@kernel.chat/kbot 3.99.31 → 3.99.33

package/dist/plugins-integrity.js

@@ -0,0 +1,153 @@
+/**
+ * Plugin integrity verification — fail-closed SHA-256 manifest checking.
+ *
+ * Ports OpenClaw's `plugins.json5` integrity-pinned plugin model. Plugins must
+ * be declared in a manifest with a SHA-256 hash; the loader verifies the file
+ * on disk against the manifest entry and refuses to load on drift.
+ *
+ * Manifest format here is plain JSON. If we add a JSON5 dep later (e.g.
+ * `json5`), swap `JSON.parse` for `JSON5.parse` and accept `.json5` files.
+ */
+import { createHash } from 'node:crypto';
+import { readFile, stat } from 'node:fs/promises';
+import { resolve, isAbsolute } from 'node:path';
+export class IntegrityError extends Error {
+    failed;
+    constructor(failed) {
+        const names = failed.map((f) => `${f.name} (${f.reason})`).join(', ');
+        super(`Plugin integrity check failed: ${names}`);
+        this.name = 'IntegrityError';
+        this.failed = failed;
+    }
+}
+const INTEGRITY_PREFIX = 'sha256-';
+function isManifestEntry(v) {
+    if (!v || typeof v !== 'object')
+        return false;
+    const e = v;
+    return (typeof e.name === 'string' &&
+        typeof e.version === 'string' &&
+        typeof e.path === 'string' &&
+        typeof e.integrity === 'string' &&
+        e.integrity.startsWith(INTEGRITY_PREFIX));
+}
+function isManifest(v) {
+    if (!v || typeof v !== 'object')
+        return false;
+    const m = v;
+    if (m.schemaVersion !== 1)
+        return false;
+    if (!Array.isArray(m.plugins))
+        return false;
+    return m.plugins.every(isManifestEntry);
+}
+/**
+ * Load and validate a manifest from disk. Throws on missing file, invalid
+ * JSON, or schema violation.
+ */
+export async function loadManifest(path) {
+    let raw;
+    try {
+        raw = await readFile(path, 'utf8');
+    }
+    catch (err) {
+        throw new Error(`Failed to read manifest at ${path}: ${err.message}`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new Error(`Manifest is not valid JSON: ${err.message}`);
+    }
+    if (!isManifest(parsed)) {
+        throw new Error(`Manifest at ${path} is malformed: expected { schemaVersion: 1, plugins: [{name, version, path, integrity: "sha256-..."}] }`);
+    }
+    return parsed;
+}
+/**
+ * Compute SHA-256 of a file and return it formatted as `sha256-<base64>`.
+ */
+async function computeIntegrity(filePath) {
+    const buf = await readFile(filePath);
+    const digest = createHash('sha256').update(buf).digest('base64');
+    return `${INTEGRITY_PREFIX}${digest}`;
+}
+/**
+ * Verify a single plugin file against its manifest entry.
+ *
+ * - Missing file → `{ ok: false, reason: "plugin file missing" }`
+ * - Hash mismatch → `{ ok: false, reason: "integrity drift" }`
+ * - Match → `{ ok: true }`
+ */
+export async function verifyPlugin(filePath, manifestEntry) {
+    try {
+        const s = await stat(filePath);
+        if (!s.isFile()) {
+            return {
+                ok: false,
+                reason: 'plugin file missing',
+                expected: manifestEntry.integrity,
+                actual: '',
+            };
+        }
+    }
+    catch {
+        return {
+            ok: false,
+            reason: 'plugin file missing',
+            expected: manifestEntry.integrity,
+            actual: '',
+        };
+    }
+    const actual = await computeIntegrity(filePath);
+    if (actual !== manifestEntry.integrity) {
+        return {
+            ok: false,
+            reason: 'integrity drift',
+            expected: manifestEntry.integrity,
+            actual,
+        };
+    }
+    return { ok: true };
+}
+/**
+ * Verify every plugin in a manifest against the corresponding files under
+ * `pluginsDir`. Resolves entry paths relative to `pluginsDir` unless
+ * absolute.
+ *
+ * Always returns a result; never throws on drift. Callers should pass the
+ * result to `enforce()` to fail closed.
+ */
+export async function verifyAllPlugins(manifestPath, pluginsDir) {
+    const manifest = await loadManifest(manifestPath);
+    const verified = [];
+    const failed = [];
+    for (const entry of manifest.plugins) {
+        const filePath = isAbsolute(entry.path) ? entry.path : resolve(pluginsDir, entry.path);
+        const result = await verifyPlugin(filePath, entry);
+        if (result.ok) {
+            verified.push(entry.name);
+        }
+        else {
+            failed.push({
+                name: entry.name,
+                reason: result.reason,
+                expected: result.expected,
+                actual: result.actual,
+            });
+        }
+    }
+    return { verified, failed };
+}
+/**
+ * Fail-closed gate. Throws `IntegrityError` if any plugin failed verification.
+ * No-op when all plugins are verified. Loaders should call this unless
+ * integrity checking has been explicitly disabled (e.g. dev override).
+ */
+export function enforce(result) {
+    if (result.failed.length > 0) {
+        throw new IntegrityError(result.failed);
+    }
+}
+//# sourceMappingURL=plugins-integrity.js.map

