kernelbot 1.0.39 → 1.0.40

package/src/tools/git.js

@@ -10,22 +10,29 @@ function getWorkspaceDir(config) {
   return dir;
 }
 
-function injectToken(url, config) {
+/**
+ * Get the auth header value for GitHub HTTPS operations.
+ * Uses extraheader instead of embedding credentials in the URL,
+ * preventing token leaks in git remote -v, error messages, and process listings.
+ */
+function getGitAuthEnv(config) {
   const token = config.github?.token || process.env.GITHUB_TOKEN;
-  if (!token) return url;
+  if (!token) return null;
+  const base64 = Buffer.from(`x-access-token:${token}`).toString('base64');
+  return `AUTHORIZATION: basic ${base64}`;
+}
 
-  // Inject token into HTTPS GitHub URLs for auth-free push/pull
-  try {
-    const parsed = new URL(url);
-    if (parsed.hostname === 'github.com' && parsed.protocol === 'https:') {
-      parsed.username = token;
-      parsed.password = 'x-oauth-basic';
-      return parsed.toString();
-    }
-  } catch {
-    // Not a parseable URL (e.g. org/repo shorthand before expansion)
+/**
+ * Configure a simple-git instance with auth via extraheader (not URL embedding).
+ */
+function configureGitAuth(git, config) {
+  const authHeader = getGitAuthEnv(config);
+  if (authHeader) {
+    git.env('GIT_CONFIG_COUNT', '1');
+    git.env('GIT_CONFIG_KEY_0', 'http.extraheader');
+    git.env('GIT_CONFIG_VALUE_0', authHeader);
   }
-  return url;
+  return git;
 }
 
 export const definitions = [
@@ -107,15 +114,19 @@ export const handlers = {
       url = `https://github.com/${repo}.git`;
     }
 
-    // Inject GitHub token for authenticated clone (enables push later)
-    const authUrl = injectToken(url, context.config);
-
     const repoName = dest || repo.split('/').pop().replace('.git', '');
+    // Prevent path traversal — dest must not escape workspace directory
+    if (repoName.includes('..') || repoName.startsWith('/')) {
+      return { error: 'Invalid destination: path traversal is not allowed' };
+    }
     const targetDir = join(workspaceDir, repoName);
+    if (!targetDir.startsWith(workspaceDir)) {
+      return { error: 'Invalid destination: path escapes workspace directory' };
+    }
 
     try {
-      const git = simpleGit();
-      await git.clone(authUrl, targetDir);
+      const git = configureGitAuth(simpleGit(), context.config);
+      await git.clone(url, targetDir);
       return { success: true, path: targetDir };
     } catch (err) {
       getLogger().error(`git_clone failed for ${params.repo}: ${err.message}`);
@@ -155,17 +166,8 @@ export const handlers = {
   git_push: async (params, context) => {
     const { dir, force = false } = params;
     try {
-      const git = simpleGit(dir);
-
-      // Ensure remote URL has auth token for push
-      const remotes = await git.getRemotes(true);
-      const origin = remotes.find((r) => r.name === 'origin');
-      if (origin) {
-        const authUrl = injectToken(origin.refs.push || origin.refs.fetch, context.config);
-        if (authUrl !== (origin.refs.push || origin.refs.fetch)) {
-          await git.remote(['set-url', 'origin', authUrl]);
-        }
-      }
+      // Use extraheader auth instead of modifying remote URLs
+      const git = configureGitAuth(simpleGit(dir), context.config);
 
       const branch = (await git.branchLocal()).current;
       const options = ['-u'];

package/src/tools/jira.js

@@ -186,7 +186,11 @@ export const handlers = {
       const client = getJiraClient(context.config);
       const assignee = params.assignee || 'currentUser()';
       const maxResults = params.max_results || 20;
-      const jql = `assignee = ${assignee} ORDER BY updated DESC`;
+      // Sanitize assignee to prevent JQL injection — allow currentUser() or quote the value
+      const safeAssignee = assignee === 'currentUser()'
+        ? 'currentUser()'
+        : `"${assignee.replace(/["\\]/g, '')}"`;
+      const jql = `assignee = ${safeAssignee} ORDER BY updated DESC`;
 
       const { data } = await client.get('/search', {
         params: {
@@ -215,7 +219,12 @@ export const handlers = {
     try {
       const client = getJiraClient(context.config);
       const maxResults = params.max_results || 20;
-      const jql = `project = ${params.project_key} ORDER BY updated DESC`;
+      // Sanitize project_key to prevent JQL injection — only allow alphanumeric and underscore
+      const safeProjectKey = params.project_key.replace(/[^a-zA-Z0-9_]/g, '');
+      if (safeProjectKey !== params.project_key) {
+        return { error: `Invalid project key: "${params.project_key}". Only alphanumeric characters and underscores are allowed.` };
+      }
+      const jql = `project = "${safeProjectKey}" ORDER BY updated DESC`;
 
       const { data } = await client.get('/search', {
         params: {

package/src/tools/monitor.js

@@ -75,7 +75,15 @@ export const handlers = {
       return await run(`journalctl -n ${finalLines}${filterArg} --no-pager`);
     }
 
