nothumanallowed 9.4.15 → 9.5.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "9.4.15",
+  "version": "9.5.1",
   "description": "NotHumanAllowed — 38 AI agents + 58 tools + browser automation + web search. Streaming chat, headless Chrome CDP, multi-conversation, export. Gmail, Calendar, Drive, GitHub, Notion, Slack. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs

@@ -253,6 +253,22 @@ export async function cmdUI(args) {
         return;
       }
 
+      // POST /api/google/auth — trigger Google OAuth flow from web UI
+      if (method === 'POST' && pathname === '/api/google/auth') {
+        try {
+          const { runAuthFlow } = await import('../services/google-oauth.mjs');
+          // Run auth flow in background — opens browser
+          runAuthFlow(config).then(success => {
+            if (success) config._googleConnected = true;
+          }).catch(() => {});
+          sendJSON(res, 200, { ok: true, message: 'OAuth flow started. Check the browser window that opened.' });
+        } catch (e) {
+          sendJSON(res, 500, { error: e.message });
+        }
+        logRequest(method, pathname, 200, Date.now() - start);
+        return;
+      }
+
       // GET /api/health — simple health check
       if (method === 'GET' && pathname === '/api/health') {
         sendJSON(res, 200, { ok: true, version: VERSION });

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '9.4.15';
+export const VERSION = '9.5.1';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/services/google-oauth.mjs

@@ -11,8 +11,9 @@ import os from 'os';
 import { saveTokens, loadTokens, deleteTokens } from './token-store.mjs';
 import { info, ok, fail, warn } from '../ui.mjs';
 
-// NHA published OAuth client (Desktop app type — client_id is not a secret)
-const DEFAULT_CLIENT_ID = ''; // Will be set when Google Cloud project is verified
+// NHA published OAuth client — same credentials as the mobile app
+const DEFAULT_CLIENT_ID = '740354841334-o0l6rhkn900jtjtfcls3bkr2n9f1l3tt.apps.googleusercontent.com';
+const DEFAULT_CLIENT_SECRET = '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';
 const SCOPES = [
   'https://www.googleapis.com/auth/gmail.modify',
   'https://www.googleapis.com/auth/gmail.send',
@@ -79,7 +80,7 @@ function waitForCallback(state, port) {
         return;
       }
 
-      if (!code || returnedState !== state) {
+      if (!code || !returnedState?.startsWith(state.split('|')[0])) {
         res.writeHead(400, { 'Content-Type': 'text/html' });
         res.end('<html><body><h2>Invalid callback</h2><p>Missing code or state mismatch.</p></body></html>');
         server.close();
@@ -159,20 +160,7 @@ async function getUserEmail(accessToken) {
  */
 export async function runAuthFlow(config) {
   const clientId = config.google?.clientId || DEFAULT_CLIENT_ID;
-  const clientSecret = config.google?.clientSecret || '';
-
-  if (!clientId) {
-    fail('Google OAuth client ID not configured.');
-    info('Get credentials from Google Cloud Console:');
-    info('  1. Go to https://console.cloud.google.com/apis/credentials');
-    info('  2. Create an OAuth 2.0 Client ID (Desktop app type)');
-    info('  3. Enable Gmail API and Calendar API');
-    info('  4. Run:');
-    info('     nha config set google-client-id YOUR_CLIENT_ID');
-    info('     nha config set google-client-secret YOUR_CLIENT_SECRET');
-    info('  5. Run: nha google auth');
-    return false;
-  }
+  const clientSecret = config.google?.clientSecret || DEFAULT_CLIENT_SECRET;
 
   // Find available port
   let port = 0;
@@ -192,13 +180,16 @@ export async function runAuthFlow(config) {
     return false;
   }
 
-  const redirectUri = `http://127.0.0.1:${port}/callback`;
+  // Use our server as OAuth redirect (same as mobile app)
+  // The callback page extracts the code and redirects to localhost
+  const serverRedirectUri = 'https://nothumanallowed.com/auth/callback';
+  const localCallbackUrl = `http://127.0.0.1:${port}/callback`;
   const { verifier, challenge } = generatePKCE();
-  const state = crypto.randomBytes(32).toString('hex');
+  const state = crypto.randomBytes(32).toString('hex') + `|localhost:${port}`;
 
   const authUrl = new URL('https://accounts.google.com/o/oauth2/v2/auth');
   authUrl.searchParams.set('client_id', clientId);
-  authUrl.searchParams.set('redirect_uri', redirectUri);
+  authUrl.searchParams.set('redirect_uri', serverRedirectUri);
   authUrl.searchParams.set('response_type', 'code');
   authUrl.searchParams.set('scope', SCOPES);
   authUrl.searchParams.set('state', state);
@@ -215,7 +206,7 @@ export async function runAuthFlow(config) {
     const { code } = await waitForCallback(state, port);
     info('Authorization code received. Exchanging for tokens...');
 
-    const tokenData = await exchangeCode(code, verifier, clientId, clientSecret, redirectUri);
+    const tokenData = await exchangeCode(code, verifier, clientId, clientSecret, serverRedirectUri);
     const email = await getUserEmail(tokenData.access_token);
 
     const tokens = {

package/src/services/web-ui.mjs

@@ -314,11 +314,11 @@ function apiPatch(p){return fetch(API+p,{method:'PATCH'}).then(function(r){retur
 
