npm - @blamejs/exceptd-skills - Versions diffs - 0.12.13 → 0.12.15 - Mend

@blamejs/exceptd-skills 0.12.13 → 0.12.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/CHANGELOG.md +150 -0
package/bin/exceptd.js +147 -9
package/data/_indexes/_meta.json +45 -45
package/data/_indexes/activity-feed.json +4 -4
package/data/_indexes/catalog-summaries.json +29 -29
package/data/_indexes/chains.json +3238 -3210
package/data/_indexes/frequency.json +3 -0
package/data/_indexes/jurisdiction-map.json +5 -3
package/data/_indexes/section-offsets.json +712 -685
package/data/_indexes/theater-fingerprints.json +1 -1
package/data/_indexes/token-budget.json +355 -340
package/data/atlas-ttps.json +144 -129
package/data/attack-techniques.json +319 -76
package/data/cve-catalog.json +515 -475
package/data/cwe-catalog.json +1081 -759
package/data/exploit-availability.json +63 -15
package/data/framework-control-gaps.json +867 -843
package/data/rfc-references.json +276 -276
package/keys/EXPECTED_FINGERPRINT +1 -0
package/lib/auto-discovery.js +21 -4
package/lib/cross-ref-api.js +39 -6
package/lib/cve-curation.js +18 -5
package/lib/lint-skills.js +6 -1
package/lib/playbook-runner.js +742 -78
package/lib/refresh-external.js +40 -22
package/lib/refresh-network.js +193 -17
package/lib/scoring.js +20 -7
package/lib/source-ghsa.js +219 -37
package/lib/source-osv.js +381 -122
package/lib/validate-catalog-meta.js +64 -9
package/lib/validate-cve-catalog.js +56 -18
package/lib/validate-indexes.js +88 -37
package/lib/verify.js +72 -0
package/manifest-snapshot.json +1 -1
package/manifest-snapshot.sha256 +1 -0
package/manifest.json +73 -73
package/orchestrator/dispatcher.js +21 -1
package/orchestrator/event-bus.js +52 -8
package/orchestrator/index.js +279 -20
package/orchestrator/pipeline.js +63 -2
package/orchestrator/scanner.js +32 -10
package/orchestrator/scheduler.js +150 -17
package/package.json +3 -1
package/sbom.cdx.json +7 -7
package/scripts/check-manifest-snapshot.js +32 -0
package/scripts/check-sbom-currency.js +65 -3
package/scripts/check-test-coverage.js +142 -19
package/scripts/predeploy.js +83 -39
package/scripts/refresh-manifest-snapshot.js +55 -4
package/scripts/validate-vendor-online.js +169 -0
package/scripts/verify-shipped-tarball.js +106 -3
package/skills/ai-attack-surface/skill.md +18 -10
package/skills/ai-c2-detection/skill.md +7 -2
package/skills/ai-risk-management/skill.md +5 -4
package/skills/api-security/skill.md +3 -3
package/skills/attack-surface-pentest/skill.md +5 -5
package/skills/cloud-security/skill.md +1 -1
package/skills/compliance-theater/skill.md +8 -8
package/skills/container-runtime-security/skill.md +1 -1
package/skills/dlp-gap-analysis/skill.md +5 -1
package/skills/email-security-anti-phishing/skill.md +1 -1
package/skills/exploit-scoring/skill.md +18 -18
package/skills/framework-gap-analysis/skill.md +6 -6
package/skills/global-grc/skill.md +3 -2
package/skills/identity-assurance/skill.md +2 -2
package/skills/incident-response-playbook/skill.md +4 -4
package/skills/kernel-lpe-triage/skill.md +21 -2
package/skills/mcp-agent-trust/skill.md +17 -10
package/skills/mlops-security/skill.md +2 -1
package/skills/ot-ics-security/skill.md +1 -1
package/skills/policy-exception-gen/skill.md +3 -3
package/skills/pqc-first/skill.md +1 -1
package/skills/rag-pipeline-security/skill.md +7 -3
package/skills/researcher/skill.md +20 -3
package/skills/sector-energy/skill.md +1 -1
package/skills/sector-federal-government/skill.md +1 -1
package/skills/sector-financial/skill.md +3 -3
