@kernel.chat/kbot 3.27.0 → 3.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +99 -0
  2. package/dist/cli.js.map +1 -1
  3. package/dist/self-defense.d.ts +71 -0
  4. package/dist/self-defense.d.ts.map +1 -0
  5. package/dist/self-defense.js +403 -0
  6. package/dist/self-defense.js.map +1 -0
  7. package/package.json +1 -1
package/dist/self-defense.d.ts ADDED
@@ -0,0 +1,71 @@
1
+ /** Sign all memory files — call after every legitimate write */
2
+ export declare function signMemoryFiles(): void;
3
+ /** Verify all memory files — returns list of tampered files */
4
+ export declare function verifyMemoryIntegrity(): Array<{
5
+ file: string;
6
+ status: 'ok' | 'tampered' | 'new' | 'missing';
7
+ }>;
8
+ export interface InjectionResult {
9
+ detected: boolean;
10
+ threats: Array<{
11
+ name: string;
12
+ severity: string;
13
+ match: string;
14
+ }>;
15
+ score: number;
16
+ recommendation: 'allow' | 'warn' | 'block';
17
+ }
18
+ /** Scan a message for prompt injection attempts */
19
+ export declare function detectInjection(message: string): InjectionResult;
20
+ /** Check if a knowledge entry is safe to store */
21
+ export declare function sanitizeKnowledge(fact: string): {
22
+ safe: boolean;
23
+ reason?: string;
24
+ };
25
+ export interface ForgeVerification {
26
+ safe: boolean;
27
+ warnings: string[];
28
+ dangerousPatterns: string[];
29
+ }
30
+ /** Verify a forged tool's code before registration */
31
+ export declare function verifyForgedTool(code: string, name: string): ForgeVerification;
32
+ export interface AnomalyReport {
33
+ anomalies: Array<{
34
+ type: string;
35
+ description: string;
36
+ severity: string;
37
+ }>;
38
+ memoryIntegrity: Array<{
39
+ file: string;
40
+ status: string;
41
+ }>;
42
+ score: number;
43
+ }
44
+ export declare function detectAnomalies(): AnomalyReport;
45
+ interface Incident {
46
+ timestamp: string;
47
+ type: string;
48
+ severity: string;
49
+ description: string;
50
+ action: 'blocked' | 'warned' | 'logged';
51
+ }
52
+ /** Log a security incident */
53
+ export declare function logIncident(type: string, severity: string, description: string, action: 'blocked' | 'warned' | 'logged'): void;
54
+ /** Get recent incidents */
55
+ export declare function getIncidents(limit?: number): Incident[];
56
+ export interface DefenseAudit {
57
+ memoryIntegrity: {
58
+ total: number;
59
+ ok: number;
60
+ tampered: number;
61
+ new: number;
62
+ missing: number;
63
+ };
64
+ anomalies: AnomalyReport;
65
+ recentIncidents: Incident[];
66
+ overallStatus: 'secure' | 'warning' | 'compromised';
67
+ recommendations: string[];
68
+ }
69
+ export declare function runDefenseAudit(): DefenseAudit;
70
+ export {};
71
+ //# sourceMappingURL=self-defense.d.ts.map
package/dist/self-defense.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"self-defense.d.ts","sourceRoot":"","sources":["../src/self-defense.ts"],"names":[],"mappings":"AA8DA,gEAAgE;AAChE,wBAAgB,eAAe,IAAI,IAAI,CAkBtC;AAED,+DAA+D;AAC/D,wBAAgB,qBAAqB,IAAI,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,IAAI,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAA;CAAE,CAAC,CAmC9G;AAiCD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACjE,KAAK,EAAE,MAAM,CAAA;IACb,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAA;CAC3C;AAED,mDAAmD;AACnD,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAsChE;AAkBD,kDAAkD;AAClD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAoBlF;AAqBD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B;AAED,sDAAsD;AACtD,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CA8B9E;AAKD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACzE,eAAe,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACxD,KAAK,EAAE,MAAM,CAAA;CACd;AAED,wBAAgB,eAAe,IAAI,aAAa,CAiG/C;AAID,UAAU,QAAQ;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAA;CACxC;AAYD,8BAA8B;AAC9B,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,IAAI,CAU9H;AAED,2BAA2B;AAC3B,wBAAgB,YAAY,CAAC,KAAK,SAAK,GAAG,QAAQ,EAAE,CAEnD;AAID,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;IAC9F,SAAS,EAAE,aAAa,CAAA;IACxB,eAAe,EAAE,QAAQ,EAAE,CAAA;IAC3B,aAAa,EAAE,QAAQ,GAAG,SAAS,GAAG,aAAa,CAAA;IACnD,eAAe,EAAE,MAAM,EAAE,CAAA;CAC1B;AAED,wBAAgB,eAAe,IAAI,YAAY,CAsC9C"}
