ladder-mcp 1.0.2 → 1.1.2

package/dist/index.js

@@ -1,6 +1,8 @@
 #!/usr/bin/env node
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { z } from 'zod';
 import { maxChars, validateWorkDir } from './input-validation.js';
 import { getKimiStatus } from './environment.js';
@@ -9,12 +11,14 @@ import { runKimi } from './kimi-runner.js';
 import { listSessions } from './session-store.js';
 import { cancelAcpSession, listAcpSessions, runAcpPrompt } from './transports/acp.js';
 import { exportKimiSession, getKimiCapabilities, listKimiProviders, runKimiDoctor, visualizeSession, } from './transports/cli-admin.js';
-import { taskStore } from './task-store.js';
 import { generateMcpConfig } from './kimi-mcp-config.js';
 import { buildBudgetProbeGuide, getDesktopStatus } from './desktop-work.js';
+import { taskStore } from './task-store.js';
+import { combineReporters, createMcpProgressReporter, formatProgressLine } from './progress.js';
+import { VERSION } from './version.js';
 const server = new McpServer({
     name: 'kimi-code',
-    version: '1.0.2',
+    version: VERSION,
 });
 const FORMAT_INSTRUCTIONS = {
     summary: `
@@ -48,163 +52,83 @@ function textResponse(text, isError = false) {
 function buildResponse(text, thinking, includeThinking) {
     return thinking && includeThinking ? `<kimi-thinking>\n${thinking}\n</kimi-thinking>\n\n${text}` : text;
 }
-server.tool('kimi_analyze', 'Send a prompt to Kimi Code for codebase analysis. Defaults to native continuation for the working directory; set new_session to true for a fresh session.', {
-    prompt: z.string().describe('The analysis prompt for Kimi.'),
+function resolveDefaultServerCommand() {
+    const distIndex = path.resolve(path.dirname(fileURLToPath(import.meta.url)), 'index.js');
+    return { command: process.execPath, args: [distIndex] };
+}
+server.tool('kimi_code', 'Agentic work in a repository: analyze and edit files. Defaults to in-process CLI transport.', {
+    prompt: z.string().describe('The analysis or coding prompt for Kimi.'),
     work_dir: z.string().describe('Absolute path to the codebase root directory.'),
-    session_id: z.string().optional().describe('Explicit Kimi session id to resume via -S.'),
-    new_session: z.boolean().optional().describe('Start fresh without -C or -S. Default: false.'),
+    session_id: z.string().optional().describe('Explicit Kimi session id to resume.'),
+    new_session: z.boolean().optional().describe('Start fresh instead of continuing the last session. Default: false.'),
+    edit: z.boolean().optional().describe('Allow file modifications. Default: false (analysis-only intent).'),
+    background: z.boolean().optional().describe('Track as a long-running background task. Every progress event (including each action) is appended to the task log, readable via kimi_tasks — the full accumulating transcript, unlike the single overwriting live-progress line of a foreground call.'),
+    transport: z.enum(['cli', 'acp']).optional().describe("How the server drives Kimi. Both edit files and resume sessions; they differ in robustness and live-progress detail. 'cli' (default): one-shot process, most robust on Windows, but live progress is coarse — only streaming-output volume, no per-action lines. 'acp': persistent JSON-RPC session that emits granular live progress (tool calls, plan steps) and supports interactive permission prompts, but is heavier and more fragile. Prefer 'cli' for plain codegen/analysis; choose 'acp' when you need to watch each action live or handle mid-run prompts."),
+    session_mode: z.enum(['new', 'load', 'resume']).optional().describe("ACP session mode when transport='acp'. Default: inferred from session_id/new_session."),
     detail_level: z.enum(['summary', 'normal', 'detailed']).optional(),
     max_output_tokens: z.number().optional(),
     include_thinking: z.boolean().optional(),
-}, async ({ prompt, work_dir, session_id, new_session, detail_level, max_output_tokens, include_thinking }) => {
-    const workDirError = validateWorkDir(work_dir);
-    if (workDirError)
-        return textResponse(`Error: ${workDirError}`, true);
-    const result = await runKimi({
