nothumanallowed 16.0.36 → 16.0.38

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.36",
+  "version": "16.0.38",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.36';
+export const VERSION = '16.0.38';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/webcraft.mjs

@@ -218,6 +218,17 @@ class SandboxManager {
       emit({ type: 'warn', msg: `Pre-flight repair: ${repaired.length} file${repaired.length === 1 ? '' : 's'} quarantined (corrupted content) → ${repaired.join(', ')}. Re-generate from chat to restore them.` });
     }
 
+    // Pre-flight: create missing data dirs/files referenced by code.
+    // LLMs frequently generate `fs.writeFile('data/users.json', ...)` without
+    // creating data/ first → ENOENT crash on boot. Scan code for these
+    // references and seed empty placeholders BEFORE the sandbox starts.
+    try {
+      const dataFiles = _detectMissingDataFiles(projectDir);
+      if (dataFiles.length > 0) {
+        emit({ type: 'status', msg: `Pre-flight: seeded ${dataFiles.length} data file${dataFiles.length === 1 ? '' : 's'} → ${dataFiles.slice(0, 5).join(', ')}${dataFiles.length > 5 ? '...' : ''}` });
+      }
+    } catch {}
+
     // ── Phase 2: Dependencies (pre-scan + batch install) ──────────────────
     // Pre-scan the project source files for require()/import statements and
     // diff against package.json + node_modules. Install everything missing in
@@ -369,7 +380,16 @@ class SandboxManager {
           const preview = body.slice(0, 200).replace(/\s+/g, ' ').trim();
           emit({ type: 'log', msg: `[probe] GET / → ${status} (${ct}, ${len} bytes)` });
           if (status >= 400) {
-            emit({ type: 'warn', msg: `Probe: GET / returned ${status}. The sandbox is running but has no route for "/". Add app.get('/', ...) in your code or generate an index.html.` });
+            // Show the actual error body so the user knows WHAT went wrong,
+            // not just the status code. 500s from Express handlers often
+            // include the stack trace or error message in the body.
+            const bodyPreview = body.slice(0, 800).trim();
+            emit({ type: 'error', msg: `Probe: GET / returned ${status}. Response body:\n${bodyPreview}` });
+            if (status === 500) {
+              emit({ type: 'warn', msg: `500 Internal Server Error usually means the route handler threw. Common causes: missing await on async function, JSON.parse on empty file, undefined variable, DB connection failure. Check stderr logs above for the actual stack trace.` });
+            } else if (status === 404) {
+              emit({ type: 'warn', msg: `404 means no route matches "/". Add app.get('/', ...) returning HTML, or app.use(express.static('public')) if you have an index.html in public/.` });
+            }
           } else if (len === 0) {
             emit({ type: 'warn', msg: `Probe: GET / returned empty body (${status}). The route exists but sends no response — check that you call res.send() / res.json() / res.end().` });
           } else if (isHtml && !/<\w+/.test(body)) {
@@ -454,6 +474,36 @@ class SandboxManager {
           return this.start(projectName, projectDir, emit, _attempt + 1);
         }
       }
+    }
+
+    // ── Tier 1b: ENOENT on file write → create missing path + retry ──────
+    // Deterministic. LLM SaaS code often writes to data/users.json without
+    // mkdir -p data/ first → ENOENT. We detect, create the dir + empty
+    // placeholder JSON, and retry. Zero LLM call needed.
+    const enoentMatch = stderrBuf.match(/ENOENT[^']*open\s+['"]([^'"]+)['"]/);
+    if (enoentMatch && _attempt < MAX_RETRIES) {
+      const missingPath = enoentMatch[1];
+      // Only auto-create if path is inside the project
+      const projectAbs = path.resolve(projectDir);
+      const missingAbs = path.resolve(missingPath);
+      if (missingAbs.startsWith(projectAbs)) {
+        emit({ type: 'phase', phase: 'autofix', msg: `ENOENT on ${missingPath} — creating directory + empty placeholder...` });
+        try {
+          ensureDir(path.dirname(missingAbs));
+          if (!fs.existsSync(missingAbs)) {
+            const ext = path.extname(missingAbs).toLowerCase();
+            let stub = '';
+            if (ext === '.json') stub = /users|posts|items|list|todos|comments|orders|products/i.test(missingPath) ? '[]' : '{}';
+            else if (ext === '.sqlite' || ext === '.db') { /* skip binary */ }
+            else stub = '';
+            if (ext !== '.sqlite' && ext !== '.db') fs.writeFileSync(missingAbs, stub, 'utf-8');
+          }
+          emit({ type: 'status', msg: `Created ${missingPath} — retrying (attempt ${_attempt + 1}/${MAX_RETRIES})...` });
+          return this.start(projectName, projectDir, emit, _attempt + 1);
+        } catch (e) {
+          emit({ type: 'warn', msg: `Failed to create ${missingPath}: ${e.message.slice(0, 200)}` });
+        }
+      }
     } else if (missingModules.length > 0 && uniqueMissing.length === 0) {
       // All missing modules are shimmable in THIS version of the CLI. If we
       // reached this branch, the user has an OLDER CLI installed that doesn't
@@ -3554,6 +3604,61 @@ function _placeholderContent(kind, refPath) {
   return '';
 }
 
