v3.1.2 — Security: Path Traversal Fix + ClawHub Live

Security Fix

• Path traversal protection in scripts/blackboard.py — change_id is now validated with regex whitelist (^[a-zA-Z0-9_\-\.]+$) and resolved path boundary checks
• Blocks both Unix (../../etc/passwd) and Windows (..\windows\system32) traversal attacks
• Applied to propose_change, validate_change, commit_change, abort_change, and archive paths
• Found by VirusTotal during ClawHub security scan

Distribution

• npm: npm install network-ai@3.1.2
• ClawHub: clawhub install network-ai — live on clawhub.ai
• Security scan: Benign (VirusTotal 0/64)

Docs

• README updated: version badge, ClawHub install instructions (now live), blackboard path safety documentation, ClawHub keywords

Tests

• 251 tests passing (139 adapter + 79 standalone + 33 security)
• Zero regressions

Full Changelog: v3.1.0...v3.1.2

v3.1.0 — Phase 2: Trust

Phase 2 — Trust

This release hardens Network-AI with five production-grade improvements focused on reliability, observability, and developer experience.

What's New

Structured Logging — Replace all raw console.* calls with a leveled, transport-pluggable logger (lib/logger.ts). Supports DEBUG, INFO, WARN, ERROR, and SILENT levels with module-scoped instances.

Typed Error Hierarchy — 10 purpose-built error classes (lib/errors.ts) extending a common NetworkAIError base, enabling precise catch blocks:
ValidationError, LockAcquisitionError, ConflictError, TimeoutError, IdentityVerificationError, NamespaceViolationError, AdapterAlreadyRegisteredError, AdapterNotFoundError, AdapterNotInitializedError, ParallelLimitError

API Input Validation — All 20 public entry points now validate arguments at the boundary and throw ValidationError with clear messages before any side effects.

JSDoc on All Exports — Every exported class, interface, type, and method now carries full JSDoc with @param, @returns, @throws, and @example blocks.

Unified Lock + Audit Metadata — LockedBlackboard optionally accepts a SecureAuditLogger, automatically recording lock holder, duration, version, and outcome on every write and delete.

Stats

• 13 files changed — +1,095 / −182 lines
• 251 tests passing (79 core + 33 security + 139 adapter)
• Zero compile errors

Install

npm install network-ai@3.1.0

v3.0.3 -- Security Fix (Snyk)

Security Fix

Resolved 3 High + 1 Medium findings from Snyk security scan (CWE-547, CWE-798).

Fixed

• Hardcoded cryptographic salt in DataEncryptor -- now generates a random 16-byte salt per instance via crypto.randomBytes() (was 'swarm-salt')
• Agent token enforcement -- all internal blackboard.write() calls now pass the orchestrator's verification token
• Test registration -- core test suite registers agents with proper tokens and namespace access

Not Real Vulnerabilities (marked as ignore)

• Test file fake secrets (test-secret-key-for-testing-only, sk-1234567890, password: 'secret123') -- intentional test data, not real credentials

Stats

• 251 tests passing (79 + 33 + 139)
• 0 compile errors

npm install network-ai@3.0.3

v3.0.2 — Security Fix: Hardcoded Salt

Security Fix

Resolved 3 High + 1 Medium findings from Snyk security scan (CWE-547, CWE-798).

Fixed

• Hardcoded cryptographic salt in DataEncryptor — now generates a random 16-byte salt per instance via crypto.randomBytes() (was 'swarm-salt')
• Agent token enforcement — all internal blackboard.write() calls now pass the orchestrator's verification token
• Test registration — core test suite registers agents with proper tokens and namespace access

Not Real Vulnerabilities (marked as ignore)

• Test file fake secrets (test-secret-key-for-testing-only, sk-1234567890, password: 'secret123') — intentional test data, not real credentials

Stats

• 251 tests passing (79 + 33 + 139)
• 0 compile errors
• npm: network-ai@3.0.2

v3.0.1 — Multi-Agent Orchestration Framework

What's New

Network-AI is a framework-agnostic orchestration layer for multi-agent AI systems. It provides a shared blackboard with concurrency control, trust-based security, and adapters for 12 agent frameworks — so your agents coordinate safely without stepping on each other.

