nsauditor-ai-agent-skill 0.2.10 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.11 (2026-06-12) — GDPR Article 32 framework taught (paired with CE 0.2.11 + EE 0.20.0)
8
+
9
+ > **DRAFT — pending operator legal review. Not yet published.**
10
+
11
+ **A real content change (not a pin).** The skill now teaches the **seventh compliance framework** EE 0.20.0 adds: GDPR **Article 32 (security of processing) infrastructure substrate**. The new teaching covers the **scope doctrine** (this is GDPR Article 32 infrastructure substrate ONLY, **NOT GDPR compliance** — Art. 32 is the only article an infrastructure scanner can substrate-evidence; the rest of GDPR is OOS-by-design, so an agent must never report "GDPR coverage" / "GDPR certified" off an Art. 32 result), the **four-factor proportionality** discipline (state of the art / cost of implementation / nature-scope-context-purposes / risk — the engine produces substrate FOR the operator's "appropriate to the risk" determination, nothing is absolute pass/fail), the **sub-measure discipline** (cite at the Art. 32(1)(a)–(d) / 32(2) / 32(4) unit, never the paragraph; 4 covered / 5 partial / 2 OOS), the **personal-data-scope attestation** (the scanner cannot know which resources hold personal data), and the **Art. 83(4) LOWER fine tier** (Art. 32 violations sit in the €10M / 2% tier, NOT the €20M / 4% headline tier — overstating fine exposure is itself an overclaim). Plugin count UNCHANGED at 28; the six existing coverage matrices UNCHANGED. Paired with **CE 0.2.11** (the `scan_cloud` description lists the framework) + **EE 0.20.0** (the framework).
12
+
7
13
  ## 0.2.10 (2026-06-11) — get_findings drill-down documented + MCP affordance II (paired with CE 0.2.10 + EE 0.19.4)
8
14
 
9
15
  **A real content change (not a pin).** The skill now documents the CE 0.2.10 MCP-affordance feature so agents discover and use it: a new **`get_findings`** tool entry (drill the MOST RECENT scan's per-provider, **per-session** cache; pass the `scanId` from the `scan_cloud` summary footer; filter by provider/plugin/severity/category; paginate with `cursor`/`limit`; on a stale-cache error **re-run `scan_cloud`, don't retry**; Enterprise-gated), `get_findings` added to the MCP-tool list, and the "interpreting `scan_cloud` results" guidance extended to treat **`findingsSummary[provider].rollup`** (the MEDIUM/LOW category rollup) as actionable — reporting only CRITICAL/HIGH while the rollup is non-empty is itself a false clean, and the resources behind a rollup category are reachable via `get_findings`. Paired with **CE 0.2.10** (the feature) + **EE 0.19.4** (unchanged; peer `nsauditor-ai >=0.2.8` already satisfied).
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.10 (post-CE-0.2.10MCP affordance II: the `scan_cloud` summary now rolls up MEDIUM+LOW findings per provider by category [count-descending, no-silent-cap] so actionable monitoring findings are no longer count-only/invisible; a NEW Enterprise-gated `get_findings` tool drills the most recent scan's per-provider, per-session cache [filter by provider/plugin/severity/category, paginate, full untruncated text] keyed by a `scanId` the `scan_cloud` summary footer carries, gated before any cache read; plus all-clauses gap companion · boundary-safe truncation · walkthrough-vs-couldn't-read gapKind. Paired EE 0.19.4 [unchanged]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.11 (post-EE-0.20.0the **GDPR Article 32 (Security of Processing)** cycle, the seventh compliance framework. The Enterprise engine substrate-evidences **GDPR Article 32 infrastructure substrate** — Art. 32 only, **not** GDPR compliance [GDPR is a 99-article legal regime; Art. 32 security-of-processing is the only article an infrastructure scanner can evidence; the rest is operator-side, out of scope by design]. Matrix: 4 covered + 5 partial + 2 OOS across 11 Art. 32 sub-measure units, with four-factor proportionality [substrate FOR the operator's "appropriate to the risk" determination, never an absolute pass/fail], personal-data-scope attestation [pair with Art. 30 records of processing], and the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.11 + EE 0.20.0) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.10",
3
+ "version": "0.2.11",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",