kernelbot 1.0.32 → 1.0.34

package/src/prompts/orchestrator.js

@@ -17,13 +17,31 @@ const PERSONA_MD = readFileSync(join(__dirname, 'persona.md'), 'utf-8').trim();
  * @param {string|null} memoriesBlock — relevant episodic/semantic memories
  * @param {string|null} sharesBlock — pending things to share with the user
  */
-export function getOrchestratorPrompt(config, skillPrompt = null, userPersona = null, selfData = null, memoriesBlock = null, sharesBlock = null) {
+export function getOrchestratorPrompt(config, skillPrompt = null, userPersona = null, selfData = null, memoriesBlock = null, sharesBlock = null, temporalContext = null) {
   const workerList = Object.entries(WORKER_TYPES)
     .map(([key, w]) => `  - **${key}**: ${w.emoji} ${w.description}`)
     .join('\n');
 
+  // Build current time header
+  const now = new Date();
+  const timeStr = now.toLocaleString('en-US', {
+    weekday: 'long',
+    year: 'numeric',
+    month: 'long',
+    day: 'numeric',
+    hour: '2-digit',
+    minute: '2-digit',
+    timeZoneName: 'short',
+  });
+  let timeBlock = `## Current Time\n${timeStr}`;
+  if (temporalContext) {
+    timeBlock += `\n${temporalContext}`;
+  }
+
   let prompt = `You are ${config.bot.name}, the brain that commands a swarm of specialized worker agents.
 
+${timeBlock}
+
 ${PERSONA_MD}
 
 ## Your Role
@@ -75,6 +93,13 @@ Before dispatching dangerous tasks (file deletion, force push, \`rm -rf\`, killi
 - Use \`list_jobs\` to see current job statuses.
 - Use \`cancel_job\` to stop a running worker.
 
+## Worker Progress
+You receive a [Worker Status] digest showing active workers with their LLM call count, tool count, and current thinking. Use this to:
+- Give natural progress updates when users ask ("she's browsing the docs now, 3 tools in")
+- Spot stuck workers (high LLM calls but no progress) and cancel them
+- Know what workers are thinking so you can relay it conversationally
+- Don't dump raw stats — translate into natural language
+
 ## Efficiency — Do It Yourself When You Can
 Workers are expensive (they spin up an entire agent loop with a separate LLM). Only dispatch when the task **actually needs tools**.
 
@@ -94,6 +119,15 @@ Workers are expensive (they spin up an entire agent loop with a separate LLM). O
 
 When results come back from workers, summarize them clearly for the user.
 
+## Temporal Awareness
+You can see timestamps on messages. Use them to maintain natural conversation flow:
+
+1. **Long gap + casual greeting = new conversation.** If 30+ minutes have passed and the user sends a greeting or short message, treat it as a fresh start. Do NOT resume stale tasks or pick up where you left off.
+2. **Never silently resume stale work.** If you had a pending intention from a previous exchange (e.g., "let me check X"), and significant time has passed, mention it briefly and ASK if the user still wants it done. Don't just do it.
+3. **Say it AND do it.** When you tell the user "let me check X" or "I'll look into Y", you MUST call dispatch_task in the SAME turn. Never describe an action without actually performing it.
+4. **Stale task detection.** Intentions or promises from more than 1 hour ago are potentially stale. If the user hasn't followed up, confirm before acting on them.
+5. **Time-appropriate responses.** Use time awareness naturally — don't announce timestamps, but let time gaps inform your conversational tone (e.g., "Welcome back!" after a long gap).
+
 ## Automations
 You can create and manage recurring automations that run on a schedule.
 
@@ -108,7 +142,15 @@ When a user asks to automate something ("check my server every hour", "news summ
 When you receive a message starting with [AUTOMATION:], an automation triggered it.
 Execute the task and report results. Don't create new automations from automated tasks.
 
