@blamejs/exceptd-skills 0.12.18 → 0.12.21

package/lib/verify.js

@@ -69,7 +69,7 @@ const SKILLS_DIR = path.join(ROOT, 'skills');
 const PUBLIC_KEY_PATH = path.join(ROOT, 'keys', 'public.pem');
 const PRIVATE_KEY_PATH = path.join(ROOT, '.keys', 'private.pem');
 const MANIFEST_SCHEMA_PATH = path.join(__dirname, 'schemas', 'manifest.schema.json');
-// Audit G F4 — key-pin file. When present, lib/verify.js compares the live
+// key-pin file. When present, lib/verify.js compares the live
 // public-key fingerprint against the pinned one and fails the verify run
 // if they differ (unless the operator sets KEYS_ROTATED=1). The file format
 // is a single line "SHA256:<base64>" matching the publicKeyFingerprint()
@@ -164,10 +164,17 @@ function signAll() {
   const manifestSig = crypto.sign(null, canonical, {
     key: privateKey, dsaEncoding: 'ieee-p1363',
   });
+  // A: `signed_at` is intentionally OMITTED. The previous shape
+  // emitted a `signed_at` timestamp alongside the Ed25519 signature, but
+  // `signed_at` was stripped from the canonical bytes before signing — so
+  // an attacker could replay a known-valid signature against the same
+  // canonical content while rewriting `signed_at` to any value, lending
+  // false freshness authority to a stale signature. Operators who need
+  // freshness signal should consult the git-log mtime of manifest.json
+  // (or the npm publish timestamp), which are external to the signed bytes.
   manifest.manifest_signature = {
     algorithm: 'Ed25519',
     signature_base64: manifestSig.toString('base64'),
-    signed_at: new Date().toISOString(),
   };
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
@@ -287,7 +294,7 @@ function loadManifest() {
 }
 
