nsauditor-ai 0.1.65 → 0.1.66

package/README.md

@@ -17,7 +17,9 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
 
 ## What's New
 
-- **CE 0.1.65** (current) — paired with **EE 0.7.1** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **EE-RT.22 v2 plugin 1025 R2 expansion** — extends GCP IAM Project-Level Auditor from 3 dims to **7 dims**: + custom-role permission audit (CC6.1; `*` wildcard = CRITICAL, admin-equivalent permission intersection across 16-entry allowlist = HIGH) + SA key custody (CC6.1 + C1.1; user-managed keys = HIGH; 90-day rotation narrative-uplift threshold) + SA impersonation graph BFS (CC6.1; mirrors plugin 1030 shadow-admin BFS adapted to GCP — 2-hop = HIGH, 3+ hop = CRITICAL; per-PATH visited Set + depth cap = 4; project-scope grants surface independently as CRITICAL) + Organization Policy constraint enumeration (CC6.6 + C1.1; 4 sensitive constraints incl. `iam.disableServiceAccountKeyCreation`). NEW `utils/gcp_auth.mjs` honors `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` env var. **17 same-session reviewer folds applied — NEW HIGH-WATER MARK** vs 0.7.0's 12 (1 R-CRITICAL EE-RT.20 class recurrence catch + 7 R-HIGH + 8 R-MEDIUM + 1 R-LOW(+1 grouped)). **+22 new soc2.json mappings** (plugin 1025 total 11 → 33). **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33 (pure substrate-evidence depth uplift). NEW SDK deps: `googleapis` + `@google-cloud/org-policy` in optionalDependencies.
+- **CE 0.1.66** (current) — paired with **EE 0.7.2** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **Move B pure-test functional patch** closing the 5 test-coverage gaps deferred at 0.7.1's reviewer pass — no production code changes, no plugin emissions changed, no soc2.json changes, no new SDK deps. **+50 new tests across 6 new suites**: R2-MED-7 BFS edge cases (+17), R2-MED-13 counter wiring (+15 parameterized across 5 v2 apiName strings × 3 counter classes), R2-LOW-16/17 helper edges (+10), R2-HIGH-4 SDK loader graceful-degradation contract (+8), R2-MED-12 real-SDK fallback (+3 via generated PKCS#8 keypair). **EE regression: 5768/5768 across 898 suites; 66-session 100% green streak preserved.** **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33. EE bundles a staged `peerDependencies.nsauditor-ai` bump (`^0.1.40` → `^0.1.65`) queued at 0.7.1 post-publish per `[[npm_tarball_replacement_trap]]` discipline; pre-0.7.2 EE installs against deprecated CE versions emit `npm WARN deprecated` but install + work, post-0.7.2 installs cleanly against CE 0.1.66 only.
+
+- **CE 0.1.65** — paired with **EE 0.7.1** (May 2026). **EE-RT.22 v2 plugin 1025 R2 expansion** — extended GCP IAM Project-Level Auditor from 3 dims to **7 dims**: + custom-role permission audit (CC6.1) + SA key custody (CC6.1 + C1.1) + SA impersonation graph BFS (CC6.1; mirrors plugin 1030 shadow-admin BFS adapted to GCP) + Organization Policy constraint enumeration (CC6.6 + C1.1). NEW `utils/gcp_auth.mjs` honors `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` env var. **17 same-session reviewer folds applied — NEW HIGH-WATER MARK** vs 0.7.0's 12. **+22 new soc2.json mappings**. NEW SDK deps: `googleapis` + `@google-cloud/org-policy` in optionalDependencies.
 
 - **CE 0.1.64** — paired with **EE 0.7.0** (May 2026). **MINOR-VERSION MILESTONE** opening the v0.7.x cross-cloud-parity line with **NEW plugin 1025 GCP IAM Project-Level Auditor (EE-RT.22 v1)**; 3 audit dimensions (project-scope public-member bindings + sensitive-role inventory + IAM Conditions classifier). Plugin count 23 → 24. 12 same-session reviewer folds (clean pass). 11 new soc2.json mappings.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai",
-  "version": "0.1.65",
+  "version": "0.1.66",
   "description": "Modular AI-assisted network security audit platform — Community Edition",
   "type": "module",
   "private": false,