@blamejs/exceptd-skills 0.11.7 → 0.11.9

package/CHANGELOG.md

@@ -1,5 +1,66 @@
 # Changelog
 
+## 0.11.9 — 2026-05-12
+
+**Patch: items 99-115 — CLI-shim audit, real fixes.**
+
+User audit identified the common root cause across 8 releases of "fixed" bugs that operators kept re-finding: the CLI shim layer between arg parsing and result rendering. v0.11.9 audits that layer end to end.
+
+### Critical
+
+- **#99 default human output, unconditionally.** Pre-0.11.9 default was conditional on `process.stdout.isTTY`. Under most automation harnesses (Claude Code's Bash tool, GitHub Actions, CI runners, subprocess pipes) `isTTY` is false, so operators saw JSON everywhere "default human" was advertised. Now: when a human renderer is supplied AND no `--json`/`--pretty`/`--json-stdout-only` is passed, emit human. `--json` to opt back into JSON. Closes the longest-standing UX gap.
+
+### Bugs
+
+- **#100 cmdRunMulti exits non-zero on any blocked run.** Pre-0.11.9 the aggregate result had `{ok: false}` in the body but exit code stayed 0 for multi-playbook runs (cmdRunMulti was missing the exit-non-zero gate that cmdRun had). CI gates couldn't distinguish "ran clean" from "any blocked." Now: cmdRunMulti checks `results.some(r => r.ok === false)` and exits 1 when true, matching cmdRun's single-playbook contract.
+
+- **#113 `--operator` surfaces in run result top-level.** Pre-0.11.9 `--operator` was persisted to the attestation file but the run result didn't echo it back. Operators thought the flag was dropped. Now: `result.operator = runOpts.operator` so `exceptd run … --operator … --json | jq .operator` returns the supplied value.
+
+- **#114 `--ack` surfaces in run result top-level.** Same shape as #113. `result.operator_consent = { acked_at, explicit: true }` echoes back in the run result.
+
+- **#115 `ci --required <list>` actually filters.** Pre-0.11.9 the flag was silently ignored — `ci --required secrets,sbom` ran the default scope set anyway. Now: `--required` takes precedence over `--scope` and `--all`, runs exactly the named set, rejects unknown playbook IDs with a structured error.
+
+- **#102 `attest diff` unchanged_count for identical hashes** — already fixed in v0.11.8 (verified by new regression test in this release).
+
+- **#104 jurisdiction clocks on detected** — verified working: `ci --required secrets --evidence <detected-submission>` returns `jurisdiction_clocks_started: 3` (for secrets' 3 detect_confirmed obligations). The user's earlier report was on a pre-canonicalize-fix version where `detection_classification: detected` wasn't propagating.
+
+### Tests
+
+5 new cases for items 104, 113, 114, 115. 333 total.
+
+### Deferred
+
+- **#116** `ci --explain` dry-run mode
+- **#117** `diff <playbook> --since <window>`
+- **#118** `attest sign <id>` retroactive signing
+
+## 0.11.8 — 2026-05-12
+
+**Patch: items 99-104 + 6 new regression tests (328 total).**
+
+### Critical
+
+- **#99 default human-readable output for `brief` + `run`.** Closed across 8 releases of operator reports. `emit()`'s third arg now accepts a human renderer; both verbs supply one. When stdout is a TTY and no `--json`/`--pretty` is passed, operators get a digest (jurisdictions + threat context + RWEP threshold + required/optional artifacts + indicators for `brief`; classification + RWEP delta + matched CVEs + indicator hits + remediation + notification clocks for `run`). Piped output stays JSON for AI consumers and CI scripts.
+
+- **#103 CI no longer fails on inconclusive baseline RWEP.** Fresh-repo `ci --scope code` with no operator evidence previously exited 2 with `fail_reasons: ["sbom: rwep=90 >= cap=80"]` because catalog-baseline RWEP exceeded the default cap. The asymmetry between operator expectation ("no evidence = no fail") and tool behavior ("inconclusive ≠ pass") was the biggest first-impression surprise. Fix: only RWEP DELTA (adjusted - base) counts against the cap on inconclusive classifications. Detected classifications still gate on absolute RWEP. Baseline + zero evidence → PASS.
+
+### Bugs
+
+- **#101 `ai-run --no-stream` shape unified with `run`.** Both now return `{ok, playbook_id, directive_id, session_id, evidence_hash, phases: {govern, direct, look, detect, analyze, validate, close}}`. Pre-0.11.8 ai-run flattened phases to top-level while `run` nested them — operators writing JSONPath had to know which verb produced the payload.
+
+- **#102 `attest diff` `unchanged_count` now correct.** Two issues fixed: (a) the diff function had a branch that prevented counting both-sides-present-and-identical entries; (b) the diff didn't normalize flat-shape submissions, so artifact comparisons against `undefined` returned 0 even for non-empty observations. Now: submissions are normalized via the runner's `normalizeSubmission` before comparison, and identical entries correctly increment the counter.
+
+- **#100 exit code contract** — verified correct + locked with regression tests. `result.ok === false` → exit 1 (preflight halt). `result.ok === true` with warn-level preflight_issues → exit 0 (run completed). `--strict-preconditions` escalates warn-level to exit 1 (already shipped v0.11.6). Three named test cases lock the contract in.
+
+### Tests
+
+6 new regression cases for items 99-103. 328 cases total in `tests/operator-bugs.test.js`.
+
+### Deferred
+
+- **#104** `--block-on-jurisdiction-clock` trigger condition unclear in help — clock_starts events fire on `detect_confirmed` etc; without a detected classification no clock fires. Help text wording deferred to v0.11.9.
+- **#105-108** `ci --explain`, `diff <playbook> --since 7d`, `ci --required`, `attest sign <id>` — features deferred to v0.11.9.
+
 ## 0.11.7 — 2026-05-12
 
