nsauditor-ai-agent-skill 0.1.36 → 0.1.38

package/CHANGELOG.md

@@ -4,6 +4,54 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
 
 ---
 
+## 0.1.38 (STAGED 2026-05-22 — pending trio-publish) — Paired-release pin for EE 0.10.0 + CE 0.1.71 — NIST CSF 2.0 Track 3 third-framework cycle
+
+**Cycle hook**: EE 0.10.0 introduces NIST Cybersecurity Framework 2.0 (NIST CSWP 29, February 2024) as the third compliance framework alongside SOC 2 (AICPA TSC 2017) and HIPAA Security Rule §164.312. The agent-skill catalog updates accordingly:
+
+- `compliance_check` MCP tool description widened from "SOC 2 + HIPAA" to "SOC 2 + HIPAA + NIST CSF 2.0" with the matching `--compliance soc2,hipaa,nist-csf` CSV invocation hint.
+- `SKILL.md` framework-coverage table extended with NIST CSF 2.0 Subcategory-level matrix (13 covered / 10 partial / 83 OOS across 106 of CSF 2.0's 107 Subcategories).
+- `references/plugins.md` framework-bullet extended from "two compliance frameworks" to "three compliance frameworks" with NIST CSF 2.0 control-ID examples (PR.AA-01, DE.CM-01, RC.RP-03) + Implementation Tiers OOS disclaimer explanation + Tugboat Logic / Drata / Vanta / AuditBoard pairing-platform names.
+
+**Plugin catalog**: UNCHANGED at 24 plugins; MCP tool signatures unchanged; schemas unchanged; workflows unchanged. **Twenty-eighth consecutive trio-publish** institutionalized 0.4.5–0.10.0.
+
+**Why an agent-skill 0.1.38 release**: institutional pair-versioning. Every EE release gets a paired agent-skill version bump so operators using `npm view nsauditor-ai-agent-skill version` against an EE version can confirm the catalog targets the same trio. SKILL.md "post-EE 0.X.Y" version pointer updated to 0.10.0.
+
+**EE 0.10.0 + CE 0.1.71 paired-release highlights** (full detail in respective CHANGELOGs):
+- NEW `data/compliance/nist-csf.json` — auditor-canonical Subcategory-level mapping. 23 declared Subcategories + 6 OOS groups + schema-additive `function` / `categoryCode` / `subcategory` / `outcomeText` / `informativeReferences` fields. Inheritance contract: every titlePattern inherits from soc2.json's grep-verified pattern set, defended by 27-test anchor-drift suite.
+- EXTENDED EE `utils/soc2_renderer.mjs` — `'nist-csf'` slot table in `frameworkControlCitation` with 8 slots incl. NEW `implementation-tiers` disclaimer. `isNistCsfReport` flag detection. Implementation Tiers OOS disclaimer section in BOTH markdown AND HTML render paths (R-HIGH-2 reviewer fold from 2nd reviewer pass — markdown-only was the pre-fold state).
+- Schema-additive fields propagation to controlEntries — closes ghost-schema gap for `function`/`categoryCode`/`subcategory`/`outcomeText`/`informativeReferences` (NIST CSF) AND `requiredOrAddressable`/`standardOrSpec`/`ruleText` (HIPAA, EE 0.9.0 inherited gap) AND `manualProcedure` (SOC 2 + HIPAA, EE 0.9.3 + 0.9.4 inherited gap). R-HIGH-1 reviewer fold from 2nd reviewer pass.
+- 91 net new tests across 3 new test files (27 anchor-drift + 39 mapping + 25 renderer) + 1 fold-driven SOC 2→NIST cross-framework leak test (R-MEDIUM-1 from 2nd reviewer pass)
+- 560-line `docs/nist-csf-coverage.md`
+- 2 reviewer passes (single-agent A combined NIST/code lens + parallel-reviewer B security/air-gap/citation-leak lens); 5 same-session folds total
+
+**Reviewer pass discipline**: 2-reviewer parallel pass per the EE 0.9.0 institutional template. Reviewer A verdict "ship with 4 small folds — cycle is structurally clean"; Reviewer B verdict "ship with 2 small folds beyond Reviewer A's findings — 2 R-HIGH genuinely new + 3 polish". 5 of 10 findings applied same-session (3 from Reviewer B + 2 from Reviewer A); 5 deferred as defer-acceptable polish.
+
