nsauditor-ai 0.1.65 → 0.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -17,7 +17,11 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
|
|
|
17
17
|
|
|
18
18
|
## What's New
|
|
19
19
|
|
|
20
|
-
- **CE 0.1.
|
|
20
|
+
- **CE 0.1.67** (current) — paired with **EE 0.7.3** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **Critical hotfix** closing 2 production bugs surfaced by EE 0.7.2 dogfood scan against operator's GCP test infra within 30 minutes of the 0.7.2 trio publish. **R-CRITICAL fix**: any EE customer using `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` hit `2 UNKNOWN: Getting metadata from plugin failed with error: headers.forEach is not a function` on the FIRST IAM call (cross-version `google-auth-library` fragmentation: 9.x plain-object headers vs nested 10.x Headers-instance forEach). NEW `_wrapAuthClientHeadersShim` in EE's `utils/gcp_auth.mjs` coerces 9.x's plain-object return into a Headers instance; version-agnostic + future-proof. **Customer-segment impact**: GCP free-trial / gmail customers (where `iam.disableServiceAccountKeyCreation` is enforced and impersonation is the only working credential model) + business GCP customers with no-long-lived-SA-keys security policy — both segments had 100% false-clean SOC 2 reports pre-0.7.3. **R-MEDIUM fix**: extended plugin 1025 preflight + loadConfig from 2-way OR to 3-way OR (adds `GOOGLE_CLOUD_PROJECT_ID` env var alias matching `gcloud auth application-default login` setup convention). **+14 new tests across 2 new suites** (Headers-shape shim + env-var alias, including a regression pin replicating the gax 5.x grpc adapter idiom). **EE regression: 5782/5782 across 900 suites; 67-session 100% green streak preserved.** **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33. No plugin emissions changed; no soc2.json changes; no new SDK deps; no new plugins.
|
|
21
|
+
|
|
22
|
+
- **CE 0.1.66** — paired with **EE 0.7.2** (May 2026). **Move B pure-test functional patch** closing the 5 test-coverage gaps deferred at 0.7.1's reviewer pass; +50 new tests across 6 new suites. Bundled staged peerDep `nsauditor-ai` bump (`^0.1.40` → `^0.1.65`). EE regression 5768/5768 across 898 suites.
|
|
23
|
+
|
|
24
|
+
- **CE 0.1.65** — paired with **EE 0.7.1** (May 2026). **EE-RT.22 v2 plugin 1025 R2 expansion** — extended GCP IAM Project-Level Auditor from 3 dims to **7 dims**: + custom-role permission audit (CC6.1) + SA key custody (CC6.1 + C1.1) + SA impersonation graph BFS (CC6.1; mirrors plugin 1030 shadow-admin BFS adapted to GCP) + Organization Policy constraint enumeration (CC6.6 + C1.1). NEW `utils/gcp_auth.mjs` honors `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` env var. **17 same-session reviewer folds applied — NEW HIGH-WATER MARK** vs 0.7.0's 12. **+22 new soc2.json mappings**. NEW SDK deps: `googleapis` + `@google-cloud/org-policy` in optionalDependencies.
|
|
21
25
|
|
|
22
26
|
- **CE 0.1.64** — paired with **EE 0.7.0** (May 2026). **MINOR-VERSION MILESTONE** opening the v0.7.x cross-cloud-parity line with **NEW plugin 1025 GCP IAM Project-Level Auditor (EE-RT.22 v1)**; 3 audit dimensions (project-scope public-member bindings + sensitive-role inventory + IAM Conditions classifier). Plugin count 23 → 24. 12 same-session reviewer folds (clean pass). 11 new soc2.json mappings.
|
|
23
27
|
|