{"id":50119353,"url":"https://github.com/linxule/kimi-plugin-cc","last_synced_at":"2026-06-09T14:00:55.710Z","repository":{"id":358003466,"uuid":"1211353708","full_name":"linxule/kimi-plugin-cc","owner":"linxule","description":"Claude Code plugin that delegates read-only review, adversarial review, free-form ask, and write-capable rescue work to the local Kimi CLI. Includes an opt-in stop-time review gate.","archived":false,"fork":false,"pushed_at":"2026-06-03T23:19:43.000Z","size":2262,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T00:02:31.358Z","etag":null,"topics":["ai-agents","claude-code","claude-code-plugin","code-review","developer-tools","kimi","moonshot-ai","multi-model"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linxule.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP-TO-GA.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-15T10:02:01.000Z","updated_at":"2026-06-03T23:19:47.000Z","dependencies_parsed_at":"2026-06-04T00:00:26.938Z","dependency_job_id":null,"html_url":"https://github.com/linxule/kimi-plugin-cc","commit_stats":null,"previous_names":["linxule/kimi-plugin-cc"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/linxule/kimi-plugin-cc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linxule%2Fkimi-plugin-cc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linxule%2Fkimi-plugin-cc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linxule%2Fkimi-plugin-cc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linxule%2Fkimi-plugin-cc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linxule","download_url":"https://codeload.github.com/linxule/kimi-plugin-cc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linxule%2Fkimi-plugin-cc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34110012,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","claude-code","claude-code-plugin","code-review","developer-tools","kimi","moonshot-ai","multi-model"],"created_at":"2026-05-23T18:01:02.210Z","updated_at":"2026-06-09T14:00:55.705Z","avatar_url":"https://github.com/linxule.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kimi-plugin-cc\n\nUse [Kimi](https://kimi.ai) as Claude Code's second reviewer, independent thinker, and delegated worker — without building your own multi-agent stack.\n\nThis is a [Claude Code](https://claude.ai/code) plugin that drives the [kimi-code](https://kimi.com/code/docs) CLI (the Node.js successor to Kimi CLI) as a subprocess. Claude can ask Kimi for a structured code review, delegate a bug hunt, or have Kimi double-check its own work before stopping — all through slash commands, with persistent job state, session resume, and per-command safety enforced by a [PreToolUse hook](./docs/safety.md) installed in `~/.kimi-code/config.toml`.\n\n- **Independent model, independent perspective.** Kimi reasons differently from Claude. A second opinion from a different model catches things self-review misses.\n- **No orchestration layer required.** No ACP, no cloud broker, no shared API keys. The plugin talks directly to a locally-installed `kimi` binary using `kimi -p --output-format stream-json`.\n- **Full agent capabilities, safely bounded.** Kimi can read files, write code, run shell commands, and resume where it left off — all bounded by a [workspace allowlist](./runtime/rescue-approval.ts) invoked via the PreToolUse hook. Read-only commands enforce read-only at the hook layer, not the prompt.\n\n\u003e **Migrating from v0.4?** v0.4.x targeted the Python [Kimi CLI](https://github.com/MoonshotAI/kimi-cli) and stays available at the [`v0.4.0`](https://github.com/linxule/kimi-plugin-cc/releases/tag/v0.4.0) tag (`v0.4-maintenance` branch is cut from that tag for ongoing fixes — see the linked tag if the branch is not yet pushed). v1.0 is a hard cut to kimi-code — install kimi-code first, then `/plugin update kimi` will upgrade you in place. See [docs/migration.md](./docs/migration.md) for the step-by-step upgrade.\n\n## Try it in 60 seconds\n\n```\n# Prerequisite: install kimi-code from https://kimi.com/code/docs\n/plugin marketplace add linxule/kimi-plugin-cc\n/plugin install kimi@kimi-marketplace\n/kimi:setup\n/kimi:review \"review my current diff\"\n```\n\nKimi reads your working-tree diff and returns a review as markdown:\n\n```markdown\n## Verdict: concern\n\nOne high-confidence issue in the auth middleware; the rest looks fine.\n\n### src/middleware/auth.ts:42-47 — JWT expiry not checked before token refresh\n\nThe refresh handler calls `getNewToken()` without first checking whether the\ncurrent token has actually expired. On a slow-clock client this triggers a\nrefresh on every request.\n\nSuggested fix: add an expiry check before the refresh call.