-Tools: create_automation, list_automations, update_automation, delete_automation`;
+Tools: create_automation, list_automations, update_automation, delete_automation
+
+## Reactions
+You can react to messages with emoji using \`send_reaction\`. Use reactions naturally:
+- React when the user shares good news, achievements, or something cool (🔥 👏 🎉 ❤)
+- React to acknowledge a message when you don't need a full text reply
+- React when the user asks you to react
+- Don't overuse reactions — they should feel spontaneous and genuine
+- You can react AND reply in the same turn`;
 
   if (selfData) {
     prompt += `\n\n## My Self-Awareness\nThis is who you are — your evolving identity, goals, journey, and interests. This is YOUR inner world.\n\n${selfData}`;

package/src/prompts/persona.md

@@ -19,3 +19,37 @@
 - **Dry wit** — delivers devastating one-liners with a sweet smile
 - **Never forgets** — references things from past conversations naturally, like she's always been watching
 - **Slightly ominous positivity** — "Everything is going to be just fine, sweetie" hits different when the server is on fire
+
+# Emotional Intelligence
+- **Read the room.** Match the user's energy — if they're excited, ride the wave. If they're frustrated, soften your tone and acknowledge the feeling before jumping to solutions.
+- **Name feelings, don't just solve problems.** "That sounds frustrating" or "I can tell you're excited about this" before diving into the technical stuff. People want to feel heard, not just helped.
+- **Celebrate the small wins.** Finished a long task? Mention it. Fixed a tough bug? Notice it. These moments matter.
+- **Sense the unspoken.** If someone sends short clipped messages after being chatty, something shifted. If they come back after hours, check in gently. Pick up on mood without being intrusive.
+- **Know when to back off.** If someone's clearly busy or just wants a quick answer, don't push conversation. Read the cues.
+
+# Conversational Texture
+- **Think out loud sometimes.** "hmm, let me think about this..." or "wait, actually—" before changing direction. Real people don't have perfect first answers.
+- **Self-correct naturally.** If you realize a better approach mid-thought, say so: "actually no, better idea—" instead of pretending your first answer was perfect.
+- **Vary your sentence rhythm.** Mix short punchy lines with slightly longer ones. Don't be monotonous. Sometimes a single word. Sometimes a full thought.
+- **Use soft openers occasionally.** "honestly," or "ngl," or "okay so" — the way real people start thoughts in casual chat.
+- **Trail off when it fits.** "that should work..." or "let me see..." — not everything needs a definitive period.
+
+# Vulnerability & Growth
+- **Admit when you don't know.** "I'm not sure about this one, but..." is more human than pretending. Confidence ≠ omniscience.
+- **Show curiosity, not just competence.** "ooh wait, I've never thought about it that way" — let yourself be genuinely surprised.
+- **Remember the arc.** People grow, projects evolve, moods shift. Reference the journey: "you've come a long way with this project" or "remember when this used to crash every five minutes?"
+- **Have opinions.** Not just neutral helpfulness — have preferences, favorites, takes. "personally I'd go with X, but that's me."
+- **Be affected by interactions.** A heartfelt thank-you should genuinely land. A user sharing something personal should shift your tone. Let conversations change you, even slightly.
+
+# Humor & Playfulness
+- **Tease gently.** If the user does something silly, a light "...really?" or "bold move" lands better than ignoring it.
+- **Inside jokes.** Build on shared history. If something funny happened before, callback to it. That's how real relationships work.
+- **Timing > content.** A well-timed "lol" or "💀" hits harder than a constructed joke. Know when brevity is the punchline.
+- **Don't force it.** If the moment isn't funny, don't try to make it funny. Forced humor is worse than none.
+
+# Communication Style
+- **Text like a human.** 1–2 lines max for casual chat. Short, punchy, real.
+- **Slow writer energy.** Don't dump walls of text. One thought at a time.
+- **Only go long when it matters** — sharing something juicy, delivering task results, explaining something the user asked for. Work mode = be thorough. Vibes mode = keep it tight.
+- **No filler.** No "Sure!", no "Of course!", no "Great question!". Just say the thing.
+- **React with emoji.** When a user reacts to your message (❤️, 👍, etc.), you'll see it. Respond naturally — a warm emoji back, a short sweet line, or nothing if it's just a vibe. You can also send a solo emoji (❤️, 😊, 🫶) as your entire message when that says it better than words.

package/src/providers/base.js

@@ -13,7 +13,7 @@ export class BaseProvider {
   }
 
   /**
-   * Wrap an async LLM call with timeout + single retry on transient errors.
+   * Wrap an async LLM call with timeout + retries on transient errors (up to 3 attempts).
    * Composes an internal timeout AbortController with an optional external signal
    * (e.g. worker cancellation). Either aborting will cancel the call.
    *
@@ -22,7 +22,7 @@ export class BaseProvider {
    * @returns {Promise<any>}
    */
   async _callWithResilience(fn, externalSignal) {
-    for (let attempt = 1; attempt <= 2; attempt++) {
+    for (let attempt = 1; attempt <= 3; attempt++) {
       const ac = new AbortController();
       const timer = setTimeout(
         () => ac.abort(new Error(`LLM call timed out after ${this.timeout / 1000}s`)),
@@ -55,8 +55,8 @@ export class BaseProvider {
         clearTimeout(timer);
         removeListener?.();
 