+/**
+ * Scan all .js/.mjs/.ts files for filesystem paths referenced in string
+ * literals (typically used for file-based storage by LLM-generated SaaS code:
+ * fs.writeFile('data/users.json', ...), fs.readFile('db/posts.json'), etc).
+ * Creates missing directories + empty JSON placeholders so the app can boot
+ * instead of crashing with ENOENT on first write.
+ */
+export function _detectMissingDataFiles(projectDir) {
+  const created = [];
+  const exts = new Set(['.js', '.mjs', '.cjs', '.ts']);
+  const skipDirs = new Set(['node_modules', '.git', '.nha-shims', 'dist', 'build', '.next', 'public']);
+  // Match string literals that look like project-relative storage paths:
+  //   "data/users.json", './db/posts.json', "uploads/", "logs/app.log"
+  // Skip absolute paths, URLs, node_modules/, dotfiles.
+  const re = /['"`](?:\.\/)?((?:data|db|storage|uploads|logs|tmp|cache|sessions)\/[A-Za-z0-9_\-./]+)['"`]/g;
+  const stack = [projectDir];
+  const seen = new Set();
+  while (stack.length) {
+    const cur = stack.pop();
+    let entries;
+    try { entries = fs.readdirSync(cur, { withFileTypes: true }); } catch { continue; }
+    for (const ent of entries) {
+      if (skipDirs.has(ent.name) || ent.name.startsWith('.')) continue;
+      const abs = path.join(cur, ent.name);
+      if (ent.isDirectory()) { stack.push(abs); continue; }
+      if (!exts.has(path.extname(ent.name))) continue;
+      let content;
+      try { content = fs.readFileSync(abs, 'utf-8'); } catch { continue; }
+      let m;
+      re.lastIndex = 0;
+      while ((m = re.exec(content)) !== null) {
+        const rel = m[1].replace(/\\/g, '/');
+        if (seen.has(rel)) continue;
+        seen.add(rel);
+        const fullPath = path.join(projectDir, rel);
+        try {
+          ensureDir(path.dirname(fullPath));
+          // Only create file if it looks like a file (has extension) and doesn't exist
+          if (path.extname(rel) && !fs.existsSync(fullPath)) {
+            const ext = path.extname(rel).toLowerCase();
+            let stub = '';
+            if (ext === '.json') stub = rel.includes('users') || rel.includes('posts') || rel.includes('items') || rel.includes('list') ? '[]' : '{}';
+            else if (ext === '.txt' || ext === '.log') stub = '';
+            else if (ext === '.sqlite' || ext === '.db') continue; // skip binary
+            else stub = '';
+            fs.writeFileSync(fullPath, stub, 'utf-8');
+            created.push(rel);
+          }
+        } catch {}
+      }
+    }
+  }
+  return created;
+}
+
 export function autoRepairProject(projectName) {
   const dir = ProjectStore.dir(projectName);
   if (!fs.existsSync(dir)) throw new Error('project not found');
@@ -3562,6 +3667,13 @@ export function autoRepairProject(projectName) {
   const filesRepaired = new Set();
   const filesCreated = [];
 
+  // Phase 0: create missing data files referenced by code (data/X.json, etc)
+  const dataCreated = _detectMissingDataFiles(dir);
+  for (const f of dataCreated) {
+    filesCreated.push(f);
+    repairs.push({ file: f, kind: 'missing-data-file', source: 'code-reference' });
+  }
+
   // Walk every HTML file in the project
   const stack = [dir];
   const skipDirs = new Set(['node_modules', '.git', '.nha-shims', 'dist', 'build', '.next']);
@@ -4031,6 +4143,14 @@ const _LLM_ERROR_MARKERS = [
   /^\s*error code:\s*\d{3,4}/i,
   // Standalone HTTP status phrase at the start of a code file is suspicious
   /^\s*(HTTP\/[\d.]+\s+)?[45]\d{2}\s+/,
+  // NHA/Liara backend retry-wrapper errors leaked as file content:
+  //   "/* Retry: NHA Free 502: {"error":"Failed to reach Liara",...}"
+  //   "Retry: NHA 503", "// NHA Free Error 429"
+  /^\s*(?:\/\*\s*|\/\/\s*)?Retry:?\s*NHA(\s+Free)?(\s+\d{3})?/i,
+  /^\s*(?:\/\*\s*|\/\/\s*)?Failed to reach (Liara|NHA|OpenAI|Anthropic|Gemini|provider)/i,
+  /^\s*\{?\s*"error"\s*:\s*"Failed to reach/i,
+  // Plain "fetch failed", "ECONNRESET" etc. as first line of a code file
+  /^\s*(?:\/\*\s*|\/\/\s*)?(?:fetch failed|ECONNRESET|ECONNREFUSED|ETIMEDOUT)\b/i,
 ];
 
 function _looksLikeLLMError(content) {