@blamejs/exceptd-skills 0.12.15 → 0.12.18

package/lib/verify.js

@@ -30,6 +30,24 @@
  * additionalProperties=false at the skill level catches typos and
  * unknown fields that would otherwise silently be dropped.
  *
+ * Manifest signature contract (must mirror lib/sign.js):
+ *   The manifest carries a top-level `manifest_signature` field. Before
+ *   iterating skills, loadManifestValidated() extracts the signature,
+ *   recomputes the canonical bytes, and verifies against keys/public.pem.
+ *   On failure, all skill verification is blocked with a structured
+ *   error. When the field is absent (older v0.11.x / pre-v0.12.17
+ *   tarballs in the wild), a warning is emitted but verification
+ *   continues — this preserves backward compatibility for installs that
+ *   predate manifest signing.
+ *
+ *   Canonical bytes are computed identically to lib/sign.js
+ *   canonicalManifestBytes():
+ *     1. Clone, delete manifest_signature.
+ *     2. JSON.stringify with top-level keys sorted lexicographically.
+ *     3. Apply normalize() — strip BOM, CRLF → LF.
+ *   ANY change to the canonical form requires the matching change in
+ *   lib/sign.js. Round-trip stability is a hard contract.
+ *
  * Signing ceremony: see lib/sign.js
  * Public key: keys/public.pem (tracked in repo)
  * Private key: .keys/private.pem (gitignored, kept off-repo)
@@ -112,7 +130,19 @@ function signAll() {
   const privateKey = loadPrivateKey();
   if (!privateKey) throw new Error('No private key at .keys/private.pem — run: node lib/sign.js generate-keypair');
 
-  const manifest = loadManifestValidated();
+  // P1-4: load the manifest without the signature gate. We're about to
+  // mutate the manifest (re-sign skills + re-sign the manifest itself),
+  // so a stale manifest_signature mismatch here is expected — not a
+  // tampering signal. Schema + path validation still apply.
+  const manifest = loadManifest();
+  const schema = JSON.parse(fs.readFileSync(MANIFEST_SCHEMA_PATH, 'utf8'));
+  const errors0 = validateAgainstSchema(manifest, schema, 'manifest');
+  if (errors0.length > 0) {
+    const detail = errors0.slice(0, 10).map(e => '  - ' + e).join('\n');
+    throw new Error(`[verify] manifest.json failed schema validation before re-sign:\n${detail}`);
+  }
+  for (const skill of (manifest.skills || [])) validateSkillPath(skill.path);
+
   const result = { signed: [], errors: [] };
 
   for (const skill of manifest.skills) {
@@ -128,8 +158,20 @@ function signAll() {
     result.signed.push(skill.name);
   }
 
+  // P1-4: re-sign the manifest after the per-skill signatures changed.
+  delete manifest.manifest_signature;
+  const canonical = canonicalManifestBytes(manifest);
+  const manifestSig = crypto.sign(null, canonical, {
+    key: privateKey, dsaEncoding: 'ieee-p1363',
+  });
+  manifest.manifest_signature = {
+    algorithm: 'Ed25519',
+    signature_base64: manifestSig.toString('base64'),
+    signed_at: new Date().toISOString(),
+  };
+
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
-  console.log(`[verify] Signed ${result.signed.length} skills with Ed25519 private key.`);
+  console.log(`[verify] Signed ${result.signed.length} skills with Ed25519 private key. Manifest signed.`);
   return result;
 }
 
@@ -244,6 +286,86 @@ function loadManifest() {
   return JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf8'));
 }
 
