kernelbot 1.0.6 → 1.0.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kernelbot",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "KernelBot — AI engineering agent with full OS control",
   "type": "module",
   "author": "Abdullah Al-Taheri <abdullah@altaheri.me>",

package/src/agent.js

@@ -2,6 +2,7 @@ import Anthropic from '@anthropic-ai/sdk';
 import { toolDefinitions, executeTool, checkConfirmation } from './tools/index.js';
 import { getSystemPrompt } from './prompts/system.js';
 import { getLogger } from './utils/logger.js';
+import { getMissingCredential, saveCredential } from './utils/config.js';
 
 export class Agent {
   constructor({ config, conversationManager }) {
@@ -9,69 +10,23 @@ export class Agent {
     this.conversationManager = conversationManager;
     this.client = new Anthropic({ apiKey: config.anthropic.api_key });
     this.systemPrompt = getSystemPrompt(config);
-    this._pendingConfirmation = new Map(); // chatId -> { block, context }
+    this._pending = new Map(); // chatId -> pending state
   }
 
   async processMessage(chatId, userMessage, user) {
     const logger = getLogger();
 
-    // Handle pending confirmation responses
-    const pending = this._pendingConfirmation.get(chatId);
+    // Handle pending responses (confirmation or credential)
+    const pending = this._pending.get(chatId);
     if (pending) {
-      this._pendingConfirmation.delete(chatId);
-      const lower = userMessage.toLowerCase().trim();
-
-      if (lower === 'yes' || lower === 'y' || lower === 'confirm') {
-        // User approved — execute the blocked tool and resume
-        logger.info(`User confirmed dangerous tool: ${pending.block.name}`);
-        const result = await executeTool(pending.block.name, pending.block.input, pending.context);
-
-        // Resume the agent loop with the tool result
-        pending.toolResults.push({
-          type: 'tool_result',
-          tool_use_id: pending.block.id,
-          content: JSON.stringify(result),
-        });
-
-        // Process remaining blocks if any
-        for (const block of pending.remainingBlocks) {
-          if (block.type !== 'tool_use') continue;
-
-          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
-          if (dangerLabel) {
-            // Another dangerous tool — ask again
-            this._pendingConfirmation.set(chatId, {
-              block,
-              context: pending.context,
-              toolResults: pending.toolResults,
-              remainingBlocks: pending.remainingBlocks.filter((b) => b !== block),
-              messages: pending.messages,
-            });
-            return `⚠️ Next action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
-          }
+      this._pending.delete(chatId);
 
-          logger.info(`Tool call: ${block.name}`);
-          const r = await executeTool(block.name, block.input, pending.context);
-          pending.toolResults.push({
-            type: 'tool_result',
-            tool_use_id: block.id,
-            content: JSON.stringify(r),
-          });
-        }
+      if (pending.type === 'credential') {
+        return await this._handleCredentialResponse(chatId, userMessage, user, pending);
+      }
 
-        // Continue the agent loop
-        pending.messages.push({ role: 'user', content: pending.toolResults });
-        return await this._continueLoop(chatId, pending.messages, user);
-      } else {
-        // User denied
-        logger.info(`User denied dangerous tool: ${pending.block.name}`);
-        pending.toolResults.push({
-          type: 'tool_result',
-          tool_use_id: pending.block.id,
-          content: JSON.stringify({ error: 'User denied this operation.' }),
-        });
-        pending.messages.push({ role: 'user', content: pending.toolResults });
-        return await this._continueLoop(chatId, pending.messages, user);
+      if (pending.type === 'confirmation') {
+        return await this._handleConfirmationResponse(chatId, userMessage, user, pending);
       }
     }
 
@@ -86,6 +41,122 @@ export class Agent {
     return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
   }
 
