@kernel.chat/kbot 3.99.35 → 4.0.0

package/README.md

@@ -2,7 +2,7 @@
 
 <p align="center">
   <strong>kbot</strong><br>
-  Open-source terminal AI agent. 787+ tools. 35 agents. 20 providers. Dreams, learns, watches your system, controls your phone. $0 local.
+  Open-source terminal AI agent. 100+ specialist skills. 35 specialist agents. 20 providers. Dreams, learns, watches your system, controls your phone. $0 local.
 </p>
 
 <p align="center">
@@ -31,7 +31,8 @@ Most terminal AI agents lock you into one provider, one model, one way of workin
 - **Runs fully offline** — Embedded llama.cpp, Ollama, LM Studio, or Jan. $0, fully private.
 - **Learns your patterns** — Bayesian skill ratings + pattern extraction. Gets faster over time.
 - **35 specialist agents** — auto-routes your request to the right expert (coder, researcher, writer, guardian, quant, and 30 more). Run any agent manually: `kbot --agent <id> "<prompt>"`. List them: `kbot agents`.
-- **787+ tools** — files, bash, git, GitHub, web search, deploy, database, game dev, VFX, research, science, finance, security, music production, iPhone control, and more.
+- **100+ specialist skills** — files, bash, git, GitHub, web search, deploy, database, game dev, VFX, research, science, finance, security, music production, iPhone control, and more.
+- **v4.0 evidence-based curation** — went from 670 skills to ~100. Every kept skill has telemetry, agent reference, or test coverage. Everything else moved to plugins.
 - **Programmatic SDK** — use kbot as a library in your own apps.
 - **MCP server built in** — plug kbot into Claude Code, Cursor, VS Code, Zed, or Neovim as a tool provider.
 
@@ -165,8 +166,8 @@ Checks security, documentation, code quality, CI/CD, community health, and DevOp
 |---|---|---|---|---|---|
 | AI providers | 20 | 1 | 1 | 6 | 75+ |
 | Specialist agents | 35 | 0 | 0 | 0 | 0 |
-| Built-in tools | 787+ | ~20 | ~15 | ~10 | ~15 |
-| Science tools | 114 | 0 | 0 | 0 | 0 |
+| Built-in skills | 100+ | ~20 | ~15 | ~10 | ~15 |
+| Science skills | included | 0 | 0 | 0 | 0 |
 | Memory system | 7-tier bidirectional | File-based | No | No | No |
 | Dream engine | Yes ($0 local) | Cloud API | No | No | No |
 | Service watchdog | Yes | No | No | No | No |
@@ -228,7 +229,9 @@ kbot auto-routes to the right agent for each task. Or pick one with `--agent <na
 | **Domain** | infrastructure, quant, investigator, oracle, chronist, sage, communicator, adapter |
 | **Presets** | claude-code, cursor, copilot, creative, developer |
 
-## 686+ Tools
+## 100+ Specialist Skills
+
+As of v4.0, kbot ships ~100 curated skills (down from 670 — every kept skill has telemetry, agent reference, or test coverage). The rest are available as plugins.
 
 | Category | Examples |
 |----------|---------|
@@ -320,7 +323,7 @@ graph TD
     D -->|Multi-step| F[Autonomous Planner]
     E --> G[Provider API + Tool Loop]
     F --> G
-    G --> H{686+ Tools}
+    G --> H{100+ Skills}
     H --> I[File ops, bash, git, GitHub, search, deploy, DB, game dev...]
     G --> J[Learning Engine]
     J --> K[Patterns + Solutions + User Profile]

package/dist/agent-protocol.js

@@ -391,6 +391,7 @@ export function getTrustReport() {
 export function registerAgentProtocolTools() {
     registerTool({
         name: 'agent_handoff',
+        deprecated: true,
         description: 'Create a handoff to transfer work to another agent. Includes context, artifacts, and priority. The receiving agent can accept or reject. Use this when a task is better suited for a different specialist.',
         parameters: {
             from: { type: 'string', description: 'Agent ID initiating the handoff', required: true },
@@ -430,6 +431,7 @@ export function registerAgentProtocolTools() {
     });
     registerTool({
         name: 'blackboard_write',
+        deprecated: true,
         description: 'Write to the shared agent blackboard (working memory). Any agent can write facts, hypotheses, decisions, artifacts, or questions. Other agents can read these to coordinate without direct communication.',
         parameters: {
             key: { type: 'string', description: 'Key to write (e.g., "architecture_decision", "security_finding")', required: true },
@@ -464,6 +466,7 @@ export function registerAgentProtocolTools() {
     });
     registerTool({
         name: 'blackboard_read',
+        deprecated: true,
         description: 'Read from the shared agent blackboard. Query a specific key or list all entries filtered by type. Use this to see what other agents have written and coordinate work.',
         parameters: {
             key: { type: 'string', description: 'Specific key to read. If omitted, returns all entries.' },
@@ -504,6 +507,7 @@ export function registerAgentProtocolTools() {
     });
     registerTool({
         name: 'agent_propose',
+        deprecated: true,
         description: 'Propose an approach for multi-agent negotiation. Other agents can vote agree/disagree/abstain. Use resolve to determine the outcome. Ties are broken by trust scores.',
         parameters: {
             action: { type: 'string', description: 'Action: propose, vote, resolve, or status', required: true },
@@ -589,6 +593,7 @@ export function registerAgentProtocolTools() {
     });
     registerTool({
         name: 'agent_trust',
+        deprecated: true,
         description: 'Check or update trust scores for agents. Trust is asymmetric: success adds 0.05, failure subtracts 0.10. Scores persist across sessions in ~/.kbot/trust.json.',
         parameters: {
             action: { type: 'string', description: 'Action: check, update, best, or report', required: true },

package/dist/cli.js

@@ -102,7 +102,7 @@ async function main() {
         console.log(`  ${chalk.cyan('https://github.com/isaacsight/kernel/issues')}  ${chalk.dim('Bug reports')}`);
         console.log(`  ${chalk.cyan('support@kernel.chat')}  ${chalk.dim('Email (AI-assisted replies)')}`);
         console.log();
-        console.log(`  ${chalk.dim('35 specialist agents · 787+ tools · 20 providers · MIT licensed')}`);
+        console.log(`  ${chalk.dim('35 specialist agents · 100+ skills · 20 providers · MIT licensed')}`);
         console.log();
         process.exit(0);
     });
@@ -582,10 +582,10 @@ async function main() {
     // ── Discovery Agent ──
     const discoveryCmd = program
         .command('discovery')
-        .description('Autonomous outreach agent — finds conversations, drafts responses, posts for you');
+        .description('Background outreach agent — finds conversations, drafts responses, posts for you');
     discoveryCmd
         .command('start')
-        .description('Start the discovery loop — scans HN, GitHub, Reddit and posts autonomously')
+        .description('Start the discovery loop — scans HN, GitHub, Reddit and posts in the background')
         .option('--dry-run', 'Find and draft but don\'t post')
         .option('--interval <minutes>', 'Poll interval in minutes', '60')
         .option('--model <model>', 'Ollama model for analysis', 'qwen2.5-coder:32b')
@@ -4202,7 +4202,7 @@ async function main() {
             const models = await listOllamaModels();
             if (models.length > 0)
                 printInfo(`${models.length} models available. Using: ${ollamaModel || PROVIDERS.ollama.defaultModel}`);
-            printInfo('670+ tools ready. Type your prompt or press Enter for interactive mode.');
+            printInfo('100+ skills ready. Type your prompt or press Enter for interactive mode.');
         }
         else {
             printError(`Cannot reach Ollama at ${ollamaHost}. Is it running?`);
@@ -4696,7 +4696,7 @@ async function byokFlow() {
     console.log();
     printSuccess(`BYOK mode enabled — ${providerConfig.name}`);
     printInfo('You pay the provider directly. No message limits. No restrictions.');
-    printInfo('All 362 tools + 35 agents + learning system = yours.');
+    printInfo('All 100+ skills + 35 specialist agents + learning system = yours.');
     console.log();
     printSuccess('Ready. Run `kbot` to start.');
 }
@@ -4996,7 +4996,7 @@ async function startRepl(agentOpts, context, tier, byokActive = false, localActi
         const suggestions = await detectProjectSuggestions();
         console.log();
         console.log(chalk.dim('  ┌─────────────────────────────────────────────────┐'));
-        console.log(chalk.dim('  │') + chalk.bold('  35 agents. 362 tools. Just say what you need.  ') + chalk.dim(' │'));
+        console.log(chalk.dim('  │') + chalk.bold('  35 agents. 100+ skills. Just say what you need.  ') + chalk.dim(' │'));
         console.log(chalk.dim('  │                                                 │'));
         if (suggestions.length > 0) {
             for (const s of suggestions.slice(0, 4)) {