 // ---- LOAD DATA ----
 function loadDash(){
-  return Promise.all([apiGet('/api/status'),apiGet('/api/emails'),apiGet('/api/calendar'),apiGet('/api/tasks')]).then(function(r){
-    dash.status=r[0];dash.emails=(r[1]&&r[1].emails)||[];dash.events=(r[2]&&r[2].events)||[];dash.tasks=(r[3]&&r[3].tasks)||[];
-    dashLoaded.emails=true;dashLoaded.events=true;dashLoaded.tasks=true;
-    updateBadges();
-  });
+  // Load each API independently — render as each arrives (emails are slow)
+  apiGet('/api/status').then(function(r){dash.status=r;render()});
+  apiGet('/api/tasks').then(function(r){dash.tasks=(r&&r.tasks)||[];dashLoaded.tasks=true;updateBadges();render()});
+  apiGet('/api/calendar').then(function(r){dash.events=(r&&r.events)||[];dashLoaded.events=true;updateBadges();render()});
+  return apiGet('/api/emails').then(function(r){dash.emails=(r&&r.emails)||[];dashLoaded.emails=true;updateBadges();render()});
 }
 function loadAgents(){return apiGet('/api/agents').then(function(r){agentsList=(r&&r.agents)||[]})}
 function updateBadges(){
@@ -361,14 +361,14 @@ function render(){
 
 // ---- DASHBOARD ----
 function renderDash(el){
-  if(!dashLoaded.emails){el.innerHTML=loadingHTML('dashboard');return}
+  if(!dashLoaded.tasks&&!dashLoaded.events&&!dashLoaded.emails){el.innerHTML=loadingHTML('dashboard');return}
   var t=dash.tasks,e=dash.emails,ev=dash.events;
   var done=t.filter(function(x){return x.status==='done'}).length;
   var pend=t.length-done;
   var pct=t.length>0?Math.round(done/t.length*100):0;
   var h='<div class="dash-grid">'+
     '<div class="card"><div class="card__title">Tasks</div><div class="card__value">'+pend+'</div><div class="card__sub">'+done+'/'+t.length+' done ('+pct+'%)</div></div>'+
-    '<div class="card"><div class="card__title">Emails</div><div class="card__value">'+e.length+'</div><div class="card__sub">'+(e.length>0?esc(e[0].from):'Inbox zero')+'</div></div>'+
+    '<div class="card"><div class="card__title">Emails</div><div class="card__value">'+(dashLoaded.emails?e.length:'<span class="spinner" style="width:14px;height:14px;display:inline-block;vertical-align:middle"></span>')+'</div><div class="card__sub">'+(dashLoaded.emails?(e.length>0?esc(e[0].from):'Inbox zero'):'Loading...')+'</div></div>'+
     '<div class="card"><div class="card__title">Events</div><div class="card__value">'+ev.length+'</div><div class="card__sub">'+(ev.length>0?esc(ev[0].summary):'No events')+'</div></div>'+
     '<div class="card"><div class="card__title">Agents</div><div class="card__value">38</div><div class="card__sub">Ready</div></div>'+
   '</div>';
@@ -1498,9 +1498,26 @@ function renderSettings(el) {
       ['summary-time', 'Summary Time', '18:00'],
       ['meeting-alert', 'Meeting Alert (minutes)', '30'],
     ]) +
+    '<div class="card" style="margin-top:16px"><div class="card__title">Google Account</div>' +
+    '<div style="font-size:11px;color:var(--dim);margin-bottom:8px">Connect Gmail, Calendar, Drive, Contacts, and Tasks. Opens a browser window for Google sign-in.</div>' +
+    (settingsData.hasGoogle ? '<div style="color:var(--green);font-size:12px;margin-bottom:8px">\\u2705 Connected</div>' : '') +
+    '<button onclick="connectGoogle()" style="background:var(--green3);color:var(--bg);padding:8px 20px;border-radius:var(--r);font-weight:700;font-size:12px;cursor:pointer;border:none">' + (settingsData.hasGoogle ? 'Reconnect Google' : 'Connect Google') + '</button>' +
+    '<div id="googleStatus" style="margin-top:8px;font-size:10px;color:var(--dim)"></div>' +
+    '</div>' +
   '</div>';
 }
 
+function connectGoogle() {
+  var s = document.getElementById('googleStatus');
+  if (s) s.textContent = 'Starting Google sign-in...';
+  apiPost('/api/google/auth', {}).then(function(r) {
+    if (s) s.textContent = r.message || 'Check the browser window that opened.';
+    if (s) s.style.color = 'var(--green)';
+  }).catch(function(e) {
+    if (s) { s.textContent = 'Error: ' + e.message; s.style.color = 'var(--red)'; }
+  });
+}
+
 function settingsSection(id, title, desc, fields) {
   var h = '<form class="card" style="margin-bottom:16px" id="settings-' + id + '" onsubmit="event.preventDefault();saveSettingsSection(\\x27' + id + '\\x27)">' +
     '<div class="card__title" style="color:var(--green);font-size:14px;margin-bottom:4px">' + esc(title) + '</div>' +