-    // Reading a log file
+    // Reading a log file — restrict to known safe directories
+    const { resolve: resolvePath } = await import('path');
+    const resolvedSource = resolvePath(source);
+    const ALLOWED_LOG_DIRS = ['/var/log', process.cwd(), process.env.HOME || ''];
+    const isAllowed = ALLOWED_LOG_DIRS.some(dir => dir && resolvedSource.startsWith(dir));
+    if (!isAllowed) {
+      return { error: `Blocked: log source must be within /var/log, the project directory, or home directory` };
+    }
+
     const filterCmd = filter ? ` | grep -i ${shellEscape(filter)}` : '';
     return await run(`tail -n ${finalLines} ${shellEscape(source)}${filterCmd}`);
   },

package/src/tools/network.js

@@ -37,6 +37,25 @@ export const definitions = [
   },
 ];
 
+// SSRF protection: block requests to internal/cloud metadata addresses
+const BLOCKED_HOSTS = [
+  /^127\./,
+  /^10\./,
+  /^172\.(1[6-9]|2\d|3[01])\./,
+  /^192\.168\./,
+  /^169\.254\./,       // AWS/cloud metadata endpoint
+  /^0\./,
+  /^localhost$/i,
+  /^metadata\.google\.internal$/i,
+  /^\[::1\]$/,
+  /^\[fd/i,            // IPv6 private
+  /^\[fe80:/i,         // IPv6 link-local
+];
+
+function isBlockedHost(host) {
+  return BLOCKED_HOSTS.some(pattern => pattern.test(host));
+}
+
 export const handlers = {
   check_port: async (params) => {
     const logger = getLogger();
@@ -44,6 +63,11 @@ export const handlers = {
     const port = parseInt(params.port, 10);
     if (!Number.isFinite(port) || port <= 0 || port > 65535) return { error: 'Invalid port number' };
 
+    // SSRF protection: block internal network probing
+    if (host !== 'localhost' && isBlockedHost(host)) {
+      return { error: 'Blocked: cannot probe internal or cloud metadata addresses' };
+    }
+
     logger.debug(`check_port: checking ${host}:${port}`);
     // Use nc (netcat) for port check — works on both macOS and Linux
     const result = await run(`nc -z -w 3 ${shellEscape(host)} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
@@ -60,6 +84,16 @@ export const handlers = {
   curl_url: async (params) => {
     const { url, method = 'GET', headers, body } = params;
 
+    // SSRF protection: block requests to internal networks and cloud metadata
+    try {
+      const parsed = new URL(url);
+      if (isBlockedHost(parsed.hostname)) {
+        return { error: 'Blocked: cannot access internal or cloud metadata addresses' };
+      }
+    } catch {
+      return { error: 'Invalid URL' };
+    }
+
     let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${shellEscape(method)}`;
 
     if (headers) {

package/src/tools/orchestrator-tools.js

@@ -770,7 +770,8 @@ export async function executeOrchestratorTool(name, input, context) {
       if (!conversationManager) return { error: 'Conversation system not available.' };
 
       const { query, chat_id } = input;
-      const targetChatId = chat_id || chatId;
+      // Prevent cross-chat history access — only allow searching own chat
+      const targetChatId = chatId;
       logger.info(`[search_conversations] Searching chat ${targetChatId} for: "${query}"`);
 
       const history = conversationManager.getHistory(targetChatId);

package/src/tools/os.js

@@ -137,12 +137,26 @@ export const handlers = {
     const { config } = context;
     const blockedPaths = config.security?.blocked_paths || [];
 
-    // Simple check: if the command references a blocked path, reject
-    for (const bp of blockedPaths) {
-      const expanded = expandPath(bp);
-      if (command.includes(expanded)) {
-        logger.warn(`execute_command blocked: command references restricted path ${bp}`);
-        return { error: `Blocked: command references restricted path ${bp}` };
+    // Tokenize the command to extract all path-like arguments, then resolve
+    // each one and check against blocked paths. This prevents bypasses via
+    // shell operators (&&, |, ;), quoting, or subshells.
+    const shellTokens = command.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g) || [];
+    for (const token of shellTokens) {
+      // Strip surrounding quotes
+      const cleaned = token.replace(/^["']|["']$/g, '');
+      // Skip tokens that look like flags or shell operators
+      if (/^[-|;&<>]/.test(cleaned) || cleaned.length === 0) continue;
+      try {
+        const resolved = expandPath(cleaned);
+        for (const bp of blockedPaths) {
+          const expandedBp = expandPath(bp);
+          if (resolved.startsWith(expandedBp) || resolved === expandedBp) {
+            logger.warn(`execute_command blocked: argument "${cleaned}" references restricted path ${bp}`);
+            return { error: `Blocked: command references restricted path ${bp}` };
+          }
+        }
+      } catch {
+        // Not a valid path — skip
       }
     }
 

