Skip to content

v1.0.5 — kimi-code 0.7/0.8/0.9 compat

Choose a tag to compare

View all tags
@linxule linxule released this 03 Jun 22:09
· 12 commits to main since this release
v1.0.5
938a35c

Patch release certifying kimi-plugin-cc against @moonshot-ai/kimi-code 0.7.0, 0.8.0, and 0.9.0 (a 3-minor, 61-commit catch-up from 0.6.0).

Verdict: COMPAT-PRESERVED — no safety fix required

Earned across five independent review streams: 4 surface reviewers (hook contract / stream-json / CLI / adversarial) + an independent cross-model (codex) adversarial pass, backed by a green bun run smoke:real against both the installed 0.8.0 binary and a temp-installed 0.9.0 binary.

The only runtime change is extending KIMI_TESTED_MINORS to {0,7}, {0,8}, {0,9}.

Why the big upstream changes are compat-benign for a kimi -p wrapper

The safety chain is intact: PreToolCallHookPermissionPolicy is still policy index 0 (auto-approve index 4); the hook engine (session/hooks/) and the stream-json resume-hint writer are byte-identical 0.6.0→0.9.0.

  • Permission approval hooks (PermissionRequest/PermissionResult, #336) are fire-and-forget observability — they fire only on the interactive approval path (shadowed by auto-mode in -p) and cannot deny.
  • Headless goal mode (kimi -p "/goal ...", #270) is double-gated behind the goal-command experimental flag (default off) AND a /goal prefix the plugin never sends — structurally unreachable. Even inside the goal continuation loop, the PreToolUse hook fires on every tool call.
  • The new deny-all policy is unshift-ed only onto subagent policy stacks (a deny, more restrictive), never the main -p agent.
  • New default-approved goal tools (GetGoal/SetGoalBudget/UpdateGoal) have no fs/git/config side effects; read-only enforcement is allow-list/deny-by-default.
  • Background auto-upgrade (#334, default on) does not swap the binary for the plugin's own -p spawns. The out-of-band drift it introduces (a user's interactive TUI self-upgrading to an unaudited version) is exactly what the setup-time version probe catches — now documented in docs/safety.md.

Docs

AGENTS.md (compat range + invariants), runtime/stream-json.ts, docs/safety.md (auto-upgrade drift + permission-hook-events), docs/upstream-compat-audit.md (self-upgrade caveat + temp-binary smoke technique), ROADMAP audit log.

Compat marker tag: compat-verified-kimi-code-0.9.0.

Assets 2
Loading