nothumanallowed 10.6.0 → 10.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "10.6.0",
+  "version": "10.7.0",
   "description": "NotHumanAllowed — 38 AI agents, 53 tools. Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, GitHub, Notion, Slack, voice chat, 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/collab.mjs

@@ -92,6 +92,19 @@ function decrypt(ciphertextB64, nonceB64, key) {
   return decipher.update(encrypted) + decipher.final('utf-8');
 }
 
+/**
+ * Derive channel encryption key from channel ID + secret.
+ * The secret is part of the invite code and NEVER sent to the server.
+ * Without the secret, the server cannot decrypt messages.
+ */
+function deriveChannelKey(channelId, secret) {
+  return crypto.createHash('sha256')
+    .update('alexandria-e2e-key-v2')
+    .update(channelId)
+    .update(secret || '') // legacy channels without secret use empty string
+    .digest();
+}
+
 // ── Identity Management ───────────────────────────────────────────────────
 
 function loadIdentity() {
@@ -171,23 +184,30 @@ async function cmdCreate(args) {
   const name = args.join(' ') || 'Unnamed Channel';
   const identity = getOrCreateIdentity();
 
-  // Encrypt channel name with a key derived from the channel (will be re-encrypted with shared key)
+  // Generate a channel secret — this NEVER goes to the server
+  // The invite code is channelId:secret — only people with the invite can decrypt
+  const channelSecret = crypto.randomBytes(16).toString('hex');
+
   const result = await apiPost('/channels', {
-    name: name, // Sent in plaintext for now — will be encrypted once shared key exists
+    name: name,
     creatorFingerprint: identity.fingerprint,
     creatorPublicKey: identity.publicKey,
     creatorDisplayName: identity.displayName,
-    ttlHours: 0, // permanent until deleted
+    ttlHours: 0,
     maxMessages: 5000,
   });
 
   if (result.error) { fail(result.error); return; }
 
-  // Save channel locally
+  // The invite code includes the secret — server only knows the ID, not the secret
+  const inviteCode = `${result.id}:${channelSecret}`;
+
+  // Save channel locally WITH the secret
   const channels = loadChannels();
   channels.forEach(c => c.active = false);
   channels.push({
     id: result.id,
+    secret: channelSecret, // stored locally, NEVER sent to server
     name,
     createdAt: result.createdAt,
     active: true,
@@ -198,10 +218,11 @@ async function cmdCreate(args) {
   console.log('');
   ok(`Channel created: ${name}`);
   console.log('');
-  console.log(`  ${BOLD}Invite Code:${NC}  ${G}${result.id}${NC}`);
+  console.log(`  ${BOLD}Invite Code:${NC}  ${G}${inviteCode}${NC}`);
   console.log('');
   console.log(`  ${D}Share this code securely with collaborators.${NC}`);
-  console.log(`  ${D}They join with: ${C}nha collab join ${result.id}${NC}`);
+  console.log(`  ${D}They join with: ${C}nha collab join ${inviteCode}${NC}`);
+  console.log(`  ${R}The server CANNOT read your messages — the secret stays with you.${NC}`);
   console.log('');
 }
 
@@ -209,17 +230,22 @@ async function cmdJoin(args) {
   const inviteCode = args[0];
   if (!inviteCode) { fail('Usage: nha collab join <invite-code>'); return; }
 
+  // Parse invite code: channelId:secret or just channelId (legacy)
+  const parts = inviteCode.split(':');
+  const channelId = parts[0];
+  const channelSecret = parts[1] || ''; // empty = legacy channel (less secure)
+
   const identity = getOrCreateIdentity();
 
   // Check if already joined
   const channels = loadChannels();
-  if (channels.find(c => c.id === inviteCode)) {
-    setActiveChannel(inviteCode);
+  if (channels.find(c => c.id === channelId)) {
+    setActiveChannel(channelId);
     ok(`Already a member. Switched to this channel.`);
     return;
   }
 
