* fix(kosong): isolate anthropic auth environment
* fix(kosong): close remaining anthropic env fallbacks
Pass explicit nulls into the Anthropic SDK for unused auth/base URL overrides, keep adapter-owned auth headers authoritative, and add regression coverage for Anthropic shell env leakage.
* fix(kosong): block anthropic custom header env leakage
* docs(kosong): explain anthropic env-isolation intent + migration
Spell out that the SDK is used as a transport to arbitrary endpoints, so disabling its shell-env auto-discovery is the fix: the authToken/baseURL/header nulls are load-bearing, not redundant. Also document the behavior change (shell ANTHROPIC_* no longer read; use provider config) in the changeset. No logic change.
* feat(agent-core): collapse hidden dirs in prompt
Keep hidden directory entries visible in the cwd snapshot while omitting their contents to reduce prompt noise, and document the tools models should use to inspect hidden paths.
* feat(agent-core): clarify prompt AGENTS context
Add a marker when AGENTS.md content is truncated by the prompt budget and move dynamic system prompt context after the static guidance.
* chore: add prompt refinement changesets
* fix: prompt brief tool-call status
Ask the model to emit one short same-language status sentence before non-trivial tool calls while keeping detailed reasoning out of the visible transcript. Updates snapshots for the longer default prompt.
* feat(agent-core): collapse hidden dirs in prompt
Keep hidden directory entries visible in the cwd snapshot while omitting their contents to reduce prompt noise, and document the tools models should use to inspect hidden paths.
* feat(agent-core): clarify prompt AGENTS context
Add a marker when AGENTS.md content is truncated by the prompt budget and move dynamic system prompt context after the static guidance.
* chore: add prompt refinement changesets
Replace the per-provider getCapability instance method, and the throwaway
provider instantiation used only for capability probing, with a static
getModelCapability(wire, model) entry point in kosong. The same
capability-registry tables are consulted, so resolution stays behaviorally
identical; it no longer constructs a temporary provider or forges an API key.
Also drop the unused getContextSizeLimit interface method.
* feat(update): roll out automatic updates in staged batches via CDN manifest
* chore: remove changeset
* refactor(update): single-source the CDN latest file names
* refactor(update): reuse the CDN latest URL constants in update checks
* refactor(update): drop the test-only CDN base override
* fix: preserve first launch attribution
* fix: use refreshed rollout manifest for telemetry
* fix: abort hung cdn update checks
* fix: preserve update cache with bad manifest
* chore: remove review report from branch
* feat(providers): sync custom registry providers on startup refresh
- group registry providers by URL and retry available API keys\n- automatically add new providers and remove disappeared ones\n- coalesce duplicate source URLs to avoid false config-change reports\n- clear defaultThinking when default model is removed\n- update docs and add tests for registry sync scenarios
* fix(tui): only show provider refresh status for added models
Skip removed / metadata-only provider updates when reporting model list changes.\n\n add: test to enforce the behavior.
* feat(config): tolerate invalid config.toml sections instead of failing startup
Schema errors now drop only the offending sections (single entries for
providers/models) with a warning, so a typo no longer prevents startup or
drops the login state. TOML syntax errors still fail fast with the parse
location. Mid-run reloads keep the last good config when the file breaks.
Warnings surface via the new getConfigDiagnostics API: as a startup notice
in the TUI, on stderr in print mode, and in the status bar after /new.
Write paths stay strict so a broken file is never silently rewritten, and
now fail with a short actionable message instead of raw validation JSON;
the /provider TUI flow and the kimi provider CLI report these errors
instead of crashing on an unhandled rejection.
* fix(config): keep entry-keyed sections when one entry has multiple issues
A providers/models entry with several validation issues was deleted by the
first issue, and the remaining issues from the same safeParse pass then
escalated to deleting the entire section — one badly-typed custom provider
could drop every provider, including the managed OAuth login. Issues on
entry-keyed sections now only ever target the entry itself; once it is
gone, later issues are no-ops.
* feat(skill): qualify sub-skill names with parent prefix
- qualify sub-skill names with parent prefix and set isSubSkill metadata\n- hide sub-skills from the model skill listing
- expose sub-skills as dotted slash commands in TUI
- update slash command docs for English and Chinese
- align built-in sub-skill local names with their directories
Map the /models three-state supports_thinking_type field ('only' /
'no' / 'both', taking precedence over the legacy supports_reasoning
boolean) onto the existing always_thinking capability:
- oauth: parse the field in both /models parsers; 'only' emits
always_thinking alongside thinking, 'no' suppresses thinking even
when supports_reasoning is set, absent falls back to the legacy
boolean. Default thinking selection is forced on for 'only' (and
off for 'no') models during login and provider refresh
- TUI: render the thinking control with a fixed On/Off layout — locked
models show a greyed-out "Off (Unsupported)" segment, and
non-thinking models mirror the style with "On (Unsupported)"
- agent-core: clamp thinkingLevel at the getter so a stale
thinking-off config can never reach the request builder, status
events, or subagent inheritance
- acp-adapter: derive alwaysThinking from capabilities, collapse the
thinking select to a single locked "on" entry, and ignore off
requests for locked models while re-emitting the snapshot
- custom-theme.md, update-config.md, mcp-config.md now resolve KIMI_CODE_HOME first.
- custom-theme.md requires clarifying intent before creating or editing themes.
- custom-theme.md falls back to plain-text questions in auto mode.
* fix: clean up background tasks on session exit
* Stop background tasks on session close
Change versioning for agent-core and kimi-code to patch.
Signed-off-by: 7Sageer <12210216@mail.sustech.edu.cn>
---------
Signed-off-by: 7Sageer <12210216@mail.sustech.edu.cn>
- Add terminating-state guard to skip ERR_STREAM_PREMATURE_CLOSE when a process is killed or times out
- Ensure timeout/kill reason is reported instead of the internal stream error
- Add changeset for agent-core and kimi-code
Fires an observation-only Interrupt event when a turn is aborted by the user (e.g. pressing Esc). Previously neither Stop nor StopFailure fired on interrupt, so external tooling that tracks status from hooks stayed stuck on a working state.