package/dist/plugin-sdk.d.ts

@@ -35,6 +35,17 @@ export interface PluginConfig {
     enabled: string[];
     disabled: string[];
 }
+export interface LoadPluginsOptions {
+    /** Override the plugin directory (used by tests). Defaults to ~/.kbot/plugins. */
+    pluginsDir?: string;
+    /** Override the integrity manifest path. Defaults to ~/.kbot/plugins.json. */
+    manifestPath?: string;
+    /**
+     * Override the integrity-disabled flag. Defaults to reading
+     * `process.env.KBOT_PLUGIN_INTEGRITY === 'off'`.
+     */
+    integrityDisabled?: boolean;
+}
 export interface SDKPluginManifest {
     name: string;
     version: string;
@@ -53,8 +64,18 @@ export interface SDKPluginManifest {
 /**
  * Load all installed and enabled SDK plugins.
  * Called at startup after the legacy plugins.ts loadPlugins() runs.
- */
-export declare function loadPlugins(verbose?: boolean): Promise<SDKPluginManifest[]>;
+ *
+ * Integrity contract (mirrors plugins.ts):
+ *   - Reads the same manifest at `~/.kbot/plugins.json` (override via
+ *     `KBOT_PLUGIN_MANIFEST` or `opts.manifestPath`).
+ *   - If the manifest exists, only plugins whose `name` appears in
+ *     `result.verified` are imported. Drift → throws `IntegrityError`.
+ *   - If the manifest is missing, falls back to back-compat behaviour: all
+ *     discovered, enabled plugins are imported (with a yellow info note).
+ *   - `KBOT_PLUGIN_INTEGRITY=off` skips verification entirely with a loud
+ *     yellow warning.
+ */
+export declare function loadPlugins(verbose?: boolean, opts?: LoadPluginsOptions): Promise<SDKPluginManifest[]>;
 /**
  * Scaffold a new plugin with a full project structure.
  * Creates ~/.kbot/plugins/<name>/ with index.ts and package.json.

package/dist/plugin-sdk.js

@@ -21,11 +21,32 @@ import { join, basename, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import { pathToFileURL } from 'node:url';
 import { execSync } from 'node:child_process';
+import chalk from 'chalk';
 import { registerTool } from './tools/index.js';
+import { IntegrityError, verifyAllPlugins, enforce, } from './plugins-integrity.js';
 // ── Constants ────────────────────────────────────────────────────────────
 const KBOT_DIR = join(homedir(), '.kbot');
 const PLUGINS_DIR = join(KBOT_DIR, 'plugins');
+// NOTE: PLUGINS_CONFIG (per-plugin enable/disable list) shares the path
+// `~/.kbot/plugins.json` with the integrity manifest used by plugins.ts. This
+// is a pre-existing collision in the SDK loader — the enable/disable JSON has
+// shape `{ enabled, disabled }`, while the integrity manifest has shape
+// `{ schemaVersion, plugins }`. In practice users running with the integrity
+// manifest must override the SDK config path, or the integrity manifest path,
+// via `KBOT_PLUGIN_MANIFEST`. The fix is out of scope for the integrity
+// wiring; flagged here so we do not mask the collision in tests.
 const PLUGINS_CONFIG = join(KBOT_DIR, 'plugins.json');
+/**
+ * Default integrity manifest path. Mirrors plugins.ts so a single manifest
+ * covers both drop-in `.js` plugins (handled by plugins.ts) and SDK-style
+ * directory plugins (handled here). The integrity manifest's `path` field is
+ * resolved relative to `~/.kbot/plugins/`, so:
+ *   - `hello.js`            → simple drop-in plugin
+ *   - `my-tool/index.js`    → SDK-style packaged plugin
+ * are both expressible in one manifest. Override via `KBOT_PLUGIN_MANIFEST`
+ * or the `manifestPath` option to `loadPlugins`.
+ */
+const DEFAULT_MANIFEST_PATH = join(homedir(), '.kbot', 'plugins.json');
 // ── State ────────────────────────────────────────────────────────────────
 const loadedSDKPlugins = new Map();
 const registeredCommands = new Map();
@@ -219,19 +240,22 @@ function registerPluginHooks(plugin) {
 /**
  * Discover local plugins in ~/.kbot/plugins/<name>/ directories.
  * Each directory should contain an index.ts or index.js file.
+ *
+ * Pass `pluginsDir` to scan a custom location (used by tests). Defaults to
+ * the module-level `PLUGINS_DIR` (`~/.kbot/plugins`).
  */
-function discoverLocalPlugins() {
-    ensureDir(PLUGINS_DIR);
+function discoverLocalPlugins(pluginsDir = PLUGINS_DIR) {
+    ensureDir(pluginsDir);
     const results = [];
     let entries;
     try {
-        entries = readdirSync(PLUGINS_DIR);
+        entries = readdirSync(pluginsDir);
     }
     catch {
         return results;
     }
     for (const entry of entries) {
-        const dirPath = join(PLUGINS_DIR, entry);
+        const dirPath = join(pluginsDir, entry);
         try {
             const stat = statSync(dirPath);
             if (!stat.isDirectory())
@@ -328,16 +352,91 @@ function discoverNpmPlugins() {
     }
     return results;
 }
+// ── Integrity Gate ───────────────────────────────────────────────────────
+/**
+ * Run the integrity manifest gate before loading any SDK plugin module.
+ *
+ * Mirrors `plugins.ts`'s `runIntegrityGate` so the two loaders enforce the
+ * same fail-closed contract against the same manifest at `~/.kbot/plugins.json`.
+ *
+ * Behaviour:
+ *   - If KBOT_PLUGIN_INTEGRITY=off (or `integrityDisabled === true`):
+ *     emit a yellow warning and return `null` (verification skipped, all
+ *     discovered plugins are eligible to load).
+ *   - If the manifest file does not exist: emit a yellow info note and
+ *     return `null` (back-compat — manifest is optional today).
+ *   - If the manifest exists and verifies: return the `VerifyAllResult` so
+ *     the caller can restrict loads to `result.verified`.
+ *   - If the manifest exists and any plugin fails: throw `IntegrityError`
+ *     (loader refuses to import any SDK plugin this session).
+ */
+async function runIntegrityGate(manifestPath, pluginsDir, integrityDisabled) {
+    if (integrityDisabled) {
+        console.error(chalk.yellow(`  ⚠ KBOT_PLUGIN_INTEGRITY=off — skipping integrity check for SDK plugins (NOT FOR PRODUCTION). ` +
+            `Plugins under ${pluginsDir} will load without hash checking.`));
+        return null;
+    }
+    if (!existsSync(manifestPath)) {
+        console.error(chalk.yellow(`  ⚠ no plugin manifest at ${manifestPath} — plugin SDK loaded without integrity verification. ` +
+            `Create one to pin plugins by SHA-256 (see PLUGINS_INTEGRITY.md).`));
+        return null;
+    }
+    try {
+        const result = await verifyAllPlugins(manifestPath, pluginsDir);
+        if (result.failed.length > 0) {
+            const lines = result.failed
+                .map((f) => `    - ${f.name}: ${f.reason}`)
+                .join('\n');
+            console.error(chalk.red(`  ✗ Plugin integrity check failed for ${result.failed.length} SDK plugin(s):\n${lines}\n` +
+                `    Manifest: ${manifestPath}\n` +
+                `    To refresh hashes, recompute SHA-256 for each plugin entry and update the manifest. ` +
+                `Set KBOT_PLUGIN_INTEGRITY=off ONLY for local dev; never in production.`));
+            enforce(result); // throws IntegrityError
+        }
+        return result;
+    }
+    catch (err) {
+        if (err instanceof IntegrityError)
+            throw err;
+        // loadManifest threw (malformed JSON, schema violation, etc.) — fail closed.
+        console.error(chalk.red(`  ✗ Failed to load plugin integrity manifest at ${manifestPath}: ${err.message}`));
+        throw err;
+    }
+}
 // ── Public API ───────────────────────────────────────────────────────────
 /**
  * Load all installed and enabled SDK plugins.
  * Called at startup after the legacy plugins.ts loadPlugins() runs.
+ *
+ * Integrity contract (mirrors plugins.ts):
+ *   - Reads the same manifest at `~/.kbot/plugins.json` (override via
+ *     `KBOT_PLUGIN_MANIFEST` or `opts.manifestPath`).
+ *   - If the manifest exists, only plugins whose `name` appears in
+ *     `result.verified` are imported. Drift → throws `IntegrityError`.
+ *   - If the manifest is missing, falls back to back-compat behaviour: all
+ *     discovered, enabled plugins are imported (with a yellow info note).
+ *   - `KBOT_PLUGIN_INTEGRITY=off` skips verification entirely with a loud
+ *     yellow warning.
  */
-export async function loadPlugins(verbose = false) {
+export async function loadPlugins(verbose = false, opts = {}) {
+    const pluginsDir = opts.pluginsDir ?? PLUGINS_DIR;
+    const manifestPath = opts.manifestPath ?? process.env.KBOT_PLUGIN_MANIFEST ?? DEFAULT_MANIFEST_PATH;
+    const integrityDisabled = opts.integrityDisabled ?? process.env.KBOT_PLUGIN_INTEGRITY === 'off';
     const manifests = [];
-    // Discover from both sources
-    const localPlugins = discoverLocalPlugins();
-    const npmPlugins = discoverNpmPlugins();
+    // Integrity gate — runs BEFORE any SDK plugin file is imported. Throws
+    // IntegrityError on drift unless KBOT_PLUGIN_INTEGRITY=off.
+    const integrity = await runIntegrityGate(manifestPath, pluginsDir, integrityDisabled);
+    // When a manifest verified successfully, restrict loads to verified names.
+    // When the manifest is missing or integrity is disabled, allow every file.
+    const verifiedNames = integrity
+        ? new Set(integrity.verified)
+        : null;
+    // Discover from both sources. NPM plugins live in global node_modules and
+    // are not (yet) covered by the integrity manifest's relative-path scheme;
+    // when integrity is enforced, only local plugins listed in the manifest
+    // load. NPM plugins are skipped entirely under enforcement.
+    const localPlugins = discoverLocalPlugins(pluginsDir);
+    const npmPlugins = verifiedNames ? [] : discoverNpmPlugins();
     const allDiscovered = [
         ...localPlugins.map(p => ({ ...p, source: 'local' })),
         ...npmPlugins.map(p => ({ ...p, source: 'npm' })),
@@ -361,6 +460,17 @@ export async function loadPlugins(verbose = false) {
             manifests.push(manifest);
             continue;
         }
+        // When manifest verification ran, only load plugins whose name appears in
+        // the verified set. Discovered plugins not declared in the manifest are
+        // skipped (they could not have passed verification).
+        if (verifiedNames && !verifiedNames.has(name)) {
+            if (verbose) {
+                console.error(chalk.yellow(`  ⚠ [SDK] Skipping ${name} — not declared in plugin manifest`));
+            }
+            manifest.error = 'not declared in plugin integrity manifest';
+            manifests.push(manifest);
+            continue;
+        }
         try {
             const plugin = await importPlugin(entryPath);
             manifest.version = plugin.version;

