npm - @blamejs/exceptd-skills - Versions diffs - 0.12.18 → 0.12.20 - Mend

@blamejs/exceptd-skills 0.12.18 → 0.12.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +126 -52
package/README.md +1 -1
package/bin/exceptd.js +355 -45
package/data/_indexes/_meta.json +2 -2
package/data/playbooks/ai-api.json +2 -1
package/lib/auto-discovery.js +62 -9
package/lib/playbook-runner.js +188 -32
package/lib/prefetch.js +62 -15
package/lib/refresh-external.js +27 -0
package/lib/refresh-network.js +91 -3
package/lib/sign.js +10 -2
package/lib/verify.js +26 -4
package/manifest.json +40 -41
package/orchestrator/scheduler.js +10 -0
package/package.json +1 -1
package/sbom.cdx.json +6 -6
package/scripts/predeploy.js +5 -0
package/scripts/verify-shipped-tarball.js +89 -0

package/lib/refresh-network.js CHANGED Viewed

@@ -194,14 +194,63 @@ function verifyDetached(publicKeyObj, payload, sigB64) {
 // v0.12.14 (audit F1, F7): CRLF/BOM normalization mirrors lib/verify.js's
 // normalize(). Duplicated here to keep refresh-network free of cross-module
 // runtime deps. ANY change here MUST be mirrored in lib/verify.js +
-// lib/sign.js — the three normalize() implementations form a byte-stability
-// contract.
+// lib/sign.js + scripts/verify-shipped-tarball.js — the four normalize()
+// implementations form a byte-stability contract enforced by
+// tests/normalize-contract.test.js.
 function normalizeSkillBytes(buf) {
   let s = Buffer.isBuffer(buf) ? buf.toString("utf8") : String(buf);
   if (s.length > 0 && s.charCodeAt(0) === 0xFEFF) s = s.slice(1);
   return Buffer.from(s.replace(/\r\n/g, "\n"), "utf8");
 }
+// Audit O P1-B + Q P1: in-line manifest-signature verifier. Kept here
+// rather than imported from lib/verify.js so refresh-network.js retains
+// its no-cross-module-dep posture (mirrors the per-skill verify path).
+// ANY change to canonical-bytes computation here MUST stay in lockstep
+// with lib/sign.js canonicalManifestBytes() / lib/verify.js
+// canonicalManifestBytes() — tests/normalize-contract.test.js enforces.
+function canonicalizeForRefresh(value) {
+  if (Array.isArray(value)) return value.map(canonicalizeForRefresh);
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const key of Object.keys(value).sort()) {
+      out[key] = canonicalizeForRefresh(value[key]);
+    }
+    return out;
+  }
+  return value;
+}
+function canonicalManifestBytesForRefresh(manifest) {
+  const clone = Object.assign({}, manifest);
+  delete clone.manifest_signature;
+  const json = JSON.stringify(canonicalizeForRefresh(clone), null, 2);
+  return normalizeSkillBytes(Buffer.from(json, "utf8"));
+}
+function verifyTarballManifestSignature(manifest, publicKeyPem) {
+  const sig = manifest && manifest.manifest_signature;
+  if (!sig || typeof sig !== "object") return { status: "missing" };
+  if (typeof sig.signature_base64 !== "string") {
+    return { status: "invalid", reason: "manifest_signature.signature_base64 missing or not a string" };
+  }
+  if (sig.algorithm !== "Ed25519") {
+    return { status: "invalid", reason: `manifest_signature.algorithm must be 'Ed25519' (got ${JSON.stringify(sig.algorithm)})` };
+  }
+  let signatureBytes;
+  try { signatureBytes = Buffer.from(sig.signature_base64, "base64"); }
+  catch (e) { return { status: "invalid", reason: `malformed base64: ${e.message}` }; }
+  const bytes = canonicalManifestBytesForRefresh(manifest);
+  let ok = false;
+  try {
+    ok = crypto.verify(null, bytes, {
+      key: publicKeyPem,
+      dsaEncoding: "ieee-p1363",
+    }, signatureBytes);
+  } catch (e) {
+    return { status: "invalid", reason: `crypto.verify threw: ${e.message}` };
+  }
+  return ok ? { status: "valid" } : { status: "invalid", reason: "Ed25519 manifest signature did not verify against local public.pem" };
+}
 // Manifest path validation. Mirrors lib/verify.js validateSkillPath().
 function validateManifestSkillPath(skillPath) {
   if (typeof skillPath !== "string") throw new Error(`manifest skill.path must be a string, got ${typeof skillPath}`);
@@ -402,6 +451,33 @@ async function main() {
   try { tarballManifest = JSON.parse(tarballManifestEntry.body.toString("utf8")); }
   catch (e) { emit({ ok: false, error: `tarball manifest.json parse: ${e.message}` }, opts.json); process.exitCode = 4; return; }
+  // Audit O P1-B + Q P1: verify the top-level manifest_signature against
+  // the LOCAL public key before honoring any entry in the tarball manifest.
+  // The previous flow iterated `manifest.skills[].signature` per-skill but
+  // never authenticated the manifest envelope itself — a coordinated
+  // attacker who flipped paths/names/atlas_refs on entries already covered
+  // by per-skill signatures (which sign only the skill body bytes, not the
+  // metadata around them) could re-shape catalog routing without breaking
+  // any per-skill signature. The manifest signature closes that gap.
+  //
+  // Unlike post-install verify (which warns-and-continues on missing
+  // signature for legacy-tarball compat), refresh-network REQUIRES the
+  // signature: this code path is publishing fresh content into the local
+  // tree, and the tarball must already be ≥ v0.12.17 to have reached the
+  // registry through the sign-all gate.
+  const manifestSigResult = verifyTarballManifestSignature(tarballManifest, localPubKeyText);
+  if (manifestSigResult.status !== "valid") {
+    emit({
+      ok: false,
+      error: `tarball manifest_signature ${manifestSigResult.status} — refusing to swap`,
+      reason: manifestSigResult.reason || null,
+      hint: manifestSigResult.status === "missing"
+        ? "Tarball predates v0.12.17 manifest signing. Run `npm update -g @blamejs/exceptd-skills` instead so the full provenance-verified install path runs."
+        : "Tarball manifest envelope failed Ed25519 verification against the LOCAL public key. Run `npm update -g @blamejs/exceptd-skills` for the full provenance-verified path, or report this tarball at https://github.com/blamejs/exceptd-skills/issues.",
+    }, opts.json);
+    process.exitCode = 5; return;
+  }
   // v0.12.14 (audit F1): the prior loop iterated `sk.id` + a fixed payload
   // path `skills/<id>/SKILL.md`. Manifest entries actually expose `name` +
   // `path` (a forward-slash relative path like `skills/<name>/skill.md`,
@@ -603,4 +679,16 @@ if (require.main === module) {
   });
 }
-module.exports = { parseTar, fingerprintPublicKey };
+module.exports = {
+  parseTar,
+  fingerprintPublicKey,
+  // Audit P P1-A: exported for tests/normalize-contract.test.js so the
+  // byte-stability contract can be asserted across all four normalize()
+  // implementations (lib/sign.js, lib/verify.js, lib/refresh-network.js,
+  // scripts/verify-shipped-tarball.js).
+  normalizeSkillBytes,
+  // Audit O P1-B + Q P1: exported for in-process tests of the refresh
+  // path's manifest envelope check.
+  verifyTarballManifestSignature,
+  canonicalManifestBytesForRefresh,
+};

