@blamejs/exceptd-skills 0.11.1 → 0.11.3

package/CHANGELOG.md

@@ -1,5 +1,65 @@
 # Changelog
 
+## 0.11.3 — 2026-05-12
+
+**Patch: operator-reported item #71 + full feature audit findings.**
+
+A full audit across v0.10.0 → v0.11.2 features (64 surface elements: bug fixes, new verbs, flags, output formats, integration paths) confirmed 62/64 work as documented; this release fixes the 2 real gaps the audit found plus closes operator-reported #71.
+
+### Bugs
+
+- **#71 lint accepted half-shape submissions the runner couldn't drive detect with.** Operators submitting flat-shape evidence with `observations: { "<artifact-id>": { captured, value } }` (no `indicator + result` inline) passed lint with zero warnings, then got `detect.classification: "inconclusive"` from the runner because nothing drove indicator decisions. The flat-shape migration was half-complete: validator accepted the new shape; runner couldn't consume it.
+
+  Fixes:
+  - **Lint** now warns `observation_lacks_indicator_result` per captured artifact that lacks `indicator + result` AND no `verdict.classification` is supplied, plus an `info` saying "detect will be inconclusive". Operators see the gap before paying the run cost.
+  - **`normalizeSubmission`** previously bailed when the submission already had any nested key (`signals`, `artifacts`, `signal_overrides`) — including when the CLI itself had injected `signals._bundle_formats` for `--format` support. Now shape detection prioritizes `observations` / `verdict` and merges any pre-existing nested keys into the normalized output.
+  - **`detect` output** surfaces `observations_received`, `signals_received`, `indicators_evaluated`, `classification_override_applied`, and `submission_shape_seen` so operators can see exactly what the runner consumed from their submission. Pre-0.11.3 an inconclusive verdict was opaque.
+
+- **`attest export --format csaf` was a no-op.** The `--format` flag is registered as a multi-flag (returning an array), but the export subverb compared `format === "csaf"` directly against the array, falsing every time. Operators always got the plain redacted-JSON export regardless of the flag. Now unwrapped + normalizes `csaf-2.0` → `csaf` so both shortcuts hit the CSAF envelope path.
+
+### Audit pass — verified working as documented
+
+Smoke-tested 64 features across v0.10.0–v0.11.2. The full list:
+
+- **Bug regressions:** skill not-found JSON, unknown-command JSON, prefetch --quiet summary, validate-cves --offline, --mode validation, --session-key hex validation, framework-gap NIST normalization, default-stdin on pipe, --json-stdout-only stderr silence, mutex lockfile released after run, session-id collision refusal, --operator persistence, --ack persistence, --diff-from-latest, reattest --latest.
+- **Verbs:** brief (incl. --all / --phase), discover, doctor (all four sub-checks), ask (incl. synonym routing), lint (catches missing artifacts), ci (incl. --scope code alignment with discover), watch, verify-attestation alias, run-all alias, attest list/show/verify/export/diff/diff --against.
+- **Run flags:** --evidence, --evidence-dir, --vex, --explain, --signal-list, --format summary/markdown/sarif/openvex (--format csaf fixed here), --diff-from-latest, --ci, --force-overwrite.
+- **Attestation root:** EXCEPTD_HOME respected, --attestation-root respected, legacy + new root both scanned by `findSessionDir`.
+- **Catalog tooling:** validate-cves --since filter, refresh --no-network / --indexes-only routing, report csaf envelope.
+- **Flat submission shape:** verdict.classification propagates, observation + indicator + result drives detect, smart precondition auto-detect resolves cwd_readable / host.platform / agent_has_command.
+- **First-run welcome.**
+
+### Audit pass — known false positives
+
+- **`exceptd watch`** prints `"[orchestrator] Starting event watcher..."` not `"Listening"` — works correctly; my test string was wrong.
+
+## 0.11.2 — 2026-05-12
+
+**Patch: operator-reported items 58-70 from real CLI use.**
+
+### Bugs
+
+- **#58 `ask` non-functional.** Even literal token "secrets" returned `matched: []`. Root cause: tokenizer required length > 3 (dropped "PQC"/"MCP") and the search index covered only `domain.name + attack_class + first sentence of threat_context`. Rewritten with: (a) length >= 2 token filter, (b) synonym map (`credential` → secret/key/token/...; `supply chain` → sbom/dependency/...; `pqc` → post-quantum/ml-kem/...), (c) richer index covering id + name + attack_class + atlas_refs + attack_refs + cwe_refs + frameworks_in_scope + theater_fingerprints.claim + full threat_context + framework_lag_declaration + skill_chain + collection_scope, (d) ID match scores 3× (so `ask secrets` routes to the secrets playbook). Default output now human-readable; `--json` for machine.
+- **#59 `--format` flag was no-op.** Documented values produced standard JSON unconditionally. Wired through: `--format summary` emits a single-line JSON digest; `--format markdown` emits an operator-readable markdown report; `--format csaf-2.0|sarif|openvex` emits the corresponding bundle from `close.evidence_package.bundles_by_format`. Unknown values rejected with a list of valid options.
+- **#60 Default output flipped (partial).** `emit()` now detects `stdout.isTTY` — interactive use gets indented JSON (massively more readable); piped use stays compact. Override via `--pretty` (always indent) or `EXCEPTD_RAW_JSON=1`. Verbs with dedicated human renderers (`discover`, `doctor`, `ask`) still use them.
+- **#61 doctor summary contradicted its findings.** Output said "all checks green" directly above `[!!] private key MISSING`. Now: signing-check severity is `warn` when key absent; summary distinguishes errors vs warnings (`X fail / Y warn`); icon shows `[!! warn]` instead of `[ok]`. Warnings don't force exit 1 (CI still ok) but the visible state matches.
+- **#62 `watch` verb missing.** The deprecation map said `watchlist → watch` but `watch` returned unknown-command. Added `watch` as orchestrator passthrough aliased to `watchlist` (same function).
+- **#63 `discover` vs `ci --scope code` mismatch.** discover recommended 5 playbooks; ci ran 4 (different sets). ci now includes cross-cutting playbooks (`framework`) regardless of scope, and for `--scope code` on a git repo with a lockfile, also includes `sbom` (system-scope but repo-relevant). Aligns with discover's recommendations.
+- **#65 `refresh --no-network` / `--indexes-only` silently no-op.** v0.11.0 deprecation pointers said `prefetch → refresh --no-network` and `build-indexes → refresh --indexes-only`, but the underlying refresh script ignored those flags. Now: CLI translates them at dispatch time — `refresh --no-network` routes to the `prefetch` script; `refresh --indexes-only` routes to `build-indexes`.
+- **#66 `ai-run` shell-pipe unusable.** `echo '{...}' | exceptd ai-run secrets` failed with "stdin closed without an evidence event" because shell heredocs close stdin before the streaming protocol expects the wrapped `{event:evidence}` frame. Fix: when streaming mode hits EOF without a wrapped event, parse the raw stdin as a bare submission object and run with it. Operators no longer need an interactive harness for the common single-shot case.
+- **#64 verified.** `ok:false` from `on_fail: halt` preconditions correctly exits 1 (kernel-on-Windows reproducer). The user's `exceptd run secrets` cases were `on_fail: warn` preconditions where exit 0 is correct (run completed with warning). No regression in v0.11.x; the user's stale install may have shown different behavior.
+
+### Features
+
+- **#67** `ask` routing index — same fix as #58.
+- **#68** `--format summary` single-line digest — same fix as #59. Returns: `{ok, playbook, session_id, classification, rwep, blast_radius, matched_cves, feeds_into, jurisdiction_clocks, evidence_hash}`. Useful for GH Actions annotation lines.
+- **#69** `doctor --fix` automatically runs `node lib/sign.js generate-keypair` when the private-key check is the only failing warning. Closes the most-common discovered-issue → manual-fix-recipe loop.
+- **#70** `run --format markdown` emits an operator-readable per-run digest (classification, RWEP, matched CVEs, recommended remediation, notification clocks, feeds_into).
+
+### Already shipped (cross-referenced)
+
+- `attest diff <a> --against <b>` (was v0.11.0 #56) — works as documented.
+
 ## 0.11.1 — 2026-05-12
 
