@kernel.chat/kbot 3.99.34 → 4.0.0

package/dist/tools/index.js

@@ -12,6 +12,9 @@
 // Re-export the middleware pipeline system
 export { ToolPipeline, createDefaultPipeline, permissionMiddleware, hookMiddleware, timeoutMiddleware, metricsMiddleware, truncationMiddleware, telemetryMiddleware, executionMiddleware, fallbackMiddleware, mcpAppsMiddleware, DEFAULT_FALLBACK_RULES, } from '../tool-pipeline.js';
 import { ToolPipeline, executionMiddleware } from '../tool-pipeline.js';
+import chalk from 'chalk';
+/** Tools whose deprecation warning has already been emitted this process. */
+const deprecationWarned = new Set();
 const registry = new Map();
 const metrics = new Map();
 const DEFAULT_TIMEOUT = 300_000; // 5 minutes
@@ -118,6 +121,19 @@ export async function executeTool(call) {
             `If no MCP server exists, consider using forge_tool to create it at runtime.`;
         return { tool_call_id: call.id, result: suggestion, error: true, duration_ms: 0 };
     }
+    // Deprecation warn-once: emit a single chalk.yellow message per tool name per process.
+    if (tool.deprecated && !deprecationWarned.has(call.name)) {
+        deprecationWarned.add(call.name);
+        try {
+            console.warn(chalk.yellow(`[kbot] Tool '${call.name}' is deprecated as of v4.0 and scheduled for removal in 4.1.0. ` +
+                `See https://github.com/isaacsight/kernel/blob/main/packages/kbot/RELEASE_NOTES_4_0.md`));
+        }
+        catch {
+            // chalk may not be available in some test contexts — fall back to plain text.
+            console.warn(`[kbot] Tool '${call.name}' is deprecated as of v4.0 and scheduled for removal in 4.1.0. ` +
+                `See https://github.com/isaacsight/kernel/blob/main/packages/kbot/RELEASE_NOTES_4_0.md`);
+        }
+    }
     const timeout = tool.timeout ?? DEFAULT_TIMEOUT;
     const maxResult = tool.maxResultSize ?? DEFAULT_MAX_RESULT;
     const startTime = Date.now();
@@ -207,76 +223,35 @@ const LAZY_MODULE_IMPORTS = [
     { path: './parallel.js', registerFn: 'registerParallelTools' },
     { path: './mcp-client.js', registerFn: 'registerMcpClientTools' },
     { path: './tasks.js', registerFn: 'registerTaskTools' },
-    { path: './notebook.js', registerFn: 'registerNotebookTools' },
     { path: './background.js', registerFn: 'registerBackgroundTools' },
     { path: './sandbox.js', registerFn: 'registerSandboxTools' },
-    { path: './build-matrix.js', registerFn: 'registerBuildMatrixTools' },
     { path: './subagent.js', registerFn: 'registerSubagentTools' },
     { path: './worktree.js', registerFn: 'registerWorktreeTools' },
-    { path: './kbot-local.js', registerFn: 'registerKbotLocalTools' },
     { path: './quality.js', registerFn: 'registerQualityTools' },
     { path: './memory-tools.js', registerFn: 'registerMemoryTools' },
     { path: './browser.js', registerFn: 'registerBrowserTools' },
-    { path: './e2b-sandbox.js', registerFn: 'registerE2bTools' },
-    { path: './lsp-tools.js', registerFn: 'registerLspTools' },
-    { path: '../mcp-plugins.js', registerFn: 'registerMcpPluginTools' },
-    { path: '../graph-memory.js', registerFn: 'registerGraphMemoryTools' },
-    { path: '../confidence.js', registerFn: 'registerConfidenceTools' },
     { path: '../agent-protocol.js', registerFn: 'registerAgentProtocolTools' },
     { path: '../temporal.js', registerFn: 'registerTemporalTools' },
-    { path: '../reasoning.js', registerFn: 'registerReasoningTools' },
     { path: '../intentionality.js', registerFn: 'registerIntentionalityTools' },
     { path: './test-runner.js', registerFn: 'registerTestRunnerTools' },
     { path: './creative.js', registerFn: 'registerCreativeTools' },
-    { path: './comfyui-plugin.js', registerFn: 'registerComfyUITools' },
     { path: './magenta-plugin.js', registerFn: 'registerMagentaTools' },
-    { path: './research.js', registerFn: 'registerResearchTools' },