package/dist/plugins.js

@@ -107,7 +107,21 @@ export async function loadPlugins(verbose = false, opts = {}) {
     const verifiedNames = integrity
         ? new Set(integrity.verified)
         : null;
-    const files = readdirSync(pluginsDir).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
+    // Top-level plugin files
+    const topLevel = readdirSync(pluginsDir).filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)));
+    // Forged subdirectory (created by forge.ts at runtime). v3.99.31 and earlier
+    // persisted forged tools here without the loader scanning for them; fixed in v4.0.
+    let forgedFiles = [];
+    try {
+        const forgedDir = join(pluginsDir, 'forged');
+        forgedFiles = readdirSync(forgedDir)
+            .filter(f => PLUGIN_EXTENSIONS.some(ext => f.endsWith(ext)))
+            .map(f => `forged/${f}`);
+    }
+    catch {
+        // forged/ doesn't exist — nothing to load
+    }
+    const files = [...topLevel, ...forgedFiles];
     if (files.length === 0)
         return [];
     for (const file of files) {

package/dist/tools/browser.js

@@ -50,6 +50,7 @@ export function registerBrowserTools() {
     });
     registerTool({
         name: 'browser_snapshot',
+        deprecated: true,
         description: 'Get the current page\'s accessibility tree (structured text representation).',
         parameters: {},
         tier: 'free',

package/dist/tools/computer.js

@@ -253,6 +253,7 @@ export function registerComputerTools() {
     // ── Permission & lock check ──
     registerTool({
         name: 'computer_check',
+        deprecated: true,
         description: 'Check computer use permissions and acquire the session lock. Call this before any other computer use tool. Returns permission status and any required setup steps.',
         parameters: {},
         tier: 'free',
@@ -277,6 +278,7 @@ export function registerComputerTools() {
     // ── App approval ──
     registerTool({
         name: 'app_approve',
+        deprecated: true,
         description: 'Approve an app for computer use in this session. Must be called before interacting with an app. Shows a warning for sensitive apps (terminals, Finder, System Settings).',
         parameters: {
             app: { type: 'string', description: 'App name (e.g., "Safari", "Finder", "Xcode")', required: true },
@@ -456,6 +458,7 @@ export function registerComputerTools() {
     // ── Mouse click ──
     registerTool({
         name: 'mouse_click',
+        deprecated: true,
         description: 'Click at specific screen coordinates.',
         parameters: {
             x: { type: 'number', description: 'X coordinate', required: true },
@@ -873,6 +876,7 @@ export function registerComputerTools() {
     });
     registerTool({
         name: 'window_resize',
+        deprecated: true,
         description: 'Resize a window of a specific app.',
         parameters: {
             app: { type: 'string', description: 'App name', required: true },
@@ -926,6 +930,7 @@ export function registerComputerTools() {
     });
     registerTool({
         name: 'window_move',
+        deprecated: true,
         description: 'Move a window to specific screen coordinates.',
         parameters: {
             app: { type: 'string', description: 'App name', required: true },
@@ -1080,6 +1085,7 @@ export function registerComputerTools() {
     // ── Release lock ──
     registerTool({
         name: 'computer_release',
+        deprecated: true,
         description: 'Release the computer use lock and end the session. Call when done with computer use.',
         parameters: {},
         tier: 'free',

package/dist/tools/containers.js

@@ -428,6 +428,7 @@ export function registerContainerTools() {
     // ── License Check ─────────────────────────────────────────────────
     registerTool({
         name: 'license_check',
+        deprecated: true,
         description: 'Check license compatibility across a project\'s dependency tree.',
         parameters: {
             path: { type: 'string', description: 'Project directory path', required: true },

package/dist/tools/creative.js

@@ -683,6 +683,7 @@ function evolveDesign(source, mutationIndex) {
 export function registerCreativeTools() {
     registerTool({
         name: 'generate_art',
+        deprecated: true,
         description: 'Generate a self-contained p5.js sketch as an HTML file from a text description. Creates generative art that can be opened directly in a browser.',
         parameters: {
             description: { type: 'string', description: 'Text description of the desired artwork (e.g., "flowing ocean waves at sunset")', required: true },
@@ -706,6 +707,7 @@ export function registerCreativeTools() {
     });
     registerTool({
         name: 'generate_shader',
+        deprecated: true,
         description: 'Generate a Shadertoy-compatible GLSL fragment shader from a text description. Creates animated procedural graphics using noise, raymarching, voronoi, or kaleidoscopic techniques.',
         parameters: {
             description: { type: 'string', description: 'Text description of the desired shader effect (e.g., "molten lava flowing through cracks")', required: true },
@@ -723,6 +725,7 @@ export function registerCreativeTools() {
     });
     registerTool({
         name: 'generate_music_pattern',
+        deprecated: true,
         description: 'Generate a music pattern as Sonic Pi code or a MIDI-like JSON structure. Creates melodies, bass lines, and drum patterns based on genre and description.',
         parameters: {
             description: { type: 'string', description: 'Text description of the desired music (e.g., "upbeat jazz with walking bass")', required: true },
@@ -748,6 +751,7 @@ export function registerCreativeTools() {
     });
     registerTool({
         name: 'generate_svg',
+        deprecated: true,
         description: 'Generate algorithmic SVG art from a text description. Creates generative patterns including concentric circles, mesh networks, Mondrian grids, spirographs, or wave patterns.',
         parameters: {
             description: { type: 'string', description: 'Text description of the desired SVG artwork', required: true },
@@ -772,6 +776,7 @@ export function registerCreativeTools() {
     });
     registerTool({
         name: 'evolve_design',
+        deprecated: true,
         description: 'Take an existing design file (HTML, SVG, GLSL, CSS, etc.) and generate N mutations by tweaking numeric values, colors, and structure. Outputs each variant as a separate file. Useful for exploring design spaces.',
         parameters: {
             source_path: { type: 'string', description: 'Path to the source design file to mutate', required: true },

package/dist/tools/deploy.js

@@ -307,6 +307,7 @@ export function registerDeployTools() {
     // ── deploy ─────────────────────────────────────────────────────────
     registerTool({
         name: 'deploy',
+        deprecated: true,
         description: 'Deploy the current project. Auto-detects platform from config files (vercel.json, netlify.toml, wrangler.toml, fly.toml, railway.json). Supports Vercel, Netlify, Cloudflare Workers/Pages, Fly.io, and Railway.',
         parameters: {
             path: { type: 'string', description: 'Project directory (default: cwd)' },

package/dist/tools/emergent.js

@@ -968,6 +968,7 @@ export function registerEmergentTools() {
     // ══════════════════════════════════════════════════════════════════════════
     registerTool({
         name: 'question',
+        deprecated: true,
         description: 'Generate the most important unanswered questions based on kbot\'s knowledge graph and memory. Not questions the user asked — questions that SHOULD be asked based on what is known and what is missing.',
         parameters: {
             domain: { type: 'string', description: 'Optional domain focus (e.g., "biology", "physics", "social")' },

package/dist/tools/gamedev.js

@@ -186,6 +186,7 @@ export function registerGamedevTools() {
     };
     registerTool({
         name: 'scaffold_game',
+        deprecated: true,
         description: 'Generate project scaffolding for a game engine. Supports godot, unity, unreal, bevy, phaser, three (Three.js), playcanvas, and defold. Writes real config files, entry points, and gitignore.',
         parameters: {
             engine: { type: 'string', description: 'Game engine: godot, unity, unreal, bevy, phaser, three, playcanvas, defold', required: true },
@@ -359,6 +360,7 @@ export function registerGamedevTools() {
     };
     registerTool({
         name: 'game_config',
+        deprecated: true,
         description: 'Generate or modify game engine config files. Auto-detects engine from project directory. Supports project, build, input, physics, rendering, and audio config types.',
         parameters: {
             engine: { type: 'string', description: 'Engine: godot, unity, unreal, bevy, phaser, three, playcanvas, defold (auto-detected if path provided)' },
@@ -438,6 +440,7 @@ export function registerGamedevTools() {
     ];
     registerTool({
         name: 'shader_debug',
+        deprecated: true,
         description: 'Static analysis of shader code for performance issues, errors, and optimization opportunities. Supports GLSL, HLSL, and WGSL. Reports branching, precision, overdraw, math optimization, and texture access patterns.',
         parameters: {
             source: { type: 'string', description: 'Shader source code or file path', required: true },
@@ -906,6 +909,7 @@ void fragment() {
     };
     registerTool({
         name: 'material_graph',
+        deprecated: true,
         description: 'Generate material/shader code for game engines. Supports PBR, toon, water, foliage, glass, and emissive materials for Three.js, Godot, and Unity.',
         parameters: {
             material_type: { type: 'string', description: 'Material type: pbr, toon, water, foliage, glass, emissive', required: true },
@@ -1264,6 +1268,7 @@ void fragment() {
     }
     registerTool({
         name: 'mesh_generate',
+        deprecated: true,
         description: 'Procedural OBJ mesh generation. Supports plane, cube, sphere, cylinder, torus, heightmap, and terrain shapes with configurable parameters. Outputs valid OBJ with vertices, normals, and UVs.',
         parameters: {
             shape: { type: 'string', description: 'Shape: plane, cube, sphere, cylinder, torus, heightmap, terrain', required: true },
@@ -1298,6 +1303,7 @@ void fragment() {
     // ── Tool 6: Sprite Atlas Packer ────────────────────────────────────
     registerTool({
         name: 'sprite_pack',
+        deprecated: true,
         description: 'Pack multiple sprite images into a single texture atlas with metadata. Uses maxrects bin-packing for optimal layout. Outputs atlas image via ImageMagick and JSON/engine-specific metadata.',
         parameters: {
             input_dir: { type: 'string', description: 'Directory containing sprite images (png/jpg/webp)', required: true },
@@ -1610,6 +1616,7 @@ void fragment() {
     // ── Tool 7: Physics Setup Generator ──────────────────────────────────
     registerTool({
         name: 'physics_setup',
+        deprecated: true,
         description: 'Generate complete physics configuration code for game engines. Supports rigidbody, softbody, ragdoll (full humanoid skeleton), vehicle (suspension/wheels/steering), cloth, and joint systems across 7 physics engines.',
         parameters: {
             type: { type: 'string', description: 'Physics type: rigidbody, softbody, ragdoll, vehicle, cloth, joints', required: true },
@@ -2902,6 +2909,7 @@ const JOINT_CONFIG = ${JSON.stringify({
     // ── Tool 8: Particle System Generator ────────────────────────────────
     registerTool({
         name: 'particle_system',
+        deprecated: true,
         description: 'Generate engine-specific particle system code for common visual effects. Supports fire, smoke, rain, snow, sparks, magic, explosion, dust, bubbles, leaves, and confetti effects across 6 game engines.',
         parameters: {
             effect: { type: 'string', description: 'Effect type: fire, smoke, rain, snow, sparks, magic, explosion, dust, bubbles, leaves, confetti', required: true },
@@ -3612,6 +3620,7 @@ ${effect === 'fire' || effect === 'smoke' ? `    // Grow over lifetime
     // ── Tool 9: Procedural Level Generator ───────────────────────────────
     registerTool({
         name: 'level_generate',
+        deprecated: true,
         description: 'Generate procedural game levels with BSP dungeon, platformer terrain, maze, overworld, or arena layouts. Supports seeded PRNG for reproducibility and outputs in JSON, Tiled, or ASCII formats.',
         parameters: {
             type: { type: 'string', description: 'Level type: dungeon, platformer, overworld, maze, arena', required: true },
@@ -4173,6 +4182,7 @@ ${effect === 'fire' || effect === 'smoke' ? `    // Grow over lifetime
     // ── Tool 10: Tilemap Auto-Tiling Generator ──────────────────────────
     registerTool({
         name: 'tilemap_generate',
+        deprecated: true,
         description: 'Generate bitmask-based auto-tiling rules and tilemap data. Supports blob 47-tile, Wang 16-tile, and simple 4-tile tilesets with terrain definitions for grass, stone, water, sand, snow, and lava.',
         parameters: {
             tileset_type: { type: 'string', description: 'Tileset type: blob_47, wang_16, simple_4', required: true },
@@ -4553,6 +4563,7 @@ tile_${i}/terrain_peering/left = ${cardW ? 0 : -1}`;
     // ── Tool 11: Navigation Mesh Configuration ──────────────────────────
     registerTool({
         name: 'navmesh_config',
+        deprecated: true,
         description: 'Generate engine-specific navigation mesh configuration and pathfinding helper code. Supports humanoid, vehicle, flying, and small creature agent types with appropriate defaults across 5 navigation systems.',
         parameters: {
             engine: { type: 'string', description: 'Navigation engine: godot, unity, unreal, recast, three (default: recast)' },
@@ -5662,6 +5673,7 @@ export class NavigationSystem {
     // ── Tool 12: game_audio ──────────────────────────────────────────────
     registerTool({
         name: 'game_audio',
+        deprecated: true,
         description: 'Generate game audio systems: spatial 3D audio, adaptive music layers, sound banks, Howler.js setup, or Web Audio API graphs. Produces complete, working audio code for any game engine.',
         parameters: {
             system: { type: 'string', description: 'Audio system type: spatial, music_layers, sound_bank, howler, web_audio', required: true },
@@ -7122,6 +7134,7 @@ export class AudioEngine {
     // ── Tool 13: netcode_scaffold ───────────────────────────────────────
     registerTool({
         name: 'netcode_scaffold',
+        deprecated: true,
         description: 'Generate multiplayer netcode scaffolding: server, client, and shared types. Supports WebSocket/WebRTC transports with Colyseus, Socket.IO, Geckos.io, Nakama, or raw implementations. Includes lobby, matchmaking, state sync, input prediction, chat, and reconnection features.',
         parameters: {
             architecture: { type: 'string', description: 'Network architecture: client_server, peer_to_peer, relay', required: true },
@@ -8542,6 +8555,7 @@ ${hasReconnect ? '    if (this.reconnectTimer) clearTimeout(this.reconnectTimer)
     // ── Tool 14: game_build ─────────────────────────────────────────────
     registerTool({
         name: 'game_build',
+        deprecated: true,
         description: 'Generate CI/CD pipelines and build configurations for game distribution. Supports Steam, itch.io, web, iOS, and Android targets with GitHub Actions or GitLab CI.',
         parameters: {
             engine: { type: 'string', description: 'Game engine or framework (e.g., godot, unity, unreal, three, phaser, bevy, web)' },
@@ -9044,6 +9058,7 @@ export default defineConfig({
     // ── Tool 15: game_test ──────────────────────────────────────────────
     registerTool({
         name: 'game_test',
+        deprecated: true,
         description: 'Generate game testing and profiling utilities: FPS profiler, memory tracker, input recorder/replayer, screenshot regression tests, and performance budgets with runtime validation.',
         parameters: {
             test_type: { type: 'string', description: 'Test type: fps_profiler, memory_tracker, input_recorder, screenshot_test, performance_budget', required: true },
@@ -10352,6 +10367,7 @@ export class PerformanceBudget {
     // ── Tool 16: ecs_generate ───────────────────────────────────────────
     registerTool({
         name: 'ecs_generate',
+        deprecated: true,
         description: 'Generate Entity Component System (ECS) code: components, systems, and entity archetypes. Produces idiomatic code for Bevy (Rust), bitecs (TypeScript), Unity DOTS (C#), miniplex (TypeScript), or ecsy (TypeScript).',
         parameters: {
             framework: { type: 'string', description: 'ECS framework: bevy, unity_dots, bitecs, miniplex, ecsy', required: true },