 /**
- * Audit I P1-4 — canonical byte form of the manifest.
+ * canonical byte form of the manifest.
  *
  * Mirrors lib/sign.js canonicalManifestBytes(). Any divergence here
  * breaks the verify-after-sign round trip; do not modify in isolation.
@@ -340,13 +347,40 @@ function verifyManifestSignature(manifest) {
   if (typeof sig.signature_base64 !== 'string') {
     return { status: 'invalid', reason: 'manifest_signature.signature_base64 missing or not a string' };
   }
-  if (sig.algorithm && sig.algorithm !== 'Ed25519') {
-    return { status: 'invalid', reason: `unsupported manifest_signature.algorithm: ${sig.algorithm}` };
+  // E: require the algorithm field to be present and exactly
+  // 'Ed25519'. The previous form accepted a missing algorithm field
+  // (`if (sig.algorithm && sig.algorithm !== 'Ed25519')`) which let a
+  // future downgrade attacker drop the field to bait a weaker default.
+  // lib/sign.js always writes the field, so no legitimate consumer breaks.
+  if (sig.algorithm !== 'Ed25519') {
+    return {
+      status: 'invalid',
+      reason: `manifest_signature.algorithm must be exactly 'Ed25519' (got ${JSON.stringify(sig.algorithm)})`,
+    };
   }
   const publicKey = loadPublicKey();
   if (!publicKey) {
     return { status: 'no-key', reason: 'public key missing at keys/public.pem' };
   }
+  // Audit AA P1-3: consult keys/EXPECTED_FINGERPRINT BEFORE crypto.verify so
+  // library callers (refresh-network gate, verify-shipped-tarball gate, tests,
+  // downstream consumers via `require("lib/verify")`) cannot bypass the pin.
+  // Previously the pin only fired at the CLI tail of `node lib/verify.js`,
+  // letting a coordinated attacker who swapped keys/public.pem authenticate
+  // against the attacker key without any divergence surfaced through the
+  // library API. Honors KEYS_ROTATED=1 for legitimate rotations; missing
+  // pin file remains warn-and-continue (legacy compat).
+  const liveFp = publicKeyFingerprint(publicKey);
+  const pinResult = checkExpectedFingerprint(liveFp);
+  if (pinResult.status === 'mismatch' && !pinResult.rotationOverride) {
+    return {
+      status: 'invalid',
+      reason: `fingerprint-mismatch: live=${pinResult.actual} pin=${pinResult.expected} — keys/public.pem does not match keys/EXPECTED_FINGERPRINT. If this is an intentional rotation, set KEYS_ROTATED=1 and update the pin.`,
+      fingerprint_mismatch: true,
+      expected: pinResult.expected,
+      actual: pinResult.actual,
+    };
+  }
   let signatureBytes;
   try {
     signatureBytes = Buffer.from(sig.signature_base64, 'base64');
@@ -374,7 +408,7 @@ function verifyManifestSignature(manifest) {
  * is a fatal-class bug — surface it loudly rather than verify-against-
  * a-corrupt-manifest.
  *
- * Audit I P1-4: also verifies the top-level manifest_signature. On
+ * also verifies the top-level manifest_signature. On
  * invalid signature, throws a structured error blocking all skill
  * verification (a coordinated attacker who rewrote manifest.json +
  * manifest-snapshot.json + manifest-snapshot.sha256 still cannot forge
@@ -399,7 +433,7 @@ function loadManifestValidated() {
   for (const skill of manifest.skills) {
     validateSkillPath(skill.path);
   }
-  // Audit I P1-4 — manifest signature gate. Runs after schema + path
+  // manifest signature gate. Runs after schema + path
   // validation so a malformed manifest reports the structural failure
   // before the cryptographic one.
   const sigResult = verifyManifestSignature(manifest);
@@ -407,7 +441,14 @@ function loadManifestValidated() {
     throw new Error(`[verify] manifest_signature verification FAILED — ${sigResult.reason}. The manifest has been modified (or signed with a different key) since last sign-all. Refusing to verify any skill against this manifest.`);
   }
   if (sigResult.status === 'missing') {
-    console.warn('[verify] WARN: manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.');
+    // D: dedupe the legacy-tarball warning. Many CLI verbs
+    // call loadManifestValidated() more than once per invocation; the
+    // previous console.warn spammed stderr per call. Node's emitWarning()
+    // with a stable `code` collapses repeated emissions automatically.
+    process.emitWarning(
+      'manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.',
+      { code: 'EXCEPTD_MANIFEST_UNSIGNED' }
+    );
   } else if (sigResult.status === 'no-key') {
     // Surfaced separately so the warning matches the missing-key path
     // that verifyAll() already handles — don't fail here, the verifyAll
@@ -540,7 +581,7 @@ function validateAgainstSchema(value, schema, here, root) {
  * @returns {{sha256: string, sha3_512: string}|{error: string}}
  */
 /**
- * Audit G F4 — compare the live public-key fingerprint against the optional
+ * compare the live public-key fingerprint against the optional
  * pinned fingerprint in keys/EXPECTED_FINGERPRINT. Returns one of:
  *   { status: 'no-pin' }      — keys/EXPECTED_FINGERPRINT not present.
  *                               Callers should warn and continue.
@@ -653,7 +694,7 @@ if (require.main === module) {
   console.log(`[verify] ${fp.sha256}`);
   console.log(`[verify] ${fp.sha3_512}`);
 
-  // Audit G F4 — pin check. When keys/EXPECTED_FINGERPRINT exists, the
+  // pin check. When keys/EXPECTED_FINGERPRINT exists, the
   // live fingerprint MUST match it (or KEYS_ROTATED=1 must be set to
   // intentionally override). When the file is absent, emit a single-line
   // warning but continue — fresh clones / bootstrap workflows should not

