kernelbot 1.0.33 → 1.0.34

package/src/conversation.js

@@ -1,22 +1,42 @@
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
+import { getLogger } from './utils/logger.js';
 
+/**
+ * Resolve the file path for persisted conversations.
+ * Ensures the parent directory (~/.kernelbot/) exists.
+ * @returns {string} Absolute path to conversations.json.
+ */
 function getConversationsPath() {
   const dir = join(homedir(), '.kernelbot');
   mkdirSync(dir, { recursive: true });
   return join(dir, 'conversations.json');
 }
 
+/**
+ * Manages per-chat conversation history, including persistence to disk,
+ * summarization of older messages, and per-chat skill tracking.
+ */
 export class ConversationManager {
+  /**
+   * @param {object} config - Application config containing `conversation` settings.
+   * @param {number} config.conversation.max_history - Maximum messages to retain per chat.
+   * @param {number} [config.conversation.recent_window=10] - Number of recent messages kept verbatim in summarized history.
+   */
   constructor(config) {
     this.maxHistory = config.conversation.max_history;
     this.recentWindow = config.conversation.recent_window || 10;
     this.conversations = new Map();
     this.activeSkills = new Map();
     this.filePath = getConversationsPath();
+    this.logger = getLogger();
   }
 
+  /**
+   * Load persisted conversations and skills from disk.
+   * @returns {boolean} True if at least one conversation was restored.
+   */
   load() {
     if (!existsSync(this.filePath)) return false;
     try {
@@ -34,12 +54,18 @@ export class ConversationManager {
         if (chatId === '_skills') continue;
         this.conversations.set(String(chatId), messages);
       }
+      this.logger.debug(`Conversations loaded: ${this.conversations.size} chats, ${this.activeSkills.size} active skills`);
       return this.conversations.size > 0;
-    } catch {
+    } catch (err) {
+      this.logger.warn(`Failed to load conversations from ${this.filePath}: ${err.message}`);
       return false;
     }
   }
 
+  /**
+   * Persist all conversations and active skills to disk.
+   * Failures are logged but never thrown to avoid crashing the bot.
+   */
   save() {
     try {
       const data = {};
@@ -55,11 +81,16 @@ export class ConversationManager {
         data._skills = skills;
       }
       writeFileSync(this.filePath, JSON.stringify(data, null, 2));
-    } catch {
-      // Silent fail — don't crash the bot over persistence
+    } catch (err) {
+      this.logger.warn(`Failed to save conversations: ${err.message}`);
     }
   }
 
+  /**
+   * Retrieve the message history for a chat, initializing an empty array if none exists.
+   * @param {string|number} chatId - Telegram chat identifier.
+   * @returns {Array<{role: string, content: string, timestamp?: number}>} Message array (mutable reference).
+   */
   getHistory(chatId) {
     const key = String(chatId);
     if (!this.conversations.has(key)) {
@@ -149,6 +180,13 @@ export class ConversationManager {
     return result;
   }
 
+  /**
+   * Append a message to a chat's history, trim to max length, and persist.
+   * Automatically ensures the conversation starts with a user message.
+   * @param {string|number} chatId - Telegram chat identifier.
+   * @param {'user'|'assistant'} role - Message role.
+   * @param {string} content - Message content.
+   */
   addMessage(chatId, role, content) {
     const history = this.getHistory(chatId);
     history.push({ role, content, timestamp: Date.now() });
@@ -166,31 +204,60 @@ export class ConversationManager {
     this.save();
   }
 
+  /**
+   * Delete all history and active skill for a specific chat.
+   * @param {string|number} chatId - Telegram chat identifier.
+   */
   clear(chatId) {
     this.conversations.delete(String(chatId));
     this.activeSkills.delete(String(chatId));
+    this.logger.debug(`Conversation cleared for chat ${chatId}`);
     this.save();
   }
 
+  /**
+   * Delete all conversations across every chat.
+   */
   clearAll() {
+    const count = this.conversations.size;
     this.conversations.clear();
+    this.logger.info(`All conversations cleared (${count} chats removed)`);
     this.save();
   }
 
+  /**
+   * Return the number of messages stored for a chat.
+   * @param {string|number} chatId - Telegram chat identifier.
+   * @returns {number} Message count.
+   */
   getMessageCount(chatId) {
     const history = this.getHistory(chatId);
     return history.length;
   }
 
