Agent Weave

This package appears to implement the master/worker features it advertises, but there are multiple quality and runtime concerns you should consider before installing or running it: - Packaging bugs: package.json's 'bin' claims a 'bin/weave' entry that is missing; the included test report documents CLI entry-point issues. Prefer not to npm install -g this globally until the maintainer fixes the bin entry. - File writes: the library and demos write logs and agent state to disk (default ./agent-logs). If you run it, set logDir to a controlled location and avoid running as a privileged user. - Long-running agents: AGENT_SYSTEM.md and code allow child agents with timeout: 0 (no timeout) and use setInterval heartbeats. That can create long-running processes and resource leaks; run inside a container or VM and enforce resource/time limits. - Code quality bugs: duplicate method definitions, missing imports (some demo files use fs without requiring it), and duplicated/overridden getters are present. These look like sloppy packaging rather than intentional malice, but they could cause unexpected behavior. - No network exfiltration found: there are no obvious outbound network calls, credential requests, or hidden endpoints in the provided files. Recommendations: 1) Review the code (lib/ and agent-system files) locally before running. 2) Run in an isolated environment (container or sandbox) and avoid global install. 3) Configure logDir and limits, and prefer programmatic use in controlled tests before using in production. 4) If you need CLI functionality, wait for the maintainer to fix the bin packaging or inspect/adjust bin/weave.mjs / bin/weave-cli-safe.js before use. Given the packaging and runtime surprises, treat this as potentially risky until you validate and sandbox it.