nsauditor-ai-agent-skill 0.1.37 → 0.1.39

package/CHANGELOG.md

@@ -4,7 +4,47 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
 
 ---
 
-## 0.1.37 (STAGED 2026-05-22 — pending trio-publish) — Paired-release pin for EE 0.9.1 + CE 0.1.70 — External-audit-findings ship-blocker patch (no catalog change; institutional pair-version)
+## 0.1.39 (STAGED 2026-05-23 — pending trio-publish) — Paired-release pin for EE 0.11.0 + CE 0.1.72 — PCI DSS v4.0.1 Track 3 fourth-framework cycle
+
+**Cycle hook**: EE 0.11.0 introduces PCI DSS v4.0.1 (PCI SSC, June 2024 errata; supersedes v4.0 March 2022; v3.2.1 retired March 31, 2024) as the fourth compliance framework alongside SOC 2 (AICPA TSC 2017), HIPAA Security Rule §164.312, and NIST Cybersecurity Framework 2.0. The agent-skill catalog updates accordingly:
+
+- `compliance_check` MCP tool description widened from "SOC 2 + HIPAA + NIST CSF 2.0" to "SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1" with the matching `--compliance soc2,hipaa,nist-csf,pci-dss` CSV invocation hint. PCI DSS sub-requirement examples baked into tool description: `Req 1.2.1` NSC config standards, `Req 8.4.1` MFA on non-console admin, `Req 10.2.1` audit logs enabled, `Req 11.3.1` quarterly internal vuln scans. Defined-vs-Customized Approach discipline per PCI DSS v4.0.1 Appendix E (15 Defined-only sub-requirements enforced at schema layer) + CHD Scope operator-attested via CDE Data Flow Diagram per Req 1.2.4 + card-brand AOC enforcement view (Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC).
+- `SKILL.md` framework-coverage table extended with PCI DSS v4.0.1 sub-requirement-level matrix (**20 covered / 8 partial / 39 OOS across 67 of ~250 sub-requirements at MVP-67 density**).
+- `references/plugins.md` framework-bullet extended from "three compliance frameworks" to "four compliance frameworks" with PCI DSS v4.0.1 sub-requirement examples + Req 12 OOS-by-design entirely framing + Req 5 + Req 9 OOS-entirely framing + Drata PCI / Vanta PCI / AuditBoard PCI / OneTrust GRC pairing-platform names.
+
+**Plugin catalog**: UNCHANGED at 24 plugins; MCP tool signatures unchanged; schemas unchanged; workflows unchanged. **Twenty-ninth consecutive trio-publish** institutionalized 0.4.5–0.11.0.
+
+---
+
+## 0.1.38 (PUBLISHED 2026-05-22) — Paired-release pin for EE 0.10.0 + CE 0.1.71 — NIST CSF 2.0 Track 3 third-framework cycle
+
+**Cycle hook**: EE 0.10.0 introduces NIST Cybersecurity Framework 2.0 (NIST CSWP 29, February 2024) as the third compliance framework alongside SOC 2 (AICPA TSC 2017) and HIPAA Security Rule §164.312. The agent-skill catalog updates accordingly:
+
+- `compliance_check` MCP tool description widened from "SOC 2 + HIPAA" to "SOC 2 + HIPAA + NIST CSF 2.0" with the matching `--compliance soc2,hipaa,nist-csf` CSV invocation hint.
+- `SKILL.md` framework-coverage table extended with NIST CSF 2.0 Subcategory-level matrix (13 covered / 10 partial / 83 OOS across 106 of CSF 2.0's 107 Subcategories).
+- `references/plugins.md` framework-bullet extended from "two compliance frameworks" to "three compliance frameworks" with NIST CSF 2.0 control-ID examples (PR.AA-01, DE.CM-01, RC.RP-03) + Implementation Tiers OOS disclaimer explanation + Tugboat Logic / Drata / Vanta / AuditBoard pairing-platform names.