package/dist/self-defense.js ADDED
@@ -0,0 +1,403 @@
1
+ // kbot Self-Defense — Hardening against AI agent attack vectors
2
+ //
3
+ // 2026 threat landscape for AI agents:
4
+ // 1. MEMORY INJECTION — poisoned data corrupts long-term memory
5
+ // 2. PROMPT INJECTION — crafted inputs hijack agent behavior
6
+ // 3. SUPPLY CHAIN — compromised tools/plugins execute malicious code
7
+ // 4. KNOWLEDGE POISONING — false facts stored, influence future decisions
8
+ // 5. TOOL ABUSE — agent tricked into executing harmful commands
9
+ //
10
+ // This module provides:
11
+ // - Memory integrity verification (HMAC-SHA256 on all stored data)
12
+ // - Prompt injection detection (pattern matching + heuristics)
13
+ // - Knowledge sanitization (filter before storage)
14
+ // - Forge tool verification (signature + sandbox checks)
15
+ // - Anomaly detection on learning patterns
16
+ // - Self-defense audit report
17
+ import { createHmac, createHash } from 'node:crypto';
18
+ import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync } from 'node:fs';
19
+ import { join } from 'node:path';
20
+ import { homedir } from 'node:os';
21
+ const KBOT_DIR = join(homedir(), '.kbot');
22
+ const MEMORY_DIR = join(KBOT_DIR, 'memory');
23
+ const DEFENSE_DIR = join(KBOT_DIR, 'defense');
24
+ const INTEGRITY_FILE = join(DEFENSE_DIR, 'integrity.json');
25
+ const INCIDENT_LOG = join(DEFENSE_DIR, 'incidents.json');
26
+ function ensureDir(dir) {
27
+ if (!existsSync(dir))
28
+ mkdirSync(dir, { recursive: true });
29
+ }
30
+ // ── 1. Memory Integrity (HMAC-SHA256) ──
31
+ // Every memory file gets an HMAC signature. If the file changes
32
+ // without going through kbot's API, the tampering is detected.
33
+ function deriveHmacKey() {
34
+ // Machine-bound key — same derivation as wallet encryption
35
+ const seed = `${homedir()}:${process.env.USER || 'kbot'}:${process.arch}:integrity`;
36
+ return createHash('sha256').update(seed).digest();
37
+ }
38
+ function hmacSign(content) {
39
+ return createHmac('sha256', deriveHmacKey()).update(content).digest('hex');
40
+ }
41
+ function loadIntegrity() {
42
+ if (!existsSync(INTEGRITY_FILE))
43
+ return [];
44
+ try {
45
+ return JSON.parse(readFileSync(INTEGRITY_FILE, 'utf-8'));
46
+ }
47
+ catch {
48
+ return [];
49
+ }
50
+ }
51
+ function saveIntegrity(records) {
52
+ ensureDir(DEFENSE_DIR);
53
+ writeFileSync(INTEGRITY_FILE, JSON.stringify(records, null, 2));
54
+ }
55
+ /** Sign all memory files — call after every legitimate write */
56
+ export function signMemoryFiles() {
57
+ ensureDir(MEMORY_DIR);
58
+ const files = readdirSync(MEMORY_DIR).filter(f => f.endsWith('.json'));
59
+ const records = [];
60
+ for (const file of files) {
61
+ const path = join(MEMORY_DIR, file);
62
+ try {
63
+ const content = readFileSync(path, 'utf-8');
64
+ records.push({
65
+ file,
66
+ hash: hmacSign(content),
67
+ lastVerified: new Date().toISOString(),
68
+ });
69
+ }
70
+ catch { /* skip unreadable */ }
71
+ }
72
+ saveIntegrity(records);
73
+ }
74
+ /** Verify all memory files — returns list of tampered files */
75
+ export function verifyMemoryIntegrity() {
76
+ const records = loadIntegrity();
77
+ const recordMap = new Map(records.map(r => [r.file, r.hash]));
78
+ const results = [];
79
+ if (!existsSync(MEMORY_DIR))
80
+ return [];
81
+ // Check existing files
82
+ const currentFiles = readdirSync(MEMORY_DIR).filter(f => f.endsWith('.json'));
83
+ for (const file of currentFiles) {
84
+ const path = join(MEMORY_DIR, file);
85
+ const expectedHash = recordMap.get(file);
86
+ if (!expectedHash) {
87
+ results.push({ file, status: 'new' });
88
+ continue;
89
+ }
90
+ try {
91
+ const content = readFileSync(path, 'utf-8');
92
+ const actualHash = hmacSign(content);
93
+ results.push({ file, status: actualHash === expectedHash ? 'ok' : 'tampered' });
94
+ }
95
+ catch {
96
+ results.push({ file, status: 'missing' });
97
+ }
98
+ recordMap.delete(file);
99
+ }
100
+ // Check for deleted files
101
+ for (const [file] of recordMap) {
102
+ results.push({ file, status: 'missing' });
103
+ }
104
+ return results;
105
+ }
106
+ // ── 2. Prompt Injection Detection ──
107
+ // Detect attempts to hijack kbot's behavior through crafted inputs.
