@blamejs/exceptd-skills 0.12.11 → 0.12.13

package/lib/cve-curation.js

@@ -11,37 +11,87 @@
  * CWE refs — that a human reviewer or AI assistant uses to fill in the
  * null editorial fields.
  *
- * Not "AI-assisted" in the LLM sense. The cross-reference logic is
- * deterministic pattern-matching against catalogs already in the install.
- * The output is a checklist of "fields to answer, with candidates ranked
- * by relevance" — the reviewer makes the final call on each.
+ * Two modes:
  *
- * Output shape (one JSON object on stdout):
- *   {
- *     ok: true,
- *     verb: "refresh",
- *     mode: "cve-curation",
- *     cve_id, draft_entry,
- *     editorial_questions: [
- *       { field, current_value, candidates: [{id, score, reason}], ask }
- *     ],
- *     next_steps: [...]
- *   }
+ *   curate(id, { apply: false })             → questionnaire (default)
+ *   curate(id, { apply: true, answers: {} }) → land answers into the catalog
  *
- * Exits non-zero (3) so CI pipelines see "editorial review pending" even
- * on a successful curation run.
+ * The apply path validates the resulting entry against the strict CVE
+ * schema. When every required field is populated, the draft markers
+ * (`_auto_imported` + `_draft` + `_draft_reason`) are removed and the
+ * entry becomes a full catalog citizen. When required fields are still
+ * missing, the draft markers stay and `residual_warnings` enumerates what
+ * is still blocking promotion.
+ *
+ * Writes go through an atomic tmp + rename pattern so a concurrent
+ * `--apply` against the same catalog can't half-write the file.
+ *
+ * Not "AI-assisted" in the LLM sense. The cross-reference logic is
+ * deterministic pattern-matching against catalogs already in the install.
  */
 
 const fs = require("fs");
 const path = require("path");
+// v0.12.12 (codex P1 #1, #2): the apply path was an unlocked RMW (lost
+// updates under concurrent --apply) and promoted drafts based only on
+// presence checks (not strict schema validation). Borrow the canonical
+// lockfile-gated atomic-write helper from refresh-external and the schema
+// validator from validate-cve-catalog so the apply path:
+//   1. Serializes against any other catalog mutation (refresh + curate),
+//   2. Re-reads the catalog INSIDE the lock so concurrent applies merge,
+//   3. Validates the post-apply entry against lib/schemas/cve-catalog.schema.json
+//      before deciding promotion.
+const { withCatalogLock } = require("./refresh-external");
+const { validate: validateAgainstSchema } = require("./validate-cve-catalog");
 
 const ROOT = path.resolve(__dirname, "..");
+const CVE_SCHEMA_PATH = path.join(ROOT, "lib", "schemas", "cve-catalog.schema.json");
+let _cveSchemaCache = null;
+function loadCveEntrySchema() {
+  if (_cveSchemaCache) return _cveSchemaCache;
+  try {
+    const root = JSON.parse(fs.readFileSync(CVE_SCHEMA_PATH, "utf8"));
+    const entrySchema =
+      (root.patternProperties && root.patternProperties["^CVE-\\d{4}-\\d+$"]) ||
+      (root.additionalProperties && typeof root.additionalProperties === "object" ? root.additionalProperties : null);
+    _cveSchemaCache = entrySchema || null;
+    return _cveSchemaCache;
+  } catch {
+    return null;
+  }
+}
+
+// J7: lazy-loaded module-level catalog cache. The ATLAS / ATT&CK / CWE /
+// framework-control-gaps catalogs don't change inside a single CLI process,
+// so re-reading them per `curate()` call is wasted I/O. Cache once per
+// process; batch-curate paths (future) get the speedup for free.
+const catalogsCache = {};
 
-function loadJson(rel) {
-  try { return JSON.parse(fs.readFileSync(path.join(ROOT, rel), "utf8")); }
+function loadJsonRaw(absPath) {
+  try { return JSON.parse(fs.readFileSync(absPath, "utf8")); }
   catch { return null; }
 }
 
