v3.2.1 — Security Patch: Justification Scoring Hardened

[Jovancoding]

Security Fix

Addresses a vulnerability flagged by ClawHub scanner in check_permission.py where simplistic keyword matching in score_justification() could be bypassed via prompt injection to gain unauthorized access to sensitive resources.

Changes

scripts/check_permission.py — Hardened justification scoring

• Added detect_injection() with 16 prompt-injection attack patterns (ignore/override/bypass/sudo/jailbreak/etc.)
• Keyword-stuffing detection — penalises when >50% of words are scoring keywords
• Repetition/padding detection — rejects justifications with <40% unique words
• Maximum length cap (500 chars) — prevents obfuscation in excessively long text
• Minimum word count (3) — rejects lazy single-word justifications
• Structural coherence scoring — requires verb + noun patterns for full credit
• Scoring rebalanced: length (0.25), task keywords (0.20), specificity (0.20), no-debug (0.15), coherence (0.20)

test-security.ts — Fixed pre-existing audit integrity test failure

• Isolated gateway audit log path to prevent cross-run HMAC signature mismatches
• All 33 security tests now pass consistently

Test Results

Suite	Tests	Status
Standalone	79	✅
Security	33	✅
Adapters	139	✅
Priority	64	✅
Total	315	✅ ALL PASS

Install

npm install network-ai@3.2.1  

Full Changelog: [https://github.com/jovanSAPFIONEER/Network-AI/compare/v3.2.0...v3.2.1](vscode-file://vscode-app/c:/Users/Racunar/AppData/Local/Programs/Microsoft%20VS%20Code/c3a26841a8/resources/app/out/vs/code/electron-browser/workbench/workbench.html)

<hr /><em>This discussion was created from the release <a href='https://github.com/jovanSAPFIONEER/Network-AI/releases/tag/v3.2.1'>v3.2.1 — Security Patch: Justification Scoring Hardened</a>.</em>