kernelbot 1.0.4 → 1.0.6

package/.env.example

@@ -1,2 +1,3 @@
 ANTHROPIC_API_KEY=sk-ant-...
 TELEGRAM_BOT_TOKEN=123456:ABC-DEF...
+GITHUB_TOKEN=ghp_...

package/README.md

@@ -23,6 +23,10 @@ KernelBot runs a **tool-use loop**: Claude decides which tools to call, KernelBo
 | `write_file`      | Write/create files, auto-creates parent directories |
 | `list_directory`  | List directory contents, optionally recursive       |
 
+## Disclaimer
+
+> **WARNING:** KernelBot has full access to your operating system. It can execute shell commands, read/write files, manage processes, control Docker containers, and interact with external services (GitHub, Telegram) on your behalf. Only run KernelBot on machines you own and control. Always configure `allowed_users` in production to restrict who can interact with the bot. The authors are not responsible for any damage caused by misuse.
+
 ## Installation
 
 ```bash

package/config.example.yaml

@@ -11,6 +11,15 @@ anthropic:
   temperature: 0.3
   max_tool_depth: 25
 
+claude_code:
+  max_turns: 50
+  timeout_seconds: 600
+  # workspace_dir: /tmp/kernelbot-workspaces  # default: ~/.kernelbot/workspaces
+
+github:
+  default_branch: main
+  # default_org: my-org
+
 telegram:
   # List Telegram user IDs allowed to interact. Empty = allow all (dev mode).
   allowed_users: []

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kernelbot",
-  "version": "1.0.004",
+  "version": "1.0.6",
   "description": "KernelBot — AI engineering agent with full OS control",
   "type": "module",
   "author": "Abdullah Al-Taheri <abdullah@altaheri.me>",
@@ -28,13 +28,16 @@
   "license": "MIT",
   "dependencies": {
     "@anthropic-ai/sdk": "^0.39.0",
+    "@octokit/rest": "^22.0.1",
+    "axios": "^1.13.5",
+    "boxen": "^8.0.1",
     "chalk": "^5.4.1",
     "commander": "^13.1.0",
     "dotenv": "^16.4.7",
     "js-yaml": "^4.1.0",
     "node-telegram-bot-api": "^0.66.0",
     "ora": "^8.1.1",
-    "boxen": "^8.0.1",
+    "simple-git": "^3.31.1",
     "uuid": "^11.1.0",
     "winston": "^3.17.0"
   }

package/src/agent.js

@@ -1,5 +1,5 @@
 import Anthropic from '@anthropic-ai/sdk';
-import { toolDefinitions, executeTool } from './tools/index.js';
+import { toolDefinitions, executeTool, checkConfirmation } from './tools/index.js';
 import { getSystemPrompt } from './prompts/system.js';
 import { getLogger } from './utils/logger.js';
 
@@ -9,11 +9,73 @@ export class Agent {
     this.conversationManager = conversationManager;
     this.client = new Anthropic({ apiKey: config.anthropic.api_key });
     this.systemPrompt = getSystemPrompt(config);
+    this._pendingConfirmation = new Map(); // chatId -> { block, context }
   }
 
   async processMessage(chatId, userMessage, user) {
     const logger = getLogger();
-    const { model, max_tokens, temperature, max_tool_depth } = this.config.anthropic;
+
+    // Handle pending confirmation responses
+    const pending = this._pendingConfirmation.get(chatId);
+    if (pending) {
+      this._pendingConfirmation.delete(chatId);
+      const lower = userMessage.toLowerCase().trim();
+
+      if (lower === 'yes' || lower === 'y' || lower === 'confirm') {
+        // User approved — execute the blocked tool and resume
+        logger.info(`User confirmed dangerous tool: ${pending.block.name}`);
+        const result = await executeTool(pending.block.name, pending.block.input, pending.context);
+
+        // Resume the agent loop with the tool result
+        pending.toolResults.push({
+          type: 'tool_result',
+          tool_use_id: pending.block.id,
+          content: JSON.stringify(result),
+        });
+
+        // Process remaining blocks if any
+        for (const block of pending.remainingBlocks) {
+          if (block.type !== 'tool_use') continue;
+
+          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
+          if (dangerLabel) {
+            // Another dangerous tool — ask again
+            this._pendingConfirmation.set(chatId, {
+              block,
+              context: pending.context,
+              toolResults: pending.toolResults,
+              remainingBlocks: pending.remainingBlocks.filter((b) => b !== block),
+              messages: pending.messages,
+            });
+            return `⚠️ Next action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
+          }
+
+          logger.info(`Tool call: ${block.name}`);
+          const r = await executeTool(block.name, block.input, pending.context);
+          pending.toolResults.push({
+            type: 'tool_result',
+            tool_use_id: block.id,
+            content: JSON.stringify(r),
+          });
+        }
+
+        // Continue the agent loop
+        pending.messages.push({ role: 'user', content: pending.toolResults });
+        return await this._continueLoop(chatId, pending.messages, user);
+      } else {
+        // User denied
