What’s new: NSAuditor AI EE 0.5.4 ships as the final v0.5.x close-out cycle — the kind of unsexy structural-discipline work that distinguishes mature security tooling. The cycle tightens cross-plugin signatures to eliminate a parallel-threading bug class, adds DoS caps for hostile operator config, and lands the first clean reviewer pass of the entire v0.5.x line. Tenth consecutive trio-publish (EE + CE 0.1.53 + agent-skill 0.1.20).
The v0.5.x story in five lines
| Cycle | Surface added | False-CLEAN closures |
|---|---|---|
| 0.5.0 | Network-layer DNS (DKIM CNAME + DMARC TXT) | 1 (DMARC pct=0) |
| 0.5.1 | Cross-SDK CloudWatch alarm coverage | 1 (empty AlarmActions) |
| 0.5.2 | Deferred-items sweep | 2 (soc2 mapping + SES classic quota) |
| 0.5.3 | DKIM key fingerprint + DMARC alignment | 4 (truncated keys + empty-key floor + multi-records + DMARC double-fail) |
| 0.5.4 | Cross-plugin Thread H §7.5 + §8 | 1 (parallel-threading via Map-form) |
What 0.5.4 specifically does
- §7.5 — KMS-promoter Map-form signature hardening. The old promoter trusted the caller to keep two arguments in lockstep — a future wiring bug could pass the wrong KMS KeyManager to the wrong finding. New signature uses a
Map<arn, keyManager>so the lookup happens inside the promoter — single source of truth. - §8 — Operator-config DoS caps. Caps operator-supplied arrays at 1000 entries (tunable). A 100k-entry hostile config that pre-fold could DoS the audit now completes in under 1 second.
- Clean reviewer pass. 0 R-CRITICAL + 0 R-HIGH. The first clean pass of the entire v0.5.x line — a fitting close-out.
Numbers
- Plugin count UNCHANGED at 20
- +20 new tests; EE full regression 4982/4982 across 778 suites
- 50-session 100% green streak preserved
- Tenth consecutive EE + CE + agent-skill trio-publish
What’s next
0.6.0 milestone — EE-RT.19 VPC Endpoints / PrivateLink Auditor. NEW plugin in the 1100-1109 ID range. Plugin count grows 20 → 21.
Install
npm install -g nsauditor-ai@0.1.53 @nsasoft/nsauditor-ai-ee@0.5.4
npm install nsauditor-ai-agent-skill@0.1.20
