Resuming a session that was already in plan mode with --plan crashed with
"Already in plan mode": the resume path called setPlanMode(true)
unconditionally while session replay had already restored the active plan
state. Check the session status first and only enable plan mode when it is
not active yet, in both the resume startup path and the startup session
picker.
The /sessions picker shared the same onSelect callback, so startup flags
were also re-applied on every mid-session switch, overriding the picked
session's own persisted modes. Gate the flag application behind an
applyStartupModes option that only the startup picker enables, and surface
post-switch setup errors instead of leaving them as unhandled rejections.
* feat(providers): sync custom registry providers on startup refresh
- group registry providers by URL and retry available API keys\n- automatically add new providers and remove disappeared ones\n- coalesce duplicate source URLs to avoid false config-change reports\n- clear defaultThinking when default model is removed\n- update docs and add tests for registry sync scenarios
* fix(tui): only show provider refresh status for added models
Skip removed / metadata-only provider updates when reporting model list changes.\n\n add: test to enforce the behavior.
iTerm2 interprets any OSC 9 payload as a desktop notification, so the
ConEmu-style 9;4 progress sequence (re-sent every second by the progress
keepalive) flooded users with notifications. Only emit progress on
terminals known to implement OSC 9;4: Windows Terminal, ConEmu, Ghostty,
and WezTerm.
* feat(config): tolerate invalid config.toml sections instead of failing startup
Schema errors now drop only the offending sections (single entries for
providers/models) with a warning, so a typo no longer prevents startup or
drops the login state. TOML syntax errors still fail fast with the parse
location. Mid-run reloads keep the last good config when the file breaks.
Warnings surface via the new getConfigDiagnostics API: as a startup notice
in the TUI, on stderr in print mode, and in the status bar after /new.
Write paths stay strict so a broken file is never silently rewritten, and
now fail with a short actionable message instead of raw validation JSON;
the /provider TUI flow and the kimi provider CLI report these errors
instead of crashing on an unhandled rejection.
* fix(config): keep entry-keyed sections when one entry has multiple issues
A providers/models entry with several validation issues was deleted by the
first issue, and the remaining issues from the same safeParse pass then
escalated to deleting the entire section — one badly-typed custom provider
could drop every provider, including the managed OAuth login. Issues on
entry-keyed sections now only ever target the entry itself; once it is
gone, later issues are no-ops.
* feat(skill): qualify sub-skill names with parent prefix
- qualify sub-skill names with parent prefix and set isSubSkill metadata\n- hide sub-skills from the model skill listing
- expose sub-skills as dotted slash commands in TUI
- update slash command docs for English and Chinese
- align built-in sub-skill local names with their directories
Map the /models three-state supports_thinking_type field ('only' /
'no' / 'both', taking precedence over the legacy supports_reasoning
boolean) onto the existing always_thinking capability:
- oauth: parse the field in both /models parsers; 'only' emits
always_thinking alongside thinking, 'no' suppresses thinking even
when supports_reasoning is set, absent falls back to the legacy
boolean. Default thinking selection is forced on for 'only' (and
off for 'no') models during login and provider refresh
- TUI: render the thinking control with a fixed On/Off layout — locked
models show a greyed-out "Off (Unsupported)" segment, and
non-thinking models mirror the style with "On (Unsupported)"
- agent-core: clamp thinkingLevel at the getter so a stale
thinking-off config can never reach the request builder, status
events, or subagent inheritance
- acp-adapter: derive alwaysThinking from capabilities, collapse the
thinking select to a single locked "on" entry, and ignore off
requests for locked models while re-emitting the snapshot
* chore: ignore .worktrees directory
* feat: add tips banner below welcome panel on startup
- Fetch active/fallback tips from the configured CDN with a 3s timeout.
- Filter tips by semver, client version, and date range.
- Render the banner directly below the welcome panel on startup/resume.
- Support tag, multi-line text, subtext, automatic wrapping, and narrow-terminal safety.
* refactor(tui): use theme color methods in banner component
Replace raw chalk calls with currentTheme helpers: tag uses
boldFg('primary'), main text uses boldFg('textStrong'), and subtext
uses fg('textDim') without stacking the dim modifier on the already
dim shade. Strengthen tests to assert the exact themed ANSI output.
- Register the yuandian_law (元典法律数据库) data source for Chinese
laws/regulations and judicial case search.
- Append a request-id / tool-call-id trace line to every tool result so
failures can be correlated with backend logs.
- Fix the documented MCP tool names in SKILL.md (-data -> _data).
- Also includes the dev marketplace-server env isolation fix in dev.mjs.
Co-authored-by: qer <Anna_Knapprfr@mail.com>
* feat: search slash command aliases in autocomplete
Slash-command name completion now matches aliases and shows them in the
label as `name (alias1, alias2)` when the match came from an alias.
