nothumanallowed 15.1.42 → 15.1.44

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.42",
+  "version": "15.1.44",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '15.1.42';
+export const VERSION = '15.1.44';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/email.mjs

@@ -416,6 +416,42 @@ export function register(router) {
     } catch (e) { sendError(res, 500, e.message); }
   });
 
+  // POST /api/imap/test — dry-run connection test (no DB writes).
+  // Body: { imap_host, imap_port, smtp_host, smtp_port, username, password,
+  //         email_address, from_name, sendTest? }
+  // Returns: { imap: {ok, secure, ...}, smtp: {ok, secure, sent, messageId, ...} }
+  // The UI uses this for the "Test connection" / "Send test email" buttons
+  // before persisting an account — same UX as Outlook / Thunderbird.
+  router.post('/api/imap/test', async (req, res) => {
+    try {
+      const body = await parseBody(req);
+      const creds = {
+        imap_host: body.imap_host,
+        imap_port: body.imap_port,
+        smtp_host: body.smtp_host,
+        smtp_port: body.smtp_port,
+        username: body.username,
+        password: body.password,
+        email_address: body.email_address,
+        from_name: body.from_name,
+      };
+      const out = { imap: null, smtp: null };
+      try {
+        const { testImapConnection } = await import('../../services/email-imap.mjs');
+        out.imap = await testImapConnection(creds);
+      } catch (e) {
+        out.imap = { ok: false, error: e.message };
+      }
+      try {
+        const { testSmtpConnection } = await import('../../services/email-smtp.mjs');
+        out.smtp = await testSmtpConnection(creds, { sendTest: !!body.sendTest });
+      } catch (e) {
+        out.smtp = { ok: false, error: e.message };
+      }
+      sendJSON(res, 200, out);
+    } catch (e) { sendError(res, 500, e.message); }
+  });
+
   // POST /api/imap/sync  (body: { accountId, force })
   router.post('/api/imap/sync', async (req, res) => {
     try {

package/src/services/email-imap.mjs

@@ -57,9 +57,13 @@ function notifyIdle(accountId, folder) {
   for (const h of idleHandlers) { try { h(accountId, folder); } catch {} }
 }
 
-function createImapClient(label, creds, accountId) {
+function createImapClient(label, creds, accountId, secureOverride) {
   const port = parseInt(creds.imap_port, 10) || 993;
-  const isSecure = port === 993 || port === 465;
+  // Default heuristic: 993/465 use implicit TLS, anything else uses STARTTLS.
+  // `secureOverride` lets the auto-fallback path force the opposite mode.
+  const isSecure = typeof secureOverride === 'boolean'
+    ? secureOverride
+    : (port === 993 || port === 465);
   const client = new ImapFlow({
     host: creds.imap_host,
     port,
@@ -68,6 +72,10 @@ function createImapClient(label, creds, accountId) {
     logger: false,
     clientInfo: { name: 'NHA-Mail', version: '1.0.0' },
     emitLogs: false,
+    // Bounded timeouts so a misconfigured server doesn't hang the UI.
+    connectionTimeout: 15000,
+    greetingTimeout: 10000,
+    socketTimeout: 60000,
     tls: { rejectUnauthorized: false }, // always set — safe for self-signed certs too
   });
   client.on('error', (err) => {
@@ -77,6 +85,12 @@ function createImapClient(label, creds, accountId) {
   return client;
 }
 
+// Match the most common "wrong TLS mode" failure modes from ImapFlow.
+function _looksLikeTlsMismatch(err) {
+  const msg = (err && err.message ? err.message : String(err)).toLowerCase();
+  return /greeting|tls|ssl|wrong version number|protocol|enotconn|econnreset|handshake/.test(msg);
+}
+
 export async function getImapClient(accountId) {
   const existing = syncClients.get(accountId);
   if (existing?.usable) return existing;
@@ -84,12 +98,66 @@ export async function getImapClient(accountId) {
 