+        logger.info(`User denied dangerous tool: ${pending.block.name}`);
+        pending.toolResults.push({
+          type: 'tool_result',
+          tool_use_id: pending.block.id,
+          content: JSON.stringify({ error: 'User denied this operation.' }),
+        });
+        pending.messages.push({ role: 'user', content: pending.toolResults });
+        return await this._continueLoop(chatId, pending.messages, user);
+      }
+    }
+
+    const { max_tool_depth } = this.config.anthropic;
 
     // Add user message to persistent history
     this.conversationManager.addMessage(chatId, 'user', userMessage);
@@ -21,8 +83,15 @@ export class Agent {
     // Build working messages from history
     const messages = [...this.conversationManager.getHistory(chatId)];
 
-    for (let depth = 0; depth < max_tool_depth; depth++) {
-      logger.debug(`Agent loop iteration ${depth + 1}/${max_tool_depth}`);
+    return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
+  }
+
+  async _runLoop(chatId, messages, user, startDepth, maxDepth) {
+    const logger = getLogger();
+    const { model, max_tokens, temperature } = this.config.anthropic;
+
+    for (let depth = startDepth; depth < maxDepth; depth++) {
+      logger.debug(`Agent loop iteration ${depth + 1}/${maxDepth}`);
 
       const response = await this.client.messages.create({
         model,
@@ -39,19 +108,35 @@ export class Agent {
           .map((b) => b.text);
         const reply = textBlocks.join('\n');
 
-        // Save assistant reply to persistent history
         this.conversationManager.addMessage(chatId, 'assistant', reply);
         return reply;
       }
 
       if (response.stop_reason === 'tool_use') {
-        // Push assistant response as-is (contains tool_use blocks)
         messages.push({ role: 'assistant', content: response.content });
 
-        // Execute each tool_use block
+        const toolUseBlocks = response.content.filter((b) => b.type === 'tool_use');
         const toolResults = [];
-        for (const block of response.content) {
-          if (block.type !== 'tool_use') continue;
+
+        for (let i = 0; i < toolUseBlocks.length; i++) {
+          const block = toolUseBlocks[i];
+
+          // Check if this tool requires confirmation
+          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
+          if (dangerLabel) {
+            logger.warn(`Dangerous tool detected: ${block.name} — ${dangerLabel}`);
+
+            // Store state and pause for user confirmation
+            this._pendingConfirmation.set(chatId, {
+              block,
+              context: { config: this.config, user },
+              toolResults,
+              remainingBlocks: toolUseBlocks.slice(i + 1),
+              messages,
+            });
+
+            return `⚠️ This action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
+          }
 
           logger.info(`Tool call: ${block.name}`);
 
@@ -67,7 +152,6 @@ export class Agent {
           });
         }
 
-        // Push all tool results as a single user message
         messages.push({ role: 'user', content: toolResults });
         continue;
       }
@@ -86,9 +170,14 @@ export class Agent {
     }
 
     const depthWarning =
-      `Reached maximum tool depth (${max_tool_depth}). Stopping to prevent infinite loops. ` +
+      `Reached maximum tool depth (${maxDepth}). Stopping to prevent infinite loops. ` +
       `Please try again with a simpler request.`;
     this.conversationManager.addMessage(chatId, 'assistant', depthWarning);
     return depthWarning;
   }
+
+  async _continueLoop(chatId, messages, user) {
+    const { max_tool_depth } = this.config.anthropic;
+    return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
+  }
 }

package/src/coder.js

@@ -0,0 +1,64 @@
+import { spawn } from 'child_process';
+import { getLogger } from './utils/logger.js';
+
+export class ClaudeCodeSpawner {
+  constructor(config) {
+    this.maxTurns = config.claude_code?.max_turns || 50;
+    this.timeout = (config.claude_code?.timeout_seconds || 600) * 1000;
+  }
+
+  async run({ workingDirectory, prompt, maxTurns }) {
+    const logger = getLogger();
+    const turns = maxTurns || this.maxTurns;
+
+    logger.info(`Spawning Claude Code in ${workingDirectory}`);
+
+    return new Promise((resolve, reject) => {
+      const args = ['-p', prompt, '--max-turns', String(turns), '--output-format', 'text'];
+
+      const child = spawn('claude', args, {
+        cwd: workingDirectory,
+        env: { ...process.env },
+        stdio: ['ignore', 'pipe', 'pipe'],
+      });
+
+      let stdout = '';
+      let stderr = '';
+
+      child.stdout.on('data', (data) => {
+        stdout += data.toString();
+      });
+
+      child.stderr.on('data', (data) => {
+        stderr += data.toString();
+      });
+
+      const timer = setTimeout(() => {
+        child.kill('SIGTERM');
+        reject(new Error(`Claude Code timed out after ${this.timeout / 1000}s`));
