omk 0.5.0

A Rust runtime for Kimi CLI. Turns prompts into proof-backed engineering runs with gates, worktrees, and replay.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

use serde::{Deserialize, Serialize};

/// Kimi CLI hook event types.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub enum HookEvent {
    PreToolUse,
    PostToolUse,
    PostToolUseFailure,
    UserPromptSubmit,
    Stop,
    StopFailure,
    SessionStart,
    SessionEnd,
    SubagentStart,
    SubagentStop,
    PreCompact,
    PostCompact,
    Notification,
}

/// A single hook definition for Kimi config.toml.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HookConfig {
    pub event: HookEvent,
    pub command: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub matcher: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub timeout: Option<u64>,
}

/// All hooks OMK recommends for a project.
#[derive(Debug, Clone, Default)]
pub struct ProjectHookDefs {
    pub hooks: Vec<HookConfig>,
    pub scripts: Vec<(String, String)>, // (filename, content)
}

pub fn default_project_hooks() -> ProjectHookDefs {
    let mut defs = ProjectHookDefs::default();

    // Safety check: block edits to sensitive files
    defs.hooks.push(HookConfig {
        event: HookEvent::PreToolUse,
        command: ".kimi/hooks/safety-check.sh".to_string(),
        matcher: Some("WriteFile|StrReplaceFile".to_string()),
        timeout: Some(10),
    });
    defs.scripts.push((
        "safety-check.sh".to_string(),
        r#"#!/bin/bash
# OMK Safety Hook — blocks edits to sensitive files
# Receives JSON via stdin

set -e
INPUT=$(cat)
FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')

BLOCKED="\.env$ \.env\.local$ id_rsa id_dsa \.p12$ \.key$"
for pattern in $BLOCKED; do
    if echo "$FILE" | grep -Eq "$pattern"; then
        echo "🛡️  OMK safety hook: blocking edit to sensitive file: $FILE" >&2
        exit 2
    fi
done

exit 0
"#
        .to_string(),
    ));

    // Completion check: verify gates before stop
    defs.hooks.push(HookConfig {
        event: HookEvent::Stop,
        command: ".kimi/hooks/completion-check.sh".to_string(),
        matcher: None,
        timeout: Some(60),
    });
    defs.scripts.push((
        "completion-check.sh".to_string(),
        r#"#!/bin/bash
# OMK Completion Hook — verify gates before Kimi considers a turn complete
# Receives JSON via stdin

set -e
INPUT=$(cat)
CWD=$(echo "$INPUT" | jq -r '.cwd // empty')

# Run verification gates if .omk/gates.toml exists
if [ -f "$CWD/.omk/gates.toml" ]; then
    echo "🔍 OMK completion hook: running verification gates..."
    # Gates are managed by OMK runtime, this hook just logs for now
fi

exit 0
"#
        .to_string(),
    ));

    // Notification hook: log subagent lifecycle
    defs.hooks.push(HookConfig {
        event: HookEvent::SubagentStart,
        command: ".kimi/hooks/notify.sh".to_string(),
        matcher: None,
        timeout: Some(5),
    });
    defs.hooks.push(HookConfig {
        event: HookEvent::SubagentStop,
        command: ".kimi/hooks/notify.sh".to_string(),
        matcher: None,
        timeout: Some(5),
    });
    defs.scripts.push((
        "notify.sh".to_string(),
        r#"#!/bin/bash
# OMK Notification Hook — logs subagent lifecycle events
# Receives JSON via stdin

set -e
INPUT=$(cat)
EVENT=$(echo "$INPUT" | jq -r '.hook_event_name // empty')
AGENT=$(echo "$INPUT" | jq -r '.agent_name // empty')

# Append to OMK event log
LOG_DIR="${OMK_STATE_DIR:-$HOME/.omk/state}/events"
mkdir -p "$LOG_DIR"
echo "$(date -Iseconds) $EVENT agent=$AGENT" >> "$LOG_DIR/kimi-hooks.log"

exit 0
"#
        .to_string(),
    ));

    defs
}