network-ai 5.12.3 → 5.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -564,4 +564,4 @@ Run these before declaring the integration production-ready:
564
564
 
565
565
  ---
566
566
 
567
- *Network-AI v5.12.3 · MIT License · https://github.com/Jovancoding/Network-AI*
567
+ *Network-AI v5.12.4 · MIT License · https://github.com/Jovancoding/Network-AI*
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Website](https://img.shields.io/badge/website-network--ai.org-4b9df2?style=flat&logo=web&logoColor=white)](https://network-ai.org/)
6
6
  [![CI](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
7
7
  [![CodeQL](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
8
- [![Release](https://img.shields.io/badge/release-v5.12.3-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
8
+ [![Release](https://img.shields.io/badge/release-v5.12.4-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
9
9
  [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
10
10
  [![Tests](https://img.shields.io/badge/tests-3269%20passing-brightgreen.svg)](#testing)
11
11
  [![Adapters](https://img.shields.io/badge/frameworks-29%20supported-blueviolet.svg)](#adapter-system)
package/SKILL.md CHANGED
@@ -278,10 +278,20 @@ python {baseDir}/scripts/context_manager.py update \
278
278
 
279
279
  ## When to Use This Skill
280
280
 
281
- - **Task Delegation**: Route work to specialized agents (data_analyst, strategy_advisor, risk_assessor)
282
- - **Parallel Execution**: Run multiple agents simultaneously and synthesize results
283
- - **Permission Wall**: Gate access to DATABASE, PAYMENTS, EMAIL, or FILE_EXPORT operations (abstract local resource types — no external credentials required)
284
- - **Shared Blackboard**: Coordinate agent state via persistent markdown file
281
+ Use this skill when the task requires **local, file-based** multi-agent coordination within a single trusted workspace. All 6 bundled Python scripts run locally with zero network calls, zero subprocesses, and zero third-party packages.
282
+
283
+ ### Use for
284
+ - **Task Delegation** decompose complex work into sub-tasks routed to named in-session agents (`data_analyst`, `strategy_advisor`, `risk_assessor`)
285
+ - **Parallel Execution** — run multiple local agents simultaneously and synthesize results via the shared blackboard
286
+ - **Permission Wall** — score and gate access to abstract resource labels (`DATABASE`, `PAYMENTS`, `EMAIL`, `FILE_EXPORT`) before performing sensitive local operations
287
+ - **Shared Blackboard** — coordinate ephemeral task state across in-session agents via a persistent markdown file
288
+
289
+ ### Do NOT use for
290
+ - External API or network service calls — the bundled Python scripts make **zero outbound network calls**
291
+ - Production identity or authorization — grant tokens are **advisory scoring outputs only**, not authenticated credentials; do not use as real access control
292
+ - Shell command execution or agent spawning — those capabilities require the TypeScript library (`npm install network-ai`) with operator-level `AgentRuntime` + `SandboxPolicy` configuration; they are **never activated by this skill**
293
+ - Starting an MCP or HTTP server — the optional MCP server (`bin/mcp-server.ts`) is an npm-package feature that must be explicitly started by the operator; it is **not part of this skill bundle**
294
+ - Any task solvable with a single direct tool call — this skill adds coordination overhead and is only appropriate when multiple agents must share state
285
295
 
286
296
  ## Quick Start
287
297
 
@@ -755,7 +765,7 @@ The following findings are drawn from the **MAESTRO Agent Security Threat** fram
755
765
 
