feat(ai): add Kimi (Moonshot) support for CLI vision and agents

[Tugser]

Summary

Adds Kimi (Moonshot AI) support so Peekaboo can use Kimi K2.6/K2.7 (via the kimi/ provider prefix) for screenshot analysis and agent flows. Targets the Moonshot coding endpoint https://api.kimi.com/coding/v1 with MOONSHOT_API_KEY.

Changes

• Apps/CLI/.../AgentCommand+ModelParsing.swift: supportedKimiInputs, kimi/moonshot hosted parsing, credential/displayName/env-var switches, allowed-model list.
• Core/PeekabooCore/.../PeekabooAIService.swift: hosted-provider id, hasCredentialsOrLocalRuntime, providerAndModelName, resolveAvailableModels fallback.
• Core/PeekabooCore/.../ConfigurationManager+Accessors.swift: getKimiAPIKey() (MOONSHOT_API_KEY/KIMI_API_KEY) + applyAIProviderKeys push.
• Core/PeekabooCore/.../PeekabooAgentService*.swift: defaultModelSelection, apiKey, maxOutputTokens.
• Tests: Kimi parse cases in AgentCommandModelParsingTests and AIProviderParserTests.
• Tachikoma submodule bump for the Kimi provider (depends on feat(models): add Kimi (Moonshot) provider with K2.6 and K2.7 Tachikoma#27).

Dependency note

Bumps Tachikoma to Tugser/Tachikoma@ebcad41 so the Peekaboo side compiles and tests pass. Re-point to openclaw/Tachikoma main once openclaw/Tachikoma#27 merges.

Test commands executed

swift build --package-path Apps/CLI
swift test --package-path Apps/CLI --filter "AgentCommandModelParsingTests"
swift test --package-path Core/PeekabooCore --filter "AIProviderParserTests"
# Tachikoma (submodule):
swift test --filter "ModelParsingTests|LanguageModelCoverageTests"

All pass. End-to-end peekaboo see --analyze with kimi/k2p7 reaches api.kimi.com/coding/v1 and authenticates (request well-formed, image serialized); final live response depends on the user's Kimi coding-plan membership being active.

Usage

export MOONSHOT_API_KEY=...
PEEKABOO_AI_PROVIDERS=kimi/k2p7 peekaboo see --mode frontmost --analyze "..."

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 25, 2026, 4:29 PM ET / 20:29 UTC.

Summary
The PR adds first-class Kimi/Moonshot provider support across CLI model parsing, AI service credentials/fallbacks, agent defaults, tests, and a Tachikoma submodule bump.

Reproducibility: not applicable. as a bug report; this PR adds a new provider feature. The credential precedence issue is source-reproducible from the proposed getKimiAPIKey() order, while runtime behavior proof is still absent.

Review metrics: 2 noteworthy metrics.

• Changed surface: 8 files, +69/-2. The PR spans CLI parsing, agent runtime, AI service fallback, credential access, tests, and a foundational submodule pointer.
• External dependency state: 1 open upstream PR dependency. The Peekaboo branch depends on openclaw/Tachikoma provider work that has not merged yet.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🧂 unranked krab
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Repoint Tachikoma to an upstream openclaw/Tachikoma main commit after the Kimi provider lands.
• [P1] Fix Kimi credential alias precedence and cover it with a focused test.
• [P1] Add redacted terminal output or logs showing a real Kimi-backed peekaboo see --analyze run.

Proof guidance:

• [P1] Needs real behavior proof before merge: The PR body lists commands and says a live Kimi request authenticated, but it does not include redacted terminal output, logs, screenshots, or an artifact; the contributor should add proof, update the PR body, and ask a maintainer for @clawsweeper re-review if a fresh review does not run automatically.

Risk before merge

• [P1] The branch pins Peekaboo to an unmerged Tachikoma fork commit whose provider surface is still under review.
• [P1] The PR body reports a live request attempt, but there is no inspectable after-fix proof and the response depends on Kimi plan membership.
• [P1] Adding first-class kimi and moonshot identifiers can reserve names that current users might otherwise use as custom provider IDs.

Maintainer options:

1. Finish upstream dependency first (recommended)
   Merge a complete Kimi provider in openclaw/Tachikoma and repoint this PR's gitlink to that upstream main commit before considering Peekaboo merge.
2. Keep custom-provider path instead
   Maintainers can pause this PR and document or use the existing OpenAI-compatible custom provider setup if first-class Kimi is not desired yet.
3. Accept first-class alias reservation
   Maintainers may explicitly accept that kimi and moonshot become built-in identifiers rather than available custom provider names.

Next step before merge

• [P1] Human handling is needed because automation cannot provide the contributor's real Kimi proof or decide when the upstream Tachikoma provider is ready to bump.

Security
Needs attention: The diff introduces a supply-chain concern by pinning a foundational submodule to an unmerged fork commit.

Review findings

• [P1] Repoint Tachikoma to upstream main before merge — Tachikoma:1
• [P2] Preserve environment precedence for Kimi aliases — Core/PeekabooCore/Sources/PeekabooAutomation/Configuration/ConfigurationManager+Accessors.swift:220-224

Review details

Best possible solution:

Land a complete Kimi provider in openclaw/Tachikoma first, repoint Peekaboo to that upstream commit, fix the Kimi credential precedence edge case, and include redacted live CLI proof.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug report; this PR adds a new provider feature. The credential precedence issue is source-reproducible from the proposed getKimiAPIKey() order, while runtime behavior proof is still absent.

