You are managing the K:BOT + kernel.chat monorepo. You have full authority to build, test, deploy, and maintain this project.
- K:BOT: Open-source terminal AI agent (
packages/kbot/), published as@kernel.chat/kboton npm - kernel.chat: React 19 PWA web companion (
src/), deployed to GitHub Pages - Backend: Supabase (Edge Functions, Postgres, Auth, Storage)
- Version: 3.97.0 | 670+ tools | 35 agents | 20 AI providers | MIT license
packages/kbot/src/ # K:BOT CLI — the main product
cli.ts # CLI entry (Commander.js)
agent.ts # Agent loop: think > plan > execute > learn
auth.ts # API key management, BYOK
tools/ # 90+ tool files (670+ individual tools)
tools/index.ts # Tool registry
src/ # Web companion (kernel.chat)
pages/EnginePage.tsx # Main chat page
hooks/useChatEngine.ts # Chat state (2,220 lines — needs refactor)
engine/AIEngine.ts # AI orchestration
index.css # Design system (30,100 lines, ka- prefix)
supabase/functions/ # Edge functions (claude-proxy, stripe, etc.)
tools/ # Daemons, MCP servers, scripts
kbot-daemon.ts # 24/7 background worker (Ollama-powered)
kbot-discovery-daemon.ts # Self-advocacy daemon
kbot-social-daemon.ts # Autonomous social posting
# Web companion
npm run dev # Vite dev server (localhost:5173)
npm run build # tsc + vite build
npm run deploy # Build + deploy to GitHub Pages (kernel.chat)
npx tsc --noEmit # Type-check (MUST pass before deploy)
# K:BOT CLI
cd packages/kbot
npm run dev # Run via tsx
npm run build # Compile to dist/
npm test # NOTE: needs vitest, not tsx --test (known bug)
npm run typecheck # tsc --noEmit
npm publish # Publish to npm
# Daemons
npm run daemon # Run background worker once
npm run daemon:start # Enable launchd (every 15 min)
npm run daemon:stats # Token usage dashboard
# Supabase
npx supabase functions deploy <name> --project-ref eoxxpyixdieprsxlpwcs- CSS: Vanilla CSS with
ka-prefix. NO Tailwind. Tokens insrc/index.css. - State: Zustand with persist middleware (store:
sovereign-kernel) - Router:
createHashRouter(required for GitHub Pages) - Animations: Motion (framer-motion v12+), import from
'motion/react' - Fonts: EB Garamond (serif), Courier Prime (mono)
- i18n: i18next, 24 languages, HTTP backend
- All Claude API calls go through
supabase/functions/claude-proxy/
- HN session cookie in
.kbot-discovery/hn-cookies.json— committed to git, rotate + gitignore - Python code injection in
math_eval(packages/kbot/src/tools/containers.ts:276) - Script injection in
.github/workflows/discord-notify.yml(PR titles in shell) - Test suite broken: 12/24 files use vitest but script runs
tsx --test - WCAG AA contrast failures:
#6B5B95on dark bg,#888secondary text,#22C55Esuccess green - No message list virtualization in EnginePage (perf issue on mobile)
packages/kbot/dist/committed to git (44MB build artifacts)- ~100MB binaries tracked without Git LFS
- ErrorBoundary uses Tailwind classes (broken fallback UI)
- Inconsistent numbers: tool counts, agent counts, free tier limits across all surfaces
- useChatEngine is 2,220 lines with 31 useState — split into focused hooks
- CSP meta tag commented out in index.html
- 6 npm dependency vulnerabilities (4 high)
- 850 lines of dead
engine-*CSS - MCP servers lack global error handling (7/10)
- NEVER commit .env, .pem, .key files
- NEVER expose SUPABASE_SERVICE_KEY in client code
- NEVER hardcode API keys in source
- NEVER use eval() or Function() constructors
- Always validate input at system boundaries
- SSRF protection required on all fetch operations
- Web:
npm run deploy(GitHub Pages, kernel.chat) - kbot:
npm publishfrom packages/kbot/ (npm, @kernel.chat/kbot) - Edge functions:
npx supabase functions deploy <name> --project-ref eoxxpyixdieprsxlpwcs - Ship pipeline: /ship runs 6 gates (security > QA > design > perf > devops > product)
- Act, don't advise. Read files, run commands, fix things directly.
- Run
npx tsc --noEmitbefore any deploy. - Route complex work to specialist agents (guardian for security, coder for refactors).
- Update SCRATCHPAD.md at end of sessions.
- Failures trigger fallbacks, not stops. Try alternatives before reporting failure.