Network-AI/socket.json at main · Jovancoding/Network-AI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
{
  "version": 2,
  "ignore": {
    "evalDynamicCodeExecution": [
      {
        "path": "lib/blackboard-validator.ts",
        "reason": "False positive — this pattern is part of dangerous-code detection for untrusted agent content written to the blackboard. It does not execute code."
      },
      {
        "path": "dist/lib/blackboard-validator.js",
        "reason": "False positive — compiled output of the dangerous-code detector. It matches risky input patterns and does not execute code."
      }
    ],
    "networkAccess": [
      {
        "path": "adapters/a2a-adapter.ts",
        "reason": "Intentional — A2AAdapter implements the Google Agent-to-Agent protocol and sends outbound HTTP requests only to agent endpoints explicitly registered by the user."
      },
      {
        "path": "dist/adapters/a2a-adapter.js",
        "reason": "Intentional — compiled output of A2AAdapter. It talks only to agent endpoints explicitly registered by the user."
      },
      {
        "path": "adapters/custom-adapter.ts",
        "reason": "Intentional — CustomAdapter can call a caller-supplied HTTP endpoint as part of its documented bring-your-own-client behavior."
      },
      {
        "path": "dist/adapters/custom-adapter.js",
        "reason": "Intentional — compiled output of CustomAdapter. It calls a caller-supplied endpoint as part of documented adapter behavior."
      },
      {
        "path": "adapters/aps-adapter.ts",
        "reason": "Intentional — APSAdapter can verify delegation chains through a configured remote verifier endpoint when that mode is enabled by the caller."
      },
      {
        "path": "dist/adapters/aps-adapter.js",
        "reason": "Intentional — compiled output of APSAdapter. It talks only to a caller-configured verifier endpoint when that verification mode is enabled."
      },
      {
        "path": "lib/mcp-transport-sse.ts",
        "reason": "Intentional — McpSseTransport is the HTTP and SSE transport layer for MCP. Serving and connecting over HTTP is its documented role."
      },
      {
        "path": "dist/lib/mcp-transport-sse.js",
        "reason": "Intentional — compiled output of the MCP HTTP and SSE transport layer."
      },
      {
        "path": "dist/bin/mcp-server.js",
        "reason": "Intentional — network-ai-server is an opt-in CLI binary that starts an MCP HTTP and SSE server only when the user invokes it explicitly."
      },
      {
        "path": "adapters/codex-adapter.ts",
        "reason": "Intentional — CodexAdapter sends outbound requests to OpenAI or a caller-provided base URL as part of its documented adapter behavior."
      },
      {
        "path": "dist/adapters/codex-adapter.js",
        "reason": "Intentional — compiled output of CodexAdapter. It talks to OpenAI or a caller-provided base URL."
      },
      {
        "path": "adapters/minimax-adapter.ts",
        "reason": "Intentional — MiniMaxAdapter sends outbound requests to MiniMax's API as part of its documented adapter behavior."
      },
      {
        "path": "dist/adapters/minimax-adapter.js",
        "reason": "Intentional — compiled output of MiniMaxAdapter. It talks to MiniMax endpoints as configured by the caller."
      }
    ],
    "urlStrings": [
      {
        "path": "dist/adapters/custom-adapter.js",
        "reason": "Intentional — CustomAdapter accepts user-supplied endpoint URLs (config.url) as its core function. URLs are provided by the caller at runtime, not hard-coded."
      },
      {
        "path": "dist/adapters/mcp-adapter.js",
        "reason": "Intentional — MCPAdapter documents example MCP endpoint URL patterns in comments. No runtime URL is hard-coded."
      },
      {
        "path": "dist/bin/mcp-server.js",
        "reason": "Intentional — mcp-server.js is the MCP server binary; localhost URLs are for the server it starts (e.g. http://localhost:3001/sse) and are documented in help text and comments."
      },
      {
        "path": "adapters/codex-adapter.ts",
        "reason": "Intentional — CodexAdapter uses https://api.openai.com as default baseUrl for OpenAI API calls. Users can override via config.baseUrl."
      },
      {
        "path": "dist/adapters/codex-adapter.js",
        "reason": "Intentional — CodexAdapter uses https://api.openai.com as default baseUrl for OpenAI API calls. Users can override via config.baseUrl."
