nothumanallowed 16.0.55 → 16.0.57

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.55",
+  "version": "16.0.57",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.55';
+export const VERSION = '16.0.57';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/routes/webcraft.mjs

@@ -4334,27 +4334,36 @@ export async function _autoExtendStylesIfNeeded(projectName, config, emit, opts)
     } catch {}
   }
 
-  const sys = `You are an expert frontend designer producing PRODUCTION-QUALITY CSS.
+  // APPEND mode (16.0.57): output ONLY the new rules — server appends to
+  // existing file. Prevents monotonic regression (LLM truncating + losing
+  // existing rules) and dramatically reduces output token cost.
+  const sys = `You are an expert frontend designer. Generate ONLY new CSS rules to ADD to an existing stylesheet.
 
-DESIGN REQUIREMENTS (NON-NEGOTIABLE):
-- WCAG AA contrast: text-on-background ratio >= 4.5:1. NO washed-out pastels for text. Body text must be near-black on light bg, or near-white on dark bg.
-- Use VIBRANT accent colors with sufficient saturation (HSL S >= 60%, L between 35-65% for accents).
-- Cover EVERY selector listed — including footer, header, nav, hero, sections, cards, buttons, forms, modals, tooltips.
-- Use modern CSS: flex/grid layouts, custom properties for colors, smooth transitions (200-300ms), subtle shadows.
-
-OUTPUT: ONLY the complete extended CSS file content. No markdown fences, no explanations, no preamble. The output will be written directly to disk.`;
+CRITICAL RULES:
+- Output ONLY the new CSS rules — do NOT repeat any existing rules.
+- Do NOT output markdown fences, explanations, or comments about what you're doing.
+- The output will be APPENDED to an existing CSS file. Do not include @import, @charset, or any preamble.
+- Generate at least one rule for EVERY listed missing selector.
+
+DESIGN REQUIREMENTS:
+- WCAG AA contrast: text-on-bg ratio >= 4.5:1. NO washed-out pastels for text.
+- Vibrant accent colors (HSL S >= 60%, L 35-65%).
+- Match the existing CSS's design language (look at the colors/spacing in the existing rules).
+- Include responsive breakpoints (768px, 480px) where layout matters.
+- Hover/focus/transition states for interactive elements.`;
+  // Pick a sample of missing selectors that fits in token budget. We cap at
+  // 200 to keep one pass reasonable; remaining are picked up by next pass.
+  const passSelectors = analysis.missing.slice(0, 200);
   const user =
-    `Extend this CSS file: \`${targetRel}\`\n\n` +
-    `Current CSS (${target.size} bytes, ${analysis.cssRuleCount} rules):\n\`\`\`css\n${target.content.slice(0, 6000)}\n\`\`\`\n\n` +
-    `ALL missing selectors (${analysis.missing.length} — cover every single one):\n${analysis.missing.join(', ')}\n\n` +
-    `HTML files for context:\n${htmlSample}\n\n` +
-    `Output the COMPLETE extended CSS file. Required additions:\n` +
+    `Existing CSS file: \`${targetRel}\` (${target.size} bytes, ${analysis.cssRuleCount} rules).\n\n` +
+    `Sample of existing rules (for design-language reference — DO NOT repeat in output):\n\`\`\`css\n${target.content.slice(0, 3000)}\n\`\`\`\n\n` +
+    `HTML context (snippet, for layout reference):\n${htmlSample.slice(0, 2500)}\n\n` +
+    `Generate NEW CSS rules that cover these ${passSelectors.length} currently-uncovered selectors (out of ${analysis.missing.length} total):\n${passSelectors.join(', ')}\n\n` +
+    `Output ONLY the new rules. Required additions if not already in existing CSS:\n` +
     `- img { max-width: 100%; height: auto; object-fit: cover; display: block; }\n` +
-    `- Footer, header, nav with proper layout and visible styling (NOT transparent backgrounds with low-contrast text)\n` +
-    `- Rules for EVERY one of the ${analysis.missing.length} missing selectors above\n` +
-    `- Responsive breakpoints at 1024px, 768px, 480px (mobile-first)\n` +
-    `- Hover/focus/transition states for buttons, links, cards\n` +
-    `- Color contrast must pass WCAG AA: text-on-bg >= 4.5:1`;
+    `- footer { padding: 32px 16px; background: ...; color: ...; } (or similar — with visible contrast)\n` +
+    `- Responsive @media queries at 768px and 480px for grid/flex sections.\n` +
+    `Begin your output directly with the first CSS rule. No preamble.`;
 