package/dist/plugins.d.ts

@@ -1,3 +1,14 @@
+export interface LoadPluginsOptions {
+    /** Override the plugin directory (used by tests). Defaults to ~/.kbot/plugins. */
+    pluginsDir?: string;
+    /** Override the integrity manifest path. Defaults to ~/.kbot/plugins.json. */
+    manifestPath?: string;
+    /**
+     * Override the integrity-disabled flag. Defaults to reading
+     * `process.env.KBOT_PLUGIN_INTEGRITY === 'off'`.
+     */
+    integrityDisabled?: boolean;
+}
 export interface PluginDefinition {
     name: string;
     description: string;
@@ -18,9 +29,9 @@ export interface PluginManifest {
     error?: string;
 }
 /** Ensure the plugins directory exists */
-export declare function ensurePluginsDir(): string;
+export declare function ensurePluginsDir(dir?: string): string;
 /** Load all plugins from ~/.kbot/plugins/ */
-export declare function loadPlugins(verbose?: boolean): Promise<PluginManifest[]>;
+export declare function loadPlugins(verbose?: boolean, opts?: LoadPluginsOptions): Promise<PluginManifest[]>;
 /** List loaded plugins */
 export declare function getLoadedPlugins(): PluginManifest[];
 /** Format plugin list for display */