package/skills/sector-healthcare/skill.md +2 -2
package/skills/security-maturity-tiers/skill.md +7 -7
package/skills/skill-update-loop/skill.md +19 -3
package/skills/supply-chain-integrity/skill.md +1 -1
package/skills/threat-model-currency/skill.md +11 -11
package/skills/threat-modeling-methodology/skill.md +3 -3
package/skills/webapp-security/skill.md +1 -1
package/skills/zeroday-gap-learn/skill.md +51 -7
package/vendor/blamejs/_PROVENANCE.json +4 -1
package/vendor/blamejs/worker-pool.js +38 -0

package/data/attack-techniques.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "_meta": {
     "schema_version": "1.0.0",
     "last_updated": "2026-05-13",
-    "attack_version": "v17",
+    "attack_version": "17",
     "attack_version_date": "2025-06-25",
     "source": "https://attack.mitre.org — MITRE ATT&CK Enterprise + ICS. Only techniques currently referenced by shipped exceptd skills and playbooks. The full ATT&CK matrix (~700 techniques) is intentionally not duplicated here; this is a resolution catalog for cross-reference validation, not a substitute for attack.mitre.org. See `npm run refresh-attack-techniques` (v0.13.0+) for the full corpus.",
     "tlp": "CLEAR",
@@ -18,79 +18,322 @@
       "note": "Catalog must be rebuilt against the upstream ATT&CK release whenever MITRE publishes a new version. AGENTS.md hard rule #8 requires the bump to be intentional, not silent."
     }
   },
-  "T0001": { "name": "Authority Spoof", "version": "v17" },
-  "T0017": { "name": "Spearphishing Attachment (ICS)", "version": "v17" },
-  "T0051": { "name": "Position Tampering", "version": "v17" },
-  "T0096": { "name": "Remote System Discovery (ICS)", "version": "v17" },
-  "T0853": { "name": "Scripting", "version": "v17" },
-  "T0855": { "name": "Unauthorized Command Message", "version": "v17" },
-  "T0867": { "name": "Lateral Tool Transfer", "version": "v17" },
-  "T0883": { "name": "Internet Accessible Device", "version": "v17" },
-  "T1021": { "name": "Remote Services", "version": "v17" },
-  "T1027": { "name": "Obfuscated Files or Information", "version": "v17" },
-  "T1040": { "name": "Network Sniffing", "version": "v17" },
-  "T1041": { "name": "Exfiltration Over C2 Channel", "version": "v17" },
-  "T1053.003": { "name": "Scheduled Task/Job: Cron", "version": "v17" },
-  "T1055": { "name": "Process Injection", "version": "v17" },
-  "T1059": { "name": "Command and Scripting Interpreter", "version": "v17" },
-  "T1068": { "name": "Exploitation for Privilege Escalation", "version": "v17" },
-  "T1071": { "name": "Application Layer Protocol", "version": "v17" },
-  "T1078": { "name": "Valid Accounts", "version": "v17" },
-  "T1078.002": { "name": "Valid Accounts: Domain Accounts", "version": "v17" },
-  "T1078.003": { "name": "Valid Accounts: Local Accounts", "version": "v17" },
-  "T1078.004": { "name": "Valid Accounts: Cloud Accounts", "version": "v17" },
-  "T1098": { "name": "Account Manipulation", "version": "v17" },
-  "T1102": { "name": "Web Service", "version": "v17" },
-  "T1110": { "name": "Brute Force", "version": "v17" },
-  "T1110.001": { "name": "Brute Force: Password Guessing", "version": "v17" },
-  "T1133": { "name": "External Remote Services", "version": "v17" },
-  "T1136.001": { "name": "Create Account: Local Account", "version": "v17" },
-  "T1190": { "name": "Exploit Public-Facing Application", "version": "v17" },
-  "T1195": { "name": "Supply Chain Compromise", "version": "v17" },