-        prompt: wrapPrompt(prompt, detail_level ?? 'normal'),
-        workDir: work_dir,
-        sessionId: session_id,
-        continueLast: !session_id && new_session !== true,
-        timeoutMs: 600_000,
-        maxOutputChars: maxChars(max_output_tokens),
-        includeThinking: include_thinking ?? false,
-    });
-    if (!result.ok)
-        return textResponse(`Error: ${result.error}`, true);
-    const sessionLine = result.sessionId ? `\n\nSession: ${result.sessionId}` : '';
-    return textResponse(`${buildResponse(result.text, result.thinking, include_thinking ?? false)}${sessionLine}`);
-});
-server.tool('kimi_query', 'Ask Kimi Code a contextless programming question through the Kimi Code API.', {
-    prompt: z.string().describe('The question to ask Kimi.'),
-    max_output_tokens: z.number().optional(),
-    include_thinking: z.boolean().optional(),
-}, async ({ prompt, max_output_tokens, include_thinking }) => {
-    const result = await runKimiApi({ prompt, timeoutMs: 120_000, maxOutputChars: maxChars(max_output_tokens) });
-    if (!result.ok)
-        return textResponse(`Error: ${result.error}`, true);
-    return textResponse(buildResponse(result.text, result.thinking, include_thinking ?? false));
-});
-server.tool('kimi_verify', 'Get an independent second opinion from Kimi Code through the Kimi Code API.', {
-    context: z.string().describe('Self-contained material for Kimi to examine.'),
-    question: z.string().optional().describe('What to verify or focus on.'),
-    role: z.string().optional().describe('Override the reviewer persona.'),
-    max_output_tokens: z.number().optional(),
-    include_thinking: z.boolean().optional(),
-}, async ({ context, question, role, max_output_tokens, include_thinking }) => {
-    const focus = question?.trim() || 'Independently verify correctness. Surface bugs, edge cases, security issues, and concrete improvements.';
-    const system = role?.trim() || 'You are a meticulous, independent senior engineer. Be skeptical, specific, and actionable.';
-    const prompt = `## Your task\n${focus}\n\n## Material to verify\n${context}\n${AI_CONSUMER_NOTICE}`;
-    const result = await runKimiApi({ prompt, system, timeoutMs: 300_000, maxOutputChars: maxChars(max_output_tokens) });
-    if (!result.ok)
-        return textResponse(`Error: ${result.error}`, true);
-    return textResponse(buildResponse(result.text, result.thinking, include_thinking ?? false));
-});
-server.tool('kimi_resume', 'Resume an explicit Kimi Code session with a new prompt via -S.', {
-    session_id: z.string().describe('Session ID to resume.'),
-    prompt: z.string().describe('New prompt to send.'),
-    work_dir: z.string().describe('Working directory for the session.'),
-    detail_level: z.enum(['summary', 'normal', 'detailed']).optional(),
-    max_output_tokens: z.number().optional(),
-    include_thinking: z.boolean().optional(),
-}, async ({ session_id, prompt, work_dir, detail_level, max_output_tokens, include_thinking }) => {
-    const workDirError = validateWorkDir(work_dir);
+    timeout_ms: z.number().int().positive().optional(),
+}, async ({ prompt, work_dir, session_id, new_session, edit, background, transport, session_mode, detail_level, max_output_tokens, include_thinking, timeout_ms }, extra) => {
+    const workDirError = work_dir ? validateWorkDir(work_dir) : undefined;
     if (workDirError)
         return textResponse(`Error: ${workDirError}`, true);
-    const result = await runKimi({
-        prompt: wrapPrompt(prompt, detail_level ?? 'normal'),
+    const includeThinkingValue = include_thinking ?? false;
+    const effectiveTransport = transport ?? 'cli';
+    const appendReporter = (append) => (event) => append(formatProgressLine(event));
+    if (effectiveTransport === 'cli') {
+        if (background) {
+            const task = taskStore.create('cli-code', async (_signal, append) => {
+                const result = await runKimi({
+                    prompt: wrapPrompt(prompt, detail_level ?? 'normal'),
+                    workDir: work_dir,
+                    sessionId: session_id,
+                    continueLast: !session_id && new_session !== true,