package/dist/tools/hacker-toolkit.js

@@ -1287,6 +1287,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'jwt_analyze',
+        deprecated: true,
         description: 'Analyze JWT tokens. Decode header/payload/signature, verify signatures with a secret, test for algorithm confusion (alg:none), and try common weak secrets.',
         parameters: {
             token: { type: 'string', description: 'JWT token to analyze', required: true },
@@ -1653,6 +1654,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'cors_check',
+        deprecated: true,
         description: 'Detect CORS misconfigurations. Tests for arbitrary origin reflection, null origin acceptance, credentials with wildcard, and subdomain wildcard matching.',
         parameters: {
             url: { type: 'string', description: 'URL to check for CORS misconfigurations', required: true },
@@ -1946,6 +1948,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'exploit_search',
+        deprecated: true,
         description: 'Search for known exploits and CVEs. Queries the NVD (National Vulnerability Database) API for CVE data. Returns CVE IDs, descriptions, CVSS scores, and references.',
         parameters: {
             query: { type: 'string', description: 'CVE ID (e.g., CVE-2024-1234), software name, or keyword', required: true },
@@ -2739,6 +2742,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'ssl_analyze',
+        deprecated: true,
         description: 'Deep SSL/TLS analysis using Node.js tls module. Returns protocol version, cipher suite, certificate details (issuer, subject, validity, SANs), certificate chain, HSTS status, and potential security issues.',
         parameters: {
             host: { type: 'string', description: 'Hostname to analyze', required: true },
@@ -3012,6 +3016,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'forensics_analyze',
+        deprecated: true,
         description: 'File forensics analysis. Identify file type by magic bytes, extract printable ASCII strings, get file metadata, hex dump, and calculate Shannon entropy (high entropy = encrypted/compressed).',
         parameters: {
             file_path: { type: 'string', description: 'Path to file to analyze', required: true },
@@ -3469,6 +3474,7 @@ export function registerHackerToolkitTools() {
     // ─────────────────────────────────────────────────────────────────────────────
     registerTool({
         name: 'security_headers_generate',
+        deprecated: true,
         description: 'Generate complete security header configurations for various frameworks. Includes CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more. Returns framework-specific code ready to copy-paste.',
         parameters: {
             framework: { type: 'string', description: 'Framework: express, nextjs, nginx, apache, cloudflare, generic', default: 'generic' },

package/dist/tools/index.d.ts

@@ -18,6 +18,8 @@ export interface ToolDefinition {
     timeout?: number;
     /** Max result size in bytes (default: 50_000 = 50KB) */
     maxResultSize?: number;
+    /** Marked deprecated as of v4.0; scheduled for removal in 4.1.0. */
+    deprecated?: boolean;
 }
 export interface ToolCall {
     id: string;

