Skip to content

v0.1.0 — first public release

Choose a tag to compare

@hokupod hokupod released this 05 Jul 06:58

Kyo-so (協奏) is an MCP-native, ACP-powered multi-agent review gate for AI coding workflows. It coordinates Codex and Claude as independent reviewers and merges their findings into a deterministic decision.

📦 npm: https://www.npmjs.com/package/@kyo-so/cli

Highlights

  • MCP tools: plan_review, security_review, diff_review
  • Two-agent review via ACP (codex-acp + claude-agent-acp) with schema-constrained findings — agents cannot write files or run commands
  • CISA Secure by Design gates for security reviews
  • Prompt-injection hardening: repository content, plans, and diffs are wrapped as untrusted content (verified against a live injection canary)
  • Secret detection with redact-and-block defaults
  • Config trust-on-first-use for kyoso.config.ts
  • Per-agent model pins (agents.<name>.model) — omit to use each agent's own default
  • Deterministic judge with optional lightweight LLM judge

Install

```bash
npx @kyo-so/cli mcp # or: bunx @kyo-so/cli mcp
```

See the README for MCP client registration (Codex / Claude Code) and the bundled kyoso-review skill.

Notes

  • Requires Node.js >= 20 for the packaged CLI
  • Depends on a prerelease @modelcontextprotocol/server API (no stable release yet)
  • Supply-chain tools that enforce a minimum package age (e.g. safe-chain) may hide this package for a few days right after release