npm - @blamejs/exceptd-skills - Versions diffs - 0.12.23 → 0.12.25 - Mend

@blamejs/exceptd-skills 0.12.23 → 0.12.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/AGENTS.md +12 -4
package/CHANGELOG.md +190 -3
package/README.md +14 -1
package/bin/exceptd.js +584 -166
package/data/_indexes/_meta.json +31 -31
package/data/_indexes/activity-feed.json +45 -45
package/data/_indexes/catalog-summaries.json +19 -19
package/data/_indexes/chains.json +320 -0
package/data/_indexes/currency.json +9 -9
package/data/_indexes/frequency.json +39 -2
package/data/_indexes/jurisdiction-clocks.json +2 -2
package/data/_indexes/jurisdiction-map.json +3 -1
package/data/_indexes/section-offsets.json +396 -396
package/data/_indexes/summary-cards.json +3 -3
package/data/_indexes/token-budget.json +73 -73
package/data/atlas-ttps.json +491 -19
package/data/attack-techniques.json +198 -84
package/data/cve-catalog.json +1309 -9
package/data/exploit-availability.json +300 -10
package/data/framework-control-gaps.json +395 -1
package/data/global-frameworks.json +44 -19
package/data/playbooks/containers.json +1 -1
package/data/playbooks/crypto-codebase.json +1 -1
package/data/playbooks/framework.json +1 -1
package/data/playbooks/hardening.json +1 -1
package/data/playbooks/library-author.json +1 -1
package/data/playbooks/secrets.json +25 -1
package/data/rfc-references.json +93 -1
package/data/zeroday-lessons.json +475 -13
package/lib/auto-discovery.js +26 -2
package/lib/exit-codes.js +72 -0
package/lib/flag-suggest.js +130 -0
package/lib/id-validation.js +95 -0
package/lib/lint-skills.js +68 -1
package/lib/playbook-runner.js +321 -46
package/lib/prefetch.js +113 -0
package/lib/refresh-external.js +190 -8
package/lib/refresh-network.js +35 -8
package/lib/schemas/cve-catalog.schema.json +31 -4
package/lib/schemas/playbook.schema.json +51 -0
package/lib/scoring.js +41 -0
package/lib/upstream-check-cli.js +16 -1
package/lib/upstream-check.js +9 -0
package/lib/verify.js +20 -4
package/manifest-snapshot.json +1 -1
package/manifest-snapshot.sha256 +1 -1
package/manifest.json +59 -59
package/package.json +8 -2
package/sbom.cdx.json +6 -6
package/scripts/check-test-coverage.js +67 -0
package/scripts/verify-shipped-tarball.js +9 -0
package/skills/ai-attack-surface/skill.md +11 -2
package/skills/ai-c2-detection/skill.md +3 -1
package/skills/ai-risk-management/skill.md +3 -1
package/skills/api-security/skill.md +4 -0
package/skills/attack-surface-pentest/skill.md +1 -0
package/skills/container-runtime-security/skill.md +3 -1
package/skills/dlp-gap-analysis/skill.md +1 -1
package/skills/exploit-scoring/skill.md +2 -2
package/skills/incident-response-playbook/skill.md +1 -1
package/skills/kernel-lpe-triage/skill.md +6 -1
package/skills/mcp-agent-trust/skill.md +7 -2
package/skills/mlops-security/skill.md +1 -1
package/skills/rag-pipeline-security/skill.md +4 -2
package/skills/sector-financial/skill.md +1 -1
package/skills/skill-update-loop/skill.md +1 -1
package/skills/supply-chain-integrity/skill.md +3 -1
package/skills/threat-model-currency/skill.md +1 -1
package/skills/webapp-security/skill.md +2 -0
package/skills/zeroday-gap-learn/skill.md +2 -2

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,57 +1,57 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-15T14:25:49.905Z",
+  "generated_at": "2026-05-15T21:42:12.284Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 50,
   "source_hashes": {
-    "manifest.json": "6fda2187c6d4dfbc333a711cea0991d59c459ded1ed5005126a8c555b9e77cf2",
-    "data/atlas-ttps.json": "20339e0ae3cd89c06f1385be31c50f408f827edc2e8ab8aef026ade3bcf0a917",
-    "data/attack-techniques.json": "6db08a8e8a4d03d9309b1d185112de7f3c9595d2cd3d24566b7ce0b3b8aa5d1a",
-    "data/cve-catalog.json": "7936ba3c8f27156235bf327830e8f1a684658865e97f089aed98b2a7cdbb88ef",
+    "manifest.json": "f239465cd6c7d357bc185eef6457023de3433c8e9d07feb0008319915d142cd0",
+    "data/atlas-ttps.json": "f3d3ecb459ef5fb0d2c8339cd37072e1367a08d5a2fdef3d92c892a4b52dab97",