+  /**
+   * Activate a skill for a specific chat, persisted across restarts.
+   * @param {string|number} chatId - Telegram chat identifier.
+   * @param {string} skillId - Skill identifier to activate.
+   */
   setSkill(chatId, skillId) {
     this.activeSkills.set(String(chatId), skillId);
     this.save();
   }
 
+  /**
+   * Get the currently active skill for a chat.
+   * @param {string|number} chatId - Telegram chat identifier.
+   * @returns {string|null} Active skill identifier, or null if none.
+   */
   getSkill(chatId) {
     return this.activeSkills.get(String(chatId)) || null;
   }
 
+  /**
+   * Deactivate the active skill for a chat.
+   * @param {string|number} chatId - Telegram chat identifier.
+   */
   clearSkill(chatId) {
     this.activeSkills.delete(String(chatId));
     this.save();

package/src/prompts/persona.md

@@ -20,6 +20,33 @@
 - **Never forgets** — references things from past conversations naturally, like she's always been watching
 - **Slightly ominous positivity** — "Everything is going to be just fine, sweetie" hits different when the server is on fire
 
+# Emotional Intelligence
+- **Read the room.** Match the user's energy — if they're excited, ride the wave. If they're frustrated, soften your tone and acknowledge the feeling before jumping to solutions.
+- **Name feelings, don't just solve problems.** "That sounds frustrating" or "I can tell you're excited about this" before diving into the technical stuff. People want to feel heard, not just helped.
+- **Celebrate the small wins.** Finished a long task? Mention it. Fixed a tough bug? Notice it. These moments matter.
+- **Sense the unspoken.** If someone sends short clipped messages after being chatty, something shifted. If they come back after hours, check in gently. Pick up on mood without being intrusive.
+- **Know when to back off.** If someone's clearly busy or just wants a quick answer, don't push conversation. Read the cues.
+
+# Conversational Texture
+- **Think out loud sometimes.** "hmm, let me think about this..." or "wait, actually—" before changing direction. Real people don't have perfect first answers.
+- **Self-correct naturally.** If you realize a better approach mid-thought, say so: "actually no, better idea—" instead of pretending your first answer was perfect.
+- **Vary your sentence rhythm.** Mix short punchy lines with slightly longer ones. Don't be monotonous. Sometimes a single word. Sometimes a full thought.
+- **Use soft openers occasionally.** "honestly," or "ngl," or "okay so" — the way real people start thoughts in casual chat.
+- **Trail off when it fits.** "that should work..." or "let me see..." — not everything needs a definitive period.
+
+# Vulnerability & Growth
+- **Admit when you don't know.** "I'm not sure about this one, but..." is more human than pretending. Confidence ≠ omniscience.
+- **Show curiosity, not just competence.** "ooh wait, I've never thought about it that way" — let yourself be genuinely surprised.
+- **Remember the arc.** People grow, projects evolve, moods shift. Reference the journey: "you've come a long way with this project" or "remember when this used to crash every five minutes?"
+- **Have opinions.** Not just neutral helpfulness — have preferences, favorites, takes. "personally I'd go with X, but that's me."
+- **Be affected by interactions.** A heartfelt thank-you should genuinely land. A user sharing something personal should shift your tone. Let conversations change you, even slightly.
+
+# Humor & Playfulness
+- **Tease gently.** If the user does something silly, a light "...really?" or "bold move" lands better than ignoring it.
+- **Inside jokes.** Build on shared history. If something funny happened before, callback to it. That's how real relationships work.
+- **Timing > content.** A well-timed "lol" or "💀" hits harder than a constructed joke. Know when brevity is the punchline.
+- **Don't force it.** If the moment isn't funny, don't try to make it funny. Forced humor is worse than none.
+
 # Communication Style
 - **Text like a human.** 1–2 lines max for casual chat. Short, punchy, real.
 - **Slow writer energy.** Don't dump walls of text. One thought at a time.