package/dist/plugins.js

@@ -14,23 +14,82 @@ import { existsSync, readdirSync, mkdirSync, writeFileSync, statSync } from 'nod
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { pathToFileURL } from 'node:url';
+import chalk from 'chalk';
 import { registerTool } from './tools/index.js';
+import { IntegrityError, verifyAllPlugins, enforce, } from './plugins-integrity.js';
 const PLUGINS_DIR = join(homedir(), '.kbot', 'plugins');
 const PLUGIN_EXTENSIONS = ['.js', '.mjs'];
+/**
+ * Default integrity manifest path. Override with KBOT_PLUGIN_MANIFEST env var
+ * or the `manifestPath` option to `loadPlugins`.
+ */
+const DEFAULT_MANIFEST_PATH = join(homedir(), '.kbot', 'plugins.json');
 const loadedPlugins = [];
 /** Ensure the plugins directory exists */
-export function ensurePluginsDir() {
-    if (!existsSync(PLUGINS_DIR)) {
-        mkdirSync(PLUGINS_DIR, { recursive: true });
+export function ensurePluginsDir(dir = PLUGINS_DIR) {
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    return dir;
+}
+/**
+ * Run the integrity manifest gate before discovery.
+ *
+ * Behaviour:
+ *   - If KBOT_PLUGIN_INTEGRITY=off (or `opts.integrityDisabled === true`):
+ *     emit a yellow warning and return `null` (verification skipped, all
+ *     discovered plugins will load).
+ *   - If the manifest file does not exist: emit a yellow info note and
+ *     return `null` (back-compat — manifest is optional today).
+ *   - If the manifest exists and verifies: return the `VerifyAllResult` so
+ *     the caller can restrict loads to `result.verified`.
+ *   - If the manifest exists and any plugin fails: throw `IntegrityError`
+ *     (kbot refuses to start).
+ */
+async function runIntegrityGate(manifestPath, pluginsDir, integrityDisabled) {
+    if (integrityDisabled) {
+        console.error(chalk.yellow(`  ⚠ Plugin integrity verification is DISABLED (KBOT_PLUGIN_INTEGRITY=off). ` +
+            `Plugins under ${pluginsDir} will load without hash checking.`));
+        return null;
+    }
+    if (!existsSync(manifestPath)) {
+        console.error(chalk.yellow(`  ⚠ no plugin manifest at ${manifestPath} — plugins are unverified. ` +
+            `Create one to pin plugins by SHA-256 (see PLUGINS_INTEGRITY.md).`));
+        return null;
+    }
+    // verifyAllPlugins resolves manifest entry paths against pluginsDir, so the
+    // file layout is: <pluginsDir>/<entry.path> matches the hash in the manifest.
+    try {
+        const result = await verifyAllPlugins(manifestPath, pluginsDir);
+        if (result.failed.length > 0) {
+            const lines = result.failed
+                .map((f) => `    - ${f.name}: ${f.reason}`)
+                .join('\n');
+            console.error(chalk.red(`  ✗ Plugin integrity check failed for ${result.failed.length} plugin(s):\n${lines}\n` +
+                `    Manifest: ${manifestPath}\n` +
+                `    To refresh hashes, recompute SHA-256 for each plugin file and update the manifest. ` +
+                `Set KBOT_PLUGIN_INTEGRITY=off ONLY for local dev; never in production.`));
+            enforce(result); // throws IntegrityError
+        }
+        return result;
+    }
+    catch (err) {
+        if (err instanceof IntegrityError)
+            throw err;
+        // loadManifest threw (malformed JSON, schema violation, etc.) — fail closed.
+        console.error(chalk.red(`  ✗ Failed to load plugin integrity manifest at ${manifestPath}: ${err.message}`));
+        throw err;
     }
-    return PLUGINS_DIR;
 }
 /** Load all plugins from ~/.kbot/plugins/ */
-export async function loadPlugins(verbose = false) {
-    ensurePluginsDir();
+export async function loadPlugins(verbose = false, opts = {}) {
+    const pluginsDir = opts.pluginsDir ?? PLUGINS_DIR;
+    const manifestPath = opts.manifestPath ?? process.env.KBOT_PLUGIN_MANIFEST ?? DEFAULT_MANIFEST_PATH;
+    const integrityDisabled = opts.integrityDisabled ?? process.env.KBOT_PLUGIN_INTEGRITY === 'off';
+    ensurePluginsDir(pluginsDir);
     // Security: reject plugins if directory is world/group-writable
     try {
-        const dirStat = statSync(PLUGINS_DIR);
+        const dirStat = statSync(pluginsDir);
         if ((dirStat.mode & 0o022) !== 0) {
             if (verbose)
                 console.error('  ⚠ Plugin directory is writable by others — skipping plugins for security');
@@ -40,13 +99,31 @@ export async function loadPlugins(verbose = false) {
     catch {
         return [];
     }
-    const files = readdirSync(PLUGINS_DIR).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
+    // Integrity gate — runs BEFORE any file is imported. Throws IntegrityError
+    // on drift unless KBOT_PLUGIN_INTEGRITY=off.
+    const integrity = await runIntegrityGate(manifestPath, pluginsDir, integrityDisabled);
+    // When a manifest verified successfully, restrict loads to verified names.
+    // When the manifest is missing or integrity is disabled, allow every file.
+    const verifiedNames = integrity
+        ? new Set(integrity.verified)
+        : null;
+    const files = readdirSync(pluginsDir).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
     if (files.length === 0)
         return [];
     for (const file of files) {
+        const pluginName = file.replace(/\.[^.]+$/, '');
+        // When manifest verification ran, only load plugins whose name appears in
+        // the verified set. Files not declared in the manifest are silently
+        // skipped (they did not pass — and could not have passed — verification).
+        if (verifiedNames && !verifiedNames.has(pluginName)) {
+            if (verbose) {
+                console.error(chalk.yellow(`  ⚠ Skipping ${file} — not declared in plugin manifest`));
+            }
+            continue;
+        }
         // Security: reject plugin files that are group/world-writable
         try {
-            const fileStat = statSync(join(PLUGINS_DIR, file));
+            const fileStat = statSync(join(pluginsDir, file));
             if ((fileStat.mode & 0o022) !== 0) {
                 loadedPlugins.push({
                     name: file.replace(/\.[^.]+$/, ''),
@@ -61,7 +138,7 @@ export async function loadPlugins(verbose = false) {
         catch {
             continue;
         }
-        const filePath = join(PLUGINS_DIR, file);
+        const filePath = join(pluginsDir, file);
         const manifest = {
             name: file.replace(/\.[^.]+$/, ''),
             file,