+// J4: resolve a catalog path that may be absolute (operator passed
+// `--catalog C:\tmp\cat.json` or `/tmp/cat.json`) or repo-relative. Plain
+// `path.join(ROOT, abs)` mishandles absolute paths on Windows.
+function resolveCatalogPath(p) {
+  if (!p) return path.join(ROOT, "data", "cve-catalog.json");
+  if (path.isAbsolute(p)) return p;
+  return path.join(ROOT, p);
+}
+
+function loadJson(relOrAbs) {
+  // Repo-relative reads (atlas-ttps.json, attack-ttps.json, etc.) cache
+  // by relative key. Absolute paths bypass the cache — they're operator-
+  // supplied and may legitimately change between invocations.
+  if (path.isAbsolute(relOrAbs)) return loadJsonRaw(relOrAbs);
+  if (catalogsCache[relOrAbs] !== undefined) return catalogsCache[relOrAbs];
+  const v = loadJsonRaw(path.join(ROOT, relOrAbs));
+  catalogsCache[relOrAbs] = v;
+  return v;
+}
+
 /**
  * Score a candidate by counting keyword overlap with the draft entry.
  * Returns 0..100. Pure heuristic — reviewer makes the final call.
@@ -76,17 +126,105 @@ function pickCandidates(draftDigest, catalog, idField, descriptionField) {
   return candidates.slice(0, 5);
 }
 
+// J5: report the actual upstream source on a draft. The previous check
+// only knew about `_source_ghsa_id`; OSV-imported drafts (MAL-*, SNYK-*,
+// RUSTSEC-*, etc. that land via lib/source-osv.js) carry `_source_osv_id`
+// and were always tagged "unknown". Add a registry so future sources are
+// a one-line addition.
+const SOURCE_FIELDS = [
+  { field: "_source_ghsa_id", label: "GHSA" },
+  { field: "_source_osv_id", label: "OSV" },
+  { field: "_source_snyk_id", label: "Snyk" },
+  { field: "_source_rustsec_id", label: "RustSec" },
+  { field: "_source_nvd_id", label: "NVD" },
+];
+
+function autoImportedFrom(draft) {
+  for (const { field, label } of SOURCE_FIELDS) {
+    if (draft[field]) return `${label}: ${draft[field]}`;
+  }
+  return "unknown";
+}
+
+// J3: severity word. cvss_score: null no longer collapses to "low" (which
+// is wrong + misleading on a draft that has not been scored yet). Use
+// "unrated" so operators can grep for unsevered drafts and the curate
+// summary reflects the actual state.
+function severityWord(score) {
+  if (typeof score !== "number" || Number.isNaN(score)) return "unrated";
+  if (score >= 9) return "critical";
+  if (score >= 7) return "high";
+  if (score >= 4) return "medium";
+  return "low";
+}
+
+// J2: the fields the strict CVE schema requires. Used to (a) extend the
+// questionnaire so the operator is prompted for every blocking gap, and
+// (b) compute `residual_warnings` after an apply.
+const REQUIRED_SCHEMA_FIELDS = [
+  "name", "type", "cvss_score", "cvss_vector", "cisa_kev",
+  "poc_available", "ai_discovered", "active_exploitation",
+  "affected", "affected_versions", "vector",
+  "patch_available", "patch_required_reboot", "live_patch_available",
+  "framework_control_gaps", "atlas_refs", "attack_refs",
+  "rwep_score", "rwep_factors", "source_verified",
+  "verification_sources", "last_updated",
+];
+
+function isPopulated(field, value) {
+  if (value === null || value === undefined) return false;
+  if (field === "affected_versions" || field === "atlas_refs" || field === "attack_refs"
+      || field === "verification_sources") {
+    return Array.isArray(value) && value.length > 0;
+  }
+  if (field === "framework_control_gaps") {
+    return value && typeof value === "object" && Object.keys(value).length > 0;
+  }
+  if (field === "rwep_factors") {
+    return value && typeof value === "object" && Object.keys(value).length > 0;
+  }
+  if (field === "cvss_vector" || field === "vector" || field === "affected"
+      || field === "name" || field === "type" || field === "active_exploitation"
+      || field === "source_verified" || field === "last_updated") {
+    return typeof value === "string" && value.length > 0;
+  }
+  // booleans + numbers: any non-null value counts as populated
+  return true;
+}
+
+function residualWarnings(entry) {
+  const warnings = [];
+  for (const f of REQUIRED_SCHEMA_FIELDS) {
+    if (!isPopulated(f, entry[f])) {
+      warnings.push(`${f} still ${entry[f] === null ? "null" : "empty"}`);
+    }
+  }
+  return warnings;
+}
+
 /**
- * Build the curation report for a single CVE ID.
+ * Build the curation report — questionnaire or apply.
+ *
+ * curate(cveId, { catalogPath, apply, answers })
+ *
+ *   apply: false (default) → return { ok, editorial_questions, ... }
+ *   apply: true            → consume answers, write the catalog, return
+ *                             { ok, applied_fields, residual_warnings, ... }
  */
-function curate(cveId, { catalogPath, opts = {} } = {}) {
-  const catalog = loadJson(catalogPath || "data/cve-catalog.json");
+async function curate(cveId, opts = {}) {
+  // Back-compat: earlier signature was `curate(id, { catalogPath, opts })`
+  // — accept either shape so the CLI wiring stays stable.
+  if (opts && opts.opts && !opts.catalogPath && opts.opts.catalogPath) {
+    opts = { ...opts, catalogPath: opts.opts.catalogPath };
+  }
+  const catalogPath = resolveCatalogPath(opts.catalogPath);
+  const catalog = loadJsonRaw(catalogPath);
   if (!catalog || !catalog[cveId]) {
     return {
       ok: false,
       verb: "refresh",
       mode: "cve-curation",
-      error: `CVE ${cveId} not in data/cve-catalog.json. Seed it first via \`exceptd refresh --advisory ${cveId} --apply\`.`,
+      error: `CVE ${cveId} not in ${path.relative(ROOT, catalogPath) || catalogPath}. Seed it first via \`exceptd refresh --advisory ${cveId} --apply\`.`,
     };
   }
   const draft = catalog[cveId];
@@ -104,6 +242,16 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
     };
   }
 
