network-ai 5.12.3 → 5.12.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/INTEGRATION_GUIDE.md +1 -1
- package/README.md +1 -1
- package/SKILL.md +15 -5
- package/package.json +1 -1
- package/socket.json +36 -0
package/INTEGRATION_GUIDE.md
CHANGED
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
[](https://network-ai.org/)
|
|
6
6
|
[](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
|
|
7
7
|
[](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
|
|
8
|
-
[](https://github.com/Jovancoding/Network-AI/releases)
|
|
9
9
|
[](https://www.npmjs.com/package/network-ai)
|
|
10
10
|
[](#testing)
|
|
11
11
|
[](#adapter-system)
|
package/SKILL.md
CHANGED
|
@@ -278,10 +278,20 @@ python {baseDir}/scripts/context_manager.py update \
|
|
|
278
278
|
|
|
279
279
|
## When to Use This Skill
|
|
280
280
|
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
- **
|
|
281
|
+
Use this skill when the task requires **local, file-based** multi-agent coordination within a single trusted workspace. All 6 bundled Python scripts run locally with zero network calls, zero subprocesses, and zero third-party packages.
|
|
282
|
+
|
|
283
|
+
### Use for
|
|
284
|
+
- **Task Delegation** — decompose complex work into sub-tasks routed to named in-session agents (`data_analyst`, `strategy_advisor`, `risk_assessor`)
|
|
285
|
+
- **Parallel Execution** — run multiple local agents simultaneously and synthesize results via the shared blackboard
|
|
286
|
+
- **Permission Wall** — score and gate access to abstract resource labels (`DATABASE`, `PAYMENTS`, `EMAIL`, `FILE_EXPORT`) before performing sensitive local operations
|
|
287
|
+
- **Shared Blackboard** — coordinate ephemeral task state across in-session agents via a persistent markdown file
|
|
288
|
+
|
|
289
|
+
### Do NOT use for
|
|
290
|
+
- External API or network service calls — the bundled Python scripts make **zero outbound network calls**
|
|
291
|
+
- Production identity or authorization — grant tokens are **advisory scoring outputs only**, not authenticated credentials; do not use as real access control
|
|
292
|
+
- Shell command execution or agent spawning — those capabilities require the TypeScript library (`npm install network-ai`) with operator-level `AgentRuntime` + `SandboxPolicy` configuration; they are **never activated by this skill**
|
|
293
|
+
- Starting an MCP or HTTP server — the optional MCP server (`bin/mcp-server.ts`) is an npm-package feature that must be explicitly started by the operator; it is **not part of this skill bundle**
|
|
294
|
+
- Any task solvable with a single direct tool call — this skill adds coordination overhead and is only appropriate when multiple agents must share state
|
|
285
295
|
|
|
286
296
|
## Quick Start
|
|
287
297
|
|
|
@@ -755,7 +765,7 @@ The following findings are drawn from the **MAESTRO Agent Security Threat** fram
|
|
|
755
765
|
|
|
756
766
|
| Control | How Network-AI addresses it |
|
|
757
767
|
|---|---|
|
|
758
|
-
| **Exact version pinning** | npm `package.json` uses exact `"version": "5.12.
|
|
768
|
+
| **Exact version pinning** | npm `package.json` uses exact `"version": "5.12.4"` — no semver range specifiers; `clawhub install network-ai` pins to a specific published version |
|
|
759
769
|
| **Zero transitive dependency drift** | All bundled Python scripts use Python stdlib only — `pip install` is never required; there are no third-party packages to drift, be compromised upstream, or introduce CVEs |
|
|
760
770
|
| **Signed, tagged releases** | Every release is committed with a signed Git tag (`v5.7.x`); commit hash is verifiable against CHANGELOG.md; GitHub releases link tag → diff → changelog entry |
|
|
761
771
|
| **Supply chain monitoring** | npm package continuously scored by Socket.dev (score A); any new dependency or permission change triggers an alert |
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "network-ai",
|
|
3
|
-
"version": "5.12.
