nothumanallowed 15.1.65 → 15.1.67

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.65",
+  "version": "15.1.67",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ops.mjs

@@ -97,8 +97,18 @@ export async function cmdOps(args) {
       const telegramConfigured = !!config.responder?.telegram?.token;
       const discordConfigured = !!config.responder?.discord?.token;
       console.log(`\n  ${BOLD}Message Responder${NC}\n`);
-      console.log(`  Telegram:         ${responder.telegram ? G + 'active' + NC : telegramConfigured ? Y + 'configured (daemon restart needed)' + NC : D + 'not configured' + NC}`);
-      console.log(`  Discord:          ${responder.discord ? G + 'active' + NC : discordConfigured ? Y + 'configured (daemon restart needed)' + NC : D + 'not configured' + NC}`);
+      // Surface the exact reason the responder didn't activate (missing
+      // LLM key on a paid provider, missing token, etc.) instead of the
+      // generic "daemon restart needed" — which is misleading because the
+      // daemon IS running, the responder just refused to spin up.
+      const reason = responder.reason || '';
+      let inactiveHintTel = 'configured but inactive (try: nha ops stop && nha ops start)';
+      if (reason.startsWith('missing_key:')) {
+        const p = reason.slice('missing_key:'.length);
+        inactiveHintTel = `configured but LLM key missing for provider "${p}" — fix with:  nha config set provider nha  (free Liara)  OR  nha config set ${p}-key YOUR_KEY`;
+      }
+      console.log(`  Telegram:         ${responder.telegram ? G + 'active' + NC : telegramConfigured ? Y + inactiveHintTel + NC : D + 'not configured' + NC}`);
+      console.log(`  Discord:          ${responder.discord ? G + 'active' + NC : discordConfigured ? Y + inactiveHintTel + NC : D + 'not configured' + NC}`);
       console.log(`  Auto-route:       ${config.responder?.autoRoute !== false ? G + 'keyword routing' + NC : D + 'CONDUCTOR only' + NC}`);
 
       console.log('');

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '15.1.65';
+export const VERSION = '15.1.67';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/downloader.mjs

@@ -6,54 +6,82 @@ import crypto from 'crypto';
 import { fail } from './ui.mjs';
 
 /**
- * Download a file from URL to disk.
+ * Download a file from URL to disk, with automatic retry on transient errors.
+ *
+ * Retries on: timeouts, DNS failures, ECONNRESET, 5xx responses. Backs off
+ * exponentially (1s, 3s, 9s). Never retries on 4xx (semantic errors).
+ *
  * @param {string} url
  * @param {string} dest — absolute file path
  * @param {object} opts
- * @param {string} [opts.sha256] — expected hash (hex)
- * @param {number} [opts.timeout] — ms (default 30s)
+ * @param {string} [opts.sha256]    — expected hash (hex)
+ * @param {number} [opts.timeout]   — ms per attempt (default 30s)
+ * @param {number} [opts.retries]   — total attempts (default 3)
  * @returns {Promise<boolean>}
  */
 export async function download(url, dest, opts = {}) {
   const timeout = opts.timeout ?? 30_000;
-  try {
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), timeout);
+  const maxAttempts = Math.max(1, opts.retries ?? 3);
+  const { VERSION } = await import('./constants.mjs').catch(() => ({ VERSION: 'dev' }));
 
-    const res = await fetch(url, {
-      signal: controller.signal,
-      headers: { 'User-Agent': 'nha-cli/1.0.0' },
-    });
-    clearTimeout(timer);
+  let lastErr = null;
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    try {
+      const controller = new AbortController();
+      const timer = setTimeout(() => controller.abort(), timeout);
+      const res = await fetch(url, {
+        signal: controller.signal,
+        headers: { 'User-Agent': `nha-cli/${VERSION}` },
+      });
+      clearTimeout(timer);
 
-    if (!res.ok) {
-      fail(`HTTP ${res.status} downloading ${path.basename(dest)}`);
-      return false;
-    }
+      if (!res.ok) {
+        // 5xx → retry; 4xx → permanent failure, no retry
+        if (res.status >= 500 && attempt < maxAttempts) {
+          await _delay(_backoff(attempt));
+          continue;
+        }
+        fail(`HTTP ${res.status} downloading ${path.basename(dest)}`);
+        return false;
+      }
 
-    const buffer = Buffer.from(await res.arrayBuffer());
+      const buffer = Buffer.from(await res.arrayBuffer());
 