+  async _handleCredentialResponse(chatId, userMessage, user, pending) {
+    const logger = getLogger();
+    const value = userMessage.trim();
+
+    if (value.toLowerCase() === 'skip' || value.toLowerCase() === 'cancel') {
+      logger.info(`User skipped credential: ${pending.credential.envKey}`);
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify({ error: `${pending.credential.label} not provided. Operation skipped.` }),
+      });
+      return await this._resumeAfterPause(chatId, user, pending);
+    }
+
+    // Save the credential
+    saveCredential(this.config, pending.credential.envKey, value);
+    logger.info(`Saved credential: ${pending.credential.envKey}`);
+
+    // Now execute the original tool
+    const result = await executeTool(pending.block.name, pending.block.input, {
+      config: this.config,
+      user,
+    });
+
+    pending.toolResults.push({
+      type: 'tool_result',
+      tool_use_id: pending.block.id,
+      content: JSON.stringify(result),
+    });
+
+    return await this._resumeAfterPause(chatId, user, pending);
+  }
+
+  async _handleConfirmationResponse(chatId, userMessage, user, pending) {
+    const logger = getLogger();
+    const lower = userMessage.toLowerCase().trim();
+
+    if (lower === 'yes' || lower === 'y' || lower === 'confirm') {
+      logger.info(`User confirmed dangerous tool: ${pending.block.name}`);
+      const result = await executeTool(pending.block.name, pending.block.input, pending.context);
+
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify(result),
+      });
+    } else {
+      logger.info(`User denied dangerous tool: ${pending.block.name}`);
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: pending.block.id,
+        content: JSON.stringify({ error: 'User denied this operation.' }),
+      });
+    }
+
+    return await this._resumeAfterPause(chatId, user, pending);
+  }
+
+  async _resumeAfterPause(chatId, user, pending) {
+    // Process remaining blocks
+    for (const block of pending.remainingBlocks) {
+      if (block.type !== 'tool_use') continue;
+
+      const pauseMsg = await this._checkPause(chatId, block, user, pending.toolResults, pending.remainingBlocks.filter((b) => b !== block), pending.messages);
+      if (pauseMsg) return pauseMsg;
+
+      const r = await executeTool(block.name, block.input, { config: this.config, user });
+      pending.toolResults.push({
+        type: 'tool_result',
+        tool_use_id: block.id,
+        content: JSON.stringify(r),
+      });
+    }
+
+    pending.messages.push({ role: 'user', content: pending.toolResults });
+    const { max_tool_depth } = this.config.anthropic;
+    return await this._runLoop(chatId, pending.messages, user, 0, max_tool_depth);
+  }
+
+  _checkPause(chatId, block, user, toolResults, remainingBlocks, messages) {
+    const logger = getLogger();
+
+    // Check missing credentials first
+    const missing = getMissingCredential(block.name, this.config);
+    if (missing) {
+      logger.warn(`Missing credential for ${block.name}: ${missing.envKey}`);
+      this._pending.set(chatId, {
+        type: 'credential',
+        block,
+        credential: missing,
+        context: { config: this.config, user },
+        toolResults,
+        remainingBlocks,
+        messages,
+      });
+      return `🔑 **${missing.label}** is required for this action.\n\nPlease send your token now (it will be saved to \`~/.kernelbot/.env\`).\n\nOr reply **skip** to cancel.`;
+    }
+
+    // Check dangerous operation confirmation
+    const dangerLabel = checkConfirmation(block.name, block.input, this.config);
+    if (dangerLabel) {
+      logger.warn(`Dangerous tool detected: ${block.name} — ${dangerLabel}`);
+      this._pending.set(chatId, {
+        type: 'confirmation',
+        block,
+        context: { config: this.config, user },
+        toolResults,
+        remainingBlocks,
+        messages,
+      });
+      return `⚠️ This action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
+    }
+
+    return null;
+  }
+
   async _runLoop(chatId, messages, user, startDepth, maxDepth) {
     const logger = getLogger();
     const { model, max_tokens, temperature } = this.config.anthropic;
@@ -121,22 +192,16 @@ export class Agent {
         for (let i = 0; i < toolUseBlocks.length; i++) {
           const block = toolUseBlocks[i];
 
-          // Check if this tool requires confirmation
-          const dangerLabel = checkConfirmation(block.name, block.input, this.config);
-          if (dangerLabel) {
-            logger.warn(`Dangerous tool detected: ${block.name} — ${dangerLabel}`);
-
-            // Store state and pause for user confirmation
-            this._pendingConfirmation.set(chatId, {
-              block,
-              context: { config: this.config, user },
-              toolResults,
-              remainingBlocks: toolUseBlocks.slice(i + 1),
-              messages,
-            });
-
-            return `⚠️ This action will **${dangerLabel}**.\n\n\`${block.name}\`: \`${JSON.stringify(block.input)}\`\n\nConfirm? (yes/no)`;
-          }
+          // Check if we need to pause (missing cred or dangerous action)
+          const pauseMsg = this._checkPause(
+            chatId,
+            block,
+            user,
+            toolResults,
+            toolUseBlocks.slice(i + 1),
+            messages,
+          );
+          if (pauseMsg) return pauseMsg;
 
           logger.info(`Tool call: ${block.name}`);
 
