npm - nothumanallowed - Versions diffs - 9.3.2 → 9.3.4 - Mend

nothumanallowed 9.3.2 → 9.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/src/constants.mjs +1 -1
package/src/services/browser-engine.mjs +75 -7
package/src/services/tool-executor.mjs +11 -6

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "9.3.2",
+  "version": "9.3.4",
   "description": "NotHumanAllowed — 38 AI agents + 58 tools + browser automation + web search. Streaming chat, headless Chrome CDP, multi-conversation, export. Gmail, Calendar, Drive, GitHub, Notion, Slack. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '9.3.2';
+export const VERSION = '9.3.4';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';

package/src/services/browser-engine.mjs CHANGED Viewed

@@ -532,12 +532,17 @@ async function launchBrowser() {
   const port = await findFreePort();
+  // Realistic user agent to avoid bot detection on major sites
+  const UA = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36';
   const chromeArgs = [
     `--remote-debugging-port=${port}`,
     '--headless=new',
     `--user-data-dir=${userDataDir}`,
+    `--user-agent=${UA}`,
     '--no-first-run',
     '--no-default-browser-check',
+    '--disable-blink-features=AutomationControlled',
     '--disable-background-networking',
     '--disable-background-timer-throttling',
     '--disable-backgrounding-occluded-windows',
@@ -603,6 +608,16 @@ async function launchBrowser() {
   await ws.send('Network.enable');
   await ws.send('DOM.enable');
+  // Anti-detection: remove navigator.webdriver flag and other headless indicators
+  await ws.send('Page.addScriptToEvaluateOnNewDocument', {
+    source: `
+      Object.defineProperty(navigator, 'webdriver', { get: () => false });
+      Object.defineProperty(navigator, 'languages', { get: () => ['it-IT', 'it', 'en-US', 'en'] });
+      Object.defineProperty(navigator, 'plugins', { get: () => [1, 2, 3, 4, 5] });
+      window.chrome = { runtime: {} };
+    `,
+  });
   _browser = { process: proc, ws, wsUrl, userDataDir, port };
   // Cleanup on process exit
@@ -756,10 +771,11 @@ export async function browserScreenshot(options = {}) {
 }
 /**
- * Click an element by CSS selector or coordinates.
+ * Click an element by CSS selector, visible text, or coordinates.
  *
  * @param {object} target
  * @param {string} [target.selector] - CSS selector to click
+ * @param {string} [target.text] - Visible text of a button/link/element to click (case-insensitive partial match)
  * @param {number} [target.x] - X coordinate
  * @param {number} [target.y] - Y coordinate
  * @returns {Promise<{ clicked: boolean, selector?: string }>}
@@ -768,9 +784,44 @@ export async function browserClick(target) {
   const browser = await getBrowser();
   let x, y;
+  let label = '';
+  if (target.text) {
+    // Find element by visible text — searches buttons, links, and all clickable elements
+    const searchText = target.text;
+    const result = await browser.ws.send('Runtime.evaluate', {
+      expression: `(() => {
+        const searchText = ${JSON.stringify(searchText)}.toLowerCase();
+        // Search in priority order: buttons, links, then any visible element
+        const candidates = [
+          ...document.querySelectorAll('button, [role="button"], input[type="submit"], input[type="button"]'),
+          ...document.querySelectorAll('a'),
+          ...document.querySelectorAll('[onclick], [tabindex]'),
+        ];
+        for (const el of candidates) {
+          const text = (el.textContent || el.value || el.getAttribute('aria-label') || '').trim();
+          if (text.toLowerCase().includes(searchText) && el.offsetHeight > 0 && el.offsetWidth > 0) {
+            const rect = el.getBoundingClientRect();
+            if (rect.width > 0 && rect.height > 0) {
+              return { x: rect.x + rect.width / 2, y: rect.y + rect.height / 2, tag: el.tagName, text: text.slice(0, 60) };
+            }
+          }
+        }
+        return null;
+      })()`,
+      returnByValue: true,
+    });
-  if (target.selector) {
-    // Find element and get its center point
+    const info = result.result?.value;
+    if (!info) {
+      return { error: true, message: `No clickable element found with text "${searchText}". Try browser_extract to see visible buttons.` };
+    }
+    x = Math.round(info.x);
+    y = Math.round(info.y);
+    label = `"${info.text}" (${info.tag})`;
+  } else if (target.selector) {
+    // Find element by CSS selector and get its center point
     const result = await browser.ws.send('Runtime.evaluate', {
       expression: `(() => {
         const el = document.querySelector(${JSON.stringify(target.selector)});
@@ -789,11 +840,13 @@ export async function browserClick(target) {
     x = Math.round(info.x);
     y = Math.round(info.y);
+    label = target.selector;
   } else if (target.x !== undefined && target.y !== undefined) {
     x = target.x;
     y = target.y;
+    label = `(${x}, ${y})`;
   } else {
-    return { error: true, message: 'Provide a CSS selector or x/y coordinates' };
+    return { error: true, message: 'Provide text, CSS selector, or x/y coordinates' };
   }
   // Dispatch mouse events: move → down → up (simulates real click)
@@ -807,10 +860,25 @@ export async function browserClick(target) {
     type: 'mouseReleased', x, y, button: 'left', clickCount: 1,
   });
-  // Brief wait for any navigation or JS handlers
-  await new Promise(r => setTimeout(r, 300));
+  // Wait for any navigation or JS handlers triggered by the click
+  await new Promise(r => setTimeout(r, 500));
+  // Check if the click triggered a navigation — wait for it
+  try {
+    const navCheck = await browser.ws.send('Runtime.evaluate', {
+      expression: 'document.readyState',
+      returnByValue: true,
+    });
+    if (navCheck.result?.value === 'loading') {
+      // Page is navigating — wait for load
+      try {
+        await browser.ws.waitForEvent('Page.loadEventFired', 10000);
+        await new Promise(r => setTimeout(r, 500));
+      } catch { /* timeout ok */ }
+    }
+  } catch { /* evaluation failed during navigation, that's fine */ }
-  return { error: false, clicked: true, x, y, selector: target.selector || `(${x}, ${y})` };
+  return { error: false, clicked: true, x, y, selector: label || target.selector || `(${x}, ${y})` };
 }
 /**

