npm - nsauditor-ai-agent-skill - Versions diffs - 0.2.7 → 0.2.9 - Mend

nsauditor-ai-agent-skill 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,14 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
 ---
+## 0.2.9 (2026-06-11) — Paired release for EE 0.19.4 + CE 0.2.9 — Routing-Integrity Hardening
+Paired no-op bump (knowledge-package version sync; SKILL.md body + `references/plugins.md` UNCHANGED — no change to the MCP tool/plugin schemas this skill documents). EE 0.19.4 closes the routing-integrity false-clean class: a generic build-time routing guard (complete-partition `nativeFrameworks` allowlist) so no marked evidence-gap routes to zero controls + GuardDuty (1200) dedupe/class-O routing + a single-source `MULTI_REGION_GAP_PREFIX`; a deferred-scope unmark across 8 plugins (capability boundary ≠ evidence-gap → the MCP "unverified" list shrinks); the 1160 AWS-default VPC-endpoint full-access policy down-rated CRITICAL→MEDIUM with its 3 policy-gap emissions routed (SOC 2 CC6.6 / HIPAA 164.312(a)(1) + PCI 1.4.1 / ISO A.8.22 / CIS 12.2); 1150 SQS/SNS alarm-independence (alarm posture classified even under a `Get*Attributes` deny; all four alarm-coverage-unverifiable causes fail-close soc2{A1.2,CC7.2}+hipaa{164.312(b)}). **PCI DSS matrix shifts 20/8/39 → 19/9/39** (Req 7.2.2 covered→partial, backed by 1030 over-privilege mapping). Plugin count UNCHANGED at 28; the other five matrices UNCHANGED.
+## 0.2.8 (2026-06-09) — Paired release for EE 0.19.3 + CE 0.2.8 — MCP affordance + class-O truncation sweep
+Version sync for a cycle that **changes documented MCP behavior** (input schemas unchanged; the skill's existing `scan_cloud` guidance remains correct): CE 0.2.8's `scan_cloud` tool description now enumerates the per-service coverage (AWS S3/IAM/KMS/CloudTrail/CodePipeline-CodeBuild SoD/Lambda/API GW/DynamoDB/RDS/SQS-SNS/Secrets/Backup/VPC endpoints/SG perimeter/ElastiCache/SES/GuardDuty · Azure KV/Storage/NSG/RBAC · GCP firewall/storage/impersonation) + the 6 frameworks, so agents route service-named audit asks to the scanner; the `[⚠ EVIDENCE GAP]` summary lines lead with the GAP clause and carry the first actionable clause as an `· actionable:` companion (internal routing tags stripped). EE 0.19.3: Lambda inline-credential env-var names + the `AWS_LAMBDA_`/`AWS_XRAY_` exclusion-prefix evasion bypass (1080); truncation/AccessDenied evidence-gaps across 8 AWS auditors now fail-close their sources' native controls in all six frameworks (class-O sweep incl. the 1110 P-16 grant-bypass); a new Azure NSG Dim 2a flags restricted-port exposure to the tenant-rentable `AzureCloud`/`AzureCloud.<region>` service tags (1221); public-subnet Redis replication groups no longer silently downgrade (1180). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED at the count level.
 ## 0.2.7 (2026-06-08) — Paired-release pin for EE 0.19.2 + CE 0.2.7 — Confirmed false-negative tail
 Paired no-op bump (knowledge-package version sync). EE 0.19.2 closes six more gauntlet-confirmed Tier-B false-negatives across the Pro/Enterprise cloud auditors (1222 Azure KV legacy access-policy per-verb breadth + 2 anchor-drifts + drift-detector closure · 1021 GCP broad-but-not-full public firewall ranges · 1070 AWS KMS PendingDeletion key-policy audit · 1100 CodePipeline sticky approval-latch · 1024 GCP Storage bucket-enumeration truncation evidence-gap · 1040 CloudTrail data-events read-coverage caveat), each TDD'd + independently adversarially reviewed. Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED. No change to the MCP tool/plugin schemas this skill documents.

package/SKILL.md CHANGED Viewed

@@ -16,7 +16,7 @@ description: >
 # NSAuditor AI — Agent Skill
-> **Version:** 0.2.7 (post-EE 0.19.2 — Confirmed false-negative tail: 6 more cloud-auditor silent misses closed [1222 Azure KV per-verb breadth + anchor-drifts · 1021 GCP broad-public firewall · 1070 AWS KMS PendingDeletion · 1100 CodePipeline approval-latch · 1024 GCP Storage truncation gap · 1040 CloudTrail data-events read-coverage]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
+> **Version:** 0.2.9 (post-EE 0.19.4 — Routing-Integrity Hardening: a build-time routing guard fails the build on any marked evidence-gap that maps to zero compliance controls + GuardDuty [1200] dedupe/class-O routing; a deferred-scope unmark across 8 plugins shrinks the MCP "unverified" list; the 1160 AWS-default VPC-endpoint policy down-rated CRITICAL→MEDIUM with cross-framework routing [PCI 1.4.1 / ISO A.8.22 / CIS 12.2]; 1150 SQS/SNS alarm-independence — alarm posture survives a `Get*Attributes` deny, all four `alarm-coverage-unverifiable` causes fail-close; PCI DSS 7.2.2 covered→partial, matrix 20/8/39→19/9/39) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
 NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
 plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai-agent-skill",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
   "keywords": [
     "nsauditor",