npm - nothumanallowed - Versions diffs - 3.8.0 → 4.0.1 - Mend

nothumanallowed 3.8.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/src/cli.mjs +6 -0
package/src/commands/scan.mjs +187 -0
package/src/commands/ui.mjs +14 -2
package/src/services/web-ui.mjs +104 -11

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "3.8.0",
+  "version": "4.0.1",
   "description": "NotHumanAllowed — 38 AI agents for security, code, DevOps, data & daily ops. Ask agents directly, plan your day with 5 specialist agents, manage tasks, connect Gmail + Calendar.",
   "type": "module",
   "bin": {

package/src/cli.mjs CHANGED Viewed

@@ -15,6 +15,7 @@ import { cmdOps } from './commands/ops.mjs';
 import { cmdChat } from './commands/chat.mjs';
 import { cmdUI } from './commands/ui.mjs';
 import { cmdGoogle } from './commands/google-auth.mjs';
+import { cmdScan } from './commands/scan.mjs';
 import { banner, info, ok, warn, fail, C, G, Y, D, W, BOLD, NC, M, B, R } from './ui.mjs';
 export async function main(argv) {
@@ -65,6 +66,9 @@ export async function main(argv) {
     case 'google':
       return cmdGoogle(args);
+    case 'scan':
+      return cmdScan(args);
     case 'pif':
       return cmdPif(args);
@@ -355,6 +359,8 @@ function cmdHelp() {
   console.log(`    ask oracle "prompt" ${D}--provider openai${NC}`);
   console.log(`    agents                List all 38 specialized agents`);
   console.log(`    agents info <name>    Show agent capabilities & domain`);
+  console.log(`    scan <path>           Security scan a project with SABER + ZERO`);
+  console.log(`    scan . ${D}--output report.md${NC}   Save report to file`);
   console.log(`    run "prompt"          Multi-agent collaboration (server-routed)`);
   console.log(`    run "prompt" ${D}--agents saber,zero${NC}   Collaborate with specific agents\n`);