+                    edit,
+                    timeoutMs: timeout_ms ?? 600_000,
+                    maxOutputChars: maxChars(max_output_tokens),
+                    includeThinking: includeThinkingValue,
+                    onProgress: appendReporter(append),
+                    signal: _signal,
+                });
+                if (!result.ok)
+                    throw new Error(result.error ?? 'CLI code task failed');
+                return { output: result.text, metadata: { sessionId: result.sessionId } };
+            });
+            return textResponse(JSON.stringify(task, null, 2));
+        }
+        const result = await runKimi({
+            prompt: wrapPrompt(prompt, detail_level ?? 'normal'),
+            workDir: work_dir,
+            sessionId: session_id,
+            continueLast: !session_id && new_session !== true,
+            edit,
+            timeoutMs: timeout_ms ?? 600_000,
+            maxOutputChars: maxChars(max_output_tokens),
+            includeThinking: includeThinkingValue,
+            onProgress: createMcpProgressReporter(extra),
+            signal: extra?.signal,
+        });
+        if (!result.ok)
+            return textResponse(`Error: ${result.error}`, true);
+        const sessionLine = result.sessionId ? `\n\nSession: ${result.sessionId}` : '';
+        return textResponse(`${buildResponse(result.text, result.thinking, includeThinkingValue)}${sessionLine}`);
+    }
+    const defaultAcpSessionMode = session_mode ?? (session_id ? 'resume' : 'new');
+    const runAcp = async (signal, onProgress) => runAcpPrompt({
+        prompt,
         workDir: work_dir,
         sessionId: session_id,
-        timeoutMs: 600_000,
-        maxOutputChars: maxChars(max_output_tokens),
-        includeThinking: include_thinking ?? false,
-    });
-    if (!result.ok)
-        return textResponse(`Error: ${result.error}`, true);
-    return textResponse(buildResponse(result.text, result.thinking, include_thinking ?? false));
-});
-server.tool('kimi_list_sessions', 'List existing Kimi Code sessions with ids, titles, working directories, and timestamps.', {
-    work_dir: z.string().optional().describe('Filter sessions by working directory path.'),
-    limit: z.number().optional().describe('Max sessions to return. Default: 20.'),
-}, async ({ work_dir, limit }) => {
-    const sessions = listSessions({ workDir: work_dir, limit: limit ?? 20 });
-    return textResponse(sessions.length ? JSON.stringify(sessions, null, 2) : 'No Kimi sessions found.');
-});
-server.tool('kimi_status', 'Check Kimi CLI installation, version, authentication, catalog, and API availability.', {}, async () => {
-    const status = await getKimiStatus();
-    const lines = [
-        '## Kimi CLI Status',
-        `- Installed: ${status.installed ? 'Yes' : 'No'}`,
-        `- Binary: ${status.binPath ? `\`${status.binPath}\`` : 'Not found'}`,
-        `- Version: ${status.version ?? '(unable to detect)'}`,
-        `- Authenticated: ${status.authenticated ? 'Yes' : 'No'}`,
-        `- Catalog Found: ${status.catalogFound ? 'Yes' : 'No'}`,
-        `- Catalog: \`${status.catalogPath}\``,
-        `- Credentials Found: ${status.credentialsFound ? 'Yes' : 'No'}`,
-        `- Config Found: ${status.configFound ? 'Yes' : 'No'}`,
-        '',
-        '## Kimi Code API',
-        `- Configured: ${isApiConfigured() ? 'Yes' : 'No'}`,
-    ];
-    if (status.error)
-        lines.push('', `Action required: ${status.error}`);
-    return textResponse(lines.join('\n'), !status.installed && !status.apiConfigured);
-});
-server.tool('kimi_capabilities', 'Report Kimi CLI, admin command, ACP, and experimental desktop-read-only capabilities.', {}, async () => textResponse(JSON.stringify(await getKimiCapabilities(), null, 2)));
-server.tool('kimi_doctor', 'Run Kimi Code configuration doctor for config.toml or tui.toml.', {
-    target: z.enum(['config', 'tui']).optional(),
-    path: z.string().optional().describe('Optional config/tui path to validate.'),
-}, async ({ target, path }) => {
-    const result = await runKimiDoctor(target ?? 'config', path);