+    "data/attack-techniques.json": "6b45448aa42cc6664376c93da73356624708e935c12589ee8c776a10215bce3a",
+    "data/cve-catalog.json": "a2acad16f5e3856b07019fa00110e9dcb38ec5cc71b318d0e164bfcba7f4f644",
     "data/cwe-catalog.json": "19893d2a7139d86ff3fcf296b0e6cda10e357727a1d1ffb56af282104e99157a",
     "data/d3fend-catalog.json": "d219520c8d3eb61a270b25ea60f64721035e98a8d5d51d1a4e1f1140d9a586f9",
     "data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
-    "data/exploit-availability.json": "4875c20756731f5608efd76c591a47794a97d4528ad8a903f0925aa92d26d08a",
-    "data/framework-control-gaps.json": "182417e662e36cd75a4c74f91c650131b58067fc412878094ff71eff3c1053cb",
-    "data/global-frameworks.json": "84fd19061f052e4ccf66308a7b8d3fd38e00325e97e9e5e19e4d9b302c128957",
-    "data/rfc-references.json": "c0b684e586269bdb6864c55ae0e802742c6c103e81c7fff1613796bd460e727b",
-    "data/zeroday-lessons.json": "3925954a2abae0e7331b17690839d230041e9dc0c1efb14770e3fc0e3b0ce00b",
-    "skills/kernel-lpe-triage/skill.md": "dd0a10ef35ba63bbf1ce7e4c1c41c97ab7d6ac00c0c862907bf67fc54989a00c",
-    "skills/ai-attack-surface/skill.md": "922a36632ebb6026c97369168046972f9cd6e634c09fcb97facc830bebe25558",
-    "skills/mcp-agent-trust/skill.md": "c604074050a75c401d50d2d495129022ab4bd2fd5c1ca66bb648c26bc9bde301",
+    "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
+    "data/framework-control-gaps.json": "8fb42b8a1503bda7d24bc48e34c5e26c425f5985767853ed1e1b8b3a5318369e",
+    "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
+    "data/rfc-references.json": "e88c1517f0ffc45c27bc5805c01de87994b9e65b54071699b3d7cb5832b82c7a",
+    "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
+    "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
+    "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
+    "skills/mcp-agent-trust/skill.md": "3cec1dce668deec44cb7330e165e89cee8379dd90833519004d566baf72c038c",
     "skills/framework-gap-analysis/skill.md": "573a097ceb4c952fe7ab3db765c942d06cc8e90f7cda3c42928db35cdcd7cf7b",
     "skills/compliance-theater/skill.md": "367cde42553dfb59b0cb6e8afb6e88be28ec0ab73682ea3a9d397ca0068753bc",
-    "skills/exploit-scoring/skill.md": "25e47862de36e0c832b68c4deaac3ef01bbaf34e190790e6bc30e0a02f32d1f9",
-    "skills/rag-pipeline-security/skill.md": "78f00a39e66f08da2894e28eeedb32137295ca019eba7110ab28282d613a97eb",
-    "skills/ai-c2-detection/skill.md": "095cab9daa072bfabc87152aea1b61ccd6da8f531753b05c181629f04014b5ca",
+    "skills/exploit-scoring/skill.md": "4213724d59d33d8fe768b3ce58edc3aed25c0f06031183542937a14d538ea94d",
+    "skills/rag-pipeline-security/skill.md": "fc027d5e101a9934b402ed4086b9cbb8b2ee6b86f00e1feb54fe15a2018d89fc",
+    "skills/ai-c2-detection/skill.md": "cdfbc086ed2b755a9d3170d66d0c33519478b693fb59944ac95a1749beb5c810",
     "skills/policy-exception-gen/skill.md": "79db45ba722a6dd9bba25bf84e0b52cf659b56b662193cef80a8273337e41df9",
-    "skills/threat-model-currency/skill.md": "4badf98c3d8ca5f5c9854cbb25ed994491c39a88ff1aa354b72c50e59a7d3261",
+    "skills/threat-model-currency/skill.md": "d1cf822c1e8a81466dc49e81b19f42d863c82bd8f8c878215a738e6ae9112fc5",
     "skills/global-grc/skill.md": "e0487de49679172347653d8c191d1f269193de6f444f6b0c6396d326e45bd72e",
-    "skills/zeroday-gap-learn/skill.md": "086df0fe792c80ca864da6917958bf3df7be5ba02df1c5894972a69353306ee6",
+    "skills/zeroday-gap-learn/skill.md": "5caa007d8c95f49ded22db581fd447f735c713b60866d18f5371457b0a60778b",
     "skills/pqc-first/skill.md": "a5eb776e1ea3bb422a4c18a3bdf39ad2ec1651b3c25e65c89428ba319141b275",
-    "skills/skill-update-loop/skill.md": "95268eb083a22b164661c14db401f5c57995fdd1ca86b35fb399b0c8419c4273",
+    "skills/skill-update-loop/skill.md": "48617511ee8efdb257e9caee543009150f0638380ad92882b62021c7eb2f9d16",
     "skills/security-maturity-tiers/skill.md": "817f0bca44297d03fb206c446fbf3f93aa3a64c309d6ef5efd046e6e47874030",
     "skills/researcher/skill.md": "51d03d9eaea52d2bbbdd67709035db494d44819ce58931ca025cab3025c9fad7",