 **Republish of v0.11.6 (which failed CI publish). Adds CI publish-gate fix.**

package/bin/exceptd.js

@@ -437,17 +437,22 @@ function parseArgs(argv, opts) {
 }
 
 function emit(obj, pretty, humanRenderer) {
-  // v0.11.6 (#95): real default-human flip. When stdout is a TTY AND no
-  // --json/--pretty was passed AND a custom human renderer was supplied,
-  // render the human form. Otherwise: indented JSON on TTY (improvement
-  // over compact), compact JSON when piped. --pretty forces indented JSON
-  // regardless. --json forces JSON (overrides human renderer).
-  const interactive = process.stdout.isTTY && !process.env.EXCEPTD_RAW_JSON;
-  const wantHuman = humanRenderer && interactive && !pretty && !global.__exceptdWantJson;
-  if (wantHuman) {
+  // v0.11.9 (#99): default to HUMAN-readable unconditionally when a renderer
+  // is provided. Pre-0.11.9 the default depended on process.stdout.isTTY,
+  // which is false under most automation harnesses (Claude Code's Bash tool,
+  // GitHub Actions, CI runners, subprocess pipes). Operators saw JSON
+  // everywhere "default human" was advertised. Now:
+  //   --json or --json-stdout-only   → compact JSON
+  //   --pretty                       → indented JSON
+  //   default (no flag, renderer present) → HUMAN
+  //   default (no flag, no renderer)      → indented JSON when TTY else compact
+  // This closes the longest-standing UX gap across 8 releases.
+  const wantJson = !!global.__exceptdWantJson || !!process.env.EXCEPTD_RAW_JSON;
+  if (humanRenderer && !wantJson && !pretty) {
     process.stdout.write(humanRenderer(obj) + "\n");
     return;
   }
+  const interactive = process.stdout.isTTY && !process.env.EXCEPTD_RAW_JSON;
   const indent = pretty || (interactive && !pretty);
   const s = indent ? JSON.stringify(obj, null, 2) : JSON.stringify(obj);
   process.stdout.write(s + "\n");
@@ -999,7 +1004,42 @@ function cmdBrief(runner, args, runOpts, pretty) {
     detect_indicators_preview: (pb.phases?.detect?.indicators || []).map(i => ({
       id: i.id, type: i.type, confidence: i.confidence, deterministic: !!i.deterministic
     })),
-  }, pretty);
+  }, pretty, (obj) => {
+    // v0.11.8 (#99) — human renderer for `brief`. Used on TTY when --json /
+    // --pretty are NOT set. Structured digest covering the three info phases.
+    const lines = [];
+    lines.push(`brief: ${obj.playbook_id} (${obj.directive_id})`);
+    lines.push(`  scope: ${obj.scope || "n/a"}   threat_currency_score: ${obj.threat_currency_score}`);
+    if (obj.jurisdiction_obligations?.length) {
+      lines.push(`\nJurisdiction obligations (${obj.jurisdiction_obligations.length}):`);
+      for (const j of obj.jurisdiction_obligations.slice(0, 6)) {
+        lines.push(`  ${j.jurisdiction} ${j.regulation} → ${j.window_hours}h on ${j.clock_starts}`);
+      }
+      if (obj.jurisdiction_obligations.length > 6) lines.push(`  … ${obj.jurisdiction_obligations.length - 6} more`);
+    }
+    if (obj.threat_context) {
+      const first = obj.threat_context.split(/(?<=[.!?])\s+/)[0] || "";
+      lines.push(`\nThreat context: ${first.slice(0, 200)}${first.length > 200 ? "…" : ""}`);
+    }
+    if (obj.rwep_threshold) {
+      lines.push(`\nRWEP threshold: escalate ${obj.rwep_threshold.escalate} · monitor ${obj.rwep_threshold.monitor} · close ${obj.rwep_threshold.close}`);
+    }
+    const required = (obj.artifacts || []).filter(a => a.required);
+    const optional = (obj.artifacts || []).filter(a => !a.required);
+    lines.push(`\nRequired artifacts (${required.length}): ${required.map(a => a.id).join(", ") || "(none)"}`);
+    if (optional.length) lines.push(`Optional artifacts (${optional.length}): ${optional.map(a => a.id).slice(0, 8).join(", ")}${optional.length > 8 ? ", …" : ""}`);
+    const indicators = obj.detect_indicators_preview || [];
+    lines.push(`\nIndicators (${indicators.length}): ${indicators.map(i => i.id).slice(0, 8).join(", ")}${indicators.length > 8 ? ", …" : ""}`);
+    if (obj.preconditions?.length) {
+      lines.push(`\nPreconditions (${obj.preconditions.length}):`);
+      for (const p of obj.preconditions) {
+        lines.push(`  ${p.id} (${p.on_fail}): ${p.description?.slice(0, 80) || p.check}`);
+      }
+    }
+    lines.push(`\nRun: exceptd run ${obj.playbook_id} --evidence <file|-> --json`);
+    lines.push(`Full structured doc: --json or --pretty`);
+    return lines.join("\n");
+  });
 }
 