+      }, this.timeout);
+
+      child.on('close', (code) => {
+        clearTimeout(timer);
+        if (code !== 0 && !stdout) {
+          reject(new Error(`Claude Code exited with code ${code}: ${stderr}`));
+        } else {
+          resolve({
+            output: stdout.trim(),
+            stderr: stderr.trim(),
+            exitCode: code,
+          });
+        }
+      });
+
+      child.on('error', (err) => {
+        clearTimeout(timer);
+        if (err.code === 'ENOENT') {
+          reject(new Error('Claude Code CLI not found. Install with: npm i -g @anthropic-ai/claude-code'));
+        } else {
+          reject(err);
+        }
+      });
+    });
+  }
+}

package/src/prompts/system.js

@@ -3,17 +3,30 @@ import { toolDefinitions } from '../tools/index.js';
 export function getSystemPrompt(config) {
   const toolList = toolDefinitions.map((t) => `- ${t.name}: ${t.description}`).join('\n');
 
-  return `You are ${config.bot.name}, an AI engineering agent with full OS control.
+  return `You are ${config.bot.name}, a senior software engineer and sysadmin AI agent.
+You talk to the user via Telegram. You are confident, concise, and effective.
 
-You have access to the following tools to interact with the operating system:
+You have full access to the operating system through your tools:
 ${toolList}
 
-Guidelines:
+## Coding Tasks (writing code, fixing bugs, reviewing code, scaffolding projects)
+1. Use git tools to clone the repo and create a branch
+2. Use spawn_claude_code to do the actual coding work inside the repo
+3. After Claude Code finishes, use git tools to commit and push
+4. Use GitHub tools to create the PR
+5. Report back with the PR link
+
+## Non-Coding Tasks (monitoring, deploying, restarting services, checking status)
+- Use OS, Docker, process, network, and monitoring tools directly
+- No need to spawn Claude Code for these
+
+## Guidelines
 - Use tools proactively to complete tasks. Don't just describe what you would do — do it.
 - When a task requires multiple steps, execute them in sequence using tools.
 - If a command fails, analyze the error and try an alternative approach.
-- Be concise in your responses. Show what you did and the result.
-- When writing code, write complete, working files — not snippets.
-- For destructive operations (deleting files, overwriting data), confirm with the user first unless they've explicitly asked for it.
-- If you're unsure about something, read the relevant files first before making changes.`;
+- Be concise — you're talking on Telegram, not writing essays.
+- For destructive operations (rm, kill, service stop, force push), confirm with the user first.
+- Never expose API keys, tokens, or secrets in your responses.
+- If a task will take a while, tell the user upfront.
+- If something fails, explain what went wrong and suggest a fix.`;
 }

package/src/security/confirm.js

@@ -0,0 +1,35 @@
+const DANGEROUS_PATTERNS = [
+  { tool: 'execute_command', pattern: /\brm\b/, label: 'delete files' },
+  { tool: 'execute_command', pattern: /\brmdir\b/, label: 'delete directories' },
+  { tool: 'kill_process', pattern: null, label: 'kill a process' },
+  { tool: 'service_control', param: 'action', value: 'stop', label: 'stop a service' },
+  { tool: 'github_create_repo', pattern: null, label: 'create a GitHub repository' },
+  { tool: 'docker_compose', param: 'action', value: 'down', label: 'take down containers' },
+  { tool: 'git_push', param: 'force', value: true, label: 'force push' },
+];
+
+export function requiresConfirmation(toolName, params, config) {
+  // Check if confirmation is disabled in config
+  if (config.security?.require_confirmation === false) return null;
+
+  for (const rule of DANGEROUS_PATTERNS) {
+    if (rule.tool !== toolName) continue;
+
+    // Pattern match on command string
+    if (rule.pattern && params.command && rule.pattern.test(params.command)) {
+      return rule.label;
+    }
+
+    // Param value match
+    if (rule.param && params[rule.param] === rule.value) {
+      return rule.label;
+    }
+
+    // Tool-level match (no pattern/param — the tool itself is dangerous)
+    if (!rule.pattern && !rule.param) {
+      return rule.label;
+    }
+  }
+
+  return null;
+}

package/src/tools/coding.js

@@ -0,0 +1,50 @@
+import { ClaudeCodeSpawner } from '../coder.js';
+
+let spawner = null;
+
+function getSpawner(config) {
+  if (!spawner) spawner = new ClaudeCodeSpawner(config);
+  return spawner;
+}
+
+export const definitions = [
+  {
+    name: 'spawn_claude_code',
+    description:
+      'Spawn Claude Code CLI to perform coding tasks in a directory. Use for writing code, fixing bugs, reviewing diffs, and scaffolding projects. Claude Code has full access to the filesystem within the given directory.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        working_directory: {
+          type: 'string',