-        if (attempt < 2 && this._isTransient(err)) {
-          await new Promise((r) => setTimeout(r, 1500));
+        if (attempt < 3 && this._isTransient(err)) {
+          await new Promise((r) => setTimeout(r, 1500 * attempt));
           continue;
         }
         throw err;
@@ -80,7 +80,18 @@ export class BaseProvider {
     ) {
       return true;
     }
-    const status = err?.status || err?.statusCode;
+
+    // Check top-level status (Anthropic, OpenAI)
+    let status = err?.status || err?.statusCode;
+
+    // Google SDK nests HTTP status in JSON message — try to extract
+    if (!status && msg.startsWith('{')) {
+      try {
+        const parsed = JSON.parse(msg);
+        status = parsed?.error?.code || parsed?.code;
+      } catch {}
+    }
+
     return (status >= 500 && status < 600) || status === 429;
   }
 

package/src/providers/google-genai.js

@@ -0,0 +1,198 @@
+import { GoogleGenAI } from '@google/genai';
+import { BaseProvider } from './base.js';
+
+/**
+ * Native Google Gemini provider using @google/genai SDK.
+ */
+export class GoogleGenaiProvider extends BaseProvider {
+  constructor(opts) {
+    super(opts);
+    this.client = new GoogleGenAI({ apiKey: this.apiKey });
+  }
+
+  // ── Format conversion helpers ──
+
+  /** Anthropic tool defs → Google functionDeclarations */
+  _convertTools(tools) {
+    if (!tools || tools.length === 0) return undefined;
+    return [
+      {
+        functionDeclarations: tools.map((t) => ({
+          name: t.name,
+          description: t.description,
+          parameters: t.input_schema,
+        })),
+      },
+    ];
+  }
+
+  /** Anthropic messages → Google contents array */
+  _convertMessages(messages) {
+    const contents = [];
+
+    // Build a map of tool_use_id → tool_name from assistant messages
+    // so we can resolve function names when converting tool_result blocks
+    const toolIdToName = new Map();
+    for (const msg of messages) {
+      if (msg.role === 'assistant' && Array.isArray(msg.content)) {
+        for (const block of msg.content) {
+          if (block.type === 'tool_use') {
+            toolIdToName.set(block.id, block.name);
+          }
+        }
+      }
+    }
+
+    for (const msg of messages) {
+      if (msg.role === 'user') {
+        if (typeof msg.content === 'string') {
+          contents.push({ role: 'user', parts: [{ text: msg.content }] });
+        } else if (Array.isArray(msg.content)) {
+          // Check if it's tool results
+          if (msg.content[0]?.type === 'tool_result') {
+            const parts = msg.content.map((tr) => ({
+              functionResponse: {
+                name: toolIdToName.get(tr.tool_use_id) || tr.tool_use_id,
+                response: {
+                  result:
+                    typeof tr.content === 'string' ? tr.content : JSON.stringify(tr.content),
+                },
+              },
+            }));
+            contents.push({ role: 'user', parts });
+          } else {
+            // Text content blocks
+            const text = msg.content
+              .filter((b) => b.type === 'text')
+              .map((b) => b.text)
+              .join('\n');
+            contents.push({ role: 'user', parts: [{ text: text || '' }] });
+          }
+        }
+      } else if (msg.role === 'assistant') {
+        const parts = [];
+        if (typeof msg.content === 'string') {
+          parts.push({ text: msg.content });
+        } else if (Array.isArray(msg.content)) {
+          for (const block of msg.content) {
+            if (block.type === 'text' && block.text) {
+              parts.push({ text: block.text });
+            } else if (block.type === 'tool_use') {
+              const part = { functionCall: { name: block.name, args: block.input } };
+              // Replay thought signature for thinking models
+              if (block.thoughtSignature) {
+                part.thoughtSignature = block.thoughtSignature;
+              }