   const provider = config?.llm?.provider || 'unknown';
   const model = config?.llm?.model || config?.llm?.[provider]?.model || 'default';
@@ -4374,23 +4383,30 @@ OUTPUT: ONLY the complete extended CSS file content. No markdown fences, no expl
   let aborted = false;
   const abortController = new AbortController();
 
+  // Track byte velocity for an informative heartbeat: show b/s instead of
+  // misleading "0s since last chunk" (which is almost always 0 when streaming).
+  let prevBytes = 0;
+  let prevHeartbeatAt = startedAt;
   const heartbeatInterval = setInterval(() => {
     if (!emit) return;
-    const elapsed = ((Date.now() - startedAt) / 1000).toFixed(0);
-    const sinceLast = ((Date.now() - lastChunkAt) / 1000).toFixed(0);
-    emit({ type: 'status', msg: `LLM extend: ${elapsed}s elapsed, ${body.length} bytes received (${sinceLast}s since last chunk)` });
-    if (!earlyWarningEmitted && body.length === 0 && Date.now() - startedAt > 15_000) {
+    const now = Date.now();
+    const elapsed = ((now - startedAt) / 1000).toFixed(0);
+    const bytesPerSec = Math.round((body.length - prevBytes) / Math.max(1, (now - prevHeartbeatAt) / 1000));
+    prevBytes = body.length;
+    prevHeartbeatAt = now;
+    emit({ type: 'status', msg: `LLM extend: ${elapsed}s elapsed, ${body.length} bytes received (${bytesPerSec} b/s)` });
+    if (!earlyWarningEmitted && body.length === 0 && now - startedAt > 15_000) {
       earlyWarningEmitted = true;
       emit({ type: 'warn', msg: `Provider ${provider} hasn't sent any data in 15s. If this is Liara, the free tier may be under load — try switching to Anthropic/OpenAI in Settings.` });
     }
     // No-progress timeout: only if STUCK (zero chunks for 30s)
-    if (Date.now() - lastChunkAt > noProgressTimeoutMs && body.length > 0) {
+    if (now - lastChunkAt > noProgressTimeoutMs && body.length > 0) {
       timedOut = true;
       aborted = true;
       abortController.abort();
     }
     // Absolute timeout
-    if (Date.now() - startedAt > absoluteTimeoutMs) {
+    if (now - startedAt > absoluteTimeoutMs) {
       timedOut = true;
       aborted = true;
       abortController.abort();
@@ -4418,30 +4434,47 @@ OUTPUT: ONLY the complete extended CSS file content. No markdown fences, no expl
   }
   clearInterval(heartbeatInterval);
 
-  // Strip markdown fences
+  // Strip markdown fences from the appended rules (LLM sometimes adds them)
   body = body.replace(/^```[a-zA-Z]*\n?/m, '').replace(/\n?```\s*$/m, '').trim();
-  if (_looksLikeLLMError(body) || body.length < target.size * 0.5) {
-    if (emit) emit({ type: 'warn', msg: `CSS extend produced suspicious output (${body.length} bytes vs ${target.size} original) — keeping original.` });
+  if (_looksLikeLLMError(body) || body.length < 200) {
+    if (emit) emit({ type: 'warn', msg: `CSS extend produced suspicious output (${body.length} bytes of new rules) — keeping original.` });
     return { extended: false, reason: 'output_too_short_or_error' };
   }
 