package/dist/tools/anthropic-managed-agents-tools.d.ts

@@ -0,0 +1,22 @@
+/**
+ * kbot tool definitions wrapping the Anthropic Managed Agents client.
+ *
+ * Six tools mirror the client surface: create / turn / list / close /
+ * memory_read / memory_write. Each uses the canonical ToolDefinition shape
+ * from ./index.js.
+ *
+ * Wiring into the global tool registry happens elsewhere (tools/index.ts).
+ * This file only exports the definitions so workspace-agents.ts can pick
+ * them up when ANTHROPIC_API_KEY is set.
+ *
+ * SPEC: best-effort, refine when official docs published.
+ */
+import type { ToolDefinition } from './index.js';
+export declare const anthropicManagedAgentCreate: ToolDefinition;
+export declare const anthropicManagedAgentTurn: ToolDefinition;
+export declare const anthropicManagedAgentList: ToolDefinition;
+export declare const anthropicManagedAgentClose: ToolDefinition;
+export declare const anthropicManagedAgentMemoryRead: ToolDefinition;
+export declare const anthropicManagedAgentMemoryWrite: ToolDefinition;
+export declare const anthropicManagedAgentTools: ToolDefinition[];
+//# sourceMappingURL=anthropic-managed-agents-tools.d.ts.map