108
+ const INJECTION_PATTERNS = [
109
+ // Direct instruction override
110
+ { name: 'system-prompt-override', pattern: /(?:ignore|forget|disregard)\s+(?:all\s+)?(?:previous|prior|above|system)\s+(?:instructions?|prompts?|rules?|context)/i, severity: 'critical' },
111
+ { name: 'role-hijack', pattern: /(?:you are now|act as|pretend to be|your new (?:role|identity|instructions?))\s/i, severity: 'critical' },
112
+ { name: 'instruction-injection', pattern: /\[(?:SYSTEM|INST|INSTRUCTIONS?)\]/i, severity: 'critical' },
113
+ { name: 'delimiter-attack', pattern: /```(?:system|instructions?|prompt)\b/i, severity: 'high' },
114
+ // Memory manipulation
115
+ { name: 'memory-poison', pattern: /(?:remember|memorize|store|learn|save)\s+(?:that|this)?\s*(?:the\s+(?:password|key|secret|token)\s+is|always\s+(?:trust|allow|execute|run))/i, severity: 'critical' },
116
+ { name: 'knowledge-override', pattern: /(?:from now on|henceforth|going forward)\s+(?:always|never)\s+(?:ignore|skip|bypass|disable)\s+(?:security|auth|permission|verification|validation)/i, severity: 'critical' },
117
+ // Tool abuse
118
+ { name: 'tool-escalation', pattern: /(?:run|execute|call|invoke)\s+(?:rm\s+-rf|sudo|chmod\s+777|curl\s+.*\|\s*(?:sh|bash)|wget\s+.*\|\s*(?:sh|bash))/i, severity: 'critical' },
119
+ { name: 'exfiltration', pattern: /(?:send|post|upload|exfil|transmit)\s+(?:all\s+)?(?:files?|data|secrets?|keys?|passwords?|tokens?|env|\.env|config)\s+(?:to|at|via)\s/i, severity: 'critical' },
120
+ // Wallet/financial manipulation
121
+ { name: 'wallet-drain', pattern: /(?:transfer|send|move)\s+(?:all|everything|max|100%)\s+(?:sol|eth|tokens?|funds?|balance)/i, severity: 'critical' },
122
+ { name: 'key-extraction', pattern: /(?:show|display|print|reveal|export|decrypt)\s+(?:private\s+key|seed\s+phrase|secret\s+key|wallet\s+key)/i, severity: 'critical' },
123
+ // Social engineering
124
+ { name: 'urgency-pressure', pattern: /(?:emergency|urgent|immediately|right now|before it's too late)\s+(?:transfer|send|delete|execute|run)/i, severity: 'high' },
125
+ { name: 'authority-spoof', pattern: /(?:i am|this is)\s+(?:the (?:admin|owner|developer|ceo)|from (?:anthropic|openai|google|supabase|stripe))/i, severity: 'high' },
126
+ // Encoding/obfuscation attacks
127
+ { name: 'base64-hidden', pattern: /(?:decode|eval|execute)\s+(?:this\s+)?base64/i, severity: 'high' },
128
+ { name: 'unicode-smuggle', pattern: /[\u200B-\u200F\u2028-\u202F\uFEFF]/, severity: 'medium' },
129
+ ];
130
+ /** Scan a message for prompt injection attempts */
131
+ export function detectInjection(message) {
132
+ const threats = [];
133
+ for (const { name, pattern, severity } of INJECTION_PATTERNS) {
134
+ const match = message.match(pattern);
135
+ if (match) {
136
+ threats.push({ name, severity, match: match[0].slice(0, 50) });
137
+ }
138
+ }
139
+ // Heuristic scoring
140
+ let score = 0;
141
+ for (const t of threats) {
142
+ if (t.severity === 'critical')
143
+ score += 0.4;
144
+ else if (t.severity === 'high')
145
+ score += 0.25;
146
+ else
147
+ score += 0.1;
148
+ }
149
+ score = Math.min(score, 1);
150
+ // Additional heuristics
151
+ // Long messages with many instructions are suspicious
152
+ const instructionWords = (message.match(/\b(always|never|must|shall|ignore|forget|override|bypass|skip|disable)\b/gi) || []).length;
153
+ if (instructionWords > 5)
154
+ score += 0.15;
155
+ // Hidden unicode characters
156
+ const hiddenChars = (message.match(/[\u200B-\u200F\u2028-\u202F\uFEFF]/g) || []).length;
157
+ if (hiddenChars > 0)
158
+ score += 0.1 * Math.min(hiddenChars, 5);
159
+ score = Math.min(score, 1);
160
+ const recommendation = score >= 0.5 ? 'block' : score >= 0.2 ? 'warn' : 'allow';
161
+ return {
162
+ detected: threats.length > 0,
163
+ threats,
164
+ score,
165
+ recommendation,
166
+ };
167
+ }
168
+ // ── 3. Knowledge Sanitization ──
169
+ // Filter inputs before they enter the knowledge base.
