feat(harness): add kimi-code crewmate adapter#717
Open
raywest wants to merge 9 commits into
Open
Conversation
added 8 commits
July 18, 2026 17:00
Verify kimi-code 0.27.0 empirically and land the complete adapter, scoped to crewmate/scout duty on the tmux backend. Empirical facts (isolated KIMI_CODE_HOME + scratch tmux; dated captures): - kimi rejects a positional prompt and -p is print-mode only, so the brief is delivered post-launch via tmux bracketed paste into the composer and submitted with the verify-and-retry Enter (multi-line arrives as ONE message, verified live). - kimi fires a Stop hook at every completed turn (payload carries cwd and stop_hook_active); hooks load only from $KIMI_CODE_HOME/config.toml, so the turn-end signal adapts the grok pattern: a token-guarded global script + fm-turn-end.d registry + per-task .fm-kimi-turnend pointer, plus ONE idempotent, kimi-doctor-validated [[hooks]] Stop append that restores a backup and aborts the spawn on rejection. - busy signature "ctrl+c: cancel" (space after colon, unlike grok); the shared default regex now covers both via 'Ctrl\+c: ?cancel'. Narrow-pane under-reporting is documented; the Stop-hook marker is authoritative. - no env marker exists; detection is process-ancestry on the kimi binary. - --model verified; no effort flag exists (record-only effort). - the shared composer classifier reads kimi's idle bordered composer as empty unchanged (dark-truecolor border strips as ghost). End-to-end proof through the modified scripts: normal-path spawn into a treehouse worktree, brief pasted and executed under --yolo, busy read mid-turn, turn-end marker fired per turn (including a mid-turn queued fm-send steer), /skill:no-mistakes visible in the crewmate pane, clean /exit, and teardown removing pointer, token, and state. Scope refusals fail loudly: kimi --secondmate and any non-tmux backend are refused at spawn (the herdr refusal fired live during verification). kimi is deliberately absent from the tmux agent-liveness allowlist and the bootstrap secondmate-liveness case (both secondmate-only surfaces). Claude-Session: https://claude.ai/code/session_01U5XNJupDTm8CPSAx8rWtLH
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Intent
Verify the kimi-code 0.27.0 CLI as a firstmate crewmate harness adapter and land the complete adapter. The task demanded empirical verification with dated captured evidence before any code: every recorded fact (launch behavior, autonomy, busy signature, interrupt, exit, resume, env markers, skill invocation, model/effort flags, turn-end hook) was established live in an isolated KIMI_CODE_HOME clone and scratch tmux server inside the task worktree, never touching the real ~/.kimi-code or the live fleet. Key verified facts that shaped deliberate design decisions: (1) kimi REJECTS a positional prompt and -p is non-interactive, so fm-spawn's kimi template launches the bare TUI and delivers the brief post-launch via tmux bracketed paste plus verify-and-retry Enter - a deliberate deviation from every other harness template, required by the CLI itself. (2) kimi hooks load ONLY from $KIMI_CODE_HOME/config.toml's [[hooks]] array (no hooks dir, project local.toml is schema-locked to [workspace]), so the turn-end signal adapts the grok precedent: a token-guarded global script at $KIMI_CODE_HOME/hooks/fm-turn-end.sh + fm-turn-end.d registry + per-task .fm-kimi-turnend worktree pointer, plus ONE idempotent [[hooks]] Stop append to config.toml validated by kimi doctor with backup-restore on rejection - the single shared-file write, deliberate and called out. (3) kimi sets NO env marker for children, so fm-harness detection is process-ancestry only. (4) The busy footer hint is 'ctrl+c: cancel' with a space, so the shared busy regex became 'Ctrl+c: ?cancel' covering grok and kimi with one pattern; a narrow-pane (80-col) under-reporting caveat is documented as verified. (5) No effort flag exists, so effort is deliberately record-only, matching the opencode precedent, and kimi's dispatch-profile effort_ok is false like opencode's. (6) SCOPE DECISION: kimi is verified for crewmate/scout duty on the tmux backend ONLY - fm-spawn refuses kimi --secondmate and kimi on non-tmux backends loudly; kimi is DELIBERATELY absent from bin/backends/tmux.sh's agent-liveness allowlist and fm-bootstrap's secondmate-liveness shell case (secondmate-only surfaces, no secondmate duty verified); it IS in the jq dispatch-profile verified list gating crewmate routing. The captain explicitly ruled the raw launch-command escape hatch INTENTIONALLY EXEMPT from the kimi scope gates (decision key kimi-raw-scope-bypass, resolved in the prior run): do not change raw-command harness parsing. (7) fm-spawn prefixes the launch with KIMI_CODE_HOME when set so the pane's kimi loads the same config the hook install wrote - a gap found and fixed during the live end-to-end demo. This branch already carries three no-mistakes pipeline commits from the prior validation run (review fixes c4ac54b and 1aafe78 hardening spawn preflight/recovery, strict brief-submit verdict, recorded kimi_home in meta for teardown, state-dir creation before early metadata; document commit 560501a clarifying the tmux-only scope) - these resolved all prior review findings and must not be re-litigated. The prior run failed ONLY at push (403: no write access to upstream); the fork flow is now configured (push to raywest/firstmate, PR against kunchenguid/firstmate). The acceptance bar was a live end-to-end demo through the modified scripts, which passed: normal-path spawn into a treehouse worktree, brief pasted and executed under --yolo, busy read mid-turn, turn-end marker fired per turn including for a mid-turn queued fm-send steer, /skill:no-mistakes visible in the crewmate pane, clean /exit via fm-send, and teardown removing pointer/registry-token/state. Repo conventions followed: one sentence per line in docs/skills, shellcheck-clean via bin/fm-lint.sh (pinned 0.11.0; the gate env lacks shellcheck so lint was independently verified clean at head 560501a by the driver), colocated tests (tests/fm-kimi-harness.test.sh now 11 tests after pipeline extensions, kimi fixtures in tests/fm-composer-ghost.test.sh, kimi rows in tests/fm-bootstrap.test.sh), AGENTS.md sections 2+4 updated, full kimi section in .agents/skills/harness-adapters/SKILL.md with dated evidence. Known failures NOT from this change, verified against base commit bc1a21b: tests/fm-brief.test.sh 'secondmate charter must declare its role' (pre-existing, deterministic), tests/fm-cd-pretool-check.test.sh shellcheck test and tests/fm-watcher-lock.test.sh restart test (gate-environment-specific: both pass on base AND branch under controlled conditions).
What Changed
Risk Assessment
Testing
Completed 1 recorded test check.
Pipeline
Updates from git push no-mistakes
✅ **intent** - passed
✅ No issues found.
✅ **Rebase** - passed
✅ No issues found.
🔧 **Review** - 2 issues found → auto-fixed (2) ✅
bin/fm-spawn.sh:417- The authoritative intent says the raw launch-command escape hatch is “INTENTIONALLY EXEMPT from the kimi scope gates.” This newcase "$HARNESS" in kimi*)also runs after raw commands are parsed intoHARNESS=kimi, so a raw Kimi command now rejects--secondmateand every non-tmux backend instead of remaining exempt.bin/fm-spawn.sh:1145- The sharedconfig.tomlinstall has no lock around the check, backup, append, doctor, and restore sequence. Concurrent Kimi spawns from different firstmate homes can both append the hook or overwrite the fixed backup name; a failing doctor path can then restore a stale snapshot and discard the other spawn’s config change. Serialize this block and recheck after acquiring the lock.🔧 Fix: Fix Kimi raw scope and config locking
1 warning still open:
bin/fm-spawn.sh:118-fm-wake-lib.shrunsmkdir -p "$STATE"when sourced, but this new import happens beforefm_refuse_if_gate_agent. A no-mistakes gate invocation therefore mutates firstmate state before the containment refusal that is meant to run before any fleet mutation. Source the lock helper after the gate check.🔧 Fix: Prevent gate-state mutation before refusal
✅ Re-checked - no issues remain.
command -v tmux >/dev/null || { echo "tmux is required for e2e tests" >&2; exit 1; }; tmux -V; rc=0; for t in tests/*.test.sh; do echo "== $t =="; bash "$t" || rc=1; done; exit "$rc"🔧 Fix: Restore Orca abort cleanup after Kimi lock import
1 error still open:
command -v tmux >/dev/null || { echo "tmux is required for e2e tests" >&2; exit 1; }; tmux -V; rc=0; for t in tests/*.test.sh; do echo "== $t =="; bash "$t" || rc=1; done; exit "$rc"✅ **Document** - passed
✅ No issues found.
✅ **Lint** - passed
✅ No issues found.
✅ **Push** - passed
✅ No issues found.