Skip to content

v1.0.4 — kimi-code 0.6.0 compatibility verified

Choose a tag to compare

View all tags
@linxule linxule released this 31 May 12:13
· 16 commits to main since this release
v1.0.4
03b35f0

Patch release: verifies kimi-plugin-cc against @moonshot-ai/kimi-code@0.6.0 (current npm latest).

Verdict: COMPAT-PRESERVED

Four independent reviewers (hook contract, stream-json, CLI surface, adversarial) unanimously found no breakage — and for the first time the verdict is backed by a green real-binary smoke against the audited release: bun run smoke:real vs the installed 0.6.0 binary passed 5/0, with all four read-only commands (review / challenge / ask / review_gate) denying a forced write end-to-end through the PreToolUse hook.

The only runtime change is extending KIMI_TESTED_MINORS to include {0, 6}, so 0.6.0 users no longer see an "outside tested range" warning at /kimi:setup.

What held byte-identical (0.5.0 → 0.6.0)

  • Hook engine (session/hooks/), policy queue order (policies/index.ts, PreToolUse hook still at index 0), pre-tool-call-hook.ts, auto-mode-approve.ts
  • CLI argv (options.ts / commands.ts, blob-SHA verified); --auto still rejected with -p
  • stream-json resume-hint writer (writeResumeHint / PromptJsonWriter); session.resume_hint record unchanged

Behavioral changes — assessed non-breaking for the plugin

  • Resume-session workDir guard (run-prompt.ts, +17 lines): runs before permission forcing and structurally cannot fire for the plugin, since both resume sites spawn with cwd: job.cwd (the originating cwd).
  • permission/index.ts rpc?.requestApproval refactor: dead code in -p mode (shadowed by auto-mode-approve at index 4; requestApproval is always present). A hook {kind:'deny'} routes to {block:true} with no rpc involvement.

Doc-only findings (neither is a write bypass)

  • PR #186 removed the default 1000-step/turn cap — a compute guardrail, not a write bypass; bounded by the plugin's AbortController budget + SIGTERM→SIGKILL cancellation.
  • PR #212 added an opt-in KIMI_MODEL_* inherited-env channel — never touches hook config and is stripped on config write-back.

Both are now documented in docs/safety.md § "What this safety story does NOT cover".

Upgrading

No action required for existing installs beyond updating the plugin. The managed hook block is unchanged; re-running /kimi:setup is optional.

🤖 Generated with Claude Code

Assets 2
Loading