-  // Backup + write
+  // APPEND mode (16.0.57): keep ALL existing rules intact, add new ones at end.
+  // Prevents monotonic regression where pass N replaces pass N-1's work with
+  // a smaller file. Combined content = original + delimiter comment + new rules.
+  const combined = target.content
+    + '\n\n/* === nha-webcraft: auto-extended rules (' + new Date().toISOString() + ') === */\n'
+    + body
+    + '\n';
+
   try {
     fs.writeFileSync(target.abs + '.before-extend-' + Date.now(), target.content, 'utf-8');
-    fs.writeFileSync(target.abs, body, 'utf-8');
+    fs.writeFileSync(target.abs, combined, 'utf-8');
   } catch (e) {
     return { extended: false, reason: 'write_failed', error: e.message };
   }
 
-  // Re-analyze to confirm improvement
+  // Re-analyze to confirm improvement. APPEND mode guarantees coverage
+  // monotonically increases (or stays equal), never decreases.
   const after = _analyzeCssCoverage(dir);
-  if (emit) emit({ type: 'status', msg: `CSS extended: ${targetRel} ${target.size} → ${body.length} bytes. Coverage ${(analysis.coverage * 100).toFixed(0)}% → ${(after.coverage * 100).toFixed(0)}%.` });
+  if (after.missing.length >= analysis.missing.length) {
+    // No progress despite append — LLM produced rules that don't match selectors.
+    // Roll back so the file doesn't bloat with useless rules.
+    try { fs.writeFileSync(target.abs, target.content, 'utf-8'); } catch {}
+    if (emit) emit({ type: 'warn', msg: `CSS extend rolled back: ${body.length} bytes of new rules added but no selectors covered (model output didn't match needed selectors).` });
+    return { extended: false, reason: 'no_coverage_gain', missingBefore: analysis.missing.length, missingAfter: after.missing.length };
+  }
+
+  if (emit) emit({ type: 'status', msg: `CSS extended: ${targetRel} ${target.size} → ${combined.length} bytes (appended ${body.length} bytes). Coverage ${(analysis.coverage * 100).toFixed(0)}% → ${(after.coverage * 100).toFixed(0)}%, ${analysis.missing.length} → ${after.missing.length} selectors missing.` });
 
   return {
     extended: true,
     file: targetRel,
     sizeBefore: target.size,
-    sizeAfter: body.length,
+    sizeAfter: combined.length,
+    appendedBytes: body.length,
     coverageBefore: analysis.coverage,
     coverageAfter: after.coverage,
     missingBefore: analysis.missing.length,

package/src/services/llm.mjs

@@ -563,6 +563,41 @@ export async function callGrok(apiKey, model, systemPrompt, userMessage, stream
   return data.choices?.[0]?.message?.content || '';
 }
 
