nsauditor-ai 0.1.33 → 0.1.35

package/README.md

@@ -15,6 +15,52 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
 
 **Zero Data Exfiltration by design.** NSAuditor AI works fully offline. AI analysis, CVE correlation, and continuous monitoring all happen locally. External calls (to AI APIs, NVD, etc.) are opt-in and use your own API keys. We never see your scan data.
 
+## What's New (0.1.35) — CLI provenance footer matches MCP response (so the comparison actually works)
+
+0.1.34 added the version-provenance block to the MCP server's `list_plugins` response, but **the CLI baseline (`license --plugins` / `license --status`) didn't show versions** — so customers couldn't easily compare. 0.1.35 fixes that asymmetry.
+
+Both CLI commands now emit an identical provenance block:
+
+```
+── Installation provenance ──
+  nsauditor-ai (CE):              0.1.35
+  @nsasoft/nsauditor-ai-ee (EE):  0.3.4 (loaded)
+```
+
+**Customer hallucination-detection workflow (5 seconds, no log archeology):**
+
+1. In Claude Desktop: ask "list plugins" → receive a response that should end with the provenance block
+2. In your terminal: run `nsauditor-ai license --plugins`
+3. Compare the two `── Installation provenance ──` blocks character-for-character
+4. **Match** → real MCP `tools/call` happened, response is trustworthy
+5. **Mismatch / missing block** → Claude fabricated the response (see CE 0.1.33 advisory)
+
+This is the v1 mitigation; the v2 (Thread L Phase 2) adds per-call cryptographic sentinel UUIDs that the customer can grep against the server log directly. v1 catches the common case where Claude either omits the block entirely (unlikely to fabricate the new structure verbatim) or includes a stale version pulled from training data.
+
+---
+
+## What's New (0.1.34) — list_plugins now embeds CE+EE versions for hallucination detection
+
+Companion to the 0.1.33 advisory. The `list_plugins` MCP tool's response now appends the actual installed CE + EE version numbers, so customers can verify a Claude Desktop response in **5 seconds** without log archeology:
+
+```
+── Installation provenance (verify against your shell) ──
+nsauditor-ai (CE):              0.1.34
+@nsasoft/nsauditor-ai-ee (EE):  0.3.4 (loaded)
+Verify: nsauditor-ai --version  &&  npm list -g @nsasoft/nsauditor-ai-ee
+If versions in this response don't match your shell, the response was
+AI-generated rather than retrieved from the MCP server (see CE 0.1.33 advisory).
+```
+
+How it works as a hallucination detector:
+- The MCP server reads `process.execPath`'s package.json + tries to resolve `@nsasoft/nsauditor-ai-ee/package.json` at request time. Both are real machine-specific values.
+- Claude Desktop fabricated responses in the wild have shown stale version numbers from training data, missing version lines entirely, or different counts each time the same question is asked (observed 32→32→31 plugin counts in three consecutive hallucinations on 2026-05-10).
+- A real tool response will exactly match `nsauditor-ai --version` + `npm list -g @nsasoft/nsauditor-ai-ee`. Mismatch = hallucinated.
+
+This is a v1 mitigation — the v2 (Thread L in `tasks/todo.md`) adds per-call cryptographic sentinel UUIDs that the customer can grep against the server log.
+
+---
+
 ## What's New (0.1.33) — ⚠ MCP integration with Claude Desktop is unreliable
 
 **Critical advisory for customers using NSAuditor AI through Claude Desktop's MCP integration.** During the maintainer's own integration test on 2026-05-10, we discovered that **Claude Desktop's AI fabricates scan results, plugin lists, vulnerability findings, and tier information without actually invoking the MCP tools** for our specific server. Other MCP servers in the same Claude Desktop config receive real `tools/call` invocations; ours does not.

