@kernel.chat/kbot 3.27.0 → 3.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +99 -0
- package/dist/cli.js.map +1 -1
- package/dist/self-defense.d.ts +71 -0
- package/dist/self-defense.d.ts.map +1 -0
- package/dist/self-defense.js +403 -0
- package/dist/self-defense.js.map +1 -0
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -741,6 +741,105 @@ async function main() {
|
|
|
741
741
|
const { generateComparison } = await import('./introspection.js');
|
|
742
742
|
process.stderr.write(generateComparison());
|
|
743
743
|
});
|
|
744
|
+
// ── Self-Defense ──
|
|
745
|
+
const defenseCmd = program
|
|
746
|
+
.command('defense')
|
|
747
|
+
.description('Self-defense systems — memory integrity, injection detection, anomaly scanning');
|
|
748
|
+
defenseCmd
|
|
749
|
+
.command('audit')
|
|
750
|
+
.description('Full defense audit — memory integrity, anomalies, incidents, recommendations')
|
|
751
|
+
.action(async () => {
|
|
752
|
+
const { runDefenseAudit } = await import('./self-defense.js');
|
|
753
|
+
const chalk = (await import('chalk')).default;
|
|
754
|
+
const audit = runDefenseAudit();
|
|
755
|
+
console.log();
|
|
756
|
+
console.log(` ${chalk.bold('kbot defense audit')}`);
|
|
757
|
+
console.log();
|
|
758
|
+
// Overall status
|
|
759
|
+
const statusColor = audit.overallStatus === 'secure' ? chalk.green : audit.overallStatus === 'warning' ? chalk.yellow : chalk.red;
|
|
760
|
+
console.log(` ${chalk.bold('Status')}: ${statusColor(audit.overallStatus.toUpperCase())}`);
|
|
761
|
+
console.log();
|
|
762
|
+
// Memory integrity
|
|
763
|
+
const mi = audit.memoryIntegrity;
|
|
764
|
+
console.log(` ${chalk.bold('Memory Integrity')}`);
|
|
765
|
+
console.log(` ${chalk.dim('─'.repeat(40))}`);
|
|
766
|
+
console.log(` Files: ${mi.total} OK: ${chalk.green(String(mi.ok))} Tampered: ${mi.tampered ? chalk.red(String(mi.tampered)) : '0'} New: ${mi.new} Missing: ${mi.missing}`);
|
|
767
|
+
console.log();
|
|
768
|
+
// Anomalies
|
|
769
|
+
if (audit.anomalies.anomalies.length > 0) {
|
|
770
|
+
console.log(` ${chalk.bold('Anomalies')} (${audit.anomalies.anomalies.length})`);
|
|
771
|
+
console.log(` ${chalk.dim('─'.repeat(40))}`);
|
|
772
|
+
for (const a of audit.anomalies.anomalies) {
|
|
773
|
+
const c = a.severity === 'critical' ? chalk.red : a.severity === 'high' ? chalk.yellow : chalk.dim;
|
|
774
|
+
console.log(` ${c(`[${a.severity.toUpperCase()}]`)} ${a.description}`);
|
|
775
|
+
}
|
|
776
|
+
console.log();
|
|
777
|
+
}
|
|
778
|
+
// Incidents
|
|
779
|
+
if (audit.recentIncidents.length > 0) {
|
|
780
|
+
console.log(` ${chalk.bold('Recent Incidents')} (${audit.recentIncidents.length})`);
|
|
781
|
+
console.log(` ${chalk.dim('─'.repeat(40))}`);
|
|
782
|
+
for (const i of audit.recentIncidents.slice(-5)) {
|
|
783
|
+
console.log(` ${i.timestamp.split('T')[0]} ${chalk.dim(i.type)} — ${i.description.slice(0, 60)}`);
|
|
784
|
+
}
|
|
785
|
+
console.log();
|
|
786
|
+
}
|
|
787
|
+
// Recommendations
|
|
788
|
+
if (audit.recommendations.length > 0) {
|
|
789
|
+
console.log(` ${chalk.bold('Recommendations')}`);
|
|
790
|
+
console.log(` ${chalk.dim('─'.repeat(40))}`);
|
|
791
|
+
for (const r of audit.recommendations) {
|
|
792
|
+
console.log(` → ${r}`);
|
|
793
|
+
}
|
|
794
|
+
console.log();
|
|
795
|
+
}
|
|
796
|
+
});
|
|
797
|
+
defenseCmd
|
|
798
|
+
.command('sign')
|
|
799
|
+
.description('Sign all memory files — establishes integrity baseline')
|
|
800
|
+
.action(async () => {
|
|
801
|
+
const { signMemoryFiles } = await import('./self-defense.js');
|
|
802
|
+
signMemoryFiles();
|
|
803
|
+
printSuccess('Memory files signed. Integrity baseline established.');
|
|
804
|
+
});
|
|
805
|
+
defenseCmd
|
|
806
|
+
.command('verify')
|
|
807
|
+
.description('Verify memory file integrity — detect tampering')
|
|
808
|
+
.action(async () => {
|
|
809
|
+
const { verifyMemoryIntegrity } = await import('./self-defense.js');
|
|
810
|
+
const chalk = (await import('chalk')).default;
|
|
811
|
+
const results = verifyMemoryIntegrity();
|
|
812
|
+
if (results.length === 0) {
|
|
813
|
+
printInfo('No memory files to verify. Run `kbot defense sign` first.');
|
|
814
|
+
return;
|
|
815
|
+
}
|
|
816
|
+
for (const r of results) {
|
|
817
|
+
const icon = r.status === 'ok' ? chalk.green('✓') : r.status === 'tampered' ? chalk.red('✗ TAMPERED') : r.status === 'new' ? chalk.yellow('? new') : chalk.red('! missing');
|
|
818
|
+
console.log(` ${icon} ${r.file}`);
|
|
819
|
+
}
|
|
820
|
+
const tampered = results.filter(r => r.status === 'tampered');
|
|
821
|
+
if (tampered.length > 0) {
|
|
822
|
+
printError(`${tampered.length} file(s) tampered with outside of kbot!`);
|
|
823
|
+
}
|
|
824
|
+
else {
|
|
825
|
+
printSuccess('All memory files intact.');
|
|
826
|
+
}
|
|
827
|
+
});
|
|
828
|
+
defenseCmd
|
|
829
|
+
.command('incidents')
|
|
830
|
+
.description('Show recent security incidents')
|
|
831
|
+
.action(async () => {
|
|
832
|
+
const { getIncidents } = await import('./self-defense.js');
|
|
833
|
+
const incidents = getIncidents(20);
|
|
834
|
+
if (incidents.length === 0) {
|
|
835
|
+
printInfo('No security incidents recorded.');
|
|
836
|
+
return;
|
|
837
|
+
}
|
|
838
|
+
printInfo(`${incidents.length} incident(s):`);
|
|
839
|
+
for (const i of incidents) {
|
|
840
|
+
printInfo(` ${i.timestamp.split('T')[0]} [${i.severity}] ${i.type} — ${i.description.slice(0, 70)} (${i.action})`);
|
|
841
|
+
}
|
|
842
|
+
});
|
|
744
843
|
program
|
|
745
844
|
.command('machine')
|
|
746
845
|
.description('Show full system profile — hardware, GPU, OS, dev tools, AI capabilities')
|