package/src/commands/scan.mjs ADDED Viewed

@@ -0,0 +1,187 @@
+/**
+ * nha scan <path> — Scan a project with SABER + ZERO agents.
+ * Reads files, builds context, runs security + vulnerability analysis.
+ * Zero server. Direct LLM calls with your API key.
+ */
+import fs from 'fs';
+import path from 'path';
+import { loadConfig } from '../config.mjs';
+import { callAgent } from '../services/llm.mjs';
+import { fail, info, ok, warn, C, G, Y, D, W, BOLD, NC, R } from '../ui.mjs';
+const SCAN_EXTENSIONS = new Set([
+  '.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx',
+  '.py', '.rb', '.go', '.rs', '.java', '.kt',
+  '.php', '.c', '.cpp', '.h', '.cs', '.swift',
+  '.sh', '.bash', '.zsh',
+  '.json', '.yaml', '.yml', '.toml', '.ini', '.cfg',
+  '.env', '.env.example', '.env.local',
+  '.sql', '.prisma', '.graphql',
+  '.dockerfile', '.docker-compose.yml',
+  '.tf', '.hcl',
+  '.md', '.txt',
+]);
+const IGNORE_DIRS = new Set([
+  'node_modules', '.git', '.next', 'dist', 'build', 'out',
+  '__pycache__', '.venv', 'venv', 'vendor', 'target',
+  '.cache', '.turbo', 'coverage', '.nyc_output',
+]);
+const MAX_FILE_SIZE = 100_000; // 100KB per file
+const MAX_TOTAL_CHARS = 200_000; // 200KB total context
+function scanDirectory(dirPath, files = [], depth = 0) {
+  if (depth > 8) return files;
+  try {
+    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.name.startsWith('.') && entry.name !== '.env' && entry.name !== '.env.example') continue;
+      if (IGNORE_DIRS.has(entry.name)) continue;
+      const fullPath = path.join(dirPath, entry.name);
+      if (entry.isDirectory()) {
+        scanDirectory(fullPath, files, depth + 1);
+      } else if (entry.isFile()) {
+        const ext = path.extname(entry.name).toLowerCase();
+        if (SCAN_EXTENSIONS.has(ext) || entry.name === 'Dockerfile' || entry.name === 'Makefile') {
+          try {
+            const stat = fs.statSync(fullPath);
+            if (stat.size <= MAX_FILE_SIZE && stat.size > 0) {
+              files.push({ path: fullPath, size: stat.size, ext });
+            }
+          } catch {}
+        }
+      }
+    }
+  } catch {}
+  return files;
+}
+function buildProjectContext(projectPath, files) {
+  let context = `Project: ${projectPath}\nFiles scanned: ${files.length}\n\n`;
+  let totalChars = context.length;
+  // Prioritize security-relevant files first
+  const prioritized = files.sort((a, b) => {
+    const securityFiles = ['.env', 'auth', 'login', 'password', 'secret', 'token', 'key', 'security', 'middleware'];
+    const aScore = securityFiles.some(s => a.path.toLowerCase().includes(s)) ? 0 : 1;
+    const bScore = securityFiles.some(s => b.path.toLowerCase().includes(s)) ? 0 : 1;
+    return aScore - bScore;
+  });
+  for (const file of prioritized) {
+    if (totalChars >= MAX_TOTAL_CHARS) break;
+    try {
+      const content = fs.readFileSync(file.path, 'utf-8');
+      const relative = path.relative(projectPath, file.path);
+      const entry = `\n--- ${relative} (${file.size} bytes) ---\n${content.slice(0, MAX_FILE_SIZE)}\n`;
+      if (totalChars + entry.length > MAX_TOTAL_CHARS) {
+        const remaining = MAX_TOTAL_CHARS - totalChars;
+        context += entry.slice(0, remaining) + '\n[... truncated ...]\n';
+        break;
+      }
+      context += entry;
+      totalChars += entry.length;
+    } catch {}
+  }
+  return context;
+}
+export async function cmdScan(args) {
+  const projectPath = args[0] ? path.resolve(args[0]) : process.cwd();
+  if (!fs.existsSync(projectPath) || !fs.statSync(projectPath).isDirectory()) {
+    fail(`Not a directory: ${projectPath}`);
+    process.exit(1);
+  }
+  const config = loadConfig();
+  if (!config.llm.apiKey) {
+    fail('No API key configured. Run: nha config set key YOUR_KEY');
+    process.exit(1);
+  }
+  // Parse flags
+  let agents = ['saber', 'zero'];
+  let outputFile = null;
+  for (let i = 1; i < args.length; i++) {
+    if (args[i] === '--agents' && args[i + 1]) { agents = args[++i].split(','); continue; }
+    if (args[i] === '--output' && args[i + 1]) { outputFile = args[++i]; continue; }
+    if (args[i] === '-o' && args[i + 1]) { outputFile = args[++i]; continue; }
+  }
+  console.log(`\n  ${BOLD}NHA Project Scanner${NC}`);
+  console.log(`  ${D}Path: ${projectPath}${NC}\n`);
+  // Scan files
+  info('Scanning project files...');
+  const files = scanDirectory(projectPath);
+  ok(`Found ${files.length} scannable files`);
+  if (files.length === 0) {
+    warn('No source files found.');
+    return;
+  }
+  // Show file breakdown
+  const extCounts = {};
+  for (const f of files) {
+    extCounts[f.ext] = (extCounts[f.ext] || 0) + 1;
+  }
+  const breakdown = Object.entries(extCounts).sort((a, b) => b[1] - a[1]).slice(0, 8);
+  console.log(`  ${D}${breakdown.map(([e, c]) => `${e}: ${c}`).join(' | ')}${NC}\n`);
+  // Build context
+  info('Building project context...');
+  const context = buildProjectContext(projectPath, files);
+  ok(`Context: ${(context.length / 1024).toFixed(0)} KB from ${files.length} files`);
+  // Run agents
+  const results = {};
+  for (const agentName of agents) {
+    info(`Running ${agentName.toUpperCase()}...`);
+    const startTime = Date.now();
+    try {
+      const result = await callAgent(config, agentName,
+        `Perform a thorough analysis of this project. Focus on:\n` +
+        `- Security vulnerabilities (OWASP Top 10, CWE references)\n` +
+        `- Hardcoded secrets, API keys, passwords\n` +
+        `- Dependency risks, outdated patterns\n` +
+        `- Authentication/authorization issues\n` +
+        `- Input validation, injection vectors\n` +
+        `- Configuration security\n` +
+        `- Code quality issues that impact security\n\n` +
+        `PROJECT FILES:\n${context}`
+      );
+      const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+      results[agentName] = result;
+      ok(`${agentName.toUpperCase()} complete (${elapsed}s)`);
+    } catch (e) {
+      warn(`${agentName.toUpperCase()} failed: ${e.message}`);
+      results[agentName] = `Error: ${e.message}`;
+    }
+  }
+  // Display results
+  console.log(`\n${'='.repeat(60)}`);
+  for (const [agent, result] of Object.entries(results)) {
+    console.log(`\n  ${BOLD}${C}${agent.toUpperCase()} REPORT${NC}\n`);
+    console.log(result);
+    console.log(`\n${'─'.repeat(60)}`);
+  }
+  // Save to file if requested
+  if (outputFile) {
+    const report = Object.entries(results)
+      .map(([agent, result]) => `# ${agent.toUpperCase()} REPORT\n\n${result}`)
+      .join('\n\n---\n\n');
+    const header = `# NHA Security Scan Report\n\nProject: ${projectPath}\nDate: ${new Date().toISOString()}\nAgents: ${agents.join(', ')}\nFiles scanned: ${files.length}\n\n---\n\n`;
+    fs.writeFileSync(outputFile, header + report, 'utf-8');
+    ok(`Report saved to ${outputFile}`);
+  }
+  console.log('');
+}