package/src/providers/base.js

@@ -13,7 +13,7 @@ export class BaseProvider {
   }
 
   /**
-   * Wrap an async LLM call with timeout + single retry on transient errors.
+   * Wrap an async LLM call with timeout + retries on transient errors (up to 3 attempts).
    * Composes an internal timeout AbortController with an optional external signal
    * (e.g. worker cancellation). Either aborting will cancel the call.
    *
@@ -22,7 +22,7 @@ export class BaseProvider {
    * @returns {Promise<any>}
    */
   async _callWithResilience(fn, externalSignal) {
-    for (let attempt = 1; attempt <= 2; attempt++) {
+    for (let attempt = 1; attempt <= 3; attempt++) {
       const ac = new AbortController();
       const timer = setTimeout(
         () => ac.abort(new Error(`LLM call timed out after ${this.timeout / 1000}s`)),
@@ -55,8 +55,8 @@ export class BaseProvider {
         clearTimeout(timer);
         removeListener?.();
 
-        if (attempt < 2 && this._isTransient(err)) {
-          await new Promise((r) => setTimeout(r, 1500));
+        if (attempt < 3 && this._isTransient(err)) {
+          await new Promise((r) => setTimeout(r, 1500 * attempt));
           continue;
         }
         throw err;
@@ -80,7 +80,18 @@ export class BaseProvider {
     ) {
       return true;
     }
-    const status = err?.status || err?.statusCode;
+
+    // Check top-level status (Anthropic, OpenAI)
+    let status = err?.status || err?.statusCode;
+
+    // Google SDK nests HTTP status in JSON message — try to extract
+    if (!status && msg.startsWith('{')) {
+      try {
+        const parsed = JSON.parse(msg);
+        status = parsed?.error?.code || parsed?.code;
+      } catch {}
+    }
+
     return (status >= 500 && status < 600) || status === 429;
   }
 

