@kernel.chat/kbot 3.99.31 → 3.99.34

package/dist/managed-agents-anthropic.js

@@ -0,0 +1,123 @@
+/**
+ * Anthropic Managed Agents client (April 2026 launch).
+ *
+ * Hosted long-horizon agent platform. This module is a STANDALONE backend
+ * that workspace agents can route through when ANTHROPIC_API_KEY is set.
+ * Wiring into ./workspace-agents.ts happens in a follow-up pass.
+ *
+ * Beta header: `anthropic-beta: managed-agents-2026-04-01` is sent on every
+ * request.
+ *
+ * SPEC: best-effort, refine when official docs published.
+ * Endpoint shape mirrors the public beta announcement; refine when the
+ * official OpenAPI spec lands.
+ */
+const DEFAULT_BASE_URL = 'https://api.anthropic.com/v1';
+const BETA_HEADER_VALUE = 'managed-agents-2026-04-01';
+const ANTHROPIC_VERSION = '2023-06-01';
+export class AnthropicManagedAgentsError extends Error {
+    status;
+    body;
+    constructor(message, status, body) {
+        super(message);
+        this.name = 'AnthropicManagedAgentsError';
+        this.status = status;
+        this.body = body;
+    }
+}
+export class AnthropicManagedAgentsClient {
+    apiKey;
+    baseUrl;
+    fetchImpl;
+    constructor(opts = {}) {
+        const apiKey = opts.apiKey ?? process.env.ANTHROPIC_API_KEY;
+        if (!apiKey) {
+            throw new Error('AnthropicManagedAgentsClient: ANTHROPIC_API_KEY is not set');
+        }
+        this.apiKey = apiKey;
+        this.baseUrl = (opts.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, '');
+        this.fetchImpl = opts.fetchImpl ?? fetch;
+    }
+    // ── Sessions ────────────────────────────────────────────────────────────
+    async createSession(input) {
+        if (!input.mission || !input.mission.trim()) {
+            throw new Error('createSession: mission is required');
+        }
+        const body = { mission: input.mission };
+        if (input.model)
+            body.model = input.model;
+        if (input.allowedTools)
+            body.tools = input.allowedTools;
+        return this.request('POST', '/agents/sessions', body);
+    }
+    async sendTurn(input) {
+        if (!input.sessionId)
+            throw new Error('sendTurn: sessionId is required');
+        return this.request('POST', `/agents/sessions/${encodeURIComponent(input.sessionId)}/turns`, { input: input.input });
+    }
+    async getSession(input) {
+        if (!input.sessionId)
+            throw new Error('getSession: sessionId is required');
+        return this.request('GET', `/agents/sessions/${encodeURIComponent(input.sessionId)}`);
+    }
+    async listSessions() {
+        return this.request('GET', '/agents/sessions');
+    }
+    async closeSession(input) {
+        if (!input.sessionId) {
+            throw new Error('closeSession: sessionId is required');
+        }
+        return this.request('DELETE', `/agents/sessions/${encodeURIComponent(input.sessionId)}`);
+    }
+    // ── Memory ──────────────────────────────────────────────────────────────
+    async memoryRead(input) {
+        if (!input.sessionId)
+            throw new Error('memoryRead: sessionId is required');
+        const path = input.key
+            ? `/agents/sessions/${encodeURIComponent(input.sessionId)}/memory/${encodeURIComponent(input.key)}`
+            : `/agents/sessions/${encodeURIComponent(input.sessionId)}/memory`;
+        return this.request('GET', path);
+    }
+    async memoryWrite(input) {
+        if (!input.sessionId)
+            throw new Error('memoryWrite: sessionId is required');
+        if (!input.key)
+            throw new Error('memoryWrite: key is required');
+        return this.request('POST', `/agents/sessions/${encodeURIComponent(input.sessionId)}/memory`, { key: input.key, value: input.value });
+    }
+    // ── Internals ───────────────────────────────────────────────────────────
+    async request(method, path, body) {
+        const url = `${this.baseUrl}${path}`;
+        const headers = {
+            'x-api-key': this.apiKey,
+            'anthropic-version': ANTHROPIC_VERSION,
+            'anthropic-beta': BETA_HEADER_VALUE,
+        };
+        const init = { method, headers };
+        if (body !== undefined && method !== 'GET') {
+            headers['content-type'] = 'application/json';
+            init.body = JSON.stringify(body);
+        }
+        let res;
+        try {
+            res = await this.fetchImpl(url, init);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new AnthropicManagedAgentsError(`network error contacting ${url}: ${msg}`, 0, '');
+        }
+        const text = await res.text();
+        if (!res.ok) {
+            throw new AnthropicManagedAgentsError(`Anthropic Managed Agents ${method} ${path} failed: ${res.status} ${res.statusText}`, res.status, text);
+        }
+        if (!text)
+            return {};
+        try {
+            return JSON.parse(text);
+        }
+        catch {
+            throw new AnthropicManagedAgentsError(`Anthropic Managed Agents ${method} ${path} returned non-JSON body`, res.status, text);
+        }
+    }
+}
+//# sourceMappingURL=managed-agents-anthropic.js.map