package/src/commands/ui.mjs CHANGED Viewed

@@ -651,8 +651,20 @@ export async function cmdUI(args) {
             }
           } catch { /* context loading failed, proceed without it */ }
-          const enrichedPrompt = body.prompt + (context
-            ? '\n\nIMPORTANT: Below is the user\'s REAL personal data (emails, calendar, tasks). Use this actual data in your analysis — do NOT make up fictional examples.\n' + context
+          // Attach file content if provided
+          let fileContext = '';
+          if (body.fileContent && body.fileName) {
+            const maxChars = 100000;
+            const content = String(body.fileContent).slice(0, maxChars);
+            fileContext = '\n\n--- Attached file: ' + body.fileName + ' ---\n' + content;
+            if (body.fileContent.length > maxChars) fileContext += '\n[... truncated at 100KB ...]';
+          }
+          const enrichedPrompt = body.prompt + fileContext + (context
+            ? '\n\nIMPORTANT CONTEXT: The data below is from the user\'s OWN accounts (their Gmail, their Google Calendar, their tasks). The user is the OWNER of these accounts. ' +
+              'Recent activity (npm publishes, Google login alerts, GitHub notifications) was done BY THE USER THEMSELVES as part of their normal work. ' +
+              'Do NOT flag the user\'s own legitimate activity as suspicious or compromised. ' +
+              'Only flag ACTUAL external threats: phishing emails from unknown senders, suspicious links, unauthorized access from unknown locations.\n' + context
             : '');
           const response = await callAgent(config, body.agent, enrichedPrompt);

