Moonshot AI
- Shell: Add slash command alias resolution — aliases such as
/h,?, andstatusnow resolve to their canonical commands (/help,/usage); the completer and help output display alias matches as/name (alias)for clarity - Shell: Fix
/usagealias registration — the alias was incorrectly stored as"/status"instead of"status", causing alias lookup to fail
- Security: Bump pillow to 12.2.0 to address CVE-2026-25990 (out-of-bounds write when loading PSD images); unblocks installs in environments that gate on the older pinned version
- Shell: Fix missing visual spacing in the shell UI — add blank lines after user input echoes, content blocks, tool call results, notifications, error panels, and steer inputs so consecutive elements no longer collapse together
- Shell: Restore markdown link highlighting (bright blue underlined text and cyan underlined URLs) and add underline separators to h2-h6 headings; adjust table rendering to use square box borders with visible edges
- Core: Include completion timestamp and elapsed duration in background task terminal notifications, and add
finished_atandduration_sto the notification payload for easier tracking - MCP: Stop FastMCP OAuth startup from printing Authlib deprecation warnings by upgrading the MCP client stack to FastMCP 3.2.4
- MCP: Store OAuth MCP tokens in
~/.kimi/mcp-oauth/using FastMCP 3's persistent storage API; users with existing OAuth MCP authorizations may need to runkimi mcp auth <name>once after upgrading
- Shell: Switch the Windows shell backend from PowerShell to Git Bash, so the Shell tool now runs commands through
bash.exe(POSIX semantics) instead ofpowershell.exe. Windows users get the same Unix-style command syntax (&&,||,|,/dev/null,grep,sed, etc.) as Linux/macOS. Requires Git for Windows installed: kimi-cli locatesbash.exevia theKIMI_CLI_GIT_BASH_PATHenv override →where.exe git→ standard install paths (C:\Program Files\Git\bin\bash.exe); if none resolve, kimi-cli prints an install hint and exits at startup - Shell: Defend against hallucinated CMD-style
2>nulredirects on Windows by rewriting them to2>/dev/nullbefore reaching git-bash — without this defense git-bash would create a file literally namednul(a Windows reserved device name) that breaksgit add .andgit clone; on Linux/macOS,>nulis a legitimate redirect to a file namednuland is left untouched - File: Accept POSIX-form paths on Windows in
ReadFile,WriteFile,StrReplaceFile,Glob, andGrep— these tools now recognize/c/Users/foo(Git Bash style),/cygdrive/c/Users/foo(Cygwin style), and\\server\share(UNC) in addition to native Windows paths, automatically converting to native form for filesystem operations - Shell: Clear partial streamed output when an LLM step is retried — previously, if a step failed mid-stream (e.g. rate limit or server error), the incomplete text and unfinished tool-call blocks from the aborted attempt would remain on screen and be mixed with the new attempt's output. The shell UI now discards the partial state and prints a retry banner showing the reason, attempt count, and wait time; print mode also discards buffered assistant messages on retry
- Wire: Bump protocol version to 1.10 — add
StepRetryevent emitted when a step attempt fails and will be retried, carrying attempt count, wait time, and error details - Core: Stop plan-mode and afk-mode workflow prompts from being injected into subagents — subagents share session-level mode state for persistence, but their YAMLs typically exclude root workflow tools such as
EnterPlanMode,ExitPlanMode, andAskUserQuestion. These prompt injections are now root-only. Tool-level read-only checks under plan mode are unchanged, so behavior compatibility is preserved
- Plugin: Support installing plugins directly from a
.zipURL —kimi plugin installnow accepts HTTP(S) URLs ending in.zip(e.g. GitHub/GitLab archive links like.../archive/refs/heads/main.zip) and downloads + extracts them before resolvingplugin.json, in addition to the existing git URL, local directory, and local zip-file sources - Shell: Enable clipboard image paste on headless Linux over SSH — when pyperclip is unavailable (e.g. DISPLAY is not set), Ctrl-V now falls back to xclip or wl-paste so remote clipboard bridges can still inject images; also prevents a UI crash from built-in clipboard shortcuts when pyperclip is broken
- Core: Fix
--yolomode unintentionally preventing the model from callingAskUserQuestion— yolo used to inject a system reminder telling the model it was in "non-interactive mode" and must not ask, and the ask-user tool auto-dismissed in yolo. Both were wrong: yolo only bypasses permission approvals; it does not mean "the user is gone". Yolo no longer injects model guidance, and the user remains reachable throughAskUserQuestion - CLI: Split permission bypass from unattended execution —
--yolobypasses permission approvals while the user is still at the terminal, while--afk//afkmeans away-from-keyboard:AskUserQuestionis auto-dismissed and approvals are handled automatically.--printnow uses runtime AFK behavior instead of yolo, matching its non-interactive execution model. The status bar showsyoloandafkindependently, and/yoloand/afktoggle their own flag without disturbing the other - Config: Replace
skip_yolo_prompt_injectionwithskip_afk_prompt_injectionnow that yolo no longer injects model guidance. The old config key is ignored if present - Shell: Fix