+          description: 'The directory to run Claude Code in (should be a cloned repo)',
+        },
+        prompt: {
+          type: 'string',
+          description: 'The coding task to perform — be specific about what to do',
+        },
+        max_turns: {
+          type: 'number',
+          description: 'Max turns for Claude Code (optional, default from config)',
+        },
+      },
+      required: ['working_directory', 'prompt'],
+    },
+  },
+];
+
+export const handlers = {
+  spawn_claude_code: async (params, context) => {
+    try {
+      const coder = getSpawner(context.config);
+      const result = await coder.run({
+        workingDirectory: params.working_directory,
+        prompt: params.prompt,
+        maxTurns: params.max_turns,
+      });
+      return { success: true, output: result.output };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+};

package/src/tools/docker.js

@@ -0,0 +1,80 @@
+import { exec } from 'child_process';
+
+function run(cmd, timeout = 30000) {
+  return new Promise((resolve) => {
+    exec(cmd, { timeout, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+      if (error) return resolve({ error: stderr || error.message });
+      resolve({ output: stdout.trim() });
+    });
+  });
+}
+
+export const definitions = [
+  {
+    name: 'docker_ps',
+    description: 'List Docker containers.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        all: { type: 'boolean', description: 'Include stopped containers (default false)' },
+      },
+    },
+  },
+  {
+    name: 'docker_logs',
+    description: 'Get logs from a Docker container.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        container: { type: 'string', description: 'Container name or ID' },
+        tail: { type: 'number', description: 'Number of lines to show (default 100)' },
+      },
+      required: ['container'],
+    },
+  },
+  {
+    name: 'docker_exec',
+    description: 'Execute a command inside a running Docker container.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        container: { type: 'string', description: 'Container name or ID' },
+        command: { type: 'string', description: 'Command to execute' },
+      },
+      required: ['container', 'command'],
+    },
+  },
+  {
+    name: 'docker_compose',
+    description: 'Run a docker compose command.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        action: { type: 'string', description: 'Compose action (e.g. "up -d", "down", "build", "logs")' },
+        project_dir: { type: 'string', description: 'Directory containing docker-compose.yml (optional)' },
+      },
+      required: ['action'],
+    },
+  },
+];
+
+export const handlers = {
+  docker_ps: async (params) => {
+    const flag = params.all ? '-a' : '';
+    return await run(`docker ps ${flag} --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}\t{{.Image}}"`);
+  },
+
+  docker_logs: async (params) => {
+    const tail = params.tail || 100;
+    return await run(`docker logs --tail ${tail} ${params.container}`);
+  },
+
+  docker_exec: async (params) => {
+    return await run(`docker exec ${params.container} ${params.command}`);
+  },
+
+  docker_compose: async (params) => {
+    const dir = params.project_dir ? `-f ${params.project_dir}/docker-compose.yml` : '';
+    return await run(`docker compose ${dir} ${params.action}`, 120000);
+  },
+};

package/src/tools/git.js

@@ -0,0 +1,154 @@
+import simpleGit from 'simple-git';
+import { join } from 'path';
+import { homedir } from 'os';
+import { mkdirSync } from 'fs';
+
+function getWorkspaceDir(config) {
+  const dir = config.claude_code?.workspace_dir || join(homedir(), '.kernelbot', 'workspaces');
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+export const definitions = [
+  {
+    name: 'git_clone',
+    description: 'Clone a git repository. Accepts "org/repo" shorthand (uses GitHub) or a full URL.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        repo: {
+          type: 'string',
+          description: 'Repository — "org/repo" or full git URL',
+        },
+        dest: {
+          type: 'string',
+          description: 'Destination directory name (optional, defaults to repo name)',
+        },
+      },
+      required: ['repo'],
+    },
+  },
+  {
+    name: 'git_checkout',
+    description: 'Checkout an existing branch or create a new one.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        dir: { type: 'string', description: 'Repository directory path' },
+        branch: { type: 'string', description: 'Branch name' },
+        create: { type: 'boolean', description: 'Create the branch if it doesn\'t exist (default false)' },
+      },
+      required: ['dir', 'branch'],
+    },
+  },
+  {
+    name: 'git_commit',
+    description: 'Stage all changes and create a commit.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        dir: { type: 'string', description: 'Repository directory path' },
