Claude Code Plugins

Kimi Plugin for Claude Code: A Second Reviewer Inside Your Editor

Use Kimi as Claude Code's independent thinker, code reviewer, and delegated worker — through slash commands and subagents, with persistent jobs and a security allowlist.

A different model thinks differently. Two models thinking together notice things neither would alone.

Kimi Plugin for Claude Code wires Kimi into Claude Code as a second pair of eyes — for code review, adversarial challenge, free-form questions, and full-on delegated work. The plugin talks to a locally-installed kimi CLI over Kimi CLI's Wire mode — an experimental JSON-RPC streaming protocol with full programmatic access to an agent session. Nothing in the cloud, nothing shared with a broker.

Info

Created by: Xule Lin

GitHub: linxule/kimi-plugin-cc

Runtime: TypeScript / Node 22.5+ (uses built-in node:sqlite — zero native deps)

Companion philosophy: Independent model, independent perspective. Kimi reasons differently from Claude. A second opinion from a different model catches what self-review misses.

Why a Second Reviewer Matters for Research

Solo AI workflows quietly converge on a single voice. Whether you're writing analysis code, drafting a methods section, or building a literature pipeline, Claude eventually starts agreeing with Claude — repeating its own framings, missing its own blind spots. Adding a structurally different model is the cheapest reflexivity intervention available.

Kimi Plugin gives you four moves:

/kimi:review — Kimi reads your working-tree diff and returns structured findings (severity, confidence, file:line, suggested fix). Use when you've just made a change and want a sanity check before committing.
/kimi:challenge — Adversarial pass. Kimi argues against your approach instead of polishing it. Useful for analysis scripts where the failure mode is "looks right, was wrong."
/kimi:ask — Free-form Q&A delegated to Kimi. "Explain this regression," "trace this data flow," "what's the literature on X?" Useful when you want a fresh framing from a model trained on different data.
/kimi:rescue — Full delegation: Kimi opens files, writes code, runs tests, reports back. Bounded by a plugin-side approval allowlist (no .git/ writes, no opaque package-manager scripts, symlink-aware path containment).

The plugin also installs four subagents — kimi-rescue, kimi-review, kimi-challenge, kimi-ask — that the main Claude thread can dispatch via the Agent tool when a task matches. You don't have to remember which slash command to run; Claude reads each subagent's description and chooses.

Host Support

Host	Status	Notes
Claude Code (CLI)	Full	The plugin's native target. Install via marketplace or `--plugin-dir`.
Claude Code (Desktop "Code" tab)	Full	Same engine as the CLI. Commands and subagents work identically.
Codex CLI / Codex Desktop	Adjacent	The plugin runs inside Claude Code, but a Codex session can install it for you cross-host (`claude plugin marketplace add linxule/kimi-plugin-cc && claude plugin install kimi@kimi-marketplace`), after which you switch over to run the `/kimi:*` commands. If you'd rather stay in Codex, the underlying `kimi` CLI is portable on its own, and codex-plugin-cc implements the same review/rescue pattern natively — which is the architecture this plugin is modeled after.
Cursor / other MCP clients	Out of scope	Slash commands are a Claude Code surface. Use `kimi` CLI directly.

The honest version: as a plugin, this runs in Claude Code, but installation is host-agnostic — any agent with a shell can wire it up. As a pattern — "delegate to a structurally different model, allowlist its writes" — it's portable; the How It Works section sketches the Wire-mode + allowlist architecture for anyone wanting to recreate it on Codex or elsewhere.

A Fifth Move: The Stop-Time Review Gate

Beyond the four explicit commands, the plugin ships one opt-in hook: a Stop-time gate that runs whenever Claude is about to stop and decides whether to invite a Kimi review first.

This addresses a specific failure mode in long sessions — Claude declares "done" while a subtle issue remains. The gate gives a different model the last word on whether the work actually holds up before the session closes. Disable it for fast iteration; enable it for anything you'd be embarrassed to merge.

Commands

Command	What it does	Kimi can write?	Session persists?
`/kimi:setup`	Verify local `kimi` CLI is reachable and authenticated	—	—
`/kimi:ask`	Free-form Q&A; `--background` / `--wait` supported	No	Fresh by default, `-r` to resume
`/kimi:review`	Structured code review of your diff	No	Fresh each time
`/kimi:challenge`	Adversarial review with custom focus	No	Fresh each time
`/kimi:rescue`	Delegate real work — bug hunts, refactors, fixes	Yes (allowlisted)	Persists, `--resume` to continue
`/kimi:status`	Inspect current and recent jobs	—	—
`/kimi:result`	Fetch the full result for a job ID	—	—
`/kimi:replay`	Replay a job's event log	—	—
`/kimi:cancel`	Cancel a running job	—	—

Every job gets a client-assigned UUID, a SQLite record, and a full event log. The plugin also titles each Kimi session with a Kimi Task: prefix in kimi web, so plugin-delegated sessions sit alongside your regular terminal Kimi sessions.

How It Works

The plugin is a thin shell. The work happens in a local Node runtime.

  /kimi:review "check the auth flow"
       │
       └─ companion.sh → node dist/companion.js
               │
               ├─ spawns: kimi --wire --session <uuid> --agent-file review.yaml
               ├─ streams JSON-RPC events over stdio (Wire protocol)
               ├─ turn capture: buffers ContentParts after last ToolResult
               ├─ approval dispatcher: auto-approves reads, allowlists writes
               ├─ persists job + event log to SQLite (node:sqlite)
               └─ returns structured result to Claude

Wire-first transport. The plugin implements a full Wire client in TypeScript — JSON-RPC over stdio with start, initialize, prompt, approval dispatch, turn capture, and close-based exit semantics. One of the first third-party consumers of Kimi CLI's Wire protocol.

Per-mode agent profiles. Each command runs a different Kimi --agent-file that controls Kimi's tool access — review.yaml gives Kimi reads only; rescue.yaml gives writes plus a curated check-tool set.

Allowlist as the security boundary. When Kimi has write access, every file edit and shell command goes through a plugin-enforced allowlist: symlink-aware path containment, .git/ exclusion, read-only check tools, and explicit rejection of npm/bun/uv run <script> (opaque scripts are a supply-chain risk). The allowlist is the boundary — not the system prompt. Even if Kimi were prompted to bypass it, the plugin rejects the action.

Zero native dependencies. Uses Node 22.5's built-in node:sqlite — no better-sqlite3, no node-gyp, no compilation step. dist/ is precompiled and committed; installed plugins work immediately with just node on PATH.

Installation

The native install path.

# Inside a Claude Code session
/plugin marketplace add linxule/kimi-plugin-cc
/plugin install kimi@kimi-marketplace
/kimi:setup

/kimi:setup verifies that the local kimi CLI is reachable and authenticated. If you don't have Kimi CLI yet, follow the Kimi CLI install guide first.

From a local clone (for development or unreleased changes):

git clone https://github.com/linxule/kimi-plugin-cc ~/kimi-plugin-cc
claude --plugin-dir ~/kimi-plugin-cc

Same engine, same commands.

Open Claude Desktop → Code tab → click + next to the plugin tabs
Choose Add marketplace
Enter linxule/kimi-plugin-cc
Sync, then enable the plugin
In a project session, run /kimi:setup

All commands, subagents, and the stop-time review gate behave identically to the CLI.

There is no Codex-native plugin equivalent for this — yet. The closest path:

Install kimi CLI directly and use Kimi for review/rescue from a separate terminal pane.
For Codex-orchestrated multi-model workflows, see codex-plugin-cc, which is the architecture template this plugin is built from. The Wire-mode protocol, job lifecycle, and allowlist patterns transfer.
Within Claude Code, Codex itself is reachable via the codex plugin — and combining Claude + Codex + Kimi gives a three-model review loop that's hard to fool.

Prerequisites

Kimi CLI on PATH — requires --wire, --session, and --agent-file support (recent versions). Set KIMI_PLUGIN_CC_KIMI_BIN to override the binary location.
Node ≥ 22.5 — for built-in node:sqlite. Set KIMI_PLUGIN_CC_NODE_BIN to override.
bun is used only for contributor tooling. Not required at runtime.

Research Workflow Example

A literature-pipeline scenario. You're iterating on a Python script that extracts and deduplicates DOIs from a corpus of PDFs. After a long Claude session you've got working code, but the test coverage feels thin.

/kimi:review "review my last commit, focus on edge cases the tests miss"

Kimi reads the diff, returns JSON findings with file:line precision — say, three issues, one high-severity (DOI regex misses ArXiv-style IDs).

/kimi:rescue "fix the top finding from the last review"

Kimi opens the file, writes the fix, runs the relevant tests (allowlisted invocations only), and reports back. The job persists — if you restart Claude Code, /kimi:rescue --resume picks up where it left off.

If you want adversarial pressure on the approach rather than the code:

/kimi:challenge "is deduplicating by DOI the right primary key here, or am I missing edge cases that argue for a fuzzy match?"

Kimi argues against your design instead of polishing it.

Part of the Research Memex Ecosystem

The plugin sits alongside:

Vox MCP — multi-model gateway when you want a one-shot consult rather than a full job lifecycle. Use Vox for quick questions, Kimi Plugin for review/delegation.
Memex Plugin — captures the context of multi-model collaboration so future sessions know which model said what and why.
Interpretive Orchestration — when qualitative analysis needs structured multi-model triangulation, the orchestration plugin uses Vox MCP for diverse perspectives in a single command. Kimi Plugin is the lighter-weight, code-and-text version of the same instinct.