/yolotoggling producing misleading UI messages when afk is also active —/yoloused to read the combined auto-approval state, so pressing it under afk would claim approval was now required even though afk still handled approvals automatically./yolonow reads and writes only the yolo flag, leaving afk alone - Web: Fix AI title generation overwriting a manually-set title when the LLM call finishes after the user has already renamed the session — the final write now reloads state and yields to a
title_generatedflag set by another request - Web: Surface session rename, archive, unarchive, and title generation failures as toast notifications instead of only logging to the console
- Web: Keep tool media previews visible when tool details are collapsed — images and videos returned by tools now render below the tool card instead of inside the collapsible detail area, so preview thumbnails remain accessible after collapsing a tool
- Kosong: Fix stale API key after OAuth token refresh in Kimi provider —
on_retryable_errornow reads the currentapi_keyfrom the live client instead of the cached_api_key, so that OAuth token refreshes applied viaclient.api_keyare preserved when the client is rebuilt after a retryable error - Core: Approval requests no longer auto-timeout after 5 minutes, which previously surfaced as
Rejected by user; active foreground and subagent approvals now wait indefinitely for user response - Shell: Fix
/usageremaining quota rendering — the progress bar, warning colors, and% leftlabel now all use the remaining quota ratio consistently, so high remaining quota shows as green/full and near-exhausted quota shows as yellow or red - Shell: Show active background agent task count in the prompt status bar — the existing
⚙ bash: Nbadge only counted background Shell tasks and filtered out background Agent subagents, so when many subagents were running the prompt looked idle and users could not tell work was in progress; the toolbar now renders⚙ bash: Nand⚙ agent: Nas two independent badges (each hidden when its count is 0) and drops the agent badge first when the terminal is too narrow to fit both - Auth: Fix managed model list refresh silently failing for OAuth users with expired tokens — the background
/modelssync now detects 401 responses, forces an OAuth token refresh, and retries with the refreshed token; if the refresh fails or the refreshed token is still rejected, it falls back to the originally configured static API key instead of skipping the provider - Core: Fix connection recovery not triggering OAuth refresh when the retry returns 401 — after recreating the HTTP client on
APIConnectionErrororAPITimeoutError, the retry now re-enters the full recovery path so a subsequent 401 correctly refreshes the OAuth token instead of bubbling to the user as an unrecoverable error - Shell: Echo
/skill:*and/flow:*inputs in the transcript so workflow commands stay visible after enter; operational slash commands like/usageand/modelremain hidden - Core: Raise default
max_steps_per_turnfrom 500 to 1000 so long-running agents are less likely to hit the per-turn limit
- Skill: Fix project-scope skills being ignored and user-scope skills silently winning name conflicts — the system prompt now groups discovered skills under
### Project/### User/### Extra/### Built-inheadings so the model can tell where each skill came from, and when the same name exists in multiple scopes the more specific scope wins (Project > User > Extra > Built-in) so a project's own.kimi/skills/fooor.claude/skills/foocorrectly overrides a user-level or bundledfooinstead of the other way around - Skill: Accept single-file
<name>.mdskills alongside the canonical<name>/SKILL.mdsubdirectory layout — useful when migrating a flat markdown collection into a skills directory;namedefaults to the filename stem (frontmattername:still wins if set), description follows the same three-step chain as subdirectory skills (frontmatterdescription:→ first non-empty body line, capped at 240 characters →"No description provided."placeholder), and if a flat and a subdirectory skill share a name in the same directory the subdirectory wins with a warning - Skill: Add
extra_skill_dirsconfig field for pulling in custom skill directories on top of the built-in / user / project auto-discovery — each entry may be an absolute path, a~-prefixed path (expanded against$HOME), or a path relative to the project root (the nearest.gitancestor of the work directory, not the current working directory); non-existent entries are silently skipped and symlink/trailing-slash duplicates canonicalize to a single root so a path listed twice or aliased to an already-discovered directory does not render twice in the system prompt - Skill: Harden discovery against
OSErrorfromis_dir/iterdir(for example when anextra_skill_dirsentry points at a directory with restricted permissions) — affected entries are logged and skipped instead of aborting the whole skill-discovery pass - Core: Fix DeepSeek V4 (and other OpenAI-compatible thinking-mode backends) returning 400
The reasoning_content in the thinking mode must be passed back to the APIwhen a tool call follows a reasoning turn —openai_legacyproviders now defaultreasoning_keyto"reasoning_content"so the response's reasoning is stored in history and round-tripped automatically on subsequent turns. An optionalreasoning_keyfield is also added toLLMProviderto override the field name (e.g."reasoning"for non-standard gateways) or disable round-tripping entirely by setting it to"" - Core: Add
skip_yolo_prompt_injectionconfig option to suppress the system reminder normally injected when yolo mode is active — useful when building custom applications on top ofKimiSoulthat do not need the non-interactive mode hint - Kimi: Add
