Skip to content

feat(kimi): full Kimi Code CLI hook support (PreToolUse deny, Stop, subagent briefing)#246

Merged
zzet merged 1 commit into
mainfrom
feat/kimi-hook-parity
Jul 4, 2026
Merged

feat(kimi): full Kimi Code CLI hook support (PreToolUse deny, Stop, subagent briefing)#246
zzet merged 1 commit into
mainfrom
feat/kimi-hook-parity

Conversation

@zzet

@zzet zzet commented Jul 4, 2026

Copy link
Copy Markdown
Owner

Closes #214.

Kimi Code CLI support was previously UserPromptSubmit + a read-tool nudge only. This brings it to parity with the Claude Code and Codex adapters, so weaker-instruction-following models get the full deterministic hook loop the issue asks for: context injection, tool redirection, and post-turn correction.

What's added

Event Behavior
UserPromptSubmit (existing) injects graph symbols relevant to the prompt before the model runs.
PreToolUse new — native Read/Grep/Glob/Bash run through the shared enrich machinery: a hard deny for an indexed whole-file read, soft plain-stdout guidance otherwise; keeps the read_file/get_editing_context compress-bodies nudge.
Stop new — post-turn diagnostics (changed symbols → test targets, guards, dead code, coverage, contracts), fed back so the agent self-corrects before handoff.
SubagentStart new — briefs a spawned subagent with smart_context results and the tool-swap table so it doesn't default to raw Read/Grep.

Wire protocol

Kimi cloned Claude Code's hook schema, so a hard block uses the one JSON shape Kimi documents — hookSpecificOutput.permissionDecision = "deny" — and all soft guidance rides Kimi's plain-stdout context channel (matching the established Kimi contract). Every path stays gated to Gortex-enabled projects and degrades to a silent no-op when the payload is malformed, the cwd is outside a project, or the daemon is unreachable — so normal Kimi flow is never blocked by the integration.

Transport fix (why the Stop path is non-vacuous)

callServerTool (used by the Stop and subagent diagnostics) only spoke the HTTP :8765 surface, which the daemon serves only under --http-addr — so it was dead by default. It now falls back to the daemon's AF_UNIX socket, scoped to the hook cwd. The fallback is gated on a recorded cwd, so the pure-HTTP unit tests are unaffected and non-Kimi agents keep their current behavior.

Not included

SubagentStop is intentionally left out — the Stop hook already covers end-of-turn diagnostics, and a per-subagent variant would mostly add noise. Easy to add later if it proves useful.

Verification

  • go build ./..., go vet, gofmt, golangci-lint — all clean.
  • go test -race ./internal/hooks/... ./internal/agents/...527 pass (new tests cover the native-tool deny JSON, soft-stdout guidance, Stop diagnostics, subagent briefing + fallback, project gating, and the transport fallback gating).
  • go test ./cmd/gortex/ -run 'AgentRender|Hook|Kimi|Install|Init' — 29 pass.
  • Docs: docs/agents.md adapter matrix + per-agent ### kimi note added.

… subagent briefing

Kimi Code CLI support was UserPromptSubmit plus a read-tool nudge only. Bring
it to parity with the Claude/Codex adapters so weaker-instruction-following
models get the full deterministic hook loop:

- PreToolUse now routes native Read/Grep/Glob/Bash through the shared enrich
  machinery: a hard permissionDecision:"deny" for an indexed whole-file read,
  soft plain-stdout guidance otherwise, while keeping the historical
  read_file/get_editing_context compress-bodies nudge.
- Stop runs the post-turn diagnostics (changed symbols -> test targets,
  guards, dead code, coverage, contracts) and appends them so the agent
  self-corrects before handoff.
- SubagentStart briefs a spawned subagent with smart_context results and the
  tool-swap table so it doesn't default to raw Read/Grep.

A hard block uses the one JSON shape Kimi documents
(hookSpecificOutput.permissionDecision); everything else rides Kimi's
plain-stdout context channel. Every path stays gated to Gortex-enabled
projects and degrades to a silent no-op when the payload is malformed, the cwd
is outside a project, or the daemon is unreachable.

The Stop/subagent diagnostics reach a normally-running daemon over its unix
socket: callServerTool now falls back from the by-default-unserved HTTP port
to the AF_UNIX socket, scoped to the hook cwd and gated on a recorded cwd so
the pure-HTTP unit tests are unaffected and non-Kimi agents keep their current
behavior.

Closes #214
@zzet zzet merged commit c5f424e into main Jul 4, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add support for Kimi code cli with pretool use/post tool use hooks for context injection

1 participant