@blamejs/exceptd-skills 0.12.18 → 0.12.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +224 -52
  2. package/README.md +1 -1
  3. package/bin/exceptd.js +841 -68
  4. package/data/_indexes/_meta.json +14 -14
  5. package/data/_indexes/activity-feed.json +3 -3
  6. package/data/_indexes/catalog-summaries.json +3 -3
  7. package/data/_indexes/chains.json +15 -0
  8. package/data/_indexes/jurisdiction-map.json +3 -2
  9. package/data/_indexes/section-offsets.json +175 -175
  10. package/data/_indexes/summary-cards.json +1 -1
  11. package/data/_indexes/token-budget.json +83 -83
  12. package/data/cve-catalog.json +169 -2
  13. package/data/exploit-availability.json +16 -0
  14. package/data/playbooks/ai-api.json +20 -1
  15. package/data/playbooks/containers.json +30 -0
  16. package/data/playbooks/cred-stores.json +18 -0
  17. package/data/playbooks/crypto.json +18 -0
  18. package/data/playbooks/hardening.json +26 -1
  19. package/data/playbooks/kernel.json +22 -2
  20. package/data/playbooks/mcp.json +18 -0
  21. package/data/playbooks/runtime.json +20 -1
  22. package/data/playbooks/sbom.json +18 -0
  23. package/data/playbooks/secrets.json +6 -0
  24. package/data/zeroday-lessons.json +102 -0
  25. package/lib/auto-discovery.js +68 -15
  26. package/lib/cross-ref-api.js +43 -10
  27. package/lib/cve-curation.js +4 -4
  28. package/lib/playbook-runner.js +545 -63
  29. package/lib/prefetch.js +65 -18
  30. package/lib/refresh-external.js +40 -2
  31. package/lib/refresh-network.js +100 -12
  32. package/lib/scoring.js +22 -13
  33. package/lib/sign.js +14 -6
  34. package/lib/validate-catalog-meta.js +1 -1
  35. package/lib/validate-indexes.js +2 -2
  36. package/lib/verify.js +51 -10
  37. package/manifest.json +47 -48
  38. package/orchestrator/scheduler.js +10 -0
  39. package/package.json +1 -1
  40. package/sbom.cdx.json +6 -6
  41. package/scripts/check-manifest-snapshot.js +1 -1
  42. package/scripts/check-sbom-currency.js +1 -1
  43. package/scripts/predeploy.js +10 -5
  44. package/scripts/refresh-manifest-snapshot.js +2 -2
  45. package/scripts/validate-vendor-online.js +1 -1
  46. package/scripts/verify-shipped-tarball.js +94 -6
  47. package/skills/compliance-theater/skill.md +4 -1
  48. package/skills/exploit-scoring/skill.md +20 -1
  49. package/skills/framework-gap-analysis/skill.md +6 -2
  50. package/skills/kernel-lpe-triage/skill.md +50 -3
  51. package/skills/threat-model-currency/skill.md +6 -4
  52. package/skills/webapp-security/skill.md +1 -1
  53. package/skills/zeroday-gap-learn/skill.md +44 -1
package/data/_indexes/_meta.json CHANGED
@@ -1,33 +1,33 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-14T19:30:40.635Z",
3
+ "generated_at": "2026-05-14T23:57:30.181Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 50,
6
6
  "source_hashes": {
7
- "manifest.json": "c0edebf10be0a638970d4e9e4c95459815f0226fc69276d1c965a71fa39b324f",
7
+ "manifest.json": "4b198eb657d469f7e3662489fdbb1de0938de8436064413c981ebbd442555f12",
8
8
  "data/atlas-ttps.json": "20339e0ae3cd89c06f1385be31c50f408f827edc2e8ab8aef026ade3bcf0a917",
9
9
  "data/attack-techniques.json": "6db08a8e8a4d03d9309b1d185112de7f3c9595d2cd3d24566b7ce0b3b8aa5d1a",
10
- "data/cve-catalog.json": "6e198d414a3a86dcae93ef36a2b1978734d0b1224fa66ba5184819ea0e3fb49f",
10
+ "data/cve-catalog.json": "7936ba3c8f27156235bf327830e8f1a684658865e97f089aed98b2a7cdbb88ef",
11
11
  "data/cwe-catalog.json": "19893d2a7139d86ff3fcf296b0e6cda10e357727a1d1ffb56af282104e99157a",