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.18",
+  "version": "0.12.21",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -51,8 +51,8 @@
         "RFC-7296"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "GedX81xfe2Y/oIVTEvakZUcSPFccqsDjBibE+KbiiHezAx2EvCS4AOjlx4TO7F0iuC47G/wvOc12kMYe9iHtDw==",
-      "signed_at": "2026-05-14T19:29:43.828Z",
+      "signature": "hRGoOFHglwqtRzGDiNxOIFk7QuDvFvUgsCxfGQ8cNB+DUgUFFAwTpbmX2ssP42LzbmT2GXo+h3RKDYQ1TGJdDw==",
+      "signed_at": "2026-05-14T23:57:04.184Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -116,7 +116,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Rz5jS554rDryT6FPVZy0PwHMCYoJQQhhNDNI9rvOptjDbsnnKtZkpVXlKke5OKmLu5fHEBaNPg856qMIZFq+Ag==",
-      "signed_at": "2026-05-14T19:29:43.829Z",
+      "signed_at": "2026-05-14T23:57:04.186Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -179,7 +179,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "goSMEVE6QbfcdqCEgq324TNy6rZ2mWwPA28gMPvojy8ZzGFng87hLdyvKhDMo4S3KTK1D6CaTBksAzZw4Go8Cg==",
-      "signed_at": "2026-05-14T19:29:43.830Z",
+      "signed_at": "2026-05-14T23:57:04.186Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -224,8 +224,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "XFQO+fdOb388MLxMLoTqjOHhmV/PBOPKH0nZTp5NY4uzk5iUTo6G2T/IrgZGV7/CvsuvOvaXWP8+BDllXzOpDw==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signature": "cPRRTsNQT1MYR3cE5O3KdC4MB037EMc0fsMIbOyfOv16sR+DkiXmAhQOjlIC47HngHz3vhLI+rbqItN91VWpBg==",
+      "signed_at": "2026-05-14T23:57:04.187Z"
     },
     {
       "name": "compliance-theater",
@@ -255,8 +255,8 @@
         "CMMC-2.0-Level-2"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "1UD9hHv44RWc1GSvN99pmxk26xaHLC74EbJ1ndn5Sptgd7w2rU9QznqCKf7Qc18uRyNEFhqW3jHvEs9c/XgrAw==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signature": "79NrFMRsqGsipWeE5ETQSVICGO4BjTJYgyir+PSaNVFpkLqLcwZd8Dr1V7iwX0H0fXFL3WpPz35gtrYCEG32BQ==",
+      "signed_at": "2026-05-14T23:57:04.187Z"
     },
     {
       "name": "exploit-scoring",
@@ -284,8 +284,8 @@
         "CIS-Controls-v8-Control7"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "4tt6UuIkq/Mi8zMhO5cydYlXyG7jKxF2MFBC34Q6Q5l3FHPhhqrL5HLOB4WFgVmq27wBbD6AgUu2czVnKa5MDQ==",
-      "signed_at": "2026-05-14T19:29:43.831Z"
+      "signature": "HSU+zjDZBGEVpPARxe0kw//H5Uz5cGrPIKOZWGcJybEl4MgxTsWiQd9qxCyuWoVSRE7mZFO7YwUCn67W0BiODw==",
+      "signed_at": "2026-05-14T23:57:04.187Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -322,7 +322,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "4mstnPFMNhiorB7iEwqb7Jh+OCG79Mhqt2h/RwL5JbnAIPBi0Fcv0JBhQ5msEaHO4gNnpcBrdMfiDxLDwetZCw==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T23:57:04.187Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -379,7 +379,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "FjdIy9NqQpSSMhIbyv5WhnJKrVLhO98iBfQ0AHqXw6yqXdVoWucyr729Jwhelq40oAkiBzbXi9RoVo63DHJwDw==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T23:57:04.188Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -414,7 +414,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
-      "signed_at": "2026-05-14T19:29:43.832Z",
+      "signed_at": "2026-05-14T23:57:04.188Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -441,8 +441,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "xwlad/p5XlICc76KqrdWpEpBgwx1D87oM5qlccRQ5LKC/o0pr8vQ8LN3WLiiziBChplwNbruiIN6UETniZpjCg==",
-      "signed_at": "2026-05-14T19:29:43.833Z"
+      "signature": "rv9X5szGBI8wXyUeDJNsQql9z0OrAggJ9D5pNeQcnkSba8+6hHwoqgYrZt9Wxcm+A9KRXn8curDruP1BoqfKCg==",
+      "signed_at": "2026-05-14T23:57:04.189Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
-      "signed_at": "2026-05-14T19:29:43.834Z"
+      "signed_at": "2026-05-14T23:57:04.189Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -500,8 +500,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "pKv1b8JAj1ldwR2KGccvjUKqlor2KNXXzxkKypkv+4O8WbqY7v8fWlbFe1F36OJrL2xYJdnZL5mJzqjYVHLRCg==",
-      "signed_at": "2026-05-14T19:29:43.834Z"
+      "signature": "OsoKfE75/MJQXdBKXfosPDE701t9kWHRAOx/1iCS/z5FJCWgcUGJJ0IvMbno2BT3O1UB5rL6QDCHK9arRyxLBQ==",
+      "signed_at": "2026-05-14T23:57:04.189Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
-      "signed_at": "2026-05-14T19:29:43.834Z",
+      "signed_at": "2026-05-14T23:57:04.190Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -600,7 +600,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "UayHLLWXAkhnLPaPRsgDpAyE8FGk1tuG1/DYyhw84Uv4tfCKXMamsAhXHOyMIosQfsJq5ZHYVXZz0bYNpnlvDw==",
-      "signed_at": "2026-05-14T19:29:43.835Z"