+/**
+ * Audit I P1-4 — canonical byte form of the manifest.
+ *
+ * Mirrors lib/sign.js canonicalManifestBytes(). Any divergence here
+ * breaks the verify-after-sign round trip; do not modify in isolation.
+ *
+ * v0.12.17 (codex P1 PR #12): use deep canonicalize() instead of the
+ * top-level sortedKeys replacer-array. The replacer-array form acts as
+ * a property allowlist applied to EVERY object level — nested fields
+ * like skills[].path and skills[].signature got silently dropped from
+ * the canonical bytes, letting an attacker swap them without breaking
+ * the signature.
+ *
+ * @param {object} manifest
+ * @returns {Buffer} canonical UTF-8 bytes
+ */
+function canonicalize(value) {
+  if (Array.isArray(value)) return value.map(canonicalize);
+  if (value && typeof value === 'object') {
+    const out = {};
+    for (const key of Object.keys(value).sort()) {
+      out[key] = canonicalize(value[key]);
+    }
+    return out;
+  }
+  return value;
+}
+
+function canonicalManifestBytes(manifest) {
+  const clone = { ...manifest };
+  delete clone.manifest_signature;
+  const json = JSON.stringify(canonicalize(clone), null, 2);
+  return Buffer.from(normalize(json), 'utf8');
+}
+
+/**
+ * Verify the top-level manifest_signature against keys/public.pem.
+ *
+ * Returns one of:
+ *   { status: 'missing' }  — field absent (legacy tarball; warn-but-proceed)
+ *   { status: 'valid' }    — signature verifies
+ *   { status: 'invalid',   — signature malformed, wrong key, or tampered
+ *     reason: string }
+ *   { status: 'no-key',    — keys/public.pem absent
+ *     reason: string }
+ *
+ * @param {object} manifest
+ */
+function verifyManifestSignature(manifest) {
+  const sig = manifest && manifest.manifest_signature;
+  if (!sig || typeof sig !== 'object') return { status: 'missing' };
+  if (typeof sig.signature_base64 !== 'string') {
+    return { status: 'invalid', reason: 'manifest_signature.signature_base64 missing or not a string' };
+  }
+  if (sig.algorithm && sig.algorithm !== 'Ed25519') {
+    return { status: 'invalid', reason: `unsupported manifest_signature.algorithm: ${sig.algorithm}` };
+  }
+  const publicKey = loadPublicKey();
+  if (!publicKey) {
+    return { status: 'no-key', reason: 'public key missing at keys/public.pem' };
+  }
+  let signatureBytes;
+  try {
+    signatureBytes = Buffer.from(sig.signature_base64, 'base64');
+  } catch (e) {
+    return { status: 'invalid', reason: `malformed base64 in manifest_signature: ${e.message}` };
+  }
+  const bytes = canonicalManifestBytes(manifest);
+  let ok = false;
+  try {
+    ok = crypto.verify(null, bytes, {
+      key: publicKey,
+      dsaEncoding: 'ieee-p1363',
+    }, signatureBytes);
+  } catch (e) {
+    return { status: 'invalid', reason: `crypto.verify threw: ${e.message}` };
+  }
+  return ok ? { status: 'valid' } : { status: 'invalid', reason: 'Ed25519 manifest signature did not verify against keys/public.pem — manifest.json has been tampered or signed with a different key' };
+}
+
 /**
  * Load the manifest and validate it against
  * lib/schemas/manifest.schema.json + the path-traversal guard.
@@ -252,6 +374,14 @@ function loadManifest() {
  * is a fatal-class bug — surface it loudly rather than verify-against-
  * a-corrupt-manifest.
  *
+ * Audit I P1-4: also verifies the top-level manifest_signature. On
+ * invalid signature, throws a structured error blocking all skill
+ * verification (a coordinated attacker who rewrote manifest.json +
+ * manifest-snapshot.json + manifest-snapshot.sha256 still cannot forge
+ * the Ed25519 signature without the private key). When the signature
+ * field is absent, emits a stderr warning but proceeds — preserves
+ * backward compatibility for v0.12.16-and-earlier tarballs.
+ *
  * @returns {object}
  */
 function loadManifestValidated() {
@@ -269,6 +399,21 @@ function loadManifestValidated() {
   for (const skill of manifest.skills) {
     validateSkillPath(skill.path);
   }
+  // Audit I P1-4 — manifest signature gate. Runs after schema + path
+  // validation so a malformed manifest reports the structural failure
+  // before the cryptographic one.
+  const sigResult = verifyManifestSignature(manifest);
+  if (sigResult.status === 'invalid') {
+    throw new Error(`[verify] manifest_signature verification FAILED — ${sigResult.reason}. The manifest has been modified (or signed with a different key) since last sign-all. Refusing to verify any skill against this manifest.`);
+  }
+  if (sigResult.status === 'missing') {
+    console.warn('[verify] WARN: manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.');
+  } else if (sigResult.status === 'no-key') {
+    // Surfaced separately so the warning matches the missing-key path
+    // that verifyAll() already handles — don't fail here, the verifyAll
+    // entry point will emit a no_key result of its own.
+    console.warn(`[verify] WARN: cannot verify manifest_signature — ${sigResult.reason}.`);
+  }
   return manifest;
 }
 