package/dist/plugins-integrity.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Plugin integrity verification — fail-closed SHA-256 manifest checking.
+ *
+ * Ports OpenClaw's `plugins.json5` integrity-pinned plugin model. Plugins must
+ * be declared in a manifest with a SHA-256 hash; the loader verifies the file
+ * on disk against the manifest entry and refuses to load on drift.
+ *
+ * Manifest format here is plain JSON. If we add a JSON5 dep later (e.g.
+ * `json5`), swap `JSON.parse` for `JSON5.parse` and accept `.json5` files.
+ */
+export interface ManifestEntry {
+    name: string;
+    version: string;
+    /** Path relative to the plugins directory (e.g. ~/.kbot/plugins). */
+    path: string;
+    /** SHA-256 hash, base64-encoded, prefixed with "sha256-". */
+    integrity: string;
+}
+export interface Manifest {
+    schemaVersion: 1;
+    plugins: ManifestEntry[];
+}
+export type VerifyResult = {
+    ok: true;
+} | {
+    ok: false;
+    reason: string;
+    expected: string;
+    actual: string;
+};
+export interface VerifyAllResult {
+    verified: string[];
+    failed: Array<{
+        name: string;
+        reason: string;
+        expected?: string;
+        actual?: string;
+    }>;
+}
+export declare class IntegrityError extends Error {
+    failed: VerifyAllResult['failed'];
+    constructor(failed: VerifyAllResult['failed']);
+}
+/**
+ * Load and validate a manifest from disk. Throws on missing file, invalid
+ * JSON, or schema violation.
+ */
+export declare function loadManifest(path: string): Promise<Manifest>;
+/**
+ * Verify a single plugin file against its manifest entry.
+ *
+ * - Missing file → `{ ok: false, reason: "plugin file missing" }`
+ * - Hash mismatch → `{ ok: false, reason: "integrity drift" }`
+ * - Match → `{ ok: true }`
+ */
+export declare function verifyPlugin(filePath: string, manifestEntry: ManifestEntry): Promise<VerifyResult>;
+/**
+ * Verify every plugin in a manifest against the corresponding files under
+ * `pluginsDir`. Resolves entry paths relative to `pluginsDir` unless
+ * absolute.
+ *
+ * Always returns a result; never throws on drift. Callers should pass the
+ * result to `enforce()` to fail closed.
+ */
+export declare function verifyAllPlugins(manifestPath: string, pluginsDir: string): Promise<VerifyAllResult>;
+/**
+ * Fail-closed gate. Throws `IntegrityError` if any plugin failed verification.
+ * No-op when all plugins are verified. Loaders should call this unless
+ * integrity checking has been explicitly disabled (e.g. dev override).
+ */
+export declare function enforce(result: VerifyAllResult): void;
+//# sourceMappingURL=plugins-integrity.d.ts.map

