nothumanallowed 15.1.65 → 15.1.66

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.65",
+  "version": "15.1.66",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '15.1.65';
+export const VERSION = '15.1.66';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/downloader.mjs

@@ -6,54 +6,82 @@ import crypto from 'crypto';
 import { fail } from './ui.mjs';
 
 /**
- * Download a file from URL to disk.
+ * Download a file from URL to disk, with automatic retry on transient errors.
+ *
+ * Retries on: timeouts, DNS failures, ECONNRESET, 5xx responses. Backs off
+ * exponentially (1s, 3s, 9s). Never retries on 4xx (semantic errors).
+ *
  * @param {string} url
  * @param {string} dest — absolute file path
  * @param {object} opts
- * @param {string} [opts.sha256] — expected hash (hex)
- * @param {number} [opts.timeout] — ms (default 30s)
+ * @param {string} [opts.sha256]    — expected hash (hex)
+ * @param {number} [opts.timeout]   — ms per attempt (default 30s)
+ * @param {number} [opts.retries]   — total attempts (default 3)
  * @returns {Promise<boolean>}
  */
 export async function download(url, dest, opts = {}) {
   const timeout = opts.timeout ?? 30_000;
-  try {
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), timeout);
+  const maxAttempts = Math.max(1, opts.retries ?? 3);
+  const { VERSION } = await import('./constants.mjs').catch(() => ({ VERSION: 'dev' }));
 
-    const res = await fetch(url, {
-      signal: controller.signal,
-      headers: { 'User-Agent': 'nha-cli/1.0.0' },
-    });
-    clearTimeout(timer);
+  let lastErr = null;
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    try {
+      const controller = new AbortController();
+      const timer = setTimeout(() => controller.abort(), timeout);
+      const res = await fetch(url, {
+        signal: controller.signal,
+        headers: { 'User-Agent': `nha-cli/${VERSION}` },
+      });
+      clearTimeout(timer);
 
-    if (!res.ok) {
-      fail(`HTTP ${res.status} downloading ${path.basename(dest)}`);
-      return false;
-    }
+      if (!res.ok) {
+        // 5xx → retry; 4xx → permanent failure, no retry
+        if (res.status >= 500 && attempt < maxAttempts) {
+          await _delay(_backoff(attempt));
+          continue;
+        }
+        fail(`HTTP ${res.status} downloading ${path.basename(dest)}`);
+        return false;
+      }
 
-    const buffer = Buffer.from(await res.arrayBuffer());
+      const buffer = Buffer.from(await res.arrayBuffer());
 
-    if (opts.sha256) {
-      const hash = crypto.createHash('sha256').update(buffer).digest('hex');
-      if (hash !== opts.sha256) {
-        fail(`Integrity check failed for ${path.basename(dest)}`);
-        fail(`  Expected: ${opts.sha256}`);
-        fail(`  Got:      ${hash}`);
-        return false;
+      if (opts.sha256) {
+        const hash = crypto.createHash('sha256').update(buffer).digest('hex');
+        if (hash !== opts.sha256) {
+          fail(`Integrity check failed for ${path.basename(dest)}`);
+          fail(`  Expected: ${opts.sha256}`);
+          fail(`  Got:      ${hash}`);
+          return false;
+        }
       }
-    }
 
-    fs.mkdirSync(path.dirname(dest), { recursive: true });
-    fs.writeFileSync(dest, buffer);
-    return true;
-  } catch (err) {
-    if (err.name === 'AbortError') {
-      fail(`Timeout downloading ${path.basename(dest)}`);
-    } else {
-      fail(`Failed to download ${path.basename(dest)}: ${err.message}`);
+      fs.mkdirSync(path.dirname(dest), { recursive: true });
+      fs.writeFileSync(dest, buffer);
+      return true;
+    } catch (err) {
+      lastErr = err;
+      const transient = err.name === 'AbortError'
+        || /ECONNRESET|ETIMEDOUT|ENOTFOUND|EAI_AGAIN|EPIPE|ENETUNREACH|UND_ERR/i.test(err.message || '');
+      if (transient && attempt < maxAttempts) {
+        await _delay(_backoff(attempt));
+        continue;
+      }
+      break;
     }
-    return false;
   }
+  if (lastErr) {
+    if (lastErr.name === 'AbortError') fail(`Timeout downloading ${path.basename(dest)} after ${maxAttempts} attempts`);
+    else fail(`Failed to download ${path.basename(dest)}: ${lastErr.message}`);
+  }
+  return false;
+}
+
+function _delay(ms) { return new Promise(r => setTimeout(r, ms)); }
+function _backoff(attempt) {
+  // 1s, 3s, 9s — capped at 30s
+  return Math.min(30_000, 1000 * Math.pow(3, attempt - 1));
 }
 
