nsauditor-ai-agent-skill 0.2.20 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/SKILL.md +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,12 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
+
## 0.2.21 (2026-07-03) — Paired content bump for the CE 0.2.23 operator bug-fix cycle + EE 0.31.9 GAP-1 #3
|
|
8
|
+
|
|
9
|
+
Paired content bump (SKILL.md version line + this changelog). **CE 0.2.23** hardens cloud-scan scope integrity (a cloud auditor runs only on its own sentinel host — a network `--host` never triggers cloud plugins, including via the MCP `probe_service` tool; `--host` is the sole cloud-intent signal, credentials are not), AI-conclusion robustness (payload-scaled timeout + a fail-visible `scan_response_ai.txt` stub), and the AI bail message. **EE 0.31.9** closes the GAP-1 #3 RoC positive-substrate render-site parity (false-positive controls now render their substrate in HTML too) + FP-correct auditor wording. No new MCP tools or schemas; the `probe_service` tool now enforces the cloud-intent contract (a cloud auditor requires its sentinel host; a network plugin is rejected on a sentinel host). **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **CE 0.2.23** + **EE 0.31.9**.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
7
13
|
## 0.2.20 (2026-07-01) — Paired content bump for EE 0.31.8 (GAP-1 positive-substrate polish: framework-aware PCI Req 10.5.1 caveat restoration + SOC 2 GRC-push hygiene)
|
|
8
14
|
|
|
9
15
|
Paired content bump for the EE 0.31.8 cycle (SKILL.md version line + this changelog). EE 0.31.8 restores per-framework precision to the 0.31.7 positive-substrate caveat — the RDS audit-log-retention substrate finding now carries a per-framework caveat override so the PCI report restores the `Req 10.5.1` citation while SOC 2 keeps the neutral base (no PCI leak) — and hardens the mechanism (framework-neutral category so no `pci` machine substring rides the SOC 2 renderJSON → GRC push, empty-string-safe caveat selection, genuine renderJSON GRC-channel tests). **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **EE 0.31.8** + CE 0.2.22.
|
package/SKILL.md
CHANGED
|
@@ -16,7 +16,7 @@ description: >
|
|
|
16
16
|
|
|
17
17
|
# NSAuditor AI — Agent Skill
|
|
18
18
|
|
|
19
|
-
> **Version:** 0.2.
|
|
19
|
+
> **Version:** 0.2.21 (post-EE-0.31.9 — the **CE 0.2.23 operator bug-fix cycle + EE 0.31.9 GAP-1 #3**: **no new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** CE 0.2.23 hardens cloud-scan scope integrity — a cloud auditor runs only on its own sentinel host, so a network `--host` never triggers cloud plugins (including via the MCP `probe_service` tool; `--host` is the sole cloud-intent signal, credentials are not) — plus AI-conclusion robustness (payload-scaled timeout + a fail-visible `scan_response_ai.txt` stub) and the AI bail message; EE 0.31.9 closes the GAP-1 #3 RoC positive-substrate render-site parity (false-positive controls render their substrate in HTML too) + FP-correct auditor wording. The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.23 + EE 0.31.9) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
|
|
20
20
|
|
|
21
21
|
NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
|
|
22
22
|
plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nsauditor-ai-agent-skill",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.21",
|
|
4
4
|
"description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nsauditor",
|