package/lib/sign.js CHANGED Viewed

@@ -343,9 +343,18 @@ function canonicalManifestBytes(manifest) {
  * Returns the manifest_signature object literal to splice into the
  * manifest top level.
  *
+ * Audit O P1-A: the previous shape included a `signed_at` ISO timestamp.
+ * That field was stripped from the canonical bytes before signing (via
+ * `delete clone.manifest_signature`), so it was NOT covered by the
+ * signature — an attacker who replayed a known-valid signature could
+ * rewrite `signed_at` to any value, lending false freshness authority to
+ * a stale signature. The field is now omitted entirely. Freshness signal
+ * lives outside the signed bytes (git-log mtime of manifest.json, npm
+ * publish timestamp).
+ *
  * @param {object} manifest
  * @param {string} privateKey PEM-encoded Ed25519 private key
- * @returns {{algorithm:'Ed25519', signature_base64:string, signed_at:string}}
+ * @returns {{algorithm:'Ed25519', signature_base64:string}}
  */
 function signCanonicalManifest(manifest, privateKey) {
   const bytes = canonicalManifestBytes(manifest);
@@ -356,7 +365,6 @@ function signCanonicalManifest(manifest, privateKey) {
   return {
     algorithm: 'Ed25519',
     signature_base64: sig.toString('base64'),
-    signed_at: new Date().toISOString(),
   };
 }