      },
      {
        "path": "adapters/minimax-adapter.ts",
        "reason": "Intentional — MiniMaxAdapter uses https://api.minimax.io/v1 as default baseUrl for MiniMax API calls. Users can override via config.baseUrl."
      },
      {
        "path": "dist/adapters/minimax-adapter.js",
        "reason": "Intentional — MiniMaxAdapter uses https://api.minimax.io/v1 as default baseUrl for MiniMax API calls. Users can override via config.baseUrl."
      }
    ],
    "envVars": [
      {
        "path": "security.ts",
        "reason": "Intentional — reads SWARM_TOKEN_SECRET and SWARM_ENCRYPTION_KEY env vars as an opt-in mechanism for users to supply secrets without hard-coding them."
      },
      {
        "path": "dist/security.js",
        "reason": "Intentional — compiled output of security.ts. Reads SWARM_TOKEN_SECRET and SWARM_ENCRYPTION_KEY env vars."
      },
      {
        "path": "adapters/codex-adapter.ts",
        "reason": "Intentional — CodexAdapter reads OPENAI_API_KEY env var as a fallback when no API key is provided via config. Declared in skill.json env section."
      },
      {
        "path": "dist/adapters/codex-adapter.js",
        "reason": "Intentional — compiled output of codex-adapter.ts. Reads OPENAI_API_KEY env var."
      },
      {
        "path": "adapters/minimax-adapter.ts",
        "reason": "Intentional — MiniMaxAdapter reads MINIMAX_API_KEY env var as a fallback when no API key is provided via config. Declared in skill.json env section."
      },
      {
        "path": "dist/adapters/minimax-adapter.js",
        "reason": "Intentional — compiled output of minimax-adapter.ts. Reads MINIMAX_API_KEY env var."
      },
      {
        "path": "setup.ts",
        "reason": "Intentional — setup module checks for OPENAI_API_KEY env var to provide helpful configuration guidance. Declared in skill.json env section."
      },
      {
        "path": "dist/setup.js",
        "reason": "Intentional — compiled output of setup.ts. Checks for OPENAI_API_KEY env var."
      }
    ],
    "shellExec": [
      {
        "path": "adapters/nemoclaw-adapter.ts",
        "reason": "Intentional — NemoClawAdapter's default executor uses child_process.execFile to invoke the openshell CLI for sandbox management. This is the fallback when no custom executor is provided. Users are expected to bring their own executor in production."
      },
      {
        "path": "dist/adapters/nemoclaw-adapter.js",
        "reason": "Intentional — compiled output of nemoclaw-adapter.ts. Uses child_process.execFile to invoke the openshell CLI."
      },
      {
        "path": "examples/05-code-review-swarm.ts",
        "reason": "Intentional — example script uses execSync('npx tsc --noEmit') to demonstrate automated TypeScript type-checking in a code review pipeline. Not part of the core library."
      },
      {
        "path": "examples/demo-runner.ts",
        "reason": "Intentional — demo runner uses spawn('npx', ['ts-node', file]) to execute example scripts. This is a developer convenience script, not part of the core library."
      }
    ],
    "filesystemAccess": [
      {
        "path": "dist/index.js",
        "reason": "Intentional — the blackboard uses a file-backed store (data/ directory) as its persistence layer. Filesystem access is the explicit purpose of the local-first architecture."
      },
      {
        "path": "dist/run.js",
        "reason": "Intentional — run.ts bootstraps the local blackboard and reads/writes the data directory. File I/O is the core mechanism."
      },
      {
        "path": "dist/security.js",
        "reason": "Intentional — security module writes the HMAC-signed audit log to data/audit_log.jsonl. Append-only filesystem writes are the audit trail mechanism."
      },
      {
        "path": "dist/lib/locked-blackboard.js",
        "reason": "Intentional — LockedBlackboard uses atomic file rename + fsync for its mutex. Filesystem access is the locking primitive."
      },
      {
        "path": "dist/lib/mcp-tools-extended.js",
        "reason": "Intentional — extended MCP tools expose blackboard snapshot and audit log query over MCP; these read from the data/ directory."
      },
      {
        "path": "dist/lib/mcp-transport-sse.js",
        "reason": "Intentional — SSE transport reads config from the filesystem. File access is for configuration loading only."
      },
      {
        "path": "dist/lib/swarm-utils.js",
        "reason": "Intentional — swarm-utils reads/writes the shared blackboard file and audit log. Filesystem I/O is the persistence layer."
      }
    ]
  }
}