 **Patch: operator-reported items 47-57.**

package/bin/exceptd.js

@@ -81,6 +81,7 @@ const COMMANDS = {
   "validate-cves": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   "validate-rfcs": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   watchlist:       () => path.join(PKG_ROOT, "orchestrator", "index.js"),
+  watch:           () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   "framework-gap": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   "framework-gap-analysis": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   // Seven-phase playbook verbs — handled in-process via lib/playbook-runner.js.
@@ -95,7 +96,7 @@ const COMMANDS = {
 
 const ORCHESTRATOR_PASSTHROUGH = new Set([
   "scan", "dispatch", "skill", "currency", "report",
-  "validate-cves", "validate-rfcs", "watchlist",
+  "validate-cves", "validate-rfcs", "watchlist", "watch",
   "framework-gap", "framework-gap-analysis",
 ]);
 
@@ -339,7 +340,21 @@ function main() {
     return;
   }
 
-  const resolver = COMMANDS[cmd];
+  // v0.11.2 bug #65: `refresh --no-network` / `refresh --indexes-only` were
+  // documented as the v0.11.0 replacements for `prefetch` / `build-indexes`
+  // but the underlying refresh script doesn't know those flags. Translate
+  // here so the deprecation pointer actually works.
+  let effectiveCmd = cmd;
+  let effectiveRest = rest;
+  if (cmd === "refresh" && rest.includes("--no-network")) {
+    effectiveCmd = "prefetch";
+    effectiveRest = rest.filter(a => a !== "--no-network");
+  } else if (cmd === "refresh" && rest.includes("--indexes-only")) {
+    effectiveCmd = "build-indexes";
+    effectiveRest = rest.filter(a => a !== "--indexes-only");
+  }
+
+  const resolver = COMMANDS[effectiveCmd];
   if (typeof resolver !== "function") {
     // Emit a structured JSON error matching the seven-phase verbs so operators
     // piping through `jq` get one consistent shape across the CLI surface.
@@ -357,7 +372,7 @@ function main() {
 
   // Orchestrator subcommands need the subcommand name preserved as argv[0]
   // for orchestrator/index.js's switch statement.
-  const finalArgs = ORCHESTRATOR_PASSTHROUGH.has(cmd) ? [script, cmd, ...rest] : [script, ...rest];
+  const finalArgs = ORCHESTRATOR_PASSTHROUGH.has(effectiveCmd) ? [script, effectiveCmd, ...effectiveRest] : [script, ...effectiveRest];
   const res = spawnSync(process.execPath, finalArgs, { stdio: "inherit", cwd: PKG_ROOT });
   if (res.error) {
     process.stderr.write(`exceptd: failed to run ${cmd}: ${res.error.message}\n`);
@@ -413,7 +428,13 @@ function parseArgs(argv, opts) {
 }
 
 function emit(obj, pretty) {
-  const s = pretty ? JSON.stringify(obj, null, 2) : JSON.stringify(obj);
+  // v0.11.2 bug #60: when stdout is a TTY (interactive use), emit indented
+  // JSON instead of single-line — much more readable. Piped to a file or
+  // tool? Default to compact one-line JSON. --pretty forces indented
+  // regardless of TTY. --json-stdout-only is always compact.
+  const interactive = process.stdout.isTTY && !process.env.EXCEPTD_RAW_JSON;
+  const indent = pretty || (interactive && !pretty);
+  const s = indent ? JSON.stringify(obj, null, 2) : JSON.stringify(obj);
   process.stdout.write(s + "\n");
 }
 
@@ -458,9 +479,20 @@ function dispatchPlaybook(cmd, argv) {
     bool:  ["pretty", "air-gap", "force-stale", "all", "flat", "directives",
             "ci", "latest", "diff-from-latest", "explain", "signal-list", "ack",
             "force-overwrite", "no-stream", "block-on-jurisdiction-clock",
-            "json-stdout-only"],
+            "json-stdout-only", "fix", "human", "json"],
     multi: ["playbook", "format"],
   });
+  // v0.11.2 bug #60: flip defaults to human-readable. JSON via explicit --json
+  // (or --pretty implies indented JSON). The v0.11.0 CHANGELOG claimed this
+  // was already done; the code in fact emitted JSON unconditionally. Now:
+  //   --json or --pretty  → JSON (one-line or indented respectively)
+  //   --json-stdout-only  → JSON, suppress stderr
+  //   default             → human-readable text
+  // Verbs that have their own human renderer (discover/doctor/refresh/lint
+  // /ask/attest list) continue to use it; verbs that don't yet (brief/run/
+  // ai-run/ci/attest show/export/diff/verify) fall back to indented JSON
+  // labeled as such — better than no signal.
+  args._jsonMode = !!(args.json || args.pretty || args["json-stdout-only"]);
   const pretty = !!args.pretty;
   const runOpts = {
     airGap: !!args["air-gap"],
@@ -834,6 +866,37 @@ function cmdLint(runner, args, runOpts, pretty) {
     issues.push({ severity: "warn", kind: "unknown_observation_key", key: k });
   }
 