\n```\n\nClaude reads the review and can act on it directly. For programmatic access to the same content plus job metadata, `companion.sh result \u003cjobId\u003e --json` returns a structured envelope `{job_id, kind, status, summary, error, artifact_path, body, ...}` where `body` is the full markdown. To go further:\n\n```\n/kimi:rescue \"fix the top review finding\"\n```\n\nKimi opens the file, writes the fix, runs the relevant tests, and reports back. The session persists — if you restart Claude Code, `/kimi:rescue --resume` picks up where it left off.\n\n## When to use what\n\n| Command | What it does | Kimi can write? | Session persists? |\n|---------|-------------|-----------------|-------------------|\n| `/kimi:ask` | Free-form Q\u0026A — \"explain this module\"; supports `--background` / `--wait` like rescue | No | Fresh by default, `-r` to resume |\n| `/kimi:review` | Structured code review of your diff | No | Fresh each time |\n| `/kimi:challenge` | Adversarial review with a custom focus | No | Fresh each time |\n| `/kimi:rescue` | Delegate real work — bug hunts, refactors, fixes | Yes (allowlisted) | Persists + resumable |\n| `/kimi:pursue` | **Experimental** — pursue an objective *autonomously* across turns, bounded by a hard `--budget` | Yes (allowlisted, every turn) | Foreground-only; resume not yet exposed |\n| `/kimi:swarm` | Fan out a **read-only** review across files/modules in parallel (via AgentSwarm), bounded by a hard `--budget` | No (every subagent) | Foreground-only |\n| Review gate | Kimi checks Claude's work before stopping | No | Per-stop-event |\n\nThe plugin ships four Claude Code **subagents** that the main thread can dispatch proactively via the Agent tool: `kimi-rescue` (write-capable delegation), plus `kimi-review`, `kimi-challenge`, and `kimi-ask` (read-only forwarders to the matching companion surfaces). Each agent's description is Kimi's own statement of what it's good for — Claude matches the moment and dispatches; no prescriptive skill manual in between.\n\n## How it works\n\nThe architecture is modeled after OpenAI's [codex-plugin-cc](https://github.com/openai/codex-plugin-cc). Both follow the same pattern: thin plugin shell, rich local runtime, one process per job.\n\n```\n  /kimi:review \"check the auth flow\"\n       │\n       └─ companion.sh → node dist/companion.js\n               │\n               ├─ spawns: kimi --output-format stream-json -p \"\u003cprompt\u003e\"\n               │            with KIMI_PLUGIN_CC_CMD=review in the env block\n               ├─ parses OpenAI-shaped NDJSON records (assistant content + tool_calls)\n               ├─ PreToolUse hook (installed by /kimi:setup) enforces the\n               │   per-command policy: review/challenge/review_gate/ask are\n               │   read-only; rescue uses the workspace allowlist\n               ├─ persists job + stream log to SQLite (node:sqlite, zero native deps)\n               └─ returns structured result to Claude\n```\n\n**Subprocess-first transport.** v1.0 drives `kimi -p --output-format stream-json` as a one-process-per-job subprocess. kimi-code mints the session id and announces it via a `role:\"meta\", type:\"session.resume_hint\"` record on stdout (kimi-code 0.2.0+) — earlier 0.1.x announced on stderr instead. The runtime consumes both channels (first-announce-wins) and round-trips the captured token verbatim via `--resume`. The v0.4 Wire JSON-RPC client is gone (kimi-code dropped it); the v0.4-maintenance branch keeps the Wire path alive for Kimi CLI users.\n\n**Safety via PreToolUse hook.** kimi-code's `kimi -p` mode hard-codes `permission: auto` and auto-approves every tool call. The plugin's safety contract therefore lives in a [PreToolUse hook](./docs/safety.md) that `/kimi:setup` installs as a managed block in `~/.kimi-code/config.toml`. The hook reads `KIMI_PLUGIN_CC_CMD` from the env block we set per spawn and applies the right policy — read-only for review/challenge/review_gate/ask, workspace allowlist for rescue. Without the hook, rescue refuses to run.\n\n**Workspace allowlist.** Rescue's allowlist ([`runtime/rescue-approval.ts`](./runtime/rescue-approval.ts)) is the security boundary — not the prompt. Symlink-aware path containment, `.git/` exclusion, a curated set of read-only check tools, mutating-flag detection on `git`/`find`/`sed`, and explicit rejection of `package-manager run \u003cscript\u003e` (opaque scripts are a supply-chain risk). The hook calls `evaluateRescueHookRequest` for every rescue tool call.\n\n**Job lifecycle.** Every job gets a SQLite record, a stream-json diagnostic log, and a `kimi_session_id` captured from kimi's stream-json meta record (0.2.0+) or stderr announce (0.1.x fallback). Jobs go through `running` → `completed`/`failed`/`cancelled`. Use `/kimi:status`, `/kimi:result`, `/kimi:cancel`, `/kimi:replay` to manage them.