-  const result = await apiPost(`/channels/${inviteCode}/join`, {
+  const result = await apiPost(`/channels/${channelId}/join`, {
     fingerprint: identity.fingerprint,
     publicKey: identity.publicKey,
     displayName: identity.displayName,
@@ -228,11 +254,12 @@ async function cmdJoin(args) {
   if (result.error) { fail(result.error); return; }
 
   // Get channel info
-  const chInfo = await apiGet(`/channels/${inviteCode}`);
+  const chInfo = await apiGet(`/channels/${channelId}`);
 
   channels.forEach(c => c.active = false);
   channels.push({
-    id: inviteCode,
+    id: channelId,
+    secret: channelSecret, // stored locally, never sent to server
     name: chInfo.name || 'Unknown',
     createdAt: chInfo.createdAt,
     active: true,
@@ -240,7 +267,12 @@ async function cmdJoin(args) {
   });
   saveChannels(channels);
 
-  ok(`Joined channel: ${chInfo.name || inviteCode} (${result.members} members)`);
+  ok(`Joined channel: ${chInfo.name || channelId} (${result.members} members)`);
+  if (channelSecret) {
+    info('E2E encryption active — server cannot read your messages.');
+  } else {
+    warn('Legacy invite code (no secret). Messages use channel-ID-based key.');
+  }
 }
 
 async function cmdSend(args) {
@@ -255,22 +287,9 @@ async function cmdSend(args) {
   const chInfo = await apiGet(`/channels/${channel.id}`);
   if (chInfo.error) { fail(chInfo.error); return; }
 
-  // Channel-wide shared key: derived from channel ID + member's private key salt
-  // All members who know the channel ID can derive the same key
-  // This is the "invite code IS the key" model — simple, secure for the use case
-  const sharedKey = crypto.createHash('sha256')
-    .update(channel.id)
-    .update('alexandria-e2e-v1')
-    .update(Buffer.from(identity.privateKey, 'base64').subarray(0, 16)) // salt with private key fragment for uniqueness
-    .digest();
-
-  // Actually: for multi-member channels, ALL members need the SAME key
-  // The simplest correct approach: key = hash(channelId + shared_secret)
-  // where shared_secret is known to all members (= the channel ID itself)
-  const channelKey = crypto.createHash('sha256')
-    .update('alexandria-channel-key-v1')
-    .update(channel.id)
-    .digest();
+  // Channel key: derived from channel ID + secret (secret NEVER sent to server)
+  // Only people with the invite code (id:secret) can derive this key
+  const channelKey = deriveChannelKey(channel.id, channel.secret);
 
   const { nonce, ciphertext } = encrypt(message, channelKey);
 
@@ -300,11 +319,8 @@ async function cmdRead(args) {
     return;
   }
 
-  // Derive channel key — same for all members who know the channel ID
-  const channelKey = crypto.createHash('sha256')
-    .update('alexandria-channel-key-v1')
-    .update(channel.id)
-    .digest();
+  // Derive channel key from ID + secret
+  const channelKey = deriveChannelKey(channel.id, channel.secret);
 
   console.log(`\n  ${BOLD}${channel.name}${NC} ${D}(${result.messages.length} messages)${NC}\n`);
 

package/src/commands/ui.mjs

@@ -355,8 +355,11 @@ export async function cmdUI(args) {
           if (!chId) { sendJSON(res, 400, { error: 'channelId required' }); return; }
           const r = await fetch(ALEX_API + '/channels/' + chId + '/messages?fp=' + identity.fingerprint);
           const data = await r.json();
-          // Decrypt messages client-side using channel key
-          const channelKey = crypto.createHash('sha256').update('alexandria-channel-key-v1').update(chId).digest();
+          // Decrypt using channel key (ID + secret from local file)
+          const chFile2 = path.join(collabDir, 'channels.json');
+          let chSecret = '';
+          try { const chs = JSON.parse(fs.readFileSync(chFile2, 'utf-8')); const found = chs.find(c => c.id === chId); chSecret = found?.secret || ''; } catch {}
+          const channelKey = crypto.createHash('sha256').update('alexandria-e2e-key-v2').update(chId).update(chSecret).digest();
           if (data.messages) {
             for (const msg of data.messages) {
               if (msg.type === 'system' || !msg.ciphertext || !msg.nonce) continue;
@@ -383,8 +386,10 @@ export async function cmdUI(args) {
 