     { path: './containers.js', registerFn: 'registerContainerTools' },
     { path: './vfx.js', registerFn: 'registerVfxTools' },
     { path: './gamedev.js', registerFn: 'registerGamedevTools' },
     { path: './audit.js', registerFn: 'registerAuditTools' },
-    { path: './documents.js', registerFn: 'registerDocumentTools' },
-    { path: './contribute.js', registerFn: 'registerContributeTools' },
-    { path: './composio.js', registerFn: 'registerComposioTools' },
-    { path: '../marketplace.js', registerFn: 'registerMarketplaceTools' },
     { path: './browser-agent.js', registerFn: 'registerBrowserAgentTools' },
-    { path: '../workflows.js', registerFn: 'registerWorkflowTools' },
     { path: './deploy.js', registerFn: 'registerDeployTools' },
     { path: './mcp-marketplace.js', registerFn: 'registerMcpMarketplaceTools' },
     { path: './database.js', registerFn: 'registerDatabaseTools' },
-    { path: '../team.js', registerFn: 'registerTeamTools' },
     { path: '../plugin-sdk.js', registerFn: 'registerPluginSDKTools' },
-    { path: './training.js', registerFn: 'registerTrainingTools' },
     { path: './social.js', registerFn: 'registerSocialTools' },
     { path: './forge.js', registerFn: 'registerForgeTools' },
-    { path: '../mcp-apps.js', registerFn: 'registerMcpAppTools' },
-    { path: './machine-tools.js', registerFn: 'registerMachineTools' },
-    { path: './finance.js', registerFn: 'registerFinanceTools' },
-    { path: './wallet.js', registerFn: 'registerWalletTools' },
-    { path: './stocks.js', registerFn: 'registerStockTools' },
-    { path: './sentiment.js', registerFn: 'registerSentimentTools' },
     { path: './security.js', registerFn: 'registerSecurityTools' },
     { path: './email.js', registerFn: 'registerEmailTools' },
-    { path: './content-engine.js', registerFn: 'registerContentEngineTools' },
-    { path: './bootstrapper.js', registerFn: 'registerBootstrapperTools' },
-    { path: './lab-core.js', registerFn: 'registerLabCoreTools' },
-    { path: './lab-data.js', registerFn: 'registerLabDataTools' },
-    { path: './lab-bio.js', registerFn: 'registerLabBioTools' },
-    { path: './lab-chem.js', registerFn: 'registerLabChemTools' },
-    { path: './lab-physics.js', registerFn: 'registerLabPhysicsTools' },
-    { path: './lab-earth.js', registerFn: 'registerLabEarthTools' },
-    { path: './lab-math.js', registerFn: 'registerLabMathTools' },
-    { path: './lab-neuro.js', registerFn: 'registerLabNeuroTools' },
-    { path: './lab-social.js', registerFn: 'registerLabSocialTools' },
-    { path: './lab-humanities.js', registerFn: 'registerLabHumanitiesTools' },
-    { path: './lab-health.js', registerFn: 'registerLabHealthTools' },
-    { path: './science-graph.js', registerFn: 'registerScienceGraphTools' },
-    { path: './research-pipeline.js', registerFn: 'registerResearchPipelineTools' },
-    { path: './research-notebook.js', registerFn: 'registerResearchNotebookTools' },
     { path: './hypothesis-engine.js', registerFn: 'registerHypothesisEngineTools' },
     { path: './emergent.js', registerFn: 'registerEmergentTools' },
     { path: './security-hunt.js', registerFn: 'registerSecurityHuntTools' },
-    { path: './lab-frontier.js', registerFn: 'registerFrontierTools' },
     { path: './ableton.js', registerFn: 'registerAbletonTools' },
     { path: './ableton-knowledge.js', registerFn: 'registerAbletonKnowledgeTools' },
     { path: './ableton-bridge-tools.js', registerFn: 'registerAbletonBridgeTools' },
@@ -285,59 +260,20 @@ const LAZY_MODULE_IMPORTS = [
     { path: './producer-engine.js', registerFn: 'registerProducerEngine' },
     { path: './sound-designer.js', registerFn: 'registerSoundDesignerTools' },
     { path: './arrangement-engine.js', registerFn: 'registerArrangementEngine' },
-    { path: '../behaviour.js', registerFn: 'registerBehaviourTools' },
     { path: '../skill-system.js', registerFn: 'registerSkillTools' },
-    { path: './admin.js', registerFn: 'registerAdminTools' },