KIMI_MODEL_THINKING_KEEPenvironment variable that forwards its value verbatim to the Moonshot API asthinking.keep, enabling Preserved Thinking (e.g.export KIMI_MODEL_THINKING_KEEP=allto retain historicalreasoning_contentacross turns); effective only for Moonshot models supporting Preserved Thinking (e.g.kimi-k2.6/kimi-k2-thinking), unset or empty string preserves the previous behavior and omits the field, and the override only applies when the current model is actually in thinking mode so the API never receives athinking.keepwithout the companionthinking.type. Note thatkeep=allincreases input tokens and API cost because history reasoning is resent - Kosong: Fix
Kimi.with_extra_bodysilently dropping previously setthinking.typewhen a later call added anotherthinking.*field — thethinkingsub-dict is now merged field-by-field instead of shallow-replaced, so composingwith_thinking(...)withwith_extra_body({"thinking": {...}})preserves both contributions - Kosong: Fix Kimi provider sending empty
contentalongsidetool_calls, which caused 400 "text content is empty" errors from the Moonshot API. When an assistant message has tool calls and its visible content is effectively empty (no text or only whitespace/think parts), thecontentfield is now omitted entirely - Shell: Fix approval request feedback text cursor rendering — the block cursor now correctly renders at the actual cursor position instead of always being pinned to the end of the line; when the cursor is in the middle of the text, the character under the cursor is drawn with reverse video (mimicking a terminal's native block cursor)
- Kosong: Fix Moonshot 400
At path 'properties.X': type is not definedwhen an MCP server exposes tools whose parameter schemas have enum-only or otherwise type-less properties (seen with the JetBrains Rider MCP'struncateMode) — the Kimi provider now patches each tool's schema in-flight to fill in a JSON Schematype(inferred fromenum/constvalues when possible, else defaulted to"string"), so the whole session no longer fails every request with a schema validation error; OpenAI and Anthropic paths are unaffected - Skill: Project-scope skill discovery now walks up to the nearest
.gitancestor before looking for.kimi/skills/.claude/skills/.codex/skills/.agents/skills, so skills defined at the repository root are picked up even when kimi-cli is launched from a subdirectory (for example inside a monorepo package). Falls back to the work directory itself when no.gitmarker is found, so we never walk up into an unrelated parent tree. - Skill: Change the default of
merge_all_available_skillsfromfalsetotrue. kimi-cli now merges all existing user- and project-level brand skill directories (.kimi/skills,.claude/skills,.codex/skills) by default instead of only using the first one found, so users who keep skills in multiple brand directories — for example both~/.kimi/skillsand~/.claude/skills— see every skill out of the box. Behavior change: users who previously relied on the first-match default can restore it by settingmerge_all_available_skills = falsein their config.
- Shell: Fix
Rejected by usermisleading message when an approval modal times out — after the 300s safety timeout, the tool call now rejects withRejected: approval timed out, so users returning to their session after stepping away can tell the rejection was a timeout rather than a manual rejection. Pass--yolo/-yto auto-approve tool calls if you regularly leave sessions unattended - Auth: Fix OAuth users being forced to
/loginagain after an unrelated refresh-token rotation race — when a concurrently-running kimi-cli instance (terminal, VS Code extension, orkimi -pone-shot) legitimately rotated the refresh token, the current instance's now-stale refresh request would come back with a 401, and a TOCTOU window between the "did another instance rotate?" disk check and thedelete_tokenscall could wipe the credentials file even though a valid rotated token was about to be written to it; the in-memory cache is still cleared so truly revoked tokens surface on the next request, but the file is preserved so a concurrent instance's freshly-rotated token can be recovered, and an eventual/loginstill overwrites it atomically - Kosong: Fix parallel tool results being split into multiple user messages in Anthropic provider — consecutive tool-result-only user messages are now merged into a single message, complying with the Anthropic Messages API spec that all
tool_useblocks in an assistant turn must be answered within one user message; this fixes 400 errors on strict Anthropic-compatible backends (e.g. DeepSeek/anthropicendpoint) and prevents the official backend from silently teaching the model to avoid parallel tool calls
- Print: Wait for background tasks before exiting — in one-shot
--printmode, the process now waits for running background agents to finish and lets the model process their results, instead of exiting and killing them. The wait is capped atmin(max(active_task.timeout_s or agent_task_timeout_s), print_wait_ceiling_s)(default ceiling 1h); on timeout the tasks are killed and the model gets one more turn via a<system-reminder>to summarise before exit - Shell/Print: On exit the CLI now lists each background task being killed (id + description) on stderr and waits out the configured grace period before reporting any tasks that have not reached terminal state (split into "still terminating" for workers mid-shutdown vs "stop request failed" for genuinely leaking tasks);
keep_alive_on_exit=truestill skips the entire path - Auth: Auto-refresh the managed model list at startup for OAuth-logged-in users — the CLI now fetches the latest models from the provider's
