npm - nothumanallowed - Versions diffs - 13.5.60 → 13.5.62 - Mend

nothumanallowed 13.5.60 → 13.5.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "13.5.60",
+  "version": "13.5.62",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs CHANGED Viewed

@@ -4225,7 +4225,10 @@ function sentinelMiddleware(req, res, next) {
   }
   next();
 }
-module.exports = { sentinelMiddleware };
+// Export both ways: default function (for require('./middleware/sentinel'))
+// and named export (for require('./middleware/sentinel').sentinelMiddleware)
+module.exports = sentinelMiddleware;
+module.exports.sentinelMiddleware = sentinelMiddleware;
 `;
           fs.mkdirSync(path.join(sandboxDir, 'server', 'middleware'), { recursive: true });
           fs.writeFileSync(path.join(sandboxDir, 'server', 'middleware', 'sentinel.js'), sentinelShim, 'utf8');
@@ -4687,7 +4690,9 @@ REGOLE CRITICHE:
                 content = content.replace(toolCall.old, toolCall.new);
                 fs.writeFileSync(fp, content, 'utf8');
                 toolResults.push({ op: 'edit', path: toolCall.path, ok: true });
-                sendEv({ type: 'tool', op: 'edit', path: toolCall.path, result: 'ok' });
+                sendEv({ type: 'tool', op: 'edit', path: toolCall.path, result: 'ok',
+                  oldSnippet: (toolCall.old || '').slice(0, 300),
+                  newSnippet: (toolCall.new || '').slice(0, 300) });
               } else {
                 sendEv({ type: 'tool', op: 'edit', path: toolCall.path, result: 'old_string non trovato — patch fallita' });
               }

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '13.5.60';
+export const VERSION = '13.5.62';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';

package/src/services/web-ui.mjs CHANGED Viewed

@@ -6975,14 +6975,21 @@ function wcChatPanelHtml() {
         '</div>';
       }
     } else if (msg.role === 'system') {
-      // System messages: compact notices (snapshot, syntax check, etc.)
-      messagesHtml += '<div style="margin:2px 12px;padding:4px 10px;background:var(--bg3);border-left:2px solid var(--border2);border-radius:4px;font-size:10px;color:var(--dim)">' + (msg.text||'') + '</div>';
+      // System messages: compact notices (snapshot, syntax check, error with fix button)
+      var isSandboxErr = (msg.text || '').indexOf('Errore sandbox') !== -1;
+      var borderColor = isSandboxErr ? '#ef4444' : 'var(--border2)';
+      var textColor = isSandboxErr ? '#fca5a5' : 'var(--dim)';
+      messagesHtml += '<div style="margin:4px 12px;padding:6px 10px;background:var(--bg3);border-left:2px solid '+borderColor+';border-radius:4px;font-size:10px;color:'+textColor+';display:flex;align-items:center;gap:8px">' +
+        '<span style="flex:1">' + (msg.text||'') + '</span>' +
+        (isSandboxErr ? '<button onclick="wcFixSandboxError()" style="flex-shrink:0;padding:4px 10px;background:#7f1d1d;border:1px solid #ef4444;border-radius:5px;color:#fca5a5;font-size:10px;font-weight:700;cursor:pointer">&#129302; Correggi</button>' : '') +
+      '</div>';
       if (msg.syntaxErrors && msg.syntaxErrors.length) {
         messagesHtml += '<div style="margin:2px 12px">' + msg.syntaxErrors.map(function(e2){
           return '<div style="font-size:10px;font-family:var(--mono);color:#f87171;padding:2px 0">&#10005; ' + wcEsc(e2.file) + ': ' + wcEsc(e2.error) + '</div>';
         }).join('') + '</div>';
       }
     } else {
+      var diffBlocks = '';
       var toolBadges = (msg.tools || []).map(function(tool){
         var isOk = tool.result === 'ok';
         var isParseErr = tool.op === 'parse_error';
@@ -6990,6 +6997,17 @@ function wcChatPanelHtml() {
         var color = isOk ? 'var(--green)' : 'var(--red)';
         var label = isParseErr ? ('JSON err: ' + wcEsc(tool.result)) : wcEsc(tool.path);
         var title = isOk ? tool.op + ': ' + tool.path : (tool.result || '');
+        // Build inline diff block for successful edits
+        if (isOk && tool.op === 'edit' && tool.oldSnippet) {
+          var oldLines = tool.oldSnippet.split(String.fromCharCode(10)).map(function(l){ return '<div style="background:#3f0f0f;color:#fca5a5;font-family:var(--mono);font-size:9px;padding:0 8px;white-space:pre-wrap;word-break:break-all">- '+wcEsc(l)+'</div>'; }).join('');