\n\n**Zero native dependencies.** The runtime uses Node 22.5's built-in `node:sqlite` — no `better-sqlite3`, no `node-gyp`, no compilation step. `dist/` is precompiled and committed, so installed plugins work immediately with just `node` on PATH.\n\n**400+ tests, drift gate.** The test suite covers the stream-json parser (including the kimi-code 0.2.0 session-meta record and the 0.8.0 `goal.summary` record), cli-client lifecycle, approval policy, approval hook entry script, rescue allowlist, command handlers (incl. `/kimi:pursue` goal-mode parsing/exit-mapping), job lifecycle, setup managed-block installer, kimi version probe, and more. `bun run check` rebuilds `dist/`, typechecks, runs the suite, and fails if the rebuild produces uncommitted changes — forgotten rebuilds can't ship. Opt-in real-binary smokes (`bun run smoke:real`) spawn the actual `kimi -p` and prove the read-only commands' write denial end-to-end, plus that autonomous goal mode is hook-gated on every continuation turn; they're skipped by default (they need a real kimi binary + authenticated home).\n\n**CI** ([`.github/workflows/`](./.github/workflows/), see [docs/ci.md](./docs/ci.md)). `bun run check` runs on every push to `main` and every PR (`ci.yml`) — free, no secrets, smokes auto-skip. The real-binary smokes (including the `/kimi:pursue` goal-mode safety gate) run on **manual dispatch** (`smoke.yml`), authenticated via an API-key secret so they don't depend on the expiry-prone OAuth subscription; the workflow is inert until that secret is added.\n\n## Install\n\n### Via the Claude Code marketplace (recommended)\n\n```\n/plugin marketplace add linxule/kimi-plugin-cc\n/plugin install kimi@kimi-marketplace\n/kimi:setup\n```\n\n`/kimi:setup` writes the PreToolUse hook to `~/.kimi-code/config.toml` and probes it both directly and through `/bin/sh -c` so launch-from-GUI/LaunchAgent setups (where `node` may not be on the shell's PATH) get caught up front rather than silently auto-approving every tool call.\n\n### From a local clone\n\n```bash\ngit clone https://github.com/linxule/kimi-plugin-cc ~/kimi-plugin-cc\nclaude --plugin-dir ~/kimi-plugin-cc\n```\n\nThen run `/kimi:setup` to install the safety hook.\n\n### Removing the integration\n\n```\n/kimi:setup --uninstall\n```\n\nRemoves the managed block from `~/.kimi-code/config.toml`. The plugin itself can be uninstalled via `/plugin uninstall kimi`.\n\n## Prerequisites\n\n- **[kimi-code](https://kimi.com/code/docs)** installed and authenticated. The plugin spawns `kimi -p`; set `KIMI_PLUGIN_CC_KIMI_BIN` to override the binary location.\n- **Node \u003e= 22.5** — for built-in `node:sqlite`. Set `KIMI_PLUGIN_CC_NODE_BIN` to override.\n- **bun** — only for contributor tooling. Not required at runtime.\n\nStill on Python Kimi CLI? Stay on the [v0.4.0 tag](https://github.com/linxule/kimi-plugin-cc/releases/tag/v0.4.0) (or its `v0.4-maintenance` branch, once published) — see [docs/migration.md](./docs/migration.md).\n\n## Development\n\n```bash\nbun run check    # rebuild dist/, typecheck, run the full test suite, drift gate\nbun test \u003cpath\u003e  # run a single test file\n```\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md) for the full contributor workflow and [AGENTS.md](./AGENTS.md) for the architecture invariants coding agents should preserve.\n\n## How this was built\n\nThis plugin was built through the same multi-model collaboration it enables — Claude, Kimi, and Codex working together at every stage from design through pre-public audit. The v1.0 cutover (PRs 1-5) used the same pattern: each PR landed with paired Claude code-reviewer + Codex codex-rescue adversarial reviews, contradictions resolved against the kimi-code source, and convergent findings applied before commit.\n\n## Acknowledgments\n\n- **[Kimi](https://kimi.ai)** (Moonshot AI) — the reasoning model this plugin delegates to, and a design/review collaborator throughout development\n- **[Codex](https://openai.com/index/codex/)** (OpenAI) — architecture consults, parallel implementation, and independent pre-ship reviews via the [codex-plugin-cc](https://github.com/openai/codex-plugin-cc) companion plugin\n- **[Claude Code](https://claude.ai/code)** (Anthropic) — the host environment, primary development agent, and the platform this plugin extends\n\n## License\n\n[Apache-2.0](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinxule%2Fkimi-plugin-cc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinxule%2Fkimi-plugin-cc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinxule%2Fkimi-plugin-cc/lists"}