-    return textResponse(JSON.stringify(result, null, 2), !result.ok);
-});
-server.tool('kimi_provider_list', 'List configured Kimi providers and models using `kimi provider list --json`.', {}, async () => textResponse(JSON.stringify(await listKimiProviders(), null, 2)));
-server.tool('kimi_export_session', 'Export a Kimi session ZIP. Requires explicit output_path and excludes the global diagnostic log by default.', {
-    output_path: z.string().describe('Explicit ZIP output path.'),
-    session_id: z.string().optional().describe('Session id to export; defaults to most recent Kimi session.'),
-    include_global_log: z.boolean().optional().describe('Include active global diagnostic log. Default: false.'),
-    overwrite_existing: z.boolean().optional().describe('Overwrite output_path if it already exists. Default: false.'),
-}, async ({ output_path, session_id, include_global_log, overwrite_existing }) => {
-    const result = await exportKimiSession({
-        outputPath: output_path,
-        sessionId: session_id,
-        includeGlobalLog: include_global_log ?? false,
-        overwriteExisting: overwrite_existing ?? false,
+        sessionMode: defaultAcpSessionMode,
+        timeoutMs: timeout_ms,
+        signal,
+        onProgress,
     });
-    return textResponse(JSON.stringify(result, null, 2), !result.ok);
-});
-server.tool('kimi_visualize_session', 'Preview or launch Kimi session visualizer on localhost using `kimi vis --no-open`.', {
-    session_id: z.string().optional(),
-    host: z.enum(['127.0.0.1', 'localhost', '::1']).optional().describe('Localhost host to bind. Default: 127.0.0.1.'),
-    port: z.number().int().min(1).max(65535).optional().describe('Port to bind. Default: 58628.'),
-    launch: z.boolean().optional().describe('Actually start the visualizer process. Default: false.'),
-}, async ({ session_id, host, port, launch }) => {
-    try {
-        return textResponse(JSON.stringify(visualizeSession({ sessionId: session_id, host, port, launch }), null, 2));
-    }
-    catch (error) {
-        return textResponse(`Error: ${error instanceof Error ? error.message : String(error)}`, true);
-    }
-});
-server.tool('kimi_chat', 'Send a prompt through Kimi ACP over stdio. Set background=true for long-running work tracked by task tools.', {
-    prompt: z.string(),
-    work_dir: z.string().optional(),
-    session_id: z.string().optional(),
-    session_mode: z.enum(['new', 'load', 'resume']).optional(),
-    background: z.boolean().optional(),
-    timeout_ms: z.number().int().positive().optional(),
-}, async ({ prompt, work_dir, session_id, session_mode, background, timeout_ms }) => {
     if (background) {
-        const task = taskStore.create('acp-chat', async (signal) => {
-            const result = await runAcpPrompt({
-                prompt,
-                workDir: work_dir,
-                sessionId: session_id,
-                sessionMode: session_mode ?? (session_id ? 'resume' : 'new'),
-                timeoutMs: timeout_ms,
-                signal,
-            });
+        const task = taskStore.create('acp-code', async (_signal, append) => {
+            const result = await runAcp(_signal, combineReporters(appendReporter(append), createMcpProgressReporter(extra)));
             if (!result.ok)
-                throw new Error(result.error ?? 'ACP chat failed');
+                throw new Error(result.error ?? 'ACP code task failed');
             const metadata = { ...(result.metadata ?? {}) };
             if (!('sessionId' in metadata)) {
                 metadata.sessionId = result.sessionId;
@@ -213,28 +137,86 @@ server.tool('kimi_chat', 'Send a prompt through Kimi ACP over stdio. Set backgro
         });
         return textResponse(JSON.stringify(task, null, 2));
     }
-    const result = await runAcpPrompt({
-        prompt,
-        workDir: work_dir,
-        sessionId: session_id,
-        sessionMode: session_mode ?? (session_id ? 'resume' : 'new'),
-        timeoutMs: timeout_ms,
-    });
+    const result = await runAcp(extra?.signal, createMcpProgressReporter(extra));
     return textResponse(JSON.stringify(result, null, 2), !result.ok);
 });