+**Regression**: EE 6104/6104 across 983 suites (+92 vs 0.9.4 baseline — 91 cycle-new tests + 1 fold-driven cross-framework leak test). 75-session 100% green streak preserved. **Plugin count UNCHANGED at 24**; **SOC 2 + HIPAA coverage matrices UNCHANGED at 10/4/33 + 7/3/45**; **NIST CSF 2.0 coverage matrix introduced at 13/10/83**.
+
+No breaking changes — additive only.
+
+---
+
+## 0.1.37 (PUBLISHED 2026-05-22 to npm as `latest`, superseded by 0.1.38 on trio-publish) — Paired-release pin for EE 0.9.1 + CE 0.1.70 — External-audit-findings ship-blocker patch (no catalog change; institutional pair-version)
+
+**Cycle hook**: External adversarial-audit-skill cycle (2026-05-22) identified 10 ship-blockers in pre-existing EE 0.9.0 + CE 0.1.69 code; closed in <24h. All audit findings are against EE-side correctness paths (NVD offline feed importer + plugin 1110 KMS layer + plugin 1030 PRIVESC_ACTIONS) and CE-side license verifier (replay defense + signed revocation blocklist + monotonic-clock anchor). **No agent-skill catalog change is needed** — plugin catalog stays at 24 plugins; MCP tools unchanged; schemas unchanged; workflows unchanged. **Twenty-seventh consecutive trio-publish** institutionalized 0.4.5–0.9.1.
+
+**Why an agent-skill 0.1.37 release**: institutional pair-versioning. Every EE release gets a paired agent-skill version bump so operators using `npm view nsauditor-ai-agent-skill version` against an EE version can confirm the catalog targets the same trio. SKILL.md "post-EE 0.X.Y" version pointer updated to 0.9.1.
+
+**EE 0.9.1 + CE 0.1.70 paired-release highlights** (full detail in respective CHANGELOGs):
+- **A-CRIT-1**: `feeds/nvd_feed_processor.mjs` real NVD JSON 2.0 importer (replaces 20-line stub; closes the air-gap claim). NDJSON persistence + atomic write + gzip-bomb cap. +37 new tests.
+- **B-CRIT-1/2 + B-LABEL**: plugin 1110 KMS-grant + key-policy cross-reference. HIGH→INFO downgrade when no key trusts the principal; new `kms-grant-decrypt-no-identity-grant` MEDIUM emission (Pacu P-16 closure). Finding text preserves load-bearing prefix for soc2.json + hipaa.json titlePattern integrity. +22 new tests.
+- **C-CRIT-1..4**: plugin 1030 PRIVESC_ACTIONS additions (9 canonical Pacu paths). +21 new tests.
+- **D-HIGH-1/2/3**: CE-side license verifier hardening (replay + revocation + clock anchor). +33 new CE tests.
+
+**Reviewer pass**: 2 general-purpose agents in parallel; 10 same-session folds.
+
+**Regression**: EE 5970/5970 across 951 suites (+80 vs 0.9.0); CE 968 tests (+33 vs 0.1.69). 70-session 100% green streak preserved. **Plugin count UNCHANGED at 24**; **SOC 2 + HIPAA coverage matrices UNCHANGED**.
+
+No breaking changes — additive only.
+
+---
+
 ## 0.1.36 — Catalog refresh: EE 0.9.0 HIPAA FRAMEWORK CYCLE (first 0.9.x release; HIPAA Security Rule §164.312 Technical Safeguards ships as second supported compliance framework alongside SOC 2; HIPAA coverage matrix 7 covered + 3 partial + 45 OOS; HHS Required/Addressable discipline per control; §164.312(c)(1) ransomware-defense substrate via Logically Air-Gapped Backup Vault cross-verification; per-framework SLA-citation map closes cross-framework citation leak class; 6 same-session reviewer folds; +85 new tests across 3 new suites; plugin count UNCHANGED at 24; SOC 2 coverage matrix UNCHANGED at 10/4/33; EE regression 5890/5890 across 928 suites; 69-session 100% green streak preserved; twenty-sixth consecutive trio-publish; no breaking changes — additive only; agent-skill catalog refresh: SKILL.md HIPAA framework coverage block added, README "Plugin awareness" + "Compliance frameworks" capability rows updated, references/plugins.md Enterprise Plugins header corrected 18 → 24 with HIPAA framework mention)
 
