npm - kernelbot - Versions diffs - 1.0.5 → 1.0.8 - Mend

kernelbot 1.0.5 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -23,6 +23,10 @@ KernelBot runs a **tool-use loop**: Claude decides which tools to call, KernelBo
 | `write_file`      | Write/create files, auto-creates parent directories |
 | `list_directory`  | List directory contents, optionally recursive       |
+## Disclaimer
+> **WARNING:** KernelBot has full access to your operating system. It can execute shell commands, read/write files, manage processes, control Docker containers, and interact with external services (GitHub, Telegram) on your behalf. Only run KernelBot on machines you own and control. Always configure `allowed_users` in production to restrict who can interact with the bot. The authors are not responsible for any damage caused by misuse.
 ## Installation
 ```bash

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "kernelbot",
-  "version": "1.0.5",
+  "version": "1.0.8",
   "description": "KernelBot — AI engineering agent with full OS control",
   "type": "module",
   "author": "Abdullah Al-Taheri <abdullah@altaheri.me>",

package/src/agent.js CHANGED Viewed

@@ -2,6 +2,7 @@ import Anthropic from '@anthropic-ai/sdk';
 import { toolDefinitions, executeTool, checkConfirmation } from './tools/index.js';
 import { getSystemPrompt } from './prompts/system.js';
 import { getLogger } from './utils/logger.js';
+import { getMissingCredential, saveCredential } from './utils/config.js';
 export class Agent {
   constructor({ config, conversationManager }) {
@@ -9,69 +10,23 @@ export class Agent {
     this.conversationManager = conversationManager;
     this.client = new Anthropic({ apiKey: config.anthropic.api_key });
     this.systemPrompt = getSystemPrompt(config);
-    this._pendingConfirmation = new Map(); // chatId -> { block, context }
+    this._pending = new Map(); // chatId -> pending state
   }
   async processMessage(chatId, userMessage, user) {
     const logger = getLogger();
-    // Handle pending confirmation responses
-    const pending = this._pendingConfirmation.get(chatId);
+    // Handle pending responses (confirmation or credential)
+    const pending = this._pending.get(chatId);
     if (pending) {
-      this._pendingConfirmation.delete(chatId);
-      const lower = userMessage.toLowerCase().trim();
-      if (lower === 'yes' || lower === 'y' || lower === 'confirm') {
-        // User approved — execute the blocked tool and resume
-        logger.info(`User confirmed dangerous tool: ${pending.block.name}`);
-        const result = await executeTool(pending.block.name, pending.block.input, pending.context);
-        // Resume the agent loop with the tool result
-        pending.toolResults.push({
-          type: 'tool_result',
-          tool_use_id: pending.block.id,
-          content: JSON.stringify(result),
-        });
-        // Process remaining blocks if any
-        for (const block of pending.remainingBlocks) {
-          if (block.type !== 'tool_use') continue;
-          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
-          if (dangerLabel) {
-            // Another dangerous tool — ask again
-            this._pendingConfirmation.set(chatId, {
-              block,
-              context: pending.context,
-              toolResults: pending.toolResults,
-              remainingBlocks: pending.remainingBlocks.filter((b) => b !== block),
-              messages: pending.messages,
-            });
-            return `⚠️ Next action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
-          }
+      this._pending.delete(chatId);
-          logger.info(`Tool call: ${block.name}`);
-          const r = await executeTool(block.name, block.input, pending.context);
-          pending.toolResults.push({
-            type: 'tool_result',
-            tool_use_id: block.id,
-            content: JSON.stringify(r),
-          });
-        }
+      if (pending.type === 'credential') {
+        return await this._handleCredentialResponse(chatId, userMessage, user, pending);
+      }
-        // Continue the agent loop
-        pending.messages.push({ role: 'user', content: pending.toolResults });
-        return await this._continueLoop(chatId, pending.messages, user);
-      } else {
-        // User denied
-        logger.info(`User denied dangerous tool: ${pending.block.name}`);
-        pending.toolResults.push({
-          type: 'tool_result',
-          tool_use_id: pending.block.id,
-          content: JSON.stringify({ error: 'User denied this operation.' }),
-        });
-        pending.messages.push({ role: 'user', content: pending.toolResults });
-        return await this._continueLoop(chatId, pending.messages, user);
+      if (pending.type === 'confirmation') {
+        return await this._handleConfirmationResponse(chatId, userMessage, user, pending);
       }
     }
@@ -86,6 +41,122 @@ export class Agent {
     return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
   }
+  async _handleCredentialResponse(chatId, userMessage, user, pending) {
+    const logger = getLogger();
+    const value = userMessage.trim();
