nothumanallowed 12.1.1 → 12.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "12.1.1",
+  "version": "12.1.3",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools. Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs

@@ -10,6 +10,7 @@
 import http from 'http';
 import os from 'os';
 import crypto from 'crypto';
+import zlib from 'zlib';
 import { exec } from 'child_process';
 import fs from 'fs';
 import path from 'path';
@@ -59,6 +60,80 @@ import {
 
 const DEFAULT_PORT = 3847;
 
+/**
+ * Extract text from PDF buffer — zero dependencies.
+ * Handles text-based PDFs (not scanned images).
+ * Extracts text from PDF stream objects using basic PDF parsing.
+ */
+function extractTextFromPdf(buffer) {
+  try {
+    const raw = buffer.toString('latin1');
+    const texts = [];
+
+    // Extract text from BT...ET blocks (PDF text objects)
+    const btRegex = /BT[\s\S]*?ET/g;
+    let match;
+    while ((match = btRegex.exec(raw)) !== null) {
+      const block = match[0];
+      // Extract Tj (show string) and TJ (show array) operators
+      const tjRegex = /\(([^)]*)\)\s*Tj|\[([^\]]*)\]\s*TJ/g;
+      let tj;
+      while ((tj = tjRegex.exec(block)) !== null) {
+        if (tj[1]) texts.push(tj[1]);
+        if (tj[2]) {
+          // TJ array: extract strings from parenthesized elements
+          const arr = tj[2];
+          const strRegex = /\(([^)]*)\)/g;
+          let s;
+          while ((s = strRegex.exec(arr)) !== null) {
+            texts.push(s[1]);
+          }
+        }
+      }
+    }
+
+    // Also try to extract from FlateDecode streams (compressed text)
+    // This handles most modern PDFs
+    const streamRegex = /stream\r?\n([\s\S]*?)\r?\nendstream/g;
+    while ((match = streamRegex.exec(raw)) !== null) {
+      try {
+        const { inflateSync } = zlib;
+        const inflated = inflateSync(Buffer.from(match[1], 'latin1')).toString('latin1');
+        const btInner = /BT[\s\S]*?ET/g;
+        let m2;
+        while ((m2 = btInner.exec(inflated)) !== null) {
+          const block = m2[0];
+          const tjR = /\(([^)]*)\)\s*Tj|\[([^\]]*)\]\s*TJ/g;
+          let t;
+          while ((t = tjR.exec(block)) !== null) {
+            if (t[1]) texts.push(t[1]);
+            if (t[2]) {
+              const sr = /\(([^)]*)\)/g;
+              let ss;
+              while ((ss = sr.exec(t[2])) !== null) texts.push(ss[1]);
+            }
+          }
+        }
+      } catch { /* not a flate stream or decompression failed */ }
+    }
+
+    // Decode PDF escape sequences
+    let result = texts.join(' ')
+      .replace(/\\n/g, '\n')
+      .replace(/\\r/g, '\r')
+      .replace(/\\t/g, '\t')
+      .replace(/\\\(/g, '(')
+      .replace(/\\\)/g, ')')
+      .replace(/\\\\/g, '\\')
+      .replace(/\s+/g, ' ')
+      .trim();
+
+    return result;
+  } catch {
+    return '';
+  }
+}
+
 // ── Agent loader ──────────────────────────────────────────────────────────
 
 function loadAgentCards() {
@@ -1289,7 +1364,48 @@ export async function cmdUI(args) {
             const pdfPrompt = body.message || `Read and analyze this PDF document "${body.pdfName}". Extract all text content, summarize key information.`;
             let pdfResponse = '';
 
