nothumanallowed 16.0.27 → 16.0.29

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.27",
+  "version": "16.0.29",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.27';
+export const VERSION = '16.0.29';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/webcraft.mjs

@@ -183,6 +183,23 @@ class SandboxManager {
     }
     emit({ type: 'status', msg: `Entry point: ${entryFile}` });
 
+    // Pre-flight: validate entry file with acorn. If the file content was
+    // corrupted by a partial LLM stream (HTTP error leaked as code), quarantine
+    // it with a minimal stub so the sandbox can still boot. The user sees a
+    // clear "re-generate from chat" message instead of a SyntaxError crash.
+    const entryAbs = path.join(projectDir, entryFile);
+    if (fs.existsSync(entryAbs)) {
+      try {
+        const entryContent = fs.readFileSync(entryAbs, 'utf-8');
+        const sanitized = _sanitizeGeneratedFile(entryFile, entryContent, path.basename(projectDir));
+        if (sanitized !== entryContent) {
+          emit({ type: 'warn', msg: `Entry file ${entryFile} was corrupted (likely partial stream / HTTP error leaked into content). Auto-quarantined — re-generate from chat.` });
+          fs.writeFileSync(entryAbs + '.corrupt-' + Date.now(), entryContent, 'utf-8');
+          fs.writeFileSync(entryAbs, sanitized, 'utf-8');
+        }
+      } catch {}
+    }
+
     // ── Phase 2: Dependencies (pre-scan + batch install) ──────────────────
     // Pre-scan the project source files for require()/import statements and
     // diff against package.json + node_modules. Install everything missing in
@@ -346,10 +363,22 @@ class SandboxManager {
     // The pre-scan in Phase 2 catches most cases. Tier 1 here is the safety
     // net for files generated AFTER pre-scan (e.g. user added a require()
     // during chat) or for transitive crashes that surface only at runtime.
-    const missingModules = [...stderrBuf.matchAll(/Cannot find module ['"]([^'"]+)['"]/g)]
+    const rawMissing = [...stderrBuf.matchAll(/Cannot find module ['"]([^'"]+)['"]/g)]
       .map(m => m[1])
       .filter(m => !m.startsWith('.') && !m.startsWith('/') && !m.startsWith('node:'))
-      .map(m => m.startsWith('@') ? m.split('/').slice(0, 2).join('/') : m.split('/')[0]);
+      .map(m => m.startsWith('@') ? m.split('/').slice(0, 2).join('/') : m.split('/')[0])
+      // Drop Node.js built-ins — they're in the runtime, can't be installed
+      .filter(m => !_NODE_BUILTINS.has(m));
+    // Resolve LLM hallucinated aliases (jwt → jsonwebtoken, bcrypt → bcryptjs)
+    const missingModules = rawMissing.map(m => _PACKAGE_ALIASES.get(m) || m);
+    // Detect aliases — if the shim already covers the resolved name, no install needed
+    const aliasedFromShim = rawMissing.filter(m => {
+      const real = _PACKAGE_ALIASES.get(m);
+      return real && _SHIMMED_MODULES.has(real);
+    });
+    if (aliasedFromShim.length > 0) {
+      emit({ type: 'warn', msg: `LLM hallucinated package names: ${aliasedFromShim.join(', ')} — the runtime shim already aliases these. If you still see this crash, the shim wasn't re-generated. Restart "nha ui".` });
+    }
     const uniqueMissing = [...new Set(missingModules)].filter(m => !_SHIMMED_MODULES.has(m));
     if (uniqueMissing.length > 0 && _attempt < MAX_RETRIES) {
       emit({ type: 'phase', phase: 'autofix', msg: `Missing module${uniqueMissing.length === 1 ? '' : 's'}: ${uniqueMissing.join(', ')} — batch installing...` });
@@ -3484,17 +3513,27 @@ function _patchEntry(projectDir, entryFile, shimDir, port) {
 // file content. Those strings are short, don't start with valid syntax for
 // the file type, and contain specific marker phrases.
 const _LLM_ERROR_MARKERS = [
+  // "Access denied" / "Access temporarily denied"
   /^\s*Access (temporarily )?denied/i,
-  /^\s*Rate ?limit(ed)?/i,
+  // "Service Temporarily Unavailable", "Server Temporarily Unavailable",
+  // "Temporarily Unavailable" — common nginx/cloudflare/CDN 503 responses
+  /^\s*(Service |Server )?Temporarily Unavailable/i,
   /^\s*Service Unavailable/i,
+  /^\s*Rate ?limit(ed)?/i,
   /^\s*Internal Server Error/i,
   /^\s*Too Many Requests/i,
   /^\s*Bad Gateway/i,
   /^\s*Gateway Timeout/i,
+  /^\s*Request Timeout/i,
+  /^\s*Not Found/i,
+  /^\s*Forbidden\b/i,
+  /^\s*Unauthorized\b/i,
   /^\s*<!DOCTYPE html.*Cloudflare/is,
-  /^\s*<html.*<title>.*(Access|Forbidden|Error)/is,
-  /^\s*\{?\s*"error"\s*:\s*"(rate.?limit|quota|unauthorized)"/i,
+  /^\s*<html.*<title>.*(Access|Forbidden|Error|Unavailable|Cloudflare)/is,
+  /^\s*\{?\s*"error"\s*:\s*"(rate.?limit|quota|unauthorized|temporarily)"/i,
   /^\s*error code:\s*\d{3,4}/i,
+  // Standalone HTTP status phrase at the start of a code file is suspicious
+  /^\s*(HTTP\/[\d.]+\s+)?[45]\d{2}\s+/,
 ];
 