+    if (value.toLowerCase() === 'skip' || value.toLowerCase() === 'cancel') {
+      logger.info(`User skipped credential: ${pending.credential.envKey}`);
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify({ error: `${pending.credential.label} not provided. Operation skipped.` }),
+      });
+      return await this._resumeAfterPause(chatId, user, pending);
+    }
+    // Save the credential
+    saveCredential(this.config, pending.credential.envKey, value);
+    logger.info(`Saved credential: ${pending.credential.envKey}`);
+    // Now execute the original tool
+    const result = await executeTool(pending.block.name, pending.block.input, {
+      config: this.config,
+      user,
+    });
+    pending.toolResults.push({
+      type: 'tool_result',
+      tool_use_id: pending.block.id,
+      content: JSON.stringify(result),
+    });
+    return await this._resumeAfterPause(chatId, user, pending);
+  }
+  async _handleConfirmationResponse(chatId, userMessage, user, pending) {
+    const logger = getLogger();
+    const lower = userMessage.toLowerCase().trim();
+    if (lower === 'yes' || lower === 'y' || lower === 'confirm') {
+      logger.info(`User confirmed dangerous tool: ${pending.block.name}`);
+      const result = await executeTool(pending.block.name, pending.block.input, pending.context);
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify(result),
+      });
+    } else {
+      logger.info(`User denied dangerous tool: ${pending.block.name}`);
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify({ error: 'User denied this operation.' }),
+      });
+    }
+    return await this._resumeAfterPause(chatId, user, pending);
+  }
+  async _resumeAfterPause(chatId, user, pending) {
+    // Process remaining blocks
+    for (const block of pending.remainingBlocks) {
+      if (block.type !== 'tool_use') continue;
+      const pauseMsg = await this._checkPause(chatId, block, user, pending.toolResults, pending.remainingBlocks.filter((b) => b !== block), pending.messages);
+      if (pauseMsg) return pauseMsg;
+      const r = await executeTool(block.name, block.input, { config: this.config, user });
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: block.id,
+        content: JSON.stringify(r),
+      });
+    }
+    pending.messages.push({ role: 'user', content: pending.toolResults });
+    const { max_tool_depth } = this.config.anthropic;
+    return await this._runLoop(chatId, pending.messages, user, 0, max_tool_depth);
+  }
+  _checkPause(chatId, block, user, toolResults, remainingBlocks, messages) {
+    const logger = getLogger();
+    // Check missing credentials first
+    const missing = getMissingCredential(block.name, this.config);
+    if (missing) {
+      logger.warn(`Missing credential for ${block.name}: ${missing.envKey}`);
+      this._pending.set(chatId, {
+        type: 'credential',
+        block,
+        credential: missing,
+        context: { config: this.config, user },
+        toolResults,
+        remainingBlocks,
+        messages,
+      });
+      return `🔑 **${missing.label}** is required for this action.\n\nPlease send your token now (it will be saved to \`~/.kernelbot/.env\`).\n\nOr reply **skip** to cancel.`;
+    }
+    // Check dangerous operation confirmation
+    const dangerLabel = checkConfirmation(block.name, block.input, this.config);
+    if (dangerLabel) {
+      logger.warn(`Dangerous tool detected: ${block.name} — ${dangerLabel}`);
+      this._pending.set(chatId, {
+        type: 'confirmation',
+        block,
+        context: { config: this.config, user },
+        toolResults,
+        remainingBlocks,
+        messages,
+      });
+      return `⚠️ This action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
+    }
+    return null;
+  }
   async _runLoop(chatId, messages, user, startDepth, maxDepth) {
     const logger = getLogger();
     const { model, max_tokens, temperature } = this.config.anthropic;
@@ -121,22 +192,16 @@ export class Agent {
         for (let i = 0; i < toolUseBlocks.length; i++) {
           const block = toolUseBlocks[i];
-          // Check if this tool requires confirmation
-          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
-          if (dangerLabel) {
-            logger.warn(`Dangerous tool detected: ${block.name} — ${dangerLabel}`);
-            // Store state and pause for user confirmation
-            this._pendingConfirmation.set(chatId, {
-              block,
-              context: { config: this.config, user },
-              toolResults,
-              remainingBlocks: toolUseBlocks.slice(i + 1),
-              messages,
-            });
-            return `⚠️ This action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
-          }
+          // Check if we need to pause (missing cred or dangerous action)
+          const pauseMsg = this._checkPause(
+            chatId,
+            block,
+            user,
+            toolResults,
+            toolUseBlocks.slice(i + 1),
+            messages,
+          );
+          if (pauseMsg) return pauseMsg;
           logger.info(`Tool call: ${block.name}`);
