v1.38.0
- Shell: Fix
Rejected by usermisleading message when an approval modal times out — after the 300s safety timeout, the tool call now rejects withRejected: approval timed out, so users returning to their session after stepping away can tell the rejection was a timeout rather than a manual rejection. Pass--yolo/-yto auto-approve tool calls if you regularly leave sessions unattended - Auth: Fix OAuth users being forced to
/loginagain after an unrelated refresh-token rotation race — when a concurrently-running kimi-cli instance (terminal, VS Code extension, orkimi -pone-shot) legitimately rotated the refresh token, the current instance's now-stale refresh request would come back with a 401, and a TOCTOU window between the "did another instance rotate?" disk check and thedelete_tokenscall could wipe the credentials file even though a valid rotated token was about to be written to it; the in-memory cache is still cleared so truly revoked tokens surface on the next request, but the file is preserved so a concurrent instance's freshly-rotated token can be recovered, and an eventual/loginstill overwrites it atomically - Kosong: Fix parallel tool results being split into multiple user messages in Anthropic provider — consecutive tool-result-only user messages are now merged into a single message, complying with the Anthropic Messages API spec that all
tool_useblocks in an assistant turn must be answered within one user message; this fixes 400 errors on strict Anthropic-compatible backends (e.g. DeepSeek/anthropicendpoint) and prevents the official backend from silently teaching the model to avoid parallel tool calls
Fetched June 4, 2026
