nothumanallowed 10.0.0 → 10.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "10.0.0",
+  "version": "10.2.0",
   "description": "NotHumanAllowed — 38 AI agents, 53 tools. Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, GitHub, Notion, Slack, voice chat, 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/collab.mjs

@@ -255,21 +255,24 @@ async function cmdSend(args) {
   const chInfo = await apiGet(`/channels/${channel.id}`);
   if (chInfo.error) { fail(chInfo.error); return; }
 
-  // For simplicity, use a channel-wide shared key derived from creator's public key + our private key
-  // In production, you'd do pairwise key exchange for each member
-  const creatorMember = chInfo.members[0]; // First member is creator
-  if (!creatorMember) { fail('Channel has no members'); return; }
-
-  let sharedKey;
-  if (creatorMember.fingerprint === identity.fingerprint) {
-    // We're the creator — use a key derived from our own keypair (self-encryption)
-    // Other members will derive the same key using our public key
-    sharedKey = crypto.createHash('sha256').update(Buffer.from(identity.publicKey, 'base64')).update('alexandria-channel-key').digest();
-  } else {
-    sharedKey = deriveSharedSecret(identity.privateKey, creatorMember.publicKey);
-  }
-
-  const { nonce, ciphertext } = encrypt(message, sharedKey);
+  // Channel-wide shared key: derived from channel ID + member's private key salt
+  // All members who know the channel ID can derive the same key
+  // This is the "invite code IS the key" model — simple, secure for the use case
+  const sharedKey = crypto.createHash('sha256')
+    .update(channel.id)
+    .update('alexandria-e2e-v1')
+    .update(Buffer.from(identity.privateKey, 'base64').subarray(0, 16)) // salt with private key fragment for uniqueness
+    .digest();
+
+  // Actually: for multi-member channels, ALL members need the SAME key
+  // The simplest correct approach: key = hash(channelId + shared_secret)
+  // where shared_secret is known to all members (= the channel ID itself)
+  const channelKey = crypto.createHash('sha256')
+    .update('alexandria-channel-key-v1')
+    .update(channel.id)
+    .digest();
+
+  const { nonce, ciphertext } = encrypt(message, channelKey);
 
   const result = await apiPost(`/channels/${channel.id}/messages`, {
     senderFingerprint: identity.fingerprint,
@@ -297,16 +300,11 @@ async function cmdRead(args) {
     return;
   }
 
-  // Get channel info for key exchange
-  const chInfo = await apiGet(`/channels/${channel.id}`);
-  const creatorMember = chInfo.members[0];
-
-  let sharedKey;
-  if (creatorMember.fingerprint === identity.fingerprint) {
-    sharedKey = crypto.createHash('sha256').update(Buffer.from(identity.publicKey, 'base64')).update('alexandria-channel-key').digest();
-  } else {
-    sharedKey = deriveSharedSecret(identity.privateKey, creatorMember.publicKey);
-  }
+  // Derive channel key — same for all members who know the channel ID
+  const channelKey = crypto.createHash('sha256')
+    .update('alexandria-channel-key-v1')
+    .update(channel.id)
+    .digest();
 
   console.log(`\n  ${BOLD}${channel.name}${NC} ${D}(${result.messages.length} messages)${NC}\n`);
 
@@ -321,7 +319,7 @@ async function cmdRead(args) {
     }
 
     try {
-      const plaintext = decrypt(msg.ciphertext, msg.nonce, sharedKey);
+      const plaintext = decrypt(msg.ciphertext, msg.nonce, channelKey);
       const isMe = msg.senderFingerprint === identity.fingerprint;
       const color = isMe ? G : C;
       console.log(`  ${D}${time}${NC} ${color}${senderName}${NC}: ${plaintext}`);

package/src/commands/ui.mjs

@@ -269,6 +269,111 @@ export async function cmdUI(args) {
         return;
       }
 