+          var newLines = tool.newSnippet.split(String.fromCharCode(10)).map(function(l){ return '<div style="background:#0f2f0f;color:#86efac;font-family:var(--mono);font-size:9px;padding:0 8px;white-space:pre-wrap;word-break:break-all">+ '+wcEsc(l)+'</div>'; }).join('');
+          diffBlocks += '<details style="margin:2px 0;border:1px solid rgba(255,255,255,0.08);border-radius:5px;overflow:hidden">' +
+            '<summary style="padding:3px 8px;font-size:9px;font-family:var(--mono);color:var(--dim);cursor:pointer;list-style:none;display:flex;align-items:center;gap:4px">' +
+              '<span style="color:var(--green)">&#9998;</span> '+wcEsc(tool.path)+' <span style="margin-left:auto;opacity:.5">&#9660;</span>' +
+            '</summary>' +
+            oldLines + newLines +
+          '</details>';
+        }
         return '<span title="'+wcEsc(title)+'" style="display:inline-flex;align-items:center;gap:3px;background:var(--bg3);border:1px solid '+(isOk?'var(--green3)':'var(--red)')+';border-radius:4px;padding:2px 6px;font-size:9px;font-family:var(--mono);color:'+color+'">' +
           icon + ' ' + label + '</span>';
       }).join(' ');
@@ -7000,6 +7018,7 @@ function wcChatPanelHtml() {
           '<span style="font-size:10px;font-weight:700;color:var(--green)">WebCraft Agent</span>' +
         '</div>' +
         '<div style="padding:8px 10px;font-size:11px;color:var(--text);line-height:1.6;white-space:pre-wrap">'+agentText+'</div>' +
+        (diffBlocks ? '<div style="padding:4px 8px 6px;border-top:1px solid rgba(255,255,255,0.06)">'+diffBlocks+'</div>' : '') +
         (toolBadges ? '<div style="display:flex;flex-wrap:wrap;gap:4px;padding:6px 10px;border-top:1px solid rgba(255,255,255,0.06)">'+toolBadges+'</div>' : '') +
       '</div>';
     }
@@ -7184,7 +7203,7 @@ async function wcExecuteAgentCall(message, isPlanExec, planOrigMsg, attachments)
             if (typingEl) typingEl.textContent = '...';
             wcScrollChatToBottom();
           } else if (ev.type === 'tool') {
-            agentMsg.tools.push({ op: ev.op, path: ev.path, result: ev.result });
+            agentMsg.tools.push({ op: ev.op, path: ev.path, result: ev.result, oldSnippet: ev.oldSnippet || '', newSnippet: ev.newSnippet || '' });
             if ((ev.op === 'edit' || ev.op === 'write') && ev.result === 'ok') {
               anyEdits = true;
               wcChat[wcChat.length-1] = agentMsg;
@@ -7304,7 +7323,7 @@ async function wcTriggerAutoFix(missingModule) {
         try {
           var ev2 = JSON.parse(line2);
           if (ev2.type === 'text') { agentMsg.text += ev2.token; }
-          else if (ev2.type === 'tool') { agentMsg.tools.push({ op: ev2.op, path: ev2.path, result: ev2.result }); }
+          else if (ev2.type === 'tool') { agentMsg.tools.push({ op: ev2.op, path: ev2.path, result: ev2.result, oldSnippet: ev2.oldSnippet || '', newSnippet: ev2.newSnippet || '' }); }
           else if (ev2.type === 'done') { wcChatRunning = false; if (ev2.changed) { wcReloadProjectFiles(); } }
           else if (ev2.type === 'restart_sandbox') { wcStartSandbox(); }
           else if (ev2.type === 'error') { agentMsg.text += String.fromCharCode(10)+'Errore: '+ev2.msg; wcChatRunning = false; }
@@ -7631,7 +7650,7 @@ async function wcGenerate() {
   // Security rules always injected
   var SECURITY_RULES = [
-    'ALWAYS use security headers: X-Content-Type-Options, X-Frame-Options: DENY, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: geolocation=(), microphone=(), camera=(), Strict-Transport-Security: max-age=31536000; includeSubDomains; preload.',
+    'ALWAYS use security headers: X-Content-Type-Options, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: geolocation=(), microphone=(), camera=(). NEVER set X-Frame-Options: DENY or frame-ancestors: none — the app runs in a sandbox iframe and must be embeddable. HSTS only in production (check NODE_ENV).',
     'NEVER put secrets, API keys, or DB credentials in frontend code. Only in .env server-side.',
     'ALWAYS use prepared statements / parameterized queries. NEVER string-concatenate SQL.',
     'ALWAYS hash passwords with bcrypt (cost factor 12+). NEVER store plain passwords.',