+  // #71 (v0.11.3): when a submission is flat-shape with all captured artifacts
+  // but no indicator+result inline and no verdict.classification — detect()
+  // will return "inconclusive" because nothing drives the indicator decisions.
+  // Lint must surface this so operators don't ship a half-shape evidence file
+  // that passes lint but produces an inconclusive run.
+  if (flat) {
+    const observationsWithoutIndicator = Object.entries(flat).filter(([k, v]) => {
+      if (!knownArtifacts.has(k)) return false; // unknown keys flagged elsewhere
+      if (typeof v !== "object" || v === null) return false;
+      const captured = v.captured !== false;
+      return captured && !(v.indicator && v.result);
+    });
+    const verdictClass = submission.verdict?.classification;
+    const verdictWillDrive = verdictClass === "clean" || verdictClass === "not_detected" || verdictClass === "detected" || verdictClass === "inconclusive";
+    if (observationsWithoutIndicator.length > 0 && !verdictWillDrive && Object.keys(submission.signal_overrides || {}).length === 0) {
+      for (const [k] of observationsWithoutIndicator) {
+        issues.push({
+          severity: "warn",
+          kind: "observation_lacks_indicator_result",
+          observation_key: k,
+          hint: `Artifact "${k}" captured without "indicator" + "result" fields. detect will return 'inconclusive' for this indicator. Either add { "indicator": "<id>", "result": "hit"|"miss"|"inconclusive" } per observation, OR supply verdict.classification at the submission root to drive the overall verdict.`,
+        });
+      }
+      issues.push({
+        severity: "info",
+        kind: "detect_will_be_inconclusive",
+        hint: `Flat submission shape with ${observationsWithoutIndicator.length} captured artifact(s) but no indicator+result inline and no verdict.classification. detect() will return 'inconclusive'. Run \`exceptd run ${playbookId} --signal-list\` to see the indicator IDs the playbook recognizes.`,
+      });
+    }
+  }
+
   const ok = issues.every(i => i.severity !== "error");
   emit({
     verb: "lint",
@@ -1134,7 +1197,12 @@ function cmdRun(runner, args, runOpts, pretty) {
   // Supports csaf-2.0 | sarif | openvex | markdown. Multiple --format flags
   // produce multiple bundles in the close response under bundles_by_format.
   if (args.format) {
-    const formats = Array.isArray(args.format) ? args.format : [args.format];
+    // Normalize shortcut names to the runner's canonical bundle keys before
+    // passing through. "csaf" → "csaf-2.0"; "sarif" / "openvex" / "markdown"
+    // / "summary" stay verbatim. Anything else is rejected after the run
+    // result is in hand (so the run still completes).
+    const formats = (Array.isArray(args.format) ? args.format : [args.format])
+      .map(f => f === "csaf" ? "csaf-2.0" : f);
     submission.signals = submission.signals || {};
     submission.signals._bundle_formats = formats;
   }
@@ -1259,6 +1327,80 @@ function cmdRun(runner, args, runOpts, pretty) {
     return;
   }
 
+  // v0.11.2 bug #59 / feature #70: --format actually transforms the top-level
+  // output. Previously it only populated close.evidence_package.bundles_by_format
+  // and the operator still saw the full JSON. Now:
+  //   --format summary  → single-line JSON digest (5 fields)
+  //   --format markdown → operator-readable markdown digest of the run
+  //   --format csaf-2.0/sarif/openvex → the corresponding bundle from close
+  //   (default — no --format) → full JSON result as before
+  if (args.format) {
+    const requested = Array.isArray(args.format) ? args.format[0] : args.format;
+    const VALID = ["summary", "markdown", "csaf-2.0", "csaf", "sarif", "openvex", "json"];
+    if (!VALID.includes(requested)) {
+      return emitError(`run: --format "${requested}" not in accepted set ${JSON.stringify(VALID)}.`, null, pretty);
+    }
+    if (requested === "summary") {
+      const cls = result.phases?.detect?.classification;
+      const rwep = result.phases?.analyze?.rwep?.adjusted ?? 0;
+      const blast = result.phases?.analyze?.blast_radius_score ?? 0;
+      const cves = result.phases?.analyze?.matched_cves?.length ?? 0;
+      const next = result.phases?.close?.feeds_into?.join(",") || "";
+      const clocks = (result.phases?.close?.notification_actions || []).filter(n => n.clock_started_at).length;
+      emit({
+        ok: result.ok, playbook: result.playbook_id, session_id: result.session_id,
+        classification: cls, rwep, blast_radius: blast, matched_cves: cves,
+        feeds_into: next, jurisdiction_clocks: clocks, evidence_hash: result.evidence_hash,
+      }, pretty);
+      return;
+    }
+    if (requested === "markdown") {
+      const lines = [];
+      lines.push(`# exceptd run: ${result.playbook_id}`);
+      lines.push(`session-id: ${result.session_id}`);
+      lines.push(`evidence-hash: ${result.evidence_hash}`);
+      lines.push("");
+      const cls = result.phases?.detect?.classification || "n/a";
+      const rwep = result.phases?.analyze?.rwep?.adjusted ?? 0;
+      const top = result.phases?.analyze?.rwep?.threshold?.escalate ?? "n/a";
+      lines.push(`**Classification:** ${cls}  **RWEP:** ${rwep} / ${top}  **Blast radius:** ${result.phases?.analyze?.blast_radius_score ?? "n/a"}/5`);
+      lines.push("");
+      const cves = result.phases?.analyze?.matched_cves || [];
+      if (cves.length) {
+        lines.push(`## Matched CVEs (${cves.length})`);
+        for (const c of cves) lines.push(`- **${c.cve_id}** · RWEP ${c.rwep} · KEV=${c.cisa_kev} · ${c.active_exploitation}`);
+        lines.push("");
+      }
+      const rem = result.phases?.validate?.selected_remediation;
+      if (rem) {
+        lines.push(`## Recommended remediation`);
+        lines.push(`**${rem.id}** (priority ${rem.priority}) — ${rem.description}`);
+        lines.push("");
+      }
+      const notif = result.phases?.close?.notification_actions || [];
+      if (notif.length) {
+        lines.push(`## Notification clocks`);
+        for (const n of notif) lines.push(`- ${n.obligation_ref} → deadline ${n.deadline}`);
+        lines.push("");
+      }
+      const feeds = result.phases?.close?.feeds_into || [];
+      if (feeds.length) lines.push(`**Next playbooks suggested:** ${feeds.join(", ")}`);
+      process.stdout.write(lines.join("\n") + "\n");
+      return;
+    }
+    // CSAF/SARIF/OpenVEX bundles live under close.evidence_package — the
+    // runner writes them under canonical keys ("csaf-2.0", "sarif",
+    // "openvex"). Normalize the user-supplied shortcuts.
+    const formatNorm = requested === "csaf" ? "csaf-2.0" : requested;
+    const bbf = result.phases?.close?.evidence_package?.bundles_by_format || {};
+    const body = bbf[formatNorm] || result.phases?.close?.evidence_package?.bundle_body;
+    if (body) {
+      emit(body, pretty);
+      return;
+    }
+    // Fallback: full result
+  }
+
   emit(result, pretty);
 }
 