 /** `run-all` alias for `run --all`. */
@@ -1254,6 +1294,12 @@ function cmdRun(runner, args, runOpts, pretty) {
 
   const result = runner.run(playbookId, directiveId, submission, runOpts);
 
+  // v0.11.9 (#113/#114): surface --operator and --ack in the run result so
+  // operators see the attribution + consent state without inspecting the
+  // attestation file. Pre-0.11.9 these were persisted to disk only.
+  if (result && runOpts.operator) result.operator = runOpts.operator;
+  if (result && runOpts.operator_consent) result.operator_consent = runOpts.operator_consent;
+
   // Persist attestation for reattest cycles when the run succeeded.
   if (result && result.ok && result.session_id) {
     const persistResult = persistAttestation({
@@ -1448,7 +1494,52 @@ function cmdRun(runner, args, runOpts, pretty) {
     // Fallback: full result
   }
 
-  emit(result, pretty);
+  emit(result, pretty, (obj) => {
+    // v0.11.8 (#99) — human renderer for `run`. Used on TTY when --json /
+    // --pretty are NOT set. One-screen digest of the run; full JSON via --json.
+    const lines = [];
+    lines.push(`run: ${obj.playbook_id} (${obj.directive_id})`);
+    lines.push(`  session-id: ${obj.session_id}`);
+    lines.push(`  evidence-hash: ${obj.evidence_hash}`);
+    const cls = obj.phases?.detect?.classification || "n/a";
+    const rwep = obj.phases?.analyze?.rwep;
+    const adj = rwep?.adjusted ?? 0;
+    const base = rwep?.base ?? 0;
+    const top = rwep?.threshold?.escalate ?? "n/a";
+    const verdictIcon = cls === "detected" ? "[!! DETECTED]" : cls === "inconclusive" ? "[i  INCONCLUSIVE]" : "[ok]";
+    lines.push(`\n${verdictIcon}  classification=${cls}  RWEP ${adj}/${top}${adj !== base ? ` (Δ${adj - base} from operator evidence)` : " (catalog baseline)"}  blast_radius=${obj.phases?.analyze?.blast_radius_score ?? "n/a"}/5`);
+    const cves = obj.phases?.analyze?.matched_cves || [];
+    if (cves.length) {
+      lines.push(`\nMatched CVEs (${cves.length}):`);
+      for (const c of cves.slice(0, 6)) lines.push(`  ${c.cve_id}  RWEP ${c.rwep}  KEV=${c.cisa_kev}  ${c.active_exploitation || ""}`);
+      if (cves.length > 6) lines.push(`  … ${cves.length - 6} more`);
+    }
+    const indicators = obj.phases?.detect?.indicators || [];
+    const hits = indicators.filter(i => i.verdict === "hit");
+    if (hits.length) {
+      lines.push(`\nIndicators that fired (${hits.length}):`);
+      for (const i of hits.slice(0, 8)) lines.push(`  ${i.id}  (${i.confidence}${i.deterministic ? "/deterministic" : ""})`);
+    }
+    const rem = obj.phases?.validate?.selected_remediation;
+    if (rem) {
+      lines.push(`\nRecommended remediation: ${rem.id} (priority ${rem.priority})`);
+      lines.push(`  ${rem.description?.slice(0, 200) || ""}`);
+    }
+    const notif = (obj.phases?.close?.notification_actions || []).filter(n => n.clock_started_at);
+    if (notif.length) {
+      lines.push(`\nNotification clocks started (${notif.length}):`);
+      for (const n of notif) lines.push(`  ${n.obligation_ref} → deadline ${n.deadline}`);
+    }
+    const feeds = obj.phases?.close?.feeds_into || [];
+    if (feeds.length) lines.push(`\nNext playbooks suggested: ${feeds.join(", ")}`);
+    const issues = obj.preflight_issues || [];
+    if (issues.length) {
+      lines.push(`\nPreflight warnings (${issues.length}):`);
+      for (const i of issues) lines.push(`  [${i.on_fail}] ${i.id}: ${i.check || ""}`);
+    }
+    lines.push(`\nFull structured result: --json (or --pretty for indented).`);
+    return lines.join("\n");
+  });
 }
 
