Skip to content

v9.5.2

Latest

Choose a tag to compare

@asamassekou10 asamassekou10 released this 16 Jul 20:43

v9.5.2 - Kimi K3 Tool-Call Security

Added

  • Kimi K3 provider support now defaults kimi / moonshot to kimi-k3 while keeping legacy Kimi models selectable.
  • KIMI_API_KEY is accepted alongside MOONSHOT_API_KEY.
  • red-team --gpt-red --k3-long-context expands GPT-Red context for Kimi K3 runs with package scripts, CI workflows, deployment config, docs, MCP/tool manifests, and prior findings under hard caps.
  • Agentic tool-call security checks for Kimi K3 / OpenAI-compatible agents:
    • dynamic tool definitions loaded from prompt/RAG/tool-result context
    • model-selected tool names executed without an allowlist
    • forced tool choice with untrusted user input
    • tool-result replay without preserving the assistant tool-call message

Changed

  • Kimi reasoning output is treated as internal reasoning and is never parsed as final Ship Safe JSON output.
  • README, docs, provider UI, and AI-readable files now document Kimi K3 and long-context GPT-Red mode.

Verification

  • npm test - 261/261 passing.
  • npx tsc --noEmit in webapp - passing.
  • git diff --check - passing.
  • npm pack --dry-run --json - package dry run passed for ship-safe@9.5.2.
  • Clean fixture smoke test: red-team --gpt-red --k3-long-context --json --no-ai --no-deps exited 0 and ran GPTRedAgent.