+
+**Plugin catalog**: UNCHANGED at 24 plugins; MCP tool signatures unchanged; schemas unchanged; workflows unchanged. **Twenty-eighth consecutive trio-publish** institutionalized 0.4.5–0.10.0.
+
+**Why an agent-skill 0.1.38 release**: institutional pair-versioning. Every EE release gets a paired agent-skill version bump so operators using `npm view nsauditor-ai-agent-skill version` against an EE version can confirm the catalog targets the same trio. SKILL.md "post-EE 0.X.Y" version pointer updated to 0.10.0.
+
+**EE 0.10.0 + CE 0.1.71 paired-release highlights** (full detail in respective CHANGELOGs):
+- NEW `data/compliance/nist-csf.json` — auditor-canonical Subcategory-level mapping. 23 declared Subcategories + 6 OOS groups + schema-additive `function` / `categoryCode` / `subcategory` / `outcomeText` / `informativeReferences` fields. Inheritance contract: every titlePattern inherits from soc2.json's grep-verified pattern set, defended by 27-test anchor-drift suite.
+- EXTENDED EE `utils/soc2_renderer.mjs` — `'nist-csf'` slot table in `frameworkControlCitation` with 8 slots incl. NEW `implementation-tiers` disclaimer. `isNistCsfReport` flag detection. Implementation Tiers OOS disclaimer section in BOTH markdown AND HTML render paths (R-HIGH-2 reviewer fold from 2nd reviewer pass — markdown-only was the pre-fold state).
+- Schema-additive fields propagation to controlEntries — closes ghost-schema gap for `function`/`categoryCode`/`subcategory`/`outcomeText`/`informativeReferences` (NIST CSF) AND `requiredOrAddressable`/`standardOrSpec`/`ruleText` (HIPAA, EE 0.9.0 inherited gap) AND `manualProcedure` (SOC 2 + HIPAA, EE 0.9.3 + 0.9.4 inherited gap). R-HIGH-1 reviewer fold from 2nd reviewer pass.
+- 91 net new tests across 3 new test files (27 anchor-drift + 39 mapping + 25 renderer) + 1 fold-driven SOC 2→NIST cross-framework leak test (R-MEDIUM-1 from 2nd reviewer pass)
+- 560-line `docs/nist-csf-coverage.md`
+- 2 reviewer passes (single-agent A combined NIST/code lens + parallel-reviewer B security/air-gap/citation-leak lens); 5 same-session folds total
+
+**Reviewer pass discipline**: 2-reviewer parallel pass per the EE 0.9.0 institutional template. Reviewer A verdict "ship with 4 small folds — cycle is structurally clean"; Reviewer B verdict "ship with 2 small folds beyond Reviewer A's findings — 2 R-HIGH genuinely new + 3 polish". 5 of 10 findings applied same-session (3 from Reviewer B + 2 from Reviewer A); 5 deferred as defer-acceptable polish.
+
+**Regression**: EE 6104/6104 across 983 suites (+92 vs 0.9.4 baseline — 91 cycle-new tests + 1 fold-driven cross-framework leak test). 75-session 100% green streak preserved. **Plugin count UNCHANGED at 24**; **SOC 2 + HIPAA coverage matrices UNCHANGED at 10/4/33 + 7/3/45**; **NIST CSF 2.0 coverage matrix introduced at 13/10/83**.
+
+No breaking changes — additive only.
+
+---
+
+## 0.1.37 (PUBLISHED 2026-05-22 to npm as `latest`, superseded by 0.1.38 on trio-publish) — Paired-release pin for EE 0.9.1 + CE 0.1.70 — External-audit-findings ship-blocker patch (no catalog change; institutional pair-version)
 