@@ -1833,7 +1975,12 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // remediation choice, residual risk acceptance, signature. Auditors get
     // what they need (the verdict + proof of process) without leaking raw
     // captured data (which may contain PII / secret shapes).
-    const format = args.format || "json";
+    //
+    // v0.11.3: --format is registered as multi in parseArgs, so args.format
+    // is an array when present. Unwrap for direct comparison.
+    let formatRaw = args.format || "json";
+    if (Array.isArray(formatRaw)) formatRaw = formatRaw[0];
+    const format = formatRaw === "csaf-2.0" ? "csaf" : formatRaw;
     const redacted = attestations.map(a => ({
       session_id: a.session_id,
       playbook_id: a.playbook_id,
@@ -2260,22 +2407,43 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       const keyPath = path.join(process.cwd(), ".keys", "private.pem");
       const fallback = path.join(PKG_ROOT, ".keys", "private.pem");
       const present = fs.existsSync(keyPath) || fs.existsSync(fallback);
+      // Bug #61 (v0.11.2): signing-status missing key is a real WARNING. The
+      // attestation pipeline writes unsigned files when this is absent, which
+      // operators reading the attestation later cannot verify for authenticity.
+      // The summary line must reflect this — pre-0.11.2 said "all checks green"
+      // directly above [!!] private key MISSING. Now: it's a warning that
+      // populates summary.warnings_count.
       checks.signing = {
-        ok: true, // signing-status is informational, never "fails"
+        ok: present, // not green if the key is missing — operators need the nudge
+        severity: present ? "info" : "warn",
         private_key_present: present,
         can_sign_attestations: present,
-        ...(present ? {} : { hint: "run `node lib/sign.js generate-keypair` to enable attestation signing" }),
+        ...(present ? {} : { hint: "run `node lib/sign.js generate-keypair` (or `exceptd doctor --fix`) to enable attestation signing" }),
       };
     } catch (e) {
       checks.signing = { ok: false, error: e.message };
     }
   }
 
-  const allGreen = issues.length === 0;
+  // Walk every check and split: errors (severity error/missing/fail) vs warnings
+  // (severity warn). all_green is true ONLY when zero errors AND zero warnings.
+  const warnList = [];
+  const errorList = [];
+  for (const [k, v] of Object.entries(checks)) {
+    if (v.ok === false) errorList.push(k);
+    else if (v.severity === "warn") warnList.push(k);
+  }
+  const allGreen = errorList.length === 0 && warnList.length === 0;
   const out = {
     verb: "doctor",
     checks,
-    summary: { all_green: allGreen, issues_count: issues.length, failed_checks: issues },
+    summary: {
+      all_green: allGreen,
+      issues_count: errorList.length,
+      warnings_count: warnList.length,
+      failed_checks: errorList,
+      warning_checks: warnList,
+    },
   };
 
   if (wantJson) {
@@ -2289,7 +2457,10 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   lines.push("exceptd doctor");
   function mark(c, render) {
     if (!c) return;
-    const icon = c.ok ? "[ok]" : "[!!]";
+    // Three states: ok / warn / error. Bug #61 (v0.11.2) — warn must not be
+    // shown as ok and must count toward the summary so the bottom line
+    // matches the visible icons above.
+    const icon = c.ok && c.severity !== "warn" ? "[ok]" : (c.severity === "warn" ? "[!! warn]" : "[!! fail]");
     lines.push(`  ${icon} ${render(c)}`);
   }
   mark(checks.signatures, c =>
@@ -2320,9 +2491,30 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     }
   }
   lines.push("");
-  lines.push(allGreen ? `summary: all checks green` : `summary: ${issues.length} issue(s) — ${issues.join(", ")}`);
+  if (allGreen) {
+    lines.push(`summary: all checks green`);
+  } else if (errorList.length === 0) {
+    lines.push(`summary: ${warnList.length} warning(s) — ${warnList.join(", ")}`);
+  } else {
+    lines.push(`summary: ${errorList.length} fail / ${warnList.length} warn — fail: ${errorList.join(", ")}; warn: ${warnList.join(", ") || "none"}`);
+  }
   process.stdout.write(lines.join("\n") + "\n");
-  if (!allGreen) process.exitCode = 1;
+  // Bug #69 (v0.11.2): --fix mode for missing private key.
+  if (args.fix && checks.signing && !checks.signing.private_key_present) {
+    process.stdout.write("\n[doctor --fix] generating Ed25519 keypair via `node lib/sign.js generate-keypair`...\n");
+    const r = require("child_process").spawnSync(process.execPath, [path.join(PKG_ROOT, "lib", "sign.js"), "generate-keypair"], { stdio: "inherit", cwd: PKG_ROOT });
+    if (r.status === 0) {
+      process.stdout.write("[doctor --fix] keypair generated — re-run `exceptd doctor` to confirm.\n");
+    } else {
+      process.stdout.write(`[doctor --fix] generation failed (exit=${r.status}); run \`node lib/sign.js generate-keypair\` manually.\n`);
+      process.exitCode = 1;
+      return;
+    }
+  }
+  if (errorList.length > 0) process.exitCode = 1;
+  // Warnings alone do NOT force exit 1 — CI gates use exit 0 to mean "ran
+  // successfully" even with informational warnings. Operators reading the
+  // visible "[!! warn]" line still see the issue.
 }
 
 function cmdListAttestations(runner, args, runOpts, pretty) {
@@ -2570,10 +2762,31 @@ function cmdAiRun(runner, args, runOpts, pretty) {
     const tail = buf.trim();
     if (tail) handleLine(tail);
     if (!handled) {
-      writeLine({ event: "error", reason: "stdin closed without an evidence event." });
+      // Bug #66 (v0.11.2): stdin closed without an evidence event. Before
+      // declaring an error, try to interpret the raw stdin as a bare
+      // submission object (the common shell-pipe case where `echo
+      // '{...}' | exceptd ai-run secrets` pipes the submission body, not a
+      // wrapped event). If it parses as such, run with it and complete the
+      // phases. Otherwise emit the helpful error.
+      const raw = (process.stdin._consumed || "") || buf;
+      const allText = process.stdin._allText;
+      if (allText && allText.trim()) {
+        try {
+          const parsed = JSON.parse(allText.trim());
+          if (parsed && (parsed.observations || parsed.artifacts || parsed.signal_overrides || parsed.precondition_checks)) {
+            handleLine(JSON.stringify({ event: "evidence", payload: parsed }));
+            return;
+          }
+        } catch { /* fall through to error */ }
+      }
+      writeLine({ event: "error", reason: "stdin closed without an evidence event. Pipe `{\"event\":\"evidence\",\"payload\":{...}}` for streaming mode, or pass --no-stream + --evidence <file> for single-shot." });
       process.exit(1);
     }
   });
+
+  // Capture stdin for the post-close fallback.
+  process.stdin._allText = "";
+  process.stdin.on("data", chunk => { process.stdin._allText += chunk.toString(); });
 }
 