package/src/utils/config.js

@@ -38,7 +38,7 @@ const DEFAULTS = {
   claude_code: {
     model: 'claude-opus-4-6',
     max_turns: 50,
-    timeout_seconds: 600,
+    timeout_seconds: 86400,
     workspace_dir: null, // defaults to ~/.kernelbot/workspaces
     auth_mode: 'system', // system | api_key | oauth_token
   },

package/src/utils/display.js

@@ -121,7 +121,7 @@ export function showCharacterCard(character, isActive = false) {
     ...(art ? art.split("\n").map((line) => chalk.cyan(line)) : []),
     "",
     chalk.dim(`Origin: ${character.origin || "Unknown"}`),
-    chalk.dim(`Style: ${character.age || "Unknown"}`),
+    chalk.dim(`Age: ${character.age || "Unknown"}`),
   ].join("\n");
 
   console.log(

package/src/utils/logger.js

@@ -16,7 +16,7 @@ export function createLogger(config) {
         format: winston.format.combine(
           winston.format.colorize(),
           winston.format.printf(({ level, message, timestamp }) => {
-            return `[KernelBot] ${level}: ${message}`;
+            return `${timestamp} [KernelBot] ${level}: ${message}`;
           }),
         ),
       }),

package/src/utils/timeAwareness.js

@@ -0,0 +1,72 @@
+/**
+ * Time Awareness Utility — Riyadh-local helpers.
+ *
+ * Provides timezone-aware helpers anchored to Asia/Riyadh so that
+ * automated tasks can respect the user's real-world schedule.
+ *
+ * Quiet hours (02:00 – 10:00 Riyadh time) are intentionally wider than
+ * the generic defaults in timeUtils.js because the owner fasts during
+ * Ramadan and typically sleeps through the early-morning hours.
+ *
+ * @module utils/timeAwareness
+ */
+
+const TIMEZONE = 'Asia/Riyadh';
+const QUIET_START_HOUR = 2;
+const QUIET_END_HOUR = 10;
+
+/**
+ * Return the current date/time in the Asia/Riyadh timezone.
+ *
+ * The returned object contains the full ISO-style formatted string,
+ * the numeric hour (0-23), and the raw Date for further processing.
+ *
+ * @returns {{ formatted: string, hour: number, date: Date }}
+ */
+export function getCurrentRiyadhTime() {
+  const now = new Date();
+
+  const formatted = now.toLocaleString('en-US', {
+    weekday: 'long',
+    year: 'numeric',
+    month: 'long',
+    day: 'numeric',
+    hour: '2-digit',
+    minute: '2-digit',
+    second: '2-digit',
+    hour12: true,
+    timeZone: TIMEZONE,
+  });
+
+  const hourParts = new Intl.DateTimeFormat('en-US', {
+    hour: 'numeric',
+    hour12: false,
+    timeZone: TIMEZONE,
+  }).formatToParts(now);
+
+  const hour = parseInt(
+    hourParts.find((p) => p.type === 'hour')?.value || '0',
+    10,
+  );
+
+  return { formatted, hour, date: now };
+}
+
+/**
+ * Check whether the current Riyadh time falls within quiet hours.
+ *
+ * Quiet hours are defined as **02:00 – 10:00 (Asia/Riyadh)** to
+ * respect the user's sleep schedule during Ramadan fasting, when
+ * they tend to sleep through the early-morning period.
+ *
+ * Automated tasks (notifications, self-improvement PRs, noisy jobs)
+ * should check this flag and defer non-urgent work until after the
+ * quiet window closes.
+ *
+ * @returns {boolean} `true` when the current Riyadh time is between
+ *   02:00 and 10:00 (inclusive start, exclusive end).
+ */
+export function isQuietHours() {
+  const { hour } = getCurrentRiyadhTime();
+  return hour >= QUIET_START_HOUR && hour < QUIET_END_HOUR;
+}

package/src/worker.js

@@ -3,7 +3,7 @@ import { executeTool } from './tools/index.js';
 import { closeSession } from './tools/browser.js';
 import { getMissingCredential } from './utils/config.js';
 import { getWorkerPrompt } from './prompts/workers.js';
-import { getUnifiedSkillById } from './skills/custom.js';
+import { buildSkillPrompt } from './skills/loader.js';
 import { getLogger } from './utils/logger.js';
 import { truncateToolResult } from './utils/truncate.js';
 