   const creds = getAccountCredentials(accountId);
   if (!creds || !creds.imap_host) throw new Error(`No IMAP credentials for account ${accountId}`);
-  const client = createImapClient(`sync:${accountId.slice(0, 8)}`, creds, accountId);
-  await client.connect();
+  const label = `sync:${accountId.slice(0, 8)}`;
+
+  // First attempt with the heuristic-derived TLS mode.
+  let client = createImapClient(label, creds, accountId);
+  try {
+    await client.connect();
+  } catch (err) {
+    // Auto-fallback: if the failure smells like a TLS-mode mismatch, retry
+    // with the opposite mode before bubbling the error up to the user. The
+    // most common case is port 993 misclassified (or a non-standard port
+    // with implicit TLS) — the second try usually succeeds.
+    if (_looksLikeTlsMismatch(err)) {
+      try { await client.logout(); } catch {}
+      const port = parseInt(creds.imap_port, 10) || 993;
+      const fallbackSecure = !(port === 993 || port === 465);
+      console.warn(`[email:imap] ${label} TLS mismatch (${err.message}). Retrying with secure=${fallbackSecure}`);
+      client = createImapClient(label, creds, accountId, fallbackSecure);
+      await client.connect();
+    } else {
+      throw err;
+    }
+  }
   syncClients.set(accountId, client);
   return client;
 }
 
+// Dry-run connectivity test used by Settings UI (no DB writes, no persistent
+// client). Returns { ok, secure, message }.
+export async function testImapConnection(creds) {
+  if (!creds?.imap_host) throw new Error('imap_host required');
+  if (!creds?.username || !creds?.password) throw new Error('Username and password required');
+  const port = parseInt(creds.imap_port, 10) || 993;
+  const tryConnect = async (secure) => {
+    const client = createImapClient('test', creds, null, secure);
+    try {
+      await client.connect();
+      const list = await client.list();
+      await client.logout();
+      return { ok: true, secure, folderCount: list.length };
+    } catch (err) {
+      try { await client.logout(); } catch {}
+      throw err;
+    }
+  };
+  const firstSecure = port === 993 || port === 465;
+  try {
+    return await tryConnect(firstSecure);
+  } catch (err) {
+    if (_looksLikeTlsMismatch(err)) {
+      try {
+        const r = await tryConnect(!firstSecure);
+        return { ...r, message: `Fallback TLS=${!firstSecure} (heuristic was wrong for this server)` };
+      } catch (err2) {
+        throw new Error(`IMAP test failed (both TLS modes): ${err.message} / ${err2.message}`);
+      }
+    }
+    throw err;
+  }
+}
+
 export async function closeImapClient(accountId) {
   const c = syncClients.get(accountId);
   if (c) { try { await c.logout(); } catch {}; syncClients.delete(accountId); }

package/src/services/email-smtp.mjs

@@ -18,9 +18,9 @@ function threadId(messageId) {
   return createHash('sha1').update(messageId).digest('hex');
 }
 
-function getTransporter(creds) {
+function getTransporter(creds, secureOverride) {
   const port = parseInt(creds.smtp_port, 10) || 587;
-  const isSecure = port === 465;
+  const isSecure = typeof secureOverride === 'boolean' ? secureOverride : (port === 465);
   return createTransport({
     host: creds.smtp_host,
     port,
@@ -33,6 +33,53 @@ function getTransporter(creds) {
   });
 }
 
+// Dry-run SMTP test used by Settings UI. Verifies auth, optionally sends a
+// real "Hello from NHA" message to the configured address. Same TLS-mode
+// auto-fallback pattern as IMAP.
+export async function testSmtpConnection(creds, { sendTest = false } = {}) {
+  if (!creds?.smtp_host) throw new Error('smtp_host required');
+  if (!creds?.username || !creds?.password) throw new Error('Username and password required');
+  const port = parseInt(creds.smtp_port, 10) || 587;
+  const firstSecure = port === 465;
+  const trySend = async (secure) => {
+    const t = getTransporter(creds, secure);
+    try {
+      await t.verify();
+      let sendInfo = null;
+      if (sendTest) {
+        const to = creds.email_address || creds.username;
+        const from = creds.from_name ? `${creds.from_name} <${creds.email_address || creds.username}>` : (creds.email_address || creds.username);
+        sendInfo = await t.sendMail({
+          from,
+          to,
+          subject: 'NHA — Email di prova',
+          text: `Questo è un messaggio di prova inviato da NotHumanAllowed (${new Date().toISOString()}).\n\nSe lo vedi, la configurazione SMTP è corretta.`,
+          html: `<p>Questo è un messaggio di prova inviato da <strong>NotHumanAllowed</strong> (${new Date().toISOString()}).</p><p>Se lo vedi, la configurazione SMTP è corretta.</p>`,
+        });
+      }
+      try { t.close(); } catch {}
+      return { ok: true, secure, sent: !!sendInfo, messageId: sendInfo?.messageId || null };
+    } catch (err) {
+      try { t.close(); } catch {}
+      throw err;
+    }
+  };
+  try {
+    return await trySend(firstSecure);
+  } catch (err) {
+    const looksTls = /greeting|tls|ssl|wrong version number|protocol|handshake/i.test(err.message || '');
+    if (looksTls) {
+      try {
+        const r = await trySend(!firstSecure);
+        return { ...r, message: `Fallback TLS=${!firstSecure} (heuristic was wrong for this server)` };
+      } catch (err2) {
+        throw new Error(`SMTP test failed (both TLS modes): ${err.message} / ${err2.message}`);
+      }
+    }
+    throw err;
+  }
+}
+
 /**
  * Send an email.
  *