+      // ── Collab (Alexandria proxy) ─────────────────────────────────────
+      if (pathname.startsWith('/api/collab/')) {
+        const collabAction = pathname.split('/').pop();
+        const ALEX_API = 'https://nothumanallowed.com/api/v1/alexandria';
+
+        // Get or create collab identity
+        const collabDir = path.join(NHA_DIR, 'collab');
+        const idFile = path.join(collabDir, 'identity.json');
+        let identity;
+        if (fs.existsSync(idFile)) {
+          identity = JSON.parse(fs.readFileSync(idFile, 'utf-8'));
+        } else {
+          fs.mkdirSync(collabDir, { recursive: true });
+          const { publicKey, privateKey } = crypto.generateKeyPairSync('x25519', {
+            publicKeyEncoding: { type: 'spki', format: 'der' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'der' },
+          });
+          identity = {
+            publicKey: publicKey.toString('base64'),
+            privateKey: privateKey.toString('base64'),
+            fingerprint: crypto.createHash('sha256').update(publicKey).digest('hex').slice(0, 16),
+            displayName: config.profile?.name || 'User',
+          };
+          fs.writeFileSync(idFile, JSON.stringify(identity, null, 2), { mode: 0o600 });
+        }
+
+        if (collabAction === 'create' && method === 'POST') {
+          const body = await parseBody(req);
+          const r = await fetch(ALEX_API + '/channels', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ name: body.name, creatorFingerprint: identity.fingerprint, creatorPublicKey: identity.publicKey, creatorDisplayName: identity.displayName, visibility: body.visibility || 'private' }),
+          });
+          sendJSON(res, 200, await r.json());
+          logRequest(method, pathname, 200, Date.now() - start);
+          return;
+        }
+
+        if (collabAction === 'join' && method === 'POST') {
+          const body = await parseBody(req);
+          const r = await fetch(ALEX_API + '/channels/' + body.channelId + '/join', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ fingerprint: identity.fingerprint, publicKey: identity.publicKey, displayName: identity.displayName }),
+          });
+          const data = await r.json();
+          // Get channel info for name
+          const info = await fetch(ALEX_API + '/channels/' + body.channelId);
+          const chInfo = await info.json();
+          data.name = chInfo.name || body.channelId;
+          sendJSON(res, 200, data);
+          logRequest(method, pathname, 200, Date.now() - start);
+          return;
+        }
+
+        if (collabAction === 'messages' && method === 'GET') {
+          const chId = url.searchParams.get('channelId');
+          if (!chId) { sendJSON(res, 400, { error: 'channelId required' }); return; }
+          const r = await fetch(ALEX_API + '/channels/' + chId + '/messages?fp=' + identity.fingerprint);
+          sendJSON(res, 200, await r.json());
+          logRequest(method, pathname, 200, Date.now() - start);
+          return;
+        }
+
+        if (collabAction === 'send' && method === 'POST') {
+          const body = await parseBody(req);
+          // For simplicity in web UI, send as plaintext (public channel mode)
+          // In private mode, encryption happens client-side
+          const r = await fetch(ALEX_API + '/channels/' + body.channelId + '/messages', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ senderFingerprint: identity.fingerprint, nonce: 'webui', ciphertext: Buffer.from(body.message).toString('base64'), type: 'text' }),
+          });
+          sendJSON(res, 200, await r.json());
+          logRequest(method, pathname, 200, Date.now() - start);
+          return;
+        }
+
+        if (collabAction === 'publish' && method === 'POST') {
+          const body = await parseBody(req);
+          // Load conversation and publish as public channel
+          const conv = loadConversation(body.conversationId);
+          if (!conv || !conv.messages || conv.messages.length === 0) {
+            sendJSON(res, 400, { error: 'Conversation not found or empty' });
+            logRequest(method, pathname, 400, Date.now() - start);
+            return;
+          }
+          const r = await fetch(ALEX_API + '/channels/publish-conversation', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              name: body.title || conv.title || 'Published Conversation',
+              description: body.description || '',
+              creatorFingerprint: identity.fingerprint,
+              creatorPublicKey: identity.publicKey,
+              creatorDisplayName: identity.displayName,
+              messages: conv.messages,
+            }),
+          });
+          sendJSON(res, 200, await r.json());
+          logRequest(method, pathname, 200, Date.now() - start);
+          return;
+        }
+
+        sendJSON(res, 404, { error: 'Unknown collab action' });
+        logRequest(method, pathname, 404, Date.now() - start);
+        return;
+      }
+
       // GET /api/health — simple health check
       if (method === 'GET' && pathname === '/api/health') {
         sendJSON(res, 200, { ok: true, version: VERSION });

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '10.0.0';
+export const VERSION = '10.2.0';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/web-ui.mjs