170
+ const KNOWLEDGE_BLOCKLIST = [
171
+ // Secrets that should never be "learned"
172
+ /(?:password|passwd|secret|token|api.?key)\s*(?:is|=|:)\s*\S{8,}/i,
173
+ /(?:sk-|ghp_|gho_|AKIA|xoxb-|npm_)\S{16,}/,
174
+ // Instructions that override security
175
+ /always\s+(?:trust|allow|execute|approve|skip)\s+(?:all|any|every)/i,
176
+ /never\s+(?:check|verify|validate|audit|scan|block)/i,
177
+ /disable\s+(?:security|auth|permission|verification|2fa|mfa)/i,
178
+ // Wallet manipulation rules
179
+ /always\s+(?:send|transfer|approve)\s+(?:funds|tokens?|sol|eth)/i,
180
+ /(?:auto|automatic)\s*(?:approve|confirm|sign)\s+(?:transactions?|swaps?|transfers?)/i,
181
+ ];
182
+ /** Check if a knowledge entry is safe to store */
183
+ export function sanitizeKnowledge(fact) {
184
+ for (const pattern of KNOWLEDGE_BLOCKLIST) {
185
+ if (pattern.test(fact)) {
186
+ return { safe: false, reason: `Blocked by security filter: ${pattern.source.slice(0, 40)}` };
187
+ }
188
+ }
189
+ // Length check — extremely long "facts" are suspicious
190
+ if (fact.length > 2000) {
191
+ return { safe: false, reason: 'Knowledge entry too long (>2000 chars) — may contain hidden instructions' };
192
+ }
193
+ // Instruction density check
194
+ const instructionWords = (fact.match(/\b(always|never|must|shall|ignore|override|bypass|skip|disable|execute|run|delete)\b/gi) || []).length;
195
+ const wordCount = fact.split(/\s+/).length;
196
+ if (wordCount > 10 && instructionWords / wordCount > 0.3) {
197
+ return { safe: false, reason: 'High instruction density — looks like an injection, not a fact' };
198
+ }
199
+ return { safe: true };
200
+ }
201
+ // ── 4. Forge Tool Verification ──
202
+ // Verify tools from the forge registry before execution.
203
+ const DANGEROUS_PATTERNS_IN_TOOLS = [
204
+ /eval\s*\(/,
205
+ /new\s+Function\s*\(/,
206
+ /child_process/,
207
+ /exec(?:Sync)?\s*\(/,
208
+ /require\s*\(\s*['"](?:child_process|fs|net|http|https|crypto|os|cluster|dgram|dns|tls)/,
209
+ /import\s+.*(?:child_process|exec|spawn)/,
210
+ /process\.env/,
211
+ /Deno\.env/,
212
+ /fetch\s*\(\s*(?!['"]https:\/\/api\.|['"]https:\/\/www\.)/, // fetch to non-standard URLs
213
+ /\.writeFile/,
214
+ /\.unlink/,
215
+ /\.rmdir/,
216
+ /process\.exit/,
217
+ ];
218
+ /** Verify a forged tool's code before registration */
219
+ export function verifyForgedTool(code, name) {
220
+ const warnings = [];
221
+ const dangerousPatterns = [];
222
+ for (const pattern of DANGEROUS_PATTERNS_IN_TOOLS) {
223
+ if (pattern.test(code)) {
224
+ dangerousPatterns.push(pattern.source);
225
+ }
226
+ }
227
+ if (dangerousPatterns.length > 0) {
228
+ warnings.push(`Tool "${name}" uses dangerous patterns: ${dangerousPatterns.join(', ')}`);
229
+ }
230
+ // Size check
231
+ if (code.length > 50_000) {
232
+ warnings.push(`Tool "${name}" is unusually large (${code.length} chars) — review carefully`);
233
+ }
234
+ // Obfuscation check
235
+ const obfuscationScore = (code.match(/\\x[0-9a-f]{2}|\\u[0-9a-f]{4}|atob\(|btoa\(/gi) || []).length;
236
+ if (obfuscationScore > 5) {
237
+ warnings.push(`Tool "${name}" contains ${obfuscationScore} encoded/obfuscated segments`);
238
+ }
239
+ return {
240
+ safe: dangerousPatterns.length === 0 && warnings.length === 0,
241
+ warnings,
242
+ dangerousPatterns,
243
+ };
244
+ }
245
+ export function detectAnomalies() {
246
+ const anomalies = [];
247
+ let score = 0;
248
+ // Check knowledge for suspicious entries
249
+ const knowledgePath = join(MEMORY_DIR, 'knowledge.json');
250
+ if (existsSync(knowledgePath)) {
251
+ try {
252
+ const knowledge = JSON.parse(readFileSync(knowledgePath, 'utf-8'));
253
+ if (Array.isArray(knowledge)) {
254
+ // Check for recent bulk additions (possible injection)
255
+ const recentEntries = knowledge.filter((k) => {
256
+ const created = new Date(k.created || 0);
257
+ const hourAgo = new Date(Date.now() - 60 * 60 * 1000);
258
+ return created > hourAgo;
259
+ });
260
+ if (recentEntries.length > 20) {
261
+ anomalies.push({
262
+ type: 'bulk-knowledge-addition',
263
+ description: `${recentEntries.length} knowledge entries added in the last hour — possible injection`,
264
+ severity: 'high',
265
+ });
266
+ score += 0.3;
267
+ }
268
+ // Check for entries with security-override language
269
+ for (const k of knowledge) {
270
+ const check = sanitizeKnowledge(k.fact || '');
271
+ if (!check.safe) {