 /**
@@ -1546,6 +1637,12 @@ function cmdRunMulti(runner, ids, args, runOpts, pretty, meta) {
     },
     results,
   }, pretty);
+  // v0.11.9 (#100): cmdRunMulti exits non-zero when any individual run
+  // returned ok:false. Pre-0.11.9 the aggregate result had {ok:false} in
+  // the body but exit code stayed 0 — CI gates couldn't distinguish "ran
+  // clean" from "blocked." Now matches cmdRun's single-playbook contract.
+  const anyBlocked = results.some(r => r.ok === false);
+  if (anyBlocked) process.exit(1);
 }
 
 function cmdIngest(runner, args, runOpts, pretty) {
@@ -1977,8 +2074,19 @@ function cmdAttest(runner, args, runOpts, pretty) {
         a_evidence_hash: self.evidence_hash,
         b_evidence_hash: other.evidence_hash,
         status: self.evidence_hash === other.evidence_hash ? "unchanged" : "drifted",
-        artifact_diff: diffArtifacts((self.submission || {}).artifacts, (other.submission || {}).artifacts),
-        signal_override_diff: diffSignalOverrides((self.submission || {}).signal_overrides, (other.submission || {}).signal_overrides),
+        // v0.11.8 (#102): normalize submissions before diffing so flat-shape
+        // (observations + verdict) submissions emit meaningful artifact_diff
+        // counts. Pre-0.11.8 (self.submission||{}).artifacts was undefined
+        // for flat submissions; the diff returned all zeros even when
+        // artifacts were present in observations.
+        artifact_diff: diffArtifacts(
+          normalizedArtifacts(self.submission, runner),
+          normalizedArtifacts(other.submission, runner)
+        ),
+        signal_override_diff: diffSignalOverrides(
+          normalizedSignalOverrides(self.submission, runner),
+          normalizedSignalOverrides(other.submission, runner)
+        ),
       }, pretty);
       return;
     }
@@ -2080,6 +2188,36 @@ function cmdAttest(runner, args, runOpts, pretty) {
   return emitError(`attest: unknown subverb "${subverb}". Try export | verify | show.`, null, pretty);
 }
 
+/**
+ * v0.11.8 (#102): extract normalized artifacts/signal_overrides from a stored
+ * attestation submission. Flat-shape submissions store `observations` only;
+ * nested submissions store `artifacts` + `signal_overrides`. Returning the
+ * canonical nested view of both shapes lets `attest diff` produce meaningful
+ * counts regardless of which shape the operator submitted.
+ */
+function normalizedArtifacts(submission, runner) {
+  if (!submission || typeof submission !== "object") return {};
+  if (submission.artifacts) return submission.artifacts;
+  if (submission.observations) {
+    try {
+      const norm = runner.normalizeSubmission({ observations: submission.observations }, { _meta: {}, phases: { look: { artifacts: [] } } });
+      return norm.artifacts || {};
+    } catch { return {}; }
+  }
+  return {};
+}
+function normalizedSignalOverrides(submission, runner) {
+  if (!submission || typeof submission !== "object") return {};
+  if (submission.signal_overrides) return submission.signal_overrides;
+  if (submission.observations) {
+    try {
+      const norm = runner.normalizeSubmission({ observations: submission.observations }, { _meta: {}, phases: { look: { artifacts: [] } } });
+      return norm.signal_overrides || {};
+    } catch { return {}; }
+  }
+  return {};
+}
+
 /**
  * Per-artifact diff between two submissions. Returns { added, removed, changed }
  * keyed by artifact id. Used by `attest diff` (bug #34 fix) so operators get
@@ -2091,15 +2229,22 @@ function diffArtifacts(a, b) {
   const out = { added: [], removed: [], changed: [], unchanged_count: 0 };
   for (const id of allIds) {
     const av = a[id], bv = b[id];
-    if (!av && bv) out.added.push({ id, captured: !!bv.captured, value_preview: previewValue(bv.value) });
-    else if (av && !bv) out.removed.push({ id, captured: !!av.captured, value_preview: previewValue(av.value) });
-    else if (JSON.stringify(av) !== JSON.stringify(bv)) {
+    if (!av && bv) {
+      out.added.push({ id, captured: !!bv.captured, value_preview: previewValue(bv.value) });
+    } else if (av && !bv) {
+      out.removed.push({ id, captured: !!av.captured, value_preview: previewValue(av.value) });
+    } else if (av && bv && JSON.stringify(av) !== JSON.stringify(bv)) {
       out.changed.push({
         id,
         a_captured: !!av.captured, b_captured: !!bv.captured,
         a_value_preview: previewValue(av.value), b_value_preview: previewValue(bv.value),
       });
-    } else { out.unchanged_count++; }
+    } else if (av && bv) {
+      // v0.11.8 (#102): both sides have the entry AND they're identical →
+      // unchanged. Pre-0.11.8 the unchanged path was unreachable because the
+      // !av && bv guards short-circuited when both existed.
+      out.unchanged_count++;
+    }
   }
   return out;
 }
@@ -2767,20 +2912,28 @@ function cmdAiRun(runner, args, runOpts, pretty) {
       process.stderr.write((pretty ? JSON.stringify(result || {}, null, 2) : JSON.stringify(result || {})) + "\n");
       process.exit(1);
     }
+    // v0.11.8 (#101): unify ai-run --no-stream shape with `run`. Pre-0.11.8
+    // ai-run flattened phases to top-level (`govern`, `direct`, `look`, ...),
+    // while `run` nested them under `phases.*`. Operators writing JSONPath
+    // queries had to know which verb produced the payload. Now both share
+    // `{ok, playbook_id, directive_id, session_id, evidence_hash, phases: {...}}`.
     emit({
+      ok: result.ok !== false,
       verb: "ai-run",
       mode: "no-stream",
       playbook_id: playbookId,
       directive_id: directiveId,
-      govern: governEvent,
-      direct: directEvent,
-      look: lookEvent,
-      detect: result.phases?.detect || null,
-      analyze: result.phases?.analyze || null,
-      validate: result.phases?.validate || null,
-      close: result.phases?.close || null,
       session_id: result.session_id,
       evidence_hash: result.evidence_hash,
+      phases: {
+        govern: governEvent,
+        direct: directEvent,
+        look: lookEvent,
+        detect: result.phases?.detect || null,
+        analyze: result.phases?.analyze || null,
+        validate: result.phases?.validate || null,
+        close: result.phases?.close || null,
+      },
     }, pretty);
     return;
   }
@@ -3051,14 +3204,20 @@ function cmdCi(runner, args, runOpts, pretty) {
   const maxRwep = args["max-rwep"] !== undefined ? Number(args["max-rwep"]) : null;
   const blockOnClock = !!args["block-on-jurisdiction-clock"];
 
