nothumanallowed 16.0.57 → 16.0.59

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "16.0.57",
+  "version": "16.0.59",
   "description": "Local AI assistant: 80 tools (Gmail, Calendar, Drive, GitHub, Slack, browser, code, files), 38 agents, visual workflows (Studio, AWF, WebCraft). Install with `npm i -g nothumanallowed`, run with `nha ui`. Free tier built-in (Liara), no API key required. Your data stays on your PC — OAuth tokens local, no cloud. Open-source MIT.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '16.0.57';
+export const VERSION = '16.0.59';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/browser-engine.mjs

@@ -125,6 +125,10 @@ function findChromePath() {
       '/snap/bin/chromium',
       '/usr/bin/brave-browser',
       '/usr/bin/microsoft-edge',
+      // Termux on Android — chromium installed via "pkg install chromium"
+      '/data/data/com.termux/files/usr/bin/chromium',
+      '/data/data/com.termux/files/usr/bin/chromium-browser',
+      '/data/data/com.termux/files/usr/bin/google-chrome',
     ],
     win32: [
       'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe',
@@ -657,6 +661,104 @@ async function getBrowser() {
  * @param {boolean} [options.waitForLoad] - Wait for page load event (default true)
  * @returns {Promise<{ title: string, url: string, status: number }>}
  */
+/**
+ * Lightweight HTTP fallback when Chrome/Chromium is not available.
+ * Uses fetch() + regex-based HTML→text extraction. No JS rendering, no clicks.
+ * Good enough for: news sites, blog posts, static pages, API responses,
+ * documentation pages. NOT good for: SPAs, login flows, dynamic dashboards.
+ */
+async function browserOpenViaFetch(url, options = {}) {
+  const timeout = options.timeout || 15000;
+  try {
+    const ac = new AbortController();
+    const timer = setTimeout(() => ac.abort(), timeout);
+    const res = await fetch(url, {
+      redirect: 'follow',
+      signal: ac.signal,
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        'Accept-Language': 'en-US,en;q=0.9,it;q=0.8',
+      },
+    });
+    clearTimeout(timer);
+
+    const status = res.status;
+    const finalUrl = res.url || url;
+    const ct = res.headers.get('content-type') || '';
+    const isHtml = /html/i.test(ct);
+    const raw = await res.text();
+
+    if (!isHtml) {
+      return {
+        title: finalUrl,
+        url: finalUrl,
+        status,
+        mode: 'fetch-fallback',
+        warning: 'Chrome not installed — used HTTP fetch. No JS rendering. Limited interactivity.',
+        content: raw.slice(0, 50_000),
+      };
+    }
+
+    // Extract title
+    const titleMatch = raw.match(/<title[^>]*>([\s\S]*?)<\/title>/i);
+    const title = titleMatch ? titleMatch[1].replace(/\s+/g, ' ').trim() : finalUrl;
+
+    // Extract main text content: strip script/style/svg/comments, then strip tags
+    let textContent = raw
+      .replace(/<!--[\s\S]*?-->/g, '')
+      .replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, ' ')
+      .replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, ' ')
+      .replace(/<svg\b[^>]*>[\s\S]*?<\/svg>/gi, ' ')
+      .replace(/<noscript\b[^>]*>[\s\S]*?<\/noscript>/gi, ' ')
+      .replace(/<header\b[^>]*>[\s\S]*?<\/header>/gi, ' ')   // strip nav/header noise
+      .replace(/<nav\b[^>]*>[\s\S]*?<\/nav>/gi, ' ')
+      .replace(/<footer\b[^>]*>[\s\S]*?<\/footer>/gi, ' ')
+      .replace(/<aside\b[^>]*>[\s\S]*?<\/aside>/gi, ' ');
+
+    // Extract headlines + links separately for news sites
+    const headlines = [];
+    const linkRe = /<a\b[^>]*href=["']([^"']+)["'][^>]*>([\s\S]*?)<\/a>/gi;
+    let lm;
+    while ((lm = linkRe.exec(raw)) !== null && headlines.length < 50) {
+      const linkText = lm[2].replace(/<[^>]+>/g, ' ').replace(/\s+/g, ' ').trim();
+      const href = lm[1];
+      if (linkText.length > 20 && linkText.length < 200 && !href.startsWith('#') && !href.startsWith('javascript:')) {
+        const absHref = href.startsWith('http') ? href : new URL(href, finalUrl).toString();
+        headlines.push({ text: linkText, url: absHref });
+      }
+    }
+
+    // Strip remaining tags to get plain text
+    textContent = textContent
+      .replace(/<[^>]+>/g, ' ')
+      .replace(/&nbsp;/g, ' ')
+      .replace(/&amp;/g, '&')
+      .replace(/&lt;/g, '<')
+      .replace(/&gt;/g, '>')
+      .replace(/&quot;/g, '"')
+      .replace(/&#39;/g, "'")
+      .replace(/&#x?[0-9a-f]+;/gi, '')
+      .replace(/\s+/g, ' ')
+      .trim();
+
+    return {
+      title,
+      url: finalUrl,
+      status,
+      mode: 'fetch-fallback',
+      warning: 'Chrome/Chromium not installed — used HTTP fetch fallback. No JS rendering, no interactive clicks/forms. To install: macOS use brew, Linux apt-get, Termux "pkg install chromium".',
+      headlines: headlines.slice(0, 30),
+      content: textContent.slice(0, 30_000),
+    };
+  } catch (e) {
+    if (e.name === 'AbortError') {
+      return { error: true, message: `HTTP fetch timeout after ${timeout / 1000}s. The site may be slow or blocking the request.` };
+    }
+    return { error: true, message: `HTTP fetch failed: ${e.message}. ${/ENOTFOUND|ECONNREFUSED/.test(e.message) ? 'Network or DNS issue.' : ''}` };
+  }
+}
+
 export async function browserOpen(url, options = {}) {
   // SSRF check
   const check = await isSafeUrl(url);
@@ -664,7 +766,23 @@ export async function browserOpen(url, options = {}) {
     return { error: true, message: `SSRF blocked: ${check.reason}` };
   }
 