-    if (opts.sha256) {
-      const hash = crypto.createHash('sha256').update(buffer).digest('hex');
-      if (hash !== opts.sha256) {
-        fail(`Integrity check failed for ${path.basename(dest)}`);
-        fail(`  Expected: ${opts.sha256}`);
-        fail(`  Got:      ${hash}`);
-        return false;
+      if (opts.sha256) {
+        const hash = crypto.createHash('sha256').update(buffer).digest('hex');
+        if (hash !== opts.sha256) {
+          fail(`Integrity check failed for ${path.basename(dest)}`);
+          fail(`  Expected: ${opts.sha256}`);
+          fail(`  Got:      ${hash}`);
+          return false;
+        }
       }
-    }
 
-    fs.mkdirSync(path.dirname(dest), { recursive: true });
-    fs.writeFileSync(dest, buffer);
-    return true;
-  } catch (err) {
-    if (err.name === 'AbortError') {
-      fail(`Timeout downloading ${path.basename(dest)}`);
-    } else {
-      fail(`Failed to download ${path.basename(dest)}: ${err.message}`);
+      fs.mkdirSync(path.dirname(dest), { recursive: true });
+      fs.writeFileSync(dest, buffer);
+      return true;
+    } catch (err) {
+      lastErr = err;
+      const transient = err.name === 'AbortError'
+        || /ECONNRESET|ETIMEDOUT|ENOTFOUND|EAI_AGAIN|EPIPE|ENETUNREACH|UND_ERR/i.test(err.message || '');
+      if (transient && attempt < maxAttempts) {
+        await _delay(_backoff(attempt));
+        continue;
+      }
+      break;
     }
-    return false;
   }
+  if (lastErr) {
+    if (lastErr.name === 'AbortError') fail(`Timeout downloading ${path.basename(dest)} after ${maxAttempts} attempts`);
+    else fail(`Failed to download ${path.basename(dest)}: ${lastErr.message}`);
+  }
+  return false;
+}
+
+function _delay(ms) { return new Promise(r => setTimeout(r, ms)); }
+function _backoff(attempt) {
+  // 1s, 3s, 9s — capped at 30s
+  return Math.min(30_000, 1000 * Math.pow(3, attempt - 1));
 }
 
 /**

package/src/server/routes/agents.mjs

@@ -8,6 +8,7 @@ import { sendJSON, sendError, parseBody } from '../index.mjs';
 import { loadConfig } from '../../config.mjs';
 import { AGENTS_DIR, NHA_DIR } from '../../constants.mjs';
 import { callLLMStream, parseAgentFile } from '../../services/llm.mjs';
+import { tryDirectActionAll } from '../../services/message-responder.mjs';
 
 function loadAgentCards() {
   if (!fs.existsSync(AGENTS_DIR)) return [];
@@ -88,6 +89,23 @@ export function register(router) {
     const sse = (ev, data) => res.write(`event: ${ev}\ndata: ${JSON.stringify(data)}\n\n`);
 
     try {
+      // ── Direct-action pre-step (deterministic tool exec, LLM only for NLU) ──
+      // Same dispatcher used by Telegram / Discord / Chat WebUI / AWF: if
+      // the user's message maps to a state-changing tool (CRUD on calendar,
+      // email, drive, slack, github, file, ...), execute it server-side and
+      // stream the result. LLM agent is bypassed entirely for actions.
+      const direct = await tryDirectActionAll(body.message, loadConfig(), {
+        auditKey: `agents:${body.agent || 'any'}`,
+      });
+      if (direct) {
+        sse('tool', { action: direct.action, status: 'done' });
+        sse('token', { content: direct.message });
+        sse('done', {});
+        res.write('data: [DONE]\n\n');
+        res.end();
+        return;
+      }
+
       const agentSlug = body.agent?.toLowerCase();
       const LANG_MAP = { it:'Italian', en:'English', es:'Spanish', fr:'French', de:'German', pt:'Portuguese', nl:'Dutch', pl:'Polish', ru:'Russian', zh:'Chinese', ja:'Japanese', ko:'Korean', ar:'Arabic', hi:'Hindi', tr:'Turkish', sv:'Swedish', da:'Danish', fi:'Finnish', cs:'Czech' };
       const lang = LANG_MAP[(config?.language || config?.lang || 'en').slice(0,2)] || 'English';

package/src/server/routes/chat.mjs

@@ -674,6 +674,19 @@ export function register(router) {
       const userLang = detectedFromMsg || settingLang;
       enrichedPrompt += `\n\nIMPORTANT: The user wrote their message in ${userLang}. Respond in ${userLang}.`;
 
