nsauditor-ai-agent-skill 0.2.12 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,14 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.14 (2026-06-22) — Paired content bump for EE 0.31.2 (At-rest → ISO A.8.24 fleet sweep + cross-cloud KEY-CUSTODY-HOME doctrine + SOC 2 file-lock fix)
8
+
9
+ Paired content bump — no new framework. EE 0.31.2 completes **every AWS at-rest-encryption source** (RDS · S3 · EC2/EBS · SQS/SNS · ElastiCache) to the canonical 7-control at-rest set {SOC 2 C1.1 / HIPAA 164.312(a)(2)(iv) / NIST PR.DS-01 / PCI 3.5.1 / ISO A.8.24 / CIS 3.11 / GDPR Art.32(1)(a)}, fixes the DynamoDB + EC2-indeterminate class-O false-cleans (an unverifiable/unclassifiable encryption posture now fails-close instead of reading CLEAN), and establishes the **cross-cloud KEY-CUSTODY-HOME doctrine** — a provider-managed key on an always-encrypted service routes to {SOC 2 C1.1 (GCP CC6.1) / HIPAA / ISO A.8.24} (key management), NOT the encryption-presence set, closing a live PCI 3.5.1 + GDPR Art.32(1)(a) over-claim on always-encrypted Azure storage (GDPR scope-doctrine held — Art. 32 infrastructure substrate only; the GDPR-touching copy carries the operator legal review). It also fixes a SOC 2 "no silent data loss" mutual-exclusion bug in the Enterprise-side suppression/WORM file lock (in-process mutex + re-entrancy guard + EINVAL fold). The skill version blurb is refreshed; plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. Paired with EE 0.31.2 + CE 0.2.14.
10
+
11
+ ## 0.2.13 (2026-06-21) — Paired content bump for EE 0.30.1 (AWS RDS + API Gateway false-negative depth pass + AXIS_MAP graduation)
12
+
13
+ Paired content bump — no new framework. EE 0.30.1 closes the last two AWS sources' silent false-cleans: **RDS (1140)** snapshot-sharing exposure (a `restore=all` shared snapshot is CRITICAL even when encrypted) + a `DescribeDBInstances` evidence-gap, and **API Gateway (1050)** WAF deep-audit gap arm (6 evidence-gaps now fail-close the WAF native set == the positives) + unknown-auth + WebSocket-skip + deleted-WebACL + unencrypted-cache routing — and graduates both `KNOWN_UNCOVERED → AXIS_MAP`, so every AWS source now has a dedicated false-negative pass. Cross-framework parity folds route the API Gateway resource-policy public-grant to **PCI 7.2.1 + GDPR Art.32(1)(b)**, the deleted-WebACL to **PCI 6.4.1 / ISO A.8.21**, and the unencrypted cache to **ISO A.8.24** (GDPR scope-doctrine held — Art. 32 infrastructure substrate only; the GDPR-touching copy carries the operator legal review). The skill version blurb is refreshed; plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. Paired with EE 0.30.1 + CE 0.2.13.
14
+
7
15
  ## 0.2.12 (2026-06-18) — Paired content bump for EE 0.30.0 (AWS + Azure false-negative depth-pass + cross-source compliance-mapping parity)
8
16
 
9
17
  Paired content bump — no new framework. EE 0.30.0 is a detection-depth + mapping-correctness release: it closes a wave of cloud-misconfiguration false-negatives across AWS (S3 access-points · resource-policy effective-exposure · EC2-SG public-CIDR/split-range · KMS effective-decrypt/cross-account · IAM ListUsers truncation) and Azure (storage/NSG/Key-Vault/cloud-scanner class-O fail-opens), and routes architecturally-identical confidentiality / least-privilege exposures consistently across all seven frameworks (e.g. a public application entry-point now appears on a NIST CSF **PR.AA-05** least-privilege report; KMS / queue read-exposure reaches GDPR **Art.32(1)(b)**). The skill's version blurb + the `compliance_check` capability row are refreshed to seven frameworks (corrected a stale "six/hexa-framework" reference); plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. Paired with EE 0.30.0 + CE 0.2.12.
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.12 (post-EE-0.30.0 — the **AWS + Azure false-negative depth-pass + cross-source/cross-vector compliance-mapping parity** cycle: **no new framework** — the Enterprise engine closes a wave of cloud-misconfiguration false-negatives (S3 access-points · resource-policy effective-exposure · EC2-SG public-CIDR/split-range · KMS effective-decrypt/cross-account · Azure class-O fail-opens) and now routes architecturally-identical confidentiality / least-privilege exposures **consistently across all seven frameworks** [e.g. a public application entry-point now appears on a NIST CSF **PR.AA-05** least-privilege report; KMS / queue read-exposure reaches GDPR **Art.32(1)(b)**]. Plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.12 + EE 0.30.0) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.14 (post-EE-0.31.2 — the **At-rest encryption ISO A.8.24 fleet sweep + cross-cloud KEY-CUSTODY-HOME doctrine** cycle: **no new framework** — the Enterprise engine completes **every AWS at-rest-encryption source** (RDS · S3 · EC2/EBS · SQS/SNS · ElastiCache) to the canonical 7-control at-rest set, fixes the DynamoDB + EC2-indeterminate class-O false-cleans (an unverifiable encryption posture no longer reads CLEAN), and establishes a **cross-cloud key-custody routing doctrine** (a provider-managed key on an always-encrypted service is a key-management observation **ISO A.8.24**, not an encryption-presence violation closing a live PCI 3.5.1 + GDPR Art.32(1)(a) over-claim on Azure storage), plus a SOC 2 "no silent data loss" file-lock fix. Plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.14 + EE 0.31.2) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.12",
3
+ "version": "0.2.14",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",