nsauditor-ai-agent-skill 0.2.8 → 0.2.10

package/CHANGELOG.md

@@ -4,6 +4,14 @@ Release notes for **`nsauditor-ai-agent-skill`** — installable knowledge packa
 
 ---
 
+## 0.2.10 (2026-06-11) — get_findings drill-down documented + MCP affordance II (paired with CE 0.2.10 + EE 0.19.4)
+
+**A real content change (not a pin).** The skill now documents the CE 0.2.10 MCP-affordance feature so agents discover and use it: a new **`get_findings`** tool entry (drill the MOST RECENT scan's per-provider, **per-session** cache; pass the `scanId` from the `scan_cloud` summary footer; filter by provider/plugin/severity/category; paginate with `cursor`/`limit`; on a stale-cache error **re-run `scan_cloud`, don't retry**; Enterprise-gated), `get_findings` added to the MCP-tool list, and the "interpreting `scan_cloud` results" guidance extended to treat **`findingsSummary[provider].rollup`** (the MEDIUM/LOW category rollup) as actionable — reporting only CRITICAL/HIGH while the rollup is non-empty is itself a false clean, and the resources behind a rollup category are reachable via `get_findings`. Paired with **CE 0.2.10** (the feature) + **EE 0.19.4** (unchanged; peer `nsauditor-ai >=0.2.8` already satisfied).
+
+## 0.2.9 (2026-06-11) — Paired release for EE 0.19.4 + CE 0.2.9 — Routing-Integrity Hardening
+
+Paired no-op bump (knowledge-package version sync; SKILL.md body + `references/plugins.md` UNCHANGED — no change to the MCP tool/plugin schemas this skill documents). EE 0.19.4 closes the routing-integrity false-clean class: a generic build-time routing guard (complete-partition `nativeFrameworks` allowlist) so no marked evidence-gap routes to zero controls + GuardDuty (1200) dedupe/class-O routing + a single-source `MULTI_REGION_GAP_PREFIX`; a deferred-scope unmark across 8 plugins (capability boundary ≠ evidence-gap → the MCP "unverified" list shrinks); the 1160 AWS-default VPC-endpoint full-access policy down-rated CRITICAL→MEDIUM with its 3 policy-gap emissions routed (SOC 2 CC6.6 / HIPAA 164.312(a)(1) + PCI 1.4.1 / ISO A.8.22 / CIS 12.2); 1150 SQS/SNS alarm-independence (alarm posture classified even under a `Get*Attributes` deny; all four alarm-coverage-unverifiable causes fail-close soc2{A1.2,CC7.2}+hipaa{164.312(b)}). **PCI DSS matrix shifts 20/8/39 → 19/9/39** (Req 7.2.2 covered→partial, backed by 1030 over-privilege mapping). Plugin count UNCHANGED at 28; the other five matrices UNCHANGED.
+
 ## 0.2.8 (2026-06-09) — Paired release for EE 0.19.3 + CE 0.2.8 — MCP affordance + class-O truncation sweep
 
 Version sync for a cycle that **changes documented MCP behavior** (input schemas unchanged; the skill's existing `scan_cloud` guidance remains correct): CE 0.2.8's `scan_cloud` tool description now enumerates the per-service coverage (AWS S3/IAM/KMS/CloudTrail/CodePipeline-CodeBuild SoD/Lambda/API GW/DynamoDB/RDS/SQS-SNS/Secrets/Backup/VPC endpoints/SG perimeter/ElastiCache/SES/GuardDuty · Azure KV/Storage/NSG/RBAC · GCP firewall/storage/impersonation) + the 6 frameworks, so agents route service-named audit asks to the scanner; the `[⚠ EVIDENCE GAP]` summary lines lead with the GAP clause and carry the first actionable clause as an `· actionable:` companion (internal routing tags stripped). EE 0.19.3: Lambda inline-credential env-var names + the `AWS_LAMBDA_`/`AWS_XRAY_` exclusion-prefix evasion bypass (1080); truncation/AccessDenied evidence-gaps across 8 AWS auditors now fail-close their sources' native controls in all six frameworks (class-O sweep incl. the 1110 P-16 grant-bypass); a new Azure NSG Dim 2a flags restricted-port exposure to the tenant-rentable `AzureCloud`/`AzureCloud.<region>` service tags (1221); public-subnet Redis replication groups no longer silently downgrade (1180). Plugin count UNCHANGED at 28; all six coverage matrices UNCHANGED at the count level.

