@blamejs/exceptd-skills 0.12.25 → 0.12.27

package/CHANGELOG.md

@@ -1,5 +1,87 @@
 # Changelog
 
+## 0.12.27 — 2026-05-15
+
+**Patch: opt-in `--bundle-deterministic` mode for reproducible CSAF + OpenVEX + close-envelope bytes. Closes cycle 6 III P2-E + cycle 7 CCC bundle-non-determinism finding.**
+
+### New flags
+
+- **`--bundle-deterministic`** (boolean, off by default) — when set, the bundle-emit path produces byte-stable output for the same inputs. CSAF `tracking.initial_release_date` / `current_release_date` / `generator.date` / `revision_history[0].date`, OpenVEX top-level `timestamp` + per-statement `timestamp`, close-envelope `acceptance_date` + `regression_schedule.next_run` + `generated_at` all freeze to a single epoch. Auto-generated session IDs derive deterministically from `sha256(playbook_id ∥ evidence_hash ∥ engine_version)` rather than `crypto.randomBytes`. CSAF `vulnerabilities[]` + OpenVEX `statements[]` arrays sort by primary id.
+- **`--bundle-epoch <ISO-8601>`** (value-bearing, optional) — operator-supplied freeze epoch. When omitted, the deterministic mode falls back to `playbook._meta.last_threat_review` (the canonical "this catalog was last reviewed at" timestamp). Honored only when `--bundle-deterministic` is set.
+
+Both flags wired for `run`, `ci`, `run-all`, `ai-run`, `ingest`. Per-verb help blocks document them.
+
+### Why
+
+- **CI bundle diffing**: `git diff` over `evidence_package.bundle_body` against a baseline becomes signal-bearing only when drift is signal, not noise. Pre-v0.12.27 the same evidence produced ~640 bytes of timestamp drift across CSAF + OpenVEX + close-envelope per run.
+- **Auditor evidence reuse**: ISO 27001 / SOC 2 audits expect re-emit against the same submission to produce byte-equal evidence.
+- **SLSA / Sigstore alignment**: reproducible build evidence requires deterministic outputs the verifier can hash and compare.
+
+CSAF 2.0 §3.1.11.2-5 permits identical `initial_release_date` / `current_release_date` for never-revised advisories; freezing to a catalog epoch is spec-compliant. The strict-validator pass (BSI CSAF Validator) accepts the deterministic-mode output unchanged.
+
+### Default-mode regression guard
+
+When neither flag is set, bundle output is byte-identical to v0.12.26 — no existing operator sees a behavioral change. A regression test pins this: two consecutive runs in default mode produce different CSAF `tracking.initial_release_date` values, asserting the determinism is opt-in and cannot accidentally activate.
+
+### Test coverage
+
+`tests/bundle-determinism.test.js` (new, 7 exact-code tests):
+1. Two runs same inputs + same epoch → byte-identical CSAF/OpenVEX/summary
+2. Different `--bundle-epoch` → bundles differ only in timestamp fields
+3. Different evidence → bundles differ in `vulnerabilities[]` length; timestamps frozen
+4. Default mode → regression-guard timestamp drift
+5. `--bundle-epoch invalid-iso` → exit 1 + structured error
+6. `--bundle-deterministic` without `--bundle-epoch` falls back to `playbook._meta.last_threat_review`
+7. Array sort: random-order CVE evidence → `vulnerabilities[]` always ascending by `cve_id`
+
+Existing CSAF + OpenVEX + CLI test suites pass unchanged (53/53 + 30/30; no default-mode regression).
+
+Test count: 1058 pass (5 skipped). Predeploy gates: 14/14. Skills: 39/39 signed.
+
+## 0.12.26 — 2026-05-15
+
+**Patch: sector-telecom skill ships, with supporting framework-gap and ATLAS catalog scaffolding. Closes the cycle 8 LLL P1 finding that the unmodeled RWEP signal from Salt Typhoon-class campaigns was the highest gap in the catalog.**
+
+### New skill: `sector-telecom`
+
+Telecom and 5G security skill covering Salt Typhoon and Volt Typhoon TTPs, CALEA / IPA-LI gateway compromise, signaling-protocol abuse (SS7, Diameter, GTP), 5G N6 / N9 isolation, gNB / DU / CU integrity attestation, OEM-equipment supply-chain compromise, and AI-RAN / O-RAN security.
+
+The skill walks the seven-phase contract with telecom-specific jurisdictional clocks (FCC 47 CFR 64.2011 4-business-day rule, NIS2 Art. 23 24h initial, DORA Art. 19 4h for financial-touching incidents, UK TSA 2021 + Ofcom, AU SOCI / TSSR, JP MIC, IN CERT-In 6h, SG IMDA TCCSCoP, NZ TICSA, CA Bill C-26), evidence capture for LI provisioning audit logs / gNB firmware hashes / NMS access logs / signaling-flow statistics / cross-PLMN exchange patterns / eUICC SIM-swap events / 5GC slice-isolation tests / OEM remote-support tunnel inventory / NESAS deployment posture, and the standard analyze → validate → close phases against the new framework-gap entries.
+
+Compliance Theater Check enumerates seven posture-vs-actual tests specific to telecom: CPNI annual certification, GSMA NESAS deployment vs runtime, OEM firmware verification chain, 3GPP TR 33.926 deployment posture, ITU-T X.805 validation, signaling firewall PLMN-list refresh cadence, and LI-gateway MFA scope.
+
+Manifest skill count 38 → 39.
+
+### Catalog scaffolding to support the skill
+
+Nine telecom-specific framework-gap entries added to `data/framework-control-gaps.json` (totals 78 → 87 entries):
+
+- **FCC-CPNI-4.1** — 47 CFR 64.2009(e) CPNI annual certification + operational compliance, gap against Salt Typhoon LI-system vector
+- **FCC-Cyber-Incident-Notification-2024** — 47 CFR 64.2011 4-business-day rule, gap against LI-only compromise (no PII exfil) + signaling abuse + slow-roll campaign timing
+- **NIS2-Annex-I-Telecom** — telecom as essential entity, gap against LI-gateway access controls + OEM firmware attestation + AI-RAN coverage
+- **DORA-Art-21-Telecom-ICT** — ICT third-party risk through telecom services, gap against telecom-financial cadence misalignment + slice-isolation
+- **UK-CAF-B5** — resilient networks principle, gap against signaling-anomaly + gNB attestation + slice-isolation outcome tests
+- **AU-ISM-1556** — privileged-user MFA, gap against telecom NMS service accounts + LI-gateway operator credentials + OEM remote-support tunnels
+- **GSMA-NESAS-Deployment** — NESAS product-time vs operator-attested-runtime posture gap
+- **3GPP-TR-33.926** — SCAS submission-time test gap against post-deployment adversary-modified firmware + cross-spec N6/N9 isolation testing gap
+- **ITU-T-X.805** — 2003 reference architecture gap against modern Salt Typhoon / signaling abuse / slice-isolation threat models
+
+One ATLAS technique added to `data/atlas-ttps.json`:
+
+- **AML.T0040 Tool / Plugin Compromise** — anchors the AI-RAN xApp / rApp + MCP-class plugin attack class. Real-world instances: CVE-2026-30623 (Anthropic MCP SDK stdio command-injection), three Pwn2Own Berlin 2026 collisions (Viettel Claude Code, STARLabs LM Studio, Compass OpenAI Codex). `secure_ai_v2_layer: true`, `maturity: high`.
+
+Total ATLAS entries: 29 → 30.
+
+### RFC reverse-reference
+
+`data/rfc-references.json` RFC-9622 (TAPS Architecture) `skills_referencing` array gains `sector-telecom` (paired with the existing `webapp-security` reference) to satisfy the manifest forward-reference invariant.
+
+### AGENTS.md Quick Skill Reference
+
+Adds the `sector-telecom` row to the skill trigger table.
+
+Test count: 1051 pass (5 skipped). Predeploy gates: 14/14. Skills: 39/39 signed; manifest envelope signed.
+
 ## 0.12.25 — 2026-05-15
 
 **Data-refresh release: catalog freshness, Hard Rule #7 AI-discovery posture, ATLAS v5.4 + ATT&CK v19 standards bumps, Pwn2Own Berlin 2026 forward-watch, NGINX Rift, framework deltas (PCI 4.0.1 / HIPAA 2026 NPRM / EU AI Act ITS / DORA RTS).**

package/bin/exceptd.js

@@ -909,6 +909,11 @@ function dispatchPlaybook(cmd, argv) {
             "force-overwrite", "no-stream", "block-on-jurisdiction-clock",
             "force-replay",
             "json-stdout-only", "fix", "human", "json", "strict-preconditions",
+            // v0.12.27: --bundle-deterministic opts the bundle build into
+            // byte-stable output (frozen timestamps, deterministic session_id
+            // fallback, sorted vulnerabilities[] / statements[]). Pairs with
+            // --bundle-epoch <ISO> for the frozen timestamp value.
+            "bundle-deterministic",
             // v0.12.9: doctor --shipped-tarball runs the verify-shipped-tarball
             // gate alongside --signatures. doctor --registry-check + --signatures
             // were already accepted; explicit registration removes the silent
@@ -1266,6 +1271,55 @@ function dispatchPlaybook(cmd, argv) {
     runOpts.csafStatus = cs;
   }
 
+  // --bundle-deterministic + --bundle-epoch (v0.12.27): opt-in deterministic
+  // bundle emit. When set, CSAF / OpenVEX / close-envelope timestamps freeze
+  // to the supplied epoch (or the playbook's last_threat_review fallback),
+  // the auto-generated session_id derives from sha256(playbook + evidence_hash
+  // + engine_version) when the operator did not pass --session-id, and
+  // vulnerabilities[] / statements[] sort deterministically. Opt-in so the
+  // default emit path stays byte-identical to pre-v0.12.27 output.
+  if (args["bundle-deterministic"] !== undefined && args["bundle-deterministic"] !== false) {
+    if (!BUNDLE_FLAG_RELEVANT_VERBS.has(cmd)) {
+      return emitError(
+        `${cmd}: --bundle-deterministic is irrelevant on this verb (no bundle is assembled). --bundle-deterministic only applies to verbs that drive phases 5-7: ${[...BUNDLE_FLAG_RELEVANT_VERBS].sort().join(", ")}.`,
+        { verb: cmd, flag: "bundle-deterministic", error_class: "irrelevant-flag", accepted_verbs: [...BUNDLE_FLAG_RELEVANT_VERBS].sort() },
+        pretty
+      );
+    }
+    runOpts.bundleDeterministic = true;
+  }
+  if (args["bundle-epoch"] !== undefined) {
+    if (!BUNDLE_FLAG_RELEVANT_VERBS.has(cmd)) {
+      return emitError(
+        `${cmd}: --bundle-epoch is irrelevant on this verb (no bundle is assembled). --bundle-epoch only applies to verbs that drive phases 5-7: ${[...BUNDLE_FLAG_RELEVANT_VERBS].sort().join(", ")}.`,
+        { verb: cmd, flag: "bundle-epoch", error_class: "irrelevant-flag", accepted_verbs: [...BUNDLE_FLAG_RELEVANT_VERBS].sort() },
+        pretty
+      );
+    }
+    const epoch = args["bundle-epoch"];
+    if (typeof epoch !== "string") {
+      return emitError(
+        `${cmd}: --bundle-epoch must be a string ISO-8601 timestamp.`,
+        { verb: cmd, flag: "bundle-epoch", provided: typeof epoch },
+        pretty
+      );
+    }
+    // Reuse validateIsoSince — the same calendar-shape gate used for --since.
+    const isoErr = validateIsoSince(epoch);
+    if (isoErr) {
+      return emitError(
+        `${cmd}: --bundle-epoch must be a parseable ISO-8601 calendar timestamp (e.g. 2026-01-01T00:00:00Z). Got: ${JSON.stringify(epoch).slice(0, 80)}`,
+        { verb: cmd, flag: "bundle-epoch", provided: epoch.slice(0, 80) },
+        pretty
+      );
+    }
+    // Normalise to a full ISO timestamp so downstream consumers don't have
+    // to handle the date-only shape. Date-only inputs render as
+    // YYYY-MM-DDT00:00:00.000Z; full timestamps round-trip unchanged modulo
+    // ms precision (Date.prototype.toISOString always emits ms).
+    runOpts.bundleEpoch = new Date(epoch).toISOString();
+  }
+
   // --ack: operator acknowledges the jurisdiction obligations surfaced by
   // govern. Captured in attestation; downstream tooling can check whether
   // consent was explicit vs. implicit. AGENTS.md says the AI should surface
@@ -1512,6 +1566,16 @@ Flags:
                           publisher trust anchor — i.e. the operator's
                           organisation, NOT the tooling vendor. Must be an
                           http://… or https://… URL, ≤256 chars.
+  --bundle-deterministic  Emit byte-stable CSAF / OpenVEX / close envelope.
+                          Freezes tracking + timestamp fields to a single
+                          epoch, derives session_id from evidence hash when
+                          not supplied via --session-id, and sorts
+                          vulnerabilities[] / statements[] ascending.
+                          Off by default; opt-in for reproducible-build
+                          pipelines + diff-friendly attestation review.
+  --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic. ISO-8601
+                          calendar timestamp (date or date+time). Falls back
+                          to the playbook's last_threat_review when omitted.
   --diff-from-latest      Compare evidence_hash against the most recent prior
                           attestation for the same playbook in
                           .exceptd/attestations/. Emits status: unchanged | drifted.
@@ -1589,6 +1653,8 @@ Flags:
                           CSAF document.publisher.namespace (§3.1.7.4). The
                           operator's organisation URL, NOT the tooling vendor.
                           Must be an http://… or https://… URL, ≤256 chars.
+  --bundle-deterministic  Emit byte-stable bundles (frozen timestamps).
+  --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.
   --pretty                Indented JSON output.
 