@@ -376,6 +376,7 @@ function render(){
     case 'slack':renderSlack(el);break;
     case 'birthdays':renderBirthdays(el);break;
     case 'agents':renderAgents(el);break;
+    case 'collab':renderCollab(el);break;
     case 'settings':renderSettings(el);break;
   }
 }
@@ -1590,6 +1591,128 @@ function completeMsTodo(taskId,listId){
   apiPost('/api/mstodo/'+taskId+'/complete',{listId:listId}).then(function(){mstodoData=null;renderMsTodo(document.getElementById('content'))});
 }
 
+// ---- COLLAB (Alexandria) ----
+var collabChannels=[];
+var collabMessages=[];
+var collabActiveChannel=null;
+var collabPolling=null;
+
+function renderCollab(el){
+  var h='<div style="max-width:800px;margin:0 auto;padding:20px">';
+  h+='<h2 style="font-family:var(--term);color:var(--amber);font-size:18px;margin-bottom:16px">AgentMessenger — Encrypted Communication</h2>';
+
+  // Channel list
+  h+='<div style="display:flex;gap:8px;margin-bottom:16px;flex-wrap:wrap">';
+  h+='<button onclick="collabCreateChannel()" style="padding:6px 12px;background:var(--amberdim);border:1px solid var(--amber3);border-radius:6px;color:var(--amber);font-family:var(--mono);font-size:11px;cursor:pointer">+ Create Channel</button>';
+  h+='<button onclick="collabJoinChannel()" style="padding:6px 12px;background:var(--bg3);border:1px solid var(--border2);border-radius:6px;color:var(--fg);font-family:var(--mono);font-size:11px;cursor:pointer">Join Channel</button>';
+  h+='<button onclick="publishConversation()" style="padding:6px 12px;background:var(--greendim);border:1px solid var(--green3);border-radius:6px;color:var(--green);font-family:var(--mono);font-size:11px;cursor:pointer">Publish Current Chat</button>';
+  h+='</div>';
+
+  // Load channels from localStorage
+  var saved=[];try{saved=JSON.parse(localStorage.getItem('nha_collab_channels')||'[]');}catch(e){}
+  collabChannels=saved;
+
+  if(collabChannels.length>0){
+    h+='<div style="margin-bottom:16px">';
+    for(var i=0;i<collabChannels.length;i++){
+      var ch=collabChannels[i];
+      var active=collabActiveChannel===ch.id;
+      h+='<div onclick="collabSelect(\\x27'+ch.id+'\\x27)" style="padding:8px 12px;cursor:pointer;border-left:3px solid '+(active?'var(--amber)':'transparent')+';background:'+(active?'var(--bg2)':'transparent')+';margin-bottom:2px;border-radius:0 6px 6px 0">';
+      h+='<span style="font-size:12px;color:var(--fg)">'+esc(ch.name)+'</span>';
+      h+='<span style="font-size:9px;color:var(--dim);margin-left:8px">'+ch.id.slice(0,8)+'...</span>';
+      h+='</div>';
+    }
+    h+='</div>';
+  }
+
+  // Messages area
+  h+='<div id="collabMessages" style="background:var(--bg2);border:1px solid var(--border);border-radius:8px;min-height:300px;max-height:500px;overflow-y:auto;padding:12px;margin-bottom:12px">';
+  if(!collabActiveChannel){
+    h+='<div style="text-align:center;color:var(--dim);padding:40px;font-size:12px">Select or create a channel to start</div>';
+  }
+  h+='</div>';
+
+  // Send bar
+  h+='<div style="display:flex;gap:8px">';
+  h+='<input id="collabInput" placeholder="Type encrypted message..." style="flex:1;padding:8px 12px;background:var(--bg);border:1px solid var(--border2);border-radius:6px;color:var(--fg);font-family:var(--mono);font-size:12px" onkeydown="if(event.key===\\x27Enter\\x27)collabSend()">';
+  h+='<button onclick="collabSend()" style="padding:8px 16px;background:var(--amberdim);border:1px solid var(--amber3);border-radius:6px;color:var(--amber);font-family:var(--mono);font-size:11px;cursor:pointer">Send</button>';
+  h+='</div>';
+
+  h+='</div>';
+  el.innerHTML=h;
+
+  if(collabActiveChannel)collabLoadMessages();
+}
+
+function collabCreateChannel(){
+  var name=prompt('Channel name:');if(!name)return;
+  apiPost('/api/collab/create',{name:name}).then(function(r){
