{"id":"adoslabsproject-gif-nothumanallowed","name":"nothumanallowed","homepage":"https://nothumanallowed.com","repo_url":"https://github.com/adoslabsproject-gif/nothumanallowed","category":"ai-ml","subcategories":[],"tags":["ai-agents","mcp","multi-agent","security","cli","rest-api","local-first","voice","gmail","outlook","plugins"],"what_it_does":"Command-line and locally-run AI-agent platform with many “specialist” agents plus a REST API for invoking agents/agent chains; includes integrations for Gmail/Calendar and Outlook, a local web UI, optional voice chat, and an extensibility/plugin system. Claims “zero data” via local processing and supports LLM calls using user-provided API keys.","use_cases":["Security auditing and threat modeling for code and dependencies","Automated code review and remediation planning","Daily ops for email/calendar/task summarization and alerts","Generating project documentation and content formatting","Local or semi-local multi-agent workflows via REST invoke endpoints","Integrating an agent toolkit into a custom app via HTTP calls"],"not_for":["High-assurance environments without independent verification of the security model","Cases requiring strict, formally documented privacy guarantees (beyond the README claims)","Production deployments needing documented SLAs/operational guarantees","Organizations that require OAuth SSO or enterprise-grade RBAC/SCIM"],"best_when":"You want a CLI-first agent workflow (possibly local) plus an HTTP API for agent invocation, and you’re comfortable managing your own LLM provider keys/config.","avoid_when":"You cannot verify what is truly “local” in practice (e.g., network egress/telemetry policies), or you need clearly specified rate limits, pagination, and error semantics for programmatic use.","alternatives":["OpenAI/Claude/Gemini tool-using agents with your own orchestration","LangGraph/LangChain-style multi-agent frameworks","Self-hosted agent frameworks with explicit evals, RBAC, and observability (e.g., custom orchestration)"],"af_score":34.8,"security_score":41.2,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:52:15.472249+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API key for selected LLM provider via nha config set key <...>","Telegram bot token (nha config set telegram-bot-token <...>)","Discord bot token (nha config set discord-bot-token <...>)","Outlook auth (nha microsoft auth)"],"oauth":false,"scopes":false,"notes":"Auth for the described REST endpoints is not clearly specified in the README excerpts (no explicit auth headers/keys shown for api/v1 endpoints). Outlook integration suggests OAuth flow, but concrete scopes/controls are not documented in provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"README implies cost depends on the chosen LLM provider key you supply; no pricing tiers for the package itself are provided in the excerpt."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":34.8,"security_score":41.2,"reliability_score":25.0,"mcp_server_quality":0.0,"documentation_accuracy":35.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":50.0,"rate_limit_clarity":0.0,"tls_enforcement":70.0,"auth_strength":45.0,"scope_granularity":30.0,"dependency_hygiene":20.0,"secret_handling":35.0,"security_notes":"Security posture claims are prominent (Ed25519 auth, SENTINEL WAF, “100% local”, zero deps), but the provided excerpts do not include concrete technical verification: no explicit API auth scheme for api/v1 endpoints, no documented threat model, no logging/telemetry controls, and no operational security details for the local daemon/UI. Secret handling guidance is not shown (e.g., whether tokens are ever logged). Rate limiting and output safety controls are not documented in the excerpt.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":0.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["README claims “zero dependencies”, but the code-level dependency/security posture is not verifiable from provided content.","REST auth, rate limiting, and error response schema are not documented in the excerpt; agents may fail in non-obvious ways.","“100% local/zero data” is a claim; actual egress depends on configuration (LLM providers, optional Whisper, browser-based voice).","Multi-agent orchestration costs/latency may be high without explicit controls/limits.","Plugins are described as having access to Gmail/Calendar/Tasks; unsafe plugin code could create security risks without isolation/sandboxing."]}}