nothumanallowed 16.0.25 → 16.0.27

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.25",
+  "version": "16.0.27",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.25';
+export const VERSION = '16.0.27';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/webcraft.mjs

@@ -142,6 +142,34 @@ class SandboxManager {
       return;
     }
 
+    // ── Phase 0: Pre-flight repair ───────────────────────────────────────
+    // Before anything else, check that package.json on disk is valid JSON.
+    // If a previous LLM generation wrote a corrupt file (e.g. an HTTP error
+    // response leaked as content), Node's package_json_reader would crash
+    // with SyntaxError before we even get to load shims. Repair in place.
+    const pkgPath = path.join(projectDir, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      const pkgRaw = fs.readFileSync(pkgPath, 'utf-8');
+      let needsRepair = false;
+      let reason = '';
+      if (_looksLikeLLMError(pkgRaw)) {
+        needsRepair = true;
+        reason = 'content looks like an LLM API error response (Access denied / Rate limit / HTML block page)';
+      } else {
+        try { JSON.parse(pkgRaw); }
+        catch (e) { needsRepair = true; reason = `invalid JSON: ${e.message}`; }
+      }
+      if (needsRepair) {
+        emit({ type: 'warn', msg: `package.json corrupt (${reason}) — auto-repairing with minimal fallback so the sandbox can boot.` });
+        const projectName = path.basename(projectDir);
+        fs.writeFileSync(pkgPath, _fallbackPackageJson(projectName), 'utf-8');
+        emit({ type: 'status', msg: `package.json repaired. Original corrupt content backed up to package.json.corrupt-${Date.now()}` });
+        try {
+          fs.writeFileSync(pkgPath + '.corrupt-' + Date.now(), pkgRaw, 'utf-8');
+        } catch {}
+      }
+    }
+
     // ── Phase 1: Shims ────────────────────────────────────────────────────
     emit({ type: 'phase', phase: 'shims', msg: 'Injecting runtime shims (pg, redis, mongoose, helmet...)' });
     const shimDir = path.join(projectDir, '.nha-shims');
@@ -343,9 +371,23 @@ class SandboxManager {
         }
       }
     } else if (missingModules.length > 0 && uniqueMissing.length === 0) {
-      // All missing modules are shimmable — should never reach here because
-      // the shim handles them transparently. If it does, log the surprise.
-      emit({ type: 'warn', msg: `Crash mentions modules that ARE shimmed (${missingModules.join(', ')}). The shim index.js may not have been preloaded — check .nha-launcher.js wiring.` });
+      // All missing modules are shimmable in THIS version of the CLI. If we
+      // reached this branch, the user has an OLDER CLI installed that doesn't
+      // know about these shims yet. Surface this loudly with the exact upgrade
+      // command — DON'T leave the user staring at a generic crash.
+      emit({ type: 'error', msg:
+        `\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n` +
+        `⚠ IL TUO NHA È OBSOLETO — questo crash è già fixato nell'ultima versione.\n` +
+        `━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n` +
+        `Moduli mancanti che la nuova versione gestisce automaticamente:\n` +
+        `  → ${missingModules.join(', ')}\n\n` +
+        `Aggiorna NHA (3 comandi):\n` +
+        `  1. npm install -g nothumanallowed@latest\n` +
+        `  2. pkill -f "nha-launcher" ; pkill -f "node.*nha"\n` +
+        `  3. nha ui\n\n` +
+        `Verifica versione dopo: nha --version (deve essere >= 16.0.25)\n` +
+        `━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`
+      });
     }
 
     // ── Tier 2: runtime errors that need code fix (require/import mismatch,
@@ -633,7 +675,8 @@ const ProjectStore = {
       if (!_isSafePath(f.name)) continue;
       const abs = path.join(dir, f.name);
       ensureDir(path.dirname(abs));
-      fs.writeFileSync(abs, f.content ?? '', 'utf-8');
+      const sanitized = _sanitizeGeneratedFile(f.name, f.content ?? '', projectName);
+      fs.writeFileSync(abs, sanitized, 'utf-8');
     }
     const meta = {
       description: description ?? '',
@@ -3435,6 +3478,74 @@ function _patchEntry(projectDir, entryFile, shimDir, port) {
   return '.nha-launcher.js';
 }
 
+// Detect LLM API error responses that leaked into the file content. When the
+// LLM endpoint returns 4xx/5xx with a plaintext body (Cloudflare block, rate
+// limit, "Access temporarily denied"), the response often ends up saved as
+// file content. Those strings are short, don't start with valid syntax for
+// the file type, and contain specific marker phrases.
+const _LLM_ERROR_MARKERS = [
+  /^\s*Access (temporarily )?denied/i,
+  /^\s*Rate ?limit(ed)?/i,
+  /^\s*Service Unavailable/i,
+  /^\s*Internal Server Error/i,
+  /^\s*Too Many Requests/i,
+  /^\s*Bad Gateway/i,
+  /^\s*Gateway Timeout/i,
+  /^\s*<!DOCTYPE html.*Cloudflare/is,
+  /^\s*<html.*<title>.*(Access|Forbidden|Error)/is,
+  /^\s*\{?\s*"error"\s*:\s*"(rate.?limit|quota|unauthorized)"/i,
+  /^\s*error code:\s*\d{3,4}/i,
+];
+
+function _looksLikeLLMError(content) {
+  if (typeof content !== 'string') return false;
+  const head = content.slice(0, 500);
+  return _LLM_ERROR_MARKERS.some(re => re.test(head));
+}
+
+// Minimal package.json template — used when the LLM-generated one is corrupted.
+function _fallbackPackageJson(projectName) {
+  return JSON.stringify({
+    name: String(projectName || 'nha-project').toLowerCase().replace(/[^a-z0-9-]/g, '-'),
+    version: '1.0.0',
+    description: 'NHA-generated project (package.json auto-repaired)',
+    main: 'index.js',
+    type: 'commonjs',
+    scripts: { start: 'node index.js' },
+    dependencies: {},
+  }, null, 2);
+}
+
+// Sanitize content before writing to disk. Rejects LLM error responses,
+// repairs corrupt JSON manifests, and falls back to a minimal template when
+// content is unsalvageable. This is the LAST line of defense between the LLM
+// API and the user's filesystem.
+function _sanitizeGeneratedFile(name, content, projectName) {
+  const isJson = /\.json$/i.test(name) || name.endsWith('package.json');
+  const isPkg = name === 'package.json' || name.endsWith('/package.json');
+
+  if (_looksLikeLLMError(content)) {
+    if (isPkg) return _fallbackPackageJson(projectName);
+    return '/* nha-webcraft: file content from LLM looked like an HTTP error response and was discarded. Re-generate from chat. */';
+  }
+  if (isJson) {
+    try { JSON.parse(content); }
+    catch {
+      if (isPkg) return _fallbackPackageJson(projectName);
+      try {
+        const repaired = content
+          .replace(/,\s*([}\]])/g, '$1')
+          .replace(/([{,]\s*)([A-Za-z_][A-Za-z0-9_]*)\s*:/g, '$1"$2":');
+        JSON.parse(repaired);
+        return repaired;
+      } catch {
+        return '{}';
+      }
+    }
+  }
+  return content;
+}
+
 // Authoritative list of modules covered by our offline-safe shims.
 // Used by both the pre-scan (to skip them from npm install) and the Tier 1
 // retry (to detect "missing module" stderr that's already covered by a shim).