v0.1.0 — first public release
Kyo-so (協奏) is an MCP-native, ACP-powered multi-agent review gate for AI coding workflows. It coordinates Codex and Claude as independent reviewers and merges their findings into a deterministic decision.
📦 npm: https://www.npmjs.com/package/@kyo-so/cli
Highlights
- MCP tools:
plan_review,security_review,diff_review - Two-agent review via ACP (codex-acp + claude-agent-acp) with schema-constrained findings — agents cannot write files or run commands
- CISA Secure by Design gates for security reviews
- Prompt-injection hardening: repository content, plans, and diffs are wrapped as untrusted content (verified against a live injection canary)
- Secret detection with redact-and-block defaults
- Config trust-on-first-use for
kyoso.config.ts - Per-agent model pins (
agents.<name>.model) — omit to use each agent's own default - Deterministic judge with optional lightweight LLM judge
Install
```bash
npx @kyo-so/cli mcp # or: bunx @kyo-so/cli mcp
```
See the README for MCP client registration (Codex / Claude Code) and the bundled kyoso-review skill.
Notes
- Requires Node.js >= 20 for the packaged CLI
- Depends on a prerelease
@modelcontextprotocol/serverAPI (no stable release yet) - Supply-chain tools that enforce a minimum package age (e.g. safe-chain) may hide this package for a few days right after release