nsauditor-ai-agent-skill 0.2.0 → 0.2.1

package/CHANGELOG.md

@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
 
 ---
 
+## 0.2.1 (2026-06-03) — Paired-release pin for EE 0.18.0 + CE 0.2.1 — GCP false-negative hardening
+
+Paired no-op bump (no standalone agent-skill content change beyond the SKILL.md version banner; SKILL.md body + `references/plugins.md` UNCHANGED). EE 0.18.0 closes five GCP false-negative defects at substrate depth on already-covered controls: **(1) plugin 1021 — AccessDenied evidence-gaps now route into `result.findings[]`** (16 single-owner anchors), so a denied GCP firewall / IAM / bucket enumeration FAILS its controls instead of reading CLEAN (was a compliance-layer false-CLEAN); **(2) plugin 1021 — project-IAM-public check now calls the correct client** — it had called `getIamPolicy` on `@google-cloud/compute`'s `ProjectsClient`, which has NO IAM methods, so the check ALWAYS threw live (`client.getIamPolicy is not a function`) and evidence-gapped → real project-IAM-public detection never fired (a pre-0.18.0 bug; the 1021 evidence-gap made it fail gracefully with no false-CLEAN, but the detection was dead); fixed to `@google-cloud/resource-manager`'s `ProjectsClient.getIamPolicy` (the client plugin 1025 already uses), live-validated under pure ADC; **(3) plugin 1025 — googleapis IAM-admin client now authenticates under pure ADC** — the `googleapis` REST client that powers 1025's Dim4-6 (custom-role inventory, SA-key custody, and the impersonation breadth-first-search where the K1/K2 paths below live) only set auth for the impersonation/key-file credential modes; in PURE Application-Default-Credentials it had NO auth set, and unlike the `@google-cloud` gax clients (storage / resource-manager) which auto-detect ADC, the `googleapis` library does NOT — so Dim4-6 returned AccessDenied even as project owner and never ran live (caught by the live Task 12 owner-ADC smoke). Fixed with an explicit scoped `GoogleAuth` for the pure-ADC path; pre-existing, same class as fix (2); **(4) plugin 1024 (GCP Cloud Storage) — NEW legacy-ACL public-exposure detection**, a bucket made public via a legacy ACL (`allUsers` / `allAuthenticatedUsers`) while Uniform Bucket-Level Access is disabled now scans the bucket ACL + a sampled object-ACL surface → CRITICAL / HIGH + evidence-gap (routed to SOC 2 CC6.6 / HIPAA §164.312(a)(1) / CIS Controls v8 3.3) instead of CLEAN; **(5) plugin 1025 (GCP IAM impersonation-BFS) completeness** — project-scope `roles/iam.serviceAccountKeyAdmin` (mint a long-lived key for ANY service account = offline impersonation) now fires the project-scope impersonation CRITICAL, and a service account privileged via an admin-equivalent CUSTOM role (`iam.serviceAccounts.actAs` etc.) is now marked admin in the impersonation graph so paths terminating there are detected instead of reading clean — both live-validated (K1 fired on a project-scope `serviceAccountKeyAdmin` binding; K2 fired on a custom-role-`actAs` SA reached via a `tokenCreator` edge). No skill-logic change. **Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED** (SOC 2 + HIPAA + NIST CSF 2.0 + PCI DSS v4.0.1 + ISO 27001:2022 + CIS Controls v8) — these are substrate-depth false-negative fixes on already-covered controls, NOT new controls. Live-validated under pure owner-ADC against a test-infra GCP project (1025-K1/K2 fired; 1025-adc Dim4-6 confirmed running; 1021 client read works with no false-clean under degraded auth); the 1024-C1 public-bucket + 1021 allUsers-binding findings could not be exercised live because the org enforces `publicAccessPrevention` + `allowedPolicyMemberDomains` (an environmental constraint, not a product gap) and remain unit-test + storage-enumeration-live proven.
+
 ## 0.2.0 (2026-06-01) — `scan_cloud` `regions` teaching (paired with EE 0.17.0 + CE 0.2.0)
 
 SKILL.md now teaches the `scan_cloud` `regions` argument: AWS region codes (e.g. `["us-east-1","eu-west-1"]`) or `["all"]`, with the divergent default (omit = the single server-configured `AWS_REGION`; omitting does NOT fan out). **Region-scope discipline — validated via live Claude Desktop runs + a RED→GREEN→REFACTOR subagent harness on a lighter model tier:** (1) **Default = single region** for any plain "audit my AWS account" / "quick check" / no-region request — do NOT fan out or batch; (2) **Honest scope reporting** — report the regions you actually PASSED, never claim "all regions / every region / across N regions" off GuardDuty's or Inspector's INTERNAL per-region enumeration, and never escalate a single-region or "quick" request into a multi-region scan; (3) **Full all-region coverage via discover-then-batch** (ONLY on an explicit all/every/whole-account/full-coverage request) — a single `["all"]` call usually exceeds the host's MCP tool-call timeout (e.g. Claude Desktop's ~60s) and returns nothing, so discover the enabled regions via a default scan then audit the remainder in small region-group batches until complete, counting the regions covered, and never report a timed-out or partial scan as full coverage. Paired with the EE 0.17.0 `--aws-region` feature + CE 0.2.0. Plugin count UNCHANGED (28); all six matrices UNCHANGED.