+  // ----- APPLY PATH (J1) -------------------------------------------------
+  if (opts.apply && opts.answers) {
+    return applyAnswers(cveId, draft, catalog, catalogPath, opts.answers);
+  }
+
+  // ----- QUESTIONNAIRE PATH ---------------------------------------------
+  return buildQuestionnaire(cveId, draft);
+}
+
+function buildQuestionnaire(cveId, draft) {
   // Digest of the draft — feed into keyword-overlap scoring.
   const draftDigest = [
     draft.name || "",
@@ -114,7 +262,7 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
   ].filter(Boolean).join(" ");
 
   // Pull candidate catalogs. Each is optional — missing catalogs are skipped
-  // gracefully.
+  // gracefully. J7 makes these one-shot loads per process.
   const atlas = loadJson("data/atlas-ttps.json");
   const attack = loadJson("data/attack-ttps.json");
   const cwe = loadJson("data/cwe-catalog.json");
@@ -122,7 +270,8 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
 
   const atlasCandidates = pickCandidates(draftDigest, atlas, "ttp_id", "description");
   const attackCandidates = pickCandidates(draftDigest, attack, "ttp_id", "description");
-  const cweCandidates = pickCandidates(draftDigest, cwe, "cwe_id", "description");
+  // CWE candidates surface as part of the vector question — not its own field.
+  void cwe;
   const frameworkCandidates = pickCandidates(draftDigest, frameworkGaps, "control_id", "description");
 
   // Build the editorial-questions list. Each entry names the catalog field,
@@ -130,7 +279,14 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
   // specific ASK to surface what the reviewer needs to decide.
   const questions = [];
 
-  if (!draft.atlas_refs || draft.atlas_refs.length === 0) {
+  // J6: pre-filled empty containers (`iocs: {}`, `atlas_refs: []`) used to
+  // be treated as "answered" because `if (!draft.iocs)` is truthy for {}.
+  // Use explicit emptiness checks so drafts seeded with empty objects /
+  // arrays still get the prompt.
+  const arrEmpty = (a) => !Array.isArray(a) || a.length === 0;
+  const objEmpty = (o) => !o || typeof o !== "object" || Object.keys(o).length === 0;
+
+  if (arrEmpty(draft.atlas_refs)) {
     questions.push({
       field: "atlas_refs",
       current_value: draft.atlas_refs || [],
@@ -139,7 +295,7 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
     });
   }
 
-  if (!draft.attack_refs || draft.attack_refs.length === 0) {
+  if (arrEmpty(draft.attack_refs)) {
     questions.push({
       field: "attack_refs",
       current_value: draft.attack_refs || [],
@@ -148,46 +304,47 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
     });
   }
 
-  if (!draft.framework_control_gaps) {
+  if (objEmpty(draft.framework_control_gaps)) {
     questions.push({
       field: "framework_control_gaps",
-      current_value: null,
+      current_value: draft.framework_control_gaps || null,
       candidates: frameworkCandidates,
       ask: "Which framework controls CLAIM to cover this CVE's category, and where do they fall short? Per AGENTS.md Hard Rule #6, every framework finding must include a test that distinguishes paper compliance from actual security. Cover NIST-800-53 + EU (NIS2/DORA/EU AI Act) + UK (CAF) + AU (ISM) + ISO 27001:2022 at minimum.",
     });
   }
 