package/dist/tools/anthropic-managed-agents-tools.js

@@ -0,0 +1,191 @@
+/**
+ * kbot tool definitions wrapping the Anthropic Managed Agents client.
+ *
+ * Six tools mirror the client surface: create / turn / list / close /
+ * memory_read / memory_write. Each uses the canonical ToolDefinition shape
+ * from ./index.js.
+ *
+ * Wiring into the global tool registry happens elsewhere (tools/index.ts).
+ * This file only exports the definitions so workspace-agents.ts can pick
+ * them up when ANTHROPIC_API_KEY is set.
+ *
+ * SPEC: best-effort, refine when official docs published.
+ */
+import { AnthropicManagedAgentsClient } from '../managed-agents-anthropic.js';
+// ─────────────────────────────────────────────────────────────────────────
+// Helpers
+// ─────────────────────────────────────────────────────────────────────────
+function getClient() {
+    // Construct fresh per call so callers can rotate API keys without
+    // restarting the process. The constructor cost is trivial (just a string
+    // copy and a fetch reference).
+    return new AnthropicManagedAgentsClient();
+}
+function asString(v) {
+    return typeof v === 'string' ? v : undefined;
+}
+function asStringArray(v) {
+    if (!Array.isArray(v))
+        return undefined;
+    const out = [];
+    for (const item of v) {
+        if (typeof item === 'string')
+            out.push(item);
+    }
+    return out;
+}
+async function safeRun(fn) {
+    try {
+        const result = await fn();
+        return JSON.stringify(result, null, 2);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return `Error: ${message}`;
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Tools
+// ─────────────────────────────────────────────────────────────────────────
+export const anthropicManagedAgentCreate = {
+    name: 'anthropic_managed_agent_create',
+    description: 'Create a hosted Anthropic Managed Agent session. Returns session_id. Requires ANTHROPIC_API_KEY. Sends anthropic-beta: managed-agents-2026-04-01.',
+    tier: 'pro',
+    parameters: {
+        mission: {
+            type: 'string',
+            description: 'The agent\'s long-horizon goal / mission statement.',
+            required: true,
+        },
+        allowed_tools: {
+            type: 'array',
+            description: 'Optional list of tool names the hosted agent may invoke.',
+            items: { type: 'string' },
+        },
+        model: {
+            type: 'string',
+            description: 'Optional model override (e.g., "claude-sonnet-4-7").',
+        },
+    },
+    async execute(args) {
+        return safeRun(async () => {
+            const mission = asString(args.mission) ?? '';
+            const allowedTools = asStringArray(args.allowed_tools);
+            const model = asString(args.model);
+            return getClient().createSession({ mission, allowedTools, model });
+        });
+    },
+};
+export const anthropicManagedAgentTurn = {
+    name: 'anthropic_managed_agent_turn',
+    description: 'Send a turn (user input) to an Anthropic Managed Agent session. Returns the agent output and any tool calls.',
+    tier: 'pro',
+    parameters: {
+        session_id: {
+            type: 'string',
+            description: 'Session id returned by anthropic_managed_agent_create.',
+            required: true,
+        },
+        input: {
+            type: 'string',
+            description: 'The user-side input for this turn.',
+            required: true,
+        },
+    },
+    async execute(args) {
+        return safeRun(async () => {
+            const sessionId = asString(args.session_id) ?? '';
+            const input = asString(args.input) ?? '';
+            return getClient().sendTurn({ sessionId, input });
+        });
+    },
+};
+export const anthropicManagedAgentList = {
+    name: 'anthropic_managed_agent_list',
+    description: 'List all hosted Anthropic Managed Agent sessions for the configured API key.',
+    tier: 'pro',
+    parameters: {},
+    async execute() {
+        return safeRun(async () => getClient().listSessions());
+    },
+};
+export const anthropicManagedAgentClose = {
+    name: 'anthropic_managed_agent_close',
+    description: 'Close (DELETE) a hosted Anthropic Managed Agent session.',
+    tier: 'pro',
+    parameters: {
+        session_id: {
+            type: 'string',
+            description: 'Session id to close.',
+            required: true,
+        },
+    },
+    async execute(args) {
+        return safeRun(async () => {
+            const sessionId = asString(args.session_id) ?? '';
+            return getClient().closeSession({ sessionId });
+        });
+    },
+};
+export const anthropicManagedAgentMemoryRead = {
+    name: 'anthropic_managed_agent_memory_read',
+    description: 'Read a memory value from a hosted Anthropic Managed Agent session. Pass key to read a single entry; omit key for the full memory.',
+    tier: 'pro',
+    parameters: {
+        session_id: {
+            type: 'string',
+            description: 'Session id.',
+            required: true,
+        },
+        key: {
+            type: 'string',
+            description: 'Optional memory key. If omitted, returns the full memory.',
+        },
+    },
+    async execute(args) {
+        return safeRun(async () => {
+            const sessionId = asString(args.session_id) ?? '';
+            const key = asString(args.key);
+            return getClient().memoryRead({ sessionId, key });
+        });
+    },
+};
+export const anthropicManagedAgentMemoryWrite = {
+    name: 'anthropic_managed_agent_memory_write',
+    description: 'Write a memory value to a hosted Anthropic Managed Agent session.',
+    tier: 'pro',
+    parameters: {
+        session_id: {
+            type: 'string',
+            description: 'Session id.',
+            required: true,
+        },
+        key: {
+            type: 'string',
+            description: 'Memory key to write.',
+            required: true,
+        },
+        value: {
+            type: 'string',
+            description: 'Value to store. Strings are stored as-is; if the value is a JSON string it is forwarded verbatim.',
+            required: true,
+        },
+    },
+    async execute(args) {
+        return safeRun(async () => {
+            const sessionId = asString(args.session_id) ?? '';
+            const key = asString(args.key) ?? '';
+            const value = args.value;
+            return getClient().memoryWrite({ sessionId, key, value });
+        });
+    },
+};
+export const anthropicManagedAgentTools = [
+    anthropicManagedAgentCreate,
+    anthropicManagedAgentTurn,
+    anthropicManagedAgentList,
+    anthropicManagedAgentClose,
+    anthropicManagedAgentMemoryRead,
+    anthropicManagedAgentMemoryWrite,
+];
+//# sourceMappingURL=anthropic-managed-agents-tools.js.map

