nsauditor-ai-agent-skill 0.2.21 → 0.2.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/SKILL.md +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,12 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
+
## 0.2.22 (2026-07-05) — Paired content bump for the CE 0.2.24 multi-cloud scope-integrity fix + EE 0.31.10 (GCP gate + T4 positive-substrate)
|
|
8
|
+
|
|
9
|
+
Paired content bump (SKILL.md version line + this changelog). **CE 0.2.24** closes a multi-cloud false-clean: `--host aws,gcp,azure` (and a `--host-file` of cloud sentinels) under a stale / tool-implied `CLOUD_PROVIDER` used to silently skip the un-covered cloud legs and report them **"audited-clean" over zero API calls**; the CLI now reconciles `CLOUD_PROVIDER` against the requested cloud legs (fail-fast on a mismatch, else imply the union) and classifies a gate-skipped provider as `'skipped'` (not audited). **EE 0.31.10** adds the EE half — a `CLOUD_PROVIDER` scope-integrity gate on the GCP plugins 1024/1025 (they run only when the effective provider includes `gcp`) — plus the **T4 GCP positive-substrate curation** (17 GCP PASS-tier findings opt into the per-control RoC positive-substrate view; display-only, non-flipping, count-neutral). No new MCP tools or schemas. **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **CE 0.2.24** + **EE 0.31.10**.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
7
13
|
## 0.2.21 (2026-07-03) — Paired content bump for the CE 0.2.23 operator bug-fix cycle + EE 0.31.9 GAP-1 #3
|
|
8
14
|
|
|
9
15
|
Paired content bump (SKILL.md version line + this changelog). **CE 0.2.23** hardens cloud-scan scope integrity (a cloud auditor runs only on its own sentinel host — a network `--host` never triggers cloud plugins, including via the MCP `probe_service` tool; `--host` is the sole cloud-intent signal, credentials are not), AI-conclusion robustness (payload-scaled timeout + a fail-visible `scan_response_ai.txt` stub), and the AI bail message. **EE 0.31.9** closes the GAP-1 #3 RoC positive-substrate render-site parity (false-positive controls now render their substrate in HTML too) + FP-correct auditor wording. No new MCP tools or schemas; the `probe_service` tool now enforces the cloud-intent contract (a cloud auditor requires its sentinel host; a network plugin is rejected on a sentinel host). **No new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** Paired **CE 0.2.23** + **EE 0.31.9**.
|
package/SKILL.md
CHANGED
|
@@ -16,7 +16,7 @@ description: >
|
|
|
16
16
|
|
|
17
17
|
# NSAuditor AI — Agent Skill
|
|
18
18
|
|
|
19
|
-
> **Version:** 0.2.
|
|
19
|
+
> **Version:** 0.2.22 (post-EE-0.31.10 — the **CE 0.2.24 multi-cloud scope-integrity fix + EE 0.31.10 (GCP gate + T4 positive-substrate)**: **no new framework, no new plugins (still 28), all seven coverage matrices UNCHANGED.** CE 0.2.24 closes a multi-cloud false-clean — `--host aws,gcp,azure` (and a `--host-file` of cloud sentinels) under a stale / tool-implied `CLOUD_PROVIDER` used to silently skip the un-covered cloud legs and report them "audited-clean over zero API calls"; the CLI now reconciles `CLOUD_PROVIDER` against the requested cloud legs (fail-fast on a mismatch, else imply the union) and marks a gate-skipped provider `'skipped'` (not audited); EE 0.31.10 adds the EE-side `CLOUD_PROVIDER` scope-integrity gate on the GCP plugins 1024/1025 + the T4 GCP positive-substrate curation (17 GCP PASS-tier findings opt into the per-control RoC positive-substrate view, display-only + non-flipping). The seven frameworks: SOC 2 · HIPAA · NIST CSF 2.0 · PCI DSS v4.0.1 · ISO/IEC 27001:2022 · CIS Controls v8 · **GDPR Article 32** — the last is **Art. 32 infrastructure substrate ONLY, NOT GDPR compliance** [Art. 32 is the only one of GDPR's 99 articles an infrastructure scanner can evidence; the rest is operator-side, out of scope by design], carrying four-factor proportionality + personal-data-scope attestation + the Art. 83(4) LOWER fine tier [€10M/2%, not the €20M/4% headline tier]. Paired CE 0.2.24 + EE 0.31.10) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
|
|
20
20
|
|
|
21
21
|
NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
|
|
22
22
|
plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nsauditor-ai-agent-skill",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.22",
|
|
4
4
|
"description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nsauditor",
|