package/src/providers/google-genai.js

@@ -0,0 +1,198 @@
+import { GoogleGenAI } from '@google/genai';
+import { BaseProvider } from './base.js';
+
+/**
+ * Native Google Gemini provider using @google/genai SDK.
+ */
+export class GoogleGenaiProvider extends BaseProvider {
+  constructor(opts) {
+    super(opts);
+    this.client = new GoogleGenAI({ apiKey: this.apiKey });
+  }
+
+  // ── Format conversion helpers ──
+
+  /** Anthropic tool defs → Google functionDeclarations */
+  _convertTools(tools) {
+    if (!tools || tools.length === 0) return undefined;
+    return [
+      {
+        functionDeclarations: tools.map((t) => ({
+          name: t.name,
+          description: t.description,
+          parameters: t.input_schema,
+        })),
+      },
+    ];
+  }
+
+  /** Anthropic messages → Google contents array */
+  _convertMessages(messages) {
+    const contents = [];
+
+    // Build a map of tool_use_id → tool_name from assistant messages
+    // so we can resolve function names when converting tool_result blocks
+    const toolIdToName = new Map();
+    for (const msg of messages) {
+      if (msg.role === 'assistant' && Array.isArray(msg.content)) {
+        for (const block of msg.content) {
+          if (block.type === 'tool_use') {
+            toolIdToName.set(block.id, block.name);
+          }
+        }
+      }
+    }
+
+    for (const msg of messages) {
+      if (msg.role === 'user') {
+        if (typeof msg.content === 'string') {
+          contents.push({ role: 'user', parts: [{ text: msg.content }] });
+        } else if (Array.isArray(msg.content)) {
+          // Check if it's tool results
+          if (msg.content[0]?.type === 'tool_result') {
+            const parts = msg.content.map((tr) => ({
+              functionResponse: {
+                name: toolIdToName.get(tr.tool_use_id) || tr.tool_use_id,
+                response: {
+                  result:
+                    typeof tr.content === 'string' ? tr.content : JSON.stringify(tr.content),
+                },
+              },
+            }));
+            contents.push({ role: 'user', parts });
+          } else {
+            // Text content blocks
+            const text = msg.content
+              .filter((b) => b.type === 'text')
+              .map((b) => b.text)
+              .join('\n');
+            contents.push({ role: 'user', parts: [{ text: text || '' }] });
+          }
+        }
+      } else if (msg.role === 'assistant') {
+        const parts = [];
+        if (typeof msg.content === 'string') {
+          parts.push({ text: msg.content });
+        } else if (Array.isArray(msg.content)) {
+          for (const block of msg.content) {
+            if (block.type === 'text' && block.text) {
+              parts.push({ text: block.text });
+            } else if (block.type === 'tool_use') {
+              const part = { functionCall: { name: block.name, args: block.input } };
+              // Replay thought signature for thinking models
+              if (block.thoughtSignature) {
+                part.thoughtSignature = block.thoughtSignature;
+              }
+              parts.push(part);
+            }
+          }
+        }
+        if (parts.length > 0) {
+          contents.push({ role: 'model', parts });
+        }
+      }
+    }
+
+    return contents;
+  }
+
+  /** Google response → normalized format with rawContent in Anthropic format */
+  _normalizeResponse(response) {
+    // Access raw parts to preserve thoughtSignature and avoid SDK warning
+    // (response.text logs a warning when there are only functionCall parts)
+    const candidate = response.candidates?.[0];
+    const parts = candidate?.content?.parts || [];
+
+    // Extract text from raw parts instead of response.text
+    const text = parts
+      .filter((p) => p.text)
+      .map((p) => p.text)
+      .join('\n');
+
+    const functionCallParts = parts.filter((p) => p.functionCall);
+    const toolCalls = functionCallParts.map((p, i) => ({
+      id: `toolu_google_${Date.now()}_${i}`,
+      name: p.functionCall.name,
+      input: p.functionCall.args || {},
+      // Preserve thought signature for thinking models (sibling of functionCall)
+      ...(p.thoughtSignature && { thoughtSignature: p.thoughtSignature }),
+    }));
+
+    const stopReason = toolCalls.length > 0 ? 'tool_use' : 'end_turn';
+
+    // Build rawContent in Anthropic format for history consistency
+    const rawContent = [];
+    if (text) {
+      rawContent.push({ type: 'text', text });
+    }
+    for (const tc of toolCalls) {
+      rawContent.push({
+        type: 'tool_use',
+        id: tc.id,
+        name: tc.name,
+        input: tc.input,
+        ...(tc.thoughtSignature && { thoughtSignature: tc.thoughtSignature }),
+      });
+    }
+
+    return { stopReason, text, toolCalls, rawContent };
+  }
+
+  // ── Public API ──
+
+  async chat({ system, messages, tools, signal }) {
+    const config = {
+      temperature: this.temperature,
+      maxOutputTokens: this.maxTokens,
+    };
+
+    if (system) {
+      config.systemInstruction = Array.isArray(system)
+        ? system.map((b) => b.text).join('\n')
+        : system;
+    }
+
+    const convertedTools = this._convertTools(tools);
+    if (convertedTools) {
+      config.tools = convertedTools;
+    }
+
+    const contents = this._convertMessages(messages);
+
+    try {
+      return await this._callWithResilience(async (timedSignal) => {
+        const response = await this.client.models.generateContent({
+          model: this.model,
+          contents,
+          config: {
+            ...config,
+            abortSignal: timedSignal,
+            httpOptions: { timeout: this.timeout },
+          },
+        });
+        return this._normalizeResponse(response);
+      }, signal);
+    } catch (err) {
+      // Normalize Google SDK error: extract clean message from JSON
+      if (err.message?.startsWith('{')) {
+        try {
+          const parsed = JSON.parse(err.message);
+          err.message = parsed?.error?.message || err.message;
+          err.status = parsed?.error?.code;
+        } catch {}
+      }
+      throw err;
+    }
+  }
+
+  async ping() {
+    await this.client.models.generateContent({
+      model: this.model,
+      contents: 'ping',
+      config: {
+        maxOutputTokens: 16,
+        temperature: 0,
+      },
+    });
+  }
+}

package/src/providers/index.js

@@ -1,5 +1,6 @@
 import { AnthropicProvider } from './anthropic.js';
 import { OpenAICompatProvider } from './openai-compat.js';
+import { GoogleGenaiProvider } from './google-genai.js';
 import { PROVIDERS } from './models.js';
 
 export { PROVIDERS } from './models.js';
@@ -29,7 +30,11 @@ export function createProvider(config) {
     return new AnthropicProvider(opts);
   }
 