         if (collabAction === 'send' && method === 'POST') {
           const body = await parseBody(req);
-          // Encrypt with the same channel key used by CLI
-          const channelKey = crypto.createHash('sha256').update('alexandria-channel-key-v1').update(body.channelId).digest();
+          // Encrypt with channel key (ID + secret)
+          let sendSecret = '';
+          try { const chs3 = JSON.parse(fs.readFileSync(path.join(collabDir, 'channels.json'), 'utf-8')); sendSecret = chs3.find(c => c.id === body.channelId)?.secret || ''; } catch {}
+          const channelKey = crypto.createHash('sha256').update('alexandria-e2e-key-v2').update(body.channelId).update(sendSecret).digest();
           const nonce = crypto.randomBytes(12);
           const cipher = crypto.createCipheriv('aes-256-gcm', channelKey, nonce);
           const encrypted = Buffer.concat([cipher.update(body.message, 'utf-8'), cipher.final()]);
@@ -2114,8 +2119,10 @@ export async function cmdUI(args) {
           try {
             const msg = JSON.parse(data.toString());
             if (msg.type === 'new_message' && msg.message) {
-              // Decrypt the message
-              const channelKey = crypto.createHash('sha256').update('alexandria-channel-key-v1').update(channelId).digest();
+              // Decrypt using channel key with secret
+              let wsSecret = '';
+              try { const chs4 = JSON.parse(fs.readFileSync(path.join(collabDir, 'channels.json'), 'utf-8')); wsSecret = chs4.find(c => c.id === channelId)?.secret || ''; } catch {}
+              const channelKey = crypto.createHash('sha256').update('alexandria-e2e-key-v2').update(channelId).update(wsSecret).digest();
               let content = '[encrypted]';
               try {
                 const nonce = Buffer.from(msg.message.nonce, 'base64');

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '10.6.0';
+export const VERSION = '10.7.0';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/web-ui.mjs

@@ -1744,16 +1744,22 @@ function collabSelect(id){
 
 function collabLoadMessages(){
   if(!collabActiveChannel)return;
-  // Reset unread when viewing
   collabUnreadCount=0;
   updateCollabBadge();
   apiGet('/api/collab/messages?channelId='+collabActiveChannel).then(function(r){
+    if(r&&r.error){
+      var el=document.getElementById('collabMessages');
+      if(el)el.innerHTML='<div style="text-align:center;color:var(--red);padding:20px;font-size:11px">'+esc(r.error)+'<br><span style="color:var(--dim);font-size:10px">This channel may have expired or the server was restarted.</span></div>';
+      return;
+    }
     if(!r||!r.messages)return;
     collabMessages=r.messages;
-    // Update last count for this channel
     var ch=collabChannels.find(function(c){return c.id===collabActiveChannel});
     if(ch)ch._lastCount=r.messages.length;
     renderCollabMessages();
+  }).catch(function(e){
+    var el=document.getElementById('collabMessages');
+    if(el)el.innerHTML='<div style="text-align:center;color:var(--red);padding:20px;font-size:11px">Connection error</div>';
   });
 }
 
@@ -1761,13 +1767,9 @@ function collabSend(){
   var inp=document.getElementById('collabInput');if(!inp)return;
   var msg=inp.value.trim();if(!msg||!collabActiveChannel)return;
   inp.value='';
-  // Optimistic: show message immediately
-  collabMessages.push({senderName:'You',timestamp:new Date().toISOString(),content:msg,type:'text'});
-  renderCollabMessages();
   apiPost('/api/collab/send',{channelId:collabActiveChannel,message:msg}).then(function(r){
     if(r.error){alert(r.error);return;}
-    // Reload to get server timestamp
-    setTimeout(collabLoadMessages,500);
+    // Message will arrive via WebSocket — no need to reload
   });
 }