756
766
  | Control | How Network-AI addresses it |
757
767
  |---|---|
758
- | **Exact version pinning** | npm `package.json` uses exact `"version": "5.12.3"` — no semver range specifiers; `clawhub install network-ai` pins to a specific published version |
768
+ | **Exact version pinning** | npm `package.json` uses exact `"version": "5.12.4"` — no semver range specifiers; `clawhub install network-ai` pins to a specific published version |
759
769
  | **Zero transitive dependency drift** | All bundled Python scripts use Python stdlib only — `pip install` is never required; there are no third-party packages to drift, be compromised upstream, or introduce CVEs |
760
770
  | **Signed, tagged releases** | Every release is committed with a signed Git tag (`v5.7.x`); commit hash is verifiable against CHANGELOG.md; GitHub releases link tag → diff → changelog entry |
761
771
  | **Supply chain monitoring** | npm package continuously scored by Socket.dev (score A); any new dependency or permission change triggers an alert |
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "network-ai",
3
- "version": "5.12.3",
3
+ "version": "5.12.4",
4
4
  "description": "AI agent orchestration framework for TypeScript/Node.js - 29 adapters (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Computer Use, OpenAI Agents SDK, Vertex AI, Pydantic AI, Browser Agent, Hermes, Orchestrator, RLM + streaming variants). Built-in CLI, security, swarm intelligence, real-time streaming, and agentic workflow patterns.",
5
5
  "homepage": "https://network-ai.org",
6
6
  "main": "dist/index.js",
package/socket.json CHANGED
@@ -257,6 +257,26 @@
257
257
  {
258
258
  "path": "dist/esm/lib/work-tree-dashboard.js",
259
259
  "reason": "Intentional — ESM build output of WorkTreeDashboard; flagged via transitive imports. It makes no direct outbound HTTP calls."
260
+ },
261
+ {
262
+ "path": "dist/adapters/a2a-adapter.d.ts",
263
+ "reason": "False positive — TypeScript declaration file; contains no executable code and makes no network calls. Flagged because the corresponding .js implementation uses fetch."
264
+ },
265
+ {
266
+ "path": "dist/lib/approval-inbox.d.ts",
267
+ "reason": "False positive — TypeScript declaration file; contains no executable code and makes no network calls. Flagged via import-graph association with the .js implementation."
268
+ },
269
+ {
270
+ "path": "dist/esm/adapters/aps-adapter.js",
271
+ "reason": "Intentional — ESM build output of APSAdapter. It talks only to a caller-configured verifier endpoint when that verification mode is enabled."
272
+ },
273
+ {
274
+ "path": "dist/esm/adapters/hermes-adapter.js",
275
+ "reason": "Intentional — ESM build output of HermesAdapter. Uses fetch for its built-in OpenAI-compatible completion transport; calls only the URL supplied by the caller."
276
+ },
277
+ {
278
+ "path": "dist/esm/adapters/rlm-adapter.js",
279
+ "reason": "Intentional — ESM build output of RLMAdapter. Uses fetch for outbound HTTP calls to caller-supplied RLM endpoints."
260
280
  }
261
281
  ],
262
282
  "urlStrings": [
@@ -381,6 +401,22 @@
381
401
  {
382
402
  "path": "dist/esm/lib/mcp-tool-consumer.js",
383
403
  "reason": "Intentional — ESM build output of McpToolConsumer. Imports child_process to launch caller-configured MCP server subprocesses for stdio transport."
404
+ },
405
+ {
406
+ "path": "dist/examples/05-code-review-swarm.js",
407
+ "reason": "Intentional — compiled output of the code-review example script. Uses child_process (execSync) to run TypeScript type-checking as part of the example workflow. Not part of the core library and never activated by importing the package."
408
+ },
409
+ {
410
+ "path": "dist/esm/examples/05-code-review-swarm.js",
411
+ "reason": "Intentional — ESM build output of the code-review example script. Same as the CJS variant — uses child_process for tsc type-checking in a developer example. Not activated by importing the package."
412
+ },
413
+ {
414
+ "path": "dist/run.js",
415
+ "reason": "Intentional — compiled output of run.ts, the local orchestrator bootstrap script. May spawn sub-processes as part of its demo workflow. Invoked directly by the operator, never imported as a library."
416
+ },
417
+ {
418
+ "path": "dist/esm/run.js",
419
+ "reason": "Intentional — ESM build output of run.ts. Same as dist/run.js — bootstraps the local orchestrator demo workflow when invoked directly by the operator."
384
420
  }
385
421
  ],
386
422
  "filesystemAccess": [