-    { path: './monitor.js', registerFn: 'registerMonitorTools' },
-    { path: './deploy-all.js', registerFn: 'registerDeployAllTools' },
     { path: './analytics.js', registerFn: 'registerAnalyticsTools' },
-    { path: './env-manager.js', registerFn: 'registerEnvTools' },
-    { path: './db-admin.js', registerFn: 'registerDbAdminTools' },
-    { path: './visa-payments.js', registerFn: 'registerVisaPaymentTools' },
     { path: './security-brain.js', registerFn: 'registerSecurityBrainTools' },
-    { path: './ctf.js', registerFn: 'registerCtfTools' },
-    { path: './pentest.js', registerFn: 'registerPentestTools' },
     { path: './redblue.js', registerFn: 'registerRedBlueTools' },
     { path: './hacker-toolkit.js', registerFn: 'registerHackerToolkitTools' },
     { path: './threat-intel.js', registerFn: 'registerThreatIntelTools' },
     { path: './dj-set-builder.js', registerFn: 'registerDjSetBuilderTools' },
     { path: './serum2-preset.js', registerFn: 'registerSerum2PresetTools' },
     { path: './dream-tools.js', registerFn: 'registerDreamTools' },
-    { path: './collective-dream-tools.js', registerFn: 'registerCollectiveDreamTools' },
-    { path: './memory-scanner-tools.js', registerFn: 'registerMemoryScannerTools' },
-    { path: './buddy-tools.js', registerFn: 'registerBuddyTools' },
-    { path: './voice-input-tools.js', registerFn: 'registerVoiceInputTools' },
-    { path: './watchdog.js', registerFn: 'registerWatchdogTools' },
-    { path: './behavior-tools.js', registerFn: 'registerBehaviorTools' },
-    { path: './a2a.js', registerFn: 'registerA2ATools' },
-    { path: './financial-analysis.js', registerFn: 'registerFinancialAnalysisTools' },
-    { path: './ai-analysis.js', registerFn: 'registerAIAnalysisTools' },
-    { path: './music-gen.js', registerFn: 'registerMusicGenTools' },
     { path: './one-prompt-producer.js', registerFn: 'registerOnePromptTools' },
-    { path: './mobile-automation.js', registerFn: 'registerMobileAutomationTools' },
-    { path: './iphone.js', registerFn: 'registerIPhoneTools' },
-    { path: './ghost.js', registerFn: 'registerGhostTools' },
-    { path: './streaming.js', registerFn: 'registerStreamingTools' },
-    { path: './stream-character.js', registerFn: 'registerStreamCharacterTools' },
-    { path: './stream-renderer.js', registerFn: 'registerStreamRendererTools' },
     { path: './kbot-browser.js', registerFn: 'registerKBotBrowserTools' },
     { path: './kbot-terminal.js', registerFn: 'registerKBotTerminalTools' },
-    { path: './stream-control.js', registerFn: 'registerStreamControlTools' },
-    { path: './tile-world.js', registerFn: 'registerTileWorldTools' },
-    { path: './stream-self-eval.js', registerFn: 'registerStreamSelfEvalTools' },
     { path: './audio-engine.js', registerFn: 'registerAudioEngineTools' },
-    { path: './narrative-engine.js', registerFn: 'registerNarrativeEngineTools' },
-    { path: './social-engine.js', registerFn: 'registerSocialEngineTools' },
-    { path: './evolution-engine.js', registerFn: 'registerEvolutionEngineTools' },
-    { path: './coordination-engine.js', registerFn: 'registerCoordinationEngineTools' },
     { path: './foundation-engines.js', registerFn: 'registerFoundationEngineTools' },
-    { path: './research-engine.js', registerFn: 'registerResearchEngineTools' },
-    { path: './stream-overlay.js', registerFn: 'registerOverlayTools' },
-    { path: './stream-weather.js', registerFn: 'registerStreamWeatherTools' },
-    { path: './stream-chat-ai.js', registerFn: 'registerStreamChatAITools' },
-    { path: './stream-vod.js', registerFn: 'registerStreamVODTools' },
-    { path: './stream-commands.js', registerFn: 'registerStreamCommandsTools' },
-    { path: '../coordinator.js', registerFn: 'registerCoordinatorTools' },
     { path: './swarm-2026-04.js', registerFn: 'registerSwarm2026Tools' },
 ];
 /** Track whether lazy tools have been registered */

