nothumanallowed 16.0.40 → 16.0.41

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.40",
+  "version": "16.0.41",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.40';
+export const VERSION = '16.0.41';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/webcraft.mjs

@@ -5027,15 +5027,40 @@ function compilePath(p) {
 }
 
 function createApp() {
-  const stack = [];
+  // Flat layer list — each handler is its own layer (matches Express semantics).
+  // Layer types: 'normal' (3-arg) or 'error' (4-arg). Path-mounted layers
+  // ('app.use("/api", router)') get a prefix that must match the URL.
+  const layers = [];
   const settings = {};
+
+  function addLayer(method, re, keys, prefix, handler) {
+    const isErrHandler = typeof handler === 'function' && handler.length === 4;
+    layers.push({ method, re, keys, prefix, handler, isErrHandler });
+  }
+
   function use(arg, ...rest) {
-    if (typeof arg === 'function') stack.push({ method: 'ALL', re: /.*/, keys: [], handlers: [arg, ...rest] });
-    else { const c = compilePath(arg); stack.push({ method: 'ALL', re: c.re, keys: c.keys, handlers: rest.flat() }); }
+    let prefix = '';
+    let handlers = rest;
+    if (typeof arg === 'function') {
+      handlers = [arg, ...rest];
+    } else {
+      prefix = String(arg).replace(/\\/+$/, '');
+    }
+    for (const h of handlers.flat()) {
+      if (typeof h !== 'function') continue;
+      addLayer('ALL', /.*/, [], prefix, h);
+    }
     return app;
   }
   function addRoute(method) {
-    return (path, ...handlers) => { const c = compilePath(path); stack.push({ method, re: c.re, keys: c.keys, handlers: handlers.flat() }); return app; };
+    return (p, ...handlers) => {
+      const c = compilePath(p);
+      for (const h of handlers.flat()) {
+        if (typeof h !== 'function') continue;
+        addLayer(method, c.re, c.keys, '', h);
+      }
+      return app;
+    };
   }
   const app = async function (req, res) {
     const parsed = url.parse(req.url, true);
@@ -5049,30 +5074,52 @@ function createApp() {
       res.sendStatus = function (n) { this.statusCode = n; this.end(http.STATUS_CODES[n] || ''); return this; };
       res.redirect = function (loc) { this.statusCode = 302; this.setHeader('Location', loc); this.end(); return this; };
     }
-    let i = 0;
-    const next = (err) => {
-      if (err) { res.statusCode = 500; return res.end('Error: ' + (err.message || err)); }
-      while (i < stack.length) {
-        const layer = stack[i++];
+
+    // Real Express-style routing chain:
+    //   - 3-arg handlers run ONLY when err is null/undefined
+    //   - 4-arg handlers run ONLY when err is truthy
+    //   - Path-mounted middleware ('/api') only runs if req.path matches prefix
+    //   - Method-specific layers (GET/POST/...) only run for that method
+    let idx = 0;
+    function nextLayer(err) {
+      while (idx < layers.length) {
+        const layer = layers[idx++];
+        // Method filter
         if (layer.method !== 'ALL' && layer.method !== req.method) continue;
-        const m = req.path.match(layer.re);
-        if (!m) continue;
-        req.params = {};
-        layer.keys.forEach((k, idx) => { req.params[k] = m[idx + 1]; });
-        let hIdx = 0;
-        const runHandlers = (e) => {
-          if (e) return next(e);
-          if (hIdx >= layer.handlers.length) return next();
-          const h = layer.handlers[hIdx++];
-          try { return h.length === 4 ? h(e, req, res, runHandlers) : h(req, res, runHandlers); }
-          catch (err) { return next(err); }
-        };
-        return runHandlers();
+        // Path filter
+        if (layer.prefix) {
+          if (!req.path.startsWith(layer.prefix)) continue;
+          const remaining = req.path.slice(layer.prefix.length);
+          if (remaining && !remaining.startsWith('/')) continue;
+        } else if (layer.re && layer.method !== 'ALL') {
+          // Specific route — must match
+          const m = req.path.match(layer.re);
+          if (!m) continue;
+          req.params = {};
+          layer.keys.forEach((k, i) => { req.params[k] = m[i + 1]; });
+        }
+        // Error chain filter: skip normal handlers when in error, and skip
+        // error handlers when not in error. THIS is the fix for the MySaaS bug.
+        if (err && !layer.isErrHandler) continue;
+        if (!err && layer.isErrHandler) continue;
+
+        try {
+          if (layer.isErrHandler) {
+            return layer.handler(err, req, res, nextLayer);
+          }
+          return layer.handler(req, res, nextLayer);
+        } catch (e) { return nextLayer(e); }
       }
-      res.statusCode = 404;
-      res.end('Cannot ' + req.method + ' ' + req.path);
-    };
-    next();
+      // End of chain — default response
+      if (err) {
+        res.statusCode = err.status || err.statusCode || 500;
+        res.end('Error: ' + ((err && err.message) || String(err)));
+      } else {
+        res.statusCode = 404;
+        res.end('Cannot ' + req.method + ' ' + req.path);
+      }
+    }
+    nextLayer();
   };
   app.use = use;
   app.get = addRoute('GET'); app.post = addRoute('POST'); app.put = addRoute('PUT');