+/**
+ * Auto-prefix a model name for OpenRouter. OpenRouter requires `vendor/model`
+ * format (e.g. `anthropic/claude-sonnet-4.5`). Agent cards in NHA often have
+ * bare model names like `claude-sonnet-4-20250514` or `gpt-4o`. Without the
+ * prefix, OpenRouter falls back to an OpenAI-like endpoint that returns a
+ * misleading "Incorrect API key provided" error (it's actually a model
+ * routing issue). We auto-prefix by inspecting the bare model name.
+ */
+export function _autoPrefixOpenRouterModel(model) {
+  if (!model || typeof model !== 'string') return 'anthropic/claude-sonnet-4.5';
+  // Already in vendor/model format — leave alone
+  if (model.includes('/')) return model;
+  const lower = model.toLowerCase();
+  // Anthropic Claude family
+  if (lower.startsWith('claude')) return 'anthropic/' + model;
+  // OpenAI GPT family
+  if (lower.startsWith('gpt') || lower.startsWith('o1') || lower.startsWith('o3') || lower.startsWith('o4') || lower.startsWith('chatgpt') || lower === 'davinci' || lower === 'curie') return 'openai/' + model;
+  // Google Gemini family
+  if (lower.startsWith('gemini') || lower.startsWith('palm')) return 'google/' + model;
+  // Meta Llama family
+  if (lower.startsWith('llama') || lower.startsWith('codellama')) return 'meta-llama/' + model;
+  // DeepSeek
+  if (lower.startsWith('deepseek')) return 'deepseek/' + model;
+  // Mistral / Mixtral
+  if (lower.startsWith('mistral') || lower.startsWith('mixtral') || lower.startsWith('codestral')) return 'mistralai/' + model;
+  // Qwen
+  if (lower.startsWith('qwen')) return 'qwen/' + model;
+  // xAI Grok
+  if (lower.startsWith('grok')) return 'x-ai/' + model;
+  // Cohere
+  if (lower.startsWith('command') || lower.startsWith('cohere')) return 'cohere/' + model;
+  // Unknown vendor — default to anthropic prefix (most likely sandbox use case)
+  return 'anthropic/' + model;
+}
+
 /**
  * OpenRouter — aggregator that exposes 100+ models (Claude, GPT, Gemini,
  * Mistral, Llama, Qwen, DeepSeek, etc.) via a single OpenAI-compatible API.
@@ -570,6 +605,7 @@ export async function callGrok(apiKey, model, systemPrompt, userMessage, stream
  * Model names: "anthropic/claude-sonnet-4.5", "openai/gpt-4o", "google/gemini-2.5-pro"...
  */
 export async function callOpenRouter(apiKey, model, systemPrompt, userMessage, stream = false, opts = {}) {
+  model = _autoPrefixOpenRouterModel(model);
   const body = {
     model: model || 'anthropic/claude-sonnet-4.5',
     max_tokens: opts.max_tokens || 8192,
@@ -594,7 +630,18 @@ export async function callOpenRouter(apiKey, model, systemPrompt, userMessage, s
   });
   if (!res.ok) {
     const err = await res.text();
-    throw new Error(`OpenRouter ${res.status}: ${err}`);
+    // OpenRouter often passes through misleading "platform.openai.com" key errors
+    // when the real cause is (a) invalid OpenRouter key, (b) model name without
+    // vendor prefix, (c) model requires BYOK. Provide an actionable hint.
+    let hint = '';
+    if (res.status === 401) {
+      hint = '\n  → 401 from OpenRouter usually means: (1) your sk-or-v1-... key is invalid/expired (regenerate at openrouter.ai/keys), or (2) the model name "' + model + '" needs a vendor prefix like "anthropic/' + model.replace(/^[a-z-]+\//, '') + '". This call auto-prefixed to "' + model + '".';
+    } else if (res.status === 404) {
+      hint = '\n  → 404 from OpenRouter usually means the model "' + model + '" does not exist. See openrouter.ai/models for valid IDs.';
+    } else if (res.status === 402) {
+      hint = '\n  → 402 from OpenRouter means insufficient credits. Top up at openrouter.ai/credits.';
+    }
+    throw new Error(`OpenRouter ${res.status}: ${err}${hint}`);
   }
   if (stream) return streamSSE(res, 'openai');
   const data = await res.json();
@@ -828,9 +875,12 @@ export async function callLLMWithTools(config, systemPrompt, messages, tools, on
   }
 
   // OpenRouter — uses OpenAI-compatible function calling schema. We reuse the
-  // OpenAI tool-call implementation but point to OpenRouter's endpoint.
+  // OpenAI tool-call implementation but point to OpenRouter's endpoint and
+  // auto-prefix the model (anthropic/, openai/, etc) so bare names from agent
+  // cards work without manual edit.
   if (provider === 'openrouter') {
-    return _callOpenAIWithTools(apiKey, model || 'anthropic/claude-sonnet-4.5', systemPrompt, messages, tools, onText, onToolCall, { ...opts, baseUrl: 'https://openrouter.ai/api/v1', referer: 'https://nothumanallowed.com', xTitle: 'NotHumanAllowed CLI' });
+    const orModel = _autoPrefixOpenRouterModel(model);
+    return _callOpenAIWithTools(apiKey, orModel, systemPrompt, messages, tools, onText, onToolCall, { ...opts, baseUrl: 'https://openrouter.ai/api/v1', referer: 'https://nothumanallowed.com', xTitle: 'NotHumanAllowed CLI' });
   }
 
   // Other providers: fallback to text-based tool calling (old system)