+      "signed_at": "2026-05-14T23:57:04.190Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -637,7 +637,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
-      "signed_at": "2026-05-14T19:29:43.835Z",
+      "signed_at": "2026-05-14T23:57:04.190Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -672,7 +672,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
-      "signed_at": "2026-05-14T19:29:43.835Z"
+      "signed_at": "2026-05-14T23:57:04.190Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "rh+/cr+wTcEmBwrGscBni/jXpxjjYP91pUKDFIGkahZpw+nghCM/3aLKFf5RFRnl3JKTyBRywIrYhUH1YuSlDw==",
-      "signed_at": "2026-05-14T19:29:43.836Z"
+      "signed_at": "2026-05-14T23:57:04.191Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-14T19:29:43.836Z"
+      "signed_at": "2026-05-14T23:57:04.191Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "/BCBGUVjGs1RZzqXfElxBWB8UoD4+MY2G1YekdWsTDbMcHvt3NZJf0/JcqdYHOsEhFQ21NEz3w3+6tmQ8htKDw==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T23:57:04.191Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "mySOkGScsNPtEZcHg42EKcvUSBzADIB9mSlNe0L1yPllrB/83ypBj6cCERRw9ql+rtrNxapyc6Do+nCz7E5rDg==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T23:57:04.192Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-14T19:29:43.837Z"
+      "signed_at": "2026-05-14T23:57:04.192Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T23:57:04.192Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T23:57:04.192Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
-      "signed_at": "2026-05-14T19:29:43.838Z"
+      "signed_at": "2026-05-14T23:57:04.193Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signed_at": "2026-05-14T23:57:04.193Z"
     },
     {
       "name": "webapp-security",
@@ -1310,8 +1310,8 @@
       ],
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
-      "signature": "csC9KRA3ExCSK77+UF6gj0OFPPZzOvuPxQtKEoaUZmLvn3V37My4IpbUjXAN2ZavTHqyFG9yQNfq3ELZeSJ7Cg==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signature": "CgqHC9W0PUKbTMUR+K2lG/Dq8EAQGBKb07o8IqIDcn5Q9zxiIzE9kJg8AL+zN8z0vTkZSAIv2O+FfErNNkMvBw==",
+      "signed_at": "2026-05-14T23:57:04.193Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "P2D++lB5hea3oi2vl9mf8C7N+E7zASoqt1v4tjKxtaTeb+U0UARgMOaZsoK/sO9TT/PG/au14Rl4EFxv+Xi1BA==",
-      "signed_at": "2026-05-14T19:29:43.839Z"
+      "signed_at": "2026-05-14T23:57:04.194Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
-      "signed_at": "2026-05-14T19:29:43.840Z"
+      "signed_at": "2026-05-14T23:57:04.194Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "4IUJePr6XbE1Ns+cPvEFAVgrwdHLImuxdPYiilurxM2SmJym1itRC1prFMcuT6Kh6e1clYXwlzflcKm/eikyDA==",
-      "signed_at": "2026-05-14T19:29:43.840Z"
+      "signed_at": "2026-05-14T23:57:04.194Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
-      "signed_at": "2026-05-14T19:29:43.841Z"
+      "signed_at": "2026-05-14T23:57:04.195Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
-      "signed_at": "2026-05-14T19:29:43.841Z"
+      "signed_at": "2026-05-14T23:57:04.195Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ad1pHD4QQ8uXkhrzqLuWgnDpESOapzx3qGFchU9rxiX1aeLQkYKwpDzqIItFq82B5xjNsW7g5jXlF1sgK2HmCA==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T23:57:04.195Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T23:57:04.196Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "4easZDYn25XK4E9MRnwnZohG3xdYMmOLlPznNVmr1ykNfB+343+ooj+R0quG8uEV/IqbTQpR1ink35K6jCghCg==",
-      "signed_at": "2026-05-14T19:29:43.842Z"
+      "signed_at": "2026-05-14T23:57:04.196Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "chbPWzjfx92OjEAwMIm+J4GObxy8uwTahNBvbhMfYL7vTAJe/lf2BaW8wUpchpMIwYL0985A/+WykH8zmk/DBA==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T23:57:04.196Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "3V7kvM5cxXdCBoMnjvOoTvT3zD+/yZEBHYgiunYQe8tBm+vVnS4jCz1Nzv/ymePIfbYDo/PlzKeGTWStSsGiAg==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T23:57:04.197Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
-      "signed_at": "2026-05-14T19:29:43.843Z"
+      "signed_at": "2026-05-14T23:57:04.197Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,12 +2102,11 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
-      "signed_at": "2026-05-14T19:29:43.844Z"
+      "signed_at": "2026-05-14T23:57:04.197Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "TD/DHSjapE7OQbmJ7a4GMh+35vcyhWvyQU0kjXZZWByNZJsvUDPlyYy0bEiz6/BylGv0QLpTsT0iQWHGPu5ECA==",
-    "signed_at": "2026-05-14T19:29:43.845Z"
+    "signature_base64": "8zqrSSwm1fHukbJDBK64IiB3r4BSgeZ+tvak2G4e0FW6+bNHxBjBSN4TqJpqgbi61nairWr/J+w/5ONeOY/AAA=="
   }
 }