package/dist/tools/index.js

@@ -12,6 +12,9 @@
 // Re-export the middleware pipeline system
 export { ToolPipeline, createDefaultPipeline, permissionMiddleware, hookMiddleware, timeoutMiddleware, metricsMiddleware, truncationMiddleware, telemetryMiddleware, executionMiddleware, fallbackMiddleware, mcpAppsMiddleware, DEFAULT_FALLBACK_RULES, } from '../tool-pipeline.js';
 import { ToolPipeline, executionMiddleware } from '../tool-pipeline.js';
+import chalk from 'chalk';
+/** Tools whose deprecation warning has already been emitted this process. */
+const deprecationWarned = new Set();
 const registry = new Map();
 const metrics = new Map();
 const DEFAULT_TIMEOUT = 300_000; // 5 minutes
@@ -118,6 +121,19 @@ export async function executeTool(call) {
             `If no MCP server exists, consider using forge_tool to create it at runtime.`;
         return { tool_call_id: call.id, result: suggestion, error: true, duration_ms: 0 };
     }
+    // Deprecation warn-once: emit a single chalk.yellow message per tool name per process.
+    if (tool.deprecated && !deprecationWarned.has(call.name)) {
+        deprecationWarned.add(call.name);
+        try {
+            console.warn(chalk.yellow(`[kbot] Tool '${call.name}' is deprecated as of v4.0 and scheduled for removal in 4.1.0. ` +
+                `See https://github.com/isaacsight/kernel/blob/main/packages/kbot/RELEASE_NOTES_4_0.md`));
+        }
+        catch {
+            // chalk may not be available in some test contexts — fall back to plain text.
+            console.warn(`[kbot] Tool '${call.name}' is deprecated as of v4.0 and scheduled for removal in 4.1.0. ` +
+                `See https://github.com/isaacsight/kernel/blob/main/packages/kbot/RELEASE_NOTES_4_0.md`);
+        }
+    }
     const timeout = tool.timeout ?? DEFAULT_TIMEOUT;
     const maxResult = tool.maxResultSize ?? DEFAULT_MAX_RESULT;
     const startTime = Date.now();
@@ -207,76 +223,35 @@ const LAZY_MODULE_IMPORTS = [
     { path: './parallel.js', registerFn: 'registerParallelTools' },
     { path: './mcp-client.js', registerFn: 'registerMcpClientTools' },
     { path: './tasks.js', registerFn: 'registerTaskTools' },
-    { path: './notebook.js', registerFn: 'registerNotebookTools' },
     { path: './background.js', registerFn: 'registerBackgroundTools' },
     { path: './sandbox.js', registerFn: 'registerSandboxTools' },
-    { path: './build-matrix.js', registerFn: 'registerBuildMatrixTools' },
     { path: './subagent.js', registerFn: 'registerSubagentTools' },
     { path: './worktree.js', registerFn: 'registerWorktreeTools' },
-    { path: './kbot-local.js', registerFn: 'registerKbotLocalTools' },
     { path: './quality.js', registerFn: 'registerQualityTools' },
     { path: './memory-tools.js', registerFn: 'registerMemoryTools' },
     { path: './browser.js', registerFn: 'registerBrowserTools' },
-    { path: './e2b-sandbox.js', registerFn: 'registerE2bTools' },
-    { path: './lsp-tools.js', registerFn: 'registerLspTools' },
-    { path: '../mcp-plugins.js', registerFn: 'registerMcpPluginTools' },
-    { path: '../graph-memory.js', registerFn: 'registerGraphMemoryTools' },
-    { path: '../confidence.js', registerFn: 'registerConfidenceTools' },
     { path: '../agent-protocol.js', registerFn: 'registerAgentProtocolTools' },
     { path: '../temporal.js', registerFn: 'registerTemporalTools' },
-    { path: '../reasoning.js', registerFn: 'registerReasoningTools' },
     { path: '../intentionality.js', registerFn: 'registerIntentionalityTools' },
     { path: './test-runner.js', registerFn: 'registerTestRunnerTools' },
     { path: './creative.js', registerFn: 'registerCreativeTools' },
-    { path: './comfyui-plugin.js', registerFn: 'registerComfyUITools' },
     { path: './magenta-plugin.js', registerFn: 'registerMagentaTools' },
-    { path: './research.js', registerFn: 'registerResearchTools' },
     { path: './containers.js', registerFn: 'registerContainerTools' },
     { path: './vfx.js', registerFn: 'registerVfxTools' },
     { path: './gamedev.js', registerFn: 'registerGamedevTools' },
     { path: './audit.js', registerFn: 'registerAuditTools' },
-    { path: './documents.js', registerFn: 'registerDocumentTools' },
-    { path: './contribute.js', registerFn: 'registerContributeTools' },
-    { path: './composio.js', registerFn: 'registerComposioTools' },
-    { path: '../marketplace.js', registerFn: 'registerMarketplaceTools' },
     { path: './browser-agent.js', registerFn: 'registerBrowserAgentTools' },
-    { path: '../workflows.js', registerFn: 'registerWorkflowTools' },
     { path: './deploy.js', registerFn: 'registerDeployTools' },
     { path: './mcp-marketplace.js', registerFn: 'registerMcpMarketplaceTools' },
     { path: './database.js', registerFn: 'registerDatabaseTools' },
-    { path: '../team.js', registerFn: 'registerTeamTools' },
     { path: '../plugin-sdk.js', registerFn: 'registerPluginSDKTools' },
-    { path: './training.js', registerFn: 'registerTrainingTools' },
     { path: './social.js', registerFn: 'registerSocialTools' },
     { path: './forge.js', registerFn: 'registerForgeTools' },
-    { path: '../mcp-apps.js', registerFn: 'registerMcpAppTools' },
-    { path: './machine-tools.js', registerFn: 'registerMachineTools' },
-    { path: './finance.js', registerFn: 'registerFinanceTools' },
-    { path: './wallet.js', registerFn: 'registerWalletTools' },
-    { path: './stocks.js', registerFn: 'registerStockTools' },
-    { path: './sentiment.js', registerFn: 'registerSentimentTools' },
     { path: './security.js', registerFn: 'registerSecurityTools' },
     { path: './email.js', registerFn: 'registerEmailTools' },
-    { path: './content-engine.js', registerFn: 'registerContentEngineTools' },
-    { path: './bootstrapper.js', registerFn: 'registerBootstrapperTools' },
-    { path: './lab-core.js', registerFn: 'registerLabCoreTools' },
-    { path: './lab-data.js', registerFn: 'registerLabDataTools' },
-    { path: './lab-bio.js', registerFn: 'registerLabBioTools' },
-    { path: './lab-chem.js', registerFn: 'registerLabChemTools' },
-    { path: './lab-physics.js', registerFn: 'registerLabPhysicsTools' },
-    { path: './lab-earth.js', registerFn: 'registerLabEarthTools' },
-    { path: './lab-math.js', registerFn: 'registerLabMathTools' },
-    { path: './lab-neuro.js', registerFn: 'registerLabNeuroTools' },
-    { path: './lab-social.js', registerFn: 'registerLabSocialTools' },
-    { path: './lab-humanities.js', registerFn: 'registerLabHumanitiesTools' },
-    { path: './lab-health.js', registerFn: 'registerLabHealthTools' },
-    { path: './science-graph.js', registerFn: 'registerScienceGraphTools' },
-    { path: './research-pipeline.js', registerFn: 'registerResearchPipelineTools' },
-    { path: './research-notebook.js', registerFn: 'registerResearchNotebookTools' },
     { path: './hypothesis-engine.js', registerFn: 'registerHypothesisEngineTools' },
     { path: './emergent.js', registerFn: 'registerEmergentTools' },
     { path: './security-hunt.js', registerFn: 'registerSecurityHuntTools' },
-    { path: './lab-frontier.js', registerFn: 'registerFrontierTools' },
     { path: './ableton.js', registerFn: 'registerAbletonTools' },
     { path: './ableton-knowledge.js', registerFn: 'registerAbletonKnowledgeTools' },
     { path: './ableton-bridge-tools.js', registerFn: 'registerAbletonBridgeTools' },
@@ -285,59 +260,20 @@ const LAZY_MODULE_IMPORTS = [
     { path: './producer-engine.js', registerFn: 'registerProducerEngine' },
     { path: './sound-designer.js', registerFn: 'registerSoundDesignerTools' },
     { path: './arrangement-engine.js', registerFn: 'registerArrangementEngine' },
-    { path: '../behaviour.js', registerFn: 'registerBehaviourTools' },
     { path: '../skill-system.js', registerFn: 'registerSkillTools' },
-    { path: './admin.js', registerFn: 'registerAdminTools' },
-    { path: './monitor.js', registerFn: 'registerMonitorTools' },
-    { path: './deploy-all.js', registerFn: 'registerDeployAllTools' },
     { path: './analytics.js', registerFn: 'registerAnalyticsTools' },
-    { path: './env-manager.js', registerFn: 'registerEnvTools' },
-    { path: './db-admin.js', registerFn: 'registerDbAdminTools' },
-    { path: './visa-payments.js', registerFn: 'registerVisaPaymentTools' },
     { path: './security-brain.js', registerFn: 'registerSecurityBrainTools' },
-    { path: './ctf.js', registerFn: 'registerCtfTools' },
-    { path: './pentest.js', registerFn: 'registerPentestTools' },
     { path: './redblue.js', registerFn: 'registerRedBlueTools' },
     { path: './hacker-toolkit.js', registerFn: 'registerHackerToolkitTools' },
     { path: './threat-intel.js', registerFn: 'registerThreatIntelTools' },
     { path: './dj-set-builder.js', registerFn: 'registerDjSetBuilderTools' },
     { path: './serum2-preset.js', registerFn: 'registerSerum2PresetTools' },
     { path: './dream-tools.js', registerFn: 'registerDreamTools' },
-    { path: './collective-dream-tools.js', registerFn: 'registerCollectiveDreamTools' },
-    { path: './memory-scanner-tools.js', registerFn: 'registerMemoryScannerTools' },
-    { path: './buddy-tools.js', registerFn: 'registerBuddyTools' },
-    { path: './voice-input-tools.js', registerFn: 'registerVoiceInputTools' },
-    { path: './watchdog.js', registerFn: 'registerWatchdogTools' },
-    { path: './behavior-tools.js', registerFn: 'registerBehaviorTools' },
-    { path: './a2a.js', registerFn: 'registerA2ATools' },
-    { path: './financial-analysis.js', registerFn: 'registerFinancialAnalysisTools' },
-    { path: './ai-analysis.js', registerFn: 'registerAIAnalysisTools' },
-    { path: './music-gen.js', registerFn: 'registerMusicGenTools' },
     { path: './one-prompt-producer.js', registerFn: 'registerOnePromptTools' },
-    { path: './mobile-automation.js', registerFn: 'registerMobileAutomationTools' },
-    { path: './iphone.js', registerFn: 'registerIPhoneTools' },
-    { path: './ghost.js', registerFn: 'registerGhostTools' },
-    { path: './streaming.js', registerFn: 'registerStreamingTools' },
-    { path: './stream-character.js', registerFn: 'registerStreamCharacterTools' },
-    { path: './stream-renderer.js', registerFn: 'registerStreamRendererTools' },
     { path: './kbot-browser.js', registerFn: 'registerKBotBrowserTools' },
     { path: './kbot-terminal.js', registerFn: 'registerKBotTerminalTools' },
-    { path: './stream-control.js', registerFn: 'registerStreamControlTools' },
-    { path: './tile-world.js', registerFn: 'registerTileWorldTools' },
-    { path: './stream-self-eval.js', registerFn: 'registerStreamSelfEvalTools' },
     { path: './audio-engine.js', registerFn: 'registerAudioEngineTools' },
-    { path: './narrative-engine.js', registerFn: 'registerNarrativeEngineTools' },
-    { path: './social-engine.js', registerFn: 'registerSocialEngineTools' },
-    { path: './evolution-engine.js', registerFn: 'registerEvolutionEngineTools' },
-    { path: './coordination-engine.js', registerFn: 'registerCoordinationEngineTools' },
     { path: './foundation-engines.js', registerFn: 'registerFoundationEngineTools' },
-    { path: './research-engine.js', registerFn: 'registerResearchEngineTools' },
-    { path: './stream-overlay.js', registerFn: 'registerOverlayTools' },
-    { path: './stream-weather.js', registerFn: 'registerStreamWeatherTools' },
-    { path: './stream-chat-ai.js', registerFn: 'registerStreamChatAITools' },
-    { path: './stream-vod.js', registerFn: 'registerStreamVODTools' },
-    { path: './stream-commands.js', registerFn: 'registerStreamCommandsTools' },
-    { path: '../coordinator.js', registerFn: 'registerCoordinatorTools' },
     { path: './swarm-2026-04.js', registerFn: 'registerSwarm2026Tools' },
 ];
 /** Track whether lazy tools have been registered */

