Fix Snyk CVE-547: replace hardcoded salt with random salt, add agent tokens to internal writes

Author: jovanSAPFIONEER

index.ts

@@ -931,7 +931,7 @@ class TaskDecomposer {
         // Cache successful results
         if (result.success) {
           const cacheKey = `task:${task.agentType}:${this.hashPayload(task.taskPayload)}`;
-          this.blackboard.write(cacheKey, result.result, context.agentId, 3600); // 1 hour TTL
+          this.blackboard.write(cacheKey, result.result, context.agentId, 3600, 'system-orchestrator-token'); // 1 hour TTL
         }
       }
     }
@@ -1204,7 +1204,7 @@ export class SwarmOrchestrator implements OpenClawSkill {
         this.blackboard.write(`trace:${traceId}`, {
           action,
           startTime: new Date().toISOString(),
-        }, context.agentId);
+        }, context.agentId, undefined, 'system-orchestrator-token');
       } catch {
         // Non-fatal -- tracing failure shouldn't block execution
       }
@@ -1425,7 +1425,7 @@ export class SwarmOrchestrator implements OpenClawSkill {
       }
 
       // Approved -- cache result
-      this.blackboard.write(cacheKey, sanitizedResult, context.agentId, 1800); // 30 min TTL
+      this.blackboard.write(cacheKey, sanitizedResult, context.agentId, 1800, 'system-orchestrator-token'); // 30 min TTL
 
       return {
         success: true,
@@ -1633,7 +1633,7 @@ export class SwarmOrchestrator implements OpenClawSkill {
       };
     }
 
-    this.blackboard.write(key, value, context.agentId, ttl);
+    this.blackboard.write(key, value, context.agentId, ttl, 'system-orchestrator-token');
 
     return {
       success: true,
@@ -1681,7 +1681,7 @@ export class SwarmOrchestrator implements OpenClawSkill {
       entry = this.qualityGate.approveQuarantined(quarantineId);
       if (entry) {
         // Write the approved entry to the blackboard
-        this.blackboard.write(`approved:${quarantineId}`, entry, 'orchestrator');
+        this.blackboard.write(`approved:${quarantineId}`, entry, 'orchestrator', undefined, 'system-orchestrator-token');
       }
     } else {
       entry = this.qualityGate.rejectQuarantined(quarantineId);

swarm-blackboard.md

@@ -1,68 +1,175 @@
 # Swarm Blackboard
-Last Updated: 2026-02-15T14:46:17.062Z
+Last Updated: 2026-02-15T15:13:53.693Z
+Content Hash: 944bf251df8b253d
 
 ## Active Tasks
 | TaskID | Agent | Status | Started | Description |
 |--------|-------|--------|---------|-------------|
 
 ## Knowledge Cache
-### code:auth:implementation
+### test:key1
+```json
 {
-  "key": "code:auth:implementation",
+  "key": "test:key1",
   "value": {
-    "files": [
-      "src/auth/login.ts",
-      "src/auth/middleware.ts"
-    ],
-    "linesChanged": 245,
-    "status": "complete"
+    "data": "hello world"
   },
-  "sourceAgent": "code_writer",
-  "timestamp": "2026-02-15T14:46:17.046Z",
-  "ttl": null
+  "source_agent": "test-agent",
+  "timestamp": "2026-02-15T15:13:52.019Z",
+  "ttl": null,
+  "version": 2
 }
+```
 
-### review:auth:feedback
+### test:snap1
+```json
 {
-  "key": "review:auth:feedback",
+  "key": "test:snap1",
   "value": {
-    "approved": true,
-    "comments": [
-      "Good separation of concerns",
-      "Add input validation"
-    ],
-    "reviewer": "code_reviewer"
+    "a": 1
   },
-  "sourceAgent": "code_reviewer",
-  "timestamp": "2026-02-15T14:46:17.051Z",
-  "ttl": null
+  "source_agent": "agent1",
+  "timestamp": "2026-02-15T15:13:53.543Z",
+  "ttl": null,
+  "version": 2
 }
+```
 
-### test:auth:results
+### test:snap2
+```json
 {
-  "key": "test:auth:results",
+  "key": "test:snap2",
   "value": {
-    "passed": 42,
-    "failed": 0,
-    "skipped": 2,
-    "coverage": 87.3,
-    "duration": 3200
+    "b": 2
   },
-  "sourceAgent": "test_runner",
-  "timestamp": "2026-02-15T14:46:17.057Z",
-  "ttl": null
+  "source_agent": "agent2",
+  "timestamp": "2026-02-15T15:13:53.548Z",
+  "ttl": null,
+  "version": 2
 }
+```
 
