npm - nothumanallowed - Versions diffs - 16.0.53 → 16.0.55 - Mend

nothumanallowed 16.0.53 → 16.0.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/src/constants.mjs +1 -1
package/src/server/routes/webcraft.mjs +61 -22
package/src/ui-dist/assets/{index-C2NXQtuL.css → index-BT5T6whP.css} +1 -1
package/src/ui-dist/assets/{index-DA8i31_f.js → index-ExI_WbUM.js} +24 -22
package/src/ui-dist/index.html +2 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.53",
+  "version": "16.0.55",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '16.0.53';
+export const VERSION = '16.0.55';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';

package/src/server/routes/webcraft.mjs CHANGED Viewed

@@ -794,12 +794,36 @@ ${original.slice(0, 12_000)}`;
             let fixed = '';
             await callLLMStream(loadConfig(), 'You are a precise code repair assistant. Output only the corrected file, no explanation.', fixPrompt, (c) => { fixed += c; }, { max_tokens: 16384 });
             fixed = fixed.replace(/^```[\w]*\n/, '').replace(/\n```$/, '').trim();
-            if (fixed.length > 20 && fixed !== original) {
+            // VALIDATION: prevent rollback hell. Reject the LLM output if:
+            //   1. Empty / too short (< 20 chars or < 30% of original)
+            //   2. Identical to original (no fix attempted)
+            //   3. Looks like LLM error response leaked
+            //   4. Syntax-checkable file (.js/.mjs) that doesn't parse — would be worse than original
+            const tooShort = fixed.length < 20 || fixed.length < original.length * 0.3;
+            const isErrorLeak = _looksLikeLLMError(fixed);
+            let syntaxBroken = false;
+            if (!tooShort && !isErrorLeak && (rel.endsWith('.js') || rel.endsWith('.mjs') || rel.endsWith('.cjs'))) {
+              try { new Function(fixed); } catch (synErr) {
+                // Try with sourceType:module via acorn before declaring broken
+                try { acorn.parse(fixed, { ecmaVersion: 'latest', sourceType: 'module', allowReturnOutsideFunction: true }); }
+                catch { syntaxBroken = true; }
+              }
+            }
+            if (tooShort || isErrorLeak || syntaxBroken || fixed === original) {
+              // Backup the LLM attempt for debugging, but DON'T overwrite the file
+              try { fs.writeFileSync(abs + '.llm-rejected-' + Date.now(), fixed, 'utf-8'); } catch {}
+              const reason = tooShort ? `output too short (${fixed.length} vs ${original.length} chars)`
+                            : isErrorLeak ? 'output looks like an LLM/provider error response'
+                            : syntaxBroken ? 'output has worse syntax errors than input'
+                            : 'no change';
+              emit({ type: 'warn', msg: `Auto-fix REJECTED for ${rel}: ${reason}. Original file preserved.` });
+            } else {
+              // Backup original before overwriting
+              try { fs.writeFileSync(abs + '.before-autofix-' + Date.now(), original, 'utf-8'); } catch {}
               fs.writeFileSync(abs, fixed, 'utf-8');
-              emit({ type: 'status', msg: `Auto-fix: ✓ repaired ${rel} (${fixed.length} chars)` });
+              emit({ type: 'status', msg: `Auto-fix: ✓ repaired ${rel} (${original.length} → ${fixed.length} chars)` });
               anyFixed = true;
-            } else {
-              emit({ type: 'warn', msg: `Auto-fix: LLM returned no useful change for ${rel}` });
             }
           } catch (e) {
             emit({ type: 'warn', msg: `Auto-fix: LLM repair of ${rel} failed — ${(e.message || '').slice(0, 200)}` });
@@ -4336,43 +4360,58 @@ OUTPUT: ONLY the complete extended CSS file content. No markdown fences, no expl
   const model = config?.llm?.model || config?.llm?.[provider]?.model || 'default';
   if (emit) emit({ type: 'status', msg: `CSS coverage ${(analysis.coverage * 100).toFixed(0)}% (${analysis.missing.length} selectors missing). Auto-extending ${targetRel} via ${provider}:${model} (timeout 60s)...` });