package/lib/verify.js CHANGED Viewed

@@ -164,10 +164,17 @@ function signAll() {
   const manifestSig = crypto.sign(null, canonical, {
     key: privateKey, dsaEncoding: 'ieee-p1363',
   });
+  // Audit O P1-A: `signed_at` is intentionally OMITTED. The previous shape
+  // emitted a `signed_at` timestamp alongside the Ed25519 signature, but
+  // `signed_at` was stripped from the canonical bytes before signing — so
+  // an attacker could replay a known-valid signature against the same
+  // canonical content while rewriting `signed_at` to any value, lending
+  // false freshness authority to a stale signature. Operators who need
+  // freshness signal should consult the git-log mtime of manifest.json
+  // (or the npm publish timestamp), which are external to the signed bytes.
   manifest.manifest_signature = {
     algorithm: 'Ed25519',
     signature_base64: manifestSig.toString('base64'),
-    signed_at: new Date().toISOString(),
   };
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
@@ -340,8 +347,16 @@ function verifyManifestSignature(manifest) {
   if (typeof sig.signature_base64 !== 'string') {
     return { status: 'invalid', reason: 'manifest_signature.signature_base64 missing or not a string' };
   }
-  if (sig.algorithm && sig.algorithm !== 'Ed25519') {
-    return { status: 'invalid', reason: `unsupported manifest_signature.algorithm: ${sig.algorithm}` };
+  // Audit O P1-E: require the algorithm field to be present and exactly
+  // 'Ed25519'. The previous form accepted a missing algorithm field
+  // (`if (sig.algorithm && sig.algorithm !== 'Ed25519')`) which let a
+  // future downgrade attacker drop the field to bait a weaker default.
+  // lib/sign.js always writes the field, so no legitimate consumer breaks.
+  if (sig.algorithm !== 'Ed25519') {
+    return {
+      status: 'invalid',
+      reason: `manifest_signature.algorithm must be exactly 'Ed25519' (got ${JSON.stringify(sig.algorithm)})`,
+    };
   }
   const publicKey = loadPublicKey();
   if (!publicKey) {
@@ -407,7 +422,14 @@ function loadManifestValidated() {
     throw new Error(`[verify] manifest_signature verification FAILED — ${sigResult.reason}. The manifest has been modified (or signed with a different key) since last sign-all. Refusing to verify any skill against this manifest.`);
   }
   if (sigResult.status === 'missing') {
-    console.warn('[verify] WARN: manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.');
+    // Audit O P1-D: dedupe the legacy-tarball warning. Many CLI verbs
+    // call loadManifestValidated() more than once per invocation; the
+    // previous console.warn spammed stderr per call. Node's emitWarning()
+    // with a stable `code` collapses repeated emissions automatically.
+    process.emitWarning(
+      'manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.',
+      { code: 'EXCEPTD_MANIFEST_UNSIGNED' }
+    );
   } else if (sigResult.status === 'no-key') {
     // Surfaced separately so the warning matches the missing-key path
     // that verifyAll() already handles — don't fail here, the verifyAll