@@ -7651,7 +7670,7 @@ async function wcGenerate() {
     { name: 'package.json',          lang: 'json',       prompt: 'Generate package.json for an Express/PostgreSQL project named "'+projName+'". Dependencies: express, pg, bcryptjs, jsonwebtoken, nodemailer, helmet, express-rate-limit, cors, dotenv, express-validator, ioredis. DevDependencies: nodemon. Scripts: start, dev.' },
     { name: '.env.example',          lang: 'bash',       prompt: 'Generate .env.example with all required env vars: DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASS, JWT_SECRET, JWT_REFRESH_SECRET, SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, SMTP_FROM, SENDGRID_API_KEY (commented as optional fallback), REDIS_URL (default redis://localhost:6379, works with Dragonfly too), PORT, NODE_ENV, CORS_ORIGIN, BASE_URL. Add helpful comments for each. Note that REDIS_URL is optional — app falls back to in-memory LRU if Redis unavailable.' },
     { name: 'server/db.js',          lang: 'javascript', prompt: 'Generate server/db.js: pg.Pool singleton (max:10, idleTimeoutMillis:30000, connectionTimeoutMillis:2000). Circuit breaker: if DB fails 5+ times in 60s, open circuit (throw immediately) for 30s, then half-open (try one query). Export pool, query(text, params) with circuit breaker, transaction(callback) helper (BEGIN/COMMIT/ROLLBACK). Graceful shutdown on SIGTERM/SIGINT.' },
-    { name: 'server/middleware/security.js', lang: 'javascript', prompt: 'Generate server/middleware/security.js: helmet with full CSP (defaultSrc self, scriptSrc self, styleSrc self unsafe-inline, imgSrc self data:, connectSrc self, frameSrc none, objectSrc none), HSTS, X-Frame-Options DENY, Referrer-Policy. Add express-rate-limit for general routes (100/15min) and strict limiter for auth (5/15min). Export { applySecurityMiddleware, authLimiter }.' },
+    { name: 'server/middleware/security.js', lang: 'javascript', prompt: 'Generate server/middleware/security.js: detect sandbox via isSandbox = !process.env.NODE_ENV || process.env.NODE_ENV === "development". Use helmet CSP: defaultSrc self, scriptSrc self unsafe-inline, styleSrc self unsafe-inline, imgSrc self data:, connectSrc self, objectSrc none. frameAncestors: if isSandbox use ["self", "http://127.0.0.1:*", "http://localhost:*"] else ["none"]. NO X-Frame-Options DENY (conflicts with frameAncestors). NO HSTS in sandbox (HTTP only). Referrer-Policy strict-origin-when-cross-origin. Add express-rate-limit for general routes (100/15min) and strict limiter for auth (5/15min). Export { applySecurityMiddleware, authLimiter }.' },
     { name: 'server/middleware/validate.js', lang: 'javascript', prompt: 'Generate server/middleware/validate.js using express-validator. Export handleValidationErrors middleware. Export auth field validators: registerValidator (fields: '+authFieldsDef+'), loginValidator (email + password).' },
     { name: 'server/services/email.js', lang: 'javascript', prompt: 'Generate server/services/email.js: Nodemailer transporter using SMTP from env. Function sendVerificationEmail(to, token, baseUrl): sends HTML email with verification link. Function sendPasswordResetEmail(to, token, baseUrl). Add SendGrid fallback (commented out, predisposed with transporter swap). Never expose credentials.' },
     { name: 'server/routes/auth.js',  lang: 'javascript', prompt: 'Generate server/routes/auth.js: POST /register (validate fields: '+authFieldsDef+', check duplicate email, bcrypt hash password cost 12, insert user, send verification email, return 201), POST /login (validate, check email verified, compare bcrypt, issue JWT access 15min + refresh 7d httpOnly cookie), POST /logout (clear refresh cookie), POST /refresh-token (validate refresh from httpOnly cookie, rotate token), GET /verify-email/:token (mark email verified). Use parameterized queries only. Apply authLimiter to register and login.' },
@@ -7857,7 +7876,12 @@ function wcSandboxPanelHtml() {
   return '<div style="display:flex;flex-direction:column;flex:1;min-height:0;overflow-y:auto">' +
     phasesHtml +
-    (sb.error ? '<div style="padding:10px 14px;color:var(--red);font-size:11px;font-family:var(--mono);border-top:1px solid var(--border)">&#10060; '+wcEsc(sb.error)+'</div>' : '') +
+    (sb.error ?