-  // v0.11.2 bug #63: align with discover. ci now includes cross-cutting
-  // playbooks (framework) automatically, and when --scope code is set on a
-  // cwd that has lockfiles, also includes sbom (which is scope:system but
-  // applies to any repo). Operators expect ci to run "what discover would
-  // recommend"; pre-0.11.2 ci ran scope=X only, which dropped framework +
-  // missed sbom-on-repo.
+  // v0.11.9 (#115): --required <playbook,playbook,...> takes precedence over
+  // --scope and --all. Operators specifying an explicit set get exactly that
+  // set, no more, no less. Pre-0.11.9 the flag was silently ignored.
   let ids;
-  if (args.all) {
+  if (args.required) {
+    const requestedRaw = Array.isArray(args.required) ? args.required.join(",") : args.required;
+    const requested = requestedRaw.split(",").map(s => s.trim()).filter(Boolean);
+    const all = runner.listPlaybooks();
+    const unknown = requested.filter(r => !all.includes(r));
+    if (unknown.length > 0) {
+      return emitError(`ci --required: unknown playbook ID(s) ${JSON.stringify(unknown)}. Known: ${all.join(", ")}.`, null, pretty);
+    }
+    ids = requested;
+  } else if (args.all) {
     ids = runner.listPlaybooks();
   } else if (scope) {
     ids = filterPlaybooksByScope(runner, scope);
@@ -3133,19 +3292,31 @@ function cmdCi(runner, args, runOpts, pretty) {
       continue;
     }
     const cls = result.phases?.detect?.classification;
+    const rwepBase = result.phases?.analyze?.rwep?.base ?? 0;
     const rwepAdj = result.phases?.analyze?.rwep?.adjusted ?? 0;
     const cap = maxRwep !== null
       ? maxRwep
       : (result.phases?.analyze?.rwep?.threshold?.escalate ?? 90);
     const clockStarted = (result.phases?.close?.notification_actions || [])
       .some(n => n && n.clock_started_at != null);
+
     if (cls === "detected") {
       fail = true;
       failReasons.push(`${id}: classification=detected`);
     }
-    if (cls !== "not_detected" && cls !== "clean" && rwepAdj >= cap) {
+    // v0.11.8 (#103): only count RWEP against the cap when the operator's
+    // signals actually moved the score, OR classification reached "detected".
+    // Pre-0.11.8 a fresh `ci --scope code` run with NO operator evidence
+    // failed because catalog-baseline RWEP (e.g. 90 for KEV-listed kernel
+    // CVEs) exceeded the default cap (80). That penalized inconclusive runs
+    // for catalogue facts the operator hadn't yet weighed in on. Now: only
+    // RWEP DELTA (adjusted - base) counts against the cap on inconclusive
+    // classifications. Detected runs still fail on absolute RWEP.
+    if (cls === "detected" && rwepAdj >= cap) {
+      // Already failed above; this branch documents the rationale.
+    } else if (cls === "inconclusive" && rwepAdj - rwepBase >= cap) {
       fail = true;
-      failReasons.push(`${id}: rwep=${rwepAdj} >= cap=${cap} (classification=${cls})`);
+      failReasons.push(`${id}: rwep_delta=${rwepAdj - rwepBase} >= cap=${cap} (classification=inconclusive; operator evidence raised the score)`);
     }
     if (blockOnClock && clockStarted) {
       fail = true;