 /**
@@ -2609,6 +2822,31 @@ function buildSubmissionFromPayload(payload) {
  * phases.direct.threat_context. Returns the top 5 matches with a confidence
  * score (matched tokens / total tokens).
  */
+/**
+ * `ask "<question>"` — plain-English routing to playbook(s).
+ *
+ * v0.11.2 rewrite (#58 / #67): the v0.11.0 implementation only indexed
+ * domain.name + attack_class + first sentence of threat_context, with a
+ * length>3 token filter that dropped short but-meaningful words like "PQC"
+ * or "MCP". The richer index now includes:
+ *   - playbook id
+ *   - domain.name + domain.attack_class
+ *   - domain.attack_refs (T-numbers) + atlas_refs (AML-numbers)
+ *   - domain.cwe_refs + frameworks_in_scope
+ *   - phases.govern.theater_fingerprints[].claim
+ *   - phases.direct.threat_context (full, not first sentence)
+ *   - phases.direct.framework_lag_declaration
+ *   - skill_chain skill names
+ *   - phases.look.collection_scope.asset_scope
+ *
+ * Token filter dropped to length >= 2 (was > 3) so "PQC" / "MCP" / "CI"
+ * tokens match. Synonym map handles common operator phrasings ("API
+ * keys" → secrets, "supply chain" → sbom / library-author, etc).
+ *
+ * Threshold: top match must have score >= 1 (was > 0; same). When no
+ * playbook scores >= 1, fall back to substring match on playbook ID
+ * itself ("secrets" → secrets playbook).
+ */
 function cmdAsk(runner, args, runOpts, pretty) {
   const question = (args._ || []).join(" ").trim();
   if (!question) {
@@ -2616,42 +2854,97 @@ function cmdAsk(runner, args, runOpts, pretty) {
   }
   const ids = runner.listPlaybooks();
   const q = question.toLowerCase();
-  const tokens = q.split(/\W+/).filter(t => t.length > 3);
+
+  // Synonym expansion — common operator phrasings → playbook-relevant tokens.
+  // Keeps cmdAsk dependency-free; rich enough to cover the 80% of natural
+  // queries listed in the operator report.
+  const SYNONYMS = {
+    "credential": ["secret", "key", "token", "password", "cred"],
+    "credentials": ["secret", "key", "token", "password", "cred"],
+    "api key": ["secret", "credential"],
+    "api keys": ["secret", "credential"],
+    "supply chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
+    "supply-chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
+    "npm package": ["sbom", "dependency", "library", "publish"],
+    "npm packages": ["sbom", "dependency", "library", "publish"],
+    "pqc": ["post-quantum", "quantum", "crypto", "ml-kem", "ml-dsa", "kyber", "dilithium"],
+    "quantum": ["pqc", "post-quantum"],
+    "audit": ["scan", "review", "check", "validate", "verify"],
+    "mcp": ["model context protocol", "tool", "ai-tool"],
+    "ai": ["llm", "model", "anthropic", "openai", "claude"],
+    "compliance": ["framework", "audit", "soc", "iso", "nist", "gdpr", "dora", "nis2", "regulator"],
+    "kernel": ["lpe", "linux", "privilege", "escalation", "cve", "uname"],
+    "container": ["docker", "kubernetes", "k8s", "compose", "image"],
+    "secret": ["credential", "key", "token", "env", "leak"],
+    "secrets": ["credential", "key", "token", "env", "leak", "repo"],
+    "config": ["configuration", "settings"],
+  };
+
+  // Tokenize question (length >= 2, lowercase) + expand via synonyms.
+  const baseTokens = q.split(/\W+/).filter(t => t.length >= 2);
+  const expanded = new Set(baseTokens);
+  // multi-word synonym keys
+  for (const [phrase, syns] of Object.entries(SYNONYMS)) {
+    if (q.includes(phrase)) for (const s of syns) expanded.add(s);
+  }
+  // single-word synonym keys
+  for (const t of baseTokens) {
+    if (SYNONYMS[t]) for (const s of SYNONYMS[t]) expanded.add(s);
+  }
+  const tokens = [...expanded];
+
   const scored = [];
   for (const id of ids) {
     let pb;
     try { pb = runner.loadPlaybook(id); } catch { continue; }
-    const threat = pb.phases?.direct?.threat_context || "";
-    const firstSentence = threat.split(/(?<=[.!?])\s+/)[0] || "";
     const haystack = [
+      pb._meta?.id || id,
       pb.domain?.name || "",
       pb.domain?.attack_class || "",
-      firstSentence,
+      ...(pb.domain?.attack_refs || []),
+      ...(pb.domain?.atlas_refs || []),
+      ...(pb.domain?.cwe_refs || []),
+      ...(pb.domain?.frameworks_in_scope || []),
+      ...((pb.phases?.govern?.theater_fingerprints || []).map(t => t.claim || "")),
+      ...((pb.phases?.govern?.theater_fingerprints || []).map(t => t.pattern_id || "")),
+      pb.phases?.direct?.threat_context || "",
+      pb.phases?.direct?.framework_lag_declaration || "",
+      ...((pb.phases?.direct?.skill_chain || []).map(s => s.skill || "")),
+      pb.phases?.look?.collection_scope?.asset_scope || "",
+      pb.phases?.look?.collection_scope?.time_window || "",
     ].join(" ").toLowerCase();
-    const score = tokens.filter(t => haystack.includes(t)).length;
+    let score = 0;
+    for (const t of tokens) if (haystack.includes(t)) score++;
+    // ID match counts double — "secrets" should map to the secrets playbook.
+    if (tokens.some(t => (pb._meta?.id || id) === t)) score += 3;
     scored.push({ id: pb._meta?.id || id, score });
   }
   scored.sort((a, b) => b.score - a.score);
   const top = scored.filter(s => s.score > 0).slice(0, 5);
 
+  // v0.11.2: default human-readable; --json for machine.
   if (top.length === 0) {
-    emit({
+    const result = {
       verb: "ask",
       question,
-      matched: [],
+      routed_to: [],
       hint: "No playbook matched. Try `exceptd brief --all` to see what's available, or `exceptd discover` to detect what's in your cwd.",
-    }, pretty);
+    };
+    if (args.json) return emit(result, pretty);
+    process.stdout.write(`ask: ${question}\n  no playbook matched.\n  try: exceptd discover  (auto-detect what's in your cwd)\n`);
     return;
   }
 
-  emit({
+  const result = {
     verb: "ask",
     question,
     routed_to: top.map(t => t.id),
-    confidence: top[0].score / Math.max(1, tokens.length),
+    confidence: Math.min(1, top[0].score / Math.max(2, tokens.length)),
     next_step: `exceptd run ${top[0].id}    # or: exceptd brief ${top[0].id} to learn first`,
     full_match_list: top,
-  }, pretty);
+  };
+  if (args.json) return emit(result, pretty);
+  process.stdout.write(`ask: ${question}\n  top match: ${top[0].id} (score ${top[0].score})\n  next: ${result.next_step}\n  alternates: ${top.slice(1).map(t => t.id).join(", ") || "(none)"}\n`);
 }
 