package/src/services/message-responder.mjs

@@ -919,6 +919,50 @@ class TelegramResponder {
         const shortConfirm = /^(s[ìi]\.?|ok\.?|okay\.?|yes\.?|yep\.?|sure\.?|certo\.?|procedi\.?|fallo\.?|vai\.?|go\.?|do it\.?|conferma\.?|certo che s[ìi]\.?|fallo pure\.?)$/i.test(cleanText.trim());
 
         if (proposedAction && shortConfirm) {
+          // ── Server-side deterministic execution (15.1.43) ───────────────
+          // The previous "prompt-engineering" force retry kept failing when
+          // the LLM declared success without emitting the tool block. For
+          // the most common confirmed actions (DELETE, MOVE), we now bypass
+          // the LLM entirely: parse the proposal, resolve the eventId via
+          // calendar_date / calendar_find, then call calendar_delete /
+          // calendar_move directly. The user gets a guaranteed real result.
+          const directResult = await this._tryDirectAction(lastCtx.agentReply || '', this.config);
+          if (directResult) {
+            this.log(`[Telegram] ${fromUser}: direct-action ${directResult.action} → ${directResult.success ? 'OK' : 'FAIL'}`);
+            const personaName = this.config.responder?.telegram?.botName || this.config.responder?.botName || '';
+            const personaMode = this.config.responder?.telegram?.personaMode || (personaName ? 'persona' : 'agent');
+            let reply;
+            if (personaMode === 'persona-only' && personaName) {
+              reply = directResult.message;
+            } else if (personaMode === 'persona+role' && personaName) {
+              reply = `[${personaName} · herald]\n\n${directResult.message}`;
+            } else if (personaMode === 'persona' && personaName) {
+              reply = `[${personaName}]\n\n${directResult.message}`;
+            } else {
+              reply = `[HERALD]\n\n${directResult.message}`;
+            }
+            await this._telegramCall('sendMessage', { chat_id: chatId, text: reply });
+
+            // Update rolling memory + reset pending action (so a follow-up
+            // "Si" doesn't try to delete a second time).
+            const MAX = 20;
+            const prevLog = (lastCtx && Array.isArray(lastCtx.conversationLog)) ? lastCtx.conversationLog : [];
+            this._lastContextByChatId[chatId] = {
+              agent: 'herald',
+              userMsg: cleanText,
+              agentReply: directResult.message,
+              history: null,
+              conversationLog: [...prevLog,
+                { role: 'user',      content: cleanText,           ts: Date.now() },
+                { role: 'assistant', content: directResult.message, ts: Date.now() },
+              ].slice(-MAX * 2),
+              ts: Date.now(),
+            };
+            this._lastAgentByChatId[chatId] = 'herald';
+            this._persistContext();
+            return;
+          }
+
           // Extract the SPECIFIC action the assistant proposed (create/delete/
           // update/move/send/...), so we can inject an explicit tool name in
           // the instruction. Without this, Liara may pick a random tool —
@@ -1074,6 +1118,183 @@ class TelegramResponder {
     }
   }
 
