nsauditor-ai-agent-skill 0.2.13 → 0.2.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/SKILL.md +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
+
## 0.2.14 (2026-06-22) — Paired content bump for EE 0.31.2 (At-rest → ISO A.8.24 fleet sweep + cross-cloud KEY-CUSTODY-HOME doctrine + SOC 2 file-lock fix)
|
|
8
|
+
|
|
9
|
+
Paired content bump — no new framework. EE 0.31.2 completes **every AWS at-rest-encryption source** (RDS · S3 · EC2/EBS · SQS/SNS · ElastiCache) to the canonical 7-control at-rest set {SOC 2 C1.1 / HIPAA 164.312(a)(2)(iv) / NIST PR.DS-01 / PCI 3.5.1 / ISO A.8.24 / CIS 3.11 / GDPR Art.32(1)(a)}, fixes the DynamoDB + EC2-indeterminate class-O false-cleans (an unverifiable/unclassifiable encryption posture now fails-close instead of reading CLEAN), and establishes the **cross-cloud KEY-CUSTODY-HOME doctrine** — a provider-managed key on an always-encrypted service routes to {SOC 2 C1.1 (GCP CC6.1) / HIPAA / ISO A.8.24} (key management), NOT the encryption-presence set, closing a live PCI 3.5.1 + GDPR Art.32(1)(a) over-claim on always-encrypted Azure storage (GDPR scope-doctrine held — Art. 32 infrastructure substrate only; the GDPR-touching copy carries the operator legal review). It also fixes a SOC 2 "no silent data loss" mutual-exclusion bug in the Enterprise-side suppression/WORM file lock (in-process mutex + re-entrancy guard + EINVAL fold). The skill version blurb is refreshed; plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. Paired with EE 0.31.2 + CE 0.2.14.
|
|
10
|
+
|
|
7
11
|
## 0.2.13 (2026-06-21) — Paired content bump for EE 0.30.1 (AWS RDS + API Gateway false-negative depth pass + AXIS_MAP graduation)
|
|
8
12
|
|
|
9
13
|
Paired content bump — no new framework. EE 0.30.1 closes the last two AWS sources' silent false-cleans: **RDS (1140)** snapshot-sharing exposure (a `restore=all` shared snapshot is CRITICAL even when encrypted) + a `DescribeDBInstances` evidence-gap, and **API Gateway (1050)** WAF deep-audit gap arm (6 evidence-gaps now fail-close the WAF native set == the positives) + unknown-auth + WebSocket-skip + deleted-WebACL + unencrypted-cache routing — and graduates both `KNOWN_UNCOVERED → AXIS_MAP`, so every AWS source now has a dedicated false-negative pass. Cross-framework parity folds route the API Gateway resource-policy public-grant to **PCI 7.2.1 + GDPR Art.32(1)(b)**, the deleted-WebACL to **PCI 6.4.1 / ISO A.8.21**, and the unencrypted cache to **ISO A.8.24** (GDPR scope-doctrine held — Art. 32 infrastructure substrate only; the GDPR-touching copy carries the operator legal review). The skill version blurb is refreshed; plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. Paired with EE 0.30.1 + CE 0.2.13.
|
package/SKILL.md
CHANGED
|
@@ -16,7 +16,7 @@ description: >
|
|
|
16
16
|
|
|
17
17
|
# NSAuditor AI — Agent Skill
|
|
18
18
|
|
|
19
|
-
> **Version:** 0.2.
|
|
19
|
+
> **Version:** 0.2.14 (post-EE-0.31.2 — the **At-rest encryption → ISO A.8.24 fleet sweep + cross-cloud KEY-CUSTODY-HOME doctrine** cycle: **no new framework** — the Enterprise engine completes **every AWS at-rest-encryption source** (RDS · S3 · EC2/EBS · SQS/SNS · ElastiCache) to the canonical 7-control at-rest set, fixes the DynamoDB + EC2-indeterminate class-O false-cleans (an unverifiable encryption posture no longer reads CLEAN), and establishes a **cross-cloud key-custody routing doctrine** (a provider-managed key on an always-encrypted service is a key-management observation → **ISO A.8.24**, not an encryption-presence violation — closing a live PCI 3.5.1 + GDPR Art.32(1)(a) over-claim on Azure storage), plus a SOC 2 "no silent data loss" file-lock fix. Plugin count UNCHANGED at 28; all seven coverage matrices UNCHANGED. The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.14 + EE 0.31.2) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
|
|
20
20
|
|
|
21
21
|
NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
|
|
22
22
|
plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nsauditor-ai-agent-skill",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.14",
|
|
4
4
|
"description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nsauditor",
|