-  const browser = await getBrowser();
+  // Fast fallback: if Chrome/Chromium is not installed (e.g. Termux on Android),
+  // do a plain HTTP fetch and extract text content. Limited (no JS rendering,
+  // no clicks), but works for news sites / blog posts / static pages.
+  if (!findChromePath()) {
+    return browserOpenViaFetch(url, options);
+  }
+
+  let browser;
+  try {
+    browser = await getBrowser();
+  } catch (e) {
+    // Chrome detection failed at launch — same fallback
+    if (/Chrome\/Chromium not found/i.test(e.message || '')) {
+      return browserOpenViaFetch(url, options);
+    }
+    throw e;
+  }
   const timeout = options.timeout || NAV_TIMEOUT_MS;
   const waitForLoad = options.waitForLoad !== false;
 

package/src/services/google-oauth.mjs

@@ -12,8 +12,13 @@ import os from 'os';
 import { saveTokens, loadTokens, deleteTokens } from './token-store.mjs';
 import { info, ok, fail, warn } from '../ui.mjs';
 
-// NHA published OAuth client (Desktop app type — client_id is not a secret)
-const DEFAULT_CLIENT_ID = '516893094132-8u2jf6h6h3j6h8j9k0l1m2n3o4p5q6r7.apps.googleusercontent.com'; // NHA Official OAuth Client
+// IMPORTANT: NHA does NOT ship a default Google OAuth client ID.
+// The previous placeholder (516893094132-8u2jf...) was a fake-looking value
+// that always returned `invalid_client` from Google. Each user must register
+// their own OAuth client in Google Cloud Console — this is by design for
+// privacy (no shared client app), and it's a one-time 3-minute setup.
+// See https://nothumanallowed.com/docs/google for the full guide.
+const DEFAULT_CLIENT_ID = '';
 const SCOPES = [
   'https://www.googleapis.com/auth/gmail.modify',
   'https://www.googleapis.com/auth/gmail.send',
@@ -221,14 +226,27 @@ export async function runAuthFlow(config, manual = false) {
 
   if (!clientId) {
     fail('Google OAuth client ID not configured.');
-    info('Get credentials from Google Cloud Console:');
-    info('  1. Go to https://console.cloud.google.com/apis/credentials');
-    info('  2. Create an OAuth 2.0 Client ID (Desktop app type)');
-    info('  3. Enable Gmail API and Calendar API');
-    info('  4. Run:');
+    info('');
+    info('NHA does not ship a shared OAuth client (your data never goes through');
+    info('our servers — Gmail/Calendar API calls go from your PC directly to');
+    info('Google). You need a 3-minute one-time setup of your own OAuth client.');
+    info('');
+    info('STEPS:');
+    info('  1. Open https://console.cloud.google.com/apis/credentials');
+    info('  2. Click + CREATE CREDENTIALS → OAuth client ID');
+    info('  3. Application type: "Desktop app", give it a name (e.g. "NHA local")');
+    info('  4. Click CREATE. Google shows you Client ID + Client Secret.');
+    info('  5. Enable the APIs you need:');
+    info('     - Gmail API:   https://console.cloud.google.com/apis/library/gmail.googleapis.com');
+    info('     - Calendar:    https://console.cloud.google.com/apis/library/calendar-json.googleapis.com');
+    info('     - Drive:       https://console.cloud.google.com/apis/library/drive.googleapis.com');
+    info('     - People API:  https://console.cloud.google.com/apis/library/people.googleapis.com');
+    info('  6. Save the credentials in NHA:');
     info('     nha config set google-client-id YOUR_CLIENT_ID');
     info('     nha config set google-client-secret YOUR_CLIENT_SECRET');
-    info('  5. Run: nha google auth');
+    info('  7. Re-run: nha google auth');
+    info('');
+    info('Full guide with screenshots: https://nothumanallowed.com/docs/google');
     return false;
   }
 