-  if (!draft.iocs) {
+  if (objEmpty(draft.iocs)) {
     questions.push({
       field: "iocs",
-      current_value: null,
+      current_value: draft.iocs || null,
       candidates: [],
       ask: "What artifacts indicate compromise on a host running the affected version? Group by (a) payload_artifacts — file/process names the payload writes or runs, (b) persistence_artifacts — hooks, config entries, OS-level units that re-arm the payload, (c) behavioral — log / cache / network patterns, (d) destructive — any tripwire that destroys evidence on remediation. The sbom playbook's detect indicators feed off these.",
     });
   }
 
-  if (draft.poc_available === null) {
+  if (draft.poc_available === null || draft.poc_available === undefined) {
     questions.push({
       field: "poc_available",
-      current_value: null,
+      current_value: draft.poc_available === undefined ? null : draft.poc_available,
       candidates: [],
       ask: "Is a public PoC or in-the-wild exploitation evidence available? If yes, set poc_available: true + add poc_description summarizing capability (deterministic vs probabilistic, single-stage vs multi-stage, byte-size if known).",
     });
   }
 
-  if (draft.ai_discovered === null || draft.ai_assisted_weaponization === null) {
+  if (draft.ai_discovered === null || draft.ai_assisted_weaponization === null
+      || draft.ai_discovered === undefined || draft.ai_assisted_weaponization === undefined) {
     questions.push({
       field: "ai_discovered + ai_assisted_weaponization",
-      current_value: { ai_discovered: draft.ai_discovered, ai_assisted_weaponization: draft.ai_assisted_weaponization },
+      current_value: { ai_discovered: draft.ai_discovered ?? null, ai_assisted_weaponization: draft.ai_assisted_weaponization ?? null },
       candidates: [],
       ask: "Was this vulnerability AI-discovered (per AGENTS.md Hard Rule #7, ~41% of 2025 zero-days were)? AI-assisted weaponization? Set both fields explicitly — null is not acceptable on a published entry.",
     });
   }
 
-  if (!draft.rwep_factors || draft.rwep_score === null) {
+  if (objEmpty(draft.rwep_factors) || draft.rwep_score === null || draft.rwep_score === undefined) {
     questions.push({
       field: "rwep_score + rwep_factors",
-      current_value: { rwep_score: draft.rwep_score, rwep_factors: draft.rwep_factors },
+      current_value: { rwep_score: draft.rwep_score ?? null, rwep_factors: draft.rwep_factors ?? null },
       candidates: [],
       ask: "Compute RWEP using lib/scoring.js weights: cisa_kev(+25) + poc_available(+20) + ai_factor(+15) + active_exploitation(confirmed=+20 / suspected=+10) + blast_radius(0..30) + patch_available(-15) + live_patch_available(-10) + reboot_required(+5). The score field is the sum; the factors field shows the contributions.",
     });
@@ -202,6 +359,59 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
     });
   }
 
