chore: bump to v3.2.8

Author: jovanSAPFIONEER

CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to Network-AI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.8] - 2026-02-19
+
+### Fixed
+- **TOCTOU race conditions** -- replaced `existsSync` + `writeFileSync` patterns with `appendFileSync`, `flag:'wx'`, and `writeSync via fd` in `security.ts`, `locked-blackboard.ts`, `swarm-utils.ts`, and `test-standalone.ts`; eliminates window between check and write
+- **Bad HTML filtering regexp** -- changed `.*?` to `[\s\S]*?` in script tag pattern in `security.ts`; `.` does not match newlines by default so multi-line `<script>` tags would bypass the sanitizer
+- **Missing regex anchor** -- added `\b` word boundary to `/example\.com/` pattern in `blackboard-validator.ts`; without it `notexample.com` would match
+- **Token-Permissions** -- added `permissions: contents: read` to `ci.yml`; workflows had implicit write access they do not need
+- Resolves all CodeQL HIGH severity alerts
+
 ## [3.2.7] - 2026-02-19
 
 ### Fixed

README.md

@@ -4,7 +4,7 @@
 
 [![CI](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/ci.yml)
 [![CodeQL](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/jovanSAPFIONEER/Network-AI/actions/workflows/codeql.yml)
-[![Release](https://img.shields.io/badge/release-v3.2.7-blue.svg)](https://github.com/jovanSAPFIONEER/Network-AI/releases)
+[![Release](https://img.shields.io/badge/release-v3.2.8-blue.svg)](https://github.com/jovanSAPFIONEER/Network-AI/releases)
 [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
 [![ClawHub](https://img.shields.io/badge/ClawHub-network--ai-orange.svg)](https://clawhub.ai/skills/network-ai)
 [![Node.js](https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen.svg)](https://nodejs.org)

SECURITY.md

@@ -37,7 +37,7 @@ Network-AI includes built-in security features:
 
 - **VirusTotal**: Benign (0/64 engines)
 - **OpenClaw Scanner**: Benign, HIGH CONFIDENCE
-- **ClawHub Scanner**: v3.2.7 -- eval() removed from distributed code; Socket supply chain flag resolved
+- **CodeQL**: v3.2.8 -- all HIGH alerts resolved (TOCTOU race conditions, bad HTML regex, missing regex anchor, Token-Permissions)
 - **Snyk**: All High/Medium findings resolved in v3.0.3
 
 ## Disclosure Policy

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "network-ai",
-  "version": "3.2.7",
+  "version": "3.2.8",
   "description": "AI agent orchestration framework for TypeScript/Node.js - plug-and-play multi-agent coordination with 12 frameworks (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw). Built-in security, swarm intelligence, and agentic workflow patterns.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "SwarmOrchestrator",
-  "version": "3.2.7",
+  "version": "3.2.8",
   "description": "Multi-agent orchestrator and behavioral control plane for TypeScript/Node.js. Connects 12 AI frameworks (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw) with shared blackboard coordination, permission gating, audit trails, AES-256 encryption, and token budget enforcement.",
   "author": "Network-AI Community",
   "homepage": "https://github.com/jovanSAPFIONEER/Network-AI",

skill.json

@@ -1,5 +1,5 @@
 # Swarm Blackboard
-Last Updated: 2026-02-18T22:19:29.902Z
+Last Updated: 2026-02-18T22:32:36.593Z
 
 ## Active Tasks
 | TaskID | Agent | Status | Started | Description |
@@ -18,7 +18,7 @@ Last Updated: 2026-02-18T22:19:29.902Z
     "status": "complete"
   },
   "sourceAgent": "code_writer",
-  "timestamp": "2026-02-18T22:19:29.893Z",
+  "timestamp": "2026-02-18T22:32:36.583Z",
   "ttl": null
 }
 
@@ -34,7 +34,7 @@ Last Updated: 2026-02-18T22:19:29.902Z
     "reviewer": "code_reviewer"
   },
   "sourceAgent": "code_reviewer",
-  "timestamp": "2026-02-18T22:19:29.894Z",
+  "timestamp": "2026-02-18T22:32:36.584Z",
   "ttl": null
 }
 
@@ -49,7 +49,7 @@ Last Updated: 2026-02-18T22:19:29.902Z
     "duration": 3200
   },
   "sourceAgent": "test_runner",
-  "timestamp": "2026-02-18T22:19:29.899Z",
+  "timestamp": "2026-02-18T22:32:36.588Z",
   "ttl": null
 }
 
@@ -60,7 +60,7 @@ Last Updated: 2026-02-18T22:19:29.902Z
     "replicas": 3
   },
   "sourceAgent": "devops_agent",
-  "timestamp": "2026-02-18T22:19:29.902Z",
+  "timestamp": "2026-02-18T22:32:36.593Z",
   "ttl": null
 }