@@ -554,5 +699,7 @@ module.exports = {
   validateAgainstSchema,
   publicKeyFingerprint,
   checkExpectedFingerprint,
+  canonicalManifestBytes,
+  verifyManifestSignature,
   EXPECTED_FINGERPRINT_PATH,
 };

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-14T15:55:39.383Z",
+  "_generated_at": "2026-05-14T18:49:21.239Z",
   "atlas_version": "5.1.0",
   "skill_count": 38,
   "skills": [

package/manifest-snapshot.sha256

@@ -1 +1 @@
-ca9d31e533c9d494e1ac5875e0a45176101438c3d75d44387187e367ccae21ad  manifest-snapshot.json
+7e10f4b0b1c6cfa096e35ca28cdd8a95c19e51537cdd3e22628aecb87c72db1b  manifest-snapshot.json

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.15",
+  "version": "0.12.18",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -52,7 +52,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "GedX81xfe2Y/oIVTEvakZUcSPFccqsDjBibE+KbiiHezAx2EvCS4AOjlx4TO7F0iuC47G/wvOc12kMYe9iHtDw==",
-      "signed_at": "2026-05-14T16:47:03.242Z",
+      "signed_at": "2026-05-14T19:29:43.828Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -116,7 +116,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Rz5jS554rDryT6FPVZy0PwHMCYoJQQhhNDNI9rvOptjDbsnnKtZkpVXlKke5OKmLu5fHEBaNPg856qMIZFq+Ag==",
-      "signed_at": "2026-05-14T16:47:03.244Z",
+      "signed_at": "2026-05-14T19:29:43.829Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -179,7 +179,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "goSMEVE6QbfcdqCEgq324TNy6rZ2mWwPA28gMPvojy8ZzGFng87hLdyvKhDMo4S3KTK1D6CaTBksAzZw4Go8Cg==",
-      "signed_at": "2026-05-14T16:47:03.245Z",
+      "signed_at": "2026-05-14T19:29:43.830Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -225,7 +225,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "XFQO+fdOb388MLxMLoTqjOHhmV/PBOPKH0nZTp5NY4uzk5iUTo6G2T/IrgZGV7/CvsuvOvaXWP8+BDllXzOpDw==",
-      "signed_at": "2026-05-14T16:47:03.245Z"
+      "signed_at": "2026-05-14T19:29:43.831Z"
     },
     {
       "name": "compliance-theater",
@@ -256,7 +256,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "1UD9hHv44RWc1GSvN99pmxk26xaHLC74EbJ1ndn5Sptgd7w2rU9QznqCKf7Qc18uRyNEFhqW3jHvEs9c/XgrAw==",
-      "signed_at": "2026-05-14T16:47:03.245Z"
+      "signed_at": "2026-05-14T19:29:43.831Z"
     },
     {
       "name": "exploit-scoring",
@@ -285,7 +285,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "4tt6UuIkq/Mi8zMhO5cydYlXyG7jKxF2MFBC34Q6Q5l3FHPhhqrL5HLOB4WFgVmq27wBbD6AgUu2czVnKa5MDQ==",
-      "signed_at": "2026-05-14T16:47:03.245Z"
+      "signed_at": "2026-05-14T19:29:43.831Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -322,7 +322,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "4mstnPFMNhiorB7iEwqb7Jh+OCG79Mhqt2h/RwL5JbnAIPBi0Fcv0JBhQ5msEaHO4gNnpcBrdMfiDxLDwetZCw==",
-      "signed_at": "2026-05-14T16:47:03.246Z",
+      "signed_at": "2026-05-14T19:29:43.832Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -379,7 +379,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "FjdIy9NqQpSSMhIbyv5WhnJKrVLhO98iBfQ0AHqXw6yqXdVoWucyr729Jwhelq40oAkiBzbXi9RoVo63DHJwDw==",
-      "signed_at": "2026-05-14T16:47:03.246Z",
+      "signed_at": "2026-05-14T19:29:43.832Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -414,7 +414,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
-      "signed_at": "2026-05-14T16:47:03.246Z",