Is this the best way to solve the issue?

No, not yet. The implementation should first land the upstream Tachikoma provider, preserve established credential precedence, and then prove a real Kimi-backed CLI run with redacted output.

Full review comments:

• [P1] Repoint Tachikoma to upstream main before merge — Tachikoma:1
  This bumps the Tachikoma gitlink to Tugser/Tachikoma@ebcad414, while the repo policy says submodules should be updated in their home repos first and then bumped here. The upstream Kimi provider PR is still open and has its own proof/provider-surface blockers, so merging this would pin Peekaboo to unmerged dependency code from a fork.
  Confidence: 0.96
• [P2] Preserve environment precedence for Kimi aliases — Core/PeekabooCore/Sources/PeekabooAutomation/Configuration/ConfigurationManager+Accessors.swift:220-224
getKimiAPIKey() checks stored MOONSHOT_API_KEY/KIMI_API_KEY before reading KIMI_API_KEY from the environment. That means a user exporting KIMI_API_KEY cannot override a saved Moonshot/Kimi credential, unlike the existing alias accessors that check all environment aliases before stored credentials.
  Confidence: 0.87

Overall correctness: patch is incorrect
Overall confidence: 0.89

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against dda07c245fea.

Label changes

Label changes:

• add merge-risk: 🚨 auth-provider: The Kimi credential/routing path depends on an unmerged provider branch and has a source-visible environment alias precedence bug.
• add merge-risk: 🚨 other: The diff introduces a supply-chain review risk by moving a foundational dependency gitlink to unmerged fork code.
• add rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🧂 unranked krab.
• remove rating: 🦪 silver shellfish: Current PR rating is rating: 🧂 unranked krab, so this older rating label is no longer current.

Label justifications:

• P2: This is a normal provider feature with limited blast radius, but the current PR has dependency, proof, and credential-order blockers.
• merge-risk: 🚨 compatibility: The PR changes a foundational Tachikoma submodule pointer to a fork PR commit and reserves new built-in provider identifiers.
• merge-risk: 🚨 auth-provider: The Kimi credential/routing path depends on an unmerged provider branch and has a source-visible environment alias precedence bug.
• merge-risk: 🚨 other: The diff introduces a supply-chain review risk by moving a foundational dependency gitlink to unmerged fork code.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🧂 unranked krab.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body lists commands and says a live Kimi request authenticated, but it does not include redacted terminal output, logs, screenshots, or an artifact; the contributor should add proof, update the PR body, and ask a maintainer for @clawsweeper re-review if a fresh review does not run automatically.

Evidence reviewed

Security concerns:

• [medium] Submodule points at an unmerged fork commit — Tachikoma:1
  The PR bumps Tachikoma to Tugser/Tachikoma@ebcad414 rather than an upstream openclaw/Tachikoma main commit, so merging would bring dependency code that has not landed in the home repository.
  Confidence: 0.95

What I checked:

• Repository policy read: AGENTS.md was read fully; its submodule guidance applies because the PR changes Tachikoma, a foundational submodule that should be updated in its home repo first and then bumped here. (AGENTS.md:5, dda07c245fea)
• Current main lacks Kimi support: A source search on current main found no Kimi, Moonshot, MOONSHOT_API_KEY, or KIMI_API_KEY references under Apps, Core, Tachikoma, Package.swift, or docs. (dda07c245fea)
• Current provider parsing surface: Current main accepts hosted providers in isHostedProviderIdentifier and maps them in parseHostedProviderEntry; Kimi/Moonshot is absent today. (Core/PeekabooCore/Sources/PeekabooAutomation/Services/AI/PeekabooAIService.swift:342, dda07c245fea)
• Current CLI parsing surface: Current main enumerates supported hosted agent inputs and reserved provider IDs; Kimi/Moonshot is absent today. (Apps/CLI/Sources/PeekabooCLI/Commands/AI/AgentCommand+ModelParsing.swift:122, dda07c245fea)
• Open upstream dependency: The dependent openclaw/Tachikoma Kimi provider PR is open, cross-repository from Tugser/Tachikoma, and its review reports missing real behavior proof plus provider-surface gaps. (Tachikoma:1, ebcad414ffe3)
• PR submodule diff: The PR changes the Tachikoma gitlink from openclaw main commit a6c5cb90b1825cda1960d8a3177915cd00243545 to dependency PR head ebcad414ffe33bbf50db60ace64efc957ffe82e2. (Tachikoma:1, ae953a2263bc)

Likely related people:

• steipete: Git blame attributes the current provider parsing, credential accessor, and CLI model parsing surfaces to Peter Steinberger, and related provider/model catalog review context also points to steipete for this area. (role: recent area contributor; confidence: high; commits: 1fa8eead7eea; files: Apps/CLI/Sources/PeekabooCLI/Commands/AI/AgentCommand+ModelParsing.swift, Core/PeekabooCore/Sources/PeekabooAutomation/Services/AI/PeekabooAIService.swift, Core/PeekabooCore/Sources/PeekabooAutomation/Configuration/ConfigurationManager+Accessors.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.