12 Framework Adapters

Connect agents from any framework through a unified interface:

• LangChain, CrewAI, AutoGen, OpenClaw
• MCP (Model Context Protocol), Custom agents
• LlamaIndex, Semantic Kernel, Haystack
• DSPy, Camel, MetaGPT

Security & Trust

• AuthGuardian — token-based authentication with role-based access control
• Trust levels — 5-tier trust system (untrusted through admin) with granular permissions
• Lock-based concurrency — pessimistic locking with 10s timeout, stale detection, conflict resolution

Quality Gate

• 251 tests across 3 suites (core, adapters, security)
• Zero compile errors, strict TypeScript
• Performance benchmarked: <1ms lock acquisition, <0.5ms blackboard reads

Blackboard Architecture

• Shared state with JSON-patch conflict detection
• Section-level locking (agents only block what they touch)
• Version tracking and rollback support
• 5-minute token TTL with automatic expiry

Getting Started

npm install network-ai

import { LockedBlackboard } from 'network-ai';

const board = new LockedBlackboard();
const lock = board.acquireLock('agent-1', 'planning');
board.write('planning', { goal: 'coordinate' }, lock);
board.releaseLock(lock);

V3.0.0

Network-AI v3.0.0

The plug-and-play multi-agent orchestrator for TypeScript/Node.js

Highlights

• 12 Agent Framework Adapters -- OpenClaw, LangChain, AutoGen, CrewAI, MCP, LlamaIndex, Semantic Kernel, OpenAI Assistants, Haystack, DSPy, Agno, and Custom. All zero-dependency (BYOC).
• 251 Tests Passing -- 79 core + 33 security + 139 adapter tests, zero failures
• Content Quality Gate -- Two-layer system (BlackboardValidator + QualityGateAgent) with hallucination detection, dangerous code blocking, and placeholder rejection
• Security Audit Complete -- 13-point audit with all P0/P1/P2 fixes applied
• Hello World in 60 Seconds -- New getting-started example in README

What's New in v3.0

Adapter System

• AdapterRegistry with pattern-based routing (adapterName:agentId)
• 6 new adapters: LlamaIndex, Semantic Kernel, OpenAI Assistants, Haystack, DSPy, Agno
• BaseAdapter abstract class for writing custom adapters in minutes

Quality Gate

• BlackboardValidator: rule-based validation at ~159K-1M ops/sec
• QualityGateAgent: AI-assisted review with quarantine system
• Detects hallucinations, vague claims, dangerous code patterns, and placeholder content

Security Fixes

• Audit chain hash continuity fix
• Shallow-copy vulnerability in custom rules
• Entry type detection accuracy improvements
• Dangerous pattern severity corrections
• Placeholder detection hardening

Developer Experience

• setup.ts -- Installation checker and adapter listing
• QUICKSTART.md -- 5-minute getting-started guide
• createSwarmOrchestrator() factory for zero-config startup

Requirements

• Node.js >= 18.0.0
• TypeScript 5.x
• Python 3.9+ (optional, for helper scripts)

Quick Start

git clone https://github.com/jovanSAPFIONEER/Network-AI
cd Network-AI
npm install
npm run test:all  # 251 tests

V2.0.0

---

🐝 Swarm Orchestrator v2.0.0

Enterprise-Grade Multi-Agent Coordination for OpenClaw

This major release introduces atomic commits, cost awareness, and the MCP networking roadmap — transforming Network-AI into a production-ready sovereign swarm orchestrator.