+      "signed_at": "2026-05-14T19:29:43.832Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -442,7 +442,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xwlad/p5XlICc76KqrdWpEpBgwx1D87oM5qlccRQ5LKC/o0pr8vQ8LN3WLiiziBChplwNbruiIN6UETniZpjCg==",
-      "signed_at": "2026-05-14T16:47:03.247Z"
+      "signed_at": "2026-05-14T19:29:43.833Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
-      "signed_at": "2026-05-14T16:47:03.247Z"
+      "signed_at": "2026-05-14T19:29:43.834Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -501,7 +501,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "pKv1b8JAj1ldwR2KGccvjUKqlor2KNXXzxkKypkv+4O8WbqY7v8fWlbFe1F36OJrL2xYJdnZL5mJzqjYVHLRCg==",
-      "signed_at": "2026-05-14T16:47:03.248Z"
+      "signed_at": "2026-05-14T19:29:43.834Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
-      "signed_at": "2026-05-14T16:47:03.248Z",
+      "signed_at": "2026-05-14T19:29:43.834Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -600,7 +600,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "UayHLLWXAkhnLPaPRsgDpAyE8FGk1tuG1/DYyhw84Uv4tfCKXMamsAhXHOyMIosQfsJq5ZHYVXZz0bYNpnlvDw==",
-      "signed_at": "2026-05-14T16:47:03.248Z"
+      "signed_at": "2026-05-14T19:29:43.835Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -637,7 +637,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
-      "signed_at": "2026-05-14T16:47:03.248Z",
+      "signed_at": "2026-05-14T19:29:43.835Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -672,7 +672,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
-      "signed_at": "2026-05-14T16:47:03.249Z"
+      "signed_at": "2026-05-14T19:29:43.835Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "rh+/cr+wTcEmBwrGscBni/jXpxjjYP91pUKDFIGkahZpw+nghCM/3aLKFf5RFRnl3JKTyBRywIrYhUH1YuSlDw==",
-      "signed_at": "2026-05-14T16:47:03.249Z"
+      "signed_at": "2026-05-14T19:29:43.836Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-14T16:47:03.249Z"
+      "signed_at": "2026-05-14T19:29:43.836Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "/BCBGUVjGs1RZzqXfElxBWB8UoD4+MY2G1YekdWsTDbMcHvt3NZJf0/JcqdYHOsEhFQ21NEz3w3+6tmQ8htKDw==",
-      "signed_at": "2026-05-14T16:47:03.249Z"
+      "signed_at": "2026-05-14T19:29:43.837Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "mySOkGScsNPtEZcHg42EKcvUSBzADIB9mSlNe0L1yPllrB/83ypBj6cCERRw9ql+rtrNxapyc6Do+nCz7E5rDg==",
-      "signed_at": "2026-05-14T16:47:03.250Z"
+      "signed_at": "2026-05-14T19:29:43.837Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-14T16:47:03.250Z"
+      "signed_at": "2026-05-14T19:29:43.837Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
-      "signed_at": "2026-05-14T16:47:03.250Z"
+      "signed_at": "2026-05-14T19:29:43.838Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
-      "signed_at": "2026-05-14T16:47:03.251Z"
+      "signed_at": "2026-05-14T19:29:43.838Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
-      "signed_at": "2026-05-14T16:47:03.251Z"
+      "signed_at": "2026-05-14T19:29:43.838Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
-      "signed_at": "2026-05-14T16:47:03.251Z"
+      "signed_at": "2026-05-14T19:29:43.839Z"
     },
     {
       "name": "webapp-security",
@@ -1311,7 +1311,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "csC9KRA3ExCSK77+UF6gj0OFPPZzOvuPxQtKEoaUZmLvn3V37My4IpbUjXAN2ZavTHqyFG9yQNfq3ELZeSJ7Cg==",
-      "signed_at": "2026-05-14T16:47:03.252Z"