-server.tool('kimi_acp_sessions', 'List Kimi ACP sessions through `session/list`.', {
-    limit: z.number().int().positive().optional(),
-    work_dir: z.string().optional(),
-}, async ({ limit, work_dir }) => {
-    const result = await listAcpSessions({ limit, workDir: work_dir });
-    return textResponse(result.ok ? result.text : `Error: ${result.error}`, !result.ok);
+server.tool('kimi_ask', 'Stateless question or independent review. Text only, no repo, no edits.', {
+    prompt: z.string().describe('The question to ask or the focus for verification.'),
+    context: z.string().optional().describe('Material to examine (switches to verify mode).'),
+    role: z.string().optional().describe('Reviewer persona override for verify mode.'),
+    max_output_tokens: z.number().optional(),
+    include_thinking: z.boolean().optional(),
+    timeout_ms: z.number().int().positive().optional(),
+}, async ({ prompt, context, role, max_output_tokens, include_thinking, timeout_ms }) => {
+    const includeThinkingValue = include_thinking ?? false;
+    if (context) {
+        const focus = prompt.trim() || 'Independently verify correctness. Surface bugs, edge cases, security issues, and concrete improvements.';
+        const system = role?.trim() || 'You are a meticulous, independent senior engineer. Be skeptical, specific, and actionable.';
+        const verifyPrompt = `## Your task\n${focus}\n\n## Material to verify\n${context}\n${AI_CONSUMER_NOTICE}`;
+        const result = await runKimiApi({ prompt: verifyPrompt, system, timeoutMs: timeout_ms ?? 300_000, maxOutputChars: maxChars(max_output_tokens) });
+        if (!result.ok)
+            return textResponse(`Error: ${result.error}`, true);
+        return textResponse(buildResponse(result.text, result.thinking, includeThinkingValue));
+    }
+    const result = await runKimiApi({ prompt, timeoutMs: timeout_ms ?? 120_000, maxOutputChars: maxChars(max_output_tokens) });
+    if (!result.ok)
+        return textResponse(`Error: ${result.error}`, true);
+    return textResponse(buildResponse(result.text, result.thinking, includeThinkingValue));
+});
+server.tool('kimi_sessions', 'List/inspect Kimi sessions from the CLI catalog, ACP, or both.', {
+    work_dir: z.string().optional().describe('Filter sessions by working directory path.'),
+    limit: z.number().optional().describe('Max sessions to return. Default: 20.'),
+    source: z.enum(['cli', 'acp', 'all']).optional().describe("Source: 'cli', 'acp', or 'all'. Default: 'all'."),
+}, async ({ work_dir, limit, source }) => {
+    const effectiveSource = source ?? 'all';
+    const effectiveLimit = limit ?? 20;
+    if (effectiveSource === 'cli') {
+        const sessions = listSessions({ workDir: work_dir, limit: effectiveLimit });
+        return textResponse(sessions.length ? JSON.stringify(sessions, null, 2) : 'No Kimi sessions found.');
+    }
+    if (effectiveSource === 'acp') {
+        const result = await listAcpSessions({ limit: effectiveLimit, workDir: work_dir });
+        return textResponse(result.ok ? result.text : `Error: ${result.error}`, !result.ok);
+    }
+    const [cliSessions, acpResult] = await Promise.all([
+        Promise.resolve(listSessions({ workDir: work_dir, limit: effectiveLimit })),
+        listAcpSessions({ limit: effectiveLimit, workDir: work_dir }),
+    ]);
+    let acpValue;
+    if (acpResult.ok) {
+        try {
+            acpValue = JSON.parse(acpResult.text);
+        }
+        catch {
+            acpValue = { error: 'ACP sessions response is not valid JSON', raw: acpResult.text };
+        }
+    }
+    else {
+        acpValue = { error: acpResult.error };
+    }
+    const combined = { cli: cliSessions, acp: acpValue };
+    return textResponse(JSON.stringify(combined, null, 2));
 });
-server.tool('kimi_cancel', 'Cancel an active Ladder task by task_id or a Kimi ACP session by session_id.', {
-    task_id: z.string().optional(),
-    session_id: z.string().optional(),
-}, async ({ task_id, session_id }) => {
-    // Require exactly one target. Previously, passing both silently cancelled the task
-    // and ignored session_id, hiding the ambiguity from the caller.
