docs(server): document --dangerous-bypass-auth and --keep-alive flags (#1373)

Add the two kimi server run flags introduced in #1368 to the CLI reference (en + zh), including a danger callout for the auth-bypass flag, and add the changeset so the next release notes the feature.
This commit is contained in:
Haozhe 2026-07-04 18:33:22 +08:00 committed by GitHub
parent 7db88b6f0c
commit e715b1648c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 2 deletions

View file

@ -161,10 +161,16 @@ kimi server status # snapshot of installed/running state
| `--port <port>` | Bind port; defaults to `58627` |
| `--log-level <level>` | Enable server logs at the selected level; omitted by default |
| `--debug-endpoints` | Mount `/api/v1/debug/*` routes (off by default) |
| `--keep-alive` | Keep the server running instead of exiting after 60s with no connected clients; implied by `--host` / `--allowed-host` and always on with `--foreground` |
| `--dangerous-bypass-auth` | Disable bearer-token auth on all REST and WebSocket routes so the web UI connects without a token; only for trusted networks or behind an authenticating proxy |
| `--foreground` | Run in the foreground instead of spawning a background daemon |
| `--open` | Open the web UI in the default browser once the server is healthy |
`kimi server run` binds to local loopback only. By default it spawns a single background daemon (reused across runs) and exits once the daemon is healthy; the daemon shuts itself down after the last web client disconnects. Pass `--foreground` to run the server in the current process instead — it then stays attached to the terminal and shuts down cleanly on `SIGINT` / `SIGTERM`.
`kimi server run` binds to local loopback only. By default it spawns a single background daemon (reused across runs) and exits once the daemon is healthy; the daemon shuts itself down after the last web client disconnects. Pass `--keep-alive` to keep it running past the idle timeout, or `--foreground` to run the server in the current process instead — it then stays attached to the terminal and shuts down cleanly on `SIGINT` / `SIGTERM`.
::: danger
`--dangerous-bypass-auth` disables authentication entirely. Anyone who can reach the port gets full access to your sessions, filesystem, and shell. Only use it on a trusted network or behind your own authenticating reverse proxy, and run `kimi server kill` to stop the server when you are done.
:::
#### `kimi server install`

View file

@ -161,10 +161,16 @@ kimi server status # 查看安装与运行状态
| `--port <port>` | 绑定端口;默认 `58627` |
| `--log-level <level>` | 按所选级别开启服务日志;默认不输出 |
| `--debug-endpoints` | 挂载 `/api/v1/debug/*` 调试路由(默认关闭) |
| `--keep-alive` | 让服务在没有客户端连接 60 秒后继续运行,不会因空闲退出;`--host` / `--allowed-host` 会自动启用,`--foreground` 模式下始终开启 |
| `--dangerous-bypass-auth` | 关闭所有 REST 与 WebSocket 路由的 bearer token 鉴权,使 web UI 无需 token 即可连接;仅用于可信网络或自有鉴权代理之后 |
| `--foreground` | 前台运行,不 spawn 后台守护进程 |
| `--open` | 服务健康后用默认浏览器打开 web UI |
`kimi server run` 只绑定本机 loopback 地址。默认会 spawn 一个后台守护进程(多次运行会复用同一个),健康后即退出;守护进程在最后一个 web 客户端断开后自行关闭。加 `--foreground` 则在当前进程中运行——保持挂在终端,在 `SIGINT` / `SIGTERM` 时干净退出。
`kimi server run` 只绑定本机 loopback 地址。默认会 spawn 一个后台守护进程(多次运行会复用同一个),健康后即退出;守护进程在最后一个 web 客户端断开后自行关闭。加 `--keep-alive` 可让它在空闲超时后继续运行,或加 `--foreground` 则在当前进程中运行——保持挂在终端,在 `SIGINT` / `SIGTERM` 时干净退出。
::: danger 警告
`--dangerous-bypass-auth` 会彻底关闭鉴权。任何能访问该端口的人都能完全控制你的会话、文件系统和 shell。请仅在可信网络或自有鉴权反向代理之后使用用完后运行 `kimi server kill` 停止服务。
:::
#### `kimi server install`