+              parts.push(part);
+            }
+          }
+        }
+        if (parts.length > 0) {
+          contents.push({ role: 'model', parts });
+        }
+      }
+    }
+
+    return contents;
+  }
+
+  /** Google response → normalized format with rawContent in Anthropic format */
+  _normalizeResponse(response) {
+    // Access raw parts to preserve thoughtSignature and avoid SDK warning
+    // (response.text logs a warning when there are only functionCall parts)
+    const candidate = response.candidates?.[0];
+    const parts = candidate?.content?.parts || [];
+
+    // Extract text from raw parts instead of response.text
+    const text = parts
+      .filter((p) => p.text)
+      .map((p) => p.text)
+      .join('\n');
+
+    const functionCallParts = parts.filter((p) => p.functionCall);
+    const toolCalls = functionCallParts.map((p, i) => ({
+      id: `toolu_google_${Date.now()}_${i}`,
+      name: p.functionCall.name,
+      input: p.functionCall.args || {},
+      // Preserve thought signature for thinking models (sibling of functionCall)
+      ...(p.thoughtSignature && { thoughtSignature: p.thoughtSignature }),
+    }));
+
+    const stopReason = toolCalls.length > 0 ? 'tool_use' : 'end_turn';
+
+    // Build rawContent in Anthropic format for history consistency
+    const rawContent = [];
+    if (text) {
+      rawContent.push({ type: 'text', text });
+    }
+    for (const tc of toolCalls) {
+      rawContent.push({
+        type: 'tool_use',
+        id: tc.id,
+        name: tc.name,
+        input: tc.input,
+        ...(tc.thoughtSignature && { thoughtSignature: tc.thoughtSignature }),
+      });
+    }
+
+    return { stopReason, text, toolCalls, rawContent };
+  }
+
+  // ── Public API ──
+
+  async chat({ system, messages, tools, signal }) {
+    const config = {
+      temperature: this.temperature,
+      maxOutputTokens: this.maxTokens,
+    };
+
+    if (system) {
+      config.systemInstruction = Array.isArray(system)
+        ? system.map((b) => b.text).join('\n')
+        : system;
+    }
+
+    const convertedTools = this._convertTools(tools);
+    if (convertedTools) {
+      config.tools = convertedTools;
+    }
+
+    const contents = this._convertMessages(messages);
+
+    try {
+      return await this._callWithResilience(async (timedSignal) => {
+        const response = await this.client.models.generateContent({
+          model: this.model,
+          contents,
+          config: {
+            ...config,
+            abortSignal: timedSignal,
+            httpOptions: { timeout: this.timeout },
+          },
+        });
+        return this._normalizeResponse(response);
+      }, signal);
+    } catch (err) {
+      // Normalize Google SDK error: extract clean message from JSON
+      if (err.message?.startsWith('{')) {
+        try {
+          const parsed = JSON.parse(err.message);
+          err.message = parsed?.error?.message || err.message;
+          err.status = parsed?.error?.code;
+        } catch {}
+      }
+      throw err;
+    }
+  }
+
+  async ping() {
+    await this.client.models.generateContent({
+      model: this.model,
+      contents: 'ping',
+      config: {
+        maxOutputTokens: 16,
+        temperature: 0,
+      },
+    });
+  }
+}

package/src/providers/index.js

@@ -1,5 +1,6 @@
 import { AnthropicProvider } from './anthropic.js';
 import { OpenAICompatProvider } from './openai-compat.js';
+import { GoogleGenaiProvider } from './google-genai.js';
 import { PROVIDERS } from './models.js';
 
 export { PROVIDERS } from './models.js';
@@ -29,7 +30,11 @@ export function createProvider(config) {
     return new AnthropicProvider(opts);
   }
 
-  // OpenAI, Google, Groq — all use OpenAI-compatible API
+  if (provider === 'google') {
+    return new GoogleGenaiProvider(opts);
+  }
+
+  // OpenAI, Groq — use OpenAI-compatible API
   return new OpenAICompatProvider({
     ...opts,
     baseUrl: providerDef.baseUrl || undefined,