-  // Call LLM with timeout + progress heartbeat + early warning when no bytes arrive.
-  // Different providers have different latencies: Claude is fast (~5-15s),
-  // OpenAI similar, Liara/Qwen3 can be 20-40s under load, Gemini sometimes
-  // stuck on long prompts. Adapt max_tokens to 4096 (down from 8192) to keep
-  // Liara responsive.
+  // Smart timeout: timeout ONLY if no bytes received for N seconds (provider
+  // stuck/dead), NOT if total elapsed exceeds N (the LLM might be legitimately
+  // streaming a large CSS file at 250 b/s for 90+ seconds). Absolute hard cap
+  // at 300s to prevent runaway.
   let body = '';
   let lastChunkAt = Date.now();
   const startedAt = Date.now();
-  const timeoutMs = 60_000;
+  const noProgressTimeoutMs = 30_000;  // no bytes for 30s → timeout
+  const absoluteTimeoutMs = 300_000;   // 5min absolute cap
   let earlyWarningEmitted = false;
+  let timedOut = false;
+  let aborted = false;
+  const abortController = new AbortController();
   const heartbeatInterval = setInterval(() => {
     if (!emit) return;
     const elapsed = ((Date.now() - startedAt) / 1000).toFixed(0);
     const sinceLast = ((Date.now() - lastChunkAt) / 1000).toFixed(0);
     emit({ type: 'status', msg: `LLM extend: ${elapsed}s elapsed, ${body.length} bytes received (${sinceLast}s since last chunk)` });
-    // Early warning if no bytes at all after 15s — provider is likely stuck or rate-limited
     if (!earlyWarningEmitted && body.length === 0 && Date.now() - startedAt > 15_000) {
       earlyWarningEmitted = true;
-      emit({ type: 'warn', msg: `Provider ${provider} hasn't sent any data in 15s. If this is Liara, the free tier may be under load — try switching to Anthropic/OpenAI in Settings, or check your API key.` });
+      emit({ type: 'warn', msg: `Provider ${provider} hasn't sent any data in 15s. If this is Liara, the free tier may be under load — try switching to Anthropic/OpenAI in Settings.` });
+    }
+    // No-progress timeout: only if STUCK (zero chunks for 30s)
+    if (Date.now() - lastChunkAt > noProgressTimeoutMs && body.length > 0) {
+      timedOut = true;
+      aborted = true;
+      abortController.abort();
+    }
+    // Absolute timeout
+    if (Date.now() - startedAt > absoluteTimeoutMs) {
+      timedOut = true;
+      aborted = true;
+      abortController.abort();
     }
   }, 5_000);
   try {
-    await Promise.race([
-      callLLMStream(config, sys, user, (chunk) => {
-        body += chunk;
-        lastChunkAt = Date.now();
-      }, { max_tokens: 4096 }),
-      new Promise((_, reject) => setTimeout(() => reject(new Error('LLM timeout after ' + (timeoutMs / 1000) + 's — provider ' + provider + ' did not respond')), timeoutMs)),
-    ]);
+    await callLLMStream(config, sys, user, (chunk) => {
+      if (aborted) return;
+      body += chunk;
+      lastChunkAt = Date.now();
+    }, { max_tokens: 4096, signal: abortController.signal });
   } catch (e) {
     clearInterval(heartbeatInterval);
-    const errMsg = (e.message || String(e)).slice(0, 200);
+    const errMsg = timedOut
+      ? `no chunks received for ${(noProgressTimeoutMs / 1000)}s — provider ${provider} appears stuck (received ${body.length} bytes before stalling)`
+      : (e.message || String(e)).slice(0, 200);
     if (emit) {
       emit({ type: 'warn', msg: `CSS extend failed: ${errMsg}` });
-      if (errMsg.includes('timeout') || body.length === 0) {
-        emit({ type: 'warn', msg: `Provider ${provider} unresponsive. Open NHA Settings and switch to a different provider (Anthropic Claude is fastest), or check that your API key is valid. Sandbox continues with current CSS.` });
+      if (timedOut && body.length > 0) {
+        emit({ type: 'warn', msg: `Got ${body.length} bytes of partial CSS but provider stalled. Keeping current file unchanged. Try again or switch provider.` });
       }
     }
     return { extended: false, reason: 'llm_failed', error: errMsg, partialBytes: body.length };