package/dist/plugins-integrity.js

@@ -0,0 +1,153 @@
+/**
+ * Plugin integrity verification — fail-closed SHA-256 manifest checking.
+ *
+ * Ports OpenClaw's `plugins.json5` integrity-pinned plugin model. Plugins must
+ * be declared in a manifest with a SHA-256 hash; the loader verifies the file
+ * on disk against the manifest entry and refuses to load on drift.
+ *
+ * Manifest format here is plain JSON. If we add a JSON5 dep later (e.g.
+ * `json5`), swap `JSON.parse` for `JSON5.parse` and accept `.json5` files.
+ */
+import { createHash } from 'node:crypto';
+import { readFile, stat } from 'node:fs/promises';
+import { resolve, isAbsolute } from 'node:path';
+export class IntegrityError extends Error {
+    failed;
+    constructor(failed) {
+        const names = failed.map((f) => `${f.name} (${f.reason})`).join(', ');
+        super(`Plugin integrity check failed: ${names}`);
+        this.name = 'IntegrityError';
+        this.failed = failed;
+    }
+}
+const INTEGRITY_PREFIX = 'sha256-';
+function isManifestEntry(v) {
+    if (!v || typeof v !== 'object')
+        return false;
+    const e = v;
+    return (typeof e.name === 'string' &&
+        typeof e.version === 'string' &&
+        typeof e.path === 'string' &&
+        typeof e.integrity === 'string' &&
+        e.integrity.startsWith(INTEGRITY_PREFIX));
+}
+function isManifest(v) {
+    if (!v || typeof v !== 'object')
+        return false;
+    const m = v;
+    if (m.schemaVersion !== 1)
+        return false;
+    if (!Array.isArray(m.plugins))
+        return false;
+    return m.plugins.every(isManifestEntry);
+}
+/**
+ * Load and validate a manifest from disk. Throws on missing file, invalid
+ * JSON, or schema violation.
+ */
+export async function loadManifest(path) {
+    let raw;
+    try {
+        raw = await readFile(path, 'utf8');
+    }
+    catch (err) {
+        throw new Error(`Failed to read manifest at ${path}: ${err.message}`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new Error(`Manifest is not valid JSON: ${err.message}`);
+    }
+    if (!isManifest(parsed)) {
+        throw new Error(`Manifest at ${path} is malformed: expected { schemaVersion: 1, plugins: [{name, version, path, integrity: "sha256-..."}] }`);
+    }
+    return parsed;
+}
+/**
+ * Compute SHA-256 of a file and return it formatted as `sha256-<base64>`.
+ */
+async function computeIntegrity(filePath) {
+    const buf = await readFile(filePath);
+    const digest = createHash('sha256').update(buf).digest('base64');
+    return `${INTEGRITY_PREFIX}${digest}`;
+}
+/**
+ * Verify a single plugin file against its manifest entry.
+ *
+ * - Missing file → `{ ok: false, reason: "plugin file missing" }`
+ * - Hash mismatch → `{ ok: false, reason: "integrity drift" }`
+ * - Match → `{ ok: true }`
+ */
+export async function verifyPlugin(filePath, manifestEntry) {
+    try {
+        const s = await stat(filePath);
+        if (!s.isFile()) {
+            return {
+                ok: false,
+                reason: 'plugin file missing',
+                expected: manifestEntry.integrity,
+                actual: '',
+            };
+        }
+    }
+    catch {
+        return {
+            ok: false,
+            reason: 'plugin file missing',
+            expected: manifestEntry.integrity,
+            actual: '',
+        };
+    }
+    const actual = await computeIntegrity(filePath);
+    if (actual !== manifestEntry.integrity) {
+        return {
+            ok: false,
+            reason: 'integrity drift',
+            expected: manifestEntry.integrity,
+            actual,
+        };
+    }
+    return { ok: true };
+}
+/**
+ * Verify every plugin in a manifest against the corresponding files under
+ * `pluginsDir`. Resolves entry paths relative to `pluginsDir` unless
+ * absolute.
+ *
+ * Always returns a result; never throws on drift. Callers should pass the
+ * result to `enforce()` to fail closed.
+ */
+export async function verifyAllPlugins(manifestPath, pluginsDir) {
+    const manifest = await loadManifest(manifestPath);
+    const verified = [];
+    const failed = [];
+    for (const entry of manifest.plugins) {
+        const filePath = isAbsolute(entry.path) ? entry.path : resolve(pluginsDir, entry.path);
+        const result = await verifyPlugin(filePath, entry);
+        if (result.ok) {
+            verified.push(entry.name);
+        }
+        else {
+            failed.push({
+                name: entry.name,
+                reason: result.reason,
+                expected: result.expected,
+                actual: result.actual,
+            });
+        }
+    }
+    return { verified, failed };
+}
+/**
+ * Fail-closed gate. Throws `IntegrityError` if any plugin failed verification.
+ * No-op when all plugins are verified. Loaders should call this unless
+ * integrity checking has been explicitly disabled (e.g. dev override).
+ */
+export function enforce(result) {
+    if (result.failed.length > 0) {
+        throw new IntegrityError(result.failed);
+    }
+}
+//# sourceMappingURL=plugins-integrity.js.map