 /**
@@ -2668,11 +2961,29 @@ function cmdCi(runner, args, runOpts, pretty) {
   const maxRwep = args["max-rwep"] !== undefined ? Number(args["max-rwep"]) : null;
   const blockOnClock = !!args["block-on-jurisdiction-clock"];
 
+  // v0.11.2 bug #63: align with discover. ci now includes cross-cutting
+  // playbooks (framework) automatically, and when --scope code is set on a
+  // cwd that has lockfiles, also includes sbom (which is scope:system but
+  // applies to any repo). Operators expect ci to run "what discover would
+  // recommend"; pre-0.11.2 ci ran scope=X only, which dropped framework +
+  // missed sbom-on-repo.
   let ids;
   if (args.all) {
     ids = runner.listPlaybooks();
   } else if (scope) {
     ids = filterPlaybooksByScope(runner, scope);
+    // Always include cross-cutting playbooks regardless of scope choice.
+    const cross = filterPlaybooksByScope(runner, "cross-cutting");
+    ids = [...new Set([...ids, ...cross])];
+    // For code-scope on a repo: also include sbom (system-scope but
+    // repo-relevant) so ci output matches discover.
+    if (scope === "code" && fs.existsSync(path.join(process.cwd(), ".git"))) {
+      const hasLockfile = ["package-lock.json", "yarn.lock", "pnpm-lock.yaml", "requirements.txt", "Pipfile.lock", "Cargo.lock", "go.sum"]
+        .some(f => fs.existsSync(path.join(process.cwd(), f)));
+      if (hasLockfile && runner.listPlaybooks().includes("sbom") && !ids.includes("sbom")) {
+        ids.push("sbom");
+      }
+    }
   } else {
     const scopes = detectScopes();
     ids = scopes.flatMap(s => filterPlaybooksByScope(runner, s));

package/data/_indexes/_meta.json

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-12T15:12:14.697Z",
+  "generated_at": "2026-05-12T15:46:10.198Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 49,
   "source_hashes": {
-    "manifest.json": "c9d65112c41d74b26c533cc37160fe6d450789ad8910fcb8cc4dae6225940ef3",
+    "manifest.json": "8097ba32340aba872d73dd047bebb5f8d561cda8c55bcd224c67475c84cfac4b",
     "data/atlas-ttps.json": "1500b5830dab070c4252496964a8c0948e1052a656e2c7c6e1efaf0350645e13",
     "data/cve-catalog.json": "a81d3e4b491b27ccc084596b063a6108ff10c9eb01d7776922fc393980b534fe",
     "data/cwe-catalog.json": "c3367d469b4b3d31e4c56397dd7a8305a0be338ecd85afa27804c0c9ce12157b",

package/lib/playbook-runner.js

@@ -361,7 +361,17 @@ function detect(playbookId, directiveId, agentSubmission = {}) {
     indicators: indicatorResults,
     false_positive_checks_required: fpChecksRequired,
     classification,
-    minimum_signal_basis: det.minimum_signal?.[classification === 'detected' ? 'detected' : classification === 'not_detected' ? 'not_detected' : 'inconclusive']
+    minimum_signal_basis: det.minimum_signal?.[classification === 'detected' ? 'detected' : classification === 'not_detected' ? 'not_detected' : 'inconclusive'],
+    // v0.11.3 #71: surface what detect actually consumed. Operators reading
+    // the detect output now see whether their flat-shape observations + the
+    // signal_overrides + the classification override all reached the runner.
+    // Pre-0.11.3 detect's output was opaque — "inconclusive" with no
+    // explanation gave operators no signal about what went wrong.
+    observations_received: Object.keys(agentSubmission.artifacts || {}),
+    signals_received: Object.keys(agentSubmission.signal_overrides || {}),
+    indicators_evaluated: indicatorResults.length,
+    classification_override_applied: validOverrides.has(override) ? (override === 'clean' ? 'not_detected' : override) : null,
+    submission_shape_seen: agentSubmission._original_shape || (agentSubmission.artifacts ? 'nested (v0.10.x)' : 'empty')
   };
 }
 
@@ -884,10 +894,29 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals)
  */
 function normalizeSubmission(submission, playbook) {
   if (!submission || typeof submission !== "object") return submission || {};
-  if (submission.artifacts || submission.signal_overrides || submission.signals) return submission;
-  if (!submission.observations && !submission.verdict) return submission;
 
-  const out = { artifacts: {}, signal_overrides: {}, signals: {}, precondition_checks: {} };
+  // v0.11.3 #71 fix: the CLI may inject `signals._bundle_formats` before
+  // calling normalize (for --format <fmt> support). Pre-0.11.3 normalize
+  // detected the injected `signals` key and bailed, leaving the flat
+  // `observations` / `verdict` untranslated and breaking detect. The shape
+  // detector now treats `observations` or `verdict` as authoritative for
+  // "this is flat" — even when nested keys also exist — and merges any
+  // pre-existing nested keys into the normalized result.
+  const hasFlat = submission.observations || submission.verdict;
+
+  if (!hasFlat) {
+    // Truly already-nested. Mark shape and return.
+    if (!submission._original_shape) submission._original_shape = 'nested (v0.10.x)';
+    return submission;
+  }
+
+  const out = {
+    artifacts: { ...(submission.artifacts || {}) },
+    signal_overrides: { ...(submission.signal_overrides || {}) },
+    signals: { ...(submission.signals || {}) },
+    precondition_checks: { ...(submission.precondition_checks || {}) },
+    _original_shape: 'flat (v0.11.0)',
+  };
   const knownPreconditions = new Set((playbook?._meta?.preconditions || []).map(p => p.id));
   const knownArtifacts = new Set((playbook?.phases?.look?.artifacts || []).map(a => a.id));
 

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-12T15:10:59.836Z",
+  "_generated_at": "2026-05-12T15:45:10.483Z",
   "atlas_version": "5.1.0",
   "skill_count": 38,
   "skills": [