package/SKILL.md

@@ -3,7 +3,7 @@ name: nsauditor-ai
 description: >
   Use this skill whenever the user wants network security scanning, auditing, vulnerability
   assessment, host reconnaissance, or cloud-account security/compliance auditing with NSAuditor
-  AI (via the nsauditor-ai MCP server: scan_host, scan_cloud, probe_service, get_vulnerabilities,
+  AI (via the nsauditor-ai MCP server: scan_host, scan_cloud, get_findings, probe_service, get_vulnerabilities,
   list_plugins). Triggers include 'scan', 'audit', 'vulnerability', 'CVE', 'network security',
   'port scan', 'service detection', 'OS fingerprinting', 'penetration test', 'TLS/cipher audit',
   'certificate check', 'DNS security', 'SPF/DKIM/DMARC/DNSSEC', 'SNMP/SMB/NetBIOS', 'CTEM',
@@ -16,7 +16,7 @@ description: >
 
 # NSAuditor AI — Agent Skill
 
-> **Version:** 0.2.8 (post-EE 0.19.3 — MCP affordance + class-O truncation sweep: the `scan_cloud` tool description now enumerates per-service coverage so agents route service-named audit asks to it; evidence-gap list lines lead with the GAP clause + carry an `· actionable:` companion; truncation/AccessDenied evidence-gaps across 8 AWS auditors fail-close their native controls; new Azure NSG AzureCloud service-tag exposure dimension [1221]; Lambda inline-credential env-var names + exclusion-prefix bypass [1080]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
+> **Version:** 0.2.10 (post-CE-0.2.10 — MCP affordance II: the `scan_cloud` summary now rolls up MEDIUM+LOW findings per provider by category [count-descending, no-silent-cap] so actionable monitoring findings are no longer count-only/invisible; a NEW Enterprise-gated `get_findings` tool drills the most recent scan's per-provider, per-session cache [filter by provider/plugin/severity/category, paginate, full untruncated text] keyed by a `scanId` the `scan_cloud` summary footer carries, gated before any cache read; plus all-clauses gap companion · boundary-safe truncation · walkthrough-vs-couldn't-read gapKind. Paired EE 0.19.4 [unchanged]) · **Source:** [github.com/nsasoft/nsauditor-ai](https://github.com/nsasoft/nsauditor-ai) · **npm:** `nsauditor-ai` · **License:** MIT (CE)
 