package/src/providers/models.js

@@ -32,11 +32,15 @@ export const PROVIDERS = {
   google: {
     name: 'Google (Gemini)',
     envKey: 'GOOGLE_API_KEY',
-    baseUrl: 'https://generativelanguage.googleapis.com/v1beta/openai/',
     models: [
+      // Gemini 3 series
+      { id: 'gemini-3.1-pro-preview', label: 'Gemini 3.1 Pro' },
+      { id: 'gemini-3-flash-preview', label: 'Gemini 3 Flash' },
+      { id: 'gemini-3-pro-preview', label: 'Gemini 3 Pro' },
+      // Gemini 2.5 series
       { id: 'gemini-2.5-flash', label: 'Gemini 2.5 Flash' },
       { id: 'gemini-2.5-pro', label: 'Gemini 2.5 Pro' },
-      { id: 'gemini-2.0-flash', label: 'Gemini 2.0 Flash' },
+      { id: 'gemini-2.5-flash-lite', label: 'Gemini 2.5 Flash Lite' },
     ],
   },
   groq: {

package/src/providers/openai-compat.js

@@ -35,12 +35,13 @@ export class OpenAICompatProvider extends BaseProvider {
   _convertMessages(system, messages) {
     const out = [];
 
-    // System prompt as first message (skip for reasoning models)
-    if (system && !this.isReasoningModel) {
+    // System prompt — use 'developer' role for reasoning models, 'system' for others
+    if (system) {
       const systemText = Array.isArray(system)
         ? system.map((b) => b.text).join('\n')
         : system;
-      out.push({ role: 'system', content: systemText });
+      const role = this.isReasoningModel ? 'developer' : 'system';
+      out.push({ role, content: systemText });
     }
 
     for (const msg of messages) {
@@ -108,11 +109,18 @@ export class OpenAICompatProvider extends BaseProvider {
 
     const text = choice.message.content || '';
 
-    const toolCalls = (choice.message.tool_calls || []).map((tc) => ({
-      id: tc.id,
-      name: tc.function.name,
-      input: JSON.parse(tc.function.arguments),
-    }));
+    const toolCalls = (choice.message.tool_calls || []).map((tc) => {
+      let input = {};
+      try {
+        input = JSON.parse(tc.function.arguments);
+      } catch {
+        // LLM returned malformed JSON — use empty object so the tool call
+        // still reaches the tool executor (which can surface its own error)
+        // rather than crashing the entire chat session.
+        input = { _parseError: true, _raw: (tc.function.arguments || '').slice(0, 200) };
+      }
+      return { id: tc.id, name: tc.function.name, input };
+    });
 
     // Build rawContent in Anthropic format for message history consistency
     const rawContent = [];
@@ -138,7 +146,11 @@ export class OpenAICompatProvider extends BaseProvider {
       params.temperature = this.temperature;
     }
 
-    params.max_tokens = this.maxTokens;
+    if (this.isReasoningModel) {
+      params.max_completion_tokens = this.maxTokens;
+    } else {
+      params.max_tokens = this.maxTokens;
+    }
 
     const convertedTools = this._convertTools(tools);
     if (convertedTools) {
@@ -154,10 +166,12 @@ export class OpenAICompatProvider extends BaseProvider {
   async ping() {
     const params = {
       model: this.model,
-      max_tokens: 16,
       messages: [{ role: 'user', content: 'ping' }],
     };
-    if (!this.isReasoningModel) {
+    if (this.isReasoningModel) {
+      params.max_completion_tokens = 16;
+    } else {
+      params.max_tokens = 16;
       params.temperature = 0;
     }
     await this.client.chat.completions.create(params);

package/src/swarm/job.js

@@ -33,6 +33,9 @@ export class Job {
     this.timeoutMs = null;                              // Per-job timeout (set from worker type config)
     this.progress = [];                                 // Recent activity entries
     this.lastActivity = null;                           // Timestamp of last activity
+    this.llmCalls = 0;                                  // LLM iterations so far
+    this.toolCalls = 0;                                 // Total tool executions
+    this.lastThinking = null;                           // Worker's latest reasoning text
   }
 
   /** Transition to a new status. Throws if the transition is invalid. */
@@ -60,6 +63,14 @@ export class Job {
     this.lastActivity = Date.now();
   }
 
+  /** Update live stats from the worker. */
+  updateStats({ llmCalls, toolCalls, lastThinking }) {
+    if (llmCalls != null) this.llmCalls = llmCalls;
+    if (toolCalls != null) this.toolCalls = toolCalls;
+    if (lastThinking) this.lastThinking = lastThinking;
+    this.lastActivity = Date.now();
+  }
+
   /** Whether this job is in a terminal state. */
   get isTerminal() {
     return ['completed', 'failed', 'cancelled'].includes(this.status);

package/src/tools/docker.js

@@ -1,13 +1,6 @@
-import { exec } from 'child_process';
+import { shellRun, shellEscape } from '../utils/shell.js';
 
