network-ai 5.8.4 → 5.8.5

package/INTEGRATION_GUIDE.md

@@ -564,4 +564,4 @@ Run these before declaring the integration production-ready:
 
 ---
 
-*Network-AI v5.8.4 · MIT License · https://github.com/Jovancoding/Network-AI*
+*Network-AI v5.8.5 · MIT License · https://github.com/Jovancoding/Network-AI*

package/README.md

@@ -5,7 +5,7 @@
 [![Website](https://img.shields.io/badge/website-network--ai.org-4b9df2?style=flat&logo=web&logoColor=white)](https://network-ai.org/)
 [![CI](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
 [![CodeQL](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
-[![Release](https://img.shields.io/badge/release-v5.8.4-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
+[![Release](https://img.shields.io/badge/release-v5.8.5-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
 [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
 [![Tests](https://img.shields.io/badge/tests-3136%20passing-brightgreen.svg)](#testing)
 [![Adapters](https://img.shields.io/badge/frameworks-29%20supported-blueviolet.svg)](#adapter-system)

package/SKILL.md

@@ -30,7 +30,7 @@ metadata:
         path: data/audit_log.jsonl
         scope: local-only
         description: "Local append-only JSONL file recording operation metadata. No data leaves the machine."
-        pii_warning: "Do not include PII, secrets, or credentials in justification fields. Log entries persist on disk. Grant tokens are masked to a short prefix in all listing outputs; full tokens appear only at issuance time."
+        pii_warning: "Justification strings are truncated to 200 characters before being written to the audit log. Audit summary output (--audit-summary --json) omits justification text from returned entries. Do not include PII, credentials, or secrets in justification fields — the truncated text still persists on disk. Grant tokens are masked to a short prefix in all listing outputs; full tokens appear only at issuance time."
       data_directory:
         path: data/
         scope: local-only
@@ -754,7 +754,7 @@ The following findings are drawn from the **MAESTRO Agent Security Threat** fram
 
 | Control | How Network-AI addresses it |
 |---|---|
-| **Exact version pinning** | npm `package.json` uses exact `"version": "5.8.4"` — no semver range specifiers; `clawhub install network-ai` pins to a specific published version |
+| **Exact version pinning** | npm `package.json` uses exact `"version": "5.8.5"` — no semver range specifiers; `clawhub install network-ai` pins to a specific published version |
 | **Zero transitive dependency drift** | All bundled Python scripts use Python stdlib only — `pip install` is never required; there are no third-party packages to drift, be compromised upstream, or introduce CVEs |
 | **Signed, tagged releases** | Every release is committed with a signed Git tag (`v5.7.x`); commit hash is verifiable against CHANGELOG.md; GitHub releases link tag → diff → changelog entry |
 | **Supply chain monitoring** | npm package continuously scored by Socket.dev (score A); any new dependency or permission change triggers an alert |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "network-ai",
-  "version": "5.8.4",
+  "version": "5.8.5",
   "description": "AI agent orchestration framework for TypeScript/Node.js - 29 adapters (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Computer Use, OpenAI Agents SDK, Vertex AI, Pydantic AI, Browser Agent, Hermes, Orchestrator, RLM + streaming variants). Built-in CLI, security, swarm intelligence, real-time streaming, and agentic workflow patterns.",
   "homepage": "https://network-ai.org",
   "main": "dist/index.js",

package/scripts/check_permission.py

@@ -8,11 +8,13 @@
 # Imports used: argparse, json, re, sys, uuid, hmac, hashlib, datetime, pathlib, typing
 # No imports of: requests, socket, subprocess, urllib, http, ssl, ftplib, smtplib
 #
-# SECURITY: Justification strings supplied via --justification are logged verbatim
-# to data/audit_log.jsonl. Do NOT include PII, credentials, secret names, API keys,
-# or other sensitive business data in justification fields. Treat justifications as
-# permanently visible log entries. Grant tokens are only shown at issuance time;
-# listing commands (--active-grants) always mask tokens to a short prefix.
+# SECURITY: Justification strings supplied via --justification are truncated to
+# _JUSTIFICATION_MAX_LOG_LEN characters before being written to audit_log.jsonl.
+# Do NOT include PII, credentials, secret names, API keys, or sensitive business
+# data in justification fields. Audit summary output (--audit-summary --json)
+# omits justification text entirely from returned entries. Grant tokens are only
+# shown at issuance time; listing commands (--active-grants) always mask tokens
+# to a short prefix.
 """
 AuthGuardian Permission Checker
 
@@ -88,6 +90,11 @@ DEFAULT_TRUST_LEVELS = {
 # receives a reduced trust score (0.3) and triggers an advisory warning.
 KNOWN_AGENTS: set[str] = set(DEFAULT_TRUST_LEVELS.keys())
 
+# Maximum characters of a justification string stored in the audit log.
+# Content beyond this limit is dropped before writing to prevent unbounded
+# sensitive-data retention (SkillSpector Ssd3).
+_JUSTIFICATION_MAX_LOG_LEN: int = 200
+
 # Resource types that require --confirm-high-risk before a grant is issued
 HIGH_RISK_RESOURCES: set[str] = {"PAYMENTS", "DATABASE"}
 
@@ -369,11 +376,17 @@ def evaluate_permission(
     # Warn if agent_id is not in the pre-registered known-agents list
     unknown_agent = agent_id not in KNOWN_AGENTS
 
-    # Log the request
+    # Log the request — justification is truncated before writing to limit
+    # sensitive-data retention in audit_log.jsonl.
+    _justification_log = (
+        justification[:_JUSTIFICATION_MAX_LOG_LEN] + " [truncated]"
+        if len(justification) > _JUSTIFICATION_MAX_LOG_LEN
+        else justification
+    )
     log_audit("permission_request", {
         "agent_id": agent_id,
         "resource_type": resource_type,
-        "justification": justification,
+        "justification": _justification_log,
         "scope": scope,
         "unknown_agent": unknown_agent,
     })
@@ -675,6 +688,13 @@ def audit_summary(last_n: int = 20, as_json: bool = False) -> int:
     last_ts = entries[-1].get("timestamp", "unknown")
 
     if as_json:
+        # Omit justification text from summary output to avoid re-exposing
+        # sensitive content that was logged earlier (SkillSpector Ssd3).
+        def _redact_entry(e: dict[str, Any]) -> dict[str, Any]:
+            if "details" not in e or "justification" not in e["details"]:
+                return e
+            return {**e, "details": {k: v for k, v in e["details"].items() if k != "justification"}}
+
         output: dict[str, Any] = {
             "total_entries": len(entries),
             "total_requests": total_requests,
@@ -683,7 +703,7 @@ def audit_summary(last_n: int = 20, as_json: bool = False) -> int:
             "time_range": {"first": first_ts, "last": last_ts},
             "by_agent": by_agent,
             "by_resource": by_resource,
-            "recent": recent[-last_n:],
+            "recent": [_redact_entry(e) for e in recent[-last_n:]],
         }
         print(json.dumps(output, indent=2))
     else: