prefer human-readable message field in ToolResult summaries — results now show descriptive text like "Command executed successfully" instead of raw output
  • Vis: Show approval rejection feedback — ApprovalResponse summaries include the user's correction text when a tool call is rejected

v1.27.0

  • Shell: Add /feedback command — submit feedback directly from the CLI session; the command falls back to opening GitHub Issues on network errors or timeouts
  • Shell: Redesign diff rendering for tool results — file diffs now display with line numbers, background colors (green/red), syntax highlighting, and inline word-level change markers; approval previews show only changed lines for a compact view; Ctrl-E pager uses the same unified style
  • Shell: Update syntax highlighting theme — replace the magenta-heavy color scheme with a more balanced palette mapped to ANSI colors for terminal compatibility; improved color diversity and readability across dark and light terminal backgrounds
  • Shell: Fix approval panel not visible when multiple subagents are running — approval and question panels are now rendered at the top of the live view, ensuring they remain visible even when tool-call output exceeds the terminal height
  • CLI: Fix --print mode returning exit code 0 on errors — print mode now exits with code 1 for permanent failures (auth errors, invalid config, etc.) and code 75 for retryable failures (429 rate limit, 5xx server errors, connection timeouts), enabling CI/eval runners to detect failures and decide whether to retry
  • Plan: Display plan content inline in the chat instead of hiding behind a pager — plans are now rendered as a bordered panel directly in the conversation history, with the plan file path shown for reference
  • Plan: Add "Reject and Exit" option to plan approval — users can now reject a plan and exit plan mode in one step, in addition to the existing Approve, Revise, and Reject options
  • Wire: Add PlanDisplay event type (Wire 1.7) — carries plan content and file path for inline rendering by clients
  • Shell: Stream markdown output incrementally — completed markdown blocks (paragraphs, lists, code fences, tables) are now rendered and printed to the terminal as they arrive during streaming, instead of being buffered until the turn ends
  • Shell: Show elapsed time and estimated token count on thinking/composing spinners — the spinner now displays Thinking... 5s · 312 tokens with a live-updating counter during generation
  • Shell: Add scrolling preview for thinking content — the last 6 lines of the model's thinking process are shown in real time as a grey italic preview beneath the spinner
  • Shell: Reduce prompt input area reserved space from 10 to 6 lines
  • Glob: Allow Glob tool to access skills directories — the tool can now search within discovered skill roots in addition to the workspace
  • Glob: Expand ~ in directory path before validation — the Glob tool now resolves the tilde to the user's home directory before checking path validity
Last Checked
1h ago
Latest
1.46.0
Source
@MoonshotAI/kimi-cli8.9k
Tracking since Sep 14, 2025
.json·.md·.atom