Argument completion resolves aliases too. The intercepted completion
keeps the inner provider's conventions: argument hints stay in the
suggestion description, and primary-name matches outrank alias matches
on score ties.
* feat: wrap autocomplete descriptions onto up to two lines
Long slash command / skill descriptions used to be truncated to a single
line in the completion menu. CustomEditor now swaps the slash menu's list
for a WrappingSelectList that wraps descriptions to at most two lines,
ellipsizing past the second; non-slash completion keeps pi-tui's
single-line list.
Plain-text truncations also strip the trailing ANSI reset that pi-tui's
truncateToWidth appends — embedded inside the theme colouring it reset
the rest of the row, so a selected row with a truncated name rendered
its two description lines in different colours.
* chore: make changeset wording user-facing
* style: pass optional description directly instead of conditional spread
Follows the AGENTS.md convention for optional object properties.
* fix: align datasource plugin environment
* refactor: inject managed Kimi env into all stdio plugins
Pin the datasource credential-name test to the canonical
resolveKimiCodeOAuthKey so a digest drift in the standalone plugin
fails CI, and drop the hardcoded plugin-name special case so every
stdio plugin receives the active managed Kimi base URL / OAuth host
consistently (process.env and KIMI_CODE_HOME are already shared with
all plugins).
Installed plugins whose marketplace version is newer than the local
version now render an `update <local> → <latest>` badge and update in
place on Enter; up-to-date plugins show `installed · v<version>`.
Dev-server and CDN-build marketplace generation now stamp each entry's
version from the plugin manifest so the advertised "latest" stays accurate.
Adds a pure computeUpdateStatus() (semver, no spurious downgrades) with tests.
Co-authored-by: qer <Anna_Knapprfr@mail.com>
* Refactor theme
* custom theme support
* docs: add custom themes guide
Document the custom theme file location, the color token reference, selecting a theme via /theme and tui.toml, and fallback behavior. Link it from the customization sidebar and the tui.toml theme field.
* feat(skill): add built-in custom-theme skill
Guides the model (or a manual /custom-theme run) to author a theme JSON in ~/.kimi-code/themes/: docs token reference, deliberate color choices, hex validation, and how to apply via /theme or /reload-tui. Note in the write-tui skill to keep the token set in sync across colors.ts, the schema, the docs, and this skill. Enrich the custom-theme changeset to cover all three usage paths.
* chore: remove theme research report
* fix(tui): resolve lint errors after main merge
Remove unused chalk/currentTheme/ResolvedTheme imports left by the theme refactor; break the theme <-> pi-tui-theme import cycle by dropping the markdown/editor theme getters from the Theme class (consumers call createMarkdownTheme directly); fix unused vars/params, a floating promise, and a redundant union type.
* fix(tui): address custom theme review feedback
- await applyTheme before refreshing terminal theme tracking, so
switching to "auto" installs the watcher against the new state
- invalidate the transcript on automatic (terminal-driven) theme
changes so already-rendered entries repaint
- rebuild UsagePanel bodies on invalidate (previously a no-op); /usage,
/status, /mcp and /plugins now repaint on a theme switch
- repaint the compaction header on invalidate
- validate a custom theme before applying it from the /theme picker
- hide reserved dark/light/auto names from the custom theme list
- escape the theme name when writing tui.toml
- stop the custom theme loader writing warnings to the raw terminal
- remove a stray hello.ts
* refactor(tui): polish custom theme feature
- footer and todo-panel read the currentTheme singleton directly at
render time instead of caching a palette copy; drop their setColors
methods and the manual setColors calls on every theme change
- support "base": "dark" | "light" in custom theme files so a partial
light theme inherits the light palette for unspecified tokens
- reconcile the docs and the custom-theme skill with the silent
invalid-color fallback (no terminal warning)
* refactor(tui): live-repaint the agent swarm progress panel
Read the currentTheme palette through a getter instead of caching it at
construction time, so the swarm progress panel recolors on a theme switch
like the rest of the transcript. Drops the now-unused `colors` option.
* chore: remove plan.md
* docs: update custom theme guide
* docs: document custom theme skill command
* fix(skill): make custom theme user-triggered only
* feat(acp-adapter): support embedded resource prompts
- advertise embeddedContext support in ACP capabilities and docs
- convert file:// resource_link blocks into decoded paths with optional line ranges
- keep XML wrappers for non-file or unparseable resource_link URIs
- update adapter tests for the new resource link behavior
* feat(acp-adapter): add ACP built-in slash command routing and UNC path support
- add local execution for /compact, /status, /usage, /mcp, /tasks, /help in ACP sessions
- surface unknown slash commands as local errors instead of forwarding to model\n- export ACP_BUILTIN_SLASH_COMMANDS from acp-adapter for CLI reuse
- fix file:// URI conversion for Windows UNC paths
- rebuild agent builtin tools on session tool kaos rebind
* docs: add Homebrew installation instructions
Add Homebrew as an installation option for macOS/Linux users in both
English and Chinese READMEs.