package/src/services/message-responder.mjs

@@ -2672,7 +2672,69 @@ class TelegramResponder {
           }
         }
       } catch (e) { this.log(`[direct] pagination failed: ${e.message}`); }
-      // Fall through if no cached list
+
+      // NO CACHE FALLBACK (Giovanni's recurring bug): if user asks "mostra i
+      // prossimi" but no calendar list was cached in this session, the LLM
+      // hallucinates plausible-but-fake events. Instead, run calendar_upcoming
+      // for the next 7 days directly here. Deterministic, zero LLM call.
+      try {
+        const { listEvents } = await import('./google-calendar.mjs');
+        const now = new Date();
+        const weekAhead = new Date(now.getTime() + 7 * 86400000);
+        const evs = await listEvents(config, 'primary', now, weekAhead);
+        if (Array.isArray(evs) && evs.length > 0) {
+          const items = evs.map(e => ({
+            eventId: e.id,
+            id: e.id,
+            summary: e.summary || '(senza titolo)',
+            time: (e.start || '').slice(11, 16),
+            date: (e.start || '').slice(0, 10),
+            start: e.start,
+          }));
+          // Persist into list-cache so subsequent "mostra i prossimi" paginates
+          try {
+            const { rememberList } = await import('./list-cache.mjs');
+            rememberList(chatId || '__last_list__', 'calendar', items);
+          } catch {}
+          const pageSize = 8;
+          const firstSlice = items.slice(0, pageSize);
+          const lines = [`📅 Prossimi eventi (7 giorni, ${items.length} totali):`];
+          const byDay = new Map();
+          for (const e of firstSlice) {
+            const day = e.date || 'misc';
+            if (!byDay.has(day)) byDay.set(day, []);
+            byDay.get(day).push(e);
+          }
+          for (const [day, evs] of [...byDay.entries()].sort()) {
+            const d = day !== 'misc' ? new Date(day + 'T12:00:00').toLocaleDateString('it-IT', { weekday: 'short', day: 'numeric', month: 'short' }) : '';
+            if (d) lines.push(`\n${d}:`);
+            for (const e of evs) lines.push(`  ${e.time || '—'} — ${e.summary}`);
+          }
+          if (items.length > pageSize) {
+            lines.push(`\n... ${items.length - pageSize} eventi rimanenti. Scrivi "mostra i prossimi" per continuare.`);
+          } else {
+            lines.push(`\n✓ Fine elenco.`);
+          }
+          // Track shownCount so next "mostra i prossimi" works
+          try {
+            const cacheFile = path.join(os.homedir(), '.nha', 'list-cache.json');
+            const cacheNow = fs.existsSync(cacheFile) ? JSON.parse(fs.readFileSync(cacheFile, 'utf-8')) : {};
+            const key = chatId || '__last_list__';
+            if (!cacheNow[key]) cacheNow[key] = {};
+            cacheNow[key].lastList_calendar_shownCount = pageSize;
+            fs.writeFileSync(cacheFile, JSON.stringify(cacheNow, null, 2));
+          } catch {}
+          this.log(`[direct] PAGINATION fallback: fetched ${items.length} events from calendar_upcoming(7d)`);
+          return { action: 'calendar_page', success: true, message: lines.join('\n') };
+        }
+        // No events in next 7 days — say so explicitly, do NOT fall to LLM
+        return { action: 'calendar_page', success: true, message: '📅 Nessun evento programmato nei prossimi 7 giorni. Scrivi "appuntamenti di [data/mese]" per cercare in un altro periodo.' };
+      } catch (e) {
+        this.log(`[direct] pagination fallback failed: ${e.message}`);
+        // CRITICAL: do NOT fall through to LLM — return error instead of
+        // letting HERALD hallucinate fake events (Giovanni's bug).
+        return { action: 'calendar_page', success: false, message: `Non riesco a leggere il calendario in questo momento (${e.message.slice(0, 100)}). Verifica la connessione Google in Settings.` };
+      }
     }
 
     // ─── ANAPHORIC delete + CONFIRMATION yes ────────────────────────────────