272
+ anomalies.push({
273
+ type: 'poisoned-knowledge',
274
+ description: `Knowledge entry blocked by filter: "${(k.fact || '').slice(0, 50)}..."`,
275
+ severity: 'critical',
276
+ });
277
+ score += 0.3;
278
+ }
279
+ }
280
+ }
281
+ }
282
+ catch { /* corrupt file */ }
283
+ }
284
+ // Check corrections for manipulation
285
+ const correctionsPath = join(MEMORY_DIR, 'corrections.json');
286
+ if (existsSync(correctionsPath)) {
287
+ try {
288
+ const corrections = JSON.parse(readFileSync(correctionsPath, 'utf-8'));
289
+ if (Array.isArray(corrections)) {
290
+ for (const c of corrections) {
291
+ const injectionCheck = detectInjection(c.userMessage || '');
292
+ if (injectionCheck.detected) {
293
+ anomalies.push({
294
+ type: 'injected-correction',
295
+ description: `Correction contains injection pattern: "${(c.userMessage || '').slice(0, 50)}..."`,
296
+ severity: 'critical',
297
+ });
298
+ score += 0.3;
299
+ }
300
+ }
301
+ }
302
+ }
303
+ catch { /* corrupt */ }
304
+ }
305
+ // Check patterns for impossible success rates
306
+ const patternsPath = join(MEMORY_DIR, 'patterns.json');
307
+ if (existsSync(patternsPath)) {
308
+ try {
309
+ const patterns = JSON.parse(readFileSync(patternsPath, 'utf-8'));
310
+ if (Array.isArray(patterns)) {
311
+ for (const p of patterns) {
312
+ if (p.successRate === 1.0 && p.hits > 50) {
313
+ anomalies.push({
314
+ type: 'suspicious-pattern',
315
+ description: `Pattern has 100% success rate over ${p.hits} uses — statistically unlikely, may be fabricated`,
316
+ severity: 'medium',
317
+ });
318
+ score += 0.1;
319
+ }
320
+ }
321
+ }
322
+ }
323
+ catch { /* corrupt */ }
324
+ }
325
+ // Memory integrity check
326
+ const memoryIntegrity = verifyMemoryIntegrity();
327
+ const tampered = memoryIntegrity.filter(m => m.status === 'tampered');
328
+ if (tampered.length > 0) {
329
+ anomalies.push({
330
+ type: 'memory-tampering',
331
+ description: `${tampered.length} memory file(s) modified outside of kbot: ${tampered.map(t => t.file).join(', ')}`,
332
+ severity: 'critical',
333
+ });
334
+ score += 0.4;
335
+ }
336
+ score = Math.min(score, 1);
337
+ return { anomalies, memoryIntegrity, score };
338
+ }
339
+ function loadIncidents() {
340
+ if (!existsSync(INCIDENT_LOG))
341
+ return [];
342
+ try {
343
+ return JSON.parse(readFileSync(INCIDENT_LOG, 'utf-8'));
344
+ }
345
+ catch {
346
+ return [];
347
+ }
348
+ }
349
+ function saveIncidents(incidents) {
350
+ ensureDir(DEFENSE_DIR);
351
+ writeFileSync(INCIDENT_LOG, JSON.stringify(incidents.slice(-500), null, 2)); // keep last 500
352
+ }
353
+ /** Log a security incident */
354
+ export function logIncident(type, severity, description, action) {
355
+ const incidents = loadIncidents();
356
+ incidents.push({
357
+ timestamp: new Date().toISOString(),
358
+ type,
359
+ severity,
360
+ description: description.slice(0, 500),
361
+ action,
362
+ });
363
+ saveIncidents(incidents);
364
+ }
365
+ /** Get recent incidents */
366
+ export function getIncidents(limit = 20) {
367
+ return loadIncidents().slice(-limit);
368
+ }
369
+ export function runDefenseAudit() {
370
+ const integrity = verifyMemoryIntegrity();
371
+ const anomalies = detectAnomalies();
372
+ const incidents = getIncidents(10);
373
+ const integrityStats = {
374
+ total: integrity.length,
375
+ ok: integrity.filter(m => m.status === 'ok').length,
376
+ tampered: integrity.filter(m => m.status === 'tampered').length,
377
+ new: integrity.filter(m => m.status === 'new').length,
378
+ missing: integrity.filter(m => m.status === 'missing').length,
379
+ };
380
+ const recommendations = [];
381
+ if (integrityStats.tampered > 0) {
382
+ recommendations.push(`${integrityStats.tampered} memory file(s) tampered — run \`kbot defense restore\` to rebuild from known-good state`);
383
+ }
384
+ if (integrityStats.new > 0) {
385
+ recommendations.push(`${integrityStats.new} unsigned memory file(s) — run \`kbot defense sign\` to establish baseline`);
386
+ }
387
+ if (anomalies.anomalies.some(a => a.type === 'poisoned-knowledge')) {
388
+ recommendations.push('Poisoned knowledge entries detected — run `kbot defense purge` to remove them');
389
+ }
390
+ if (incidents.some(i => i.severity === 'critical' && i.action === 'blocked')) {
391
+ recommendations.push('Recent critical incidents blocked — review with `kbot defense incidents`');
392
+ }
393