Closes#130
* feat(cli): detect Homebrew installs and use brew upgrade for updates
When kimi-code is installed via Homebrew, the update system now detects
the installation source and uses 'brew upgrade kimi-code' instead of
falling back to 'npm install -g'. This prevents duplicate installations
when Homebrew users receive update prompts.
* chore: add changeset for Homebrew update detection
* fix(cli): tighten Homebrew detection and disable auto-update
- Only match /cellar/ path segment (not /homebrew/) to avoid false
positives on Apple Silicon where npm global installs live under
/opt/homebrew/lib/node_modules/
- Disable background auto-update for Homebrew: brew upgrade may mutate
dependents silently and the formula can lag behind CDN releases
* fix(cli): add homebrew to InstallSource Zod schema
Keeps the persistence schema in sync with the TypeScript type. Currently
harmless since Homebrew auto-install is disabled, but prevents a silent
state reset if it is ever enabled later.
---------
Co-authored-by: liruifengv <liruifeng1024@gmail.com>
* feat: honor HTTP_PROXY/HTTPS_PROXY/NO_PROXY for all outbound traffic
Install a global undici dispatcher at CLI startup so every in-process fetch
(LLM APIs, MCP HTTP, web tools, telemetry, sign-in, update checks) honors the
standard proxy variables, and propagate NODE_USE_ENV_PROXY to spawned stdio
MCP child processes. Loopback hosts always bypass the proxy; an invalid proxy
URL is reported and ignored rather than aborting startup.
* feat: support SOCKS proxies via ALL_PROXY
Recognize SOCKS proxies (socks5/socks5h/socks4/socks alias) from ALL_PROXY or a
socks-scheme HTTP(S)_PROXY, routing traffic through a custom undici connector
backed by the socks client (reusing undici's own TLS handling for https).
HTTP(S) proxies keep precedence; NO_PROXY and loopback are honored for the SOCKS
path too. Child stdio MCP node processes honor HTTP(S) proxies via
NODE_USE_ENV_PROXY; SOCKS applies to the main process only.
* fix: address proxy review comments (env masking, child NO_PROXY, nix hash)
- Resolve HTTP(S)_PROXY explicitly via the first non-blank casing so a blank
lowercase var can no longer mask a populated uppercase one (the dispatcher
installed but went direct), and coerce a SOCKS-scheme value sitting in an
HTTP(S) var to '' so it is never handed to EnvHttpProxyAgent.
- Reconcile a child's NO_PROXY override across both casings using the first
non-blank value run through resolveNoProxy, so a per-server config override
is not shadowed by the injected lowercase value, keeps the loopback bypass,
and passes '*' through verbatim.
- Update flake.nix pnpmDeps hash for the added socks/undici dependencies.
* fix(proxy): honor http ALL_PROXY, match port-qualified NO_PROXY, note child Node version
- Honor an http-scheme ALL_PROXY as the catch-all fallback for both http and
https (scheme-specific HTTP(S)_PROXY still wins), so an ALL_PROXY-only setup
no longer installs a no-op dispatcher and connects direct.
- Make the SOCKS-path NO_PROXY matcher port-aware: a `host:port` entry now
matches only that port (with IPv6-safe parsing for `::1` / `[::1]:443`).
- Document that child stdio MCP proxying via NODE_USE_ENV_PROXY only applies on
Node versions that support it (>= 22.21 / >= 24.5).
* fix(proxy): IPv6 + wildcard NO_PROXY and per-server child proxy edges
- Strip IPv6 brackets from a SOCKS proxy host (e.g. ALL_PROXY=socks5://[::1]:1080)
so the socks client connects to the bare address.
- Add the bracketed [::1] to the loopback bypass: undici's EnvHttpProxyAgent
only exempts IPv6 loopback when the NO_PROXY entry is bracketed (it mis-parses
bare ::1). The SOCKS-path matcher normalizes brackets on both sides.
- Match *.domain wildcard (and host:port) NO_PROXY entries in the SOCKS matcher.
- Compute the child stdio proxy env from the MERGED env so a proxy declared only
in a server's config.env also enables NODE_USE_ENV_PROXY.
* fix(proxy): synthesize HTTP(S)_PROXY from ALL_PROXY for child processes
proxyEnvForChild now hands spawned stdio MCP children the resolved
HTTP_PROXY/HTTPS_PROXY (in both casings), synthesizing them from an http-scheme
ALL_PROXY when no scheme-specific variable is set. Node's --use-env-proxy reads
HTTP_PROXY/HTTPS_PROXY (not ALL_PROXY), so an ALL_PROXY-only parent now proxies
the child consistently with the main process. Shared resolveHttpProxyUrls helper
is reused by createProxyDispatcher and proxyEnvForChild.
* chore(changeset): tighten proxy changeset wording