+  // J2: schema-required field prompts. Without these populated, the apply
+  // path cannot produce a schema-passing entry — i.e. the entry stays a
+  // draft even after curate --apply. Prompt for them explicitly so the
+  // operator sees what's actually blocking promotion.
+  if (draft.cvss_score === null || draft.cvss_score === undefined
+      || draft.cvss_vector === null || draft.cvss_vector === undefined
+      || draft.cvss_vector === "") {
+    questions.push({
+      field: "cvss_score + cvss_vector",
+      current_value: { cvss_score: draft.cvss_score ?? null, cvss_vector: draft.cvss_vector ?? null },
+      candidates: [],
+      ask: "Determine CVSS via the NVD record (https://nvd.nist.gov/vuln/detail/" + cveId + ") or the vendor advisory. Both score (number, 0..10) and vector (CVSS:3.1/... or CVSS:4.0/...) are schema-required. Drafts without these stay flagged as `unrated` in the curate summary.",
+    });
+  }
+
+  if (draft.patch_available === null || draft.patch_available === undefined
+      || draft.patch_required_reboot === null || draft.patch_required_reboot === undefined
+      || draft.live_patch_available === null || draft.live_patch_available === undefined
+      || arrEmpty(draft.live_patch_tools)) {
+    questions.push({
+      field: "patch_available + patch_required_reboot + live_patch_available + live_patch_tools",
+      current_value: {
+        patch_available: draft.patch_available ?? null,
+        patch_required_reboot: draft.patch_required_reboot ?? null,
+        live_patch_available: draft.live_patch_available ?? null,
+        live_patch_tools: draft.live_patch_tools ?? [],
+      },
+      candidates: [],
+      ask: "Patch availability: is an upstream fix released? Reboot required to land it? Is a live-patching path available (kpatch / kgraft / ksplice / vendor-equivalent) — and if so, list the tool names. All four feed RWEP scoring.",
+    });
+  }
+
+  if (arrEmpty(draft.affected_versions)) {
+    questions.push({
+      field: "affected_versions",
+      current_value: draft.affected_versions || [],
+      candidates: [],
+      ask: "Affected version ranges as an array of strings. Use semver ranges for libraries (e.g. '>=2.4.0 <2.4.7'), kernel ranges for kernel CVEs, build numbers for vendor-shipped firmware. Schema requires at least one entry.",
+    });
+  }
+
+  // KEV is always-ask: the operator might know KEV applies (and even has
+  // a date) even when the upstream KEV feed hasn't caught up yet. False
+  // is a valid answer.
+  if (draft.cisa_kev === null || draft.cisa_kev === undefined) {
+    questions.push({
+      field: "cisa_kev + cisa_kev_date",
+      current_value: { cisa_kev: draft.cisa_kev ?? null, cisa_kev_date: draft.cisa_kev_date ?? null },
+      candidates: [],
+      ask: "Is the CVE on CISA's Known Exploited Vulnerabilities list? If yes, capture the date added (YYYY-MM-DD). If no, answer false explicitly — null fails the strict schema gate.",
+    });
+  }
+
   return {
     ok: true,
     verb: "refresh",
@@ -211,33 +421,227 @@ function curate(cveId, { catalogPath, opts = {} } = {}) {
       name: draft.name,
       type: draft.type,
       cvss_score: draft.cvss_score,
-      severity: draft.cvss_score >= 9 ? "critical" : draft.cvss_score >= 7 ? "high" : draft.cvss_score >= 4 ? "medium" : "low",
+      severity: severityWord(draft.cvss_score),
       affected: draft.affected,
       published_at: draft._source_published_at || null,
-      auto_imported_from: draft._source_ghsa_id ? `GHSA: ${draft._source_ghsa_id}` : "unknown",
+      auto_imported_from: autoImportedFrom(draft),
     },
     editorial_questions: questions,
     questions_open: questions.length,
     next_steps: [
       `Answer each editorial question above. The catalog gate (lib/validate-cve-catalog.js) currently treats this entry as a DRAFT (warning, not error) — answers convert it to a full entry.`,
+      `Apply the answers in one shot: \`exceptd refresh --curate ${cveId} --answers <path-to-answers.json> --apply\`. residual_warnings will list anything still blocking promotion.`,
       `Add a matching entry to data/zeroday-lessons.json (rule #6: zero-day learning loop must be live).`,
       `Update last_threat_review and threat_currency_score on any playbook whose cve_refs includes ${cveId}.`,
-      `Remove the _auto_imported and _draft flags from the catalog entry once editorial review is complete.`,
       `Run \`npm run predeploy\` — the strict gate should now pass without DRAFT warnings on this entry.`,
     ],
   };
 }
 