/modelsendpoint as a background task when the shell launches, so newly released models become available without needing to log out and log back in; failures are silent and never block startup, and custom--configsessions keep their previous behavior - Shell: Show the provider-supplied
display_name(e.g.k2.6-code-preview) for managed models across the welcome panel, prompt status bar,/modelpicker, and/modelswitch confirmation messages; when the backend does not return one, the CLI falls back to the internal model ID as before
- Anthropic: Fix Claude Opus 4.7 returning
invalid_request_error— Opus 4.7 (which rejects the legacy{type: "enabled", budget_tokens: N}thinking config) now correctly uses adaptive thinking, and the client explicitly setsdisplay: "summarized"so thinking content still streams back (Opus 4.7 silently changed the default to"omitted"); Bedrock/Vertex name variants (e.g.,aws/claude-opus-4-7,anthropic.claude-opus-4-7-v1:0) andclaude-mythos-previeware also recognised, and future Claude versions ≥ 4.6 are detected automatically via version extrapolation instead of hard-coded substring matching - Web: Fix markdown rendering spacing in the web UI — restore proper vertical spacing between paragraphs, lists, code blocks, blockquotes, and headings instead of collapsing all margins to zero
- Shell: Fix missing loading indicator during active turns — the moon spinner now shows as a fallback whenever the model is working but no other indicator is visible, covering gaps after tool calls finish, between turn start and first step, and when an empty thinking block arrives from the provider
- Core: Increase default
max_steps_per_turnfrom 100 to 500 to allow longer uninterrupted agent runs out of the box - Web: Fix unresponsive copy, download, and preview buttons on rendered code blocks
- Shell: Flip
show_thinking_streamdefault totrueso fresh installs see the streaming reasoning preview out of the box; set it tofalsein your config to keep the compact 1.32 indicator - Web: Prevent stream watchdog from reconnecting during pending approval or question — the 45-second inactivity watchdog no longer triggers a reconnect while the user is actively handling an approval request or answering a question, preventing interrupted interactions
- Web: Fix session recovery after stream errors — when a session process exits or hits a read-loop error, stale in-flight prompt IDs are now cleared before broadcasting the error, allowing the frontend to send new messages instead of getting "Session is busy"; the activity status indicator also surfaces the actual error message from the stream
- Core: Fix Wire server prompt handler leaving sessions stuck busy on uncaught exceptions — SSL errors, connection errors, and other unexpected failures are now caught by a fallback handler and returned as
INTERNAL_ERROR, allowing the session to recover instead of hanging indefinitely
- Core: Fix CLI crash on
TaskStop— stopping a stuck background agent no longer printsUnhandled exception in event loop / Exception Noneand freezes the terminal; the cancelled task is now kept in the manager's live-tasks dict until its runner finishes cleaning up, preventing Python's GC from reaping the still-pending task - Shell: Fix inline diff highlights misaligned on lines containing tabs — raw-code diff offsets are now mapped to rendered positions via expandtabs column tracking so highlight spans land correctly after tab expansion
- Shell: Add
show_thinking_streamconfig option to opt back into the legacy streaming reasoning preview — when set totrue, the live area shows the classicThinking...spinner above a 6-line scrolling preview of the raw reasoning text and the full reasoning markdown is committed to history when the block ends; defaults tofalseto keep the compact 1.32 indicator
- Core: Cap
list_directoryoutput as a depth-limited tree to prevent token-limit blowup in large directories — replaces the unbounded flat listing with a 2-level tree (root: 30 entries, child: 10 per subdirectory), dirs-first alphabetical sorting, and"... and N more"truncation hints so the model knows to explore further (fixes #1809) - Shell: Add blocking update gate on interactive shell startup — when a newer version is detected (from the existing background check cache), a blocking prompt appears before the shell loads, offering
[Enter]to upgrade immediately,[q]to continue and be reminded next time, or[s]to skip reminders for that version; respects theKIMI_CLI_NO_AUTO_UPDATEenvironment variable; replaces the previous repeating toast notification for available updates - Auth: Harden OAuth token refresh to prevent unnecessary re-login — 401 errors now trigger automatic token refresh and retry instead of forcing
/login; multiple simultaneous CLI instances coordinate refresh via a cross-process file lock to avoid race conditions; token persistence uses atomic writes withfsyncto prevent corruption; adds dynamic refresh threshold, 5xx retry during token refresh, and proper token revocation cleanup - Core: Fix agent loop silently stopping when model response contains only thinking content — detect think-only responses (reasoning content with no text or tool calls) as an incomplete response error and retry automatically
- Core: Fix crash on streaming mid-flight network disconnection — when the OpenAI SDK raises a base
APIError(instead ofAPIConnectionError) during long-running streams, the error is now correctly classified as retryable, enabling automatic retry and connection recovery instead of an unrecoverable crash - Shell: Exclude empty current session from
