Skip to content

Jovancoding/Network-AI

v5.5.3 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 17d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-framework agent-orchestration ai-agents autogen blackboard blackboard-architecture
+14 more
crewai hermes hermes-agent langchain llm mcp multi-agent nemoclaw nodejs openclaw orchestration rlm typescript workflow-engine

Summary

AI summary

Fixed dead‑store assignments in lib/transport-agent.ts and removed an unused variable in test-transport.ts.

Changes in this release

Bugfix Medium

Removed unused variable `origGet` in `test-transport.ts`.

Removed unused variable `origGet` in `test-transport.ts`.

Source: granite4.1:8b-q6_K@2026-05-21

Confidence: high
Bugfix Medium

Dropped dead store assignments in `lib/transport-agent.ts`, preserving side-effect logic.

Dropped dead store assignments in `lib/transport-agent.ts`, preserving side-effect logic.

Source: granite4.1:8b-q6_K@2026-05-21

Confidence: low
Bugfix Medium

Added comment to handle empty except block in `scripts/check_permission.py`.

Added comment to handle empty except block in `scripts/check_permission.py`.

Source: granite4.1:8b-q6_K@2026-05-21

Confidence: low
Other Low

affected_surface

affected_surface

Source: granite4.1:8b-q6_K@2026-05-21

Confidence: low
Full changelog

What's changed

Fixed — CodeQL alerts #154–#159

  • lib/transport-agent.ts — useless-assignment-to-local (#155–#158)

    The initial let status = updateStatus({startedAt: now()}) and three intermediate status = updateStatus({...}) calls (at drain, promote, and canary phases) were dead stores — the assigned value was always overwritten before being read. Fixed by separating the side-effect blackboard write from the status declaration and dropping the three intermediate assignments. All return status paths retain their preceding assignments. TypeScript strict-mode definite-assignment analysis passes; 116/116 transport tests still pass.

  • test-transport.ts — unused variable origGet (#154)

    origGet was saved to preserve the original getViolations binding but was never used after patching. Removed.

  • scripts/check_permission.py — empty-except (#159)

    The except OSError: pass block in _load_signing_key() had no explanatory comment, triggering py/empty-except. Added a comment: chmod 0o600 is unsupported on Windows NTFS and restricted filesystems but the key remains functional — caller must protect the data directory.

Full changelog: https://github.com/Jovancoding/Network-AI/blob/main/CHANGELOG.md

No breaking changes. Patch release — code quality and CodeQL compliance only.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Jovancoding/Network-AI

Get notified when new releases ship.

Sign up free

About Jovancoding/Network-AI

Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.

All releases →

Related context

Beta — feedback welcome: [email protected]