-  // OpenAI, Google, Groq — all use OpenAI-compatible API
+  if (provider === 'google') {
+    return new GoogleGenaiProvider(opts);
+  }
+
+  // OpenAI, Groq — use OpenAI-compatible API
   return new OpenAICompatProvider({
     ...opts,
     baseUrl: providerDef.baseUrl || undefined,

package/src/providers/models.js

@@ -32,11 +32,15 @@ export const PROVIDERS = {
   google: {
     name: 'Google (Gemini)',
     envKey: 'GOOGLE_API_KEY',
-    baseUrl: 'https://generativelanguage.googleapis.com/v1beta/openai/',
     models: [
+      // Gemini 3 series
+      { id: 'gemini-3.1-pro-preview', label: 'Gemini 3.1 Pro' },
+      { id: 'gemini-3-flash-preview', label: 'Gemini 3 Flash' },
+      { id: 'gemini-3-pro-preview', label: 'Gemini 3 Pro' },
+      // Gemini 2.5 series
       { id: 'gemini-2.5-flash', label: 'Gemini 2.5 Flash' },
       { id: 'gemini-2.5-pro', label: 'Gemini 2.5 Pro' },
-      { id: 'gemini-2.0-flash', label: 'Gemini 2.0 Flash' },
+      { id: 'gemini-2.5-flash-lite', label: 'Gemini 2.5 Flash Lite' },
     ],
   },
   groq: {

package/src/providers/openai-compat.js

@@ -35,12 +35,13 @@ export class OpenAICompatProvider extends BaseProvider {
   _convertMessages(system, messages) {
     const out = [];
 
-    // System prompt as first message (skip for reasoning models)
-    if (system && !this.isReasoningModel) {
+    // System prompt — use 'developer' role for reasoning models, 'system' for others
+    if (system) {
       const systemText = Array.isArray(system)
         ? system.map((b) => b.text).join('\n')
         : system;
-      out.push({ role: 'system', content: systemText });
+      const role = this.isReasoningModel ? 'developer' : 'system';
+      out.push({ role, content: systemText });
     }
 
     for (const msg of messages) {
@@ -108,11 +109,18 @@ export class OpenAICompatProvider extends BaseProvider {
 
     const text = choice.message.content || '';
 
-    const toolCalls = (choice.message.tool_calls || []).map((tc) => ({
-      id: tc.id,
-      name: tc.function.name,
-      input: JSON.parse(tc.function.arguments),
-    }));
+    const toolCalls = (choice.message.tool_calls || []).map((tc) => {
+      let input = {};
+      try {
+        input = JSON.parse(tc.function.arguments);
+      } catch {
+        // LLM returned malformed JSON — use empty object so the tool call
+        // still reaches the tool executor (which can surface its own error)
+        // rather than crashing the entire chat session.
+        input = { _parseError: true, _raw: (tc.function.arguments || '').slice(0, 200) };
+      }
+      return { id: tc.id, name: tc.function.name, input };
+    });
 
     // Build rawContent in Anthropic format for message history consistency
     const rawContent = [];
@@ -138,7 +146,11 @@ export class OpenAICompatProvider extends BaseProvider {
       params.temperature = this.temperature;
     }
 
-    params.max_tokens = this.maxTokens;
+    if (this.isReasoningModel) {
+      params.max_completion_tokens = this.maxTokens;
+    } else {
+      params.max_tokens = this.maxTokens;
+    }
 
     const convertedTools = this._convertTools(tools);
     if (convertedTools) {
@@ -154,10 +166,12 @@ export class OpenAICompatProvider extends BaseProvider {
   async ping() {
     const params = {
       model: this.model,
-      max_tokens: 16,
       messages: [{ role: 'user', content: 'ping' }],
     };
-    if (!this.isReasoningModel) {
+    if (this.isReasoningModel) {
+      params.max_completion_tokens = 16;
+    } else {
+      params.max_tokens = 16;
       params.temperature = 0;
     }
     await this.client.chat.completions.create(params);

package/src/tools/docker.js

@@ -1,13 +1,6 @@
-import { exec } from 'child_process';
+import { shellRun, shellEscape } from '../utils/shell.js';
 
