nothumanallowed 14.1.51 → 14.1.53

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "14.1.51",
+  "version": "14.1.53",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '14.1.51';
+export const VERSION = '14.1.53';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/config.mjs

@@ -51,9 +51,30 @@ export function register(router) {
       const { promisify } = await import('util');
       const execAsync = promisify(exec);
 
-      // npm update -g doesn't cross major/minor versions — use install @latest
-      const { stdout, stderr } = await execAsync('npm install -g nothumanallowed@latest', {
-        timeout: 120000
+      // Detect the package manager and global prefix to handle permissions correctly
+      let cmd = 'npm install -g nothumanallowed@latest';
+
+      // On macOS/Linux, check if we need special handling for permission
+      if (process.platform !== 'win32') {
+        try {
+          // Check if npm global dir is writable by current user
+          const { stdout: prefix } = await execAsync('npm config get prefix', { timeout: 5000 });
+          const globalDir = prefix.trim();
+          await fs.promises.access(path.join(globalDir, 'lib'), fs.constants.W_OK);
+        } catch {
+          // Global dir not writable — return error with clear instructions
+          sendJSON(res, 200, {
+            success: false,
+            error: 'EACCES: permission denied',
+            message: 'Permission denied. Run: sudo npm install -g nothumanallowed@latest'
+          });
+          return;
+        }
+      }
+
+      const { stdout, stderr } = await execAsync(cmd, {
+        timeout: 120_000,
+        env: { ...process.env, NODE_ENV: 'production' },
       });
 
       sendJSON(res, 200, {
@@ -63,10 +84,13 @@ export function register(router) {
         stderr: stderr.trim()
       });
     } catch (e) {
-      sendJSON(res, 500, {
+      const isPermission = e.message?.includes('EACCES') || e.message?.includes('permission denied');
+      sendJSON(res, 200, {
         success: false,
-        error: e.message,
-        message: 'Update failed. Try running: npm install -g nothumanallowed@latest'
+        error: isPermission ? 'EACCES: permission denied' : e.message,
+        message: isPermission
+          ? 'Permission denied. Run: sudo npm install -g nothumanallowed@latest'
+          : 'Update failed. Try running: npm install -g nothumanallowed@latest'
       });
     }
   });

package/src/server/routes/email.mjs

@@ -9,6 +9,92 @@ import { loadConfig } from '../../config.mjs';
 import { NHA_DIR } from '../../constants.mjs';
 import { getUnreadImportant, getMessage, listMessages, getTodayEmails, sendEmail, createDraft } from '../../services/mail-router.mjs';
 
+/**
+ * Persist a single Gmail API message to the local SQLite DB.
+ * Non-blocking — errors are caught and logged, never thrown to the caller.
+ */
+async function persistGmailMessageToDb(config, msg) {
+  if (!msg || !msg.id) return;
+
+  const { SQLITE_AVAILABLE, getDb, ensureGoogleAccount, upsertFolder } = await import('../../services/email-db.mjs');
+  if (!SQLITE_AVAILABLE) return;
+
+  const db = getDb();
+
+  // Determine the user's email from config
+  let accountEmail = 'gmail@account';
+  try {
+    accountEmail = config.google?.email || config.email || accountEmail;
+  } catch {}
+  // Fallback: extract from 'to' field
+  if (accountEmail === 'gmail@account' && msg.to) {
+    const match = msg.to.match(/<(.+?)>$/);
+    accountEmail = match ? match[1] : msg.to;
+  }
+
+  // Ensure Google account exists
+  const googleAccount = ensureGoogleAccount({
+    id: 'google',
+    display_name: 'Gmail',
+    email_address: accountEmail,
+    imap_host: 'gmail.googleapis.com',
+    imap_port: 993,
+    is_active: 1
+  });
+  if (!googleAccount) return;
+
+  // Determine folder from labels
+  let folderKey = 'INBOX';
+  if (msg.labels && Array.isArray(msg.labels)) {
+    if (msg.labels.includes('SENT')) folderKey = 'SENT';
+    else if (msg.labels.includes('DRAFT')) folderKey = 'DRAFTS';
+    else if (msg.labels.includes('SPAM')) folderKey = 'SPAM';
+    else if (msg.labels.includes('TRASH')) folderKey = 'TRASH';
+  }
+
+  const folderMap = {
+    'INBOX': { name: 'Inbox', type: 'inbox' },
+    'SENT': { name: 'Sent', type: 'sent' },
+    'DRAFTS': { name: 'Drafts', type: 'drafts' },
+    'SPAM': { name: 'Spam', type: 'spam' },
+    'TRASH': { name: 'Trash', type: 'trash' },
+  };
+  const folderInfo = folderMap[folderKey] || { name: 'Inbox', type: 'inbox' };
+  const folderId = upsertFolder(googleAccount.id, folderKey, folderInfo.name, folderInfo.type, 1, 0);
+  if (!folderId) return;
+
+  // Extract email/name from "Name <email>" format
+  const fromEmail = msg.from ? (msg.from.match(/<(.+?)>$/)?.[1] || msg.from) : '';
+  const fromName = msg.from ? (msg.from.match(/^(.+?)\s*<.+>$/)?.[1]?.replace(/['"]/g, '') || '') : '';
+
+  // Insert or replace message
+  db.prepare(`
+    INSERT OR REPLACE INTO email_messages
+      (id, account_id, folder_id, imap_folder_path, uid, message_id, thread_id,
+       subject, from_address, from_name, to_addresses, body_text, body_html, body_preview,
+       internal_date, has_attachments, source)
+    VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
+  `).run(
+    msg.id, googleAccount.id, folderId, folderKey,
+    Date.now() + (Math.random() * 1000 | 0),
+    msg.id, msg.threadId || msg.id,
+    msg.subject || '(no subject)',
+    fromEmail, fromName,
+    msg.to || '',
+    msg.body || '', msg.bodyHtml || '',
+    msg.snippet || '',
+    new Date(msg.date || Date.now()).toISOString(),
+    (msg.attachments && msg.attachments.length > 0) ? 1 : 0,
+    'gmail_api'
+  );
+
+  // Persist read/starred state
+  db.prepare(`
+    INSERT OR REPLACE INTO email_message_state (message_id, is_read, is_starred)
+    VALUES (?, ?, ?)
+  `).run(msg.id, msg.isUnread ? 0 : 1, msg.isImportant ? 1 : 0);
+}
+
 export function register(router) {
   // ── Gmail ──────────────────────────────────────────────────────────────
 