+  // ── Direct server-side execution of a confirmed pending action ────────
+  // Returns { action, success, message } when it could resolve and execute
+  // the action without involving the LLM. Returns null when the proposal
+  // can't be reduced to deterministic parameters (e.g. ambiguous title,
+  // multiple candidate events, unsupported action shape) — caller then
+  // falls back to the prompt-engineering path.
+  //
+  // Currently supports: calendar_delete. (calendar_move/update can extend
+  // the same pattern once the proposal language stabilizes.)
+  async _tryDirectAction(proposalText, config) {
+    if (!proposalText || typeof proposalText !== 'string') return null;
+    const lower = proposalText.toLowerCase();
+
+    // Only handle DELETE for now — the riskiest "fake success" case.
+    const isDelete = /\b(cancell|eliminar[eo]|rimuover|delete|cancel)\b/.test(lower);
+    if (!isDelete) return null;
+
+    // Refuse if multiple distinct actions are proposed (chained plan).
+    if (/(\bpoi\b|\binoltre\b|\bdopo\b|\bquindi\b).*(invier[oò]|crear[oò]|spostar[oò]|modificare[oò]|aggiunger[oò])/i.test(proposalText)) {
+      return null;
+    }
+
+    const extracted = this._extractCalendarProposal(proposalText);
+    if (!extracted.date && !extracted.title) return null;
+
+    const { executeTool } = await import('./tool-executor.mjs');
+
+    // Candidates: events on the proposed date, or matching the title.
+    let candidates = [];
+    try {
+      if (extracted.date) {
+        const result = await executeTool('calendar_date', { date: extracted.date }, config);
+        candidates = this._parseEventsFromToolOutput(result);
+      }
+      if (candidates.length === 0 && extracted.title) {
+        const result = await executeTool('calendar_find', { query: extracted.title, daysAhead: 60 }, config);
+        candidates = this._parseEventsFromToolOutput(result);
+      }
+    } catch (err) {
+      this.log(`[Telegram] direct-action lookup failed: ${err.message}`);
+      return null;
+    }
+
+    if (candidates.length === 0) return null;
+
+    // Match by title tokens (case-insensitive, accent-insensitive).
+    const norm = (s) => String(s || '')
+      .toLowerCase()
+      .normalize('NFD').replace(/[̀-ͯ]/g, '')
+      .replace(/[^a-z0-9\s]/g, ' ')
+      .split(/\s+/).filter(t => t.length > 2);
+
+    let match = null;
+    if (extracted.title) {
+      const titleTokens = norm(extracted.title);
+      const scored = candidates.map(c => {
+        const summaryTokens = new Set(norm(c.summary));
+        const score = titleTokens.filter(t => summaryTokens.has(t)).length;
+        return { c, score };
+      }).sort((a, b) => b.score - a.score);
+      const top = scored[0];
+      if (top && top.score >= Math.max(1, Math.ceil(titleTokens.length * 0.5))) {
+        // Reject if a tied second-best also matches as well — ambiguous.
+        if (scored.length === 1 || scored[1].score < top.score) match = top.c;
+      }
+    }
+
+    // Fallback: if the date narrowed the day to a single event, that's
+    // unambiguously the event the user meant.
+    if (!match && candidates.length === 1 && extracted.date) match = candidates[0];
+
+    // Time hint as final tiebreaker.
+    if (!match && extracted.time) {
+      const exactTime = candidates.filter(c => (c.time || '').startsWith(extracted.time));
+      if (exactTime.length === 1) match = exactTime[0];
+    }
+
+    if (!match || !match.eventId) return null;
+
+    try {
+      const delResult = await executeTool('calendar_delete', { eventId: match.eventId }, config);
+      const ok = typeof delResult === 'string' && !/error|failed|could not|invalid|placeholder/i.test(delResult);
+      const summary = match.summary || extracted.title || 'l\'appuntamento';
+      const dateStr = extracted.date || (match.date || '');
+      const message = ok
+        ? `Fatto. Ho cancellato "${summary}"${dateStr ? ` del ${this._formatDateIT(dateStr)}` : ''}${match.time ? ` alle ${match.time}` : ''}.`
+        : `Non sono riuscito a cancellare l'evento: ${delResult}`;
+      return { action: 'calendar_delete', success: ok, message };
+    } catch (err) {
+      return { action: 'calendar_delete', success: false, message: `Errore nella cancellazione: ${err.message}` };