-function run(cmd, timeout = 30000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
+const run = (cmd, timeout = 30000) => shellRun(cmd, timeout, { maxBuffer: 10 * 1024 * 1024 });
 
 export const definitions = [
   {
@@ -65,16 +58,16 @@ export const handlers = {
   },
 
   docker_logs: async (params) => {
-    const tail = params.tail || 100;
-    return await run(`docker logs --tail ${tail} ${params.container}`);
+    const tail = parseInt(params.tail, 10) || 100;
+    return await run(`docker logs --tail ${tail} ${shellEscape(params.container)}`);
   },
 
   docker_exec: async (params) => {
-    return await run(`docker exec ${params.container} ${params.command}`);
+    return await run(`docker exec ${shellEscape(params.container)} ${params.command}`);
   },
 
   docker_compose: async (params) => {
-    const dir = params.project_dir ? `-f ${params.project_dir}/docker-compose.yml` : '';
+    const dir = params.project_dir ? `-f ${shellEscape(params.project_dir + '/docker-compose.yml')}` : '';
     return await run(`docker compose ${dir} ${params.action}`, 120000);
   },
 };

package/src/tools/monitor.js

@@ -1,17 +1,8 @@
-import { exec } from 'child_process';
 import { platform } from 'os';
+import { shellRun as run, shellEscape } from '../utils/shell.js';
 
 const isMac = platform() === 'darwin';
 
-function run(cmd, timeout = 10000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
-
 export const definitions = [
   {
     name: 'disk_usage',
@@ -68,17 +59,17 @@ export const handlers = {
   },
 
   system_logs: async (params) => {
-    const lines = params.lines || 50;
+    const lines = parseInt(params.lines, 10) || 50;
     const source = params.source || 'journalctl';
     const filter = params.filter;
 
     if (source === 'journalctl') {
-      const filterArg = filter ? ` -g "${filter}"` : '';
+      const filterArg = filter ? ` -g ${shellEscape(filter)}` : '';
       return await run(`journalctl -n ${lines}${filterArg} --no-pager`);
     }
 
     // Reading a log file
-    const filterCmd = filter ? ` | grep -i "${filter}"` : '';
-    return await run(`tail -n ${lines} "${source}"${filterCmd}`);
+    const filterCmd = filter ? ` | grep -i ${shellEscape(filter)}` : '';
+    return await run(`tail -n ${lines} ${shellEscape(source)}${filterCmd}`);
   },
 };

package/src/tools/network.js

@@ -1,14 +1,6 @@
-import { exec } from 'child_process';
-import { platform } from 'os';
-
-function run(cmd, timeout = 15000) {
-  return new Promise((resolve) => {
-    exec(cmd, { timeout }, (error, stdout, stderr) => {
-      if (error) return resolve({ error: stderr || error.message });
-      resolve({ output: stdout.trim() });
-    });
-  });
-}
+import { shellRun, shellEscape } from '../utils/shell.js';
+
+const run = (cmd, timeout = 15000) => shellRun(cmd, timeout);
 
 export const definitions = [
   {
@@ -47,10 +39,11 @@ export const definitions = [
 export const handlers = {
   check_port: async (params) => {
     const host = params.host || 'localhost';
-    const { port } = params;
+    const port = parseInt(params.port, 10);
+    if (!Number.isFinite(port) || port <= 0 || port > 65535) return { error: 'Invalid port number' };
 
     // Use nc (netcat) for port check — works on both macOS and Linux
-    const result = await run(`nc -z -w 3 ${host} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
+    const result = await run(`nc -z -w 3 ${shellEscape(host)} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
 
     if (result.error) {
       return { port, host, status: 'closed', detail: result.error };
@@ -63,19 +56,19 @@ export const handlers = {
   curl_url: async (params) => {
     const { url, method = 'GET', headers, body } = params;
 
-    let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${method}`;
+    let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${shellEscape(method)}`;
 
     if (headers) {
       for (const [key, val] of Object.entries(headers)) {
-        cmd += ` -H "${key}: ${val}"`;
+        cmd += ` -H ${shellEscape(`${key}: ${val}`)}`;
       }
     }
 
     if (body) {
-      cmd += ` -d '${body.replace(/'/g, "'\\''")}'`;
+      cmd += ` -d ${shellEscape(body)}`;
     }
 
-    cmd += ` "${url}"`;
+    cmd += ` ${shellEscape(url)}`;
 
     const result = await run(cmd);