nsauditor-ai 0.1.66 → 0.1.68
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -17,7 +17,11 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
|
|
|
17
17
|
|
|
18
18
|
## What's New
|
|
19
19
|
|
|
20
|
-
- **CE 0.1.
|
|
20
|
+
- **CE 0.1.68** (current) — paired with **EE 0.8.0** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **MINOR VERSION MILESTONE — EE-RT.23 Move B**: EE plugin 1022 Azure scanner refactored to per-dim source attribution. Each of the 4 helpers now emits findings with its own source: `azure-nsg-auditor` / `azure-rbac-auditor` / `azure-storage-auditor` / `azure-keyvault-auditor`. Closes long-standing blocker (EE 0.6.9 R1-MEDIUM-1) for routing Azure storage findings into Appendix A "Cloud Bucket Exposure Attestation" without commingling NSG / RBAC / Key Vault. **Engine `details.category` projection contract** added (`normalizeFindings` + violation surface; additive, backward-compat). **Key Vault soc2.json gap closure — 13 new mappings** (CC6.1 + CC6.3 + C1.1 + A1.2): pre-0.8.0 Key Vault dim emitted 10 distinct `details.category` values but had ZERO soc2 routing — latent silent false-clean class closed. **Appendix A multi-cloud expansion**: 3 sources (AWS S3 + GCS + Azure Storage); `computeBucketStats` dedup key now provider-qualified (closes cross-cloud bucket-name collision). **7 same-session reviewer folds** (2 R-HIGH + 3 R-MEDIUM + 2 R-LOW; 0 R-CRITICAL). **+23 new tests / +6 new suites**. **EE regression: 5805/5805 across 907 suites; 68-session 100% green streak preserved.** **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33 (pure substrate-evidence depth uplift on already-covered controls — but KV gap closure was a silent false-clean class). ⚠️ **Customer migration**: suppressions targeting `match.source: 'azure-cloud-scanner'` silently no-op post-0.8.0 — must be split into per-dim entries (see EE CHANGELOG for migration snippet).
|
|
21
|
+
|
|
22
|
+
- **CE 0.1.67** — paired with **EE 0.7.3** (May 2026). **Critical hotfix** closing 2 production bugs surfaced by EE 0.7.2 dogfood scan: cross-version `google-auth-library` fragmentation broke SA impersonation chains (R-CRITICAL — 100% false-clean impact on free-trial/gmail GCP customers + business GCP customers with no-long-lived-SA-keys policy); `GOOGLE_CLOUD_PROJECT_ID` env-var alias silently skipped (R-MEDIUM). +14 new tests across 2 new suites. EE regression 5782/5782 across 900 suites; 67-session 100% green streak preserved.
|
|
23
|
+
|
|
24
|
+
- **CE 0.1.66** — paired with **EE 0.7.2** (May 2026). **Move B pure-test functional patch** closing the 5 test-coverage gaps deferred at 0.7.1's reviewer pass; +50 new tests across 6 new suites. Bundled staged peerDep `nsauditor-ai` bump (`^0.1.40` → `^0.1.65`). EE regression 5768/5768 across 898 suites.
|
|
21
25
|
|
|
22
26
|
- **CE 0.1.65** — paired with **EE 0.7.1** (May 2026). **EE-RT.22 v2 plugin 1025 R2 expansion** — extended GCP IAM Project-Level Auditor from 3 dims to **7 dims**: + custom-role permission audit (CC6.1) + SA key custody (CC6.1 + C1.1) + SA impersonation graph BFS (CC6.1; mirrors plugin 1030 shadow-admin BFS adapted to GCP) + Organization Policy constraint enumeration (CC6.6 + C1.1). NEW `utils/gcp_auth.mjs` honors `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` env var. **17 same-session reviewer folds applied — NEW HIGH-WATER MARK** vs 0.7.0's 12. **+22 new soc2.json mappings**. NEW SDK deps: `googleapis` + `@google-cloud/org-policy` in optionalDependencies.
|
|
23
27
|
|