-  "T1195.001": { "name": "Supply Chain Compromise: Software Dependencies and Development Tools", "version": "v17" },
-  "T1195.002": { "name": "Supply Chain Compromise: Software Supply Chain", "version": "v17" },
-  "T1199": { "name": "Trusted Relationship", "version": "v17" },
-  "T1203": { "name": "Exploitation for Client Execution", "version": "v17" },
-  "T1212": { "name": "Exploitation for Credential Access", "version": "v17" },
-  "T1213": { "name": "Data from Information Repositories", "version": "v17" },
-  "T1485": { "name": "Data Destruction", "version": "v17" },
-  "T1486": { "name": "Data Encrypted for Impact", "version": "v17" },
-  "T1505": { "name": "Server Software Component", "version": "v17" },
-  "T1518": { "name": "Software Discovery", "version": "v17" },
-  "T1525": { "name": "Implant Internal Image", "version": "v17" },
-  "T1528": { "name": "Steal Application Access Token", "version": "v17" },
-  "T1530": { "name": "Data from Cloud Storage", "version": "v17" },
-  "T1543": { "name": "Create or Modify System Process", "version": "v17" },
-  "T1546": { "name": "Event Triggered Execution", "version": "v17" },
-  "T1547": { "name": "Boot or Logon Autostart Execution", "version": "v17" },
-  "T1548.001": { "name": "Abuse Elevation Control Mechanism: Setuid and Setgid", "version": "v17" },
-  "T1548.003": { "name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching", "version": "v17" },
-  "T1552": { "name": "Unsecured Credentials", "version": "v17" },
-  "T1552.001": { "name": "Unsecured Credentials: Credentials In Files", "version": "v17" },
-  "T1552.004": { "name": "Unsecured Credentials: Private Keys", "version": "v17" },
-  "T1552.005": { "name": "Unsecured Credentials: Cloud Instance Metadata API", "version": "v17" },
-  "T1552.007": { "name": "Unsecured Credentials: Container API", "version": "v17" },
-  "T1554": { "name": "Compromise Host Software Binary", "version": "v17" },
-  "T1555": { "name": "Credentials from Password Stores", "version": "v17" },
-  "T1556": { "name": "Modify Authentication Process", "version": "v17" },
-  "T1557": { "name": "Adversary-in-the-Middle", "version": "v17" },
-  "T1562.001": { "name": "Impair Defenses: Disable or Modify Tools", "version": "v17" },
-  "T1562.006": { "name": "Impair Defenses: Indicator Blocking", "version": "v17" },
-  "T1565": { "name": "Data Manipulation", "version": "v17" },
-  "T1566": { "name": "Phishing", "version": "v17" },
-  "T1566.001": { "name": "Phishing: Spearphishing Attachment", "version": "v17" },
-  "T1566.002": { "name": "Phishing: Spearphishing Link", "version": "v17" },
-  "T1566.003": { "name": "Phishing: Spearphishing via Service", "version": "v17" },
-  "T1567": { "name": "Exfiltration Over Web Service", "version": "v17" },
-  "T1568": { "name": "Dynamic Resolution", "version": "v17" },
-  "T1570": { "name": "Lateral Tool Transfer", "version": "v17" },
-  "T1573": { "name": "Encrypted Channel", "version": "v17" },
-  "T1574": { "name": "Hijack Execution Flow", "version": "v17" },
-  "T1574.005": { "name": "Hijack Execution Flow: Executable Installer File Permissions Weakness", "version": "v17" },
-  "T1595": { "name": "Active Scanning", "version": "v17" },
-  "T1600": { "name": "Weaken Encryption", "version": "v17" },
-  "T1606.001": { "name": "Forge Web Credentials: Web Cookies", "version": "v17" },
-  "T1610": { "name": "Deploy Container", "version": "v17" },
-  "T1611": { "name": "Escape to Host", "version": "v17" },
-  "T1613": { "name": "Container and Resource Discovery", "version": "v17" }
+  "T0001": {