+      // Direct-action pre-step — but ONLY when there's no attachment. With
+      // a PDF/image, the user wants the model to *read* the file; we don't
+      // want to short-circuit that into a tool call. With pure-text /api/chat
+      // (non-streaming), same dispatcher as the streaming variant.
+      if (!body.pdfBase64 && !body.imageBase64 && !body.fileContent) {
+        const direct = await tryDirectActionAll(body.message, config, {
+          auditKey: `chat-ns:${body.conversationId || 'anon'}`,
+        });
+        if (direct) {
+          return sendJSON(res, 200, { response: direct.message });
+        }
+      }
+
       let response;
 
       if (body.pdfBase64) {

package/src/services/message-responder.mjs

@@ -2749,12 +2749,19 @@ export function startResponder(config, log, wsBroadcast) {
   const hasAnyToken = config.responder?.telegram?.token || config.responder?.discord?.token;
   if (!hasAnyToken) {
     log('[Responder] No tokens configured — skipping');
-    return { telegram: false, discord: false };
-  }
-
-  if (!config.llm?.apiKey) {
-    log('[Responder] No LLM API key — cannot respond to messages');
-    return { telegram: false, discord: false };
+    return { telegram: false, discord: false, reason: 'no_token' };
+  }
+
+  // Liara (provider 'nha') is the default free tier — it does NOT require an
+  // API key. Only refuse to start if the user explicitly picked a paid
+  // provider (anthropic, openai, gemini, ...) and forgot to set the key.
+  // Previously we rejected ALL providers including Liara, leaving the user
+  // stuck on "configured (daemon restart needed)" with no actionable hint.
+  const provider = (config.llm?.provider || 'nha').toLowerCase();
+  const PAID_PROVIDERS = new Set(['anthropic', 'openai', 'gemini', 'deepseek', 'grok', 'mistral', 'cohere']);
+  if (PAID_PROVIDERS.has(provider) && !config.llm?.apiKey) {
+    log(`[Responder] Provider "${provider}" requires an API key — cannot respond. Run: nha config set provider nha   (to switch to free Liara)   OR   nha config set ${provider}-key YOUR_KEY`);
+    return { telegram: false, discord: false, reason: `missing_key:${provider}` };
   }
 
   const result = { telegram: false, discord: false };

package/src/updater.mjs

@@ -170,9 +170,12 @@ export async function runUpdate() {
   }
 
   // ── Agents + Legion + PIF (downloaded from website, not npm) ───────────
+  // 45s timeout (was 15s) — VMs / slow connections can take that long for
+  // the first manifest fetch. The downloader retries internally for batch
+  // downloads, so this is just for the initial manifest.
   const res = await fetch(`${BASE_URL}/versions.json`, {
-    signal: AbortSignal.timeout(15000),
-    headers: { 'User-Agent': 'nha-cli/1.0.0' },
+    signal: AbortSignal.timeout(45000),
+    headers: { 'User-Agent': `nha-cli/${(await import('./constants.mjs')).VERSION}` },
   });
   if (!res.ok) {
     warn('Could not reach nothumanallowed.com for agent updates.');
@@ -195,7 +198,7 @@ export async function runUpdate() {
   // Update Legion
   if (legionCurrent !== legionLatest) {
     info(`Legion X: ${legionCurrent} → ${legionLatest}`);
-    const success = await download(`${BASE_URL}/legion-x.mjs`, LEGION_FILE, { timeout: 60_000 });
+    const success = await download(`${BASE_URL}/legion-x.mjs`, LEGION_FILE, { timeout: 90_000, retries: 4 });
     if (success) { ok(`Legion X updated to v${legionLatest}`); updated = true; }
   } else {
     ok(`Legion X v${legionCurrent} (up to date)`);
@@ -204,7 +207,7 @@ export async function runUpdate() {
   // Update PIF
   if (pifCurrent !== pifLatest) {
     info(`PIF: ${pifCurrent} → ${pifLatest}`);
-    const success = await download(`${BASE_URL}/pif.mjs`, PIF_FILE, { timeout: 60_000 });
+    const success = await download(`${BASE_URL}/pif.mjs`, PIF_FILE, { timeout: 90_000, retries: 4 });
     if (success) { ok(`PIF updated to v${pifLatest}`); updated = true; }
   } else {
     ok(`PIF v${pifCurrent} (up to date)`);