npm - nsauditor-ai - Versions diffs - 0.1.67 → 0.1.68 - Mend

nsauditor-ai 0.1.67 → 0.1.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +3 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -17,7 +17,9 @@ NSAuditor AI is the open-source core of a privacy-first security intelligence pl
 ## What's New
-- **CE 0.1.67** (current) — paired with **EE 0.7.3** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **Critical hotfix** closing 2 production bugs surfaced by EE 0.7.2 dogfood scan against operator's GCP test infra within 30 minutes of the 0.7.2 trio publish. **R-CRITICAL fix**: any EE customer using `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` hit `2 UNKNOWN: Getting metadata from plugin failed with error: headers.forEach is not a function` on the FIRST IAM call (cross-version `google-auth-library` fragmentation: 9.x plain-object headers vs nested 10.x Headers-instance forEach). NEW `_wrapAuthClientHeadersShim` in EE's `utils/gcp_auth.mjs` coerces 9.x's plain-object return into a Headers instance; version-agnostic + future-proof. **Customer-segment impact**: GCP free-trial / gmail customers (where `iam.disableServiceAccountKeyCreation` is enforced and impersonation is the only working credential model) + business GCP customers with no-long-lived-SA-keys security policy — both segments had 100% false-clean SOC 2 reports pre-0.7.3. **R-MEDIUM fix**: extended plugin 1025 preflight + loadConfig from 2-way OR to 3-way OR (adds `GOOGLE_CLOUD_PROJECT_ID` env var alias matching `gcloud auth application-default login` setup convention). **+14 new tests across 2 new suites** (Headers-shape shim + env-var alias, including a regression pin replicating the gax 5.x grpc adapter idiom). **EE regression: 5782/5782 across 900 suites; 67-session 100% green streak preserved.** **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33. No plugin emissions changed; no soc2.json changes; no new SDK deps; no new plugins.
+- **CE 0.1.68** (current) — paired with **EE 0.8.0** (May 2026). **24 enterprise plugins** across AWS / Azure / GCP, mapped to 10 fully-covered + 4 partial AICPA TSC controls. **MINOR VERSION MILESTONE — EE-RT.23 Move B**: EE plugin 1022 Azure scanner refactored to per-dim source attribution. Each of the 4 helpers now emits findings with its own source: `azure-nsg-auditor` / `azure-rbac-auditor` / `azure-storage-auditor` / `azure-keyvault-auditor`. Closes long-standing blocker (EE 0.6.9 R1-MEDIUM-1) for routing Azure storage findings into Appendix A "Cloud Bucket Exposure Attestation" without commingling NSG / RBAC / Key Vault. **Engine `details.category` projection contract** added (`normalizeFindings` + violation surface; additive, backward-compat). **Key Vault soc2.json gap closure — 13 new mappings** (CC6.1 + CC6.3 + C1.1 + A1.2): pre-0.8.0 Key Vault dim emitted 10 distinct `details.category` values but had ZERO soc2 routing — latent silent false-clean class closed. **Appendix A multi-cloud expansion**: 3 sources (AWS S3 + GCS + Azure Storage); `computeBucketStats` dedup key now provider-qualified (closes cross-cloud bucket-name collision). **7 same-session reviewer folds** (2 R-HIGH + 3 R-MEDIUM + 2 R-LOW; 0 R-CRITICAL). **+23 new tests / +6 new suites**. **EE regression: 5805/5805 across 907 suites; 68-session 100% green streak preserved.** **Plugin count UNCHANGED at 24**; coverage matrix UNCHANGED at 10/4/33 (pure substrate-evidence depth uplift on already-covered controls — but KV gap closure was a silent false-clean class). ⚠️ **Customer migration**: suppressions targeting `match.source: 'azure-cloud-scanner'` silently no-op post-0.8.0 — must be split into per-dim entries (see EE CHANGELOG for migration snippet).
+- **CE 0.1.67** — paired with **EE 0.7.3** (May 2026). **Critical hotfix** closing 2 production bugs surfaced by EE 0.7.2 dogfood scan: cross-version `google-auth-library` fragmentation broke SA impersonation chains (R-CRITICAL — 100% false-clean impact on free-trial/gmail GCP customers + business GCP customers with no-long-lived-SA-keys policy); `GOOGLE_CLOUD_PROJECT_ID` env-var alias silently skipped (R-MEDIUM). +14 new tests across 2 new suites. EE regression 5782/5782 across 900 suites; 67-session 100% green streak preserved.
 - **CE 0.1.66** — paired with **EE 0.7.2** (May 2026). **Move B pure-test functional patch** closing the 5 test-coverage gaps deferred at 0.7.1's reviewer pass; +50 new tests across 6 new suites. Bundled staged peerDep `nsauditor-ai` bump (`^0.1.40` → `^0.1.65`). EE regression 5768/5768 across 898 suites.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nsauditor-ai",
-  "version": "0.1.67",
+  "version": "0.1.68",
   "description": "Modular AI-assisted network security audit platform — Community Edition",
   "type": "module",
   "private": false,