/sessionspicker — completely empty sessions (no conversation history and no custom title) are no longer shown in the session list; sessions with a custom title are still displayed - Shell: Fix slash command completion Enter key behavior — accepting a completion now submits in a single Enter press; auto-submit is limited to slash command completions only; file mention completions (
@) accept without submitting so the user can continue editing; re-completion after accepting is suppressed to prevent stale completion state - Shell: Add directory scope toggle to
/sessionspicker — pressCtrl+Ato switch between showing sessions for the current working directory only or across all known directories; uses a new full-screen session picker UI with header scope indicator and footer hint bar - Shell: Add
/btwside question command — ask a quick question during streaming without interrupting the main conversation; uses the same system prompt and tool definitions for prompt cache alignment; responses display in a scrollable modal panel with streaming support - Shell: Redesign bottom dynamic area — split the monolithic
visualize.py(1865 lines) into a modular package (visualize/) with dedicated modules for input routing, interactive prompts, approval/question panels, and btw modal; unify input semantics withclassify_input()for consistent command routing - Shell: Add queue and steer dual-channel input during streaming — Enter queues messages for delivery after the current turn; Ctrl+S injects messages immediately into the running turn's context; queued messages display in the prompt area with count indicator and can be recalled with ↑
- Shell: Add
BtwBegin/BtwEndwire events for cross-client side question support - Shell: Improve elapsed time formatting in spinners — durations over 60 seconds now display as
"1m 23s"instead of"83s"; sub-second durations show"<1s" - Shell: Fix Rich markup injection in btw panel — user questions containing
[/]characters are now escaped to prevent broken rendering or style injection in spinner text and panel titles - Core: Improve error diagnostics — enrich internal logging coverage, include relevant log files and system manifest in
kimi exportarchives, and surface actionable error messages for common failures (auth, network, timeout, quota) - Shell: Gracefully exit with crash report when working directory becomes inaccessible during session — detects CWD loss (external drive unplugged, directory deleted, or filesystem unmounted) and prints a session recovery panel with session ID and work directory before exiting cleanly
- Shell: Use
git ls-filesfor@file mention discovery — file completer now queriesgit ls-files --recurse-submoduleswith a 5-second timeout as the primary discovery mechanism, falling back toos.walkfor non-git repositories; this fixes large repositories (e.g., apache/superset with 65k+ files) where the 1000-file limit caused late-alphabetical directories to be unreachable (fixes #1375) - Core: Add shared
file_filtermodule — unifies file mention logic between shell and web UIs viasrc/kimi_cli/utils/file_filter.py, providing consistent path filtering, ignored directory exclusion, and git-aware file discovery - Shell: Prevent path traversal in file mention scope parameter — the
scopeparameter in file completer requests is now validated to prevent directory traversal attacks - Web: Restore unfiltered directory listing in file browser API — file browser endpoint no longer applies git-aware filtering, ensuring all files are visible in the web UI file picker
- Todo: Refactor SetTodoList to persist state and prevent tool call storms — todos are now persisted to session state (root agent) and independent state files (sub-agents); adds query mode (omit
todosto read current state) and clear mode (pass[]); includes anti-storm guidance in tool description to prevent repeated calls without progress (fixes #1710) - ReadFile: Add total line count to every read response and support negative
line_offsetfor tail mode — the tool now reportsTotal lines in file: N.in its message so the model can plan subsequent reads; negativeline_offset(e.g.-100) reads the last N lines using a sliding window, useful for viewing recent log output without shell commands; the absolute value is capped at 1000 (MAX_LINES) - Shell: Fix black background on inline code and code blocks in Markdown rendering —
NEUTRAL_MARKDOWN_THEMEnow overrides all Rich defaultmarkdown.*styles to"none", preventing Rich's built-in"cyan on black"from leaking through on non-black terminals
- Shell: Refine idle background completion auto-trigger — resumed shell sessions no longer auto-start a foreground turn from stale pending background notifications before the user sends a message, and fresh background completions now wait briefly while the user is actively typing to avoid stealing the prompt or breaking CJK IME composition
- Core: Fix interrupted foreground turns leaving unbalanced wire events —
TurnEndis now emitted even when a turn exits via cancellation or step interruption, preventing dirty session wire logs from accumulating across resume cycles - Core: Improve session startup resilience —
--continue/--resumenow tolerate malformedcontext.jsonlrecords and corrupted subagent, background-task, or notification artifacts; the CLI skips invalid persisted state where possible instead of failing to restore the session - CLI: Improve
kimi exportsession export UX —kimi exportnow previews the previous session for the current working directory and asks for confirmation, showing the session ID, title, and last user-message time; adds--yesto skip confirmation; also fixes explicit session-ID invocations where--outputafter the argument was incorrectly parsed as a subcommand - Grep: Add
