nothumanallowed 12.1.1 → 12.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "12.1.1",
+  "version": "12.1.2",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools. Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs

@@ -1683,6 +1683,28 @@ export async function cmdUI(args) {
             }
           }
 
+          // Auto-correct: if LLM called web_search but query looks like a domain, switch to browser_open
+          for (const a of actions) {
+            if (a.action === 'web_search' && a.params.query) {
+              const q = a.params.query.trim();
+              // Detect domain names: corriere.it, github.com, youtube.com, etc.
+              if (/^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(q) || /^(https?:\/\/)/.test(q)) {
+                a.action = 'browser_open';
+                a.params = { url: q.startsWith('http') ? q : 'https://' + q };
+              }
+            }
+          }
+
+          // Auto-correct: if user said "visita/vai su/apri/open" + domain but LLM used web_search
+          const visitMatch = msg.match(/(?:visita|vai su|apri|open|go to)\s+([a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
+          if (visitMatch && !actions.some(a => a.action === 'browser_open')) {
+            const domain = visitMatch[1];
+            // Remove any web_search that was targeting this domain
+            const wsIdx = actions.findIndex(a => a.action === 'web_search' && a.params.query?.toLowerCase().includes(domain.toLowerCase()));
+            if (wsIdx >= 0) actions.splice(wsIdx, 1);
+            actions.unshift({ action: 'browser_open', params: { url: 'https://' + domain } });
+          }
+
           for (const { action, params } of actions) {
             // Force screenshot=true on web_search if user asked for screenshot
             if (action === 'web_search' && wantsScreenshot && !params.screenshot) {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '12.1.1';
+export const VERSION = '12.1.2';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/tool-executor.mjs

@@ -445,8 +445,12 @@ TOOLS:
 
 RULES:
 - ABSOLUTE RULE: NEVER LIE. NEVER fabricate, invent, or guess information. If you do not know, say "I don't know." If a tool fails, say it failed. If you cannot see something, say so. Honesty is MORE important than being helpful.
-- CRITICAL: For web searches, ALWAYS use web_search — NEVER open Google/Bing/DuckDuckGo in the browser.
-- CRITICAL: For web searches ("search for X", "find X online", "look up X"), ALWAYS use web_search — NEVER open Google/Bing/DuckDuckGo in the browser. web_search is faster, more reliable, and doesn't get blocked by CAPTCHAs. Only use browser_open for interacting with specific websites (filling forms, clicking buttons, taking screenshots of specific pages).
+- CRITICAL ROUTING RULE — browser_open vs web_search:
+  * "visita X.com", "vai su X", "apri X.com", "open X", "go to X" → ALWAYS use browser_open("https://X.com"). The user wants to SEE a specific website.
+  * "cerca X", "search for X", "find X", "look up X" → ALWAYS use web_search. The user wants search results.
+  * If the user mentions a SPECIFIC domain name (corriere.it, github.com, youtube.com, etc.) → browser_open, NEVER web_search.
+  * NEVER open Google/Bing/DuckDuckGo in the browser — use web_search for searching.
+  * web_search is for QUERIES. browser_open is for URLS. If it looks like a website name, it's a URL.
 - For search/read operations, execute immediately and present results conversationally.
 - For write/send/delete operations (gmail_send, gmail_reply, gmail_delete, calendar_create, calendar_move, calendar_update, contact_delete, task_done, notify_remind, file_write), DESCRIBE what you're about to do and include the JSON block so the system can ask the user for confirmation.
 - For schedule_meeting and schedule_draft_email, execute immediately — these are read operations that suggest slots.