package/cli.mjs

@@ -5,8 +5,10 @@ import { buildHtmlReport } from './utils/report_html.mjs';
 import fsp from 'node:fs/promises';
 import { dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { createRequire } from 'node:module';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
+const _require = createRequire(import.meta.url);
 import path from 'node:path';
 import { platform } from 'node:os';
 import { openaiSimplePrompt, openaiPrompt as openaiProPrompt, openaiPromptOptimized } from './utils/prompts.mjs';
@@ -931,6 +933,20 @@ Docs: https://www.nsauditor.com/ai/   |   Pricing: https://www.nsauditor.com/ai/
           console.log('\n→ Start a free 14-day Pro trial: https://www.nsauditor.com/ai/trial');
         }
       }
+      // CE 0.1.35 (Thread L mitigation v2): version provenance footer
+      // matches the MCP server's list_plugins suffix exactly. Customer
+      // verification flow: read versions in Claude Desktop's MCP
+      // response → compare against `license --status` output here.
+      // Mismatch ⇒ Claude hallucinated.
+      let _eeVersion = 'not installed';
+      try {
+        const ee = _require('@nsasoft/nsauditor-ai-ee/package.json');
+        _eeVersion = ee && ee.version ? `${ee.version} (loaded)` : 'unknown (loaded)';
+      } catch { /* CE-only — fine */ }
+      console.log('');
+      console.log('── Installation provenance ──');
+      console.log(`  nsauditor-ai (CE):              ${TOOL_VERSION}`);
+      console.log(`  @nsasoft/nsauditor-ai-ee (EE):  ${_eeVersion}`);
     } else if (rawArgs.includes('--capabilities')) {
       const tier = getTierFromEnv();
       const caps = resolveCapabilities(tier);
@@ -1004,6 +1020,24 @@ Docs: https://www.nsauditor.com/ai/   |   Pricing: https://www.nsauditor.com/ai/
         console.log('');
         console.log(`  ${totalRendered} plugin${totalRendered === 1 ? '' : 's'} total · current tier: ${tier}`);
       }
+
+      // CE 0.1.35 (Thread L mitigation v2): emit installation provenance
+      // identical in shape to the MCP server's list_plugins suffix.
+      // Customers comparing Claude Desktop's MCP response against the
+      // CLI baseline now see the SAME version block in both places.
+      // Mismatch → Claude hallucinated. Match → real tool call.
+      const ceVersion = TOOL_VERSION;
+      let eeVersion = 'not installed';
+      try {
+        const eeManifest = _require('@nsasoft/nsauditor-ai-ee/package.json');
+        eeVersion = eeManifest && eeManifest.version
+          ? `${eeManifest.version} (loaded)`
+          : 'unknown (loaded)';
+      } catch { /* CE-only install — fine */ }
+      console.log('');
+      console.log('── Installation provenance ──');
+      console.log(`  nsauditor-ai (CE):              ${ceVersion}`);
+      console.log(`  @nsasoft/nsauditor-ai-ee (EE):  ${eeVersion}`);
     } else if (rawArgs.includes('install')) {
       // CE-0.1.30.4 — install command. Verify the JWT FIRST, then persist
       // to a platform-appropriate location (macOS Keychain / file).

package/mcp_server.mjs

@@ -366,12 +366,49 @@ export function createServer() {
     try {
       const result = await handler(args ?? {});
 
-      // Append tier info to list_plugins response
+      // Append tier info + version provenance to list_plugins response.
+      //
+      // CE 0.1.34 (Thread L MITIGATION): the response now embeds the
+      // ACTUAL versions of CE + EE (when EE is loaded) so customers
+      // can detect Claude Desktop hallucinations. Background: Claude
+      // Desktop has been observed (2026-05-10) silently fabricating
+      // list_plugins responses without invoking the MCP server (per-
+      // server log shows zero `tools/call` while Claude reports
+      // detailed plugin lists). With version numbers in the response,
+      // a hallucinated answer will either omit the version line OR
+      // include a stale/wrong version pulled from training data.
+      // Customer verification (5 seconds, no log archeology):
+      //   nsauditor-ai --version
+      //   npm list -g @nsasoft/nsauditor-ai-ee
+      // If the versions in Claude Desktop's output don't match these
+      // commands, the response was AI-generated, not a real tool call.
       if (name === 'list_plugins') {
         const tierLabel = { ce: 'Community Edition (CE)', pro: 'Pro', enterprise: 'Enterprise' };
+
+        // Detect EE version (best-effort; absent on CE-only installs).
+        let eeVersion = 'not installed';
+        try {
+          const eeManifest = _require('@nsasoft/nsauditor-ai-ee/package.json');
+          eeVersion = eeManifest && eeManifest.version
+            ? `${eeManifest.version} (loaded)`
+            : 'unknown (loaded)';
+        } catch {
+          // EE package not installed or not resolvable — common for CE-only customers.
+          eeVersion = 'not installed';
+        }
+
+        const versionLines =
+          `\n\n── Installation provenance (verify against your shell) ──\n` +
+          `nsauditor-ai (CE):              ${TOOL_VERSION}\n` +
+          `@nsasoft/nsauditor-ai-ee (EE):  ${eeVersion}\n` +
+          `Verify: nsauditor-ai --version  &&  npm list -g @nsasoft/nsauditor-ai-ee\n` +
+          `If versions in this response don't match your shell, the response was\n` +
+          `AI-generated rather than retrieved from the MCP server (see CE 0.1.33 advisory).`;
+
         const tierSuffix = `\n\nCurrent tier: ${tierLabel[_tier] ?? _tier}. ${_capabilities.proMCP ? '' : 'Upgrade to Pro for probe_service, get_vulnerabilities, risk_summary, and more.'}`;
+
         return {
-          content: [{ type: 'text', text: JSON.stringify(result, null, 2) + tierSuffix }],
+          content: [{ type: 'text', text: JSON.stringify(result, null, 2) + tierSuffix + versionLines }],
         };
       }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai",
-  "version": "0.1.33",
+  "version": "0.1.35",
   "description": "Modular AI-assisted network security audit platform — Community Edition",
   "type": "module",
   "private": false,