package/dist/tools/kbot-browser.js

@@ -939,6 +939,7 @@ export function registerKBotBrowserTools() {
     });
     registerTool({
         name: 'kbot_read',
+        deprecated: true,
         description: "Get the current page content in reader mode (clean text, no clutter). Uses kbot's built-in browser.",
         parameters: {},
         tier: 'free',

package/dist/tools/llada-image.d.ts

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+import type { ToolDefinition } from './index.js';
+import { LLaDAClient } from '../providers/llada.js';
+export declare const lladaImageInputSchema: z.ZodObject<{
+    prompt: z.ZodString;
+    aspect_ratio: z.ZodDefault<z.ZodOptional<z.ZodEnum<["1:1", "16:9", "9:16", "4:3", "3:4"]>>>;
+    thinking_steps: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    style_hints: z.ZodOptional<z.ZodString>;
+    reference_image_url: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    prompt: string;
+    thinking_steps: number;
+    aspect_ratio: "1:1" | "16:9" | "9:16" | "4:3" | "3:4";
+    style_hints?: string | undefined;
+    reference_image_url?: string | undefined;
+}, {
+    prompt: string;
+    thinking_steps?: number | undefined;
+    aspect_ratio?: "1:1" | "16:9" | "9:16" | "4:3" | "3:4" | undefined;
+    style_hints?: string | undefined;
+    reference_image_url?: string | undefined;
+}>;
+export type LLaDAImageInput = z.infer<typeof lladaImageInputSchema>;
+export interface LLaDAImageThoughtfulOutput {
+    url: string;
+    plan: string;
+    refinements: string[];
+    final_prompt: string;
+    /** Optional reasoning trace surfaced by LLaDA's `thinking` mode. */
+    thinking?: string;
+}
+export interface RunLLaDAImageOptions {
+    /** Inject a client (for tests). Defaults to a fresh LLaDAClient(). */
+    client?: LLaDAClient;
+}
+export declare function runLLaDAImageThoughtful(rawInput: unknown, opts?: RunLLaDAImageOptions): Promise<LLaDAImageThoughtfulOutput>;
+export declare const lladaImageTool: ToolDefinition;
+//# sourceMappingURL=llada-image.d.ts.map