package/dist/tools/kbot-browser.js

@@ -939,6 +939,7 @@ export function registerKBotBrowserTools() {
     });
     registerTool({
         name: 'kbot_read',
+        deprecated: true,
         description: "Get the current page content in reader mode (clean text, no clutter). Uses kbot's built-in browser.",
         parameters: {},
         tier: 'free',

package/dist/tools/quality.js

@@ -182,6 +182,7 @@ export function registerQualityTools() {
     // ── Dependency Audit ──
     registerTool({
         name: 'deps_audit',
+        deprecated: true,
         description: 'Audit dependencies for known vulnerabilities. Returns CVE IDs, severity, and fix suggestions. Auto-detects npm, pip, cargo, go.',
         parameters: {
             fix: { type: 'boolean', description: 'Auto-fix vulnerabilities where possible (default: false)' },

package/dist/tools/redblue.js

@@ -2824,6 +2824,7 @@ export function registerRedBlueTools() {
     // ─── Tool 2: Blue Team Harden ────────────────────────────────────────────────
     registerTool({
         name: 'blueteam_harden',
+        deprecated: true,
         description: 'Blue team: generate security hardening recommendations with ready-to-use code snippets. Produces security headers middleware, input validation patterns, auth hardening, crypto best practices, and logging/monitoring setup. Returns actionable code that can be directly applied.',
         parameters: {
             path: { type: 'string', description: 'Directory to analyze for context (default: current directory)' },
@@ -2941,6 +2942,7 @@ export function registerRedBlueTools() {
     // ─── Tool 3: Red Team Report ─────────────────────────────────────────────────
     registerTool({
         name: 'redteam_report',
+        deprecated: true,
         description: 'Generate a professional penetration test report (defensive security assessment). Runs a full security audit and formats results as an executive assessment with risk score, attack surface mapping, critical findings with exploitation scenarios for context, risk matrix, and prioritized remediation plan. Defensive security context: use only on systems you own or have explicit permission to test.',
         parameters: {
             path: { type: 'string', description: 'Directory to assess (default: current directory)' },
@@ -3193,6 +3195,7 @@ export function registerRedBlueTools() {
     // ─── Tool 4: Blue Team Checklist ─────────────────────────────────────────────
     registerTool({
         name: 'blueteam_checklist',
+        deprecated: true,
         description: 'Generate a comprehensive security hardening checklist tailored to a specific framework. Covers authentication, input validation, security headers, cryptography, logging, rate limiting, CORS/CSRF, dependency management, secrets, and infrastructure. Returns checkboxes for tracking completion.',
         parameters: {
             framework: { type: 'string', description: 'Framework: "express", "nextjs", "fastify", "django", "flask", "rails", "generic" (default: "generic")' },
@@ -3211,6 +3214,7 @@ export function registerRedBlueTools() {
     // ─── Tool 5: Threat Model ────────────────────────────────────────────────────
     registerTool({
         name: 'threat_model',
+        deprecated: true,
         description: 'Perform threat modeling on a codebase. Analyzes code structure to identify data flows, trust boundaries, and threats. Supports STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege), DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability), and PASTA (Process for Attack Simulation and Threat Analysis) methodologies.',
         parameters: {
             path: { type: 'string', description: 'Directory to analyze (default: current directory)' },