package/dist/plugins.d.ts

@@ -1,3 +1,14 @@
+export interface LoadPluginsOptions {
+    /** Override the plugin directory (used by tests). Defaults to ~/.kbot/plugins. */
+    pluginsDir?: string;
+    /** Override the integrity manifest path. Defaults to ~/.kbot/plugins.json. */
+    manifestPath?: string;
+    /**
+     * Override the integrity-disabled flag. Defaults to reading
+     * `process.env.KBOT_PLUGIN_INTEGRITY === 'off'`.
+     */
+    integrityDisabled?: boolean;
+}
 export interface PluginDefinition {
     name: string;
     description: string;
@@ -18,9 +29,9 @@ export interface PluginManifest {
     error?: string;
 }
 /** Ensure the plugins directory exists */
-export declare function ensurePluginsDir(): string;
+export declare function ensurePluginsDir(dir?: string): string;
 /** Load all plugins from ~/.kbot/plugins/ */
-export declare function loadPlugins(verbose?: boolean): Promise<PluginManifest[]>;
+export declare function loadPlugins(verbose?: boolean, opts?: LoadPluginsOptions): Promise<PluginManifest[]>;
 /** List loaded plugins */
 export declare function getLoadedPlugins(): PluginManifest[];
 /** Format plugin list for display */

package/dist/plugins.js

@@ -14,23 +14,82 @@ import { existsSync, readdirSync, mkdirSync, writeFileSync, statSync } from 'nod
 import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { pathToFileURL } from 'node:url';
+import chalk from 'chalk';
 import { registerTool } from './tools/index.js';
+import { IntegrityError, verifyAllPlugins, enforce, } from './plugins-integrity.js';
 const PLUGINS_DIR = join(homedir(), '.kbot', 'plugins');
 const PLUGIN_EXTENSIONS = ['.js', '.mjs'];
+/**
+ * Default integrity manifest path. Override with KBOT_PLUGIN_MANIFEST env var
+ * or the `manifestPath` option to `loadPlugins`.
+ */
+const DEFAULT_MANIFEST_PATH = join(homedir(), '.kbot', 'plugins.json');
 const loadedPlugins = [];
 /** Ensure the plugins directory exists */
-export function ensurePluginsDir() {
-    if (!existsSync(PLUGINS_DIR)) {
-        mkdirSync(PLUGINS_DIR, { recursive: true });
+export function ensurePluginsDir(dir = PLUGINS_DIR) {
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    return dir;
+}
+/**
+ * Run the integrity manifest gate before discovery.
+ *
+ * Behaviour:
+ *   - If KBOT_PLUGIN_INTEGRITY=off (or `opts.integrityDisabled === true`):
+ *     emit a yellow warning and return `null` (verification skipped, all
+ *     discovered plugins will load).
+ *   - If the manifest file does not exist: emit a yellow info note and
+ *     return `null` (back-compat — manifest is optional today).
+ *   - If the manifest exists and verifies: return the `VerifyAllResult` so
+ *     the caller can restrict loads to `result.verified`.
+ *   - If the manifest exists and any plugin fails: throw `IntegrityError`
+ *     (kbot refuses to start).
+ */
+async function runIntegrityGate(manifestPath, pluginsDir, integrityDisabled) {
+    if (integrityDisabled) {
+        console.error(chalk.yellow(`  ⚠ Plugin integrity verification is DISABLED (KBOT_PLUGIN_INTEGRITY=off). ` +
+            `Plugins under ${pluginsDir} will load without hash checking.`));
+        return null;
+    }
+    if (!existsSync(manifestPath)) {
+        console.error(chalk.yellow(`  ⚠ no plugin manifest at ${manifestPath} — plugins are unverified. ` +
+            `Create one to pin plugins by SHA-256 (see PLUGINS_INTEGRITY.md).`));
+        return null;
+    }
+    // verifyAllPlugins resolves manifest entry paths against pluginsDir, so the
+    // file layout is: <pluginsDir>/<entry.path> matches the hash in the manifest.
+    try {
+        const result = await verifyAllPlugins(manifestPath, pluginsDir);
+        if (result.failed.length > 0) {
+            const lines = result.failed
+                .map((f) => `    - ${f.name}: ${f.reason}`)
+                .join('\n');
+            console.error(chalk.red(`  ✗ Plugin integrity check failed for ${result.failed.length} plugin(s):\n${lines}\n` +
+                `    Manifest: ${manifestPath}\n` +
+                `    To refresh hashes, recompute SHA-256 for each plugin file and update the manifest. ` +
+                `Set KBOT_PLUGIN_INTEGRITY=off ONLY for local dev; never in production.`));
+            enforce(result); // throws IntegrityError
+        }