12
12
  "data/d3fend-catalog.json": "d219520c8d3eb61a270b25ea60f64721035e98a8d5d51d1a4e1f1140d9a586f9",
13
13
  "data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
14
- "data/exploit-availability.json": "24352ffa23c9f319624452497d9dcfc5c0a1d16255ad9557990acb4652ec5e1f",
14
+ "data/exploit-availability.json": "4875c20756731f5608efd76c591a47794a97d4528ad8a903f0925aa92d26d08a",
15
15
  "data/framework-control-gaps.json": "182417e662e36cd75a4c74f91c650131b58067fc412878094ff71eff3c1053cb",
16
16
  "data/global-frameworks.json": "84fd19061f052e4ccf66308a7b8d3fd38e00325e97e9e5e19e4d9b302c128957",
17
17
  "data/rfc-references.json": "c0b684e586269bdb6864c55ae0e802742c6c103e81c7fff1613796bd460e727b",
18
- "data/zeroday-lessons.json": "d670e73dfd5237ceb71a56326676d90c05387b9547f8ed6f3a60a153854b444b",
19
- "skills/kernel-lpe-triage/skill.md": "1da5a85a8728768055cba2e19f5c1a6cbb568a3dd49985a2cf1cf381f6ee30b0",
18
+ "data/zeroday-lessons.json": "3925954a2abae0e7331b17690839d230041e9dc0c1efb14770e3fc0e3b0ce00b",
19
+ "skills/kernel-lpe-triage/skill.md": "dd0a10ef35ba63bbf1ce7e4c1c41c97ab7d6ac00c0c862907bf67fc54989a00c",
20
20
  "skills/ai-attack-surface/skill.md": "922a36632ebb6026c97369168046972f9cd6e634c09fcb97facc830bebe25558",
21
21
  "skills/mcp-agent-trust/skill.md": "c604074050a75c401d50d2d495129022ab4bd2fd5c1ca66bb648c26bc9bde301",
22
- "skills/framework-gap-analysis/skill.md": "9add77ac4dd7d36090bae81d19d3be2b55ed9753dce75f176a7e7d205e2afd12",
23
- "skills/compliance-theater/skill.md": "7c319cf78946d213eef6be9a1582c0f24658428ea7fddd0bd14ac81e6fa1f2fa",
24
- "skills/exploit-scoring/skill.md": "f0e71ad7d9597088001b625e8b1ae18d936c527f48e9c12bacdbfbb8580444b6",
22
+ "skills/framework-gap-analysis/skill.md": "573a097ceb4c952fe7ab3db765c942d06cc8e90f7cda3c42928db35cdcd7cf7b",
23
+ "skills/compliance-theater/skill.md": "367cde42553dfb59b0cb6e8afb6e88be28ec0ab73682ea3a9d397ca0068753bc",
24
+ "skills/exploit-scoring/skill.md": "25e47862de36e0c832b68c4deaac3ef01bbaf34e190790e6bc30e0a02f32d1f9",
25
25
  "skills/rag-pipeline-security/skill.md": "78f00a39e66f08da2894e28eeedb32137295ca019eba7110ab28282d613a97eb",
26
26
  "skills/ai-c2-detection/skill.md": "095cab9daa072bfabc87152aea1b61ccd6da8f531753b05c181629f04014b5ca",
27
27
  "skills/policy-exception-gen/skill.md": "79db45ba722a6dd9bba25bf84e0b52cf659b56b662193cef80a8273337e41df9",
28
- "skills/threat-model-currency/skill.md": "694dbf0f8ec2d4ffbf893a507d054643620ab2618b56f87ade32f500345ec41b",
28
+ "skills/threat-model-currency/skill.md": "d2b065610ed2f8cdece4f19a95b4e2122c150fc924b7b45fbed17f32a75f3a08",
29
29
  "skills/global-grc/skill.md": "e0487de49679172347653d8c191d1f269193de6f444f6b0c6396d326e45bd72e",
30
- "skills/zeroday-gap-learn/skill.md": "cb11bbbec9fadf152d8f30bded22c40f29d63074a6729cd45a1628ee3cfbb181",
30
+ "skills/zeroday-gap-learn/skill.md": "086df0fe792c80ca864da6917958bf3df7be5ba02df1c5894972a69353306ee6",
31
31
  "skills/pqc-first/skill.md": "a5eb776e1ea3bb422a4c18a3bdf39ad2ec1651b3c25e65c89428ba319141b275",
32
32
  "skills/skill-update-loop/skill.md": "95268eb083a22b164661c14db401f5c57995fdd1ca86b35fb399b0c8419c4273",
33
33
  "skills/security-maturity-tiers/skill.md": "817f0bca44297d03fb206c446fbf3f93aa3a64c309d6ef5efd046e6e47874030",
@@ -41,7 +41,7 @@
41
41
  "skills/ot-ics-security/skill.md": "d239ed497816e00ad14568e9fcca68ffdc7cb0c2a2cbd4960b35fab2065cce31",
42
42
