nsauditor-ai 0.1.0 → 0.1.2

package/README.md

@@ -4,6 +4,7 @@
 
 A modular, AI-assisted network security audit platform that scans, understands, prioritizes, and tracks vulnerabilities — without ever requiring your data to leave your infrastructure.
 
+[![npm](https://img.shields.io/npm/v/nsauditor-ai.svg)](https://www.npmjs.com/package/nsauditor-ai)
 [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
 [![Node.js 20+](https://img.shields.io/badge/node-20%2B-green.svg)](https://nodejs.org)
 [![Tests](https://img.shields.io/badge/tests-487%20passing-brightgreen.svg)](#tests)
@@ -261,6 +262,34 @@ npx nsauditor-ai-mcp
 
 Security: SSRF protection on all host inputs (blocks RFC 1918, loopback, fc00::/7, cloud metadata), port validation (1–65535), CPE format enforcement, dependency injection for test isolation.
 
+### Claude Desktop Setup
+
+Add this to your `claude_desktop_config.json` (Settings → Developer → Edit Config):
+
+```json
+{
+  "mcpServers": {
+    "nsauditor-ai": {
+      "command": "npx",
+      "args": ["nsauditor-ai-mcp"],
+      "env": {
+        "AI_PROVIDER": "claude",
+        "ANTHROPIC_API_KEY": "your-key-here",
+        "NSA_ALLOW_ALL_HOSTS": "1"
+      }
+    }
+  }
+}
+```
+
+Set `NSA_ALLOW_ALL_HOSTS=1` if you need to scan private/RFC 1918 addresses (e.g., `192.168.x.x`). The `AI_PROVIDER` and key variables are optional — they enable AI-powered analysis of scan results.
+
+### Claude Code Setup
+
+```bash
+claude mcp add nsauditor-ai -- npx nsauditor-ai-mcp
+```
+
 ---
 
 ## CLI Reference

package/cli.mjs

@@ -685,7 +685,7 @@ async function main() {
   if (cmd === 'license') {
     const { getTierFromEnv } = await import('./utils/license.mjs');
     const { resolveCapabilities } = await import('./utils/capabilities.mjs');
-    // TODO (Phase 2): replace getTierFromEnv() with loadLicense() for full JWT verification
+    // TODO: replace getTierFromEnv() with loadLicense() for full license validation
     const tier = getTierFromEnv();
     const caps = resolveCapabilities(tier);
     const key = process.env.NSAUDITOR_LICENSE_KEY;

package/docs/EULA-nsauditor-ai.md

@@ -1,7 +1,7 @@
 # NSAUDITOR AI — END USER LICENSE AGREEMENT (EULA)
 
 **Nsasoft US LLC**
-**Effective Date: [DATE]**
+**Effective Date: April 7, 2026**
 **Version: 2.0**
 
 ---
@@ -317,8 +317,4 @@ Website: https://www.nsauditor.com/ai/
 
 ---
 
-*This document is a draft template for review purposes. Nsasoft US LLC should have this Agreement reviewed by a licensed attorney before publication. This does not constitute legal advice.*
-
----
-
 **END OF LICENSE AGREEMENT**

package/mcp_server.mjs

@@ -25,15 +25,12 @@ const { version: TOOL_VERSION } = _require('./package.json');
 // License tier & capability resolution (module-level, overridable for tests)
 // ---------------------------------------------------------------------------
 
-// TODO (Phase 2): replace getTierFromEnv() with loadLicense(process.env.NSAUDITOR_LICENSE_KEY)
-// and wire the returned tier here. Until then, pro_* prefix grants Pro tier without verification.
+// TODO: replace getTierFromEnv() with loadLicense() for full license validation.
 let _tier = getTierFromEnv();
 let _capabilities = resolveCapabilities(_tier);
 
 /**
  * @internal Test-only. Override tier without touching env vars.
- * Do NOT use in production code. When JWT license validation lands (Phase 2),
- * this function will be removed or guarded by NODE_ENV !== 'production'.
  */
 export function _setTier(tier) {
   if (process.env.NODE_ENV === 'production') throw new Error('_setTier is test-only and disabled in production');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Modular AI-assisted network security audit platform — Community Edition",
   "type": "module",
   "private": false,

package/plugin_manager.mjs

@@ -378,7 +378,7 @@ export class PluginManager {
     const mgr = new PluginManager(baseDir);
     mgr.plugins = rawPlugins;
     // Resolve capabilities from env tier at load time — prevents permissive fallback.
-    // TODO (Phase 2): replace getTierFromEnv() with loadLicense() result here.
+    // TODO: replace getTierFromEnv() with loadLicense() result here.
     mgr._resolvedCapabilities = resolveCapabilities(getTierFromEnv());
     vlog("PluginManager initialized successfully");
     return mgr;
@@ -643,7 +643,7 @@ export class PluginManager {
   _hasCapabilities(plugin, capabilities) {
     if (!plugin.requiredCapabilities?.length) return true;
     // Fall back to capabilities resolved at load time — never "allow all".
-    // TODO (Phase 2): _resolvedCapabilities will reflect JWT-verified tier.
+    // Capabilities resolved at load time — updated when license validation lands.
     const caps = capabilities ?? this._resolvedCapabilities ?? {};
     return plugin.requiredCapabilities.every(cap => Boolean(caps[cap]));
   }