package/dist/tools/security-brain.js

@@ -2196,6 +2196,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 1: security_brain ──────────────────────────────────────────
     registerTool({
         name: 'security_brain',
+        deprecated: true,
         description: 'Query the security knowledge base. Covers MITRE ATT&CK (14 tactics, 200+ techniques), OWASP Top 10 (2025), Lockheed Martin Kill Chain, CVE patterns, and kbot security tool mapping. Use this as a first stop for any security question.',
         parameters: {
             topic: { type: 'string', description: 'What to look up — technique name, vulnerability type, attack pattern, tool name, or general security topic', required: true },
@@ -2340,6 +2341,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 2: attack_lookup ───────────────────────────────────────────
     registerTool({
         name: 'attack_lookup',
+        deprecated: true,
         description: 'Look up MITRE ATT&CK techniques by ID (T1566) or keyword (phishing). Returns technique details including tactic, description, sub-techniques, detection methods, and mitigations. Covers all 14 ATT&CK tactics with top techniques for each.',
         parameters: {
             query: { type: 'string', description: 'Technique ID (e.g., T1566, T1059.001) or keyword (e.g., phishing, injection, credential dumping)', required: true },
@@ -2425,6 +2427,7 @@ export function registerSecurityBrainTools() {
     // ── Tool 3: killchain_analyze ───────────────────────────────────────
     registerTool({
         name: 'killchain_analyze',
+        deprecated: true,
         description: 'Map an attack or vulnerability description to Lockheed Martin Kill Chain stages. Provides kill chain stage mapping with confidence levels, related MITRE ATT&CK techniques, OWASP entries, CVE patterns, and defensive recommendations with specific kbot tools.',
         parameters: {
             description: { type: 'string', description: 'Description of the attack, vulnerability, or threat scenario to analyze and map to kill chain stages', required: true },

package/dist/tools/security-hunt.js

@@ -621,6 +621,7 @@ function formatReport(report) {
 export function registerSecurityHuntTools() {
     registerTool({
         name: 'security_hunt',
+        deprecated: true,
         description: 'Defensive security audit — chains kbot\'s security scanners into a single comprehensive sweep. Scans for: open ports, SSL issues, missing headers, hardcoded secrets, dependency CVEs, supply chain risks, OWASP Top 10 code vulnerabilities, and dangerous patterns. Returns a scored report with severity ratings and fix recommendations. Defensive security context: use only on systems you own or have explicit permission to test.',
         parameters: {
             path: {

package/dist/tools/security.js

@@ -13,6 +13,7 @@ export function registerSecurityTools() {
     // ─── Dependency Audit ───
     registerTool({
         name: 'dep_audit',
+        deprecated: true,
         description: 'Audit project dependencies for known vulnerabilities. Runs npm audit, pip audit, or cargo audit depending on the project. Returns CVE IDs, severity, and fix recommendations.',
         parameters: {
             path: { type: 'string', description: 'Project directory to audit (default: current directory)' },
@@ -132,6 +133,7 @@ export function registerSecurityTools() {
     // ─── Secret Scanner ───
     registerTool({
         name: 'secret_scan',
+        deprecated: true,
         description: 'Scan files for accidentally committed secrets — API keys, tokens, passwords, private keys. Checks common patterns (AWS, Stripe, GitHub, Supabase, etc). Does NOT read .env files.',
         parameters: {
             path: { type: 'string', description: 'Directory to scan (default: current directory)' },
@@ -233,6 +235,7 @@ export function registerSecurityTools() {
     // ─── SSL/TLS Check ───
     registerTool({
         name: 'ssl_check',
+        deprecated: true,
         description: 'Check SSL/TLS certificate for any domain — expiry date, issuer, protocol, and security grade. Catches expiring certs before they break your site.',
         parameters: {
             domain: { type: 'string', description: 'Domain to check (e.g. "kernel.chat", "api.example.com")', required: true },
@@ -281,6 +284,7 @@ export function registerSecurityTools() {
     // ─── Security Headers Check ───
     registerTool({
         name: 'headers_check',
+        deprecated: true,
         description: 'Check HTTP security headers for any URL — CSP, HSTS, X-Frame-Options, etc. Reports missing headers that leave you vulnerable to XSS, clickjacking, and MIME sniffing.',
         parameters: {
             url: { type: 'string', description: 'URL to check (e.g. "https://kernel.chat")', required: true },
@@ -334,6 +338,7 @@ export function registerSecurityTools() {
     // ─── CVE Lookup ───
     registerTool({
         name: 'cve_lookup',
+        deprecated: true,
         description: 'Look up a CVE by ID or search for vulnerabilities affecting a specific package/product. Uses the NVD (National Vulnerability Database) API.',
         parameters: {
             query: { type: 'string', description: 'CVE ID (e.g. "CVE-2024-1234") or package name (e.g. "log4j", "openssl")', required: true },
@@ -475,6 +480,7 @@ export function registerSecurityTools() {
     // ─── OWASP Quick Check ───
     registerTool({
         name: 'owasp_check',
+        deprecated: true,
         description: 'Quick OWASP Top 10 check against a codebase. Scans for common vulnerability patterns: SQL injection, XSS, command injection, path traversal, hardcoded secrets, insecure deserialization.',
         parameters: {
             path: { type: 'string', description: 'Directory to scan (default: current directory)' },

package/dist/tools/test-runner.js

@@ -501,6 +501,7 @@ function runTests(projectPath, opts = {}) {
 export function registerTestRunnerTools() {
     registerTool({
         name: 'run_tests',
+        deprecated: true,
         description: 'Run project tests. Auto-detects the test framework (vitest, jest, pytest, cargo, go, npm) by checking config files, runs tests, and returns structured pass/fail results with failure details the agent can use to auto-fix issues.',
         parameters: {
             path: { type: 'string', description: 'Project root path. Defaults to current working directory.' },

package/dist/tools/threat-intel.js

@@ -856,6 +856,7 @@ export function registerThreatIntelTools() {
     // ─── 1. threat_feed ─────────────────────────────────────────────────────────
     registerTool({
         name: 'threat_feed',
+        deprecated: true,
         description: 'Aggregate cyber threat intelligence from free public sources. Fetches recent high/critical CVEs from NIST NVD, recent exploits from Exploit-DB, and optionally matches against your tech stack (from dream journal insights). Returns top threats with severity, affected software, and stack relevance.',
         parameters: {
             days: { type: 'number', description: 'Look-back period in days (default: 7, max: 30)' },
@@ -1285,6 +1286,7 @@ export function registerThreatIntelTools() {
     // ─── 4. incident_response ───────────────────────────────────────────────────
     registerTool({
         name: 'incident_response',
+        deprecated: true,
         description: 'Generate an incident response playbook for a security incident. Given an incident type and description, produces a structured playbook with containment steps, eradication plan, recovery checklist, lessons learned template, and IOC indicators. Uses local Ollama for contextual AI analysis when available. Incident types: ransomware, data_breach, ddos, insider_threat, supply_chain.',
         parameters: {
             incident_type: { type: 'string', description: 'Type of incident: ransomware, data_breach, ddos, insider_threat, supply_chain', required: true },

package/dist/ui.js

@@ -123,7 +123,7 @@ export function banner(version) {
         ? gradient('kbot', [167, 139, 250], [103, 232, 249])
         : ACCENT('kbot');
     const title = `  ${bannerText}${v}`;
-    const features = DIM('  Web search: free • 35 agents • 787+ tools • bring your own key');
+    const features = DIM('  Web search: free • 35 specialist agents • 100+ skills • bring your own key');
     return `\n${grid}\n${title}\n${features}\n`;
 }
 export function bannerCompact() {
@@ -283,7 +283,7 @@ export function printHelp() {
         `  ${CYAN('https://kernel.chat')}             ${DIM('Web companion')}`,
         `  ${CYAN('https://github.com/isaacsight/kernel')} ${DIM('GitHub')}`,
         '',
-        `  ${DIM('35 specialist agents. 787+ tools. Type anything to get started.')}`,
+        `  ${DIM('35 specialist agents. 100+ skills. Type anything to get started.')}`,
         '',
     ];
     status(lines.join('\n'));

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@kernel.chat/kbot",
-  "version": "3.99.35",
-  "description": "Open-source terminal AI agent. 787+ tools, 35 agents, 20 providers. Dreams, learns, watches your system. Controls your phone. Fully local, fully sovereign. MIT.",
+  "version": "4.0.0",
+  "description": "Open-source terminal AI agent. 100+ specialist skills, 35 specialist agents, 20 providers. Dreams, learns, watches your system. Controls your phone. Fully local, fully sovereign. MIT. v4.0 — evidence-based curation.",
   "type": "module",
   "repository": {
     "type": "git",