+    "name": "Authority Spoof",
+    "version": "v17"
+  },
+  "T0017": {
+    "name": "Spearphishing Attachment (ICS)",
+    "version": "v17"
+  },
+  "T0051": {
+    "name": "Position Tampering",
+    "version": "v17"
+  },
+  "T0096": {
+    "name": "Remote System Discovery (ICS)",
+    "version": "v17"
+  },
+  "T0853": {
+    "name": "Scripting",
+    "version": "v17"
+  },
+  "T0855": {
+    "name": "Unauthorized Command Message",
+    "version": "v17"
+  },
+  "T0867": {
+    "name": "Lateral Tool Transfer",
+    "version": "v17",
+    "domain": "ICS"
+  },
+  "T0883": {
+    "name": "Internet Accessible Device",
+    "version": "v17"
+  },
+  "T1021": {
+    "name": "Remote Services",
+    "version": "v17"
+  },
+  "T1027": {
+    "name": "Obfuscated Files or Information",
+    "version": "v17"
+  },
+  "T1040": {
+    "name": "Network Sniffing",
+    "version": "v17"
+  },
+  "T1041": {
+    "name": "Exfiltration Over C2 Channel",
+    "version": "v17"
+  },
+  "T1053.003": {
+    "name": "Scheduled Task/Job: Cron",
+    "version": "v17"
+  },
+  "T1055": {
+    "name": "Process Injection",
+    "version": "v17"
+  },
+  "T1059": {
+    "name": "Command and Scripting Interpreter",
+    "version": "v17"
+  },
+  "T1059.001": {
+    "name": "Command and Scripting Interpreter: PowerShell",
+    "version": "v17"
+  },
+  "T1059.006": {
+    "name": "Command and Scripting Interpreter: Python",
+    "version": "v17"
+  },
+  "T1059.007": {
+    "name": "Command and Scripting Interpreter: JavaScript",
+    "version": "v17"
+  },
+  "T1068": {
+    "name": "Exploitation for Privilege Escalation",
+    "version": "v17"
+  },
+  "T1071": {
+    "name": "Application Layer Protocol",
+    "version": "v17"
+  },
+  "T1078": {
+    "name": "Valid Accounts",
+    "version": "v17"
+  },
+  "T1078.001": {
+    "name": "Valid Accounts: Default Accounts",
+    "version": "v17"
+  },
+  "T1078.002": {
+    "name": "Valid Accounts: Domain Accounts",
+    "version": "v17"
+  },
+  "T1078.003": {
+    "name": "Valid Accounts: Local Accounts",
+    "version": "v17"
+  },
+  "T1078.004": {
+    "name": "Valid Accounts: Cloud Accounts",
+    "version": "v17"
+  },
+  "T1098": {
+    "name": "Account Manipulation",
+    "version": "v17"
+  },
+  "T1102": {
+    "name": "Web Service",
+    "version": "v17"
+  },
+  "T1110": {
+    "name": "Brute Force",
+    "version": "v17"
+  },
+  "T1110.001": {
+    "name": "Brute Force: Password Guessing",
+    "version": "v17"
+  },
+  "T1133": {
+    "name": "External Remote Services",
+    "version": "v17"
+  },
+  "T1136.001": {
+    "name": "Create Account: Local Account",
+    "version": "v17"
+  },
+  "T1190": {
+    "name": "Exploit Public-Facing Application",
+    "version": "v17"
+  },
+  "T1195": {
+    "name": "Supply Chain Compromise",
+    "version": "v17"
+  },
+  "T1195.001": {
+    "name": "Supply Chain Compromise: Software Dependencies and Development Tools",
+    "version": "v17"
+  },
+  "T1195.002": {
+    "name": "Supply Chain Compromise: Software Supply Chain",
+    "version": "v17"
+  },
+  "T1199": {
+    "name": "Trusted Relationship",
+    "version": "v17"
+  },
+  "T1203": {
+    "name": "Exploitation for Client Execution",
+    "version": "v17"
+  },
+  "T1212": {
+    "name": "Exploitation for Credential Access",
+    "version": "v17"
+  },
+  "T1213": {
+    "name": "Data from Information Repositories",
+    "version": "v17"
+  },
+  "T1485": {
+    "name": "Data Destruction",
+    "version": "v17"
+  },