+server.tool('kimi_tasks', 'Manage background work: status, output, or cancel.', {
+    action: z.enum(['status', 'output', 'cancel']).describe("Action: 'status', 'output', or 'cancel'."),
+    task_id: z.string().optional().describe('Omit for status to list all tasks. Required for output.'),
+    session_id: z.string().optional().describe('Cancel an ACP session instead of a task (action=cancel).'),
+}, async ({ action, task_id, session_id }) => {
+    if (action === 'status') {
+        if (task_id) {
+            const task = taskStore.get(task_id);
+            return textResponse(task ? JSON.stringify(task, null, 2) : `Task not found: ${task_id}`, !task);
+        }
+        return textResponse(JSON.stringify(taskStore.list(), null, 2));
+    }
+    if (action === 'output') {
+        if (!task_id)
+            return textResponse('task_id is required for action=output.', true);
+        const task = taskStore.get(task_id);
+        return textResponse(task
+            ? JSON.stringify({ id: task.id, status: task.status, output: task.output, outputChunks: task.outputChunks, error: task.error }, null, 2)
+            : `Task not found: ${task_id}`, !task);
+    }
     if (task_id && session_id) {
         return textResponse('Provide either task_id or session_id, not both.', true);
     }
@@ -248,28 +230,45 @@ server.tool('kimi_cancel', 'Cancel an active Ladder task by task_id or a Kimi AC
     }
     return textResponse('Provide task_id or session_id.', true);
 });
-server.tool('kimi_task_status', 'Return status for one background task or all recent in-process tasks.', {
-    task_id: z.string().optional(),
-}, async ({ task_id }) => {
-    if (task_id) {
-        const task = taskStore.get(task_id);
-        return textResponse(task ? JSON.stringify(task, null, 2) : `Task not found: ${task_id}`, !task);
+server.tool('kimi_status', 'Installation, auth, and diagnostics.', {
+    detail: z.enum(['basic', 'full']).optional().describe("Detail level: 'basic' or 'full'. Default: 'basic'."),
+    doctor_target: z.enum(['config', 'tui']).optional().describe("Target for the doctor subcall when detail='full'. Default: 'config'."),
+    doctor_path: z.string().optional().describe("Optional config/tui path for the doctor subcall when detail='full'."),
+}, async ({ detail, doctor_target, doctor_path }) => {
+    const status = await getKimiStatus();
+    const lines = [
+        '## Kimi CLI Status',
+        `- Installed: ${status.installed ? 'Yes' : 'No'}`,
+        `- Binary: ${status.binPath ? `\`${status.binPath}\`` : 'Not found'}`,
+        `- Version: ${status.version ?? '(unable to detect)'}`,
+        `- Authenticated: ${status.authenticated ? 'Yes' : 'No'}`,
+        `- Catalog Found: ${status.catalogFound ? 'Yes' : 'No'}`,
+        `- Catalog: \`${status.catalogPath}\``,
+        `- Credentials Found: ${status.credentialsFound ? 'Yes' : 'No'}`,
+        `- Config Found: ${status.configFound ? 'Yes' : 'No'}`,
+        '',
+        '## Kimi Code API',
+        `- Configured: ${isApiConfigured() ? 'Yes' : 'No'}`,
+    ];
+    if (status.error)
+        lines.push('', `Action required: ${status.error}`);
+    let subcallsFailed = false;
+    if (detail === 'full') {
+        const [capabilities, doctor, providers] = await Promise.all([
+            getKimiCapabilities(),
+            runKimiDoctor(doctor_target ?? 'config', doctor_path),
+            listKimiProviders(),
+        ]);
+        const isFailedResult = (value) => typeof value === 'object' && value !== null && 'ok' in value && value.ok === false;
+        if (isFailedResult(doctor))
+            subcallsFailed = true;
+        if (!Array.isArray(providers) && isFailedResult(providers))
+            subcallsFailed = true;
+        lines.push('', '## Capabilities', JSON.stringify(capabilities, null, 2), '', '## Doctor', JSON.stringify(doctor, null, 2), '', '## Providers', JSON.stringify(providers, null, 2));
     }
-    return textResponse(JSON.stringify(taskStore.list(), null, 2));
-});
-server.tool('kimi_task_output', 'Return accumulated output and error for a background task.', {
-    task_id: z.string(),
-}, async ({ task_id }) => {
-    const task = taskStore.get(task_id);
-    return textResponse(task ? JSON.stringify({ id: task.id, status: task.status, output: task.output, outputChunks: task.outputChunks, error: task.error }, null, 2) : `Task not found: ${task_id}`, !task);
+    return textResponse(lines.join('\n'), Boolean(status.error) || subcallsFailed);
 });
-server.tool('kimi_task_cancel', 'Cancel a pending or running background task.', {
-    task_id: z.string(),
-}, async ({ task_id }) => {
-    const task = await taskStore.cancel(task_id);
-    return textResponse(task ? JSON.stringify(task, null, 2) : `Task not found: ${task_id}`, !task);
-});
-server.tool('kimi_generate_mcp_config', 'Generate or write a Kimi Code .kimi-code/mcp.json entry that lets Kimi host Ladder_mcp as an MCP server.', {