 /**
- * CLI entry — wired from bin/exceptd.js via `refresh --curate <id>`.
+ * J1: apply operator-supplied answers to a draft and write back atomically.
+ *
+ * Answers shape (each key optional; missing keys leave the draft unchanged
+ * for that field):
+ *
+ *   {
+ *     framework_control_gaps: { "NIST-800-53-SI-2": "...", ... },
+ *     iocs: { payload_artifacts: [...], behavioral: [...], ... },
+ *     atlas_refs: ["AML.T0010", ...],
+ *     attack_refs: ["T1195.002", ...],
+ *     rwep_factors: { cisa_kev: 25, blast_radius: 30, ... },
+ *     rwep_score: 80,                       // optional; derived from sum if absent
+ *     cvss_score: 9.8,
+ *     cvss_vector: "CVSS:3.1/AV:N/...",
+ *     cisa_kev: true,                       // or false
+ *     cisa_kev_date: "2026-05-13",
+ *     poc_available: true,
+ *     poc_description: "...",
+ *     ai_discovered: false,
+ *     ai_assisted_weaponization: false,
+ *     active_exploitation: "confirmed" | "suspected" | "none" | "unknown",
+ *     vector: "...",
+ *     complexity: "...",
+ *     patch_available: true,
+ *     patch_required_reboot: false,
+ *     live_patch_available: true,
+ *     live_patch_tools: ["kpatch", "kgraft"],
+ *     affected_versions: ["...", "..."],
+ *     verification_sources: ["https://...", ...]
+ *   }
+ */
+async function applyAnswers(cveId, _draftSnapshot, _catalogSnapshot, catalogPath, answers) {
+  // v0.12.12 (codex P1 #2): wrap the entire read-modify-write under
+  // withCatalogLock. Two concurrent --apply runs against the same catalog
+  // previously read the same base, each mutated a different CVE, and the
+  // later writer overwrote the earlier writer's changes. The lock + re-read
+  // inside the critical section ensures sibling applies merge cleanly.
+  let outcome = null;
+  await withCatalogLock(catalogPath, (catalog) => {
+    if (!catalog || !catalog[cveId]) {
+      outcome = {
+        ok: false,
+        verb: "refresh",
+        mode: "cve-curation-apply",
+        error: `CVE ${cveId} disappeared from ${path.relative(ROOT, catalogPath) || catalogPath} between question generation and apply.`,
+      };
+      return catalog; // unchanged
+    }
+    outcome = applyAnswersUnderLock(cveId, catalog, catalogPath, answers);
+    return catalog; // mutated in place
+  });
+  return outcome;
+}
+
+function applyAnswersUnderLock(cveId, catalog, catalogPath, answers) {
+  const entry = catalog[cveId];
+  const appliedFields = [];
+
+  // Whitelist of fields the operator may supply. Anything not in this map
+  // is ignored (so a typo'd key in answers.json doesn't pollute the entry).
+  // Each entry: [field, validator(value) -> bool, transformer(value) -> stored].
+  const id = (x) => x;
+  const ALLOWED = [
+    ["framework_control_gaps", (v) => v && typeof v === "object" && !Array.isArray(v), id],
+    ["iocs",                   (v) => v && typeof v === "object" && !Array.isArray(v), id],
+    ["atlas_refs",             (v) => Array.isArray(v), id],
+    ["attack_refs",            (v) => Array.isArray(v), id],
+    ["rwep_factors",           (v) => v && typeof v === "object" && !Array.isArray(v), id],
+    ["rwep_score",             (v) => typeof v === "number", id],
+    ["rwep_notes",             (v) => typeof v === "string", id],
+    ["cvss_score",             (v) => typeof v === "number", id],
+    ["cvss_vector",            (v) => typeof v === "string" && /^CVSS:[0-9]/.test(v), id],
+    ["cisa_kev",               (v) => typeof v === "boolean", id],
+    ["cisa_kev_date",          (v) => v === null || typeof v === "string", id],
+    ["cisa_kev_due_date",      (v) => v === null || typeof v === "string", id],
+    ["poc_available",          (v) => typeof v === "boolean", id],
+    ["poc_description",        (v) => typeof v === "string", id],
+    ["ai_discovered",          (v) => typeof v === "boolean", id],
+    ["ai_discovery_notes",     (v) => typeof v === "string", id],
+    ["ai_assisted_weaponization", (v) => typeof v === "boolean", id],
+    ["ai_assisted_notes",      (v) => typeof v === "string", id],
+    ["active_exploitation",    (v) => ["confirmed", "suspected", "none", "unknown"].includes(v), id],
+    ["affected",               (v) => typeof v === "string" && v.length > 0, id],
+    ["affected_versions",      (v) => Array.isArray(v) && v.length > 0 && v.every(x => typeof x === "string"), id],
+    ["vector",                 (v) => typeof v === "string" && v.length > 0, id],