 **Trio-publish institutionalization continued.** Paired with EE 0.9.0 + CE 0.1.69 — **twenty-sixth consecutive trio-publish across EE + CE + agent-skill in a single session** (0.4.5–0.9.0).

package/SKILL.md

@@ -144,7 +144,7 @@ These tools return a license upgrade prompt on CE installations:
 | `save_finding` | Pro | Persist a validated finding to the finding queue |
 | `start_assessment` | Enterprise | Multi-host orchestrated security assessment |
 | `prioritize_risks` | Enterprise | Cross-host risk prioritization and ranking |
-| `compliance_check` | Enterprise | SOC 2 (AICPA TSC 2017) + HIPAA (§164.312 Technical Safeguards) gap analysis — both shipped EE 0.9.0; NIST CSF / PCI-DSS / ISO 27001 / CIS planned. Multi-framework via `--compliance soc2,hipaa`. |
+| `compliance_check` | Enterprise | SOC 2 (AICPA TSC 2017) + HIPAA (§164.312 Technical Safeguards) + NIST CSF 2.0 Core gap analysis — all three shipped (SOC 2 EE 0.3.x; HIPAA EE 0.9.0; NIST CSF 2.0 EE 0.10.0). PCI-DSS / ISO 27001 / CIS planned. Multi-framework via `--compliance soc2,hipaa,nist-csf` (any CSV subset). |
 | `export_report` | Enterprise | Formatted compliance/risk report (PDF, HTML) |
 
 ---
@@ -297,10 +297,14 @@ CE collision. CE reserves 001-099.
 
 **Plugin 1170 v3 (EE 0.6.6) SG→SG transitive chain reachability** — `aws-ec2-sg-perimeter-auditor` v3 extension. Pre-v3 each Security Group was audited in isolation; a SG with no direct public-CIDR ingress would emit the PASS-tier "no direct public-internet ingress CIDR rules" finding even if transitively reachable from the internet through a `UserIdGroupPairs` chain. v3 builds the SG-reference graph (`_buildSgReferenceGraph`), identifies public-CIDR roots (`_findPubliclyReachableSgs` — 0.0.0.0/0 / ::/0 ingress), and BFS-walks the graph (`_walkTransitiveReachability`) with cycle defense + depth cap (default 5, max 20) + per-target chain cap (default 10, max 100). 2-hop chains emit **HIGH**; 3+ hop chains emit **CRITICAL** (operator-blindness principle — deeper chains less likely to be noticed). Cross-VPC edges skipped (out-of-scope for v3 v1; INFO trailer). v3 v1 simplification: per-hop port-flow tracked but NOT intersected (`walkthroughRequired=true`). New operator opts: `skipTransitiveReachability` / `transitiveChainDepthCap` / `transitiveChainsPerTargetCap` / `transitiveChainSamplesPerFindingCap`. **v3 R-HIGH-1 fold**: BFS short-circuits enqueue past per-target cap (closes path-enumeration explosion on hub-and-spoke topologies — pre-fold the BFS kept cloning `path` and `visited` Sets and walking past the cap). **v3 R-LOW-2 fold**: depth-cap-hit surfaced separately from per-target-cap (closes silent-deep-truncation false-CLEAN class). 3 new soc2.json mappings under CC6.6 (transitive HIGH + CRITICAL + INFO truncation). **v3.1 EE 0.6.7 closes the edge-dedup R2-deferred item**: `_buildSgReferenceGraph` now dedupes edges by `(sourceGroupId, targetGroupId)` with `ports` aggregated as array of `{protocol, fromPort, toPort}`. Pre-fold a real-world ALB-fronting-app SG with 3 ingress perms on different ports (80/443/8080) referencing the same source SG emitted 3 distinct edges A→B; the BFS treated each as a separate chain, inflating `chainCount` 2-5× and exhausting per-target chain caps on noise. Post-fold the BFS sees exactly 1 chain per distinct (source, target) pair. `isCrossVpc` aggregation is AND-semantic — if ANY contributing pair is same-VPC, the merged edge is same-VPC (per `[[conservative_classifier_principle]]`: walk possibly-same-VPC chains rather than silently skip). Classifier port-render accepts both v3.1 array shape and v3 single-object shape (back-compat). **v3.1 R-MEDIUM-1 fold**: arrival-order independence locked with 2 regression fixtures + JSDoc tightening. **v3.1 R-LOW-1 fold**: partial-render contract on malformed port specs locked with 2 fixtures. **v3.1 R-LOW-2 fold**: `_portKeys` scratch-lifetime documented (MUST NOT escape).
 