+server.tool('kimi_setup', 'Generate the Kimi-hosted MCP config entry for Ladder_mcp.', {
     scope: z.enum(['project', 'user']).optional(),
     project_dir: z.string().optional(),
     server_name: z.string().optional(),
@@ -277,19 +276,53 @@ server.tool('kimi_generate_mcp_config', 'Generate or write a Kimi Code .kimi-cod
     command: z.string().optional(),
     args: z.array(z.string()).optional(),
 }, async ({ scope, project_dir, server_name, write, command, args }) => {
+    const defaults = resolveDefaultServerCommand();
     const result = generateMcpConfig({
         scope,
         projectDir: project_dir,
         serverName: server_name,
         write: write ?? false,
-        command,
-        args,
+        command: command ?? defaults.command,
+        args: args ?? defaults.args,
     });
     return textResponse(JSON.stringify(result, null, 2));
 });
-server.tool('kimi_desktop_status', 'Experimental read-only Kimi Desktop Work status probe. Does not read token stores or replay web auth.', {}, async () => textResponse(JSON.stringify(await getDesktopStatus(), null, 2)));
-server.tool('kimi_budget_probe', 'Experimental guided budget-separation evidence workflow. Does not submit desktop Work tasks.', {
-    include_cli_probe_note: z.boolean().optional(),
-}, async ({ include_cli_probe_note }) => textResponse(buildBudgetProbeGuide(include_cli_probe_note ?? false)));
-const transport = new StdioServerTransport();
-await server.connect(transport);
+if (process.env.LADDER_EXPERIMENTAL === '1') {
+    server.tool('kimi_export_session', 'Export a Kimi session ZIP. Requires explicit output_path and excludes the global diagnostic log by default.', {
+        output_path: z.string().describe('Explicit ZIP output path.'),
+        session_id: z.string().optional().describe('Session id to export; defaults to most recent Kimi session.'),
+        include_global_log: z.boolean().optional().describe('Include active global diagnostic log. Default: false.'),
+        overwrite_existing: z.boolean().optional().describe('Overwrite output_path if it already exists. Default: false.'),
+    }, async ({ output_path, session_id, include_global_log, overwrite_existing }) => {
+        const result = await exportKimiSession({
+            outputPath: output_path,
+            sessionId: session_id,
+            includeGlobalLog: include_global_log ?? false,
+            overwriteExisting: overwrite_existing ?? false,
+        });
+        return textResponse(JSON.stringify(result, null, 2), !result.ok);
+    });
+    server.tool('kimi_visualize_session', 'Preview or launch Kimi session visualizer on localhost using `kimi vis --no-open`.', {
+        session_id: z.string().optional(),
+        host: z.enum(['127.0.0.1', 'localhost', '::1']).optional().describe('Localhost host to bind. Default: 127.0.0.1.'),
+        port: z.number().int().min(1).max(65535).optional().describe('Port to bind. Default: 58628.'),
+        launch: z.boolean().optional().describe('Actually start the visualizer process. Default: false.'),
+    }, async ({ session_id, host, port, launch }) => {
+        try {
+            return textResponse(JSON.stringify(visualizeSession({ sessionId: session_id, host, port, launch }), null, 2));
+        }
+        catch (error) {
+            return textResponse(`Error: ${error instanceof Error ? error.message : String(error)}`, true);
+        }
+    });
+    server.tool('kimi_desktop_status', 'Experimental read-only Kimi Desktop Work status probe. Does not read token stores or replay web auth.', {}, async () => textResponse(JSON.stringify(await getDesktopStatus(), null, 2)));
+    server.tool('kimi_budget_probe', 'Experimental guided budget-separation evidence workflow. Does not submit desktop Work tasks.', {
+        include_cli_probe_note: z.boolean().optional(),
+    }, async ({ include_cli_probe_note }) => textResponse(buildBudgetProbeGuide(include_cli_probe_note ?? false)));
+}
+export { server };
+const isMain = process.argv[1] === fileURLToPath(import.meta.url);
+if (isMain) {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}

package/dist/kimi-api.js

@@ -1,7 +1,9 @@
 import { loadApiAuth } from './environment.js';
 import { truncateAtBoundary } from './kimi-runner.js';
+import { clampTimeout } from './transports/acp.js';
 const KIMI_USER_AGENT = 'KimiCLI/1.0';
 const DEFAULT_MODEL = 'kimi-for-coding';
+const API_DEFAULT_TIMEOUT_MS = 300_000;
 export function isApiConfigured() {
     return loadApiAuth() !== null;
 }
@@ -15,7 +17,9 @@ export async function runKimiApi(config) {
         };
     }
     const controller = new AbortController();
-    const timeoutMs = config.timeoutMs ?? 300_000;
+    // Clamp to a positive finite value; a zero/NaN/negative timeout would abort
+    // instantly and fail the request before the network round-trip.