+      '<div style="padding:10px 14px;border-top:1px solid var(--border);display:flex;align-items:flex-start;gap:10px;flex-wrap:wrap">' +
+        '<div style="flex:1;min-width:0;font-size:11px;font-family:var(--mono);color:var(--red);white-space:pre-wrap;word-break:break-all">&#10060; '+wcEsc(sb.error)+'</div>' +
+        '<button onclick="wcFixSandboxError()" style="flex-shrink:0;padding:6px 14px;background:#7f1d1d;border:1px solid #ef4444;border-radius:6px;color:#fca5a5;font-size:11px;font-weight:700;cursor:pointer;white-space:nowrap">&#129302; Correggi</button>' +
+      '</div>'
+    : '') +
   '</div>';
 }
@@ -7948,6 +7972,66 @@ async function wcStopSandbox() {
   renderWebCraft(document.getElementById('content'));
 }
+// "Correggi" button — sends full sandbox error to the agent for repair
+async function wcFixSandboxError() {
+  var errText = wcState.sandbox.error || 'Errore sconosciuto avviando il server sandbox';
+  // Put error in chat input so user can see it, then fire agent
+  var fixMsg = 'ERRORE SANDBOX — il server Node.js non si avvia. Analizza tutti i file del progetto, trova la causa e correggi.' +
+    String.fromCharCode(10) + String.fromCharCode(10) +
+    'STACKTRACE COMPLETO:' + String.fromCharCode(10) + errText;
+  // Push as user message so it appears in chat
+  wcChat.push({ role: 'user', text: '&#129302; Correggi errore sandbox' });
+  wcScrollChatToBottom();
+  wcChatRunning = true;
+  renderWebCraft(document.getElementById('content'));
+  try {
+    var r = await fetch(API + '/api/studio/webcraft/agent', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ projectName: wcState.projectName, message: fixMsg, autofix: true })
+    });
+    if (!r.ok) { wcChatRunning = false; renderWebCraft(document.getElementById('content')); return; }
+    var agentMsg = { role: 'agent', text: '', tools: [] };
+    wcChat.push(agentMsg);
+    var reader4 = r.body.getReader();
+    var dec4 = new TextDecoder();
+    var buf4 = '';
+    while (true) {
+      var res4 = await reader4.read();
+      if (res4.done) break;
+      buf4 += dec4.decode(res4.value, { stream: true });
+      var parts4 = buf4.split(String.fromCharCode(10) + String.fromCharCode(10));
+      buf4 = parts4.pop();
+      for (var pi4 = 0; pi4 < parts4.length; pi4++) {
+        var line4 = parts4[pi4].replace(/^data: /, '').trim();
+        if (!line4) continue;
+        try {
+          var ev4 = JSON.parse(line4);
+          if (ev4.type === 'text') { agentMsg.text += ev4.token; renderWebCraft(document.getElementById('content')); wcScrollChatToBottom(); }
+          else if (ev4.type === 'tool') { agentMsg.tools.push({ op: ev4.op, path: ev4.path, result: ev4.result }); renderWebCraft(document.getElementById('content')); }
+          else if (ev4.type === 'done') {
+            wcChatRunning = false;
+            if (ev4.changed) {
+              // Files changed — syntax check then offer to restart
+              wcChat.push({ role: 'system', text: '&#9989; Fix applicato. Clicca &#9654; Avvia Sandbox per ritentare.' });
+            }
+            renderWebCraft(document.getElementById('content'));
+            wcScrollChatToBottom();
+          } else if (ev4.type === 'restart_sandbox') {
+            wcState.sandbox = { running: false, port: null, dir: null, logs: [], error: null };
+            setTimeout(function(){ wcStartSandbox(); }, 800);
+          }
+        } catch(_) {}
+      }
+    }
+  } catch(e2) {
+    wcChatRunning = false;
+    wcChat.push({ role: 'system', text: '&#10060; Errore chiamata agente: ' + e2.message });
+    renderWebCraft(document.getElementById('content'));
+  }
+}
 var _wcLastDownload = 0;
 function wcDownloadZip() {
   if (!wcState.generatedFiles.length) return;