-### infra:k8s:config
+### trace:b1ac6a75-a74f-4100-b8da-ec565d24453c
+```json
 {
-  "key": "infra:k8s:config",
+  "key": "trace:b1ac6a75-a74f-4100-b8da-ec565d24453c",
   "value": {
-    "replicas": 3
+    "action": "update_blackboard",
+    "startTime": "2026-02-15T15:13:53.602Z"
   },
-  "sourceAgent": "devops_agent",
-  "timestamp": "2026-02-15T14:46:17.062Z",
-  "ttl": null
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.603Z",
+  "ttl": null,
+  "version": 1
 }
+```
+
+### test:orchestrator:data
+```json
+{
+  "key": "test:orchestrator:data",
+  "value": {
+    "message": "Hello from orchestrator test"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.612Z",
+  "ttl": 3600,
+  "version": 1
+}
+```
+
+### trace:2e2475b2-b904-4519-abe4-06fc48e44a77
+```json
+{
+  "key": "trace:2e2475b2-b904-4519-abe4-06fc48e44a77",
+  "value": {
+    "action": "query_swarm_state",
+    "startTime": "2026-02-15T15:13:53.619Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.619Z",
+  "ttl": null,
+  "version": 1
+}
+```
+
+### trace:73acc5d9-7101-40b8-832b-a9923858df7a
+```json
+{
+  "key": "trace:73acc5d9-7101-40b8-832b-a9923858df7a",
+  "value": {
+    "action": "request_permission",
+    "startTime": "2026-02-15T15:13:53.626Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.626Z",
+  "ttl": null,
+  "version": 1
+}
+```
+
+### trace:66532ae4-6c53-4841-b7d2-2bfe28d876da
+```json
+{
+  "key": "trace:66532ae4-6c53-4841-b7d2-2bfe28d876da",
+  "value": {
+    "action": "query_swarm_state",
+    "startTime": "2026-02-15T15:13:53.635Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.635Z",
+  "ttl": null,
+  "version": 1
+}
+```
+
+### trace:6c4b907c-b9de-4d07-ae7a-6cc95f7b74fd
+```json
+{
+  "key": "trace:6c4b907c-b9de-4d07-ae7a-6cc95f7b74fd",
+  "value": {
+    "action": "unknown_action",
+    "startTime": "2026-02-15T15:13:53.643Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.644Z",
+  "ttl": null,
+  "version": 1
+}
+```
+
+### trace:9cee7dba-eccf-41b0-bf9f-52e2ae5d4057
+```json
+{
+  "key": "trace:9cee7dba-eccf-41b0-bf9f-52e2ae5d4057",
+  "value": {
+    "action": "update_blackboard",
+    "startTime": "2026-02-15T15:13:53.685Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.685Z",
+  "ttl": null,
+  "version": 1
+}
+```
+
+### trace:291a7063-7491-4dc1-9dd9-eb4f01a24422
+```json
+{
+  "key": "trace:291a7063-7491-4dc1-9dd9-eb4f01a24422",
+  "value": {
+    "action": "query_swarm_state",
+    "startTime": "2026-02-15T15:13:53.693Z"
+  },
+  "source_agent": "orchestrator",
+  "timestamp": "2026-02-15T15:13:53.693Z",
+  "ttl": null,
+  "version": 1
+}
+```
 
 ## Coordination Signals
-## Execution History
+<!-- Agent availability status -->
+
+## Execution History
+<!-- Chronological log of completed tasks -->

test.ts

@@ -83,8 +83,13 @@ async function testBlackboard() {
 
   const blackboard = new SharedBlackboard(process.cwd());
 
+  // Register test agent with wildcard namespace access
+  blackboard.registerAgent('test-agent', 'test-token', ['*']);
+  blackboard.registerAgent('agent1', 'token1', ['*']);
+  blackboard.registerAgent('agent2', 'token2', ['*']);
+  
   // Test write
-  const entry = blackboard.write('test:key1', { data: 'hello world' }, 'test-agent');
+  const entry = blackboard.write('test:key1', { data: 'hello world' }, 'test-agent', undefined, 'test-token');
   if (entry.key === 'test:key1' && (entry.value as any).data === 'hello world') {
     pass('Write to blackboard');
   } else {
@@ -107,7 +112,7 @@ async function testBlackboard() {
   }
 
   // Test TTL expiration
-  blackboard.write('test:expiring', { temp: true }, 'test-agent', 1); // 1 second TTL
+  blackboard.write('test:expiring', { temp: true }, 'test-agent', 1, 'test-token'); // 1 second TTL
   if (blackboard.read('test:expiring')) {
     pass('TTL entry created');
   } else {
@@ -123,8 +128,8 @@ async function testBlackboard() {
   }
 
   // Test snapshot
-  blackboard.write('test:snap1', { a: 1 }, 'agent1');
-  blackboard.write('test:snap2', { b: 2 }, 'agent2');
+  blackboard.write('test:snap1', { a: 1 }, 'agent1', undefined, 'token1');
+  blackboard.write('test:snap2', { b: 2 }, 'agent2', undefined, 'token2');
   const snapshot = blackboard.getSnapshot();
   if (Object.keys(snapshot).length >= 2) {
     pass('Snapshot retrieval');