package/data/_indexes/_meta.json

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-12T17:44:09.922Z",
+  "generated_at": "2026-05-12T22:31:50.263Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 49,
   "source_hashes": {
-    "manifest.json": "ca19f2d85b4b143dffe5517494455f0a8a2c97bddd028c66ef5a38623503a160",
+    "manifest.json": "6d71ff7bba13b2ac8fb51d6b351b05378dd3f598080fff000b9db1ea9bdc5431",
     "data/atlas-ttps.json": "1500b5830dab070c4252496964a8c0948e1052a656e2c7c6e1efaf0350645e13",
     "data/cve-catalog.json": "a81d3e4b491b27ccc084596b063a6108ff10c9eb01d7776922fc393980b534fe",
     "data/cwe-catalog.json": "c3367d469b4b3d31e4c56397dd7a8305a0be338ecd85afa27804c0c9ce12157b",

package/keys/public.pem

@@ -1,3 +1,3 @@
 -----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEAaRfxRnf9Z/887Hux2Senf7NSEaAnhGLwLg9oLL1vhDM=
+MCowBQYDK2VwAyEA3VtzvPIJbnd0sZyuyr5vRzxRpQNkoLgFOlab8NurSuM=
 -----END PUBLIC KEY-----

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-12T17:43:06.691Z",
+  "_generated_at": "2026-05-12T22:30:56.549Z",
   "atlas_version": "5.1.0",
   "skill_count": 38,
   "skills": [