+    ["complexity",             (v) => typeof v === "string", id],
+    ["complexity_notes",       (v) => typeof v === "string", id],
+    ["patch_available",        (v) => typeof v === "boolean", id],
+    ["patch_required_reboot",  (v) => typeof v === "boolean", id],
+    ["live_patch_available",   (v) => typeof v === "boolean", id],
+    ["live_patch_tools",       (v) => Array.isArray(v) && v.every(x => typeof x === "string"), id],
+    ["live_patch_notes",       (v) => typeof v === "string", id],
+    ["verification_sources",   (v) => Array.isArray(v) && v.length > 0 && v.every(x => typeof x === "string"), id],
+    ["name",                   (v) => typeof v === "string" && v.length > 0, id],
+    ["type",                   (v) => typeof v === "string" && v.length > 0, id],
+    ["source_verified",        (v) => typeof v === "string" && /^\d{4}-\d{2}-\d{2}$/.test(v), id],
+  ];
+
+  const rejected = [];
+  for (const [field, validator, transformer] of ALLOWED) {
+    if (!(field in answers)) continue;
+    const v = answers[field];
+    if (!validator(v)) {
+      rejected.push({ field, reason: `value ${JSON.stringify(v)} failed validation` });
+      continue;
+    }
+    entry[field] = transformer(v);
+    appliedFields.push(field);
+  }
+
+  // Derive rwep_score from rwep_factors when factors supplied without an
+  // explicit score. lib/scoring.js owns the canonical formula; we sum the
+  // numeric values here as a fallback.
+  if ("rwep_factors" in answers && !("rwep_score" in answers)
+      && entry.rwep_factors && typeof entry.rwep_factors === "object") {
+    let sum = 0;
+    for (const v of Object.values(entry.rwep_factors)) {
+      if (typeof v === "number") sum += v;
+    }
+    entry.rwep_score = Math.max(0, Math.min(100, sum));
+    appliedFields.push("rwep_score (derived from rwep_factors)");
+  }
+
+  // last_updated reflects the apply moment.
+  entry.last_updated = new Date().toISOString().slice(0, 10);
+
+  // v0.12.12 (codex P1 #1): validate the post-apply entry against the
+  // strict CVE schema BEFORE deciding whether to promote. Promotion was
+  // previously gated on residualWarnings() alone — a presence check — so
+  // an input like `"ai_discovered": "false"` (string) passed presence but
+  // would have failed lib/validate-cve-catalog.js on type mismatch,
+  // creating a "promoted but invalid" entry. Now: presence + strict schema
+  // BOTH must hold for promotion.
+  const warnings = residualWarnings(entry);
+  const schemaErrors = [];
+  const entrySchema = loadCveEntrySchema();
+  if (entrySchema) {
+    const errs = validateAgainstSchema(entry, entrySchema, "cve-entry", `${cveId}`);
+    if (Array.isArray(errs) && errs.length > 0) schemaErrors.push(...errs);
+  }
+  let promoted = false;
+  if (warnings.length === 0 && schemaErrors.length === 0) {
+    delete entry._auto_imported;
+    delete entry._draft;
+    delete entry._draft_reason;
+    promoted = true;
+  }
+
+  // catalog has been mutated in-place under the lock; the locker writes it
+  // atomically when this function returns. Concurrent applies are
+  // serialized + see the post-merge state.
+  catalog[cveId] = entry;
+
+  return {
+    ok: true,
+    verb: "refresh",
+    mode: "cve-curation-apply",
+    cve_id: cveId,
+    applied_fields: appliedFields,
+    rejected_fields: rejected,
+    promoted,
+    is_draft: !promoted,
+    residual_warnings: warnings,
+    schema_errors: schemaErrors,
+    catalog_path: catalogPath,
+    next_steps: promoted
+      ? [
+          `Draft promoted to full entry. Run \`node lib/validate-cve-catalog.js --quiet\` to confirm it passes the strict schema gate.`,
+          `Add a matching entry to data/zeroday-lessons.json (AGENTS.md rule #6).`,
+          `Run \`npm run predeploy\` before tagging.`,
+        ]
+      : [
+          `Entry remains a DRAFT (${warnings.length} required field(s) still unpopulated). Supply answers for: ${warnings.slice(0, 6).join(", ")}${warnings.length > 6 ? ", ..." : ""}.`,
+          `Re-run \`exceptd refresh --curate ${cveId}\` to see the updated questionnaire.`,
+        ],
+  };
+}
+
+function writeJsonAtomic(p, obj) {
+  const tmpPath = `${p}.tmp.${process.pid}.${Math.random().toString(36).slice(2, 10)}`;
+  fs.writeFileSync(tmpPath, JSON.stringify(obj, null, 2) + "\n", "utf8");
+  try {
+    fs.renameSync(tmpPath, p);
+  } catch (err) {
+    try { fs.unlinkSync(tmpPath); } catch {}
