nsauditor-ai-agent-skill 0.2.20 → 0.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/SKILL.md +1 -1
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,18 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
4
4
 
5
5
  ---
6
6
 
7
+ ## 0.2.22 (2026-07-05) — Paired content bump for the CE 0.2.24 multi-cloud scope-integrity fix + EE 0.31.10 (GCP gate + T4 positive-substrate)
8
+
9
+ Paired content bump (SKILL.md version line + this changelog). **CE 0.2.24** closes a multi-cloud false-clean: `--host aws,gcp,azure` (and a `--host-file` of cloud sentinels) under a stale / tool-implied `CLOUD_PROVIDER` used to silently skip the un-covered cloud legs and report them **"audited-clean" over zero API calls**; the CLI now reconciles `CLOUD_PROVIDER` against the requested cloud legs (fail-fast on a mismatch, else imply the union) and classifies a gate-skipped provider as `'skipped'` (not audited). **EE 0.31.10** adds the EE half — a `CLOUD_PROVIDER` scope-integrity gate on the GCP plugins 1024/1025 (they run only when the effective provider includes `gcp`) — plus the **T4 GCP positive-substrate curation** (17 GCP PASS-tier findings opt into the per-control RoC positive-substrate view; display-only, non-flipping, count-neutral). No new MCP tools or schemas. **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **CE 0.2.24** + **EE 0.31.10**.
10
+
11
+ ---
12
+
13
+ ## 0.2.21 (2026-07-03) — Paired content bump for the CE 0.2.23 operator bug-fix cycle + EE 0.31.9 GAP-1 #3
14
+
15
+ Paired content bump (SKILL.md version line + this changelog). **CE 0.2.23** hardens cloud-scan scope integrity (a cloud auditor runs only on its own sentinel host — a network `--host` never triggers cloud plugins, including via the MCP `probe_service` tool; `--host` is the sole cloud-intent signal, credentials are not), AI-conclusion robustness (payload-scaled timeout + a fail-visible `scan_response_ai.txt` stub), and the AI bail message. **EE 0.31.9** closes the GAP-1 #3 RoC positive-substrate render-site parity (false-positive controls now render their substrate in HTML too) + FP-correct auditor wording. No new MCP tools or schemas; the `probe_service` tool now enforces the cloud-intent contract (a cloud auditor requires its sentinel host; a network plugin is rejected on a sentinel host). **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **CE 0.2.23** + **EE 0.31.9**.
16
+
17
+ ---
18
+
7
19
  ## 0.2.20 (2026-07-01) — Paired content bump for EE 0.31.8 (GAP-1 positive-substrate polish: framework-aware PCI Req 10.5.1 caveat restoration + SOC 2 GRC-push hygiene)
8
20
 
9
21
  Paired content bump for the EE 0.31.8 cycle (SKILL.md version line + this changelog). EE 0.31.8 restores per-framework precision to the 0.31.7 positive-substrate caveat — the RDS audit-log-retention substrate finding now carries a per-framework caveat override so the PCI report restores the `Req 10.5.1` citation while SOC 2 keeps the neutral base (no PCI leak) — and hardens the mechanism (framework-neutral category so no `pci` machine substring rides the SOC 2 renderJSON → GRC push, empty-string-safe caveat selection, genuine renderJSON GRC-channel tests). **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **EE 0.31.8** + CE 0.2.22.
package/SKILL.md CHANGED
@@ -16,7 +16,7 @@ description: >
16
16
 
17
17
  # NSAuditor AI — Agent Skill
18
18
 
19
- > **Version:** 0.2.20 (post-EE-0.31.8 — the **GAP-1 positive-substrate polish: framework-aware PCI Req 10.5.1 caveat restoration + SOC 2 GRC-push hygiene** cycle: **no new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** A precision-and-hygiene follow-up to 0.31.7's opt-in positive-substrate evidence: the RDS audit-log-retention substrate finding routes to both PCI DSS 10.5.1 and (via inheritance) SOC 2 CC7.2, and now carries a per-framework caveat override so the PCI report restores the `Req 10.5.1` citation while SOC 2 keeps the neutral base no PCI citation leaks onto a neighbor's RoC; also hardens the mechanism (framework-neutral category so no `pci` machine substring rides the SOC 2 renderJSON GRC push, empty-string-safe caveat selection, genuine renderJSON GRC-channel tests). The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.22 + EE 0.31.8) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
19
+ > **Version:** 0.2.22 (post-EE-0.31.10 — the **CE 0.2.24 multi-cloud scope-integrity fix + EE 0.31.10 (GCP gate + T4 positive-substrate)**: **no new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** CE 0.2.24 closes a multi-cloud false-clean `--host aws,gcp,azure` (and a `--host-file` of cloud sentinels) under a stale / tool-implied `CLOUD_PROVIDER` used to silently skip the un-covered cloud legs and report them "audited-clean over zero API calls"; the CLI now reconciles `CLOUD_PROVIDER` against the requested cloud legs (fail-fast on a mismatch, else imply the union) and marks a gate-skipped provider `'skipped'` (not audited); EE 0.31.10 adds the EE-side `CLOUD_PROVIDER` scope-integrity gate on the GCP plugins 1024/1025 + the T4 GCP positive-substrate curation (17 GCP PASS-tier findings opt into the per-control RoC positive-substrate view, display-only + non-flipping). The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.24 + EE 0.31.10) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
20
20
 
21
21
  NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
22
22
  plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai-agent-skill",
3
- "version": "0.2.20",
3
+ "version": "0.2.22",
4
4
  "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
5
5
  "keywords": [
6
6
  "nsauditor",