network-ai - npm Package Compare versions

Comparing version 4.0.13 to 4.0.14

dist/index.d.ts

@@ -10,3 +10,3 @@ /**
  * @module SwarmOrchestrator
- * @version 4.0.13
+ * @version 4.0.14
  * @license MIT
@@ -13,0 +13,0 @@ */

package.json

 {
   "name": "network-ai",
-  "version": "4.0.13",
+  "version": "4.0.14",
   "description": "AI agent orchestration framework for TypeScript/Node.js - plug-and-play multi-agent coordination with 12 frameworks (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw). Built-in security, swarm intelligence, and agentic workflow patterns.",
@@ -5,0 +5,0 @@ "homepage": "https://github.com/jovanSAPFIONEER/Network-AI#readme",

README.md

@@ -7,3 +7,3 @@ # Network-AI
 [![CodeQL](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/codeql.yml)
-[![Release](https://img.shields.io/badge/release-v4.0.13-blue.svg)](https://github.com/jovanSAPFIONEER/Network-AI/releases)
+[![Release](https://img.shields.io/badge/release-v4.0.14-blue.svg)](https://github.com/jovanSAPFIONEER/Network-AI/releases)
 [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
@@ -10,0 +10,0 @@ [![Tests](https://img.shields.io/badge/tests-1184%20passing-brightgreen.svg)](#testing)

SKILL.md

@@ -16,9 +16,9 @@ ---
         required: false
-        description: "HMAC secret for AuthGuardian tokens. Auto-generated per process if not set (ephemeral)."
+        description: "Node.js MCP server only — not used by these Python scripts. The Python permission layer uses UUID-based tokens stored in data/active_grants.json."
       SWARM_ENCRYPTION_KEY:
         required: false
-        description: "AES-256 key for blackboard encryption. Auto-generated per process if not set."
+        description: "Node.js MCP server only — not used by these Python scripts. The Python blackboard does not encrypt data at rest."
       OPENAI_API_KEY:
         required: false
-        description: "Only used by optional demo examples (07-full-showcase.ts) and the setup wizard. Not required for the core orchestrator or MCP server."
+        description: "Not used by these Python scripts. Only used by the optional Node.js demo examples when running the companion npm package."
     privacy:
@@ -33,3 +33,3 @@ audit_log:
 
-> **Scope of this skill bundle:** All instructions below run local Python scripts (`scripts/*.py`). No network calls are made by this skill. The Node.js MCP server (`network-ai-server`) is a **separate optional component** — install it with `npm install -g network-ai` only if you want MCP/IDE integration. It does **not** run automatically and is not part of this skill bundle.
+> **Scope of this skill bundle:** All instructions below run local Python scripts (`scripts/*.py`). No network calls are made by this skill. Tokens are UUID-based (`grant_{uuid4().hex}`) stored in `data/active_grants.json`. Audit logging is plain JSONL (`data/audit_log.jsonl`) — no HMAC signing in the Python layer. HMAC-signed tokens, AES-256 encryption, and the standalone MCP server are all features of the **companion Node.js package** (`npm install -g network-ai`) — they are **not** implemented in these Python scripts and do **not** run automatically.
 
@@ -36,0 +36,0 @@ Multi-agent coordination system for complex workflows requiring task delegation, parallel execution, and permission-controlled access to sensitive APIs.

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1247322

0.02%

No dependency changes