feat(cli): redact -p prompt from process title to avoid pkill -f self-kill

[Riatre]

Related Issue

N/A

The patch is small enough that it make more sense to just show the patch to start the discussion.

Description

When running with -p/--prompt, the raw prompt appears in the process command line visible in ps/pkill. This can lead to accidental self-termination when the model builds and runs a binary whose name matches a word in the prompt.

For example, with prompt "Help me fix the code in cmd/sth/main.go", the model may launch a binary named "sth" and later decide to kill it with "pkill -f sth". Since the kimi-cli process itself contains "sth" in its argv, it gets caught by pkill and terminated.

Fix by using setproctitle to replace the prompt content with [REDACTED] in the process title when -p is provided.

Checklist

• I have read the CONTRIBUTING document.
• I have linked the related issue, if any.
• I have added tests that prove my fix is effective or that my feature works.
• I have run make gen-changelog to update the changelog.
• I have run make gen-docs to update the user documentation.
  • No doc changes required.

---

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 3 additional findings in Devin Review.

[devin-ai-integration]

🟡 str.replace replaces all occurrences of prompt in process title, corrupting other arguments

The redaction uses current_title.replace(prompt, "[REDACTED]") which replaces every occurrence of the prompt string in the entire process title, not just the one corresponding to the -p argument value. This can corrupt other parts of the process title (binary name, paths, other flags).

Detailed explanation and examples

For example, running kimi --work-dir /tmp/test -p "test" would produce a process title like:

/path/to/python kimi --work-dir /tmp/test -p test

After replace("test", "[REDACTED]"), the title becomes:

/path/to/python kimi --work-dir /tmp/[REDACTED] -p [REDACTED]

Similarly, kimi -p "kimi" would replace the binary name itself:

[REDACTED] -p [REDACTED]

The fix should target only the prompt argument's value, for example by replacing "-p " + prompt or "--prompt " + prompt with the redacted form, or by using str.replace with a count=1 limit applied from the right side of the string.

Impact: The process title can become unrecognizable in ps output, and in pathological cases the binary name is corrupted, making it harder to identify the process. While the primary goal (preventing pkill -f self-kill) is still achieved, the over-aggressive replacement introduces unintended side effects.

Prompt for agents

In src/kimi_cli/cli/__init__.py lines 403-408, the current approach uses `current_title.replace(prompt, "[REDACTED]")` which replaces ALL occurrences of the prompt text in the process title. This can corrupt other arguments or even the binary name.

A safer approach would be to reconstruct the process title by replacing only the specific argument value. For example:

1. Replace the flag+value pair: try replacing both `-p <prompt>` and `--prompt <prompt>` patterns.
2. Or, instead of doing a targeted replace, simply set a completely new process title that omits the prompt entirely, e.g.: `setproctitle("kimi [prompt redacted]")` or reconstruct from sys.argv with the prompt value replaced.
3. Or use sys.argv to find the index of the -p/--prompt flag and replace only the next argument.

The simplest safe fix would be to replace lines 406-408 with something like:

    import sys
    redacted_argv = []
    skip_next = False
    for arg in sys.argv:
        if skip_next:
            redacted_argv.append("[REDACTED]")
            skip_next = False
        elif arg in ("-p", "--prompt", "-c", "--command"):
            redacted_argv.append(arg)
            skip_next = True
        else:
            redacted_argv.append(arg)
    setproctitle(" ".join(redacted_argv))

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[Riatre]

Superseded by bdeba2b, closing