-**EE SOC 2 substrate-evidence coverage (post-EE 0.9.0):** 10 covered controls (CC6.1 /
+**EE SOC 2 substrate-evidence coverage (post-EE 0.10.0):** 10 covered controls (CC6.1 /
 CC6.2 / CC6.6 / CC6.7 / CC6.8 / CC7.1 / CC7.2 / CC7.3 / C1.1 / C1.2) + 4 partial
 (CC6.3 / CC8.1 / A1.2 / PI1.5) + 33 OOS for static substrate scanning. **SOC 2 matrix
-UNCHANGED post-EE 0.9.0 — the HIPAA cycle is additive-only; no SOC 2 mappings changed.**
+UNCHANGED post-EE 0.10.0 — the NIST CSF 2.0 cycle is additive-only; no SOC 2 mappings
+changed. NIST CSF 2.0 introduced as third Track 3 framework with its own 13/10/83
+matrix across 106 of CSF 2.0 Core's 107 Subcategories; Govern function OOS-by-design
+with GV.SC-04 partial as substrate-evidence exception; Respond function OOS-entirely;
+Implementation Tiers 1-4 OOS as organizational-maturity claim.**
 Coverage matrix is institutionally honest: substrate-evidence depth grows release-over-release
 without the matrix being shifted (the matrix-shift requires net-new control coverage, not just
 more evidence on already-covered controls).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai-agent-skill",
-  "version": "0.1.36",
+  "version": "0.1.38",
   "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
   "keywords": [
     "nsauditor",

package/references/plugins.md

@@ -161,7 +161,7 @@ listings, and default pages.
 
 ## Enterprise Plugins (24)
 
-> **EE plugin ID range.** As of EE 0.3.9 (2026-05-12), all EE plugins use the disjoint **1000+ ID range** to avoid CE collision. The earlier 020/021/022/023/030/040/050/060 IDs were renumbered to 1020/1021/1022/1023/1030/1040/1050/1060. CE reserves 001-099. EE plugins audit AWS / GCP / Azure cloud substrate end-to-end against **two compliance frameworks** (post-EE 0.9.0): the AICPA Trust Services Criteria 2017 (SOC 2) and the HIPAA Security Rule §164.312 Technical Safeguards (2013 Final Rule). Each plugin's findings route to BOTH frameworks via the framework-agnostic engine + per-framework SOC2-control-citation map. Every plugin is enterprise-gated by the `cloudScanners` capability and runs against customer-supplied cloud credentials. Multi-framework workflow: `--compliance soc2,hipaa` (CSV) produces separate per-framework artifact sets in one scan. **Zero BAA required** for HIPAA — Zero Data Exfiltration architecture means ePHI never leaves customer infrastructure.
+> **EE plugin ID range.** As of EE 0.3.9 (2026-05-12), all EE plugins use the disjoint **1000+ ID range** to avoid CE collision. The earlier 020/021/022/023/030/040/050/060 IDs were renumbered to 1020/1021/1022/1023/1030/1040/1050/1060. CE reserves 001-099. EE plugins audit AWS / GCP / Azure cloud substrate end-to-end against **three compliance frameworks** (post-EE 0.10.0): the AICPA Trust Services Criteria 2017 (SOC 2), the HIPAA Security Rule §164.312 Technical Safeguards (2013 Final Rule), and **NIST Cybersecurity Framework 2.0 Core (NIST CSWP 29, February 2024)**. Each plugin's findings route to ALL THREE frameworks via the framework-agnostic engine + per-framework control-citation map (renderer cites SOC 2 CC IDs in SOC 2 reports, HIPAA §164.312 in HIPAA reports, NIST CSF Subcategory IDs like PR.AA-01 / DE.CM-01 / RC.RP-03 in NIST reports — closes cross-framework citation leak in all 3 directions). Every plugin is enterprise-gated by the `cloudScanners` capability and runs against customer-supplied cloud credentials. Multi-framework workflow: `--compliance soc2,hipaa,nist-csf` (any CSV subset) produces separate per-framework artifact sets in one scan. **Zero BAA required** for HIPAA — Zero Data Exfiltration architecture means ePHI never leaves customer infrastructure. **NIST CSF 2.0 Implementation Tiers 1-4** (Partial / Risk-Informed / Repeatable / Adaptive) are organizational-maturity claims explicitly OOS for infrastructure scanning — surfaced in renderer as cover-page Tiers OOS disclaimer section (markdown + HTML parity); pair with NIST-aware GRC platforms (Tugboat Logic, Drata NIST CSF, Vanta NIST CSF, AuditBoard).
 
 | ID | Name | Tier | Purpose | SOC 2 Controls |
 |----|------|------|---------|----------------|