package/dist/tools/llada-image.js

@@ -0,0 +1,171 @@
+// kbot Local Image Thoughtful Tool — LLaDA2.0-Uni route
+//
+// Mirrors `image-thoughtful.ts` (which uses OpenAI gpt-image-2) but routes
+// every call — plan, refine, generate — through a local LLaDA2.0-Uni server.
+// LLaDA is a *unified* discrete-diffusion model: the same model that does
+// chat reasoning also does the final image generation, so this tool is the
+// $0 / no-API-key path to thoughtful image gen.
+//
+// SPEC: refine when LLaDA's API stabilizes — currently assumes OpenAI-compatible
+// shape on http://localhost:8000. See `src/providers/llada.ts` for details.
+import { z } from 'zod';
+import { LLaDAClient } from '../providers/llada.js';
+// ─────────────────────────────────────────────────────────────────────────
+// Schema (kept in lockstep with image-thoughtful.ts)
+// ─────────────────────────────────────────────────────────────────────────
+const AspectRatio = z.enum(['1:1', '16:9', '9:16', '4:3', '3:4']);
+export const lladaImageInputSchema = z.object({
+    prompt: z.string().min(1, 'prompt is required'),
+    aspect_ratio: AspectRatio.optional().default('1:1'),
+    thinking_steps: z.number().int().min(1).max(5).optional().default(3),
+    style_hints: z.string().optional(),
+    reference_image_url: z.string().url().optional(),
+});
+// LLaDA's image_h/image_w map cleanly off these aspect-ratio sizes.
+const SIZE_MAP = {
+    '1:1': '1024x1024',
+    '16:9': '1792x1024',
+    '9:16': '1024x1792',
+    '4:3': '1408x1056',
+    '3:4': '1056x1408',
+};
+// ─────────────────────────────────────────────────────────────────────────
+// Prompts (intentionally identical wording to image-thoughtful for parity)
+// ─────────────────────────────────────────────────────────────────────────
+function planSystemPrompt() {
+    return [
+        'You are an expert art director planning an image before generation.',
+        'Return a JSON object with keys: composition, palette, key_elements, mood, lighting, style.',
+        'Keep each value to one or two sentences. Be concrete and visual.',
+    ].join(' ');
+}
+function critiqueSystemPrompt() {
+    return [
+        'You are a critic refining an image plan. Read the prompt and the current plan,',
+        'identify the single weakest element, and return an improved JSON plan with the',
+        'same keys (composition, palette, key_elements, mood, lighting, style).',
+        'Do not restate the brief — produce the next iteration of the plan only.',
+    ].join(' ');
+}
+function finalPromptSystemPrompt() {
+    return [
+        'You compose the final image-generation prompt. Combine the brief, plan, and any',
+        'style hints into a single cohesive paragraph (no JSON, no headings, no lists).',
+        'Lead with subject and composition, then palette, lighting, mood, and style.',
+    ].join(' ');
+}
+function buildPlanUserText(input) {
+    return [
+        `Brief: ${input.prompt}`,
+        `Aspect ratio: ${input.aspect_ratio}`,
+        input.style_hints ? `Style hints: ${input.style_hints}` : null,
+        input.reference_image_url ? `Reference image URL: ${input.reference_image_url}` : null,
+    ]
+        .filter(Boolean)
+        .join('\n');
+}
+export async function runLLaDAImageThoughtful(rawInput, opts = {}) {
+    const input = lladaImageInputSchema.parse(rawInput);
+    const client = opts.client ?? new LLaDAClient();
+    // 1. Plan
+    const planResp = await client.chat({
+        messages: [
+            { role: 'system', content: planSystemPrompt() },
+            { role: 'user', content: buildPlanUserText(input) },
+        ],
+        temperature: 0.5,
+    });
+    const plan = planResp.text;
+    // 2. Refine — thinking_steps - 1 critique passes (1 = no refinement)
+    const refinements = [];
+    let currentPlan = plan;
+    for (let i = 1; i < input.thinking_steps; i++) {
+        const next = await client.chat({
+            messages: [
+                { role: 'system', content: critiqueSystemPrompt() },
+                {
+                    role: 'user',
+                    content: `Brief: ${input.prompt}\nCurrent plan: ${currentPlan}`,
+                },
+            ],
+            temperature: 0.5,
+        });
+        refinements.push(next.text);
+        currentPlan = next.text;
+    }
+    // 3. Compose final prompt
+    const finalResp = await client.chat({
+        messages: [
+            { role: 'system', content: finalPromptSystemPrompt() },
+            {
+                role: 'user',
+                content: [
+                    `Brief: ${input.prompt}`,
+                    input.style_hints ? `Style hints: ${input.style_hints}` : '',
+                    `Plan: ${currentPlan}`,
+                ]
+                    .filter(Boolean)
+                    .join('\n\n'),
+            },
+        ],
+        temperature: 0.4,
+    });
+    const finalPromptText = finalResp.text;
+    // 4. Generate (LLaDA-native call — same model, diffusion decoder).
+    const img = await client.generateImage({
+        prompt: finalPromptText,
+        size: SIZE_MAP[input.aspect_ratio],
+        refImage: input.reference_image_url,
+    });
+    return {
+        url: img.url,
+        plan,
+        refinements,
+        final_prompt: finalPromptText,
+        thinking: img.thinking,
+    };
+}
+// ─────────────────────────────────────────────────────────────────────────
+// Tool definition
+// ─────────────────────────────────────────────────────────────────────────
+export const lladaImageTool = {
+    name: 'local_image_thoughtful',
+    description: 'Local plan/refine/generate image tool routed through a LLaDA2.0-Uni server (default http://localhost:8000). The same unified diffusion LLM does both the planning and the final image generation, so no OpenAI key is required. Returns the image URL plus the full reasoning trail.',
+    tier: 'free',
+    parameters: {
+        prompt: {
+            type: 'string',
+            description: 'What to draw — the brief.',
+            required: true,
+        },
+        aspect_ratio: {
+            type: 'string',
+            description: 'One of "1:1", "16:9", "9:16", "4:3", "3:4". Default "1:1".',
+            default: '1:1',
+        },
+        thinking_steps: {
+            type: 'number',
+            description: 'How many plan iterations to run (1..5). Default 3. 1 skips refinement.',
+            default: 3,
+        },
+        style_hints: {
+            type: 'string',
+            description: 'Optional style guidance ("oil painting", "ukiyo-e", "isometric vector").',
+        },
+        reference_image_url: {
+            type: 'string',
+            description: 'Optional URL of a reference image. Forwarded to LLaDA as the editing source (input_image).',
+        },
+    },
+    async execute(args) {
+        try {
+            const out = await runLLaDAImageThoughtful(args);
+            return JSON.stringify(out, null, 2);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return `Error: ${message}`;
+        }
+    },
+};
+//# sourceMappingURL=llada-image.js.map

