Jovancoding/Network-AI

v5.5.1 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 17d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-framework agent-orchestration ai-agents autogen blackboard blackboard-architecture

+14 more

crewai hermes hermes-agent langchain llm mcp multi-agent nemoclaw nodejs openclaw orchestration rlm typescript workflow-engine

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 9d

Release v5.5.1 fixes token revocation path resolution bugs in multi‑environment deployments and updates version references throughout documentation.

Why it matters: Addresses incorrect grant file targeting for token revocation; all users of scripts/revoke_token.py should upgrade to v5.5.1 before the next deployment cycle.

Summary

AI summary

Fixed token revocation and TTL cleanup targeting the wrong grant file in multi‑environment deployments.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	ClawHub v5.5.1 ASI03 fix note added to SECURITY.md and .github/SECURITY.md. ClawHub v5.5.1 ASI03 fix note added to SECURITY.md and .github/SECURITY.md. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	resolve_data_dir() helper added for env-scoped token revocation paths. resolve_data_dir() helper added for env-scoped token revocation paths. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	--env CLI argument introduced to specify environment for token revocation. --env CLI argument introduced to specify environment for token revocation. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Bugfix	Medium	Paths re-resolved inside main() before file I/O, matching check_permission.py and validate_token.py behavior. Paths re-resolved inside main() before file I/O, matching check_permission.py and validate_token.py behavior. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Other
Other	Medium	Version references updated from 5.5.0 to 5.5.1 across 14 files. Version references updated from 5.5.0 to 5.5.1 across 14 files. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Other	Medium	ASI03 row split in SKILL.md distinguishing advisory-token (by design) vs env-scoped path (resolved). ASI03 row split in SKILL.md distinguishing advisory-token (by design) vs env-scoped path (resolved). Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Other	Medium	v5.5.1 entry added to version history paragraph in ENTERPRISE.md. v5.5.1 entry added to version history paragraph in ENTERPRISE.md. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Other	Medium	Version updated to 5.5.1 in CLAUDE.md and CODEX.md. Version updated to 5.5.1 in CLAUDE.md and CODEX.md. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—

Full changelog

What's changed

Fixed

scripts/revoke_token.py — env-scoped paths (ClawScan ASI03)

evoke_token.py previously resolved GRANTS_FILE and AUDIT_LOG at module load time from the root data/ directory, ignoring NETWORK_AI_ENV at runtime. When running multi-environment deployments, token revocation and TTL cleanup silently targeted the wrong grant file.

Fixed: _resolve_data_dir() helper added; --env CLI argument introduced; paths are re-resolved inside main() before any file I/O — matching the behaviour of check_permission.py and alidate_token.py.

`ash

Now works correctly in multi-env setups:

python scripts/revoke_token.py grant_abc123 --env dev
python scripts/revoke_token.py --cleanup --env prod
NETWORK_AI_ENV=staging python scripts/revoke_token.py --list-expired
`

Documentation

All version references bumped 5.5.0 → 5.5.1 across 14 files
SECURITY.md / .github/SECURITY.md: ClawHub v5.5.1 ASI03 fix note added
SKILL.md: ASI03 row split — advisory-token (by design) vs env-scoped path (resolved)
ENTERPRISE.md: v5.5.1 entry added to version history paragraph
CLAUDE.md / CODEX.md: version updated to 5.5.1

Full changelog: https://github.com/Jovancoding/Network-AI/blob/main/CHANGELOG.md

No new features. No breaking changes. Patch release.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Jovancoding/Network-AI

Get notified when new releases ship.

About Jovancoding/Network-AI

Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.

All releases →