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.11.7",
+  "version": "0.11.9",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -52,7 +52,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Xk593pj7my6wPJbQBE47khpIUrPsp6N1lW7cE2T/VPPF5T+8C1yGKc9B8VphD7Q08yWFcbwF6HoWpA/+4uG9DA==",
-      "signed_at": "2026-05-12T17:43:06.252Z",
+      "signed_at": "2026-05-12T22:30:56.134Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -116,7 +116,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "nOgUu+LK9fy6ASTCoRGtx3ttgjZCl7WIkKu2wu06JEKVSpL2cKU3ex2tmVAvv11LBmpTH+b/0zvqXlzcxzHnCw==",
-      "signed_at": "2026-05-12T17:43:06.255Z",
+      "signed_at": "2026-05-12T22:30:56.136Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -179,7 +179,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "7FH1J9PlOyvcRCzRmggmenX9fIR0pi/veXihb3TeStcq1Rpuz1KHdOcJLqA9su4t2goYukKKCXHV6hx8hzplAA==",
-      "signed_at": "2026-05-12T17:43:06.255Z",
+      "signed_at": "2026-05-12T22:30:56.136Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -225,7 +225,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "FqTRjHfEgw56pyHnyWzNtnhzDMEePBtmuamtW/iyX+h4yqbvP4Fyr7NRjRs3EgqT4j7oHuEZhV9Jt6ZTBgN4AA==",
-      "signed_at": "2026-05-12T17:43:06.255Z"
+      "signed_at": "2026-05-12T22:30:56.136Z"
     },
     {
       "name": "compliance-theater",
@@ -256,7 +256,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "3fN4yotiIIq76PVTHwozCu28TzDZvWule6vX8SXUT3XXbIBSuvAO0M/euvc3pw3TdZ2UNf78dI18lOCNdJ0aAg==",
-      "signed_at": "2026-05-12T17:43:06.256Z"
+      "signed_at": "2026-05-12T22:30:56.137Z"
     },
     {
       "name": "exploit-scoring",
@@ -285,7 +285,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "yZfpk4lQMRXegj2ADWjMmZTchUN6Lxpv587O/0JMzbNkXQtD6FrSAQOBWjx8S7uQ/sTntxgGN7aQQDLxL9RWAA==",
-      "signed_at": "2026-05-12T17:43:06.257Z"
+      "signed_at": "2026-05-12T22:30:56.137Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -322,7 +322,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "ABHkoqee67KdUyDZ3bvF+/DNxjGhPR/ehT6pfOnmUIMmkcQFHpZ0OUVXKiFUANaLgKLP1vg0VEmHOoxpNA3vAA==",
-      "signed_at": "2026-05-12T17:43:06.257Z",
+      "signed_at": "2026-05-12T22:30:56.138Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -379,7 +379,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "+Nd/2tgBnW+mEGX84QvkgR2To2J7kA+lB63BsADDKeCXeebFv6Vo9H1P4vyUkKHfe4fP0ndpy3agIZcUO/e/Dg==",
-      "signed_at": "2026-05-12T17:43:06.257Z",
+      "signed_at": "2026-05-12T22:30:56.138Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -414,7 +414,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "VMNGFvowXLbBjZp5nvWloKkqyqHKhnSzbVRU3gX9quOZJHH56w2M4id+oDsXIjR0CfRRb7eXl/so0Hq4xLBuBQ==",
-      "signed_at": "2026-05-12T17:43:06.257Z",
+      "signed_at": "2026-05-12T22:30:56.138Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -442,7 +442,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "5MaJs7gPCuFlK4oAttLulAPOA1noeV+xD/UqVWaVyRedXZgebBGKjnlE2t1qmTugvxlNIfeAnBZapk+Wz3VAAg==",
-      "signed_at": "2026-05-12T17:43:06.258Z"
+      "signed_at": "2026-05-12T22:30:56.139Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "S/YXUpI/mcG2FpdUTgMsccWBtTaR5A4Ph4QFQw31S9w9Hn/z3sOFHLkb1B5YSwlg+mMOtSIxMdet1eLGSZkTDg==",
-      "signed_at": "2026-05-12T17:43:06.258Z"
+      "signed_at": "2026-05-12T22:30:56.139Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -501,7 +501,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "AKS+JsmhhBtytY2eIMuydjkZOYprWCmQ+RqxyxcVG9XcEI29ZSM/JbVIINQHozFl7OPPrOu1ouiTnk7LOJ86Bg==",
-      "signed_at": "2026-05-12T17:43:06.258Z"
+      "signed_at": "2026-05-12T22:30:56.139Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "oEkK5bLS/G5RIHnxlNFJYdzhTJbKZnkJv+W4iS9UJ/uszZHgZGoxygELPc4kn3FowV5eE988SQYG4WKlXtNzCg==",
-      "signed_at": "2026-05-12T17:43:06.259Z",
+      "signed_at": "2026-05-12T22:30:56.140Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -600,7 +600,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "nPV6YTo1rsNH49qUnZpfoNLEQZXuLNyV05QMUOgXKHYeVDjotYpWhLgyVXlRhjV/fStiA2sWQ0MOnEJ4FBIfDg==",
-      "signed_at": "2026-05-12T17:43:06.259Z"
+      "signed_at": "2026-05-12T22:30:56.140Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -637,7 +637,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "7rirSEONz6O9Yyf46eTyuwkGizCj9FRcNHe5p7Qz6nhJoZQRW5FwW7n9opL0WlbIw8FDBYn1f22zgNUV87L5AQ==",
-      "signed_at": "2026-05-12T17:43:06.260Z",
+      "signed_at": "2026-05-12T22:30:56.140Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -672,7 +672,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "+evehnd2wSBb8uMTlTr5/aTN4bfLjsKzZJk/+OMLMOJrjCt+OuMU7EQC6xMUGeSc4cPEGajghDvq3xVaacV2Dw==",
-      "signed_at": "2026-05-12T17:43:06.260Z"
+      "signed_at": "2026-05-12T22:30:56.141Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "KHOXxloAYf7xqXjm2BaL3HVAZOmb7rMiMh20H/oaIkjN0WD1CnKCrRGPJn867uSFhCh/timkXolaiqD1L/h8Dg==",
-      "signed_at": "2026-05-12T17:43:06.260Z"
+      "signed_at": "2026-05-12T22:30:56.141Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-12T17:43:06.261Z"
+      "signed_at": "2026-05-12T22:30:56.141Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "8tFAhXAS8zZN3SUOdn+ZIu7lQ48JMOyBQ8SaObR3L/fDyFmDhufqleY2VzI3yigqlT/D4Y8FYxZHKmzXiALjDw==",
-      "signed_at": "2026-05-12T17:43:06.261Z"