@@ -175,9 +240,4 @@ export class Agent {
     this.conversationManager.addMessage(chatId, 'assistant', depthWarning);
     return depthWarning;
   }
-  async _continueLoop(chatId, messages, user) {
-    const { max_tool_depth } = this.config.anthropic;
-    return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
-  }
 }

package/src/tools/git.js CHANGED Viewed

@@ -9,6 +9,24 @@ function getWorkspaceDir(config) {
   return dir;
 }
+function injectToken(url, config) {
+  const token = config.github?.token || process.env.GITHUB_TOKEN;
+  if (!token) return url;
+  // Inject token into HTTPS GitHub URLs for auth-free push/pull
+  try {
+    const parsed = new URL(url);
+    if (parsed.hostname === 'github.com' && parsed.protocol === 'https:') {
+      parsed.username = token;
+      parsed.password = 'x-oauth-basic';
+      return parsed.toString();
+    }
+  } catch {
+    // Not a parseable URL (e.g. org/repo shorthand before expansion)
+  }
+  return url;
+}
 export const definitions = [
   {
     name: 'git_clone',
@@ -88,12 +106,15 @@ export const handlers = {
       url = `https://github.com/${repo}.git`;
     }
+    // Inject GitHub token for authenticated clone (enables push later)
+    const authUrl = injectToken(url, context.config);
     const repoName = dest || repo.split('/').pop().replace('.git', '');
     const targetDir = join(workspaceDir, repoName);
     try {
       const git = simpleGit();
-      await git.clone(url, targetDir);
+      await git.clone(authUrl, targetDir);
       return { success: true, path: targetDir };
     } catch (err) {
       return { error: err.message };
@@ -127,10 +148,21 @@ export const handlers = {
     }
   },
-  git_push: async (params) => {
+  git_push: async (params, context) => {
     const { dir, force = false } = params;
     try {
       const git = simpleGit(dir);
+      // Ensure remote URL has auth token for push
+      const remotes = await git.getRemotes(true);
+      const origin = remotes.find((r) => r.name === 'origin');
+      if (origin) {
+        const authUrl = injectToken(origin.refs.push || origin.refs.fetch, context.config);
+        if (authUrl !== (origin.refs.push || origin.refs.fetch)) {
+          await git.remote(['set-url', 'origin', authUrl]);
+        }
+      }
       const branch = (await git.branchLocal()).current;
       const options = force ? ['--force'] : [];
       await git.push('origin', branch, options);

package/src/utils/config.js CHANGED Viewed

@@ -184,3 +184,59 @@ export async function loadConfigInteractive() {
   const config = loadConfig();
   return await promptForMissing(config);
 }
+/**
+ * Save a credential to ~/.kernelbot/.env and update the live config object.
+ * Called at runtime when a user provides a missing token via Telegram.
+ */
+export function saveCredential(config, envKey, value) {
+  const configDir = getConfigDir();
+  mkdirSync(configDir, { recursive: true });
+  const envPath = join(configDir, '.env');
+  let content = '';
+  if (existsSync(envPath)) {
+    content = readFileSync(envPath, 'utf-8').trimEnd() + '\n';
+  }
+  const regex = new RegExp(`^${envKey}=.*$`, 'm');
+  if (regex.test(content)) {
+    content = content.replace(regex, `${envKey}=${value}`);
+  } else {
+    content += `${envKey}=${value}\n`;
+  }
+  writeFileSync(envPath, content);
+  // Update live config
+  switch (envKey) {
+    case 'GITHUB_TOKEN':
+      if (!config.github) config.github = {};
+      config.github.token = value;
+      break;
+    case 'ANTHROPIC_API_KEY':
+      config.anthropic.api_key = value;
+      break;
+    case 'TELEGRAM_BOT_TOKEN':
+      config.telegram.bot_token = value;
+      break;
+  }
+  // Also set in process.env so tools pick it up
+  process.env[envKey] = value;
+}
+/**
+ * Check which credentials a tool needs and return the missing one, if any.
+ */
+export function getMissingCredential(toolName, config) {
+  const githubTools = ['github_create_pr', 'github_get_pr_diff', 'github_post_review', 'github_create_repo', 'github_list_prs', 'git_clone', 'git_push'];
+  if (githubTools.includes(toolName)) {
+    const token = config.github?.token || process.env.GITHUB_TOKEN;
+    if (!token) {
+      return { envKey: 'GITHUB_TOKEN', label: 'GitHub Personal Access Token' };
+    }
+  }
+  return null;
+}

package/src/utils/display.js CHANGED Viewed

@@ -14,6 +14,24 @@ const LOGO = `
 export function showLogo() {
   console.log(chalk.cyan(LOGO));
   console.log(chalk.dim('  AI Engineering Agent\n'));
+  console.log(
+    boxen(
+      chalk.yellow.bold('WARNING') +
+        chalk.yellow(
+          '\n\nKernelBot has full access to your operating system.\n' +
+            'It can execute commands, read/write files, manage processes,\n' +
+            'and interact with external services on your behalf.\n\n' +
+            'Only run this on machines you control.\n' +
+            'Set allowed_users in config.yaml to restrict access.',
+        ),
+      {
+        padding: 1,
+        borderStyle: 'round',
+        borderColor: 'yellow',
+      },
+    ),
+  );
+  console.log('');
 }
 export async function showStartupCheck(label, checkFn) {