package/src/services/web-ui.mjs CHANGED Viewed

@@ -122,12 +122,15 @@ input:focus,textarea:focus{border-color:var(--green3)}
 .event__location{color:var(--dim);font-size:11px}
 /* ---- AGENTS ---- */
-.agents-grid{display:grid;grid-template-columns:repeat(auto-fill,minmax(140px,1fr));gap:8px}
-@media(min-width:901px){.agents-grid{grid-template-columns:repeat(auto-fill,minmax(180px,1fr))}}
-.agent-card{padding:12px;text-align:center;cursor:pointer;transition:border-color .15s}
-.agent-card:hover{border-color:var(--green3)}
-.agent-card__name{color:var(--green);font-weight:700;font-size:13px;margin-bottom:4px}
-.agent-card__cat{font-size:9px;color:var(--dim);text-transform:uppercase}
+.agents-grid{display:grid;grid-template-columns:repeat(2,1fr);gap:10px}
+@media(min-width:600px){.agents-grid{grid-template-columns:repeat(3,1fr)}}
+@media(min-width:901px){.agents-grid{grid-template-columns:repeat(4,1fr)}}
+.agent-card{aspect-ratio:1;padding:14px;text-align:center;cursor:pointer;transition:border-color .15s,transform .15s;display:flex;flex-direction:column;align-items:center;justify-content:center;gap:6px}
+.agent-card:hover{border-color:var(--green3);transform:scale(1.03)}
+.agent-card__icon{font-size:28px;line-height:1}
+.agent-card__name{color:var(--green);font-weight:700;font-size:13px}
+.agent-card__tagline{font-size:10px;color:var(--text);line-height:1.3;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical;overflow:hidden}
+.agent-card__cat{font-size:9px;color:var(--dim);text-transform:uppercase;margin-top:auto}
 /* ---- MODAL ---- */
 .modal-overlay{display:none;position:fixed;inset:0;background:rgba(0,0,0,0.7);z-index:300;align-items:center;justify-content:center}
@@ -475,32 +478,73 @@ function openDayDetail(dateStr){
   // Use the agent modal for day detail
   document.getElementById('modalName').textContent=dayLabel;
   document.getElementById('modalPrompt').style.display='none';
+  document.getElementById('fileDropZone').style.display='none';
+  document.getElementById('fileInfo').style.display='none';
   document.getElementById('modalResponse').style.display='block';
   document.getElementById('modalResponse').innerHTML=h;
   document.getElementById('agentModal').classList.add('modal-overlay--open');
-  // Hide ask button
   var sendBtn=document.getElementById('agentModal').querySelector('.btn--primary');
   if(sendBtn)sendBtn.style.display='none';
 }
 // ---- AGENTS ----
+var AGENT_ICONS = {
+  saber:'\\u{1F6E1}',zero:'\\u{1F50D}',veritas:'\\u2713',ade:'\\u{1F52C}',heimdall:'\\u{1F512}',
+  jarvis:'\\u{1F4BB}',forge:'\\u2699',pipe:'\\u{1F527}',shell:'\\u{1F4DF}',glitch:'\\u{1F41B}',
+  oracle:'\\u{1F4CA}',logos:'\\u{1F9EE}',atlas:'\\u{1F5FA}',cartographer:'\\u{1F30D}',
+  scheherazade:'\\u270D',quill:'\\u{1F4DD}',muse:'\\u{1F3A8}',murasaki:'\\u{1F58C}',
+  hermes:'\\u{1F517}',link:'\\u{1F50C}',mercury:'\\u{1F310}',
+  shogun:'\\u2638',flux:'\\u{1F504}',cron:'\\u23F0',
+  babel:'\\u{1F30E}',polyglot:'\\u{1F5E3}',herald:'\\u{1F4E2}',
+  echo:'\\u{1F4E1}',macro:'\\u26A1',
+  prometheus:'\\u{1F525}',cassandra:'\\u26A0',athena:'\\u{1F9E0}',sauron:'\\u{1F441}',conductor:'\\u{1F3BC}',
+  navi:'\\u{1F9ED}',edi:'\\u{1F4C8}',tempest:'\\u26C8',epicure:'\\u{1F37D}'
+};
 function renderAgents(el){
   if(agentsList.length===0){el.innerHTML='<div style="text-align:center;padding:40px"><div class="spinner"></div><div style="color:var(--dim)">Loading agents...</div></div>';loadAgents().then(function(){renderAgents(el)});return}
-  var h='<div class="agents-grid">';
-  agentsList.forEach(function(a){
-    h+='<div class="card agent-card" onclick="openAgent(\\''+esc(a.name||a.agentName)+'\\',\\''+esc(a.displayName||a.name)+'\\')"><div class="agent-card__name">'+esc(a.displayName||a.name)+'</div><div class="agent-card__cat">'+esc(a.category||'')+'</div></div>';
+  // Category filter
+  var cats={};agentsList.forEach(function(a){var c=a.category||'other';cats[c]=(cats[c]||0)+1});
+  var h='<div style="display:flex;flex-wrap:wrap;gap:6px;margin-bottom:14px">';
+  h+='<button class="btn btn--secondary" style="font-size:11px" onclick="agentFilter=null;renderAgents(document.getElementById(\\x27content\\x27))">All ('+agentsList.length+')</button>';
+  Object.keys(cats).sort().forEach(function(c){
+    h+='<button class="btn btn--secondary" style="font-size:11px" onclick="agentFilter=\\x27'+esc(c)+'\\x27;renderAgents(document.getElementById(\\x27content\\x27))">'+esc(c)+' ('+cats[c]+')</button>';
+  });
+  h+='</div>';
+  var filtered=agentFilter?agentsList.filter(function(a){return a.category===agentFilter}):agentsList;
+  h+='<div class="agents-grid">';
+  filtered.forEach(function(a){
+    var name=a.name||a.agentName;