 function _looksLikeLLMError(content) {
@@ -3517,17 +3556,25 @@ function _fallbackPackageJson(projectName) {
 }
 
 // Sanitize content before writing to disk. Rejects LLM error responses,
-// repairs corrupt JSON manifests, and falls back to a minimal template when
-// content is unsalvageable. This is the LAST line of defense between the LLM
-// API and the user's filesystem.
+// repairs corrupt JSON manifests, validates JS/TS with acorn, and falls back
+// to a safe placeholder when content is unsalvageable. This is the LAST line
+// of defense between the LLM API and the user's filesystem.
 function _sanitizeGeneratedFile(name, content, projectName) {
-  const isJson = /\.json$/i.test(name) || name.endsWith('package.json');
+  const ext = (name.split('.').pop() || '').toLowerCase();
+  const isJson = ext === 'json' || name.endsWith('package.json');
   const isPkg = name === 'package.json' || name.endsWith('/package.json');
+  const isCode = ['js', 'mjs', 'cjs', 'jsx', 'ts', 'tsx'].includes(ext);
 
+  // Layer A: detect HTTP error responses leaked as file content
   if (_looksLikeLLMError(content)) {
     if (isPkg) return _fallbackPackageJson(projectName);
-    return '/* nha-webcraft: file content from LLM looked like an HTTP error response and was discarded. Re-generate from chat. */';
+    if (isCode) {
+      return `// nha-webcraft: this file's content from the LLM looked like an HTTP error response\n// (status leaked into stream — likely '${_extractLLMErrorHint(content)}').\n// File quarantined to keep the sandbox bootable. Re-generate from chat.\nmodule.exports = {};\n`;
+    }
+    return '<!-- nha-webcraft: LLM error response detected, content discarded. Re-generate from chat. -->';
   }
+
+  // Layer B: validate JSON files
   if (isJson) {
     try { JSON.parse(content); }
     catch {
@@ -3543,9 +3590,40 @@ function _sanitizeGeneratedFile(name, content, projectName) {
       }
     }
   }
+
+  // Layer C: validate JS/JSX/TS files with acorn — catches partial streams
+  // that ended mid-token, leftover HTML/error text mixed with code, etc.
+  if (isCode && content && content.trim()) {
+    try {
+      const parser = ext === 'jsx' || ext === 'tsx' ? acorn.Parser.extend(acornJsx()) : acorn;
+      parser.parse(content, {
+        ecmaVersion: 'latest',
+        sourceType: ['mjs'].includes(ext) ? 'module' : (/\bimport\s+|\bexport\s+/.test(content) ? 'module' : 'script'),
+        allowReturnOutsideFunction: true,
+        allowAwaitOutsideFunction: true,
+        allowHashBang: true,
+      });
+    } catch (parseErr) {
+      // Only quarantine if the error is at the VERY START of the file —
+      // this signals "the whole file is junk" (HTTP error / partial stream)
+      // rather than a normal bug at line 50 that user can fix.
+      const lineMatch = parseErr.message.match(/\((\d+):(\d+)\)/);
+      const startsAtTop = !lineMatch || parseInt(lineMatch[1]) <= 2;
+      if (startsAtTop && content.length < 5000) {
+        return `// nha-webcraft: this file failed to parse near the start (${parseErr.message}).\n// Likely a partial/corrupted stream from the LLM. Quarantined to keep sandbox bootable.\n// Re-generate from chat.\nmodule.exports = {};\n`;
+      }
+      // Otherwise let it through — it's a real code bug, the user will see it
+    }
+  }
+
   return content;
 }
 