include_ignoredparameter to search files excluded by.gitignore— when set totrue, ripgrep's--no-ignoreflag is enabled, allowing searches in gitignored artifacts such as build outputs ornode_modules; sensitive files (like.env) remain filtered by the sensitive-file protection layer; defaults tofalseto preserve existing behavior - Core: Add sensitive file protection to Grep and Read tools —
.env, SSH private keys (id_rsa,id_ed25519,id_ecdsa), and cloud credentials (.aws/credentials,.gcp/credentials) are now detected and blocked; Grep filters them from results with a warning, Read rejects them outright;.env.example/.env.sample/.env.templateare exempted - Core: Fix parallel foreground subagent approval requests hanging the session — in interactive shell mode,
_set_active_approval_sinkno longer flushes pending approval requests to the live view sink (which cannot render approval modals); requests stay in the pending queue for the prompt modal path; also adds a 300-second timeout towait_for_responseso that any unresolved approval request eventually raisesApprovalCancelledErrorinstead of hanging forever - CLI: Add
--session/--resume(-S/-r) flag to resume sessions — without an argument opens an interactive session picker (shell UI only); with a session ID resumes that specific session; replaces the reverted--pick-session/--list-sessionsdesign with a unified optional-value flag - CLI: Add CJK-safe
shorten()utility — replaces alltextwrap.shortencalls so that CJK text without spaces is truncated gracefully instead of collapsing to just the placeholder - Core: Fix skills in brand directories (e.g.
~/.kimi/skills/) silently disappearing when a generic directory (~/.config/agents/skills/) exists but is empty — skill directory discovery now searches brand and generic directory groups independently and merges both results, instead of stopping at the first existing directory across all candidates - Core: Add
merge_all_available_skillsconfig option — when enabled, skills from all existing brand directories (~/.kimi/skills/,~/.claude/skills/,~/.codex/skills/) are loaded and merged instead of using only the first one found; same-name skills follow priority order kimi > claude > codex; disabled by default - CLI: Add
--planflag anddefault_plan_modeconfig option — start new sessions in plan mode viakimi --planor by settingdefault_plan_mode = truein~/.kimi/config.toml; resumed sessions preserve their existing plan mode state - Shell: Add
/undoand/forkcommands for session forking —/undolets you pick a previous turn and fork a new session with the selected message pre-filled for re-editing;/forkduplicates the entire session history into a new session; the original session is always preserved - CLI: Add
-ras a short alias for--sessionand print a resume hint (kimi -r <session-id>) whenever a session exits — covers normal exit, Ctrl-C,/undo,/fork, and/sessionsswitch so users can always find their way back - Core: Fix
custom_headersnot being passed to non-Kimi providers — OpenAI, Anthropic, Google GenAI, and Vertex AI providers now correctly forward custom headers configured inproviders.*.custom_headers
- Core: Support hierarchical
AGENTS.mdloading — the CLI now discovers and mergesAGENTS.mdfiles from the git project root down to the working directory, including.kimi/AGENTS.mdat each level; deeper files take priority under a 32 KiB budget cap, ensuring the most specific instructions are never truncated - Core: Fix empty sessions lingering on disk after exit — sessions created but never used are now cleaned up on all exit paths (failure exit, session switch, unexpected errors), not just on successful exit
- Shell: Add
KIMI_CLI_PASTE_CHAR_THRESHOLDandKIMI_CLI_PASTE_LINE_THRESHOLDenvironment variables to control when pasted text is folded into a placeholder — lowering these thresholds works around CJK input method breakage after multiline paste on some terminals (e.g., XShell over SSH) - Shell: Fix diff panel rendering corruption on terminals without truecolor support (e.g. Xshell) —
render_to_ansino longer hardcodes 24-bit color; Rich now auto-detects terminal capability viaCOLORTERM/TERMenvironment variables - Web: Fix white screen after CLI upgrade caused by browser caching stale
index.html— the server now returnsCache-Control: no-cachefor HTML andimmutablefor hashed assets, preventing 404s on renamed chunks - Core: Fix file write converting LF to CRLF on Windows —
writetextnow opens files withnewline=""to prevent Python's universal newline translation from silently converting\nto\r\n - Core: Support
socks://proxy scheme — proxy tools like V2RayN setALL_PROXY=socks://...which httpx/aiohttp don't recognise; the CLI now normalisessocks://tosocks5://at startup so all HTTP clients and subprocesses work correctly behind a SOCKS proxy - Shell: Add
/title(alias/rename) command to manually set session titles — titles are now stored instate.jsonalongside other session state; legacymetadata.jsonis automatically migrated on first load - Shell: Fix garbled pager output when
MANPAGERis set (e.g.bat) — the console pager now ignoresMANPAGERand delegates topydoc.pager(), preservingPAGERand all platform-specific fallbacks - Explore: Enhance explore agent with specialist role, thoroughness levels, and automatic environment context — explore agents now gather repository environment information at launch to improve investigation quality; the main agent is guided to prefer explore for codebase research and plan mode encourages explore-first investigation
- Shell: Fix tool call display showing raw OSC 8 escape bytes (e.g.