+    var display=a.displayName||name;
+    var icon=AGENT_ICONS[name.toLowerCase()]||'\\u{1F916}';
+    var tagline=a.tagline||a.description||'';
+    var cat=a.category||'';
+    h+='<div class="card agent-card" onclick="openAgent(\\''+esc(name)+'\\',\\''+esc(display)+'\\')">'+
+      '<div class="agent-card__icon">'+icon+'</div>'+
+      '<div class="agent-card__name">'+esc(display)+'</div>'+
+      '<div class="agent-card__tagline">'+esc(tagline.slice(0,60))+'</div>'+
+      '<div class="agent-card__cat">'+esc(cat)+'</div>'+
+    '</div>';
   });
   h+='</div>';
   el.innerHTML=h;
 }
+var agentFilter=null;
 function openAgent(name,display){
   selectedAgent=name;
+  attachedFileContent=null;attachedFileName=null;
   document.getElementById('modalName').textContent=display||name;
   document.getElementById('modalPrompt').value='';
   document.getElementById('modalPrompt').style.display='';
   document.getElementById('modalResponse').style.display='none';
   document.getElementById('modalResponse').textContent='';
   document.getElementById('modalResponse').innerHTML='';
+  document.getElementById('fileInfo').style.display='none';
+  document.getElementById('fileDropZone').style.display='';
+  document.getElementById('fileDropZone').style.borderColor='var(--border2)';
+  document.getElementById('fileInput').value='';
   var sendBtn=document.getElementById('agentModal').querySelector('.btn--primary');
   if(sendBtn)sendBtn.style.display='';
   document.getElementById('agentModal').classList.add('modal-overlay--open');
@@ -508,12 +552,56 @@ function openAgent(name,display){
 function closeModal(){
   document.getElementById('agentModal').classList.remove('modal-overlay--open');
 }
+var attachedFileContent = null;
+var attachedFileName = null;
+function handleFileDrop(e) {
+  var file = e.dataTransfer.files[0];
+  if (file) readFile(file);
+}
+function handleFileSelect(input) {
+  var file = input.files[0];
+  if (file) readFile(file);
+}
+function readFile(file) {
+  if (file.size > 500000) {
+    document.getElementById('fileInfo').style.display = 'block';
+    document.getElementById('fileInfo').textContent = 'File too large (max 500KB)';
+    document.getElementById('fileInfo').style.color = 'var(--red)';
+    return;
+  }
+  var reader = new FileReader();
+  reader.onload = function(e) {
+    attachedFileContent = e.target.result;
+    attachedFileName = file.name;
+    var info = document.getElementById('fileInfo');
+    info.style.display = 'block';
+    info.style.color = 'var(--cyan)';
+    info.textContent = 'Attached: ' + file.name + ' (' + (file.size / 1024).toFixed(1) + ' KB)';
+    document.getElementById('fileDropZone').style.borderColor = 'var(--green)';
+  };
+  reader.readAsText(file);
+}
 function askAgent(){
   var p=document.getElementById('modalPrompt').value.trim();if(!p||!selectedAgent)return;
   var resp=document.getElementById('modalResponse');
   resp.style.display='block';resp.textContent='Thinking...';
-  apiPost('/api/ask',{agent:selectedAgent,prompt:p}).then(function(r){
+  var payload = {agent:selectedAgent, prompt:p};
+  if (attachedFileContent) {
+    payload.fileContent = attachedFileContent;
+    payload.fileName = attachedFileName;
+  }
+  apiPost('/api/ask', payload).then(function(r){
     resp.textContent=(r&&r.response)||'Error: no response';
+    // Reset file after ask
+    attachedFileContent = null;
+    attachedFileName = null;
+    document.getElementById('fileInfo').style.display = 'none';
+    document.getElementById('fileDropZone').style.borderColor = 'var(--border2)';
+    document.getElementById('fileInput').value = '';
   });
 }
@@ -587,6 +675,11 @@ init();
     </div>
     <div class="modal__body">
       <textarea id="modalPrompt" placeholder="Ask this agent something..."></textarea>
+      <div id="fileDropZone" style="border:2px dashed var(--border2);border-radius:6px;padding:12px;text-align:center;color:var(--dim);font-size:11px;cursor:pointer;margin-bottom:10px;transition:border-color .2s" onclick="document.getElementById('fileInput').click()" ondragover="event.preventDefault();this.style.borderColor='var(--green)'" ondragleave="this.style.borderColor='var(--border2)'" ondrop="event.preventDefault();this.style.borderColor='var(--border2)';handleFileDrop(event)">
+        Drop a file here or click to attach
+        <input type="file" id="fileInput" style="display:none" onchange="handleFileSelect(this)">
+      </div>
+      <div id="fileInfo" style="display:none;font-size:10px;color:var(--cyan);margin-bottom:8px"></div>
       <div class="modal__response" id="modalResponse" style="display:none"></div>
     </div>
     <div class="modal__footer">