 **Cycle hook**: External adversarial-audit-skill cycle (2026-05-22) identified 10 ship-blockers in pre-existing EE 0.9.0 + CE 0.1.69 code; closed in <24h. All audit findings are against EE-side correctness paths (NVD offline feed importer + plugin 1110 KMS layer + plugin 1030 PRIVESC_ACTIONS) and CE-side license verifier (replay defense + signed revocation blocklist + monotonic-clock anchor). **No agent-skill catalog change is needed** — plugin catalog stays at 24 plugins; MCP tools unchanged; schemas unchanged; workflows unchanged. **Twenty-seventh consecutive trio-publish** institutionalized 0.4.5–0.9.1.
 

package/SKILL.md

@@ -144,7 +144,7 @@ These tools return a license upgrade prompt on CE installations:
 | `save_finding` | Pro | Persist a validated finding to the finding queue |
 | `start_assessment` | Enterprise | Multi-host orchestrated security assessment |
 | `prioritize_risks` | Enterprise | Cross-host risk prioritization and ranking |
-| `compliance_check` | Enterprise | SOC 2 (AICPA TSC 2017) + HIPAA (§164.312 Technical Safeguards) gap analysis — both shipped EE 0.9.0; NIST CSF / PCI-DSS / ISO 27001 / CIS planned. Multi-framework via `--compliance soc2,hipaa`. |
+| `compliance_check` | Enterprise | SOC 2 (AICPA TSC 2017) + HIPAA (§164.312 Technical Safeguards) + NIST CSF 2.0 Core + **PCI DSS v4.0.1** (sub-requirement-level for QSA RoC; PCI SSC June 2024 errata) gap analysis — all four shipped (SOC 2 EE 0.3.x; HIPAA EE 0.9.0; NIST CSF 2.0 EE 0.10.0; **PCI DSS v4.0.1 EE 0.11.0**). ISO 27001:2022 / CIS Controls v8 planned. Multi-framework via `--compliance soc2,hipaa,nist-csf,pci-dss` (any CSV subset; quad-framework one-scan produces four complete auditor-ready evidence packs). PCI DSS sub-requirement examples: `Req 1.2.1` NSC config standards, `Req 8.4.1` MFA on non-console admin, `Req 10.2.1` audit logs enabled, `Req 11.3.1` quarterly internal vuln scans. Defined-vs-Customized Approach discipline per Appendix E (15 Defined-only sub-requirements enforced at schema layer; CHD Scope operator-attested via CDE DFD per Req 1.2.4; card-brand AOC enforcement view — Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC). |
 | `export_report` | Enterprise | Formatted compliance/risk report (PDF, HTML) |
 
 ---
@@ -297,10 +297,14 @@ CE collision. CE reserves 001-099.
 
 **Plugin 1170 v3 (EE 0.6.6) SG→SG transitive chain reachability** — `aws-ec2-sg-perimeter-auditor` v3 extension. Pre-v3 each Security Group was audited in isolation; a SG with no direct public-CIDR ingress would emit the PASS-tier "no direct public-internet ingress CIDR rules" finding even if transitively reachable from the internet through a `UserIdGroupPairs` chain. v3 builds the SG-reference graph (`_buildSgReferenceGraph`), identifies public-CIDR roots (`_findPubliclyReachableSgs` — 0.0.0.0/0 / ::/0 ingress), and BFS-walks the graph (`_walkTransitiveReachability`) with cycle defense + depth cap (default 5, max 20) + per-target chain cap (default 10, max 100). 2-hop chains emit **HIGH**; 3+ hop chains emit **CRITICAL** (operator-blindness principle — deeper chains less likely to be noticed). Cross-VPC edges skipped (out-of-scope for v3 v1; INFO trailer). v3 v1 simplification: per-hop port-flow tracked but NOT intersected (`walkthroughRequired=true`). New operator opts: `skipTransitiveReachability` / `transitiveChainDepthCap` / `transitiveChainsPerTargetCap` / `transitiveChainSamplesPerFindingCap`. **v3 R-HIGH-1 fold**: BFS short-circuits enqueue past per-target cap (closes path-enumeration explosion on hub-and-spoke topologies — pre-fold the BFS kept cloning `path` and `visited` Sets and walking past the cap). **v3 R-LOW-2 fold**: depth-cap-hit surfaced separately from per-target-cap (closes silent-deep-truncation false-CLEAN class). 3 new soc2.json mappings under CC6.6 (transitive HIGH + CRITICAL + INFO truncation). **v3.1 EE 0.6.7 closes the edge-dedup R2-deferred item**: `_buildSgReferenceGraph` now dedupes edges by `(sourceGroupId, targetGroupId)` with `ports` aggregated as array of `{protocol, fromPort, toPort}`. Pre-fold a real-world ALB-fronting-app SG with 3 ingress perms on different ports (80/443/8080) referencing the same source SG emitted 3 distinct edges A→B; the BFS treated each as a separate chain, inflating `chainCount` 2-5× and exhausting per-target chain caps on noise. Post-fold the BFS sees exactly 1 chain per distinct (source, target) pair. `isCrossVpc` aggregation is AND-semantic — if ANY contributing pair is same-VPC, the merged edge is same-VPC (per `[[conservative_classifier_principle]]`: walk possibly-same-VPC chains rather than silently skip). Classifier port-render accepts both v3.1 array shape and v3 single-object shape (back-compat). **v3.1 R-MEDIUM-1 fold**: arrival-order independence locked with 2 regression fixtures + JSDoc tightening. **v3.1 R-LOW-1 fold**: partial-render contract on malformed port specs locked with 2 fixtures. **v3.1 R-LOW-2 fold**: `_portKeys` scratch-lifetime documented (MUST NOT escape).
 