-            if (provider === 'anthropic') {
+            if (provider === 'nha') {
+              // NHA Free tier: extract text from PDF, then send to Liara chat
+              // Decode PDF base64 and extract text content
+              const pdfBuffer = Buffer.from(body.pdfBase64, 'base64');
+              const pdfText = extractTextFromPdf(pdfBuffer);
+              if (!pdfText || pdfText.length < 10) {
+                // Fallback: send first page as image to vision model
+                const r = await fetch('https://nothumanallowed.com/api/v1/liara/vision', {
+                  method: 'POST',
+                  headers: { 'Content-Type': 'application/json' },
+                  body: JSON.stringify({ image_base64: body.pdfBase64, prompt: pdfPrompt }),
+                });
+                if (r.ok) {
+                  const d = await r.json();
+                  pdfResponse = d.description || d.text || 'Could not extract content from this PDF.';
+                } else {
+                  pdfResponse = 'Could not read this PDF. Try a text-based PDF or use Claude/Gemini for scanned documents.';
+                }
+              } else {
+                // Send extracted text to Liara chat
+                const truncatedText = pdfText.slice(0, 12000);
+                const r = await fetch('https://nothumanallowed.com/api/v1/liara/chat', {
+                  method: 'POST',
+                  headers: { 'Content-Type': 'application/json' },
+                  body: JSON.stringify({
+                    model: 'nha-v1',
+                    messages: [
+                      { role: 'system', content: enrichedSystemPrompt },
+                      { role: 'user', content: `[PDF: ${body.pdfName}]\n\n${truncatedText}\n\n---\n\n${pdfPrompt}` },
+                    ],
+                    max_tokens: 4096,
+                    chat_template_kwargs: { enable_thinking: false },
+                  }),
+                });
+                if (r.ok) {
+                  const d = await r.json();
+                  pdfResponse = d.choices?.[0]?.message?.content || '';
+                } else {
+                  pdfResponse = 'Error reading PDF via Liara.';
+                }
+              }
+            } else if (provider === 'anthropic') {
               const r = await fetch('https://api.anthropic.com/v1/messages', {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json', 'x-api-key': apiKey, 'anthropic-version': '2023-06-01' },
@@ -1683,6 +1799,28 @@ export async function cmdUI(args) {
             }
           }
 
+          // Auto-correct: if LLM called web_search but query looks like a domain, switch to browser_open
+          for (const a of actions) {
+            if (a.action === 'web_search' && a.params.query) {
+              const q = a.params.query.trim();
+              // Detect domain names: corriere.it, github.com, youtube.com, etc.
+              if (/^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(q) || /^(https?:\/\/)/.test(q)) {
+                a.action = 'browser_open';
+                a.params = { url: q.startsWith('http') ? q : 'https://' + q };
+              }
+            }
+          }
+
+          // Auto-correct: if user said "visita/vai su/apri/open" + domain but LLM used web_search
+          const visitMatch = msg.match(/(?:visita|vai su|apri|open|go to)\s+([a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
+          if (visitMatch && !actions.some(a => a.action === 'browser_open')) {
+            const domain = visitMatch[1];
+            // Remove any web_search that was targeting this domain
+            const wsIdx = actions.findIndex(a => a.action === 'web_search' && a.params.query?.toLowerCase().includes(domain.toLowerCase()));
+            if (wsIdx >= 0) actions.splice(wsIdx, 1);
+            actions.unshift({ action: 'browser_open', params: { url: 'https://' + domain } });
+          }
+
           for (const { action, params } of actions) {
             // Force screenshot=true on web_search if user asked for screenshot
             if (action === 'web_search' && wantsScreenshot && !params.screenshot) {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '12.1.1';
+export const VERSION = '12.1.3';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/tool-executor.mjs

@@ -445,8 +445,12 @@ TOOLS:
 
 RULES:
 - ABSOLUTE RULE: NEVER LIE. NEVER fabricate, invent, or guess information. If you do not know, say "I don't know." If a tool fails, say it failed. If you cannot see something, say so. Honesty is MORE important than being helpful.
-- CRITICAL: For web searches, ALWAYS use web_search — NEVER open Google/Bing/DuckDuckGo in the browser.
-- CRITICAL: For web searches ("search for X", "find X online", "look up X"), ALWAYS use web_search — NEVER open Google/Bing/DuckDuckGo in the browser. web_search is faster, more reliable, and doesn't get blocked by CAPTCHAs. Only use browser_open for interacting with specific websites (filling forms, clicking buttons, taking screenshots of specific pages).
+- CRITICAL ROUTING RULE — browser_open vs web_search:
+  * "visita X.com", "vai su X", "apri X.com", "open X", "go to X" → ALWAYS use browser_open("https://X.com"). The user wants to SEE a specific website.
+  * "cerca X", "search for X", "find X", "look up X" → ALWAYS use web_search. The user wants search results.
+  * If the user mentions a SPECIFIC domain name (corriere.it, github.com, youtube.com, etc.) → browser_open, NEVER web_search.
+  * NEVER open Google/Bing/DuckDuckGo in the browser — use web_search for searching.
+  * web_search is for QUERIES. browser_open is for URLS. If it looks like a website name, it's a URL.
 - For search/read operations, execute immediately and present results conversationally.
 - For write/send/delete operations (gmail_send, gmail_reply, gmail_delete, calendar_create, calendar_move, calendar_update, contact_delete, task_done, notify_remind, file_write), DESCRIBE what you're about to do and include the JSON block so the system can ask the user for confirmation.
 - For schedule_meeting and schedule_draft_email, execute immediately — these are read operations that suggest slots.