package/README.md

@@ -17,7 +17,7 @@ nsauditor-ai-agent-skill/
 ├── references/
 │   ├── workflows.md                  # Multi-step workflow recipes (full audit, CI/CD, CTEM)
 │   ├── schemas.md                    # Complete data structures (scan results, CVEs, findings)
-│   └── plugins.md                    # Full plugin catalog (50 scanners with ports & protocols — 17 core + 6 discovery + 3 pro + 24 enterprise)
+│   └── plugins.md                    # Full plugin catalog (55 scanners with ports & protocols — 27 Community incl. 3 Pro + 28 Enterprise)
 ├── examples/
 │   └── agent-interactions.md         # Example agent reasoning chains (9 scenarios)
 ├── package.json
@@ -74,8 +74,8 @@ When an AI agent loads this skill, it gains:
 | **Workflow patterns** | Multi-step chains: scan → CVE lookup → remediation report |
 | **Schema knowledge** | Complete data structures for parsing and presenting results |
 | **CPE construction** | How to map detected services to NVD vulnerability lookups |
-| **Plugin awareness** | 50 scanner plugins (23 CE + 3 Pro + 24 Enterprise) with protocols, ports, capabilities, and SOC 2 + HIPAA §164.312 substrate-evidence dimensions |
-| **Compliance frameworks** | SOC 2 (AICPA TSC 2017 — 10 covered + 4 partial controls) AND **HIPAA Security Rule §164.312 Technical Safeguards (NEW EE 0.9.0 — 7 covered + 3 partial + 45 OOS; HHS Required/Addressable discipline per control)**. Multi-framework dual-publish via `--compliance soc2,hipaa`. Zero BAA required for HIPAA — ePHI never leaves customer infrastructure. |
+| **Plugin awareness** | 55 scanner plugins (27 Community incl. 3 Pro + 28 Enterprise) with protocols, ports, capabilities, and six-framework (SOC 2 · HIPAA §164.312 · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8) substrate-evidence dimensions |
+| **Compliance frameworks** | **Six frameworks, one scan** — SOC 2 (AICPA TSC 2017) · HIPAA Security Rule §164.312 Technical Safeguards (HHS Required/Addressable discipline per control) · NIST CSF 2.0 (Subcategory-level) · PCI DSS v4.0.1 (QSA RoC sub-requirement-level) · ISO/IEC 27001:2022 (per-Annex-A-code, SoA discipline) · CIS Controls v8 (per-Safeguard; Implementation Group IG1/IG2/IG3 cumulative discipline). Any CSV subset via `--compliance soc2,hipaa,nist-csf,pci-dss,iso-27001,cis-v8`. Zero BAA required for HIPAA — ePHI never leaves customer infrastructure. |
 | **Security rules** | ZDE, SSRF protection, redaction, scan authorization requirements |
 | **Error handling** | License gates, SSRF blocks, timeout resolution, CPE format errors |
 | **Decision routing** | When to use scan_host vs probe_service vs CLI vs get_vulnerabilities |
@@ -110,7 +110,7 @@ This package provides **knowledge about** NSAuditor AI. To actually **run** scan
 |---------|-------|-----------|
 | **Community** | Free / MIT | 27 plugins (service probes + host/network discovery + intelligence/meta), basic AI, SARIF, CTEM, scan history |
 | **Pro** | $49/mo | + CVE matching, verification probes, risk scoring, 3 Pro plugins (040 TLS / 050 TRIBE / 060 DNS) |
-| **Enterprise** | $2k+/yr | + 26 cloud-substrate auditor plugins (1020-1222 range; AWS / GCP / Azure SOC 2 evidence-pack), Zero Trust, RFC 3161 timestamps, chain-of-custody attestations, air-gapped deployment |
+| **Enterprise** | $2k+/yr | + 28 cloud-substrate auditor plugins (1020-1222 range; AWS / Azure / GCP six-framework evidence-pack — SOC 2 / HIPAA / NIST CSF 2.0 / PCI DSS v4.0.1 / ISO 27001:2022 / CIS Controls v8), Zero Trust, RFC 3161 timestamps, chain-of-custody attestations, air-gapped deployment |
 
 → [Pricing](https://www.nsauditor.com/ai/pricing/)
 

package/SKILL.md

@@ -16,7 +16,7 @@ description: >
 
 # NSAuditor AI — Agent Skill
 
-> **Version:** 0.2.0 · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
+> **Version:** 0.2.1 (post-EE 0.18.0 — GCP false-negative hardening) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
 
 NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
 plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai-agent-skill",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
   "keywords": [
     "nsauditor",