-**EE SOC 2 substrate-evidence coverage (post-EE 0.9.0):** 10 covered controls (CC6.1 /
+**EE SOC 2 substrate-evidence coverage (post-EE 0.10.0):** 10 covered controls (CC6.1 /
 CC6.2 / CC6.6 / CC6.7 / CC6.8 / CC7.1 / CC7.2 / CC7.3 / C1.1 / C1.2) + 4 partial
 (CC6.3 / CC8.1 / A1.2 / PI1.5) + 33 OOS for static substrate scanning. **SOC 2 matrix
-UNCHANGED post-EE 0.9.0 — the HIPAA cycle is additive-only; no SOC 2 mappings changed.**
+UNCHANGED post-EE 0.10.0 — the NIST CSF 2.0 cycle is additive-only; no SOC 2 mappings
+changed. NIST CSF 2.0 introduced as third Track 3 framework with its own 13/10/83
+matrix across 106 of CSF 2.0 Core's 107 Subcategories; Govern function OOS-by-design
+with GV.SC-04 partial as substrate-evidence exception; Respond function OOS-entirely;
+Implementation Tiers 1-4 OOS as organizational-maturity claim.**
 Coverage matrix is institutionally honest: substrate-evidence depth grows release-over-release
 without the matrix being shifted (the matrix-shift requires net-new control coverage, not just
 more evidence on already-covered controls).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai-agent-skill",
-  "version": "0.1.37",
+  "version": "0.1.39",
   "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
   "keywords": [
     "nsauditor",

package/references/plugins.md

@@ -161,7 +161,7 @@ listings, and default pages.
 