-    "skills/attack-surface-pentest/skill.md": "8d404f6662d9bc3765d716ec7b38e302f17574a2267245fd68eeedfdbf212f42",
+    "skills/attack-surface-pentest/skill.md": "3c42af04a5db79ce10c952f4bc7c9216116e77d38e6d57feb1f1c13678c94e53",
     "skills/fuzz-testing-strategy/skill.md": "83b1929a0d1e09a58908b91125ebc91ff14323ab9acc9bab6c4b04903b69b837",
-    "skills/dlp-gap-analysis/skill.md": "11a299cdcf8902e22b8662e55369da9d8b5ae804edf237412df0ddbe684a04d0",
-    "skills/supply-chain-integrity/skill.md": "32c8c31b07caedf6146ab548a67a25408d9ae6ca1365edc6703782a3265de108",
+    "skills/dlp-gap-analysis/skill.md": "eed1a5de55a9200e6f5c8ac49b0240b54d30b895ce40ccce9d286f5d9b40f664",
+    "skills/supply-chain-integrity/skill.md": "2f9bc5d5f0b70bf468d02a71ced718b50196e6139dfb1424d31cbe017d422027",
     "skills/defensive-countermeasure-mapping/skill.md": "e62c71ba3be2b4d0f7dfa529fec007cba6bee3013f76b93756e3e6310f2d22ab",
     "skills/identity-assurance/skill.md": "6fd734d5cf8eed031537c9ccb1ad11c09ec4e88d31c45d86046a2154a6770990",
     "skills/ot-ics-security/skill.md": "d239ed497816e00ad14568e9fcca68ffdc7cb0c2a2cbd4960b35fab2065cce31",
     "skills/coordinated-vuln-disclosure/skill.md": "c96fd2254abf8a29819f8175da85094bea1afe589fecc92abcf1289b30895030",
     "skills/threat-modeling-methodology/skill.md": "d57d1acc46851d4f1580858c60a90cc20732ca8a5a46da2c50e71c9bdf4cc0b4",
-    "skills/webapp-security/skill.md": "407bd726f7d4e2c21825b4caa5ab489cfc8b56ebab5b90071ea944c6ed0350c5",
-    "skills/ai-risk-management/skill.md": "4c46cce244bf22cf3814fcd8836da3725bc0c44f573846e49039827045096340",
+    "skills/webapp-security/skill.md": "69b16f51ce79cbebd15120d6a0de1c116439bc4739c7dcaa0ecd451614038ad5",
+    "skills/ai-risk-management/skill.md": "10d31ca594449e1fef4c34ea45448ab30a6ffdc2fe1faf4ccaf0a1dd05d67774",
     "skills/sector-healthcare/skill.md": "97b4486419ab4480266bf2e938564d52bb1cdd70faae09697f695772adf02029",
-    "skills/sector-financial/skill.md": "db728a79cbd2ad149c45b34c0466452df7f4321ca968595042323b23ef7649f4",
+    "skills/sector-financial/skill.md": "eec3ce95f36a0f70532aac2f658ad6fb350233dd49c7d95da91144e6c4c4d16c",
     "skills/sector-federal-government/skill.md": "48c3c019502c8b758598331dbad8a9b121f8dd3dc6fc68bfaf506eba7e3843e5",
     "skills/sector-energy/skill.md": "875799aa2ad88744b646583fef0a3399abd42a979541dc99bf39825a5ef48ce9",
-    "skills/api-security/skill.md": "3ee3edd244a9240e42138edbec339ca28e01a662dfb83317af2d758ce355fb7a",
+    "skills/api-security/skill.md": "302f7f6a071b856cc55a4cb5f0bc3f8566e31b5ebca58ca3bd78a91d4b6665ca",
     "skills/cloud-security/skill.md": "e0574c153aefbb0fc4581c78bc2d708ab7c49d6b5a45a985e51967b8ea740eb9",
-    "skills/container-runtime-security/skill.md": "921a7ac163e04fe8415986b0f54c1b3c8c4656576d72ccb6665dff3869c63003",
-    "skills/mlops-security/skill.md": "e3bb447033ec94b5ddc621e4b3c3ca7e971cde51584ab9653fb121a899a0eb81",
-    "skills/incident-response-playbook/skill.md": "c1033410b479f33a7a0e60a75ad02965fb70ba88f57203fa36e9c2418789e098",
+    "skills/container-runtime-security/skill.md": "f06260f0c468d6a4f0409294899017edab45c98d71db1fedd7a630fe6a7bf53a",
+    "skills/mlops-security/skill.md": "e6a296fc67724aa3b026c0039f44867b44cf0926eade4fe616bfd0a4c77310bf",
+    "skills/incident-response-playbook/skill.md": "8ef7ce1246dc1329b6df3cc9de8d79d35e2c02c703dcef20f35b312b1c24fd52",
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
     "skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d"
   },
@@ -68,13 +68,13 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 453,
-    "chains_cve_entries": 9,
+    "chains_cve_entries": 27,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 38,
     "summary_cards": 38,
     "section_offsets_skills": 38,
-    "token_budget_total_approx": 355238,
+    "token_budget_total_approx": 357564,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/activity-feed.json CHANGED Viewed

@@ -6,20 +6,60 @@
   },
   "events": [
     {
-      "date": "2026-05-13",
+      "date": "2026-05-15",