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.18",
+  "version": "0.12.20",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -52,7 +52,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "GedX81xfe2Y/oIVTEvakZUcSPFccqsDjBibE+KbiiHezAx2EvCS4AOjlx4TO7F0iuC47G/wvOc12kMYe9iHtDw==",
-      "signed_at": "2026-05-14T19:29:43.828Z",
+      "signed_at": "2026-05-14T21:23:13.037Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -116,7 +116,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Rz5jS554rDryT6FPVZy0PwHMCYoJQQhhNDNI9rvOptjDbsnnKtZkpVXlKke5OKmLu5fHEBaNPg856qMIZFq+Ag==",
-      "signed_at": "2026-05-14T19:29:43.829Z",
+      "signed_at": "2026-05-14T21:23:13.039Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -179,7 +179,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "goSMEVE6QbfcdqCEgq324TNy6rZ2mWwPA28gMPvojy8ZzGFng87hLdyvKhDMo4S3KTK1D6CaTBksAzZw4Go8Cg==",
-      "signed_at": "2026-05-14T19:29:43.830Z",
+      "signed_at": "2026-05-14T21:23:13.039Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -225,7 +225,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "XFQO+fdOb388MLxMLoTqjOHhmV/PBOPKH0nZTp5NY4uzk5iUTo6G2T/IrgZGV7/CvsuvOvaXWP8+BDllXzOpDw==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signed_at": "2026-05-14T21:23:13.040Z"
     },
     {
       "name": "compliance-theater",
@@ -256,7 +256,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "1UD9hHv44RWc1GSvN99pmxk26xaHLC74EbJ1ndn5Sptgd7w2rU9QznqCKf7Qc18uRyNEFhqW3jHvEs9c/XgrAw==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signed_at": "2026-05-14T21:23:13.040Z"
     },
     {
       "name": "exploit-scoring",
@@ -285,7 +285,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "4tt6UuIkq/Mi8zMhO5cydYlXyG7jKxF2MFBC34Q6Q5l3FHPhhqrL5HLOB4WFgVmq27wBbD6AgUu2czVnKa5MDQ==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signed_at": "2026-05-14T21:23:13.041Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -322,7 +322,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "4mstnPFMNhiorB7iEwqb7Jh+OCG79Mhqt2h/RwL5JbnAIPBi0Fcv0JBhQ5msEaHO4gNnpcBrdMfiDxLDwetZCw==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T21:23:13.041Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -379,7 +379,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "FjdIy9NqQpSSMhIbyv5WhnJKrVLhO98iBfQ0AHqXw6yqXdVoWucyr729Jwhelq40oAkiBzbXi9RoVo63DHJwDw==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T21:23:13.041Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -414,7 +414,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T21:23:13.041Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -442,7 +442,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xwlad/p5XlICc76KqrdWpEpBgwx1D87oM5qlccRQ5LKC/o0pr8vQ8LN3WLiiziBChplwNbruiIN6UETniZpjCg==",
-      "signed_at": "2026-05-14T19:29:43.833Z"
+      "signed_at": "2026-05-14T21:23:13.042Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
-      "signed_at": "2026-05-14T19:29:43.834Z"
+      "signed_at": "2026-05-14T21:23:13.043Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -501,7 +501,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "pKv1b8JAj1ldwR2KGccvjUKqlor2KNXXzxkKypkv+4O8WbqY7v8fWlbFe1F36OJrL2xYJdnZL5mJzqjYVHLRCg==",
-      "signed_at": "2026-05-14T19:29:43.834Z"
+      "signed_at": "2026-05-14T21:23:13.043Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
-      "signed_at": "2026-05-14T19:29:43.834Z",
+      "signed_at": "2026-05-14T21:23:13.043Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -600,7 +600,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "UayHLLWXAkhnLPaPRsgDpAyE8FGk1tuG1/DYyhw84Uv4tfCKXMamsAhXHOyMIosQfsJq5ZHYVXZz0bYNpnlvDw==",
-      "signed_at": "2026-05-14T19:29:43.835Z"
+      "signed_at": "2026-05-14T21:23:13.044Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -637,7 +637,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
-      "signed_at": "2026-05-14T19:29:43.835Z",
+      "signed_at": "2026-05-14T21:23:13.044Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -672,7 +672,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
-      "signed_at": "2026-05-14T19:29:43.835Z"
+      "signed_at": "2026-05-14T21:23:13.044Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "rh+/cr+wTcEmBwrGscBni/jXpxjjYP91pUKDFIGkahZpw+nghCM/3aLKFf5RFRnl3JKTyBRywIrYhUH1YuSlDw==",
-      "signed_at": "2026-05-14T19:29:43.836Z"
+      "signed_at": "2026-05-14T21:23:13.044Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-14T19:29:43.836Z"
+      "signed_at": "2026-05-14T21:23:13.045Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "/BCBGUVjGs1RZzqXfElxBWB8UoD4+MY2G1YekdWsTDbMcHvt3NZJf0/JcqdYHOsEhFQ21NEz3w3+6tmQ8htKDw==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T21:23:13.045Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "mySOkGScsNPtEZcHg42EKcvUSBzADIB9mSlNe0L1yPllrB/83ypBj6cCERRw9ql+rtrNxapyc6Do+nCz7E5rDg==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T21:23:13.045Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T21:23:13.046Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T21:23:13.046Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T21:23:13.046Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T21:23:13.047Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signed_at": "2026-05-14T21:23:13.047Z"
     },
     {
       "name": "webapp-security",
@@ -1311,7 +1311,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "csC9KRA3ExCSK77+UF6gj0OFPPZzOvuPxQtKEoaUZmLvn3V37My4IpbUjXAN2ZavTHqyFG9yQNfq3ELZeSJ7Cg==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signed_at": "2026-05-14T21:23:13.047Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "P2D++lB5hea3oi2vl9mf8C7N+E7zASoqt1v4tjKxtaTeb+U0UARgMOaZsoK/sO9TT/PG/au14Rl4EFxv+Xi1BA==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signed_at": "2026-05-14T21:23:13.048Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
-      "signed_at": "2026-05-14T19:29:43.840Z"
+      "signed_at": "2026-05-14T21:23:13.048Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "4IUJePr6XbE1Ns+cPvEFAVgrwdHLImuxdPYiilurxM2SmJym1itRC1prFMcuT6Kh6e1clYXwlzflcKm/eikyDA==",
-      "signed_at": "2026-05-14T19:29:43.840Z"
+      "signed_at": "2026-05-14T21:23:13.048Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
-      "signed_at": "2026-05-14T19:29:43.841Z"
+      "signed_at": "2026-05-14T21:23:13.049Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
-      "signed_at": "2026-05-14T19:29:43.841Z"
+      "signed_at": "2026-05-14T21:23:13.049Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ad1pHD4QQ8uXkhrzqLuWgnDpESOapzx3qGFchU9rxiX1aeLQkYKwpDzqIItFq82B5xjNsW7g5jXlF1sgK2HmCA==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T21:23:13.050Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T21:23:13.051Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "4easZDYn25XK4E9MRnwnZohG3xdYMmOLlPznNVmr1ykNfB+343+ooj+R0quG8uEV/IqbTQpR1ink35K6jCghCg==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T21:23:13.051Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "chbPWzjfx92OjEAwMIm+J4GObxy8uwTahNBvbhMfYL7vTAJe/lf2BaW8wUpchpMIwYL0985A/+WykH8zmk/DBA==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T21:23:13.051Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "3V7kvM5cxXdCBoMnjvOoTvT3zD+/yZEBHYgiunYQe8tBm+vVnS4jCz1Nzv/ymePIfbYDo/PlzKeGTWStSsGiAg==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T21:23:13.052Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T21:23:13.052Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,12 +2102,11 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
-      "signed_at": "2026-05-14T19:29:43.844Z"
+      "signed_at": "2026-05-14T21:23:13.053Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "TD/DHSjapE7OQbmJ7a4GMh+35vcyhWvyQU0kjXZZWByNZJsvUDPlyYy0bEiz6/BylGv0QLpTsT0iQWHGPu5ECA==",
-    "signed_at": "2026-05-14T19:29:43.845Z"
+    "signature_base64": "Ql9tfxW2Qoi/Zjfhwgm0o2TrefcyaOusalb9vMbfwhHPiNlAsPwDs5iFXA4oI3ZwNJ72GE2FY54Wtmq/QU7cDA=="
   }
 }

