@blamejs/exceptd-skills 0.12.13 → 0.12.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/CHANGELOG.md +150 -0
  2. package/bin/exceptd.js +147 -9
  3. package/data/_indexes/_meta.json +45 -45
  4. package/data/_indexes/activity-feed.json +4 -4
  5. package/data/_indexes/catalog-summaries.json +29 -29
  6. package/data/_indexes/chains.json +3238 -3210
  7. package/data/_indexes/frequency.json +3 -0
  8. package/data/_indexes/jurisdiction-map.json +5 -3
  9. package/data/_indexes/section-offsets.json +712 -685
  10. package/data/_indexes/theater-fingerprints.json +1 -1
  11. package/data/_indexes/token-budget.json +355 -340
  12. package/data/atlas-ttps.json +144 -129
  13. package/data/attack-techniques.json +319 -76
  14. package/data/cve-catalog.json +515 -475
  15. package/data/cwe-catalog.json +1081 -759
  16. package/data/exploit-availability.json +63 -15
  17. package/data/framework-control-gaps.json +867 -843
  18. package/data/rfc-references.json +276 -276
  19. package/keys/EXPECTED_FINGERPRINT +1 -0
  20. package/lib/auto-discovery.js +21 -4
  21. package/lib/cross-ref-api.js +39 -6
  22. package/lib/cve-curation.js +18 -5
  23. package/lib/lint-skills.js +6 -1
  24. package/lib/playbook-runner.js +742 -78
  25. package/lib/refresh-external.js +40 -22
  26. package/lib/refresh-network.js +193 -17
  27. package/lib/scoring.js +20 -7
  28. package/lib/source-ghsa.js +219 -37
  29. package/lib/source-osv.js +381 -122
  30. package/lib/validate-catalog-meta.js +64 -9
  31. package/lib/validate-cve-catalog.js +56 -18
  32. package/lib/validate-indexes.js +88 -37
  33. package/lib/verify.js +72 -0
  34. package/manifest-snapshot.json +1 -1
  35. package/manifest-snapshot.sha256 +1 -0
  36. package/manifest.json +73 -73
  37. package/orchestrator/dispatcher.js +21 -1
  38. package/orchestrator/event-bus.js +52 -8
  39. package/orchestrator/index.js +279 -20
  40. package/orchestrator/pipeline.js +63 -2
  41. package/orchestrator/scanner.js +32 -10
  42. package/orchestrator/scheduler.js +150 -17
  43. package/package.json +3 -1
  44. package/sbom.cdx.json +7 -7
  45. package/scripts/check-manifest-snapshot.js +32 -0
  46. package/scripts/check-sbom-currency.js +65 -3
  47. package/scripts/check-test-coverage.js +142 -19
  48. package/scripts/predeploy.js +83 -39
  49. package/scripts/refresh-manifest-snapshot.js +55 -4
  50. package/scripts/validate-vendor-online.js +169 -0
  51. package/scripts/verify-shipped-tarball.js +106 -3
  52. package/skills/ai-attack-surface/skill.md +18 -10
  53. package/skills/ai-c2-detection/skill.md +7 -2
  54. package/skills/ai-risk-management/skill.md +5 -4
  55. package/skills/api-security/skill.md +3 -3
  56. package/skills/attack-surface-pentest/skill.md +5 -5
  57. package/skills/cloud-security/skill.md +1 -1
  58. package/skills/compliance-theater/skill.md +8 -8
  59. package/skills/container-runtime-security/skill.md +1 -1
  60. package/skills/dlp-gap-analysis/skill.md +5 -1
  61. package/skills/email-security-anti-phishing/skill.md +1 -1
  62. package/skills/exploit-scoring/skill.md +18 -18
  63. package/skills/framework-gap-analysis/skill.md +6 -6
  64. package/skills/global-grc/skill.md +3 -2
  65. package/skills/identity-assurance/skill.md +2 -2
  66. package/skills/incident-response-playbook/skill.md +4 -4
  67. package/skills/kernel-lpe-triage/skill.md +21 -2
  68. package/skills/mcp-agent-trust/skill.md +17 -10
  69. package/skills/mlops-security/skill.md +2 -1
  70. package/skills/ot-ics-security/skill.md +1 -1
  71. package/skills/policy-exception-gen/skill.md +3 -3
  72. package/skills/pqc-first/skill.md +1 -1
  73. package/skills/rag-pipeline-security/skill.md +7 -3
  74. package/skills/researcher/skill.md +20 -3
  75. package/skills/sector-energy/skill.md +1 -1
  76. package/skills/sector-federal-government/skill.md +1 -1
  77. package/skills/sector-financial/skill.md +3 -3
  78. package/skills/sector-healthcare/skill.md +2 -2
  79. package/skills/security-maturity-tiers/skill.md +7 -7
  80. package/skills/skill-update-loop/skill.md +19 -3
  81. package/skills/supply-chain-integrity/skill.md +1 -1
  82. package/skills/threat-model-currency/skill.md +11 -11
  83. package/skills/threat-modeling-methodology/skill.md +3 -3
  84. package/skills/webapp-security/skill.md +1 -1
  85. package/skills/zeroday-gap-learn/skill.md +51 -7
  86. package/vendor/blamejs/_PROVENANCE.json +4 -1
  87. package/vendor/blamejs/worker-pool.js +38 -0
package/data/_indexes/catalog-summaries.json CHANGED
@@ -20,11 +20,11 @@
20
20
  },
21
21
  "entry_count": 15,
22
22
  "sample_keys": [
23
- "AML.T0043",
24
23
  "AML.T0010",
25
24
  "AML.T0016",
26
25
  "AML.T0017",
27
- "AML.T0018"
26
+ "AML.T0018",
27
+ "AML.T0020"
28
28
  ]
29
29
  },
30
30
  "attack-techniques.json": {
@@ -40,7 +40,7 @@
40
40
  "rebuild_after_days": 365,
41
41
  "note": "Catalog must be rebuilt against the upstream ATT&CK release whenever MITRE publishes a new version. AGENTS.md hard rule #8 requires the bump to be intentional, not silent."