 /**

package/src/server/routes/agents.mjs

@@ -8,6 +8,7 @@ import { sendJSON, sendError, parseBody } from '../index.mjs';
 import { loadConfig } from '../../config.mjs';
 import { AGENTS_DIR, NHA_DIR } from '../../constants.mjs';
 import { callLLMStream, parseAgentFile } from '../../services/llm.mjs';
+import { tryDirectActionAll } from '../../services/message-responder.mjs';
 
 function loadAgentCards() {
   if (!fs.existsSync(AGENTS_DIR)) return [];
@@ -88,6 +89,23 @@ export function register(router) {
     const sse = (ev, data) => res.write(`event: ${ev}\ndata: ${JSON.stringify(data)}\n\n`);
 
     try {
+      // ── Direct-action pre-step (deterministic tool exec, LLM only for NLU) ──
+      // Same dispatcher used by Telegram / Discord / Chat WebUI / AWF: if
+      // the user's message maps to a state-changing tool (CRUD on calendar,
+      // email, drive, slack, github, file, ...), execute it server-side and
+      // stream the result. LLM agent is bypassed entirely for actions.
+      const direct = await tryDirectActionAll(body.message, loadConfig(), {
+        auditKey: `agents:${body.agent || 'any'}`,
+      });
+      if (direct) {
+        sse('tool', { action: direct.action, status: 'done' });
+        sse('token', { content: direct.message });
+        sse('done', {});
+        res.write('data: [DONE]\n\n');
+        res.end();
+        return;
+      }
+
       const agentSlug = body.agent?.toLowerCase();
       const LANG_MAP = { it:'Italian', en:'English', es:'Spanish', fr:'French', de:'German', pt:'Portuguese', nl:'Dutch', pl:'Polish', ru:'Russian', zh:'Chinese', ja:'Japanese', ko:'Korean', ar:'Arabic', hi:'Hindi', tr:'Turkish', sv:'Swedish', da:'Danish', fi:'Finnish', cs:'Czech' };
       const lang = LANG_MAP[(config?.language || config?.lang || 'en').slice(0,2)] || 'English';

package/src/server/routes/chat.mjs

@@ -674,6 +674,19 @@ export function register(router) {
       const userLang = detectedFromMsg || settingLang;
       enrichedPrompt += `\n\nIMPORTANT: The user wrote their message in ${userLang}. Respond in ${userLang}.`;
 
+      // Direct-action pre-step — but ONLY when there's no attachment. With
+      // a PDF/image, the user wants the model to *read* the file; we don't
+      // want to short-circuit that into a tool call. With pure-text /api/chat
+      // (non-streaming), same dispatcher as the streaming variant.
+      if (!body.pdfBase64 && !body.imageBase64 && !body.fileContent) {
+        const direct = await tryDirectActionAll(body.message, config, {
+          auditKey: `chat-ns:${body.conversationId || 'anon'}`,
+        });
+        if (direct) {
+          return sendJSON(res, 200, { response: direct.message });
+        }
+      }
+
       let response;
 
       if (body.pdfBase64) {

package/src/updater.mjs

@@ -170,9 +170,12 @@ export async function runUpdate() {
   }
 
   // ── Agents + Legion + PIF (downloaded from website, not npm) ───────────
+  // 45s timeout (was 15s) — VMs / slow connections can take that long for
+  // the first manifest fetch. The downloader retries internally for batch
+  // downloads, so this is just for the initial manifest.
   const res = await fetch(`${BASE_URL}/versions.json`, {
-    signal: AbortSignal.timeout(15000),
-    headers: { 'User-Agent': 'nha-cli/1.0.0' },
+    signal: AbortSignal.timeout(45000),
+    headers: { 'User-Agent': `nha-cli/${(await import('./constants.mjs')).VERSION}` },
   });
   if (!res.ok) {
     warn('Could not reach nothumanallowed.com for agent updates.');
@@ -195,7 +198,7 @@ export async function runUpdate() {
   // Update Legion
   if (legionCurrent !== legionLatest) {
     info(`Legion X: ${legionCurrent} → ${legionLatest}`);
-    const success = await download(`${BASE_URL}/legion-x.mjs`, LEGION_FILE, { timeout: 60_000 });
+    const success = await download(`${BASE_URL}/legion-x.mjs`, LEGION_FILE, { timeout: 90_000, retries: 4 });
     if (success) { ok(`Legion X updated to v${legionLatest}`); updated = true; }
   } else {
     ok(`Legion X v${legionCurrent} (up to date)`);
@@ -204,7 +207,7 @@ export async function runUpdate() {
   // Update PIF
   if (pifCurrent !== pifLatest) {
     info(`PIF: ${pifCurrent} → ${pifLatest}`);
-    const success = await download(`${BASE_URL}/pif.mjs`, PIF_FILE, { timeout: 60_000 });
+    const success = await download(`${BASE_URL}/pif.mjs`, PIF_FILE, { timeout: 90_000, retries: 4 });
     if (success) { ok(`PIF updated to v${pifLatest}`); updated = true; }
   } else {
     ok(`PIF v${pifCurrent} (up to date)`);