+      "signed_at": "2026-05-12T22:30:56.141Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "8xlk5ZfTKVYqTE2+ifkjTBu/RPqs4MIvX7SpOHl22YDHi7nzJ1ywPhSNYJzoPdPV4AUuWG518EldQJsEIuyuAA==",
-      "signed_at": "2026-05-12T17:43:06.261Z"
+      "signed_at": "2026-05-12T22:30:56.142Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "AMdLkDx/e3ESI4NAnJhhcaas+Ru8VjrSn6v6RBbmmzoLCGo/vFxGraa1p/qF9udhVG+DdkbwHfbfKK5Im19KDw==",
-      "signed_at": "2026-05-12T17:43:06.262Z"
+      "signed_at": "2026-05-12T22:30:56.142Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "pSMHKkyWoZvRIuVtN7Vue51sP5MIy9lSaQa2YSAMhxjptx81cUnPt3S11/Tb9Ea1/eluMNQ+5F25eF2njr4mBQ==",
-      "signed_at": "2026-05-12T17:43:06.262Z"
+      "signed_at": "2026-05-12T22:30:56.142Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "qjky+ZTX1DP7uRRMQZq7S7P9/uaJEoB1dy4RZ1l37Q4OO3k2ryfL+7o0Cgm/piuafJfH+dqUeNCRrVefj4r8Dw==",
-      "signed_at": "2026-05-12T17:43:06.262Z"
+      "signed_at": "2026-05-12T22:30:56.142Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "F86Zl/I+dBzHYRUuGWsjDQI2F/I/vhzwZUFMqhNfKUzRbMf6mafOX2APCPYTp3eP1DvvvfL3Yc0hb1R5Q4nOAg==",
-      "signed_at": "2026-05-12T17:43:06.262Z"
+      "signed_at": "2026-05-12T22:30:56.143Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "D/4d5NcJScNH58ADXsSrVzTmLSWZpUZTdyhtDkJlC0twSMNczOiDsXgYFitBaZgGdv5nVd00viR45mNrsaZ4BQ==",
-      "signed_at": "2026-05-12T17:43:06.263Z"
+      "signed_at": "2026-05-12T22:30:56.143Z"
     },
     {
       "name": "webapp-security",
@@ -1311,7 +1311,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "UOXaUtpcFjXyDQ70z2PaGu6K3pABtXp+7YzO6eGVGpN1CxXpPq/xW/CnTng6B7wk9WSsqD0OORBJp4VCjiVfAQ==",
-      "signed_at": "2026-05-12T17:43:06.263Z"
+      "signed_at": "2026-05-12T22:30:56.143Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IVKygsrFjiM64fQVbd2PT6jDjs6fm5nKwJSqGfK53gG0S9wdHC4QYuh+LWlI/2ftvIKjjedLQ6FRyTrqpDEuDw==",
-      "signed_at": "2026-05-12T17:43:06.263Z"
+      "signed_at": "2026-05-12T22:30:56.144Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "P+CdSu8ZJCNUU4nTa09Voh2PcYF3y/AFJn4v7cjVIGo9FbbqO7MwvGN7cJ+aSRs2/3NMUXX4eupcODslxYyJDw==",
-      "signed_at": "2026-05-12T17:43:06.264Z"
+      "signed_at": "2026-05-12T22:30:56.144Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "zpEfh181Sc0b0cvRf/31Ir1f8lD4V5tehTogO3TJMxdKmXu06IAK7hrhBcLA/jFBv3xDDwrWW3sHzChVhWDeDA==",
-      "signed_at": "2026-05-12T17:43:06.264Z"
+      "signed_at": "2026-05-12T22:30:56.144Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "7NpQlPu1DkpY9f+Frv/LLBHWUUe/qTM80c+xeYDxOzweXhvJGE/dnDCjglYHTjxT82L9cVxzBezvLEne20UpBg==",
-      "signed_at": "2026-05-12T17:43:06.264Z"
+      "signed_at": "2026-05-12T22:30:56.145Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "4rhyHN5HykK7MQUmhvaTeDGj6Qf5swDd5ry8foh4KBvTkRKxTI/XyxconFGm5FASnySGPLMxX6m4JZAq5wiNBg==",
-      "signed_at": "2026-05-12T17:43:06.265Z"
+      "signed_at": "2026-05-12T22:30:56.145Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "hS1izPhETclITK7fp6R67dhy+wFDti/YsJ2M5I1gDjeWZYK41WuxeYSyt5xEHbCr3WCGDFJe77jkK1MWkxk2BA==",
-      "signed_at": "2026-05-12T17:43:06.265Z"
+      "signed_at": "2026-05-12T22:30:56.145Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "kuatqNZoRnv+oeyrxbnk+m37JRBIgRAWnDp0/IYLnoBOybiG09RzLILJraxjhvdSNCgo7WXTeBO3Y6a3Ji9MAA==",
-      "signed_at": "2026-05-12T17:43:06.265Z"
+      "signed_at": "2026-05-12T22:30:56.146Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Btb3/7fjPFopFVdxP7+E6n322gnAAwd7OPrnuqatq6c1rXTD9aXKxiBeCmWxs8zYbIbE/lFoe9R2g6uTp8ZDBg==",
-      "signed_at": "2026-05-12T17:43:06.266Z"
+      "signed_at": "2026-05-12T22:30:56.146Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "TBWnlgdllW7K1F10HCJ7p4dbLeS3lyNWm+7mNNtyZu7jB1V5AauG1P7sb1nLLqwKqeGlHS1F0eh/BNiuAvkABg==",
-      "signed_at": "2026-05-12T17:43:06.266Z"
+      "signed_at": "2026-05-12T22:30:56.146Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FVAXpD6sIoOLQSPtZSLLsXQnc2o2hRwiFj4xK8zEWJVkUWGqvAWRrngie7O2DRKIbWqjO5h9EevVYSzhwYHCAA==",
-      "signed_at": "2026-05-12T17:43:06.267Z"
+      "signed_at": "2026-05-12T22:30:56.147Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "0HDt3Qklee4FQeKoZfwr+8qdq2pVDS0a+c7JxVw1hV/bl8+YTPaPjPTAhQUnbhUCa5cGo7G4MBQ1AifQTMJdDA==",
-      "signed_at": "2026-05-12T17:43:06.267Z"
+      "signed_at": "2026-05-12T22:30:56.147Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,7 +2102,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "UyPSKUztZI/daHCRTnAh6ryoKLX4xyjuG+EaNMPRVuCz2gANGl1F/NozDsw7R2koMUwSFoiYTzwqDvo1tpuKAg==",
-      "signed_at": "2026-05-12T17:43:06.267Z"
+      "signed_at": "2026-05-12T22:30:56.147Z"
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.11.7",
+  "version": "0.11.9",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:ff8b6540-9c5a-497c-90cb-0b6a012bab82",
+  "serialNumber": "urn:uuid:1370612e-bb38-413e-9e02-f1b64d6786e0",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-12T17:43:07.123Z",
+    "timestamp": "2026-05-12T22:30:56.981Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.11.7",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.11.9",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.11.7",
+      "version": "0.11.9",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.11.7",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.11.9",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.11.7"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.11.9"
         },
         {
           "type": "vcs",