---

🚀 What's New

🔒 Atomic Commitment Layer

• TypeScript LockedBlackboard with file-system mutexes
• Prevents split-brain scenarios in concurrent multi-agent writes
• propose → validate → commit workflow for safe state changes
• Cross-platform support (Unix fcntl / Windows lock files)

💰 Cost Awareness & Token Budgeting

• Initialize per-task budgets: budget-init --budget 10000
• Automatic SafetyShutdown at 100% budget (prevents runaway costs)
• Warning threshold at 75% utilization
• Detailed spending reports by agent and operation

🎯 Budget-Aware Handoffs

• New intercept-handoff command wraps every sessions_send
• Automatically deducts handoff tax from budget
• Blocks handoffs when budget exhausted or handoff limit reached
• Enforces max 3 handoffs per task to prevent coordination overhead

📋 Enhanced Orchestrator Protocol

• 3-agent decomposition pattern (DATA → VERIFY → RECOMMEND)
• Pre-commit verification workflow
• Supervisor review before final output

🗺️ MCP Networking Roadmap

• Implementation plan for Model Context Protocol
• AuthGuardian as MCP Server (SSE/WebSocket transport)
• Cross-machine agent discovery
• Federated budget tracking

---

📦 New Files

File Description [locked-blackboard.ts](vscode-file://vscode-app/c:/Users/JovanMarinovic/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/code/electron-browser/workbench/workbench.html) TypeScript atomic commits with file locks references/mcp-roadmap.md MCP implementation plan (5 phases) # Budget Management python scripts/swarm_guard.py budget-init --task-id "task_001" --budget 10000 python scripts/swarm_guard.py budget-check --task-id "task_001" python scripts/swarm_guard.py budget-spend --task-id "task_001" --tokens 500 --reason "API call" python scripts/swarm_guard.py budget-report --task-id "task_001"

Budget-Aware Handoffs (use BEFORE sessions_send)

python scripts/swarm_guard.py intercept-handoff
--task-id "task_001"
--from orchestrator
--to data_analyst
--message "Analyze Q4 data"

Atomic Blackboard Commits

python scripts/blackboard.py propose "chg_001" "key" '{"value": 1}'
python scripts/blackboard.py validate "chg_001"
python scripts/blackboard.py commit "chg_001"
python scripts/blackboard.py abort "chg_001"
python scripts/blackboard.py list-pending

---

## ⬆️ Upgrade Notes

- **No breaking changes** — all v1.x commands still work
- New `data/budget_tracking.json` created automatically on first budget-init
- TypeScript module requires Node.js 18+ (optional)

---

## 📋 Requirements

- Python 3.9+
- OpenClaw 2026.2.x
- Node.js 18+ (optional, for TypeScript utilities)

---

## 🙏 Contributors

Built for the OpenClaw community. PRs welcome!

---

**Full Changelog**: [v1.0.0...v2.0.0](https://github.com/jovanSAPFIONEER/Network-AI/compare/v1.0.0...v2.0.0)

---

V1.0.0

🐝 Swarm Orchestrator Skill v1.0.0
The first production-ready release of a multi-agent coordination skill for OpenClaw.

✨ Features
🔐 Token-Based Permission System
Issue scoped tokens to agents (read, write, execute, admin)
Validate permissions before sensitive operations
TTL enforcement with automatic expiration
Secure revocation with --cleanup for expired tokens
📋 Shared Blackboard
Centralized state management for agent coordination
Atomic commits with file locking to prevent race conditions
Propose → Validate → Commit workflow for safe multi-agent writes
Cross-platform support (Unix fcntl / Windows marker files)
🛡️ Swarm Guard
Prevents "handoff tax" (agents re-explaining context)
Detects silent failures and infinite delegation loops
Cost awareness with configurable token budgets
Safety shutdown at budget thresholds (75% warning, 100% hard stop)
💰 Budget Tracking
Initialize per-session token budgets
Track spending across all agents
Real-time budget reports with utilization metrics
📦 Installation
🔧 Requirements
Python 3.9+
OpenClaw 2026.2.x or later
No external dependencies (stdlib only)
🚀 Quick Start
📚 Documentation
See SKILL.md for full usage instructions and integration guide.