8;id=391551;https://…) instead of clean text — hyperlink sequences are now wrapped as zero-width escapes for prompt_toolkit compatibility, preserving clickable links in supported terminals - Core: Add OS and shell information to the system prompt — the model now knows which platform it is running on and receives a Windows-specific instruction to prefer built-in tools over Shell commands, preventing Linux command errors in PowerShell
- Shell: Fix
commandparameter description saying "bash command" regardless of platform — the description is now platform-neutral - Web: Fix auto-title overwriting manual session rename — when a user renames a session through the web UI, the new title is now preserved and no longer replaced by the auto-generated title
- Core: Fix file write/replace tools freezing the event loop — diff computation (
build_diff_blocks) is now offloaded to a thread viaasyncio.to_thread, preventing the UI from hanging when editing large files - Shell: Fix
_watch_root_wire_hubsilently dying on handler exceptions — the watcher now catches and logs exceptions (matching the pattern inwire/server.py) and handlesQueueShutDowngracefully, preventing approval flow from silently breaking mid-session - Core: Skip O(n²) diff computation for huge files (>10 000 lines) — files above the threshold now show a summary block instead of computing a full diff, and unchanged files short-circuit immediately
- Wire: Add
is_summaryfield toDiffDisplayBlock(Wire 1.8) — marks diff blocks that contain a line-count summary instead of actual diff content, allowing clients to render them appropriately - Web: Render large-file diff summaries — when a diff block is marked
is_summary, the web UI shows a compact "File too large for inline diff" notice with line counts instead of attempting to compute a diff - Auth: Fix OAuth users getting "incorrect API KEY" when running skills or after idle — 401 errors now show a clear "please /login" message instead of the raw API error; the ACP layer correctly triggers re-login flow for VS Code extension users
- Web: Fix session title generation always failing for OAuth users — the title generator now uses OAuth tokens and refreshes them before calling the model
- Core: Add timeout protection for Agent tool and HTTP requests — all
aiohttpsessions now default to 120 s total / 60 s read timeout; the Agent tool gains an optionaltimeoutparameter (foreground default 10 min, background default 15 min); background agent tasks are markedtimed_outon expiry with proper notification semantics - Grep: Fix tool hanging and becoming uninterruptible — replaced blocking
ripgrepy.run()with async subprocess execution; the tool now responds to Ctrl-C immediately and has a 20-second timeout with partial result return - Grep: Add token efficiency improvements — default
head_limitof 250 withoffsetpagination,--hiddensearch with VCS directory exclusion,files_with_matchessorted by modification time, relative path output, and--max-columns 500for non-content modes - Grep:
line_number(-n) now defaults totruein content mode — line numbers are included by default so the model can reference precise code locations - Grep:
count_matchesmode now includes a summary in the message — e.g. "Found 30 total occurrences across 10 files." - ACP: Fix
ValueError: list.index(x): x not in listcrash when ACP is launched viakimi-codeorkimi-clientry-points (e.g. JetBrains AI Assistant) - Core: Fix OpenAI-compatible APIs (e.g. One API) returning 400 errors in multi-turn conversations when the server returns
reasoning_contentby default —reasoning_effortis now auto-set to"medium"when history contains thinking content andreasoning_keyis configured - Shell: Add
/themecommand and dark/light theme support — users with light terminal backgrounds can now switch to a light color palette via/theme lightortheme = "light"inconfig.toml; diff highlights, task browser, prompt UI, and MCP status colors all adapt to the selected theme - Core: Fix context overflow before compaction — tool result tokens are now estimated and included in the auto-compaction trigger check, preventing "exceeded model token limit" errors when large tool outputs push the context beyond the model limit between API calls
- Core: Add hooks system (Beta) — configure
[[hooks]]inconfig.tomlto run custom shell commands at 13 lifecycle events includingPreToolUse,PostToolUse,SessionStart,Stop, etc.; supports regex matching, timeout handling, and blocking operations via exit code 2 - Shell: Add
/hookscommand — list all configured hooks with event counts - Wire: Add
HookTriggeredandHookResolvedevent types (Wire 1.7) — notify clients when hooks start and finish executing, including event type, target, action (allow/block), and duration - Wire: Add
HookRequestandHookResponsemessage types — allow wire clients to subscribe to hook events and provide their own handling logic with allow/block decisions - CLI:
--skills-dirnow supports multiple directories and overrides default discovery — when specified, the directories replace user/project skills discovery (repeatable flag) - Shell: Fix notification messages leaking into session replay and export — background task notification tags (