package/plugins/os_detector.mjs

@@ -93,7 +93,7 @@ function evidenceRow(info, port = null, proto = "os-detector", banner = null) {
 
 function looksLikeAppleHost(s) {
   const host = String(s || "").toLowerCase();
-  // iphone-of-joe.local, ANAHITs-iPad.local, ANAHITs-iMac.local, MacBook-Air.local, apple-tv.local, etc.
+  // iphone-of-alice.local, Alices-iPad.local, Alices-iMac.local, MacBook-Air.local, apple-tv.local, etc.
   return /(iphone|ipad|ipod|imac|macbook|apple.?tv)/i.test(host);
 }
 

package/plugins/snmp_scanner.mjs

@@ -9,7 +9,7 @@ export const snmpCommunities = process.env.SNMP_COMMUNITY
   : DEFAULT_COMMUNITIES;
 const oidTable = {
   default: [1, 3, 6, 1, 2, 1, 1, 1, 0], // sysDescr 
-  epsonShortName: [1, 3, 6, 1, 2, 1, 1, 5, 0], // sysDescr EPSON6768F4 '1.3.6.1.2.1.1.5.0'
+  epsonShortName: [1, 3, 6, 1, 2, 1, 1, 5, 0], // sysName '1.3.6.1.2.1.1.5.0'
   epsonModel: [1, 3, 6, 1, 4, 1, 1248, 1, 1, 3, 1, 29, 3, 1, 45, 0], // Epson model OID
   epsonSerial: [1, 3, 6, 1, 4, 1, 1248, 1, 2, 2, 1, 1, 1, 4, 1], // Epson serial number
   epsonVersions: [1, 3, 6, 1, 2, 1, 2, 2, 1, 2, 1], // Hardware and firmware versions

package/plugins/ssh_scanner.mjs

@@ -365,14 +365,7 @@ export default {
    * @returns {Promise<object>} result object (manager wraps with id/name)
    */
   async run(host, port = 22, options = {}) {
-    console.log(`Running SSH Scanner on ${host}:${port}`);
     const res = await readSshBanner(host, port, options?.timeoutMs || 1500);
-    // Mirror your other plugins’ console style (manager will also print the wrapped result)
-    console.log("SSH Scanner Result:", JSON.stringify({
-      id: this.id,
-      name: this.name,
-      result: res
-    }, null, 2));
     return res; // manager expects only the "result" object
   }
 };

package/utils/license.mjs

@@ -1,10 +1,9 @@
 // utils/license.mjs
-// CE stub implementation. Full ES256 JWT validation added in Phase 2 (roadmap).
+// CE stub — full license validation coming in a future release.
 
 /**
  * Parse tier from NSAUDITOR_LICENSE_KEY environment variable.
  * Stub uses key prefix: pro_* → 'pro', enterprise_* → 'enterprise'.
- * Phase 2 roadmap replaces this with offline jose ES256 JWT verification.
  */
 export function getTierFromEnv() {
   const key = process.env.NSAUDITOR_LICENSE_KEY;
@@ -16,7 +15,6 @@ export function getTierFromEnv() {
 
 /**
  * Validate a license key string.
- * Phase 2 roadmap: replace with jose.jwtVerify() against embedded ECDSA P-256 public key.
  * Gracefully degrades to CE on any failure — never throws.
  *
  * @param {string|undefined} keyStr
@@ -24,6 +22,6 @@ export function getTierFromEnv() {
  */
 export async function loadLicense(keyStr) {
   if (!keyStr) return { valid: false, tier: 'ce', reason: 'no key provided' };
-  // TODO (Phase 2): implement jose.jwtVerify with embedded public key
-  return { valid: false, tier: 'ce', reason: 'JWT validation not yet implemented' };
+  // TODO: implement full license validation
+  return { valid: false, tier: 'ce', reason: 'license validation not yet implemented' };
 }

package/utils/sarif.mjs

@@ -8,7 +8,7 @@ const { version: TOOL_VERSION } = require('../package.json');
 const SARIF_VERSION = '2.1.0';
 const SARIF_SCHEMA = 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json';
 const TOOL_NAME = 'nsauditor';
-const TOOL_URI = 'https://github.com/nsasoft/nsauditor-plugin-manager';
+const TOOL_URI = 'https://github.com/nsasoft/nsauditor-ai';
 
 /**
  * Map nsauditor severity to SARIF level.