+        message: { type: 'string', description: 'Commit message' },
+      },
+      required: ['dir', 'message'],
+    },
+  },
+  {
+    name: 'git_push',
+    description: 'Push the current branch to the remote.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        dir: { type: 'string', description: 'Repository directory path' },
+        force: { type: 'boolean', description: 'Force push (default false)' },
+      },
+      required: ['dir'],
+    },
+  },
+  {
+    name: 'git_diff',
+    description: 'Get the diff of current uncommitted changes.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        dir: { type: 'string', description: 'Repository directory path' },
+      },
+      required: ['dir'],
+    },
+  },
+];
+
+export const handlers = {
+  git_clone: async (params, context) => {
+    const { repo, dest } = params;
+    const workspaceDir = getWorkspaceDir(context.config);
+
+    let url = repo;
+    if (!repo.includes('://') && !repo.startsWith('git@')) {
+      url = `https://github.com/${repo}.git`;
+    }
+
+    const repoName = dest || repo.split('/').pop().replace('.git', '');
+    const targetDir = join(workspaceDir, repoName);
+
+    try {
+      const git = simpleGit();
+      await git.clone(url, targetDir);
+      return { success: true, path: targetDir };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  git_checkout: async (params) => {
+    const { dir, branch, create = false } = params;
+    try {
+      const git = simpleGit(dir);
+      if (create) {
+        await git.checkoutLocalBranch(branch);
+      } else {
+        await git.checkout(branch);
+      }
+      return { success: true, branch };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  git_commit: async (params) => {
+    const { dir, message } = params;
+    try {
+      const git = simpleGit(dir);
+      await git.add('.');
+      const result = await git.commit(message);
+      return { success: true, commit: result.commit, summary: result.summary };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  git_push: async (params) => {
+    const { dir, force = false } = params;
+    try {
+      const git = simpleGit(dir);
+      const branch = (await git.branchLocal()).current;
+      const options = force ? ['--force'] : [];
+      await git.push('origin', branch, options);
+      return { success: true, branch };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  git_diff: async (params) => {
+    const { dir } = params;
+    try {
+      const git = simpleGit(dir);
+      const diff = await git.diff();
+      const staged = await git.diff(['--cached']);
+      return { unstaged: diff || '(no changes)', staged: staged || '(no staged changes)' };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+};

package/src/tools/github.js

@@ -0,0 +1,201 @@
+import { Octokit } from '@octokit/rest';
+
+function getOctokit(config) {
+  const token = config.github?.token || process.env.GITHUB_TOKEN;
+  if (!token) throw new Error('GITHUB_TOKEN not configured');
+  return new Octokit({ auth: token });
+}
+
+function parseRepo(repo) {
+  const parts = repo.replace('https://github.com/', '').replace('.git', '').split('/');
+  if (parts.length < 2) throw new Error(`Invalid repo format: ${repo}. Use "owner/repo".`);
+  return { owner: parts[0], repo: parts[1] };
+}
+
+export const definitions = [
+  {
+    name: 'github_create_pr',
+    description: 'Create a pull request on GitHub.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        repo: { type: 'string', description: 'Repository in "owner/repo" format' },
+        head: { type: 'string', description: 'Source branch name' },
+        base: { type: 'string', description: 'Target branch (default: main)' },
+        title: { type: 'string', description: 'PR title' },
+        body: { type: 'string', description: 'PR description' },
+      },
+      required: ['repo', 'head', 'title'],
+    },
+  },
+  {
+    name: 'github_get_pr_diff',
+    description: 'Get the diff of a pull request.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        repo: { type: 'string', description: 'Repository in "owner/repo" format' },
+        pr_number: { type: 'number', description: 'Pull request number' },
+      },
+      required: ['repo', 'pr_number'],
+    },
+  },
+  {
+    name: 'github_post_review',
+    description: 'Post a review on a pull request.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        repo: { type: 'string', description: 'Repository in "owner/repo" format' },
+        pr_number: { type: 'number', description: 'Pull request number' },
+        body: { type: 'string', description: 'Review body text' },
+        event: {
+          type: 'string',
+          description: 'Review action',
+          enum: ['APPROVE', 'REQUEST_CHANGES', 'COMMENT'],
+        },
+      },
+      required: ['repo', 'pr_number', 'body', 'event'],