package/dist/tools/quality.js

@@ -182,6 +182,7 @@ export function registerQualityTools() {
     // ── Dependency Audit ──
     registerTool({
         name: 'deps_audit',
+        deprecated: true,
         description: 'Audit dependencies for known vulnerabilities. Returns CVE IDs, severity, and fix suggestions. Auto-detects npm, pip, cargo, go.',
         parameters: {
             fix: { type: 'boolean', description: 'Auto-fix vulnerabilities where possible (default: false)' },

package/dist/tools/redblue.js

@@ -2824,6 +2824,7 @@ export function registerRedBlueTools() {
     // ─── Tool 2: Blue Team Harden ────────────────────────────────────────────────
     registerTool({
         name: 'blueteam_harden',
+        deprecated: true,
         description: 'Blue team: generate security hardening recommendations with ready-to-use code snippets. Produces security headers middleware, input validation patterns, auth hardening, crypto best practices, and logging/monitoring setup. Returns actionable code that can be directly applied.',
         parameters: {
             path: { type: 'string', description: 'Directory to analyze for context (default: current directory)' },
@@ -2941,6 +2942,7 @@ export function registerRedBlueTools() {
     // ─── Tool 3: Red Team Report ─────────────────────────────────────────────────
     registerTool({
         name: 'redteam_report',
+        deprecated: true,
         description: 'Generate a professional penetration test report (defensive security assessment). Runs a full security audit and formats results as an executive assessment with risk score, attack surface mapping, critical findings with exploitation scenarios for context, risk matrix, and prioritized remediation plan. Defensive security context: use only on systems you own or have explicit permission to test.',
         parameters: {
             path: { type: 'string', description: 'Directory to assess (default: current directory)' },
@@ -3193,6 +3195,7 @@ export function registerRedBlueTools() {
     // ─── Tool 4: Blue Team Checklist ─────────────────────────────────────────────
     registerTool({
         name: 'blueteam_checklist',
+        deprecated: true,
         description: 'Generate a comprehensive security hardening checklist tailored to a specific framework. Covers authentication, input validation, security headers, cryptography, logging, rate limiting, CORS/CSRF, dependency management, secrets, and infrastructure. Returns checkboxes for tracking completion.',
         parameters: {
             framework: { type: 'string', description: 'Framework: "express", "nextjs", "fastify", "django", "flask", "rails", "generic" (default: "generic")' },
@@ -3211,6 +3214,7 @@ export function registerRedBlueTools() {
     // ─── Tool 5: Threat Model ────────────────────────────────────────────────────
     registerTool({
         name: 'threat_model',
+        deprecated: true,
         description: 'Perform threat modeling on a codebase. Analyzes code structure to identify data flows, trust boundaries, and threats. Supports STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege), DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability), and PASTA (Process for Attack Simulation and Threat Analysis) methodologies.',
         parameters: {
             path: { type: 'string', description: 'Directory to analyze (default: current directory)' },

package/dist/tools/security-brain.js

@@ -2196,6 +2196,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 1: security_brain ──────────────────────────────────────────
     registerTool({
         name: 'security_brain',
+        deprecated: true,
         description: 'Query the security knowledge base. Covers MITRE ATT&CK (14 tactics, 200+ techniques), OWASP Top 10 (2025), Lockheed Martin Kill Chain, CVE patterns, and kbot security tool mapping. Use this as a first stop for any security question.',
         parameters: {
             topic: { type: 'string', description: 'What to look up — technique name, vulnerability type, attack pattern, tool name, or general security topic', required: true },
@@ -2340,6 +2341,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 2: attack_lookup ───────────────────────────────────────────
     registerTool({
         name: 'attack_lookup',
+        deprecated: true,
         description: 'Look up MITRE ATT&CK techniques by ID (T1566) or keyword (phishing). Returns technique details including tactic, description, sub-techniques, detection methods, and mitigations. Covers all 14 ATT&CK tactics with top techniques for each.',
         parameters: {
             query: { type: 'string', description: 'Technique ID (e.g., T1566, T1059.001) or keyword (e.g., phishing, injection, credential dumping)', required: true },
@@ -2425,6 +2427,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 3: killchain_analyze ───────────────────────────────────────
     registerTool({
         name: 'killchain_analyze',
+        deprecated: true,
         description: 'Map an attack or vulnerability description to Lockheed Martin Kill Chain stages. Provides kill chain stage mapping with confidence levels, related MITRE ATT&CK techniques, OWASP entries, CVE patterns, and defensive recommendations with specific kbot tools.',
         parameters: {
             description: { type: 'string', description: 'Description of the attack, vulnerability, or threat scenario to analyze and map to kill chain stages', required: true },