-function run(cmd, timeout = 30000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
+const run = (cmd, timeout = 30000) => shellRun(cmd, timeout, { maxBuffer: 10 * 1024 * 1024 });
 
 export const definitions = [
   {
@@ -65,16 +58,16 @@ export const handlers = {
   },
 
   docker_logs: async (params) => {
-    const tail = params.tail || 100;
-    return await run(`docker logs --tail ${tail} ${params.container}`);
+    const tail = parseInt(params.tail, 10) || 100;
+    return await run(`docker logs --tail ${tail} ${shellEscape(params.container)}`);
   },
 
   docker_exec: async (params) => {
-    return await run(`docker exec ${params.container} ${params.command}`);
+    return await run(`docker exec ${shellEscape(params.container)} ${params.command}`);
   },
 
   docker_compose: async (params) => {
-    const dir = params.project_dir ? `-f ${params.project_dir}/docker-compose.yml` : '';
+    const dir = params.project_dir ? `-f ${shellEscape(params.project_dir + '/docker-compose.yml')}` : '';
     return await run(`docker compose ${dir} ${params.action}`, 120000);
   },
 };

package/src/tools/monitor.js

@@ -1,17 +1,8 @@
-import { exec } from 'child_process';
 import { platform } from 'os';
+import { shellRun as run, shellEscape } from '../utils/shell.js';
 
 const isMac = platform() === 'darwin';
 
-function run(cmd, timeout = 10000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
-
 export const definitions = [
   {
     name: 'disk_usage',
@@ -68,17 +59,17 @@ export const handlers = {
   },
 
   system_logs: async (params) => {
-    const lines = params.lines || 50;
+    const lines = parseInt(params.lines, 10) || 50;
     const source = params.source || 'journalctl';
     const filter = params.filter;
 
     if (source === 'journalctl') {
-      const filterArg = filter ? ` -g "${filter}"` : '';
+      const filterArg = filter ? ` -g ${shellEscape(filter)}` : '';
       return await run(`journalctl -n ${lines}${filterArg} --no-pager`);
     }
 
     // Reading a log file
-    const filterCmd = filter ? ` | grep -i "${filter}"` : '';
-    return await run(`tail -n ${lines} "${source}"${filterCmd}`);
+    const filterCmd = filter ? ` | grep -i ${shellEscape(filter)}` : '';
+    return await run(`tail -n ${lines} ${shellEscape(source)}${filterCmd}`);
   },
 };

package/src/tools/network.js

@@ -1,14 +1,6 @@
-import { exec } from 'child_process';
-import { platform } from 'os';
-
-function run(cmd, timeout = 15000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
+import { shellRun, shellEscape } from '../utils/shell.js';
+
+const run = (cmd, timeout = 15000) => shellRun(cmd, timeout);
 
 export const definitions = [
   {
@@ -47,10 +39,11 @@ export const definitions = [
 export const handlers = {
   check_port: async (params) => {
     const host = params.host || 'localhost';
-    const { port } = params;
+    const port = parseInt(params.port, 10);
+    if (!Number.isFinite(port) || port <= 0 || port > 65535) return { error: 'Invalid port number' };
 
     // Use nc (netcat) for port check — works on both macOS and Linux
-    const result = await run(`nc -z -w 3 ${host} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
+    const result = await run(`nc -z -w 3 ${shellEscape(host)} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
 
     if (result.error) {
       return { port, host, status: 'closed', detail: result.error };
@@ -63,19 +56,19 @@ export const handlers = {
   curl_url: async (params) => {
     const { url, method = 'GET', headers, body } = params;
 
-    let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${method}`;
+    let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${shellEscape(method)}`;
 
     if (headers) {
       for (const [key, val] of Object.entries(headers)) {
-        cmd += ` -H "${key}: ${val}"`;
+        cmd += ` -H ${shellEscape(`${key}: ${val}`)}`;
       }
     }
 
     if (body) {
-      cmd += ` -d '${body.replace(/'/g, "'\\''")}'`;
+      cmd += ` -d ${shellEscape(body)}`;
     }
 
-    cmd += ` "${url}"`;
+    cmd += ` ${shellEscape(url)}`;
 
     const result = await run(cmd);