       "type": "catalog_update",
       "artifact": "data/atlas-ttps.json",
       "path": "data/atlas-ttps.json",
       "schema_version": "1.0.0",
-      "entry_count": 15
+      "entry_count": 29
     },
     {
-      "date": "2026-05-13",
+      "date": "2026-05-15",
       "type": "catalog_update",
       "artifact": "data/attack-techniques.json",
       "path": "data/attack-techniques.json",
       "schema_version": "1.0.0",
-      "entry_count": 79
+      "entry_count": 91
+    },
+    {
+      "date": "2026-05-15",
+      "type": "catalog_update",
+      "artifact": "data/exploit-availability.json",
+      "path": "data/exploit-availability.json",
+      "schema_version": "1.1.0",
+      "entry_count": 30
+    },
+    {
+      "date": "2026-05-15",
+      "type": "catalog_update",
+      "artifact": "data/framework-control-gaps.json",
+      "path": "data/framework-control-gaps.json",
+      "schema_version": "1.0.0",
+      "entry_count": 78
+    },
+    {
+      "date": "2026-05-15",
+      "type": "catalog_update",
+      "artifact": "data/global-frameworks.json",
+      "path": "data/global-frameworks.json",
+      "schema_version": "1.3.0",
+      "entry_count": 35
+    },
+    {
+      "date": "2026-05-15",
+      "type": "catalog_update",
+      "artifact": "data/rfc-references.json",
+      "path": "data/rfc-references.json",
+      "schema_version": "1.0.0",
+      "entry_count": 38
+    },
+    {
+      "date": "2026-05-15",
+      "type": "catalog_update",
+      "artifact": "data/zeroday-lessons.json",
+      "path": "data/zeroday-lessons.json",
+      "schema_version": "1.1.0",
+      "entry_count": 15
     },
     {
       "date": "2026-05-13",
@@ -27,7 +67,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 10
+      "entry_count": 30
     },
     {
       "date": "2026-05-13",
@@ -45,14 +85,6 @@
       "schema_version": "1.0.0",
       "entry_count": 28
     },
-    {
-      "date": "2026-05-13",
-      "type": "catalog_update",
-      "artifact": "data/zeroday-lessons.json",
-      "path": "data/zeroday-lessons.json",
-      "schema_version": "1.0.0",
-      "entry_count": 10
-    },
     {
       "date": "2026-05-11",
       "type": "skill_review",
@@ -222,22 +254,6 @@
       "schema_version": "1.0.0",
       "entry_count": 22
     },
-    {
-      "date": "2026-05-11",
-      "type": "catalog_update",
-      "artifact": "data/global-frameworks.json",
-      "path": "data/global-frameworks.json",
-      "schema_version": "1.3.0",
-      "entry_count": 35
-    },
-    {
-      "date": "2026-05-11",
-      "type": "catalog_update",
-      "artifact": "data/rfc-references.json",
-      "path": "data/rfc-references.json",
-      "schema_version": "1.0.0",
-      "entry_count": 31
-    },
     {
       "date": "2026-05-01",
       "type": "skill_review",
@@ -343,22 +359,6 @@
       "path": "skills/security-maturity-tiers/skill.md",
       "note": "Three-tier implementation roadmap — MVP (ship this week), Practical (scalable today), Overkill (defense-in-depth)"
     },
-    {
-      "date": "2026-05-01",
-      "type": "catalog_update",
-      "artifact": "data/exploit-availability.json",
-      "path": "data/exploit-availability.json",
-      "schema_version": "1.0.0",
-      "entry_count": 10
-    },
-    {
-      "date": "2026-05-01",
-      "type": "catalog_update",
-      "artifact": "data/framework-control-gaps.json",
-      "path": "data/framework-control-gaps.json",
-      "schema_version": "1.0.0",
-      "entry_count": 62
-    },
     {
       "date": "2026-05-01",
       "type": "manifest_review",

package/data/_indexes/catalog-summaries.json CHANGED Viewed

@@ -9,7 +9,7 @@
       "path": "data/atlas-ttps.json",
       "purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.1.0 (November 2025).",
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-13",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -18,29 +18,29 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 15,
+      "entry_count": 29,