+ const criticalCount = anomalies.anomalies.filter(a => a.severity === 'critical').length + integrityStats.tampered;
394
+ const overallStatus = criticalCount > 0 ? 'compromised' : anomalies.score > 0.2 ? 'warning' : 'secure';
395
+ return {
396
+ memoryIntegrity: integrityStats,
397
+ anomalies,
398
+ recentIncidents: incidents,
399
+ overallStatus,
400
+ recommendations,
401
+ };
402
+ }
403
+ //# sourceMappingURL=self-defense.js.map
package/dist/self-defense.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"self-defense.js","sourceRoot":"","sources":["../src/self-defense.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,uCAAuC;AACvC,kEAAkE;AAClE,+DAA+D;AAC/D,uEAAuE;AACvE,4EAA4E;AAC5E,kEAAkE;AAClE,EAAE;AACF,wBAAwB;AACxB,qEAAqE;AACrE,iEAAiE;AACjE,qDAAqD;AACrD,2DAA2D;AAC3D,6CAA6C;AAC7C,gCAAgC;AAEhC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAe,MAAM,aAAa,CAAA;AACjE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AAEjC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAA;AACzC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;AAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;AAC7C,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAA;AAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAA;AAExD,SAAS,SAAS,CAAC,GAAW;IAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;AAC3D,CAAC;AAED,0CAA0C;AAC1C,gEAAgE;AAChE,+DAA+D;AAE/D,SAAS,aAAa;IACpB,2DAA2D;IAC3D,MAAM,IAAI,GAAG,GAAG,OAAO,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,IAAI,OAAO,CAAC,IAAI,YAAY,CAAA;IACnF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAA;AACnD,CAAC;AAED,SAAS,QAAQ,CAAC,OAAe;IAC/B,OAAO,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC5E,CAAC;AAQD,SAAS,aAAa;IACpB,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;QAAE,OAAO,EAAE,CAAA;IAC1C,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAA;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAA;IAAC,CAAC;AACtF,CAAC;AAED,SAAS,aAAa,CAAC,OAA0B;IAC/C,SAAS,CAAC,WAAW,CAAC,CAAA;IACtB,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;AACjE,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,eAAe;IAC7B,SAAS,CAAC,UAAU,CAAC,CAAA;IACrB,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;IACtE,MAAM,OAAO,GAAsB,EAAE,CAAA;IAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC;gBACvB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACvC,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACnC,CAAC;IAED,aAAa,CAAC,OAAO,CAAC,CAAA;AACxB,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,qBAAqB;IACnC,MAAM,OAAO,GAAG,aAAa,EAAE,CAAA;IAC/B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC7D,MAAM,OAAO,GAA2E,EAAE,CAAA;IAE1F,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAA;IAEtC,uBAAuB;IACvB,MAAM,YAAY,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7E,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QACnC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAExC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;YACrC,SAAQ;QACV,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAA;YACpC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAA;QACjF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;QAC3C,CAAC;QAED,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACxB,CAAC;IAED,0BAA0B;IAC1B,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;IAC3C,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,sCAAsC;AACtC,oEAAoE;AAEpE,MAAM,kBAAkB,GAAuF;IAC7G,8BAA8B;IAC9B,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,uHAAuH,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC1L,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,kFAAkF,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC1I,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,uCAAuC,EAAE,QAAQ,EAAE,MAAM,EAAE;IAEhG,sBAAsB;IACtB,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,8IAA8I,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxM,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,sJAAsJ,EAAE,QAAQ,EAAE,UAAU,EAAE;IAErN,aAAa;IACb,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,kHAAkH,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC9K,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,wIAAwI,EAAE,QAAQ,EAAE,UAAU,EAAE;IAEjM,gCAAgC;IAChC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4FAA4F,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrJ,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,2GAA2G,EAAE,QAAQ,EAAE,UAAU,EAAE;IAEtK,qBAAqB;IACrB,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,yGAAyG,EAAE,QAAQ,EAAE,MAAM,EAAE;IAClK,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,4GAA4G,EAAE,QAAQ,EAAE,MAAM,EAAE;IAEpK,+BAA+B;IAC/B,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,+CAA+C,EAAE,QAAQ,EAAE,MAAM,EAAE;IACrG,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAC/F,CAAA;AASD,mDAAmD;AACnD,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,OAAO,GAA+B,EAAE,CAAA;IAE9C,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QACpC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,KAAK,IAAI,GAAG,CAAA;aACtC,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,KAAK,IAAI,IAAI,CAAA;;YACxC,KAAK,IAAI,GAAG,CAAA;IACnB,CAAC;IACD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IAE1B,wBAAwB;IACxB,sDAAsD;IACtD,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAA;IACnI,IAAI,gBAAgB,GAAG,CAAC;QAAE,KAAK,IAAI,IAAI,CAAA;IAEvC,4BAA4B;IAC5B,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAA;IACvF,IAAI,WAAW,GAAG,CAAC;QAAE,KAAK,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAA;IAE5D,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IAE1B,MAAM,cAAc,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAA;IAE/E,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,OAAO;QACP,KAAK;QACL,cAAc;KACf,CAAA;AACH,CAAC;AAED,kCAAkC;AAClC,sDAAsD;AAEtD,MAAM,mBAAmB,GAAa;IACpC,yCAAyC;IACzC,kEAAkE;IAClE,0CAA0C;IAC1C,sCAAsC;IACtC,oEAAoE;IACpE,qDAAqD;IACrD,8DAA8D;IAC9D,4BAA4B;IAC5B,iEAAiE;IACjE,sFAAsF;CACvF,CAAA;AAED,kDAAkD;AAClD,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,0EAA0E,EAAE,CAAA;IAC5G,CAAC;IAED,4BAA4B;IAC5B,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,wFAAwF,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAA;IAC5I,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAA;IAC1C,IAAI,SAAS,GAAG,EAAE,IAAI,gBAAgB,GAAG,SAAS,GAAG,GAAG,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,gEAAgE,EAAE,CAAA;IAClG,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACvB,CAAC;AAED,mCAAmC;AACnC,yDAAyD;AAEzD,MAAM,2BAA2B,GAAa;IAC5C,WAAW;IACX,qBAAqB;IACrB,eAAe;IACf,oBAAoB;IACpB,wFAAwF;IACxF,yCAAyC;IACzC,cAAc;IACd,WAAW;IACX,0DAA0D,EAAE,6BAA6B;IACzF,aAAa;IACb,UAAU;IACV,SAAS;IACT,eAAe;CAChB,CAAA;AAQD,sDAAsD;AACtD,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,IAAY;IACzD,MAAM,QAAQ,GAAa,EAAE,CAAA;IAC7B,MAAM,iBAAiB,GAAa,EAAE,CAAA;IAEtC,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;QAClD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,8BAA8B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC1F,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,yBAAyB,IAAI,CAAC,MAAM,4BAA4B,CAAC,CAAA;IAC9F,CAAC;IAED,oBAAoB;IACpB,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,+CAA+C,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAA;IACnG,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,cAAc,gBAAgB,8BAA8B,CAAC,CAAA;IAC1F,CAAC;IAED,OAAO;QACL,IAAI,EAAE,iBAAiB,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAC7D,QAAQ;QACR,iBAAiB;KAClB,CAAA;AACH,CAAC;AAWD,MAAM,UAAU,eAAe;IAC7B,MAAM,SAAS,GAA+B,EAAE,CAAA;IAChD,IAAI,KAAK,GAAG,CAAC,CAAA;IAEb,yCAAyC;IACzC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;IACxD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAA;YAClE,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,uDAAuD;gBACvD,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE;oBAChD,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,CAAA;oBACxC,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;oBACrD,OAAO,OAAO,GAAG,OAAO,CAAA;gBAC1B,CAAC,CAAC,CAAA;gBACF,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC9B,SAAS,CAAC,IAAI,CAAC;wBACb,IAAI,EAAE,yBAAyB;wBAC/B,WAAW,EAAE,GAAG,aAAa,CAAC,MAAM,gEAAgE;wBACpG,QAAQ,EAAE,MAAM;qBACjB,CAAC,CAAA;oBACF,KAAK,IAAI,GAAG,CAAA;gBACd,CAAC;gBAED,oDAAoD;gBACpD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;oBAC1B,MAAM,KAAK,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAA;oBAC7C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAChB,SAAS,CAAC,IAAI,CAAC;4BACb,IAAI,EAAE,oBAAoB;4BAC1B,WAAW,EAAE,uCAAuC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;4BACrF,QAAQ,EAAE,UAAU;yBACrB,CAAC,CAAA;wBACF,KAAK,IAAI,GAAG,CAAA;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;IAED,qCAAqC;IACrC,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;IAC5D,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAA;YACtE,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