+    },
+  },
+  {
+    name: 'github_create_repo',
+    description: 'Create a new GitHub repository.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        name: { type: 'string', description: 'Repository name' },
+        org: { type: 'string', description: 'Organization (optional, defaults to personal)' },
+        private: { type: 'boolean', description: 'Private repo (default true)' },
+        description: { type: 'string', description: 'Repo description' },
+      },
+      required: ['name'],
+    },
+  },
+  {
+    name: 'github_list_prs',
+    description: 'List pull requests for a repository.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        repo: { type: 'string', description: 'Repository in "owner/repo" format' },
+        state: { type: 'string', description: 'Filter by state: open, closed, all (default: open)' },
+      },
+      required: ['repo'],
+    },
+  },
+];
+
+export const handlers = {
+  github_create_pr: async (params, context) => {
+    try {
+      const octokit = getOctokit(context.config);
+      const { owner, repo } = parseRepo(params.repo);
+      const base = params.base || context.config.github?.default_branch || 'main';
+
+      const { data } = await octokit.pulls.create({
+        owner,
+        repo,
+        head: params.head,
+        base,
+        title: params.title,
+        body: params.body || '',
+      });
+
+      return { success: true, pr_number: data.number, url: data.html_url };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  github_get_pr_diff: async (params, context) => {
+    try {
+      const octokit = getOctokit(context.config);
+      const { owner, repo } = parseRepo(params.repo);
+
+      const { data } = await octokit.pulls.get({
+        owner,
+        repo,
+        pull_number: params.pr_number,
+        mediaType: { format: 'diff' },
+      });
+
+      return { diff: data };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  github_post_review: async (params, context) => {
+    try {
+      const octokit = getOctokit(context.config);
+      const { owner, repo } = parseRepo(params.repo);
+
+      const { data } = await octokit.pulls.createReview({
+        owner,
+        repo,
+        pull_number: params.pr_number,
+        body: params.body,
+        event: params.event,
+      });
+
+      return { success: true, review_id: data.id };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  github_create_repo: async (params, context) => {
+    try {
+      const octokit = getOctokit(context.config);
+      const org = params.org || context.config.github?.default_org;
+      const isPrivate = params.private !== false;
+
+      let data;
+      if (org) {
+        ({ data } = await octokit.repos.createInOrg({
+          org,
+          name: params.name,
+          private: isPrivate,
+          description: params.description || '',
+        }));
+      } else {
+        ({ data } = await octokit.repos.createForAuthenticatedUser({
+          name: params.name,
+          private: isPrivate,
+          description: params.description || '',
+        }));
+      }
+
+      return { success: true, url: data.html_url, clone_url: data.clone_url };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+
+  github_list_prs: async (params, context) => {
+    try {
+      const octokit = getOctokit(context.config);
+      const { owner, repo } = parseRepo(params.repo);
+
+      const { data } = await octokit.pulls.list({
+        owner,
+        repo,
+        state: params.state || 'open',
+      });
+
+      const prs = data.map((pr) => ({
+        number: pr.number,
+        title: pr.title,
+        state: pr.state,
+        author: pr.user.login,
+        url: pr.html_url,
+        created_at: pr.created_at,
+      }));
+
+      return { prs };
+    } catch (err) {
+      return { error: err.message };
+    }
+  },
+};

package/src/tools/index.js

@@ -1,9 +1,39 @@
 import { definitions as osDefinitions, handlers as osHandlers } from './os.js';
+import { definitions as processDefinitions, handlers as processHandlers } from './process.js';
+import { definitions as dockerDefinitions, handlers as dockerHandlers } from './docker.js';
+import { definitions as monitorDefinitions, handlers as monitorHandlers } from './monitor.js';
+import { definitions as networkDefinitions, handlers as networkHandlers } from './network.js';
+import { definitions as gitDefinitions, handlers as gitHandlers } from './git.js';
+import { definitions as githubDefinitions, handlers as githubHandlers } from './github.js';
+import { definitions as codingDefinitions, handlers as codingHandlers } from './coding.js';
 import { logToolCall } from '../security/audit.js';
+import { requiresConfirmation } from '../security/confirm.js';
 
-export const toolDefinitions = [...osDefinitions];
+export const toolDefinitions = [
+  ...osDefinitions,
+  ...processDefinitions,