+    const timeoutMs = clampTimeout(config.timeoutMs, API_DEFAULT_TIMEOUT_MS);
     const timer = setTimeout(() => controller.abort(), timeoutMs);
     const maxOutputChars = config.maxOutputChars ?? 60_000;
     const maxTokens = Math.ceil(maxOutputChars / 4) + 4000;

package/dist/kimi-mcp-config.js

@@ -4,7 +4,10 @@ import { fileURLToPath } from 'node:url';
 import { getWindowsHome } from './environment.js';
 function defaultServerCommand() {
     const distIndex = path.resolve(path.dirname(fileURLToPath(import.meta.url)), 'index.js');
-    return { command: 'node', args: [distIndex] };
+    // Use the actual Node binary that launched this process instead of a bare `node`
+    // name that could be spoofed via PATH. This matches the secure default in
+    // src/index.ts resolveDefaultServerCommand.
+    return { command: process.execPath, args: [distIndex] };
 }
 export function resolveMcpConfigPath(options = {}) {
     if (options.scope === 'user') {
@@ -32,30 +35,43 @@ function readExistingConfig(configPath) {
     }
 }
 function assertWritableProjectTarget(projectDir) {
-    let resolved;
-    try {
-        resolved = fs.realpathSync(projectDir);
-    }
-    catch {
-        resolved = path.resolve(projectDir);
-    }
-    const parts = resolved.split(path.sep).map((part) => part.toLowerCase());
-    if (parts.includes('kimi-code-mcp')) {
-        throw new Error('Refusing to write MCP config under read-only kimi-code-mcp reference tree.');
+    // Resolve what we can; if the target does not exist yet, fall back to an absolute
+    // path so containment still works against the nearest existing ancestor.
+    const resolved = (() => {
+        try {
+            return fs.realpathSync(projectDir);
+        }
+        catch {
+            return path.resolve(projectDir);
+        }
+    })();
+    // Walk up the path and reject if any directory segment is exactly the read-only
+    // reference tree name. This is containment-based (basename equality), not a
+    // substring match, so names like "my-kimi-code-mcp-project" are not blocked.
+    let current = resolved;
+    while (true) {
+        if (path.basename(current).toLowerCase() === 'kimi-code-mcp') {
+            throw new Error('Refusing to write MCP config under read-only kimi-code-mcp reference tree.');
+        }
+        const parent = path.dirname(current);
+        if (parent === current)
+            break;
+        current = parent;
     }
 }
-const ALLOWED_BARE_COMMANDS = new Set(['node', 'npx']);
 // Constrain the launcher written into mcp.json. Without this, an arbitrary `command`
 // (e.g. "powershell") would be persisted and later executed when Kimi loads the
-// server config. Allow only the known Node launchers by bare name, or an absolute
-// path to an existing file (a vetted local binary).
+// server config. Reject bare names like `node` or `npx` because they resolve through
+// the consumer's PATH and can be spoofed. Only accept the actual Node binary that is
+// running this process (process.execPath) or an absolute path to an existing file that
+// has been vetted by the caller.
 function assertSafeCommand(command) {
     const value = command.trim();
-    if (ALLOWED_BARE_COMMANDS.has(value))
+    if (value === process.execPath)
         return;
     if (path.isAbsolute(value) && fs.existsSync(value) && fs.statSync(value).isFile())
         return;
-    throw new Error(`command must be one of [${[...ALLOWED_BARE_COMMANDS].join(', ')}] or an absolute path to an existing file; got "${command}".`);
+    throw new Error(`command must be process.execPath or an absolute path to an existing file; got "${command}".`);
 }
 function readMcpServers(existing) {
     const value = existing.mcpServers;