       "sample_keys": [
+        "AML.T0001",
         "AML.T0010",
         "AML.T0016",
         "AML.T0017",
-        "AML.T0018",
-        "AML.T0020"
+        "AML.T0018"
       ]
     },
     "attack-techniques.json": {
       "path": "data/attack-techniques.json",
       "purpose": null,
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-13",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
         "default_review_cadence_days": 90,
         "stale_after_days": 180,
         "rebuild_after_days": 365,
-        "note": "Catalog must be rebuilt against the upstream ATT&CK release whenever MITRE publishes a new version. AGENTS.md hard rule #8 requires the bump to be intentional, not silent."
+        "note": "Catalog must be rebuilt against the upstream ATT&CK release whenever MITRE publishes a new version. AGENTS.md external-data version-pinning rule requires the bump to be intentional, not silent. ATT&CK ships semi-annually (April + October); audit on each release for tactic moves, technique splits, and new Detection Strategies."
       },
-      "entry_count": 79,
+      "entry_count": 91,
       "sample_keys": [
         "T0001",
         "T0017",
@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 10,
+      "entry_count": 30,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -140,8 +140,8 @@
     "exploit-availability.json": {
       "path": "data/exploit-availability.json",
       "purpose": "Per-CVE exploit availability: PoC public status, weaponization signal, AI-assist status, blast-radius. Project-curated (B2 Admiralty confidence) with source citations.",
-      "schema_version": "1.0.0",
-      "last_updated": "2026-05-01",
+      "schema_version": "1.1.0",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "B2",
       "freshness_policy": {
@@ -150,7 +150,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 10,
+      "entry_count": 30,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -163,7 +163,7 @@
       "path": "data/framework-control-gaps.json",
       "purpose": "Per-control framework gap declarations: SI-2, A.8.8, PCI 6.3.3, etc. Each entry names the control, the lag, the evidence CVE, and remediation guidance.",
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-01",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 62,
+      "entry_count": 78,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -185,7 +185,7 @@
       "path": "data/global-frameworks.json",
       "purpose": "Multi-jurisdiction framework registry: 34 jurisdictions × applicable frameworks × patch_sla / notification_sla / critical_controls / framework_gaps. Cross-cutting authority for jurisdiction-clocks index.",
       "schema_version": "1.3.0",
-      "last_updated": "2026-05-11",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -207,7 +207,7 @@
       "path": "data/rfc-references.json",
       "purpose": "IETF RFCs + active Internet-Drafts cited by skills (TLS, IPsec, PQ crypto migration, HTTP/3, CT). Cross-validated against IETF Datatracker via validate-rfcs.",
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-11",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -216,7 +216,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 31,
+      "entry_count": 38,
       "sample_keys": [
         "RFC-4301",
         "RFC-4303",
@@ -228,8 +228,8 @@
     "zeroday-lessons.json": {
       "path": "data/zeroday-lessons.json",
       "purpose": "Distilled lessons from notable zero-days and campaigns (SesameOp, Copy Fail, Dirty Frag, Copilot RCE, Windsurf MCP). Each entry: technique, distinguishing characteristic, what it means for the framework lag.",
-      "schema_version": "1.0.0",
-      "last_updated": "2026-05-13",
+      "schema_version": "1.1.0",
+      "last_updated": "2026-05-15",
       "tlp": "CLEAR",
       "source_confidence_default": "B2",
       "freshness_policy": {
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 10,
+      "entry_count": 15,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",