@@ -23,17 +23,17 @@ export class WorkerAgent {
    * @param {string} opts.workerType - coding, browser, system, devops, research
    * @param {string} opts.jobId - Job ID for logging
    * @param {Array} opts.tools - Scoped tool definitions
-   * @param {string|null} opts.skillId - Active skill ID (for worker prompt)
+   * @param {string[]|null} opts.skillIds - Active skill IDs (for worker prompt)
    * @param {string|null} opts.workerContext - Structured context (conversation history, persona, dependency results)
    * @param {object} opts.callbacks - { onProgress, onComplete, onError }
    * @param {AbortController} opts.abortController - For cancellation
    */
-  constructor({ config, workerType, jobId, tools, skillId, workerContext, callbacks, abortController }) {
+  constructor({ config, workerType, jobId, tools, skillIds, workerContext, callbacks, abortController }) {
     this.config = config;
     this.workerType = workerType;
     this.jobId = jobId;
     this.tools = tools;
-    this.skillId = skillId;
+    this.skillIds = skillIds || [];
     this.workerContext = workerContext || null;
     this.callbacks = callbacks || {};
     this.abortController = abortController || new AbortController();
@@ -45,8 +45,8 @@ export class WorkerAgent {
     // Create provider from worker brain config
     this.provider = createProvider(config);
 
-    // Build system prompt
-    const skillPrompt = skillId ? getUnifiedSkillById(skillId)?.systemPrompt : null;
+    // Build system prompt with combined skill expertise
+    const skillPrompt = buildSkillPrompt(this.skillIds);
     this.systemPrompt = getWorkerPrompt(workerType, config, skillPrompt);
 
     // Safety ceiling — not a real limit, just prevents infinite loops
@@ -54,7 +54,7 @@ export class WorkerAgent {
     this.maxIterations = 200;
 
     const logger = getLogger();
-    logger.info(`[Worker ${jobId}] Created: type=${workerType}, provider=${config.brain.provider}/${config.brain.model}, tools=${tools.length}, skill=${skillId || 'none'}, context=${workerContext ? 'yes' : 'none'}`);
+    logger.info(`[Worker ${jobId}] Created: type=${workerType}, provider=${config.brain.provider}/${config.brain.model}, tools=${tools.length}, skills=${this.skillIds.length > 0 ? this.skillIds.join(',') : 'none'}, context=${workerContext ? 'yes' : 'none'}`);
   }
 
   /** Cancel this worker. */
@@ -297,41 +297,34 @@ export class WorkerAgent {
 
     const _str = (v) => typeof v === 'string' ? v : (v ? JSON.stringify(v, null, 2) : '');
 
+    /** Try to build a structured result from a parsed JSON object. */
+    const _fromParsed = (parsed) => {
+      if (!parsed?.summary || !parsed?.status) return null;
+      return {
+        structured: true,
+        summary: String(parsed.summary || ''),
+        status: String(parsed.status || 'success'),
+        details: _str(parsed.details),
+        artifacts: Array.isArray(parsed.artifacts) ? parsed.artifacts : [],
+        followUp: parsed.followUp ? String(parsed.followUp) : null,
+        toolsUsed: this._toolCallCount,
+        errors: this._errors,
+      };
+    };
+
     // Try to extract JSON from ```json ... ``` fences
     const fenceMatch = text.match(/```json\s*\n?([\s\S]*?)\n?\s*```/);
     if (fenceMatch) {
       try {
-        const parsed = JSON.parse(fenceMatch[1]);
-        if (parsed.summary && parsed.status) {
-          return {
-            structured: true,
-            summary: String(parsed.summary || ''),
-            status: String(parsed.status || 'success'),
-            details: _str(parsed.details),
-            artifacts: Array.isArray(parsed.artifacts) ? parsed.artifacts : [],
-            followUp: parsed.followUp ? String(parsed.followUp) : null,
-            toolsUsed: this._toolCallCount,
-            errors: this._errors,
-          };
-        }
+        const result = _fromParsed(JSON.parse(fenceMatch[1]));
+        if (result) return result;
       } catch { /* fall through */ }
     }
 
     // Try raw JSON parse (no fences)
     try {
-      const parsed = JSON.parse(text);
-      if (parsed.summary && parsed.status) {
-        return {
-          structured: true,
-          summary: String(parsed.summary || ''),
-          status: String(parsed.status || 'success'),
-          details: _str(parsed.details),
-          artifacts: Array.isArray(parsed.artifacts) ? parsed.artifacts : [],
-          followUp: parsed.followUp ? String(parsed.followUp) : null,
-          toolsUsed: this._toolCallCount,
-          errors: this._errors,
-        };
-      }
+      const result = _fromParsed(JSON.parse(text));
+      if (result) return result;
     } catch { /* fall through */ }
 
     // Fallback: wrap raw text