+    }
+  }
+
+  // Extract { title, date (YYYY-MM-DD), time (HH:MM) } from a free-form
+  // Italian/English proposal sentence. Best-effort; returns empty fields
+  // when nothing parseable was found.
+  _extractCalendarProposal(text) {
+    const out = { title: '', date: '', time: '' };
+
+    // Title: prefer quoted text ("..." or «...»).
+    const q = text.match(/["«""]([^"«»""\n]{2,80})["»""]/);
+    if (q) out.title = q[1].trim();
+
+    // Time: HH:MM (24h) or "alle 18" / "ore 18"
+    const tm = text.match(/\b([01]?\d|2[0-3]):([0-5]\d)\b/);
+    if (tm) out.time = `${tm[1].padStart(2, '0')}:${tm[2]}`;
+    else {
+      const hourOnly = text.match(/\b(?:alle|ore|at)\s+(\d{1,2})(?!\d)\b/i);
+      if (hourOnly) out.time = `${hourOnly[1].padStart(2, '0')}:00`;
+    }
+
+    // Date: italian "15 maggio [2026]", numeric "15/05[/2026]", ISO 2026-05-15
+    const iso = text.match(/\b(20\d{2})-(\d{2})-(\d{2})\b/);
+    if (iso) {
+      out.date = `${iso[1]}-${iso[2]}-${iso[3]}`;
+    } else {
+      const numeric = text.match(/\b(\d{1,2})[\/\-](\d{1,2})(?:[\/\-](20\d{2}))?\b/);
+      if (numeric) {
+        const yr = numeric[3] || String(new Date().getFullYear());
+        out.date = `${yr}-${numeric[2].padStart(2, '0')}-${numeric[1].padStart(2, '0')}`;
+      } else {
+        const MONTHS_IT = {
+          gennaio:'01', febbraio:'02', marzo:'03', aprile:'04', maggio:'05', giugno:'06',
+          luglio:'07', agosto:'08', settembre:'09', ottobre:'10', novembre:'11', dicembre:'12',
+        };
+        const MONTHS_EN = {
+          january:'01', february:'02', march:'03', april:'04', may:'05', june:'06',
+          july:'07', august:'08', september:'09', october:'10', november:'11', december:'12',
+          jan:'01', feb:'02', mar:'03', apr:'04', jun:'06', jul:'07', aug:'08', sep:'09',
+          sept:'09', oct:'10', nov:'11', dec:'12',
+        };
+        const all = { ...MONTHS_IT, ...MONTHS_EN };
+        const monthRe = new RegExp(`\\b(\\d{1,2})\\s+(${Object.keys(all).join('|')})(?:\\s+(20\\d{2}))?\\b`, 'i');
+        const monthM = text.match(monthRe);
+        if (monthM) {
+          const yr = monthM[3] || String(new Date().getFullYear());
+          out.date = `${yr}-${all[monthM[2].toLowerCase()]}-${monthM[1].padStart(2, '0')}`;
+        }
+      }
+    }
+
+    return out;
+  }
+
+  // Parse calendar_date / calendar_find tool output. The executor returns
+  // a human-readable string with each event on its own line plus the
+  // eventId in parentheses. We extract structured records.
+  _parseEventsFromToolOutput(toolResult) {
+    const text = typeof toolResult === 'string' ? toolResult : JSON.stringify(toolResult || '');
+    const lines = text.split(/\r?\n/);
+    const events = [];
+    for (const line of lines) {
+      // Look for the eventId pattern: parenthesised long alphanumeric.
+      const idMatch = line.match(/\(([a-z0-9_\-]{8,})\)/i);
+      if (!idMatch) continue;
+      const eventId = idMatch[1];
+      // Strip the (id) and any leading bullets/dashes/times for the summary.
+      const cleaned = line.replace(/\([a-z0-9_\-]{8,}\)/i, '').trim();
+      const timeM = cleaned.match(/\b([01]?\d|2[0-3]):([0-5]\d)\b/);
+      const time = timeM ? `${timeM[1].padStart(2, '0')}:${timeM[2]}` : '';
+      // Heuristic summary: text after the time, before any " - " or " · ".
+      let summary = cleaned;
+      if (timeM) summary = cleaned.slice(cleaned.indexOf(timeM[0]) + timeM[0].length);
+      summary = summary.replace(/^[\s\-–·•\.]+/, '').replace(/[\s\-–·•\.]+$/, '').trim();
+      if (!summary) summary = cleaned.replace(/^[\s\-–·•\.\d:]+/, '').trim();
+      events.push({ eventId, summary, time, date: '' });
+    }
+    return events;
+  }
+
+  _formatDateIT(isoDate) {
+    const m = String(isoDate || '').match(/^(\d{4})-(\d{2})-(\d{2})$/);
+    if (!m) return isoDate;
+    const months = ['gennaio','febbraio','marzo','aprile','maggio','giugno','luglio','agosto','settembre','ottobre','novembre','dicembre'];
+    return `${parseInt(m[3], 10)} ${months[parseInt(m[2], 10) - 1]} ${m[1]}`;
+  }
+
   async _telegramCall(method, body) {
     const res = await fetch(`https://api.telegram.org/bot${this.token}/${method}`, {
       method: 'POST',