|
|
3
|
+
"version": "5.12.4",
|
|
4
4
|
"description": "AI agent orchestration framework for TypeScript/Node.js - 29 adapters (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Computer Use, OpenAI Agents SDK, Vertex AI, Pydantic AI, Browser Agent, Hermes, Orchestrator, RLM + streaming variants). Built-in CLI, security, swarm intelligence, real-time streaming, and agentic workflow patterns.",
|
|
5
5
|
"homepage": "https://network-ai.org",
|
|
6
6
|
"main": "dist/index.js",
|
package/socket.json
CHANGED
|
@@ -257,6 +257,26 @@
|
|
|
257
257
|
{
|
|
258
258
|
"path": "dist/esm/lib/work-tree-dashboard.js",
|
|
259
259
|
"reason": "Intentional — ESM build output of WorkTreeDashboard; flagged via transitive imports. It makes no direct outbound HTTP calls."
|
|
260
|
+
},
|
|
261
|
+
{
|
|
262
|
+
"path": "dist/adapters/a2a-adapter.d.ts",
|
|
263
|
+
"reason": "False positive — TypeScript declaration file; contains no executable code and makes no network calls. Flagged because the corresponding .js implementation uses fetch."
|
|
264
|
+
},
|
|
265
|
+
{
|
|
266
|
+
"path": "dist/lib/approval-inbox.d.ts",
|
|
267
|
+
"reason": "False positive — TypeScript declaration file; contains no executable code and makes no network calls. Flagged via import-graph association with the .js implementation."
|
|
268
|
+
},
|
|
269
|
+
{
|
|
270
|
+
"path": "dist/esm/adapters/aps-adapter.js",
|
|
271
|
+
"reason": "Intentional — ESM build output of APSAdapter. It talks only to a caller-configured verifier endpoint when that verification mode is enabled."
|
|
272
|
+
},
|
|
273
|
+
{
|
|
274
|
+
"path": "dist/esm/adapters/hermes-adapter.js",
|
|
275
|
+
"reason": "Intentional — ESM build output of HermesAdapter. Uses fetch for its built-in OpenAI-compatible completion transport; calls only the URL supplied by the caller."
|
|
276
|
+
},
|
|
277
|
+
{
|
|
278
|
+
"path": "dist/esm/adapters/rlm-adapter.js",
|
|
279
|
+
"reason": "Intentional — ESM build output of RLMAdapter. Uses fetch for outbound HTTP calls to caller-supplied RLM endpoints."
|
|
260
280
|
}
|
|
261
281
|
],
|
|
262
282
|
"urlStrings": [
|
|
@@ -381,6 +401,22 @@
|
|
|
381
401
|
{
|
|
382
402
|
"path": "dist/esm/lib/mcp-tool-consumer.js",
|
|
383
403
|
"reason": "Intentional — ESM build output of McpToolConsumer. Imports child_process to launch caller-configured MCP server subprocesses for stdio transport."
|
|
404
|
+
},
|
|
405
|
+
{
|
|
406
|
+
"path": "dist/examples/05-code-review-swarm.js",
|
|
407
|
+
"reason": "Intentional — compiled output of the code-review example script. Uses child_process (execSync) to run TypeScript type-checking as part of the example workflow. Not part of the core library and never activated by importing the package."
|
|
408
|
+
},
|
|
409
|
+
{
|
|
410
|
+
"path": "dist/esm/examples/05-code-review-swarm.js",
|
|
411
|
+
"reason": "Intentional — ESM build output of the code-review example script. Same as the CJS variant — uses child_process for tsc type-checking in a developer example. Not activated by importing the package."
|
|
412
|
+
},
|
|
413
|
+
{
|
|
414
|
+
"path": "dist/run.js",
|
|
415
|
+
"reason": "Intentional — compiled output of run.ts, the local orchestrator bootstrap script. May spawn sub-processes as part of its demo workflow. Invoked directly by the operator, never imported as a library."
|
|
416
|
+
},
|
|
417
|
+
{
|
|
418
|
+
"path": "dist/esm/run.js",
|
|
419
|
+
"reason": "Intentional — ESM build output of run.ts. Same as dist/run.js — bootstraps the local orchestrator demo workflow when invoked directly by the operator."
|
|
384
420
|
}
|
|
385
421
|
],
|
|
386
422
|
"filesystemAccess": [
|