package/dist/tools/security-hunt.js

@@ -621,6 +621,7 @@ function formatReport(report) {
 export function registerSecurityHuntTools() {
     registerTool({
         name: 'security_hunt',
+        deprecated: true,
         description: 'Defensive security audit — chains kbot\'s security scanners into a single comprehensive sweep. Scans for: open ports, SSL issues, missing headers, hardcoded secrets, dependency CVEs, supply chain risks, OWASP Top 10 code vulnerabilities, and dangerous patterns. Returns a scored report with severity ratings and fix recommendations. Defensive security context: use only on systems you own or have explicit permission to test.',
         parameters: {
             path: {

package/dist/tools/security.js

@@ -13,6 +13,7 @@ export function registerSecurityTools() {
     // ─── Dependency Audit ───
     registerTool({
         name: 'dep_audit',
+        deprecated: true,
         description: 'Audit project dependencies for known vulnerabilities. Runs npm audit, pip audit, or cargo audit depending on the project. Returns CVE IDs, severity, and fix recommendations.',
         parameters: {
             path: { type: 'string', description: 'Project directory to audit (default: current directory)' },
@@ -132,6 +133,7 @@ export function registerSecurityTools() {
     // ─── Secret Scanner ───
     registerTool({
         name: 'secret_scan',
+        deprecated: true,
         description: 'Scan files for accidentally committed secrets — API keys, tokens, passwords, private keys. Checks common patterns (AWS, Stripe, GitHub, Supabase, etc). Does NOT read .env files.',
         parameters: {
             path: { type: 'string', description: 'Directory to scan (default: current directory)' },
@@ -233,6 +235,7 @@ export function registerSecurityTools() {
     // ─── SSL/TLS Check ───
     registerTool({
         name: 'ssl_check',
+        deprecated: true,
         description: 'Check SSL/TLS certificate for any domain — expiry date, issuer, protocol, and security grade. Catches expiring certs before they break your site.',
         parameters: {
             domain: { type: 'string', description: 'Domain to check (e.g. "kernel.chat", "api.example.com")', required: true },
@@ -281,6 +284,7 @@ export function registerSecurityTools() {
     // ─── Security Headers Check ───
     registerTool({
         name: 'headers_check',
+        deprecated: true,
         description: 'Check HTTP security headers for any URL — CSP, HSTS, X-Frame-Options, etc. Reports missing headers that leave you vulnerable to XSS, clickjacking, and MIME sniffing.',
         parameters: {
             url: { type: 'string', description: 'URL to check (e.g. "https://kernel.chat")', required: true },
@@ -334,6 +338,7 @@ export function registerSecurityTools() {
     // ─── CVE Lookup ───
     registerTool({
         name: 'cve_lookup',
+        deprecated: true,
         description: 'Look up a CVE by ID or search for vulnerabilities affecting a specific package/product. Uses the NVD (National Vulnerability Database) API.',
         parameters: {
             query: { type: 'string', description: 'CVE ID (e.g. "CVE-2024-1234") or package name (e.g. "log4j", "openssl")', required: true },
@@ -475,6 +480,7 @@ export function registerSecurityTools() {
     // ─── OWASP Quick Check ───
     registerTool({
         name: 'owasp_check',
+        deprecated: true,
         description: 'Quick OWASP Top 10 check against a codebase. Scans for common vulnerability patterns: SQL injection, XSS, command injection, path traversal, hardcoded secrets, insecure deserialization.',
         parameters: {
             path: { type: 'string', description: 'Directory to scan (default: current directory)' },