<notification>,<task-notification>) are now filtered out when resuming a session (/sessions) and when exporting (/export) or importing (/import) conversation history - Web: The "Open" button in the workspace header now remembers the last-used application — clicking "Open" directly opens with the previous choice, while the dropdown arrow lets you pick a different app
- Web: Fix archived sessions count badge showing only the loaded page size — the badge now displays "100+" when more archived sessions exist beyond the first page
- Shell: Fix pasted text placeholders not expanded in modal answers — clipboard content pasted into approval or question panels is now correctly interpolated before being sent to the model
- Vis: Add
--network / -nflag — launch the visualizer on all network interfaces with auto-detected LAN IP display, matchingkimi webbehavior - Vis: Add
/visslash command — switch from the interactive shell to the tracing visualizer in one step, mirroring the existing/webcommand - Vis: Improve session list performance — async backend scanning, request concurrency limiting, and infinite-scroll pagination prevent browser freezes on large session stores
- Vis: Add 7 missing wire event types —
SteerInput,MCPLoadingBegin/End,Notification,PlanDisplay,ToolCallRequest, andQuestionRequestnow display with proper colors and summaries - Vis: Show token and cache details in StatusUpdate — each status update now displays context token count, max tokens, input token breakdown with cache hit rate, and MCP connection status
- Vis: Show structured tool call summaries —
ReadFile,Shell,Glob,Grep,Agent, and other tool calls display file paths, commands, or patterns inline instead of just the function name - Vis: Add System Prompt card in Context Messages — the
_system_promptentry is rendered as a dedicated blue card showing estimated token count and expandable full content - Vis: Show cache hit rate in session header — the stats bar now displays overall cache efficiency (e.g.,
89% cache) alongside token counts - Vis: Highlight slow operations — time deltas exceeding 10 s appear in amber and those exceeding 60 s in red, making performance bottlenecks immediately visible
- Vis: Prefer human-readable
messagefield in ToolResult summaries — results now show descriptive text like "Command executed successfully" instead of raw output - Vis: Show approval rejection feedback —
ApprovalResponsesummaries include the user's correction text when a tool call is rejected
- Shell: Add
/feedbackcommand — submit feedback directly from the CLI session; the command falls back to opening GitHub Issues on network errors or timeouts - Shell: Redesign diff rendering for tool results — file diffs now display with line numbers, background colors (green/red), syntax highlighting, and inline word-level change markers; approval previews show only changed lines for a compact view; Ctrl-E pager uses the same unified style
- Shell: Update syntax highlighting theme — replace the magenta-heavy color scheme with a more balanced palette mapped to ANSI colors for terminal compatibility; improved color diversity and readability across dark and light terminal backgrounds
- Shell: Fix approval panel not visible when multiple subagents are running — approval and question panels are now rendered at the top of the live view, ensuring they remain visible even when tool-call output exceeds the terminal height
- CLI: Fix
--printmode returning exit code 0 on errors — print mode now exits with code 1 for permanent failures (auth errors, invalid config, etc.) and code 75 for retryable failures (429 rate limit, 5xx server errors, connection timeouts), enabling CI/eval runners to detect failures and decide whether to retry - Plan: Display plan content inline in the chat instead of hiding behind a pager — plans are now rendered as a bordered panel directly in the conversation history, with the plan file path shown for reference
- Plan: Add "Reject and Exit" option to plan approval — users can now reject a plan and exit plan mode in one step, in addition to the existing Approve, Revise, and Reject options
- Wire: Add
PlanDisplayevent type (Wire 1.7) — carries plan content and file path for inline rendering by clients - Shell: Stream markdown output incrementally — completed markdown blocks (paragraphs, lists, code fences, tables) are now rendered and printed to the terminal as they arrive during streaming, instead of being buffered until the turn ends
- Shell: Show elapsed time and estimated token count on thinking/composing spinners — the spinner now displays
Thinking... 5s · 312 tokenswith a live-updating counter during generation - Shell: Add scrolling preview for thinking content — the last 6 lines of the model's thinking process are shown in real time as a grey italic preview beneath the spinner
- Shell: Reduce prompt input area reserved space from 10 to 6 lines
- Glob: Allow
Globtool to access skills directories — the tool can now search within discovered skill roots in addition to the workspace - Glob: Expand
~in directory path before validation — the Glob tool now resolves the tilde to the user's home directory before checking path validity