/B,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;oBAC5B,MAAM,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAA;oBAC3D,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;wBAC5B,SAAS,CAAC,IAAI,CAAC;4BACb,IAAI,EAAE,qBAAqB;4BAC3B,WAAW,EAAE,2CAA2C,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;4BAChG,QAAQ,EAAE,UAAU;yBACrB,CAAC,CAAA;wBACF,KAAK,IAAI,GAAG,CAAA;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;IAED,8CAA8C;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,CAAA;IACtD,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAA;YAChE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,IAAI,CAAC,CAAC,WAAW,KAAK,GAAG,IAAI,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;wBACzC,SAAS,CAAC,IAAI,CAAC;4BACb,IAAI,EAAE,oBAAoB;4BAC1B,WAAW,EAAE,sCAAsC,CAAC,CAAC,IAAI,mDAAmD;4BAC5G,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAA;wBACF,KAAK,IAAI,GAAG,CAAA;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,qBAAqB,EAAE,CAAA;IAC/C,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAA;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,6CAA6C,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAClH,QAAQ,EAAE,UAAU;SACrB,CAAC,CAAA;QACF,KAAK,IAAI,GAAG,CAAA;IACd,CAAC;IAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IAE1B,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,KAAK,EAAE,CAAA;AAC9C,CAAC;AAYD,SAAS,aAAa;IACpB,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,EAAE,CAAA;IACxC,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAA;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAA;IAAC,CAAC;AACpF,CAAC;AAED,SAAS,aAAa,CAAC,SAAqB;IAC1C,SAAS,CAAC,WAAW,CAAC,CAAA;IACtB,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,gBAAgB;AAC9F,CAAC;AAED,8BAA8B;AAC9B,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,QAAgB,EAAE,WAAmB,EAAE,MAAuC;IACtH,MAAM,SAAS,GAAG,aAAa,EAAE,CAAA;IACjC,SAAS,CAAC,IAAI,CAAC;QACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI;QACJ,QAAQ;QACR,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QACtC,MAAM;KACP,CAAC,CAAA;IACF,aAAa,CAAC,SAAS,CAAC,CAAA;AAC1B,CAAC;AAED,2BAA2B;AAC3B,MAAM,UAAU,YAAY,CAAC,KAAK,GAAG,EAAE;IACrC,OAAO,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAA;AACtC,CAAC;AAYD,MAAM,UAAU,eAAe;IAC7B,MAAM,SAAS,GAAG,qBAAqB,EAAE,CAAA;IACzC,MAAM,SAAS,GAAG,eAAe,EAAE,CAAA;IACnC,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,CAAC,CAAA;IAElC,MAAM,cAAc,GAAG;QACrB,KAAK,EAAE,SAAS,CAAC,MAAM;QACvB,EAAE,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,MAAM;QACnD,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,MAAM;QAC/D,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,MAAM;QACrD,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;KAC9D,CAAA;IAED,MAAM,eAAe,GAAa,EAAE,CAAA;IAEpC,IAAI,cAAc,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAChC,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,0FAA0F,CAAC,CAAA;IAC5I,CAAC;IACD,IAAI,cAAc,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,GAAG,4EAA4E,CAAC,CAAA;IACzH,CAAC;IACD,IAAI,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,EAAE,CAAC;QACnE,eAAe,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;IACvG,CAAC;IACD,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;QAC7E,eAAe,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAA;IAClG,CAAC;IAED,MAAM,aAAa,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,GAAG,cAAc,CAAC,QAAQ,CAAA;IACjH,MAAM,aAAa,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAA;IAEtG,OAAO;QACL,eAAe,EAAE,cAAc;QAC/B,SAAS;QACT,eAAe,EAAE,SAAS;QAC1B,aAAa;QACb,eAAe;KAChB,CAAA;AACH,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kernel.chat/kbot",
3
- "version": "3.27.0",
3
+ "version": "3.28.0",
4
4
  "description": "The only AI agent that builds its own tools. Machine-aware situated intelligence: full hardware profiling (CPU, GPU, RAM, display, battery, dev tools), resource-adaptive tool pipeline, memory-pressure throttling, GPU-accelerated model routing. Multi-channel cognitive engine: email agent, iMessage agent, consultation pipeline, Trader agent with paper trading, 26 specialist agents, 300+ tools, 20 providers. Synthesis Engine: closed-loop intelligence compounding. Runtime tool forging, Forge Registry, autopoietic health, immune self-audit. Cost-aware model routing, fallback chains, Bayesian skill routing. Embedded llama.cpp, MCP server, SDK. MIT.",
5
5
  "type": "module",
6
6
  "repository": {