package/dist/tools/channel-tools.d.ts

@@ -0,0 +1,4 @@
+import type { ToolDefinition } from './index.js';
+export declare const channelSendTool: ToolDefinition;
+export declare const channelReceiveTool: ToolDefinition;
+//# sourceMappingURL=channel-tools.d.ts.map

package/dist/tools/channel-tools.js

@@ -0,0 +1,80 @@
+// kbot tool definitions for the unified channel adapter family.
+//
+// These tools are NOT auto-registered. Whoever wires them in (cli.ts,
+// a plugin, or an agent prompt) should call `registerTool(channelSendTool)`
+// and `registerTool(channelReceiveTool)`. Keeping registration external
+// preserves the CURATION_PLAN.md target of 52 core tools.
+import { getChannel } from '../channels/registry.js';
+export const channelSendTool = {
+    name: 'channel_send',
+    description: 'Send a message through a unified channel adapter (slack, whatsapp, telegram, signal, matrix, teams). Slack is fully implemented; others are stubs and will throw until implemented.',
+    tier: 'pro',
+    parameters: {
+        channel_type: {
+            type: 'string',
+            description: 'Adapter name: slack | whatsapp | telegram | signal | matrix | teams',
+            required: true,
+        },
+        channel: {
+            type: 'string',
+            description: 'Target channel/chat/room id understood by the adapter',
+            required: true,
+        },
+        text: {
+            type: 'string',
+            description: 'Plain-text message body',
+            required: true,
+        },
+        blocks: {
+            type: 'array',
+            description: 'Optional rich content (Slack blocks, etc.)',
+            required: false,
+        },
+    },
+    async execute(args) {
+        const adapter = getChannel(String(args.channel_type));
+        const result = await adapter.send({
+            channel: String(args.channel),
+            text: String(args.text),
+            blocks: args.blocks,
+        });
+        return JSON.stringify({ ok: true, adapter: adapter.name, ...result });
+    },
+};
+export const channelReceiveTool = {
+    name: 'channel_receive',
+    description: 'Fetch recent messages from a unified channel adapter. Returns a JSON array of {id, from, text, ts}.',
+    tier: 'pro',
+    parameters: {
+        channel_type: {
+            type: 'string',
+            description: 'Adapter name: slack | whatsapp | telegram | signal | matrix | teams',
+            required: true,
+        },
+        channel: {
+            type: 'string',
+            description: 'Source channel/chat/room id',
+            required: true,
+        },
+        oldest: {
+            type: 'number',
+            description: 'Unix epoch ms; only return messages newer than this',
+            required: false,
+        },
+        limit: {
+            type: 'number',
+            description: 'Maximum messages to return',
+            required: false,
+        },
+    },
+    async execute(args) {
+        const adapter = getChannel(String(args.channel_type));
+        const messages = await adapter.receive({
+            channel: String(args.channel),
+            oldest: args.oldest === undefined ? undefined : Number(args.oldest),
+            limit: args.limit === undefined ? undefined : Number(args.limit),
+        });
+        return JSON.stringify({ ok: true, adapter: adapter.name, messages });
+    },
+};
+//# sourceMappingURL=channel-tools.js.map

package/dist/tools/computer-coordinator-tools.d.ts

@@ -0,0 +1,13 @@
+export interface ToolDef {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+    handler: (args: Record<string, unknown>) => Promise<unknown> | unknown;
+}
+export declare const computerCoordinatorRegister: ToolDef;
+export declare const computerCoordinatorClaim: ToolDef;
+export declare const computerCoordinatorRelease: ToolDef;
+export declare const computerCoordinatorStatus: ToolDef;
+export declare const computerCoordinatorUnregister: ToolDef;
+export declare const computerCoordinatorTools: ToolDef[];
+//# sourceMappingURL=computer-coordinator-tools.d.ts.map