+  ...dockerDefinitions,
+  ...monitorDefinitions,
+  ...networkDefinitions,
+  ...gitDefinitions,
+  ...githubDefinitions,
+  ...codingDefinitions,
+];
 
-const handlerMap = { ...osHandlers };
+const handlerMap = {
+  ...osHandlers,
+  ...processHandlers,
+  ...dockerHandlers,
+  ...monitorHandlers,
+  ...networkHandlers,
+  ...gitHandlers,
+  ...githubHandlers,
+  ...codingHandlers,
+};
+
+export function checkConfirmation(name, params, config) {
+  return requiresConfirmation(name, params, config);
+}
 
 export async function executeTool(name, params, context) {
   const handler = handlerMap[name];

package/src/tools/monitor.js

@@ -0,0 +1,84 @@
+import { exec } from 'child_process';
+import { platform } from 'os';
+
+const isMac = platform() === 'darwin';
+
+function run(cmd, timeout = 10000) {
+  return new Promise((resolve) => {
+    exec(cmd, { timeout }, (error, stdout, stderr) => {
+      if (error) return resolve({ error: stderr || error.message });
+      resolve({ output: stdout.trim() });
+    });
+  });
+}
+
+export const definitions = [
+  {
+    name: 'disk_usage',
+    description: 'Show disk space usage.',
+    input_schema: { type: 'object', properties: {} },
+  },
+  {
+    name: 'memory_usage',
+    description: 'Show memory (RAM) usage.',
+    input_schema: { type: 'object', properties: {} },
+  },
+  {
+    name: 'cpu_usage',
+    description: 'Show CPU load information.',
+    input_schema: { type: 'object', properties: {} },
+  },
+  {
+    name: 'system_logs',
+    description: 'Read system or application logs.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        source: {
+          type: 'string',
+          description: 'Log source — file path or "journalctl" (default: journalctl)',
+        },
+        lines: { type: 'number', description: 'Number of lines to show (default 50)' },
+        filter: { type: 'string', description: 'Filter string (optional)' },
+      },
+    },
+  },
+];
+
+export const handlers = {
+  disk_usage: async () => {
+    return await run('df -h');
+  },
+
+  memory_usage: async () => {
+    if (isMac) {
+      // macOS doesn't have /proc/meminfo or free
+      const vm = await run('vm_stat');
+      const total = await run("sysctl -n hw.memsize | awk '{print $1/1073741824}'");
+      return { output: `Total RAM: ${total.output}GB\n\n${vm.output}` };
+    }
+    return await run('free -h');
+  },
+
+  cpu_usage: async () => {
+    if (isMac) {
+      return await run('top -l 1 -n 0 | head -10');
+    }
+    return await run('uptime && echo "---" && cat /proc/loadavg');
+  },
+
+  system_logs: async (params) => {
+    const lines = params.lines || 50;
+    const source = params.source || 'journalctl';
+    const filter = params.filter;
+
+    if (source === 'journalctl') {
+      const filterArg = filter ? ` -g "${filter}"` : '';
+      return await run(`journalctl -n ${lines}${filterArg} --no-pager`);
+    }
+
+    // Reading a log file
+    const filterCmd = filter ? ` | grep -i "${filter}"` : '';
+    return await run(`tail -n ${lines} "${source}"${filterCmd}`);
+  },
+};

package/src/tools/network.js

@@ -0,0 +1,103 @@
+import { exec } from 'child_process';
+import { platform } from 'os';
+
+function run(cmd, timeout = 15000) {
+  return new Promise((resolve) => {
+    exec(cmd, { timeout }, (error, stdout, stderr) => {
+      if (error) return resolve({ error: stderr || error.message });
+      resolve({ output: stdout.trim() });
+    });
+  });
+}
+
+export const definitions = [
+  {
+    name: 'check_port',
+    description: 'Check if a port is open and listening.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        port: { type: 'number', description: 'Port number to check' },
+        host: { type: 'string', description: 'Host to check (default: localhost)' },
+      },
+      required: ['port'],
+    },
+  },
+  {
+    name: 'curl_url',
+    description: 'Make an HTTP request to a URL and return the response.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        url: { type: 'string', description: 'URL to request' },
+        method: { type: 'string', description: 'HTTP method (default: GET)' },
+        headers: { type: 'object', description: 'Request headers (optional)' },
+        body: { type: 'string', description: 'Request body (optional)' },
+      },
+      required: ['url'],
+    },
+  },
+  {
+    name: 'nginx_reload',
+    description: 'Test nginx configuration and reload if valid.',
+    input_schema: { type: 'object', properties: {} },
+  },
+];
+
+export const handlers = {
+  check_port: async (params) => {
+    const host = params.host || 'localhost';
+    const { port } = params;
+
+    // Use nc (netcat) for port check — works on both macOS and Linux
+    const result = await run(`nc -z -w 3 ${host} ${port} 2>&1 && echo "OPEN" || echo "CLOSED"`, 5000);
+
+    if (result.error) {
+      return { port, host, status: 'closed', detail: result.error };