+        return result;
+    }
+    catch (err) {
+        if (err instanceof IntegrityError)
+            throw err;
+        // loadManifest threw (malformed JSON, schema violation, etc.) — fail closed.
+        console.error(chalk.red(`  ✗ Failed to load plugin integrity manifest at ${manifestPath}: ${err.message}`));
+        throw err;
     }
-    return PLUGINS_DIR;
 }
 /** Load all plugins from ~/.kbot/plugins/ */
-export async function loadPlugins(verbose = false) {
-    ensurePluginsDir();
+export async function loadPlugins(verbose = false, opts = {}) {
+    const pluginsDir = opts.pluginsDir ?? PLUGINS_DIR;
+    const manifestPath = opts.manifestPath ?? process.env.KBOT_PLUGIN_MANIFEST ?? DEFAULT_MANIFEST_PATH;
+    const integrityDisabled = opts.integrityDisabled ?? process.env.KBOT_PLUGIN_INTEGRITY === 'off';
+    ensurePluginsDir(pluginsDir);
     // Security: reject plugins if directory is world/group-writable
     try {
-        const dirStat = statSync(PLUGINS_DIR);
+        const dirStat = statSync(pluginsDir);
         if ((dirStat.mode & 0o022) !== 0) {
             if (verbose)
                 console.error('  ⚠ Plugin directory is writable by others — skipping plugins for security');
@@ -40,13 +99,31 @@ export async function loadPlugins(verbose = false) {
     catch {
         return [];
     }
-    const files = readdirSync(PLUGINS_DIR).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
+    // Integrity gate — runs BEFORE any file is imported. Throws IntegrityError
+    // on drift unless KBOT_PLUGIN_INTEGRITY=off.
+    const integrity = await runIntegrityGate(manifestPath, pluginsDir, integrityDisabled);
+    // When a manifest verified successfully, restrict loads to verified names.
+    // When the manifest is missing or integrity is disabled, allow every file.
+    const verifiedNames = integrity
+        ? new Set(integrity.verified)
+        : null;
+    const files = readdirSync(pluginsDir).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
     if (files.length === 0)
         return [];
     for (const file of files) {
+        const pluginName = file.replace(/\.[^.]+$/, '');
+        // When manifest verification ran, only load plugins whose name appears in
+        // the verified set. Files not declared in the manifest are silently
+        // skipped (they did not pass — and could not have passed — verification).
+        if (verifiedNames && !verifiedNames.has(pluginName)) {
+            if (verbose) {
+                console.error(chalk.yellow(`  ⚠ Skipping ${file} — not declared in plugin manifest`));
+            }
+            continue;
+        }
         // Security: reject plugin files that are group/world-writable
         try {
-            const fileStat = statSync(join(PLUGINS_DIR, file));
+            const fileStat = statSync(join(pluginsDir, file));
             if ((fileStat.mode & 0o022) !== 0) {
                 loadedPlugins.push({
                     name: file.replace(/\.[^.]+$/, ''),
@@ -61,7 +138,7 @@ export async function loadPlugins(verbose = false) {
         catch {
             continue;
         }
-        const filePath = join(PLUGINS_DIR, file);
+        const filePath = join(pluginsDir, file);
         const manifest = {
             name: file.replace(/\.[^.]+$/, ''),
             file,

package/dist/setup-editor.d.ts

@@ -0,0 +1,28 @@
+import { tmpdir } from 'node:os';
+export interface SetupOptions {
+    force?: boolean;
+    /** Override $HOME for testing. */
+    home?: string;
+    /** Override cwd for testing. */
+    cwd?: string;
+    /** Override the kbot binary path. */
+    kbotBin?: string;
+    /** Override the kbot-local-mcp script path. */
+    kbotLocalMcpPath?: string;
+    /** Override the bundled skill template path. */
+    skillTemplatePath?: string;
+}
+export interface SetupResult {
+    configPath: string;
+    mcpAdded: string[];
+    mcpAlreadyPresent: string[];
+    skillCopied?: string;
+    skillAlreadyPresent?: string;
+}
+export declare function setupClaudeCode(opts?: SetupOptions): SetupResult;
+export declare function setupCursor(opts?: SetupOptions): SetupResult;
+export declare function setupZed(opts?: SetupOptions): SetupResult;
+export declare const _testHelpers: {
+    tmpdir: typeof tmpdir;
+};
+//# sourceMappingURL=setup-editor.d.ts.map