Core
- Gate Kilo API calls behind enabled_providers to prevent data leaks
- Make FreeUsageLimitError non-retryable to prevent unrecoverable backoff loop
- Prevent infinite loop when agent returns empty tool calls
- Add failing test for empty tool-calls loop
- Added TUI settings reference to kilo-config skill
- Guard builtin skill removal after lookup
- Fixed managed config paths for all platforms in CLI documentation
- Reject removal of built-in skills
- Normalize paths to prevent directory traversal bypass
- Include parent session ID in heartbeat session info
- Exempt plan files and protect global config directory from silent access
- Extract helpers to reduce duplication in CLI
- Check movePath in apply_patch config guard
- Detect nested config directories in isRelative function
- Add built-in kilo-config skill for on-demand config reference
- Close absolute-path bypass and extract DISABLE_ALWAYS_KEY constant
- Force permission prompt for config file edits
- Add config path detection for permission protection
TUI
- Hide 'Always allow' option in TUI for config file edits
SDK
- Add duplex: half to fix fetch in Node.js/Electron environments