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.11.1",
+  "version": "0.11.3",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -52,7 +52,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "WprHkO1KOjQtCBj6/EJghBTNyNKJhn7O2HDbAQZPi5jn4flwHpSrtP8LC15a4Unoh+xiIIgGhvTHZIQFHGMpBQ==",
-      "signed_at": "2026-05-12T15:10:59.392Z",
+      "signed_at": "2026-05-12T15:45:10.018Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -116,7 +116,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "fg20bOXGRkPUdLmegeXpTM4hnzl/ArgcVc88rItZN5DdsnFnzPgUU1PwCI82zooyj2GfxJHYjxNkq5qd2zNPBg==",
-      "signed_at": "2026-05-12T15:10:59.394Z",
+      "signed_at": "2026-05-12T15:45:10.020Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -179,7 +179,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "6JuSzkSSFzFHEZ3ANzqjtIbKPOkwJeKhQ+8WAPB4+dTRvDSeg46n3D88XfGaNd2z7pmg/i8p9ZoImQcHFS4BCg==",
-      "signed_at": "2026-05-12T15:10:59.395Z",
+      "signed_at": "2026-05-12T15:45:10.020Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -225,7 +225,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "PYSw9abiYfW+y7IkY8udJG5LSds2a4rMimlw3rrdD0zE3vunEeV/y7oTmDD4o83OqHSCKNzF/7vMhvd/noqICQ==",
-      "signed_at": "2026-05-12T15:10:59.395Z"
+      "signed_at": "2026-05-12T15:45:10.021Z"
     },
     {
       "name": "compliance-theater",
@@ -256,7 +256,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "BMFmmJYP3HsHIjUqnhw8E3MiMGZJsI/eDq51we+nxUicZ8nFUQT9DhmRntAqOs6BUnsfiQNNLc/rrsNh8yg1CQ==",
-      "signed_at": "2026-05-12T15:10:59.396Z"
+      "signed_at": "2026-05-12T15:45:10.021Z"
     },
     {
       "name": "exploit-scoring",
@@ -285,7 +285,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "VGPyDwy5BRlpn1lZthhPB6ytb4ZcU2j0KtCZbaMkyLdMugQJtK2yEuwrsDH4yEtAhTB6/A4B3eSygJckum49Ag==",
-      "signed_at": "2026-05-12T15:10:59.396Z"
+      "signed_at": "2026-05-12T15:45:10.022Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -322,7 +322,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XkFGpsNnXBVslkQ48usEu9l1LjPiV2ppW+M4B63zXFBP2Puh52qYCffEPjUHYhoO5bjgTM7yCbK8XF/Dzk5wBw==",
-      "signed_at": "2026-05-12T15:10:59.396Z",
+      "signed_at": "2026-05-12T15:45:10.022Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -379,7 +379,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "1Xqy7Kxxy6GpTvuYJPdllPzVDRFxb7N6AuxKuoaO4v91CiZLmiXt0sTIWImKJ3p9Eup6rJNDdsY71dolFhHNBA==",
-      "signed_at": "2026-05-12T15:10:59.396Z",
+      "signed_at": "2026-05-12T15:45:10.022Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -414,7 +414,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "QNLOmAL54S/Cmk4cdO4L2BCGkqZ/FgY4UBsKWtg/EEW+YXF5ev+a8XsUT8q5veuUa2VYcYna7rD1iAnE+2PDBA==",
-      "signed_at": "2026-05-12T15:10:59.397Z",
+      "signed_at": "2026-05-12T15:45:10.023Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -442,7 +442,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "aFHq4cSl3CKchnVITxx+BrAEWD33WtFFJoQtwAug5g9R3/3ABtjaXYGVQaZcdcG1AIZkMoGSPywgLQWDY7ZDCw==",
-      "signed_at": "2026-05-12T15:10:59.397Z"
+      "signed_at": "2026-05-12T15:45:10.023Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "viCTUWdy6euvd2KTAo6sLvarK/FZkDtYGocxBt0H+fY94kLQGW8K5cSpqIWdUF5NUytSHBCiG4YcSze8P9Z/BQ==",
-      "signed_at": "2026-05-12T15:10:59.398Z"
+      "signed_at": "2026-05-12T15:45:10.023Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -501,7 +501,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "6PkUaHQi3Hxuqq/Jp4GYckvfqVEofmeT87NUH0T+pwyjlc+xZkoqNPn65f7ldciEPL86JIPi3/dDTKQbIFFBCw==",
-      "signed_at": "2026-05-12T15:10:59.398Z"
+      "signed_at": "2026-05-12T15:45:10.024Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "ZenFTEzWx+DzrSXlNXhbZ70vOdJSXfrnKkAwqMlBf5nlDf38V1/hG4XCKj43snQXWr4mVJOX6ilqFLTYNIjnBw==",
-      "signed_at": "2026-05-12T15:10:59.398Z",
+      "signed_at": "2026-05-12T15:45:10.024Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -600,7 +600,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "ih0vpd2v2zS31JSJv7SnABoya8JlJdrXZXx4rBnrsV3Assj+dbjAP0pQ1HMT/5RX8yTTswRQsg0bJV3qmbJ3Bw==",
-      "signed_at": "2026-05-12T15:10:59.399Z"
+      "signed_at": "2026-05-12T15:45:10.025Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -637,7 +637,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Lv8dHiwIqUbNsywCCB/+pYWGF+MHCvxVn1IAvR7Cnif5fy0sICv0N4SVsSb621qAAkHNshpfxqwuhbuQnE1TBA==",
-      "signed_at": "2026-05-12T15:10:59.399Z",
+      "signed_at": "2026-05-12T15:45:10.025Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -672,7 +672,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "BS+wrL28HHYhBpe+v84VLoq9KPBXu6alfG968katfGIoLNYQueaHP931bRmlkrjfeb6qbDf067GWdPEh7nroAw==",
-      "signed_at": "2026-05-12T15:10:59.399Z"
+      "signed_at": "2026-05-12T15:45:10.025Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "vLhIYT/CC3IzxMRa+UPeqGSZTvthuwUeTMGNFMm37+TaEk0TtfwPrPyrBJLHw4W6Wt7+pufjHs46X3nTgzoRAg==",
-      "signed_at": "2026-05-12T15:10:59.399Z"
+      "signed_at": "2026-05-12T15:45:10.025Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "TOcQLy/427cuf0Lw90J7A0oIeuhUmf9NXb6tOUS5K3SazCKTJujPgYSVAPZOYf1zZrRAY/aq0iqELd5cLyk5DA==",
-      "signed_at": "2026-05-12T15:10:59.400Z"
+      "signed_at": "2026-05-12T15:45:10.026Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "u4IN7escQa5V+OgdtaJXLdvhmNiGZsdmGOvebTLZ30WoImT+WiksvaqSa0POGdbr6HzFkALe2RrZEH9Tr0U6Dg==",
-      "signed_at": "2026-05-12T15:10:59.400Z"
+      "signed_at": "2026-05-12T15:45:10.026Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "eTGQJ3gnG24WggfwuFNNIFOWV/ttPxTa3pvx9OH28m5KDS1a4ZmOR7K8y01wk/su8bH0ClYYRfoBfKQOtRswAg==",