+      "signed_at": "2026-05-14T19:29:43.839Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "P2D++lB5hea3oi2vl9mf8C7N+E7zASoqt1v4tjKxtaTeb+U0UARgMOaZsoK/sO9TT/PG/au14Rl4EFxv+Xi1BA==",
-      "signed_at": "2026-05-14T16:47:03.252Z"
+      "signed_at": "2026-05-14T19:29:43.839Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
-      "signed_at": "2026-05-14T16:47:03.252Z"
+      "signed_at": "2026-05-14T19:29:43.840Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "4IUJePr6XbE1Ns+cPvEFAVgrwdHLImuxdPYiilurxM2SmJym1itRC1prFMcuT6Kh6e1clYXwlzflcKm/eikyDA==",
-      "signed_at": "2026-05-14T16:47:03.252Z"
+      "signed_at": "2026-05-14T19:29:43.840Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
-      "signed_at": "2026-05-14T16:47:03.253Z"
+      "signed_at": "2026-05-14T19:29:43.841Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
-      "signed_at": "2026-05-14T16:47:03.253Z"
+      "signed_at": "2026-05-14T19:29:43.841Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ad1pHD4QQ8uXkhrzqLuWgnDpESOapzx3qGFchU9rxiX1aeLQkYKwpDzqIItFq82B5xjNsW7g5jXlF1sgK2HmCA==",
-      "signed_at": "2026-05-14T16:47:03.253Z"
+      "signed_at": "2026-05-14T19:29:43.842Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
-      "signed_at": "2026-05-14T16:47:03.254Z"
+      "signed_at": "2026-05-14T19:29:43.842Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "4easZDYn25XK4E9MRnwnZohG3xdYMmOLlPznNVmr1ykNfB+343+ooj+R0quG8uEV/IqbTQpR1ink35K6jCghCg==",
-      "signed_at": "2026-05-14T16:47:03.254Z"
+      "signed_at": "2026-05-14T19:29:43.842Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "chbPWzjfx92OjEAwMIm+J4GObxy8uwTahNBvbhMfYL7vTAJe/lf2BaW8wUpchpMIwYL0985A/+WykH8zmk/DBA==",
-      "signed_at": "2026-05-14T16:47:03.255Z"
+      "signed_at": "2026-05-14T19:29:43.843Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "3V7kvM5cxXdCBoMnjvOoTvT3zD+/yZEBHYgiunYQe8tBm+vVnS4jCz1Nzv/ymePIfbYDo/PlzKeGTWStSsGiAg==",
-      "signed_at": "2026-05-14T16:47:03.255Z"
+      "signed_at": "2026-05-14T19:29:43.843Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
-      "signed_at": "2026-05-14T16:47:03.255Z"
+      "signed_at": "2026-05-14T19:29:43.843Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,7 +2102,12 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
-      "signed_at": "2026-05-14T16:47:03.256Z"
+      "signed_at": "2026-05-14T19:29:43.844Z"
     }
-  ]
+  ],
+  "manifest_signature": {
+    "algorithm": "Ed25519",
+    "signature_base64": "TD/DHSjapE7OQbmJ7a4GMh+35vcyhWvyQU0kjXZZWByNZJsvUDPlyYy0bEiz6/BylGv0QLpTsT0iQWHGPu5ECA==",
+    "signed_at": "2026-05-14T19:29:43.845Z"
+  }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.15",
+  "version": "0.12.18",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0fb3661f-4f3b-4d31-98b3-d5fd759aa8c1",
+  "serialNumber": "urn:uuid:f814e8e0-7189-4a08-8117-b35a35ae4f30",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-14T16:47:04.535Z",
+    "timestamp": "2026-05-14T19:29:45.003Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.15",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.18",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.15",
+      "version": "0.12.18",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.15",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.18",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.15"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.18"
         },
         {
           "type": "vcs",