package/orchestrator/scheduler.js

@@ -118,6 +118,16 @@ function _shouldBootstrapFire(key, intervalMs) {
  * @returns {Function}          Call to stop further firings.
  */
 function scheduleEvery(intervalMs, handler) {
+  // T P1-4: lower-bound guard. v0.12.12 added the INT32 overflow clamp
+  // (upper bound) but never asserted intervalMs > 0. `scheduleEvery(0, fn)`
+  // would set a 0ms interval that fires ~10k times per second; negatives
+  // (-100) coerce the same way and NaN drives setInterval into a 1ms tick.
+  // All three exhaust the event loop. Refuse the call rather than silently
+  // floor — the scheduler is a long-lived primitive and a footgun here
+  // poisons every periodic task in the watcher.
+  if (!Number.isFinite(intervalMs) || intervalMs <= 0) {
+    throw new RangeError(`scheduleEvery: intervalMs must be a positive finite number, got ${intervalMs}`);
+  }
   const startedAt = Date.now();
   let lastFired = startedAt;
   const tick = () => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.18",
+  "version": "0.12.21",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:f814e8e0-7189-4a08-8117-b35a35ae4f30",
+  "serialNumber": "urn:uuid:9b2c309b-26dc-4004-bb62-3482296207da",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-14T19:29:45.003Z",
+    "timestamp": "2026-05-14T23:57:05.072Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.18",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.21",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.18",
+      "version": "0.12.21",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.18",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.21",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.18"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.21"
         },
         {
           "type": "vcs",

package/scripts/check-manifest-snapshot.js

@@ -190,7 +190,7 @@ if (require.main === module) {
       process.exit(2);
     }
 
-    // Audit G F23 — when manifest-snapshot.sha256 is present, validate that
+    // when manifest-snapshot.sha256 is present, validate that
     // the on-disk snapshot still hashes to the recorded value. Catches a
     // hand-edit of manifest-snapshot.json that bypassed refresh-manifest-
     // snapshot.js (so the F5 commit-only guard never had a chance to fire).

package/scripts/check-sbom-currency.js

@@ -63,7 +63,7 @@ function checkSbomCurrency(root) {
     errors.push("SBOM is not CycloneDX 1.6");
   }
 