package/orchestrator/scheduler.js CHANGED Viewed

@@ -118,6 +118,16 @@ function _shouldBootstrapFire(key, intervalMs) {
  * @returns {Function}          Call to stop further firings.
  */
 function scheduleEvery(intervalMs, handler) {
+  // T P1-4: lower-bound guard. v0.12.12 added the INT32 overflow clamp
+  // (upper bound) but never asserted intervalMs > 0. `scheduleEvery(0, fn)`
+  // would set a 0ms interval that fires ~10k times per second; negatives
+  // (-100) coerce the same way and NaN drives setInterval into a 1ms tick.
+  // All three exhaust the event loop. Refuse the call rather than silently
+  // floor — the scheduler is a long-lived primitive and a footgun here
+  // poisons every periodic task in the watcher.
+  if (!Number.isFinite(intervalMs) || intervalMs <= 0) {
+    throw new RangeError(`scheduleEvery: intervalMs must be a positive finite number, got ${intervalMs}`);
+  }
   const startedAt = Date.now();
   let lastFired = startedAt;
   const tick = () => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.18",
+  "version": "0.12.20",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:f814e8e0-7189-4a08-8117-b35a35ae4f30",
+  "serialNumber": "urn:uuid:4ae17d1f-ac0e-41e3-95eb-0b58ced8b08d",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-14T19:29:45.003Z",
+    "timestamp": "2026-05-14T21:23:13.962Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.18",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.20",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.18",
+      "version": "0.12.20",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.18",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.20",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.18"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.20"
         },
         {
           "type": "vcs",

package/scripts/predeploy.js CHANGED Viewed

@@ -177,6 +177,11 @@ const GATES = [
     args: [path.join(ROOT, "lib", "validate-playbooks.js")],
     ciJobName: "Validate playbooks",
     informational: true,
+    // audit Y F30: cap informational acceptance at exit 1 so a CRASH (137 OOM,
+    // 139 SIGSEGV, 134 SIGABRT, etc.) surfaces as a real failure instead of
+    // being absorbed under the informational bucket. Matches the
+    // forward-watch gate (line ~111) which already pins the same ceiling.
+    informationalMaxExitCode: 1,
   },
 ];