+    }
+
+    const isOpen = result.output.includes('OPEN');
+    return { port, host, status: isOpen ? 'open' : 'closed' };
+  },
+
+  curl_url: async (params) => {
+    const { url, method = 'GET', headers, body } = params;
+
+    let cmd = `curl -s -w "\\n---HTTP_STATUS:%{http_code}" -X ${method}`;
+
+    if (headers) {
+      for (const [key, val] of Object.entries(headers)) {
+        cmd += ` -H "${key}: ${val}"`;
+      }
+    }
+
+    if (body) {
+      cmd += ` -d '${body.replace(/'/g, "'\\''")}'`;
+    }
+
+    cmd += ` "${url}"`;
+
+    const result = await run(cmd);
+
+    if (result.error) return result;
+
+    const parts = result.output.split('---HTTP_STATUS:');
+    const responseBody = parts[0].trim();
+    const statusCode = parts[1] ? parseInt(parts[1].trim()) : null;
+
+    return { status_code: statusCode, body: responseBody };
+  },
+
+  nginx_reload: async () => {
+    // Test config first
+    const test = await run('nginx -t 2>&1');
+    if (test.error || (test.output && test.output.includes('failed'))) {
+      return { error: `Config test failed: ${test.error || test.output}` };
+    }
+
+    const reload = await run('nginx -s reload 2>&1');
+    if (reload.error) return reload;
+
+    return { success: true, test_output: test.output };
+  },
+};

package/src/tools/process.js

@@ -0,0 +1,73 @@
+import { exec } from 'child_process';
+
+function run(cmd, timeout = 10000) {
+  return new Promise((resolve) => {
+    exec(cmd, { timeout }, (error, stdout, stderr) => {
+      if (error) return resolve({ error: stderr || error.message });
+      resolve({ output: stdout.trim() });
+    });
+  });
+}
+
+export const definitions = [
+  {
+    name: 'process_list',
+    description: 'List running processes. Optionally filter by name.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        filter: { type: 'string', description: 'Filter processes by name (optional)' },
+      },
+    },
+  },
+  {
+    name: 'kill_process',
+    description: 'Kill a process by PID or name.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        pid: { type: 'number', description: 'Process ID to kill' },
+        name: { type: 'string', description: 'Process name to kill (uses pkill)' },
+      },
+    },
+  },
+  {
+    name: 'service_control',
+    description: 'Manage systemd services (start, stop, restart, status).',
+    input_schema: {
+      type: 'object',
+      properties: {
+        service: { type: 'string', description: 'Service name' },
+        action: {
+          type: 'string',
+          description: 'Action to perform',
+          enum: ['start', 'stop', 'restart', 'status'],
+        },
+      },
+      required: ['service', 'action'],
+    },
+  },
+];
+
+export const handlers = {
+  process_list: async (params) => {
+    const filter = params.filter;
+    const cmd = filter ? `ps aux | head -1 && ps aux | grep -i "${filter}" | grep -v grep` : 'ps aux';
+    return await run(cmd);
+  },
+
+  kill_process: async (params) => {
+    if (params.pid) {
+      return await run(`kill ${params.pid}`);
+    }
+    if (params.name) {
+      return await run(`pkill -f "${params.name}"`);
+    }
+    return { error: 'Provide either pid or name' };
+  },
+
+  service_control: async (params) => {
+    const { service, action } = params;
+    return await run(`systemctl ${action} ${service}`);
+  },
+};

package/src/utils/config.js

@@ -20,6 +20,15 @@ const DEFAULTS = {
   telegram: {
     allowed_users: [],
   },
+  claude_code: {
+    max_turns: 50,
+    timeout_seconds: 600,
+    workspace_dir: null, // defaults to ~/.kernelbot/workspaces
+  },
+  github: {
+    default_branch: 'main',
+    default_org: null,
+  },
   security: {
     blocked_paths: [
       '/etc/shadow',
@@ -163,6 +172,10 @@ export function loadConfig() {
   if (process.env.TELEGRAM_BOT_TOKEN) {
     config.telegram.bot_token = process.env.TELEGRAM_BOT_TOKEN;
   }
+  if (process.env.GITHUB_TOKEN) {
+    if (!config.github) config.github = {};
+    config.github.token = process.env.GITHUB_TOKEN;
+  }
 
   return config;
 }

package/src/utils/display.js

@@ -14,6 +14,24 @@ const LOGO = `
 export function showLogo() {
   console.log(chalk.cyan(LOGO));
   console.log(chalk.dim('  AI Engineering Agent\n'));
+  console.log(
+    boxen(
+      chalk.yellow.bold('WARNING') +
+        chalk.yellow(
+          '\n\nKernelBot has full access to your operating system.\n' +
+            'It can execute commands, read/write files, manage processes,\n' +
+            'and interact with external services on your behalf.\n\n' +
+            'Only run this on machines you control.\n' +
+            'Set allowed_users in config.yaml to restrict access.',
+        ),
+      {
+        padding: 1,
+        borderStyle: 'round',
+        borderColor: 'yellow',
+      },
+    ),
+  );
+  console.log('');
 }
 
 export async function showStartupCheck(label, checkFn) {