  "skills/coordinated-vuln-disclosure/skill.md": "c96fd2254abf8a29819f8175da85094bea1afe589fecc92abcf1289b30895030",
43
43
  "skills/threat-modeling-methodology/skill.md": "d57d1acc46851d4f1580858c60a90cc20732ca8a5a46da2c50e71c9bdf4cc0b4",
44
- "skills/webapp-security/skill.md": "0e4726311edf96444773d84b8c0842678fe73f7625d415f860bd26fd4568f888",
44
+ "skills/webapp-security/skill.md": "407bd726f7d4e2c21825b4caa5ab489cfc8b56ebab5b90071ea944c6ed0350c5",
45
45
  "skills/ai-risk-management/skill.md": "4c46cce244bf22cf3814fcd8836da3725bc0c44f573846e49039827045096340",
46
46
  "skills/sector-healthcare/skill.md": "97b4486419ab4480266bf2e938564d52bb1cdd70faae09697f695772adf02029",
47
47
  "skills/sector-financial/skill.md": "db728a79cbd2ad149c45b34c0466452df7f4321ca968595042323b23ef7649f4",
@@ -68,13 +68,13 @@
68
68
  "dlp_refs": 0
69
69
  },
70
70
  "trigger_table_entries": 453,
71
- "chains_cve_entries": 8,
71
+ "chains_cve_entries": 9,
72
72
  "chains_cwe_entries": 55,
73
73
  "jurisdictions_indexed": 29,
74
74
  "handoff_dag_nodes": 38,
75
75
  "summary_cards": 38,
76
76
  "section_offsets_skills": 38,
77
- "token_budget_total_approx": 351655,
77
+ "token_budget_total_approx": 355238,
78
78
  "recipes": 8,
79
79
  "jurisdiction_clocks": 29,
80
80
  "did_ladders": 8,
package/data/_indexes/activity-feed.json CHANGED
@@ -27,7 +27,7 @@
27
27
  "artifact": "data/cve-catalog.json",
28
28
  "path": "data/cve-catalog.json",
29
29
  "schema_version": "1.0.0",
30
- "entry_count": 9
30
+ "entry_count": 10
31
31
  },
32
32
  {
33
33
  "date": "2026-05-13",
@@ -51,7 +51,7 @@
51
51
  "artifact": "data/zeroday-lessons.json",
52
52
  "path": "data/zeroday-lessons.json",
53
53
  "schema_version": "1.0.0",
54
- "entry_count": 9
54
+ "entry_count": 10
55
55
  },
56
56
  {
57
57
  "date": "2026-05-11",
@@ -349,7 +349,7 @@
349
349
  "artifact": "data/exploit-availability.json",
350
350
  "path": "data/exploit-availability.json",
351
351
  "schema_version": "1.0.0",
352
- "entry_count": 9
352
+ "entry_count": 10
353
353
  },
354
354
  {
355
355
  "date": "2026-05-01",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 9,
65
+ "entry_count": 10,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -150,7 +150,7 @@
150
150
  "rebuild_after_days": 365,
151
151
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
152
152
  },
153
- "entry_count": 9,
153
+ "entry_count": 10,
154
154
  "sample_keys": [
155
155
  "CVE-2025-53773",
156
156
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 9,
241
+ "entry_count": 10,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",
package/data/_indexes/chains.json CHANGED
@@ -1819,6 +1819,21 @@
1819
1819
  "rfc_refs": []
1820
1820
  }
1821
1821
  },
1822
+ "CVE-2026-46300": {
1823
+ "name": "Fragnesia",
1824
+ "rwep": 20,
1825
+ "cvss": 7.8,
1826
+ "cisa_kev": false,
1827
+ "referencing_skills": [],
1828
+ "chain": {
1829
+ "cwes": [],
1830
+ "atlas": [],
1831
+ "d3fend": [],
1832
+ "framework_gaps": [],
1833
+ "attack_refs": [],
1834
+ "rfc_refs": []
1835
+ }
1836
+ },
1822
1837
  "CWE-20": {
1823
1838
  "name": "Improper Input Validation",
1824
1839
  "category": "Validation",
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -79,10 +79,11 @@
79
79
  "supply-chain-integrity",
80
80
  "threat-model-currency",
81
81
  "threat-modeling-methodology",
82
- "webapp-security"
82
+ "webapp-security",
83
+ "zeroday-gap-learn"
83
84
  ],
84
85
  "example_excerpts": {},
85
- "skill_count": 35
86
+ "skill_count": 36
86
87
  },
87
88
  "AU": {
88
89
  "skills": [