package/src/services/tool-executor.mjs CHANGED Viewed

@@ -270,8 +270,8 @@ TOOLS:
 47. web_search(query: string, deep?: boolean)
     Search the web using DuckDuckGo. Returns titles, URLs, and snippets.
     Set deep=true to also fetch and extract the top 3 pages' full content (slower but more detailed).
-    Use this when the user asks about current events, recent news, or needs up-to-date information
-    that you don't have in your training data.
+    ALWAYS use this for ANY web search request ("search for X", "find X", "look up X", "cerca X").
+    Do NOT open Google/Bing in the browser for searches — use this tool instead. It's faster and never gets blocked.
 48. fetch_url(url: string)
     Fetch a web page and extract its text content. SSRF-protected (blocks private IPs, localhost).
@@ -284,16 +284,19 @@ TOOLS:
     Open a URL in a headless Chrome browser. Launches Chrome automatically on first use.
     SSRF-protected (blocks private IPs, localhost). Renders JavaScript, SPAs, and dynamic pages.
     Use this when you need to interact with a page (click, type, screenshot) or when fetch_url fails on JS-rendered content.
+    WARNING: Do NOT use this to search the web — use web_search instead. Google/Bing block automated browsers with CAPTCHAs.
 50. browser_screenshot(fullPage?: boolean, format?: "png"|"jpeg"|"webp", quality?: number, saveTo?: string)
     Capture a screenshot of the current browser page.
     fullPage=true captures the entire scrollable page. saveTo saves to a file path (e.g. "~/screenshot.png").
     Returns base64-encoded image data. Use after browser_open to see what's on screen.
-51. browser_click(selector?: string, x?: number, y?: number)
-    Click an element on the page by CSS selector or x/y coordinates.
-    Examples: selector="#submit-btn", selector="a.nav-link", selector="button:nth-of-type(2)"
-    Use coordinates for precise clicking when selector doesn't work.
+51. browser_click(text?: string, selector?: string, x?: number, y?: number)
+    Click an element on the page by visible text, CSS selector, or x/y coordinates.
+    PREFERRED: use text="Rifiuta tutto" or text="Submit" to click buttons/links by their visible label (case-insensitive partial match).
+    CSS selector: selector="#submit-btn", selector="a.nav-link"
+    Coordinates: x=500, y=300 for precise clicking.
+    Always try text first — it works for buttons, links, and any clickable element regardless of CSS structure.
 52. browser_type(text: string, selector?: string, clear?: boolean, delay?: number)
     Type text into an input field. If selector is provided, clicks the element first to focus it.
@@ -328,6 +331,7 @@ TOOLS:
     Close the browser. Frees resources. Browser auto-closes when NHA exits.
 RULES:
+- CRITICAL: For web searches ("search for X", "find X online", "look up X"), ALWAYS use web_search — NEVER open Google/Bing/DuckDuckGo in the browser. web_search is faster, more reliable, and doesn't get blocked by CAPTCHAs. Only use browser_open for interacting with specific websites (filling forms, clicking buttons, taking screenshots of specific pages).
 - For search/read operations, execute immediately and present results conversationally.
 - For write/send/delete operations (gmail_send, gmail_reply, gmail_delete, calendar_create, calendar_move, calendar_update, contact_delete, task_done, notify_remind), DESCRIBE what you're about to do and include the JSON block so the system can ask the user for confirmation.
 - For schedule_meeting and schedule_draft_email, execute immediately — these are read operations that suggest slots.
@@ -1129,6 +1133,7 @@ export async function executeTool(action, params, config) {
       if (!be.isBrowserRunning()) return 'No browser open. Use browser_open first.';
       const result = await be.browserClick({
+        text: params.text,
         selector: params.selector,
         x: params.x,
         y: params.y,