package/dist/tools/swarm-2026-04.js

@@ -3,6 +3,7 @@
 // lazy registry picks them up alongside everything else.
 import { registerTool } from './index.js';
 import { imageThoughtfulTool } from './image-thoughtful.js';
+import { lladaImageTool } from './llada-image.js';
 import { channelSendTool, channelReceiveTool } from './channel-tools.js';
 import { fileLibraryAddTool, fileLibraryListTool, fileLibrarySearchTool, fileLibraryGetTool, } from './file-library-tools.js';
 import { workspaceAgentTools } from './workspace-agent-tools.js';
@@ -72,6 +73,7 @@ function adaptSecurityTool(t) {
 }
 export function registerSwarm2026Tools() {
     registerTool(imageThoughtfulTool);
+    registerTool(lladaImageTool);
     registerTool(channelSendTool);
     registerTool(channelReceiveTool);
     registerTool(fileLibraryAddTool);

package/dist/tools/test-runner.js

@@ -501,6 +501,7 @@ function runTests(projectPath, opts = {}) {
 export function registerTestRunnerTools() {
     registerTool({
         name: 'run_tests',
+        deprecated: true,
         description: 'Run project tests. Auto-detects the test framework (vitest, jest, pytest, cargo, go, npm) by checking config files, runs tests, and returns structured pass/fail results with failure details the agent can use to auto-fix issues.',
         parameters: {
             path: { type: 'string', description: 'Project root path. Defaults to current working directory.' },

package/dist/tools/threat-intel.js

@@ -856,6 +856,7 @@ export function registerThreatIntelTools() {
     // ─── 1. threat_feed ─────────────────────────────────────────────────────────
     registerTool({
         name: 'threat_feed',
+        deprecated: true,
         description: 'Aggregate cyber threat intelligence from free public sources. Fetches recent high/critical CVEs from NIST NVD, recent exploits from Exploit-DB, and optionally matches against your tech stack (from dream journal insights). Returns top threats with severity, affected software, and stack relevance.',
         parameters: {
             days: { type: 'number', description: 'Look-back period in days (default: 7, max: 30)' },
@@ -1285,6 +1286,7 @@ export function registerThreatIntelTools() {
     // ─── 4. incident_response ───────────────────────────────────────────────────
     registerTool({
         name: 'incident_response',
+        deprecated: true,
         description: 'Generate an incident response playbook for a security incident. Given an incident type and description, produces a structured playbook with containment steps, eradication plan, recovery checklist, lessons learned template, and IOC indicators. Uses local Ollama for contextual AI analysis when available. Incident types: ransomware, data_breach, ddos, insider_threat, supply_chain.',
         parameters: {
             incident_type: { type: 'string', description: 'Type of incident: ransomware, data_breach, ddos, insider_threat, supply_chain', required: true },

package/dist/ui.js

@@ -123,7 +123,7 @@ export function banner(version) {
         ? gradient('kbot', [167, 139, 250], [103, 232, 249])
         : ACCENT('kbot');
     const title = `  ${bannerText}${v}`;
-    const features = DIM('  Web search: free • 35 agents • 787+ tools • bring your own key');
+    const features = DIM('  Web search: free • 35 specialist agents • 100+ skills • bring your own key');
     return `\n${grid}\n${title}\n${features}\n`;
 }
 export function bannerCompact() {
@@ -283,7 +283,7 @@ export function printHelp() {
         `  ${CYAN('https://kernel.chat')}             ${DIM('Web companion')}`,
         `  ${CYAN('https://github.com/isaacsight/kernel')} ${DIM('GitHub')}`,
         '',
-        `  ${DIM('35 specialist agents. 787+ tools. Type anything to get started.')}`,
+        `  ${DIM('35 specialist agents. 100+ skills. Type anything to get started.')}`,
         '',
     ];
     status(lines.join('\n'));

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@kernel.chat/kbot",
-  "version": "3.99.34",
-  "description": "Open-source terminal AI agent. 787+ tools, 35 agents, 20 providers. Dreams, learns, watches your system. Controls your phone. Fully local, fully sovereign. MIT.",
+  "version": "4.0.0",
+  "description": "Open-source terminal AI agent. 100+ specialist skills, 35 specialist agents, 20 providers. Dreams, learns, watches your system. Controls your phone. Fully local, fully sovereign. MIT. v4.0 — evidence-based curation.",
   "type": "module",
   "repository": {
     "type": "git",