network-ai 5.4.3 → 5.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/INTEGRATION_GUIDE.md +1 -1
  2. package/README.md +1 -1
  3. package/SKILL.md +2 -1
  4. package/package.json +1 -1
  5. package/scripts/swarm_guard.py +2 -1
package/INTEGRATION_GUIDE.md CHANGED
@@ -564,4 +564,4 @@ Run these before declaring the integration production-ready:
564
564
 
565
565
  ---
566
566
 
567
- *Network-AI v5.4.3 · MIT License · https://github.com/Jovancoding/Network-AI*
567
+ *Network-AI v5.4.4 · MIT License · https://github.com/Jovancoding/Network-AI*
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Website](https://img.shields.io/badge/website-network--ai.org-4b9df2?style=flat&logo=web&logoColor=white)](https://network-ai.org/)
6
6
  [![CI](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
7
7
  [![CodeQL](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
8
- [![Release](https://img.shields.io/badge/release-v5.4.3-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
8
+ [![Release](https://img.shields.io/badge/release-v5.4.4-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
9
9
  [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
10
10
  [![Tests](https://img.shields.io/badge/tests-2976%20passing-brightgreen.svg)](#testing)
11
11
  [![Adapters](https://img.shields.io/badge/frameworks-29%20supported-blueviolet.svg)](#adapter-system)
package/SKILL.md CHANGED
@@ -712,7 +712,8 @@ This skill is scanned on every publish. The following Notes are flagged by desig
712
712
  | **ASI01** Agent Goal Hijack | High | Orchestrator skill forces 3-sub-task decomposition by design | Use this skill only when multi-agent orchestration is desired; disable for simple one-shot tasks |
713
713
  | **ASI03** Identity and Privilege Abuse | High | Grant tokens are advisory only — caller identity is not cryptographically verified | Tokens are explicitly marked advisory in SKILL.md and source; require separate platform auth and human approval before any real database, payment, email, or export action |
714
714
  | **ASI06** Memory and Context Poisoning | High | Persistent `data/project-context.json` is injected into agent sessions by design | `_validate_context()` runs injection-pattern detection before every inject; do not store secrets/credentials; review `data/project-context.json` before use; clear `data/` between projects |
715
- | **ASI07** Insecure Inter-Agent Communication | Medium | Skill delegates work but inter-agent messaging is handled by the host platform | SKILL.md explicitly documents that `sessions_send` and all inter-agent messaging are the host platform's responsibility; configure host platform network settings before use with sensitive tasks |
715
+ | **ASI07** Insecure Inter-Agent Communication | High | Blackboard is local file-based; origin/identity depends on local file access, not authenticated messaging | Run in a trusted workspace; restrict file permissions on `data/`; review blackboard changes before relying on them for important decisions |
716
+ | **ASI08** Cascading Failures | ~~High~~ Resolved | `os` was referenced before import in `swarm_guard.py` — fixed in v5.4.4; `import os` now present | Fixed — `swarm_guard.py` now imports `os` at module level; budget/health guard starts correctly |
716
717
 
717
718
  ## References
718
719
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "network-ai",
3
- "version": "5.4.3",
3
+ "version": "5.4.4",
4
4
  "description": "AI agent orchestration framework for TypeScript/Node.js - 29 adapters (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Computer Use, OpenAI Agents SDK, Vertex AI, Pydantic AI, Browser Agent, Hermes, Orchestrator, RLM + streaming variants). Built-in CLI, security, swarm intelligence, real-time streaming, and agentic workflow patterns.",
5
5
  "homepage": "https://network-ai.org",
6
6
  "main": "dist/index.js",
package/scripts/swarm_guard.py CHANGED
@@ -3,7 +3,7 @@
3
3
  # All I/O is local file operations only:
4
4
  # READS: data/swarm_budgets.json, data/heartbeats.json, data/audit_log.jsonl
5
5
  # WRITES: data/swarm_budgets.json, data/heartbeats.json, data/audit_log.jsonl
6
- # Imports used: argparse, json, sys, datetime, pathlib, typing
6
+ # Imports used: argparse, json, os, sys, datetime, pathlib, typing
7
7
  # No imports of: requests, socket, subprocess, urllib, http, ssl, ftplib, smtplib
8
8
  """
9
9
  Swarm Guard - Prevents Handoff Tax, Silent Failures, and Budget Overruns
@@ -32,6 +32,7 @@ Examples:
32
32
 
33
33
  import argparse
34
34
  import json
35
+ import os
35
36
  import sys
36
37
  from datetime import datetime, timezone
37
38
  from pathlib import Path