+  "T1486": {
+    "name": "Data Encrypted for Impact",
+    "version": "v17"
+  },
+  "T1505": {
+    "name": "Server Software Component",
+    "version": "v17"
+  },
+  "T1518": {
+    "name": "Software Discovery",
+    "version": "v17"
+  },
+  "T1525": {
+    "name": "Implant Internal Image",
+    "version": "v17"
+  },
+  "T1528": {
+    "name": "Steal Application Access Token",
+    "version": "v17"
+  },
+  "T1530": {
+    "name": "Data from Cloud Storage",
+    "version": "v17"
+  },
+  "T1543": {
+    "name": "Create or Modify System Process",
+    "version": "v17"
+  },
+  "T1546": {
+    "name": "Event Triggered Execution",
+    "version": "v17"
+  },
+  "T1547": {
+    "name": "Boot or Logon Autostart Execution",
+    "version": "v17"
+  },
+  "T1548.001": {
+    "name": "Abuse Elevation Control Mechanism: Setuid and Setgid",
+    "version": "v17"
+  },
+  "T1548.003": {
+    "name": "Abuse Elevation Control Mechanism: Sudo and Sudo Caching",
+    "version": "v17"
+  },
+  "T1552": {
+    "name": "Unsecured Credentials",
+    "version": "v17"
+  },
+  "T1552.001": {
+    "name": "Unsecured Credentials: Credentials In Files",
+    "version": "v17"
+  },
+  "T1552.004": {
+    "name": "Unsecured Credentials: Private Keys",
+    "version": "v17"
+  },
+  "T1552.005": {
+    "name": "Unsecured Credentials: Cloud Instance Metadata API",
+    "version": "v17"
+  },
+  "T1552.007": {
+    "name": "Unsecured Credentials: Container API",
+    "version": "v17"
+  },
+  "T1554": {
+    "name": "Compromise Host Software Binary",
+    "version": "v17"
+  },
+  "T1555": {
+    "name": "Credentials from Password Stores",
+    "version": "v17"
+  },
+  "T1556": {
+    "name": "Modify Authentication Process",
+    "version": "v17"
+  },
+  "T1557": {
+    "name": "Adversary-in-the-Middle",
+    "version": "v17"
+  },
+  "T1562.001": {
+    "name": "Impair Defenses: Disable or Modify Tools",
+    "version": "v17"
+  },
+  "T1562.006": {
+    "name": "Impair Defenses: Indicator Blocking",
+    "version": "v17"
+  },
+  "T1565": {
+    "name": "Data Manipulation",
+    "version": "v17"
+  },
+  "T1566": {
+    "name": "Phishing",
+    "version": "v17"
+  },
+  "T1566.001": {
+    "name": "Phishing: Spearphishing Attachment",
+    "version": "v17"
+  },
+  "T1566.002": {
+    "name": "Phishing: Spearphishing Link",
+    "version": "v17"
+  },
+  "T1566.003": {
+    "name": "Phishing: Spearphishing via Service",
+    "version": "v17"
+  },
+  "T1567": {
+    "name": "Exfiltration Over Web Service",
+    "version": "v17"
+  },
+  "T1568": {
+    "name": "Dynamic Resolution",
+    "version": "v17"
+  },
+  "T1570": {
+    "name": "Lateral Tool Transfer",
+    "version": "v17",
+    "domain": "Enterprise"
+  },
+  "T1573": {
+    "name": "Encrypted Channel",
+    "version": "v17"
+  },
+  "T1574": {
+    "name": "Hijack Execution Flow",
+    "version": "v17"
+  },
+  "T1574.005": {
+    "name": "Hijack Execution Flow: Executable Installer File Permissions Weakness",
+    "version": "v17"
+  },
+  "T1595": {
+    "name": "Active Scanning",
+    "version": "v17"
+  },
+  "T1600": {
+    "name": "Weaken Encryption",
+    "version": "v17"
+  },
+  "T1606.001": {
+    "name": "Forge Web Credentials: Web Cookies",
+    "version": "v17"
+  },
+  "T1610": {
+    "name": "Deploy Container",
+    "version": "v17"
+  },
+  "T1611": {
+    "name": "Escape to Host",
+    "version": "v17"
+  },
+  "T1613": {
+    "name": "Container and Resource Discovery",
+    "version": "v17"
+  }
 }