fix: resolve CodeQL alerts #105-#108 — ReDoS, TOCTOU, shell injection

- goal-decomposer.ts: replace ambiguous regex with indexOf-based fence stripping (CodeQL #105)
- postinstall.js: replace existsSync+read+write with fd-based ops (CodeQL #106)
- security.ts: fix nested-quantifier ReDoS in InputSanitizer XSS pattern
- nemoclaw-adapter.ts: add tokenizeCommand() to replace command.split(' ')

Bump to v4.15.1. All 2,357 tests pass across 25 suites.

Author: jovanSAPFIONEER

.github/copilot-instructions.md

@@ -2,7 +2,7 @@
 
 ## Project Overview
 
-Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination (v4.15.0). 2,357 tests across 25 suites.
+Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination (v4.15.1). 2,357 tests across 25 suites.
 
 ## Architecture
 

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to Network-AI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.15.1] - 2026-04-04
+
+### Fixed
+- **CodeQL #105 — ReDoS in `parsePlanJSON()`** (`lib/goal-decomposer.ts`): Replaced ambiguous regex `/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/` with indexOf-based code-fence stripping to eliminate polynomial backtracking.
+- **CodeQL #106 — TOCTOU race in postinstall** (`scripts/postinstall.js`): Replaced `existsSync` → `readFileSync` → `writeFileSync` pattern with `openSync('r+')` + `readFileSync(fd)` + `ftruncateSync` + `writeSync` to eliminate time-of-check-to-time-of-use race condition.
+- **ReDoS in InputSanitizer** (`security.ts`): Replaced `<script[\s\S]*?>[\s\S]*?<\/script>` pattern (nested quantifiers) with `<script\b[^>]*>[\s\S]*?<\/script>` (unambiguous open-tag match).
+- **Shell injection risk in NemoClawAdapter** (`adapters/nemoclaw-adapter.ts`): Replaced `command.split(' ')` with `tokenizeCommand()` helper that respects single/double-quoted arguments, preventing argument injection via embedded spaces.
+
 ## [4.15.0] - 2026-04-04
 
 ### Added

CLAUDE.md

@@ -4,7 +4,7 @@ This file is read automatically by Claude Code when working in this repository.
 
 ## Project Overview
 
-Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination. Version 4.15.0.
+Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination. Version 4.15.1.
 
 ## Build & Test Commands
 

CODEX.md

@@ -4,7 +4,7 @@ This file is read automatically by OpenAI Codex CLI when working in this reposit
 
 ## Project Overview
 
-Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination. Version 4.15.0.
+Network-AI is a TypeScript/Node.js multi-agent orchestrator — shared state, guardrails, budgets, and cross-framework coordination. Version 4.15.1.
 
 ## Build & Test Commands
 

INTEGRATION_GUIDE.md

@@ -477,4 +477,4 @@ Run these before declaring the integration production-ready:
 
 ---
 
-*Network-AI v4.15.0 · MIT License · https://github.com/Jovancoding/Network-AI*
+*Network-AI v4.15.1 · MIT License · https://github.com/Jovancoding/Network-AI*

README.md

@@ -5,7 +5,7 @@
 [![Website](https://img.shields.io/badge/website-network--ai.org-4b9df2?style=flat&logo=web&logoColor=white)](https://network-ai.org/)
 [![CI](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
 [![CodeQL](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
-[![Release](https://img.shields.io/badge/release-v4.15.0-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
+[![Release](https://img.shields.io/badge/release-v4.15.1-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
 [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
 [![Tests](https://img.shields.io/badge/tests-2357%20passing-brightgreen.svg)](#testing)
 [![Adapters](https://img.shields.io/badge/frameworks-17%20supported-blueviolet.svg)](#adapter-system)

adapters/nemoclaw-adapter.ts

@@ -203,6 +203,30 @@ function buildSandboxCommand(payload: AgentPayload, config: NemoClawAgentConfig)
   return parts.join(' ') || 'echo "No command specified"';
 }
 
+/**
+ * Tokenize a command string into an argument array, respecting single
+ * and double quotes. Prevents command-injection when forwarding to exec.
+ */
+function tokenizeCommand(command: string): string[] {
+  const tokens: string[] = [];
+  let current = '';
+  let quote: string | null = null;
+  for (const ch of command) {
+    if (quote) {
+      if (ch === quote) { quote = null; continue; }
+      current += ch;
+    } else if (ch === '"' || ch === "'") {
+      quote = ch;
+    } else if (ch === ' ' || ch === '\t') {
+      if (current) { tokens.push(current); current = ''; }
+    } else {
+      current += ch;
+    }
+  }
+  if (current) tokens.push(current);
+  return tokens;
+}
+
 /**
  * Parse JSON sandbox status output, handling malformed input safely.
  */
@@ -378,7 +402,7 @@ export class NemoClawAdapter extends BaseAdapter {
     env?: Record<string, string>
   ): Promise<string> {
     const exec = this.getExecutor();
-    return exec('sandbox', ['connect', sandboxName, '--', ...command.split(' ')], { env });
+    return exec('sandbox', ['connect', sandboxName, '--', ...tokenizeCommand(command)], { env });
   }
 
   // -------------------------------------------------------------------------
@@ -552,7 +576,7 @@ export class NemoClawAdapter extends BaseAdapter {
 
       const output = await exec(
         'sandbox',
-        ['connect', config.sandboxName, '--', ...command.split(' ')],
+        ['connect', config.sandboxName, '--', ...tokenizeCommand(command)],
         { env }
       );
 

lib/goal-decomposer.ts

@@ -358,11 +358,15 @@ export function createLLMPlanner(
  * Parse JSON from an LLM response string, handling markdown fences and preamble.
  */
 export function parsePlanJSON(text: string): PlannedTask[] {
-  // Strip markdown code fences
+  // Strip markdown code fences (indexOf-based to avoid ReDoS — CodeQL #105)
   let cleaned = text.trim();
-  const fenceMatch = cleaned.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
-  if (fenceMatch) {
-    cleaned = fenceMatch[1].trim();
+  const fenceOpen = cleaned.indexOf('```');
+  if (fenceOpen !== -1) {
+    const afterOpen = cleaned.indexOf('\n', fenceOpen);
+    const fenceClose = cleaned.indexOf('```', afterOpen !== -1 ? afterOpen : fenceOpen + 3);
+    if (afterOpen !== -1 && fenceClose > afterOpen) {
+      cleaned = cleaned.substring(afterOpen + 1, fenceClose).trim();
+    }
   }
 
   // Find the JSON array in the text

openapi.yaml

@@ -6,7 +6,7 @@ info:
     blackboard coordination, parallel agent spawning, and permission gating
     via AuthGuardian. Requires the companion MCP server:
     `npm install -g network-ai && npx network-ai-server --port 3001`
-  version: 4.15.0
+  version: 4.15.1
   license:
     name: MIT
     url: https://github.com/Jovancoding/Network-AI/blob/main/LICENSE