42
42
  },
43
- "entry_count": 75,
43
+ "entry_count": 79,
44
44
  "sample_keys": [
45
45
  "T0001",
46
46
  "T0017",
@@ -64,11 +64,11 @@
64
64
  },
65
65
  "entry_count": 9,
66
66
  "sample_keys": [
67
- "CVE-2026-31431",
68
- "CVE-2026-43284",
69
- "CVE-2026-43500",
70
67
  "CVE-2025-53773",
71
- "CVE-2026-30615"
68
+ "CVE-2026-30615",
69
+ "CVE-2026-31431",
70
+ "CVE-2026-39884",
71
+ "CVE-2026-42208"
72
72
  ]
73
73
  },
74
74
  "cwe-catalog.json": {
@@ -84,13 +84,13 @@
84
84
  "rebuild_after_days": 365,
85
85
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
86
86
  },
87
- "entry_count": 53,
87
+ "entry_count": 55,
88
88
  "sample_keys": [
89
- "CWE-787",
90
- "CWE-79",
91
- "CWE-89",
92
- "CWE-416",
93
- "CWE-20"
89
+ "CWE-20",
90
+ "CWE-22",
91
+ "CWE-77",
92
+ "CWE-78",
93
+ "CWE-79"
94
94
  ]
95
95
  },
96
96
  "d3fend-catalog.json": {
@@ -150,13 +150,13 @@
150
150
  "rebuild_after_days": 365,
151
151
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
152
152
  },
153
- "entry_count": 5,
153
+ "entry_count": 9,
154
154
  "sample_keys": [
155
- "CVE-2026-31431",
156
- "CVE-2026-43284",
157
- "CVE-2026-43500",
158
155
  "CVE-2025-53773",
159
- "CVE-2026-30615"
156
+ "CVE-2026-30615",
157
+ "CVE-2026-31431",
158
+ "CVE-2026-39884",
159
+ "CVE-2026-42208"
160
160
  ]
161
161
  },
162
162
  "framework-control-gaps.json": {
@@ -172,13 +172,13 @@
172
172
  "rebuild_after_days": 365,
173
173
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
174
174
  },
175
- "entry_count": 61,
175
+ "entry_count": 62,
176
176
  "sample_keys": [
177
- "NIST-800-53-SI-2",
178
- "NIST-800-53-SC-8",
179
- "NIST-800-53-AC-2",
180
- "NIST-800-53-SI-3",
181
- "NIST-800-53-SA-12"
177
+ "ALL-AI-PIPELINE-INTEGRITY",
178
+ "ALL-MCP-TOOL-TRUST",
179
+ "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
180
+ "AU-Essential-8-App-Hardening",
181
+ "AU-Essential-8-Backup"
182
182
  ]
183
183
  },
184
184
  "global-frameworks.json": {
@@ -218,11 +218,11 @@
218
218
  },
219
219
  "entry_count": 31,
220
220
  "sample_keys": [
221
- "RFC-8446",
222
- "DRAFT-IETF-TLS-ECDHE-MLKEM",
223
- "DRAFT-IETF-TLS-HYBRID-DESIGN",
224
- "RFC-9180",
225
- "RFC-9458"
221
+ "RFC-4301",
222
+ "RFC-4303",
223
+ "RFC-6376",
224
+ "RFC-6545",
225
+ "RFC-6546"
226
226
  ]
227
227
  },
228
228
  "zeroday-lessons.json": {