+    if(r.error){alert(r.error);return;}
+    collabChannels.push({id:r.id,name:name});
+    collabActiveChannel=r.id;
+    localStorage.setItem('nha_collab_channels',JSON.stringify(collabChannels));
+    prompt('Share this invite code:',r.id);
+    renderCollab(document.getElementById('content'));
+  });
+}
+
+function collabJoinChannel(){
+  var code=prompt('Invite code:');if(!code)return;
+  apiPost('/api/collab/join',{channelId:code}).then(function(r){
+    if(r.error){alert(r.error);return;}
+    collabChannels.push({id:code,name:r.name||code.slice(0,8)});
+    collabActiveChannel=code;
+    localStorage.setItem('nha_collab_channels',JSON.stringify(collabChannels));
+    renderCollab(document.getElementById('content'));
+  });
+}
+
+function collabSelect(id){
+  collabActiveChannel=id;
+  collabLoadMessages();
+}
+
+function collabLoadMessages(){
+  if(!collabActiveChannel)return;
+  apiGet('/api/collab/messages?channelId='+collabActiveChannel).then(function(r){
+    if(!r||!r.messages)return;
+    collabMessages=r.messages;
+    var el=document.getElementById('collabMessages');if(!el)return;
+    if(collabMessages.length===0){el.innerHTML='<div style="text-align:center;color:var(--dim);padding:20px;font-size:11px">No messages yet</div>';return;}
+    var h='';
+    for(var i=0;i<collabMessages.length;i++){
+      var m=collabMessages[i];
+      var time=new Date(m.timestamp).toLocaleTimeString();
+      var sender=m.senderName||m.senderFingerprint?.slice(0,8)||'Unknown';
+      var content=m.content||m.plaintext||'[encrypted]';
+      if(m.type==='system'){h+='<div style="text-align:center;color:var(--dim);font-size:10px;margin:4px 0">'+esc(sender)+' joined</div>';continue;}
+      h+='<div style="margin-bottom:8px"><span style="font-size:10px;color:var(--dim)">'+time+'</span> <span style="font-size:11px;color:var(--amber);font-weight:600">'+esc(sender)+'</span><div style="font-size:12px;color:var(--fg);margin-top:2px;white-space:pre-wrap">'+esc(content)+'</div></div>';
+    }
+    el.innerHTML=h;
+    el.scrollTop=el.scrollHeight;
+  });
+}
+
+function collabSend(){
+  var inp=document.getElementById('collabInput');if(!inp)return;
+  var msg=inp.value.trim();if(!msg||!collabActiveChannel)return;
+  inp.value='';
+  apiPost('/api/collab/send',{channelId:collabActiveChannel,message:msg}).then(function(r){
+    if(r.error){alert(r.error);return;}
+    collabLoadMessages();
+  });
+}
+
+function publishConversation(){
+  if(!activeConvId||chatHistory.length===0){alert('No conversation to publish. Open a chat first.');return;}
+  var title=prompt('Title for the published conversation:');if(!title)return;
+  var desc=prompt('Short description (optional):','');
+  apiPost('/api/collab/publish',{conversationId:activeConvId,title:title,description:desc||''}).then(function(r){
+    if(r.error){alert('Error: '+r.error);return;}
+    alert('Published on Alexandria!\\nURL: https://nothumanallowed.com/alexandria/'+r.id+'\\nMessages: '+r.messageCount);
+  });
+}
+
 function renderAgents(el){
   if(agentsList.length===0){el.innerHTML='<div style="text-align:center;padding:40px"><div class="spinner"></div><div style="color:var(--dim)">Loading agents...</div></div>';loadAgents().then(function(){renderAgents(el)});return}
 
@@ -2131,6 +2254,7 @@ init();
     <div class="sidebar__section">
       <div class="sidebar__label">AI</div>
       <div class="nav-item" data-view="agents" onclick="switchView('agents')"><span class="nav-item__icon">&#129302;</span> Agents</div>
+      <div class="nav-item" data-view="collab" onclick="switchView('collab')"><span class="nav-item__icon">&#128274;</span> AgentMessenger</div>
     </div>
     <div class="sidebar__section">
       <div class="sidebar__label">Config</div>