 NSAuditor AI is a modular, AI-assisted network security audit platform with 27+ scanner
 plugins, CVE matching, MITRE ATT&CK mapping, and Zero Data Exfiltration by design. This
@@ -139,8 +139,9 @@ These tools return a license upgrade prompt on CE installations:
 | `scan_compare` | Pro | Diff two scan results with risk-weighted delta analysis |
 | `save_finding` | Pro | Persist a validated finding to the finding queue |
 | `scan_cloud` | Enterprise | Audit one or more cloud accounts (AWS / GCP / Azure) for security & compliance posture using the server-configured credentials. No network host needed. Input: `{ providers?: ("aws"\|"gcp"\|"azure")[], regions?: string[] }` — **pass only the cloud(s) the user names** (`providers:["aws"]` for "audit my AWS account"); omit `providers` only when the user asks to audit ALL clouds. Use this (not `scan_host`) when the user asks to "audit my AWS account", "audit my AWS and Azure accounts", or "check my cloud compliance". CE/Pro callers get an upgrade message. **`regions` (AWS only)** — AWS region codes (e.g. `["us-east-1","eu-west-1"]`) or `["all"]`. **Default — single region (MOST requests):** a plain "audit my AWS account", a "quick check", or any request that names no region AND does not explicitly ask for all/every/whole-account/complete/full coverage → **OMIT `regions`** (audits ONLY the server-configured `AWS_REGION`, one region; do NOT fan out or batch). Omitting does NOT scan all regions. **Specific regions:** when the user names region(s), pass exactly those. **All regions — ONLY on an explicit "all regions / every region / whole account / full coverage" request:** use the discover-then-batch approach in the region-scope note below — do NOT pass a single `["all"]` call and rely on it (it fans every regional plugin across all enabled regions and usually EXCEEDS the host's MCP tool-call timeout, e.g. Claude Desktop's, returning nothing). Unknown region codes are rejected before the scan runs (the WHOLE call fails — fix the region and re-call; never silently drop it). |
+| `get_findings` | Enterprise | Drill into the findings of the MOST RECENT `scan_cloud` scan — a per-provider, **per-session** cache (NOT live state; cleared when the MCP server restarts). Input: `{ scanId?, provider?, plugin?, severity?, category?, cursor?, limit? }`. Use it AFTER `scan_cloud` when the summary's **category rollup** shows a category you want to expand to specific resources, or when you need the FULL untruncated text of a finding. Pass the **`scanId` from the `scan_cloud` summary footer** + the `provider`; filter by `category`/`severity`/`plugin`; paginate with `cursor`/`limit` (server-capped at 20 — follow `nextCursor`). If you get a **"re-run scan_cloud"** error the cache was cleared or superseded — **re-run `scan_cloud`, do NOT retry `get_findings`**. CE/Pro callers get the same upgrade message as `scan_cloud`. |
 
-> **Interpreting `scan_cloud` results — never report a false clean:** read **`findingsSummary`** for the findings — it maps each provider to `counts` (per-severity totals) and a `findings` list of the CRITICAL/HIGH items (`{severity, plugin, title}`); report those. A cloud was effectively audited only if it appears in `auditedProviders`. If the result has `audited: false`, any `notes` entries, or `pluginsRan: 0`, the cloud was **NOT** audited (no plugins, missing credentials, or skipped) — report the gap explicitly; an empty result is **not** a clean pass. Do not infer "clean" from an empty `findingsSummary` when the cloud is not in `auditedProviders`.
+> **Interpreting `scan_cloud` results — never report a false clean:** read **`findingsSummary`** for the findings — it maps each provider to `counts` (per-severity totals) and a `findings` list of the CRITICAL/HIGH items (`{severity, plugin, title}`); report those. A cloud was effectively audited only if it appears in `auditedProviders`. If the result has `audited: false`, any `notes` entries, or `pluginsRan: 0`, the cloud was **NOT** audited (no plugins, missing credentials, or skipped) — report the gap explicitly; an empty result is **not** a clean pass. Do not infer "clean" from an empty `findingsSummary` when the cloud is not in `auditedProviders`. **Beyond CRITICAL/HIGH, `findingsSummary[provider].rollup` lists the MEDIUM + LOW findings grouped by `category` with counts (count-descending) — these are actionable too: a category like `sqs-age-alarm-missing` or `*-public` is a real gap, not noise, and reporting only CRITICAL/HIGH while the rollup is non-empty is itself a false clean. To enumerate the specific resources behind a rollup category, or to read a finding's full untruncated text, call `get_findings` with the `scanId` from the summary footer + the `category`.**
 
 > **Reporting `scan_cloud` region scope — never overstate coverage:** Report the regions you ACTUALLY scanned, derived from the `regions` you **passed** — NOT from the findings. If you OMITTED `regions`, only the single server-default region (`AWS_REGION`) was scanned — say exactly that and add that the account's OTHER enabled regions were NOT covered (offer to re-run for all regions). **Never escalate a single-region or "quick" request into a multi-region scan.** Do NOT claim "all regions" / "every region" / "across N regions" just because GuardDuty or Inspector list per-region findings: those plugins enumerate every enabled region INTERNALLY regardless of scope, so their per-region findings are NOT evidence the other plugins ran outside the region(s) you passed.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai-agent-skill",
-  "version": "0.2.8",
+  "version": "0.2.10",
   "description": "AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.",
   "keywords": [
     "nsauditor",