@@ -50,6 +136,13 @@ export function register(router) {
           : folder;
         const emails = await getAllEmails(config, gmailFolder, limit + offset);
         sendJSON(res, 200, { emails: emails.slice(offset, offset + limit), total: emails.length });
+
+        // Persist fetched emails to local SQLite DB (fire-and-forget, non-blocking)
+        setImmediate(() => {
+          for (const msg of emails) {
+            persistGmailMessageToDb(config, msg).catch(() => {});
+          }
+        });
       } catch (providerErr) {
         if (providerErr.message?.includes('No mail provider') || providerErr.message?.includes('token')) {
           try {
@@ -90,6 +183,12 @@ export function register(router) {
       try {
         const msg = await getMessage(config, msgId);
         console.log('[EMAIL READ SUCCESS] Gmail API returned:', JSON.stringify(msg, null, 2).slice(0, 500));
+
+        // Persist to local SQLite DB for offline/local-first access
+        persistGmailMessageToDb(config, msg).catch(e =>
+          console.warn('[EMAIL READ] Failed to persist to DB:', e.message)
+        );
+
         sendJSON(res, 200, { message: msg });
       } catch (providerErr) {
         // Gmail API failed — fall back to local IMAP DB

package/src/server/routes/integrations.mjs

@@ -24,12 +24,15 @@ export function register(router) {
 
   router.get('/api/github', async (req, res) => {
     try {
-      const { listNotifications } = await import('../../services/github.mjs');
+      const { listNotificationsRaw } = await import('../../services/github.mjs');
       const config = loadConfig();
-      sendJSON(res, 200, { notifications: await listNotifications(config) });
+      const notifications = await listNotificationsRaw(config);
+      sendJSON(res, 200, { notifications: Array.isArray(notifications) ? notifications : [] });
     } catch (e) {
-      if (e.message?.includes('token') || e.message?.includes('not configured')) return sendJSON(res, 200, { notifications: [], authRequired: true });
-      sendError(res, 500, e.message);
+      if (e.message?.includes('token') || e.message?.includes('not configured') || e.message?.includes('401')) {
+        return sendJSON(res, 200, { notifications: [], error: 'GitHub token not configured or expired. Run: nha config set github-token YOUR_PAT' });
+      }
+      sendJSON(res, 200, { notifications: [], error: e.message });
     }
   });
 

package/src/services/llm.mjs

@@ -59,7 +59,7 @@ const BOUNDARY_WORDS = new Set([
 ]);
 
 // Single characters commonly produced by BPE fragmentation in Italian/English
-const BPE_SINGLE_CHARS = new Set(['a','c','d','e','i','l','m','n','o','p','r','s','t','u','v']);
+const BPE_SINGLE_CHARS = new Set('abcdefghijklmnopqrstuvwxyzàèéìòù'.split(''));
 
 /**
  * Enterprise-grade linguistic scorer for Italian/English word candidates.
@@ -693,8 +693,8 @@ export async function callNHA(apiKey, model, systemPrompt, userMessage, stream =
   let content = data.choices?.[0]?.message?.content || '';
   // Strip thinking tags if present
   content = content.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
-  // Fix Qwen3 BPE tokenizer artifacts (words fused without spaces)
-  content = fixQwen3BPE(content);
+  // NOTE: Do NOT apply fixQwen3BPE here. With stream:false, vLLM returns
+  // correctly-spaced text. The BPE repair regex corrupts normal words.
   return content;
 }
 
@@ -962,13 +962,9 @@ export async function callLLMStream(config, systemPrompt, userMessage, onToken,
     let fullNhaText = nhaJson.choices?.[0]?.message?.content || '';
     // Strip <think>...</think> blocks
     fullNhaText = fullNhaText.replace(/<think>[\s\S]*?<\/think>/g, '').trim();
-    // Fix Qwen3 BPE tokenizer artifacts: words joined without spaces.
-    // Qwen3 streaming via vLLM occasionally produces subword tokens that arrive
-    // concatenated — e.g. "lacorrelazione" instead of "la correlazione",
-    // "ilprezzodell'oro" instead of "il prezzo dell'oro".
-    // We fix this by inserting spaces before Italian/English articles and
-    // prepositions that appear fused at word boundaries.
-    fullNhaText = fixQwen3BPE(fullNhaText);
+    // NOTE: Do NOT apply fixQwen3BPE here. With stream:false, vLLM returns
+    // correctly-spaced text. The BPE repair regex is too aggressive and
+    // corrupts normal Italian words (e.g. "assistente" → "ass ist ente").
     if (onToken) onToken(fullNhaText);
     return fullNhaText;
   }
@@ -1233,8 +1229,6 @@ async function streamSSEWithCallback(res, format, onToken) {
     }
   }
 
-  // Apply BPE repair to the final accumulated text before returning
-  fullText = fixQwen3BPE(fullText);
   return fullText;
 }