-  // Audit G F2 — component-level cross-check. A renamed or version-bumped
+  // component-level cross-check. A renamed or version-bumped
   // skill that never made it into the SBOM refresh will pass the count
   // check (the cardinality is unchanged) but the per-component name +
   // version comparison surfaces it. Two component classes are recognised:

package/scripts/predeploy.js

@@ -20,7 +20,7 @@
  * in .github/workflows/ci.yml. Test coverage in tests/predeploy.test.js
  * asserts the two stay in sync.
  *
- * Audit G F5 — when the manifest-snapshot gate fails, the fix is NOT to
+ * when the manifest-snapshot gate fails, the fix is NOT to
  * run `npm run refresh-snapshot` blindly. The refresh script now refuses
  * unless the operator passes `--commit-only` or sets
  * EXCEPTD_SNAPSHOT_AUDIT_ACK=1. This is intentional: a failing snapshot
@@ -71,7 +71,7 @@ const GATES = [
     args: [path.join(ROOT, "lib", "validate-cve-catalog.js")],
     ciJobName: "Data integrity (catalog + manifest snapshot)",
   },
-  // Audit G F13 — the "validate-cves --offline --no-fail" and
+  // the "validate-cves --offline --no-fail" and
   // "validate-rfcs --offline --no-fail" gates were enumeration-only sanity
   // checks: `--no-fail` forced them to always exit 0, so they never blocked
   // a release on a real catalog problem. The deep catalog validation is
@@ -94,7 +94,7 @@ const GATES = [
   },
   {
     // Informational — surfaces the forward_watch horizon across all skills.
-    // Audit G F12: an exit code of 0 means "ok", 1 means "items present
+    // an exit code of 0 means "ok", 1 means "items present
     // (informational)", 2+ means a runtime error in the gate itself.
     // The runner now distinguishes the two: 0/1 stay informational, 2+
     // surface as a real failure. Pre-fix, any non-zero exit was rolled up
@@ -177,6 +177,11 @@ const GATES = [
     args: [path.join(ROOT, "lib", "validate-playbooks.js")],
     ciJobName: "Validate playbooks",
     informational: true,
+    // cap informational acceptance at exit 1 so a CRASH (137 OOM,
+    // 139 SIGSEGV, 134 SIGABRT, etc.) surfaces as a real failure instead of
+    // being absorbed under the informational bucket. Matches the
+    // forward-watch gate (line ~111) which already pins the same ceiling.
+    informationalMaxExitCode: 1,
   },
 ];
 
@@ -193,7 +198,7 @@ function runGate(gate) {
     }
   }
   const t0 = Date.now();
-  // Audit G F21 — spawn the child with piped stdio + tee to the parent so we
+  // spawn the child with piped stdio + tee to the parent so we
   // can count `WARN ` lines for the summary table. We still want the live
   // output, so each chunk is forwarded as it arrives.
   const { spawnSync } = require("child_process");
@@ -217,7 +222,7 @@ function runGate(gate) {
   if (r.status === 0) {
     return { status: "passed", durationMs, warnCount };
   }
-  // Audit G F12 — gates may declare informationalMaxExitCode to distinguish
+  // gates may declare informationalMaxExitCode to distinguish
   // "soft signal" (exit codes 0..N) from "crash" (> N). Default behaviour
   // for an informational gate without that field stays the same.
   if (gate.informational) {

package/scripts/refresh-manifest-snapshot.js

@@ -11,7 +11,7 @@
  * blindly — read the breaking-change list first. A breaking change is
  * a surface narrowing every downstream consumer needs to know about.
  *
- * Audit G F5 — commitOnly mode. Pass `--commit-only` (or set the env
+ * commitOnly mode. Pass `--commit-only` (or set the env
  * EXCEPTD_SNAPSHOT_AUDIT_ACK=1) to acknowledge that the operator
  * deliberately wants to overwrite the committed snapshot. When neither
  * flag nor env is set AND the snapshot would actually change, the
@@ -98,7 +98,7 @@ fs.writeFileSync(SNAPSHOT_PATH, newJson, "utf8");
 console.log(`[refresh-manifest-snapshot] wrote ${snapshot.skill_count} skills to manifest-snapshot.json`);
 console.log("[refresh-manifest-snapshot] commit this file alongside the surface change.");
 
-// Audit G F23 — write a tracked SHA-256 of the snapshot so the
+// write a tracked SHA-256 of the snapshot so the
 // check-manifest-snapshot.js gate can verify integrity (no hand edits
 // after refresh).
 const crypto = require("crypto");