-      "signed_at": "2026-05-12T15:10:59.401Z"
+      "signed_at": "2026-05-12T15:45:10.026Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "q7gFLPoqf/8bqATR6gt/nj0EoyUOlfzi+bZ0bT3pC9KW7O6M/ji9fT+AXSGNp6PKd+70ACb3mkMGmWgjLpQXCg==",
-      "signed_at": "2026-05-12T15:10:59.402Z"
+      "signed_at": "2026-05-12T15:45:10.027Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "pX8rhrrzuyG3iRrPORLqTZAjzGdWK/bKPUGJG5WHSZcv4LB0kQXOit4sHG0exdXxI6HY8jyX67QY4r5vEHHACw==",
-      "signed_at": "2026-05-12T15:10:59.402Z"
+      "signed_at": "2026-05-12T15:45:10.027Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ypb8kNZQRdyu5mWeveB7sjCjNKXS1yXvjDJv88muzwhOs/a4Fu/Gb532js5NKyy+eCw/emrphpTZaL8R9a2lBA==",
-      "signed_at": "2026-05-12T15:10:59.402Z"
+      "signed_at": "2026-05-12T15:45:10.027Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "346Lt+277ycRNsyAOGwLSONi4awgxKy3hP9G+BWjwaa8ySmTeqbYsbyyhtxjeohk9bV2SF+Hl2q4JdSvc/2qCQ==",
-      "signed_at": "2026-05-12T15:10:59.402Z"
+      "signed_at": "2026-05-12T15:45:10.027Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "ewTvG5vu3ngFHyXgBur5vSKDFQsOZx0x79djGMricl7LCvQf5//OG6LZKXa+AOuEq58prRS+HgzrFA1DiTfeCQ==",
-      "signed_at": "2026-05-12T15:10:59.403Z"
+      "signed_at": "2026-05-12T15:45:10.028Z"
     },
     {
       "name": "webapp-security",
@@ -1311,7 +1311,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ZHjbKu0Em92Kimr2esL1g93mf9TmcsChBhVEMWf/lFrjeLcg8nyHEIcDstIZ3FWYgc6MQNHnc3Rup3Xp/Za1Cw==",
-      "signed_at": "2026-05-12T15:10:59.403Z"
+      "signed_at": "2026-05-12T15:45:10.028Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "1KRxjCbAX0Rs5NTOioi1w/f1SOzDQrtRoXjTDtzEwJ+d1QzFf9cqmBlp0uXmGpL0bzEaHWIctjigSychmoL2Dw==",
-      "signed_at": "2026-05-12T15:10:59.403Z"
+      "signed_at": "2026-05-12T15:45:10.028Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "eiajFh7w7d4g+/crGalTtw9Qsu0deVsdHkdthZSy595ifGmgu0zaFD8usKThbPhOdUCCclTYkZYz5GalQmkhCw==",
-      "signed_at": "2026-05-12T15:10:59.404Z"
+      "signed_at": "2026-05-12T15:45:10.029Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "iSZR/fYESQVyjkcqj+O+yzU0BQfaELH5s7WizzUTWvDPDTD2ZyOnZTT1r/Zfx2l4mbPmVeFGWdYnnVFTk/i3Aw==",
-      "signed_at": "2026-05-12T15:10:59.404Z"
+      "signed_at": "2026-05-12T15:45:10.029Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "Wjdo5YXEL8XeNZkaEueG1DOUoyalstNPzQkxD/cwP5iMrJWg/Ly+sC0Oluuqm3aU7d63z55PrbGQCJD0XVZqBg==",
-      "signed_at": "2026-05-12T15:10:59.404Z"
+      "signed_at": "2026-05-12T15:45:10.029Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "c/l7dOHe0Zj6Ag3abUaEie6o0f8M4rhY5aPI9/wG4z6FDue9PzCVw8vUGoITFgg89g97lMfy2C3CE2PegQoFCw==",
-      "signed_at": "2026-05-12T15:10:59.405Z"
+      "signed_at": "2026-05-12T15:45:10.030Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "9FgcJvYeo07QxQ+mnVRQk4jYLDMO/AVSXMs8cueO2f/qMOTQmrhBMVhj5ze7hzvXpGkp7EK/3Q1XKqde61JMAg==",
-      "signed_at": "2026-05-12T15:10:59.405Z"
+      "signed_at": "2026-05-12T15:45:10.030Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "xRA0XZf7VPtuBtbsm41bay9yBLphw/hlL3YxIUrpko5g9ldM3oJe9o1qSwzIj/wSnQSI29qqPpNsnlks+HEOCA==",
-      "signed_at": "2026-05-12T15:10:59.405Z"
+      "signed_at": "2026-05-12T15:45:10.030Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "GcU50DStuN1gU/Evm/sFRgeieQbqffVp12rgbGnasRX89Q7kM4ltFXB+bgCXHIvICzYb78hPIifWQb9UVupWBQ==",
-      "signed_at": "2026-05-12T15:10:59.406Z"
+      "signed_at": "2026-05-12T15:45:10.031Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "onIazpFoL1t4PMNRsoF06ggnl7BzCKjt0x+ZmVfWfyt1V06DgllsrbN3AAz4+g4jW2Sc71q0vIFKfwEUWpGVAQ==",
-      "signed_at": "2026-05-12T15:10:59.406Z"
+      "signed_at": "2026-05-12T15:45:10.031Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "P0Yv4CtqbnBNP6nSIxQUYYHL7T7ci+iE7iE2UXVfnMPeWVdKG2nvRePjBXc3JZTLima1Txn/I5ocDNhLTIeUAQ==",
-      "signed_at": "2026-05-12T15:10:59.406Z"
+      "signed_at": "2026-05-12T15:45:10.031Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "2pv81lLRbazpHqundCANb3YiLB4lkVsYctIDvI8rxSvHxhPS9jYXqmAoB5APSdDuOaew6XqpfZOehQUj9WmyBw==",
-      "signed_at": "2026-05-12T15:10:59.407Z"
+      "signed_at": "2026-05-12T15:45:10.032Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,7 +2102,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "BJ/YYnGVXeSBaR9oWAVrcNX7Wz+kE8R4CghX6+XEI/qY89fyrkKNNwo2veqqf49wffJhHVJ1wTp8ZDECjNp+Dw==",
-      "signed_at": "2026-05-12T15:10:59.407Z"
+      "signed_at": "2026-05-12T15:45:10.032Z"
     }
   ]
 }

package/orchestrator/index.js

@@ -56,6 +56,7 @@ async function main() {
     case 'validate-rfcs':
       await runValidateRfcs(args);
       break;
+    case 'watch':
     case 'watchlist':
       runWatchlist(args);
       break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.11.1",
+  "version": "0.11.3",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8c82a24f-1d6f-4e1f-80ad-08975a8a86ea",
+  "serialNumber": "urn:uuid:bc8a18f6-0f9a-4701-9673-d234acd23435",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-12T15:11:00.344Z",
+    "timestamp": "2026-05-12T15:45:10.912Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.11.1",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.11.3",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.11.1",
+      "version": "0.11.3",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.11.1",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.11.3",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.11.1"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.11.3"
         },
         {
           "type": "vcs",