v3.6.2 — CodeQL #75 + Socket.dev Supply Chain Fixes

[Jovancoding]

What's Fixed

CodeQL #75 — Comparison Between Inconvertible Types

test-phase5c.ts:144 — replaced _typed !== undefined with !!_typed.

Variable _typed is statically typed as BlackboardBackend (an object) and can never be undefined, making the original comparison trivially true (CWE-570, CWE-571). The compile-time interface check on the preceding line is unchanged and still does the real work.

Socket.dev Supply Chain Score

Added networkAccess suppression to socket.json for dist/adapters/custom-adapter.js.

CustomAdapter calls fetch(config.url, ...) by design — connecting to a user-supplied AI endpoint is the explicit purpose of the adapter, not an unexpected side-effect. Both issues in socket.json are now documented:

Issue	File	Status
evalDynamicCodeExecution	dist/lib/blackboard-validator.js	False positive — security scanner
networkAccess	dist/adapters/custom-adapter.js	Intentional — user-configured HTTP adapter

No API Changes

Test-only and metadata changes. No library code modified.

Full Changelog

See CHANGELOG.md for details.

---

This discussion was created from the release v3.6.2 — CodeQL #75 + Socket.dev Supply Chain Fixes.