nsauditor-ai-agent-skill 0.1.49 → 0.1.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
+
## 0.1.50 (2026-05-27) — Paired-release pin for EE 0.15.2 + CE 0.1.83 — audit-accuracy calibration + CloudTrail hardening + Azure 1221/1222 folds
|
|
8
|
+
|
|
9
|
+
Paired-release pin for the EE 0.15.2 patch cycle: four real-production-account-driven folds. **Fold 1** — plugin 1020 (S3) effective-public-exposure calibration: missing/partial Public Access Block downgraded CRITICAL→MEDIUM (a guardrail gap, not a current exposure) + NEW `GetBucketAcl` check completing the ACL × bucket-policy × PAB join (a public `AllUsers`/`AuthenticatedUsers` ACL grant → CRITICAL unless neutralized by PAB `IgnorePublicAcls`) — fixes false-CRITICALs AND closes a public-via-ACL false-negative. **Fold 2** — plugin 1040 (CloudTrail) KMS-CMK calibration: trail-level "KmsKeyId not set" downgraded MEDIUM→LOW when the destination bucket has default SSE-KMS. **Fold 3** — plugin 1040 (CloudTrail) multi-region timeout hardening: an `AbortController` tied to the soft-budget deadline lets a hung disabled-region abort so the plugin finalizes PARTIAL evidence. **Fold 4** — plugin 1221 (Azure NSG) +10 restricted UDP ports (RADIUS 1812/1813/1645/1646, L2TP 1701, SIP 5060, mDNS 5353, RIP 520, XDMCP 177, chargen 19) + plugin 1222 (Azure Key Vault) F-2 custom-role resolution (via `roleDefinitions.getById` + KV-privilege inspection) + F-7.2 HSM dim (software-vs-HSM `key.kty` LOW hardening rec). **Plugin count UNCHANGED at 28 (cloud-substrate 26); all six coverage matrices UNCHANGED.** No new dependencies; EE regression 6568/6568 GREEN (+42 tests vs the 6526 baseline). No standalone agent-skill code changes.
|
|
10
|
+
|
|
7
11
|
## 0.1.49 (PUBLISHED 2026-05-27) — Paired-release pin for EE 0.15.1 + CE 0.1.82 — plugin 1222 hotfix (Dim-3 SDK-shape + Dim-4 inherited-admin re-tune)
|
|
8
12
|
|
|
9
13
|
Paired-release pin for the EE 0.15.1 hotfix cycle: two defects in plugin 1222 (`azure-keyvault-deep-auditor`) surfaced by the 0.15.0 published-build live smoke. **H-1** — the Dim-3 diagnostic-logging probe `for await`-ed `@azure/arm-monitor`'s `diagnosticSettings.list()`, which returns a `Promise<{value:[]}>` collection object (NOT a paged async-iterator), so the dim always threw and degraded to a non-functional evidence-gap; fixed to `await` + read `.value` (confirmed against live Azure; the unit-test mock corrected to the real `Promise<{value}>` shape — the mock-vs-real-SDK mismatch that masked the bug). **H-2** — the Dim-4 privileged-access dim flagged inherited subscription/management-group-scope Owner/Contributor as HIGH on every RBAC vault (a ubiquitous Azure control-plane reality); re-tuned so inherited Owner/User-Access-Administrator → MEDIUM, inherited Contributor → LOW, with HIGH reserved for VAULT-scoped control-plane god roles + Key Vault Administrator at any scope. **Plugin count UNCHANGED at 28 (cloud-substrate 26); all six coverage matrices UNCHANGED.** EE regression 6526/6526 GREEN. `references/plugins.md` 1222 row Dim-3/Dim-4 wording refined. No standalone agent-skill code changes.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nsauditor-ai-agent-skill",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.50",
|
|
4
4
|
"description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nsauditor",
|