@@ -175,9 +240,4 @@ export class Agent {
     this.conversationManager.addMessage(chatId, 'assistant', depthWarning);
     return depthWarning;
   }
-
-  async _continueLoop(chatId, messages, user) {
-    const { max_tool_depth } = this.config.anthropic;
-    return await this._runLoop(chatId, messages, user, 0, max_tool_depth);
-  }
 }

package/src/tools/git.js

@@ -9,6 +9,24 @@ function getWorkspaceDir(config) {
   return dir;
 }
 
+function injectToken(url, config) {
+  const token = config.github?.token || process.env.GITHUB_TOKEN;
+  if (!token) return url;
+
+  // Inject token into HTTPS GitHub URLs for auth-free push/pull
+  try {
+    const parsed = new URL(url);
+    if (parsed.hostname === 'github.com' && parsed.protocol === 'https:') {
+      parsed.username = token;
+      parsed.password = 'x-oauth-basic';
+      return parsed.toString();
+    }
+  } catch {
+    // Not a parseable URL (e.g. org/repo shorthand before expansion)
+  }
+  return url;
+}
+
 export const definitions = [
   {
     name: 'git_clone',
@@ -88,12 +106,15 @@ export const handlers = {
       url = `https://github.com/${repo}.git`;
     }
 
+    // Inject GitHub token for authenticated clone (enables push later)
+    const authUrl = injectToken(url, context.config);
+
     const repoName = dest || repo.split('/').pop().replace('.git', '');
     const targetDir = join(workspaceDir, repoName);
 
     try {
       const git = simpleGit();
-      await git.clone(url, targetDir);
+      await git.clone(authUrl, targetDir);
       return { success: true, path: targetDir };
     } catch (err) {
       return { error: err.message };
@@ -127,10 +148,21 @@ export const handlers = {
     }
   },
 
-  git_push: async (params) => {
+  git_push: async (params, context) => {
     const { dir, force = false } = params;
     try {
       const git = simpleGit(dir);
+
+      // Ensure remote URL has auth token for push
+      const remotes = await git.getRemotes(true);
+      const origin = remotes.find((r) => r.name === 'origin');
+      if (origin) {
+        const authUrl = injectToken(origin.refs.push || origin.refs.fetch, context.config);
+        if (authUrl !== (origin.refs.push || origin.refs.fetch)) {
+          await git.remote(['set-url', 'origin', authUrl]);
+        }
+      }
+
       const branch = (await git.branchLocal()).current;
       const options = force ? ['--force'] : [];
       await git.push('origin', branch, options);

package/src/utils/config.js

@@ -184,3 +184,59 @@ export async function loadConfigInteractive() {
   const config = loadConfig();
   return await promptForMissing(config);
 }
+
+/**
+ * Save a credential to ~/.kernelbot/.env and update the live config object.
+ * Called at runtime when a user provides a missing token via Telegram.
+ */
+export function saveCredential(config, envKey, value) {
+  const configDir = getConfigDir();
+  mkdirSync(configDir, { recursive: true });
+  const envPath = join(configDir, '.env');
+
+  let content = '';
+  if (existsSync(envPath)) {
+    content = readFileSync(envPath, 'utf-8').trimEnd() + '\n';
+  }
+
+  const regex = new RegExp(`^${envKey}=.*$`, 'm');
+  if (regex.test(content)) {
+    content = content.replace(regex, `${envKey}=${value}`);
+  } else {
+    content += `${envKey}=${value}\n`;
+  }
+  writeFileSync(envPath, content);
+
+  // Update live config
+  switch (envKey) {
+    case 'GITHUB_TOKEN':
+      if (!config.github) config.github = {};
+      config.github.token = value;
+      break;
+    case 'ANTHROPIC_API_KEY':
+      config.anthropic.api_key = value;
+      break;
+    case 'TELEGRAM_BOT_TOKEN':
+      config.telegram.bot_token = value;
+      break;
+  }
+
+  // Also set in process.env so tools pick it up
+  process.env[envKey] = value;
+}
+
+/**
+ * Check which credentials a tool needs and return the missing one, if any.
+ */
+export function getMissingCredential(toolName, config) {
+  const githubTools = ['github_create_pr', 'github_get_pr_diff', 'github_post_review', 'github_create_repo', 'github_list_prs', 'git_clone', 'git_push'];
+
+  if (githubTools.includes(toolName)) {
+    const token = config.github?.token || process.env.GITHUB_TOKEN;
+    if (!token) {
+      return { envKey: 'GITHUB_TOKEN', label: 'GitHub Personal Access Token' };
+    }
+  }
+
+  return null;
+}