 ## Enterprise Plugins (24)
 
-> **EE plugin ID range.** As of EE 0.3.9 (2026-05-12), all EE plugins use the disjoint **1000+ ID range** to avoid CE collision. The earlier 020/021/022/023/030/040/050/060 IDs were renumbered to 1020/1021/1022/1023/1030/1040/1050/1060. CE reserves 001-099. EE plugins audit AWS / GCP / Azure cloud substrate end-to-end against **two compliance frameworks** (post-EE 0.9.0): the AICPA Trust Services Criteria 2017 (SOC 2) and the HIPAA Security Rule §164.312 Technical Safeguards (2013 Final Rule). Each plugin's findings route to BOTH frameworks via the framework-agnostic engine + per-framework SOC2-control-citation map. Every plugin is enterprise-gated by the `cloudScanners` capability and runs against customer-supplied cloud credentials. Multi-framework workflow: `--compliance soc2,hipaa` (CSV) produces separate per-framework artifact sets in one scan. **Zero BAA required** for HIPAA — Zero Data Exfiltration architecture means ePHI never leaves customer infrastructure.
+> **EE plugin ID range.** As of EE 0.3.9 (2026-05-12), all EE plugins use the disjoint **1000+ ID range** to avoid CE collision. The earlier 020/021/022/023/030/040/050/060 IDs were renumbered to 1020/1021/1022/1023/1030/1040/1050/1060. CE reserves 001-099. EE plugins audit AWS / GCP / Azure cloud substrate end-to-end against **four compliance frameworks** (post-EE 0.11.0): the AICPA Trust Services Criteria 2017 (SOC 2), the HIPAA Security Rule §164.312 Technical Safeguards (2013 Final Rule), **NIST Cybersecurity Framework 2.0 Core** (NIST CSWP 29, February 2024), and **PCI DSS v4.0.1** (PCI SSC, June 2024 errata; supersedes v4.0 March 2022; v3.2.1 retired March 31, 2024). Each plugin's findings route to ALL FOUR frameworks via the framework-agnostic engine + per-framework control-citation map (renderer cites SOC 2 CC IDs in SOC 2 reports, HIPAA §164.312 in HIPAA reports, NIST CSF Subcategory IDs like PR.AA-01 / DE.CM-01 / RC.RP-03 in NIST reports, and PCI DSS sub-requirement IDs like `Req 1.2.1` / `Req 8.4.1` / `Req 10.2.1` / `Req 11.3.1` in PCI reports — closes cross-framework citation leak in all **6 pair-directions** C(4,2)=6). Every plugin is enterprise-gated by the `cloudScanners` capability and runs against customer-supplied cloud credentials. Multi-framework workflow: `--compliance soc2,hipaa,nist-csf,pci-dss` (any CSV subset) produces separate per-framework artifact sets in one scan (quad-framework one-scan produces four complete auditor-ready evidence packs). **Zero BAA required** for HIPAA — Zero Data Exfiltration architecture means ePHI never leaves customer infrastructure (and CHD never leaves for PCI DSS CDE-isolation threat models). **NIST CSF 2.0 Implementation Tiers 1-4** (Partial / Risk-Informed / Repeatable / Adaptive) are organizational-maturity claims explicitly OOS for infrastructure scanning — surfaced in renderer as cover-page Tiers OOS disclaimer section (markdown + HTML parity); pair with NIST-aware GRC platforms (Tugboat Logic, Drata NIST CSF, Vanta NIST CSF, AuditBoard). **PCI DSS v4.0.1 specifics**: sub-requirement-level mapping for QSA Report on Compliance workflow (MVP-67: 20 covered + 8 partial + 39 OOS across 67 of ~250 sub-requirements). **Req 12 Information Security Program OOS-by-design entirely** (Targeted Risk Analysis Req 12.3.1 + Customized Approach Documentation Req 12.3.2 + TPSP Responsibility Matrix Req 12.8.5 + IR personnel training Req 12.10.4 all Defined-only per Appendix E). **Req 5 anti-malware + Req 9 physical OOS-entirely** (endpoint EDR + facility-tier). **Req 3 stored CHD OOS-by-design at technical-control layer** pending operator CDE attestation via CDE Data Flow Diagram per Req 1.2.4 + Req 12.5.1. **Defined-vs-Customized Approach discipline per Appendix E** — 15 Defined-only sub-requirements enforced at schema layer. CAO text MVP-deferred to EE 0.11.1 patch. **Card-brand AOC enforcement priority view** (Visa CISP / Mastercard SDP / Amex DSOP / Discover DISC — the actual penalty mechanism). Pair with PCI-aware GRC platforms (Drata PCI, Vanta PCI, AuditBoard PCI module, OneTrust GRC).
 
 | ID | Name | Tier | Purpose | SOC 2 Controls |
 |----|------|------|---------|----------------|