nsauditor-ai 0.1.32 → 0.1.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +53 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -15,6 +15,40 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
15
15
 
16
16
  **Zero Data Exfiltration by design.** NSAuditor AI works fully offline. AI analysis, CVE correlation, and continuous monitoring all happen locally. External calls (to AI APIs, NVD, etc.) are opt-in and use your own API keys. We never see your scan data.
17
17
 
18
+ ## What's New (0.1.33) — ⚠ MCP integration with Claude Desktop is unreliable
19
+
20
+ **Critical advisory for customers using NSAuditor AI through Claude Desktop's MCP integration.** During the maintainer's own integration test on 2026-05-10, we discovered that **Claude Desktop's AI fabricates scan results, plugin lists, vulnerability findings, and tier information without actually invoking the MCP tools** for our specific server. Other MCP servers in the same Claude Desktop config receive real `tools/call` invocations; ours does not.
21
+
22
+ **Empirical evidence**:
23
+ - `~/Library/Logs/Claude/main.log` shows multiple permission grants for `mcp__nsauditor-ai__list_plugins` and `mcp__nsauditor-ai__scan_host` on 2026-05-10
24
+ - `~/Library/Logs/Claude/mcp-server-nsauditor-ai.log` shows **zero** `"method":"tools/call"` entries on the same day
25
+ - Other servers in the same config logged real calls (ns-ftp:29, wp-publisher-netsecmag:14, ai-pr-distribution:6, sendgrid:3)
26
+ - When asked to scan 1.1.1.1, Claude Desktop returned a detailed report with plugin breakdown + Zero Trust score — entirely fabricated
27
+
28
+ **Likely cause**: Claude Desktop's MCP client appears to time out our server (which loads PluginManager + 32 plugins + license verify before responding). Claude (the AI) silently substitutes fabricated responses from training rather than surfacing the timeout. The hallucinations are convincingly formatted and indistinguishable from real output without log inspection.
29
+
30
+ **Mandatory verification — for any output you'd act on**:
31
+
32
+ ```bash
33
+ # Tier check (ground truth bypassing Claude AI synthesis):
34
+ nsauditor-ai mcp tier
35
+
36
+ # Real plugin scan (always hits the network):
37
+ nsauditor-ai scan --host <X> --plugins all --out <dir>
38
+
39
+ # Confirm Claude Desktop actually called the MCP server:
40
+ grep '"method":"tools/call"' ~/Library/Logs/Claude/mcp-server-nsauditor-ai.log | tail -5
41
+ # If main.log shows recent permission grants for nsauditor-ai tools but
42
+ # THIS file shows no matching tools/call entries, the responses you saw
43
+ # in Claude Desktop were AI-generated, NOT real.
44
+ ```
45
+
46
+ **SOC 2 evidence and any compliance report MUST be generated via the CLI** — never via the Claude Desktop MCP integration — until this is resolved upstream. We're working on it (Thread L in `tasks/todo.md`): a per-call cryptographic sentinel, lazy-loaded plugin discovery to reduce startup latency, a `mcp verify-recent-call` diagnostic, and a bug report to Anthropic.
47
+
48
+ This advisory will be removed when the upstream Claude Desktop MCP routing issue is fixed and we ship a CE release whose `tools/call` invocations land reliably.
49
+
50
+ ---
51
+
18
52
  ## What's New (0.1.32) — Claude Desktop integration overhaul + ground-truth diagnostics
19
53
 
20
54
  The 0.1.32 line bundles three operational improvements driven by real customer-onboarding friction surfaced during the developer's own Claude Desktop integration test (2026-05-10):
@@ -319,6 +353,25 @@ nsauditor-ai scan --host 192.168.1.0/24 --plugins all \
319
353
 
320
354
  ## MCP Server
321
355
 
356
+ > ## ⚠ CRITICAL ADVISORY (2026-05-10) — Claude Desktop hallucinates responses for this MCP server
357
+ >
358
+ > When you use NSAuditor AI through **Claude Desktop's** MCP integration, the AI may **fabricate scan results, plugin lists, vulnerability findings, and tier information without actually invoking the MCP tools**. We've confirmed this empirically: Claude Desktop's permission system shows tool calls being approved, but the actual `tools/call` JSON-RPC messages never reach our server (other MCP servers in the same config receive their calls correctly).
359
+ >
360
+ > **Mandatory verification for any output you'd act on**:
361
+ >
362
+ > ```bash
363
+ > # Real tier check (ground truth — bypasses Claude AI synthesis):
364
+ > nsauditor-ai mcp tier
365
+ >
366
+ > # Real scan (always hits the network):
367
+ > nsauditor-ai scan --host <X> --plugins all --out <dir>
368
+ >
369
+ > # Confirm Claude Desktop actually called the MCP server today:
370
+ > grep '"method":"tools/call"' ~/Library/Logs/Claude/mcp-server-nsauditor-ai.log | tail -5
371
+ > ```
372
+ >
373
+ > **SOC 2 evidence + compliance reports MUST be generated via the CLI** — never via the Claude Desktop MCP integration — until this is resolved upstream. Other MCP clients (Claude Code, custom MCP clients via the SDK) appear unaffected. See [What's New (0.1.33)](#whats-new-0133----mcp-integration-with-claude-desktop-is-unreliable) for full details.
374
+
322
375
  Expose scanning capabilities to AI assistants via [Model Context Protocol](https://modelcontextprotocol.io):
323
376
 
324
377
  ```bash
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nsauditor-ai",
3
- "version": "0.1.32",
3
+ "version": "0.1.33",
4
4
  "description": "Modular AI-assisted network security audit platform — Community Edition",
5
5
  "type": "module",
6
6
  "private": false,