+    throw err;
+  }
+}
+
+/**
+ * CLI entry — wired from bin/exceptd.js via `refresh --curate <id>` and
+ * `refresh --curate <id> --answers <path> [--apply]`.
  */
 async function cli(argv) {
-  const opts = { advisory: null, json: false, catalogPath: null };
+  const opts = { advisory: null, json: false, catalogPath: null, answersPath: null, apply: false };
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i];
     if (a === "--json") opts.json = true;
+    else if (a === "--apply") opts.apply = true;
     else if (a === "--catalog") opts.catalogPath = argv[++i];
     else if (a.startsWith("--catalog=")) opts.catalogPath = a.slice("--catalog=".length);
+    else if (a === "--answers") opts.answersPath = argv[++i];
+    else if (a.startsWith("--answers=")) opts.answersPath = a.slice("--answers=".length);
     else if (a === "--curate") opts.advisory = argv[++i];
     else if (a.startsWith("--curate=")) opts.advisory = a.slice("--curate=".length);
     else if (!a.startsWith("--") && !opts.advisory) opts.advisory = a;
@@ -249,9 +653,47 @@ async function cli(argv) {
     process.exitCode = 2;
     return;
   }
-  const result = curate(opts.advisory, { catalogPath: opts.catalogPath, opts });
+
+  // Operator passing --answers <path> means apply. --apply on its own is
+  // also accepted (for parity with --advisory --apply), but it's a no-op
+  // without --answers — fail loudly so a forgetful operator doesn't think
+  // a write succeeded when in fact the questionnaire was returned.
+  let answers = null;
+  if (opts.answersPath) {
+    try {
+      const ap = path.isAbsolute(opts.answersPath) ? opts.answersPath : path.resolve(process.cwd(), opts.answersPath);
+      answers = JSON.parse(fs.readFileSync(ap, "utf8"));
+    } catch (e) {
+      const err = { ok: false, verb: "refresh", mode: "cve-curation", error: `--answers ${opts.answersPath}: ${e.message}` };
+      if (opts.json) process.stdout.write(JSON.stringify(err) + "\n");
+      else process.stderr.write(`[refresh --curate] ${err.error}\n`);
+      process.exitCode = 2;
+      return;
+    }
+  }
+  // --answers alone implies apply; --apply alone without --answers is a
+  // user error.
+  const doApply = !!answers || opts.apply;
+  if (opts.apply && !answers) {
+    const err = { ok: false, verb: "refresh", mode: "cve-curation", error: "--apply requires --answers <path-to-answers.json>" };
+    if (opts.json) process.stdout.write(JSON.stringify(err) + "\n");
+    else process.stderr.write(`[refresh --curate] ${err.error}\n`);
+    process.exitCode = 2;
+    return;
+  }
+
+  const result = await curate(opts.advisory, { catalogPath: opts.catalogPath, apply: doApply, answers });
+
   if (opts.json || !result.ok) {
     process.stdout.write(JSON.stringify(result) + "\n");
+  } else if (result.mode === "cve-curation-apply") {
+    process.stdout.write(`[refresh --curate --apply] ${result.cve_id} — ${result.applied_fields.length} field(s) applied; ${result.promoted ? "PROMOTED to full entry" : `still DRAFT (${result.residual_warnings.length} blocker(s))`}\n`);
+    if (result.residual_warnings.length > 0) {
+      process.stdout.write(`  residual: ${result.residual_warnings.slice(0, 6).join(", ")}${result.residual_warnings.length > 6 ? ", ..." : ""}\n`);
+    }
+    if (result.rejected_fields.length > 0) {
+      process.stdout.write(`  rejected: ${result.rejected_fields.map(r => r.field).join(", ")}\n`);
+    }
   } else {
     process.stdout.write(`[refresh --curate] ${result.cve_id} — ${result.questions_open} editorial question(s) open\n`);
     for (const q of result.editorial_questions) {
@@ -263,12 +705,15 @@ async function cli(argv) {
     }
     process.stdout.write(`\n  Run with --json for the full structured output.\n`);
   }
-  // Always non-zero on a successful curation — "editorial review pending."
-  process.exitCode = result.ok ? 3 : 2;
+  // Questionnaire path: exit 3 ("editorial review pending"). Apply path:
+  // exit 0 when promoted, 3 when residual_warnings remain (still draft).
+  if (!result.ok) process.exitCode = 2;
+  else if (result.mode === "cve-curation-apply") process.exitCode = result.promoted ? 0 : 3;
+  else process.exitCode = 3;
 }
 
 if (require.main === module) {
   cli(process.argv.slice(2));
 }
 
-module.exports = { curate, keywordOverlapScore };
+module.exports = { curate, keywordOverlapScore, resolveCatalogPath, autoImportedFrom, severityWord, residualWarnings };