+function _extractLLMErrorHint(content) {
+  const head = content.slice(0, 200).replace(/\n/g, ' ').replace(/\s+/g, ' ').trim();
+  return head.slice(0, 80) + (head.length > 80 ? '...' : '');
+}
+
 // Authoritative list of modules covered by our offline-safe shims.
 // Used by both the pre-scan (to skip them from npm install) and the Tier 1
 // retry (to detect "missing module" stderr that's already covered by a shim).
@@ -3592,6 +3670,39 @@ function _installedDeps(projectDir) {
   } catch { return new Set(); }
 }
 
+// Node.js built-in modules — these are part of the runtime, not npm packages.
+// `require('fs')` always works without installation. The pre-scan MUST exclude
+// these or it tries to `npm install fs` which is meaningless (or worse, picks
+// up a malicious typosquat). Authoritative list from Node 22 LTS docs.
+const _NODE_BUILTINS = new Set([
+  'assert', 'async_hooks', 'buffer', 'child_process', 'cluster', 'console',
+  'constants', 'crypto', 'dgram', 'diagnostics_channel', 'dns', 'domain',
+  'events', 'fs', 'fs/promises', 'http', 'http2', 'https', 'inspector',
+  'inspector/promises', 'module', 'net', 'os', 'path', 'path/posix',
+  'path/win32', 'perf_hooks', 'process', 'punycode', 'querystring', 'readline',
+  'readline/promises', 'repl', 'stream', 'stream/consumers', 'stream/promises',
+  'stream/web', 'string_decoder', 'sys', 'timers', 'timers/promises', 'tls',
+  'trace_events', 'tty', 'url', 'util', 'util/types', 'v8', 'vm', 'wasi',
+  'worker_threads', 'zlib',
+]);
+
+// Common LLM hallucinations → real package name. The LLM sometimes invents
+// shorter aliases for popular packages. We map them transparently so the
+// generated code "just works" without npm install of fake packages.
+const _PACKAGE_ALIASES = new Map([
+  ['jwt', 'jsonwebtoken'],
+  ['bcrypt', 'bcryptjs'],
+  ['mongo', 'mongoose'],
+  ['postgres', 'pg'],
+  ['postgresql', 'pg'],
+  ['mysql', 'mysql2'],
+  ['env', 'dotenv'],
+  ['util-lodash', 'lodash'],
+  ['express-cors', 'cors'],
+  ['express-helmet', 'helmet'],
+  ['express-body-parser', 'body-parser'],
+]);
+
 /** Walk project files and extract all bare-import module names. */
 export function _scanProjectImports(projectDir, maxFiles = 500, maxBytes = 200_000) {
   const found = new Set();
@@ -3624,9 +3735,16 @@ export function _scanProjectImports(projectDir, maxFiles = 500, maxBytes = 200_0
         let m;
         while ((m = re.exec(content)) !== null) {
           const spec = m[1];
+          // Filter 1: node:fs, node:path etc.
           if (spec.startsWith('node:')) continue;
+          // Get the bare package name (handle @scope/name and subpaths)
           const pkg = spec.startsWith('@') ? spec.split('/').slice(0, 2).join('/') : spec.split('/')[0];
-          if (pkg) found.add(pkg);
+          if (!pkg) continue;
+          // Filter 2: skip Node built-ins (fs, path, crypto, http, etc.)
+          if (_NODE_BUILTINS.has(pkg)) continue;
+          // Filter 3: resolve LLM-hallucinated aliases to real packages
+          const real = _PACKAGE_ALIASES.get(pkg) || pkg;
+          found.add(real);
         }
       }
     }
@@ -4291,12 +4409,26 @@ module.exports.default = proxy;
   // real implementation, and only falls back to our shim when resolution fails.
   // Also supports NHA_OFFLINE_SHIM=1 to no-op any unresolvable module.
   const shimList = JSON.stringify(Object.keys(shimFiles).filter(f => f !== 'noop.js').map(f => f.replace(/\.js$/, '')));
+  // ALIAS map: bare names the LLM tends to invent → real package name we shim.
+  // Must stay in sync with _PACKAGE_ALIASES in the parent module so pre-scan
+  // and runtime shim agree on what to resolve.
+  const aliasJson = JSON.stringify({
+    'bcrypt': 'bcryptjs',
+    'jwt': 'jsonwebtoken',
+    'mongo': 'mongoose',
+    'postgres': 'pg',
+    'postgresql': 'pg',
+    'env': 'dotenv',
+    'express-cors': 'cors',
+    'express-helmet': 'helmet',
+    'express-body-parser': 'body-parser',
+  });
   const shimIndex = `
 const Module = require('module');
 const path = require('path');
 const __shimDir = ${JSON.stringify(shimDir)};
 const SHIM_NAMES = new Set(${shimList});
-const ALIAS = { 'bcrypt': 'bcryptjs' };
+const ALIAS = ${aliasJson};
 const OFFLINE = process.env.NHA_OFFLINE_SHIM === '1';
 const _original = Module._resolveFilename.bind(Module);