Skip to content

feat(cli): redact -p prompt from process title to avoid pkill -f self-kill #1237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Riatre wants to merge 1 commit into from
Closed

feat(cli): redact -p prompt from process title to avoid pkill -f self-kill #1237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Only write entries that are worth mentioning to users.

- Core: Persist session state across sessions — approval decisions (YOLO mode, auto-approved actions) and dynamic subagents are now saved and restored when resuming a session
- Core: Use atomic JSON writes for metadata and session state files to prevent data corruption on crash
- Core: Redact prompt content from process title when using `-p` to prevent accidental process termination via `pkill -f`
- Wire: Add `steer` request to inject user messages into an active agent turn (protocol version 1.4)
- Web: Allow Cmd/Ctrl+Click on FetchURL tool's URL parameter to open the link in a new browser tab, with platform-appropriate tooltip hint

Expand Down
1 change: 1 addition & 0 deletions docs/en/release-notes/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ This page documents the changes in each Kimi Code CLI release.

- Core: Persist session state across sessions — approval decisions (YOLO mode, auto-approved actions) and dynamic subagents are now saved and restored when resuming a session
- Core: Use atomic JSON writes for metadata and session state files to prevent data corruption on crash
- Core: Redact prompt content from process title when using `-p` to prevent accidental process termination via `pkill -f`
- Wire: Add `steer` request to inject user messages into an active agent turn (protocol version 1.4)
- Web: Allow Cmd/Ctrl+Click on FetchURL tool's URL parameter to open the link in a new browser tab, with platform-appropriate tooltip hint

Expand Down
1 change: 1 addition & 0 deletions docs/zh/release-notes/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

- Core:支持会话状态跨会话持久化——审批决策(YOLO 模式、自动批准的操作)和动态子 Agent 现在会被保存,并在恢复会话时自动还原
- Core:对元数据和会话状态文件使用原子化 JSON 写入,防止崩溃时数据损坏
- Core:使用 `-p` 参数时从进程标题中移除提示内容,防止通过 `pkill -f` 意外终止进程
- Wire:新增 `steer` 请求,可在 Agent 轮次进行中注入用户消息(协议版本 1.4)
- Web:支持在 `FetchURL` 工具的 URL 参数上使用 Cmd/Ctrl+点击在新标签页中打开链接,并显示适合当前平台的提示信息

Expand Down
1 change: 1 addition & 0 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ readme = "README.md"
requires-python = ">=3.12"
dependencies = [
"agent-client-protocol==0.7.0",
"setproctitle>=1.3.0,<2.0",
"aiofiles>=24.0,<26.0",
"aiohttp==3.13.3",
"typer==0.21.1",
Expand Down
6 changes: 6 additions & 0 deletions src/kimi_cli/cli/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,12 @@ def _emit_fatal_error(message: str) -> None:
prompt = prompt.strip()
if not prompt:
raise typer.BadParameter("Prompt cannot be empty", param_hint="--prompt")
# Redact prompt from process title to prevent pkill -f from matching it
from setproctitle import getproctitle, setproctitle

current_title = getproctitle()
if prompt in current_title:
setproctitle(current_title.replace(prompt, "[REDACTED]"))
Comment on lines +407 to +408
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 str.replace replaces all occurrences of prompt in process title, corrupting other arguments

The redaction uses current_title.replace(prompt, "[REDACTED]") which replaces every occurrence of the prompt string in the entire process title, not just the one corresponding to the -p argument value. This can corrupt other parts of the process title (binary name, paths, other flags).

Detailed explanation and examples

For example, running kimi --work-dir /tmp/test -p "test" would produce a process title like:

/path/to/python kimi --work-dir /tmp/test -p test

After replace("test", "[REDACTED]"), the title becomes:

/path/to/python kimi --work-dir /tmp/[REDACTED] -p [REDACTED]

Similarly, kimi -p "kimi" would replace the binary name itself:

[REDACTED] -p [REDACTED]

The fix should target only the prompt argument's value, for example by replacing "-p " + prompt or "--prompt " + prompt with the redacted form, or by using str.replace with a count=1 limit applied from the right side of the string.

Impact: The process title can become unrecognizable in ps output, and in pathological cases the binary name is corrupted, making it harder to identify the process. While the primary goal (preventing pkill -f self-kill) is still achieved, the over-aggressive replacement introduces unintended side effects.

Prompt for agents 
In src/kimi_cli/cli/__init__.py lines 403-408, the current approach uses `current_title.replace(prompt, "[REDACTED]")` which replaces ALL occurrences of the prompt text in the process title. This can corrupt other arguments or even the binary name.

A safer approach would be to reconstruct the process title by replacing only the specific argument value. For example:

1. Replace the flag+value pair: try replacing both `-p <prompt>` and `--prompt <prompt>` patterns.
2. Or, instead of doing a targeted replace, simply set a completely new process title that omits the prompt entirely, e.g.: `setproctitle("kimi [prompt redacted]")` or reconstruct from sys.argv with the prompt value replaced.
3. Or use sys.argv to find the index of the -p/--prompt flag and replace only the next argument.

The simplest safe fix would be to replace lines 406-408 with something like:

    import sys
    redacted_argv = []
    skip_next = False
    for arg in sys.argv:
        if skip_next:
            redacted_argv.append("[REDACTED]")
            skip_next = False
        elif arg in ("-p", "--prompt", "-c", "--command"):
            redacted_argv.append(arg)
            skip_next = True
        else:
            redacted_argv.append(arg)
    setproctitle(" ".join(redacted_argv))
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.


if input_format is not None and ui != "print":
raise typer.BadParameter(
Expand Down
Loading