 Exit codes: 0 PASS, 1 framework, 4 blocked, 7 SESSION_ID_COLLISION,
@@ -1716,6 +1782,8 @@ Flags:
                           CSAF document.publisher.namespace (§3.1.7.4). The
                           operator's organisation URL, NOT the tooling vendor.
                           Must be an http://… or https://… URL, ≤256 chars.
+  --bundle-deterministic  Emit byte-stable bundles for reproducible pipelines.
+  --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.
   --evidence <file|->     Single-shot mode: pre-supplied submission JSON.
   --operator <name>       Bind the attestation to a specific identity.
   --ack                   Mark explicit operator consent (jurisdiction clock).
@@ -1794,6 +1862,8 @@ Flags:
   --publisher-namespace <url>
                           CSAF document.publisher.namespace (§3.1.7.4). The
                           operator's organisation URL, NOT the tooling vendor.
+  --bundle-deterministic  Emit byte-stable bundles across per-playbook runs.
+  --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.
   --json                  Force single-line JSON (overrides any TTY heuristics).
   --pretty                Indented JSON output (implies --json).
 
@@ -1874,7 +1944,9 @@ Flags (selected — see \`exceptd run --help\` for the full list):
   --publisher-namespace <url>
                           CSAF document.publisher.namespace (§3.1.7.4). The
                           operator's organisation URL, NOT the tooling vendor.
-                          Must be an http://… or https://… URL, ≤256 chars.`,
+                          Must be an http://… or https://… URL, ≤256 chars.
+  --bundle-deterministic  Emit byte-stable bundles across the multi-run set.
+  --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.`,
   };
   process.stdout.write((cmds[verb] || `${verb} — no per-verb help available; see \`exceptd help\` for the full list.`) + "\n");
 }

package/data/_indexes/_meta.json

@@ -1,20 +1,20 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-15T21:42:12.284Z",
+  "generated_at": "2026-05-15T22:38:59.213Z",
   "generator": "scripts/build-indexes.js",
-  "source_count": 50,
+  "source_count": 51,
   "source_hashes": {
-    "manifest.json": "f239465cd6c7d357bc185eef6457023de3433c8e9d07feb0008319915d142cd0",
-    "data/atlas-ttps.json": "f3d3ecb459ef5fb0d2c8339cd37072e1367a08d5a2fdef3d92c892a4b52dab97",
+    "manifest.json": "9862095ee05729021d2dd51765c370ed24377e73c536b237817ef7ce4a7ba437",
+    "data/atlas-ttps.json": "db52a797f6ba7c9a61fd7b1225ebbc268ddf21abe29a106c4246c2ed2e617b86",
     "data/attack-techniques.json": "6b45448aa42cc6664376c93da73356624708e935c12589ee8c776a10215bce3a",
     "data/cve-catalog.json": "a2acad16f5e3856b07019fa00110e9dcb38ec5cc71b318d0e164bfcba7f4f644",
     "data/cwe-catalog.json": "19893d2a7139d86ff3fcf296b0e6cda10e357727a1d1ffb56af282104e99157a",
     "data/d3fend-catalog.json": "d219520c8d3eb61a270b25ea60f64721035e98a8d5d51d1a4e1f1140d9a586f9",
     "data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
-    "data/framework-control-gaps.json": "8fb42b8a1503bda7d24bc48e34c5e26c425f5985767853ed1e1b8b3a5318369e",
+    "data/framework-control-gaps.json": "e87790cae8839dc5d73632d7d875d12cffa2ad741a9002ec7851e1ae04df54c4",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
-    "data/rfc-references.json": "e88c1517f0ffc45c27bc5805c01de87994b9e65b54071699b3d7cb5832b82c7a",
+    "data/rfc-references.json": "863f1ad7a36c020d11eb7bffea49ca1df89b10d43f3986118cdc5a5712308115",
     "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
@@ -47,6 +47,7 @@
     "skills/sector-financial/skill.md": "eec3ce95f36a0f70532aac2f658ad6fb350233dd49c7d95da91144e6c4c4d16c",
     "skills/sector-federal-government/skill.md": "48c3c019502c8b758598331dbad8a9b121f8dd3dc6fc68bfaf506eba7e3843e5",
     "skills/sector-energy/skill.md": "875799aa2ad88744b646583fef0a3399abd42a979541dc99bf39825a5ef48ce9",
+    "skills/sector-telecom/skill.md": "3489410b0905cbf6b392ea7f7cde35ccd4b03de0d22d2d1b0c671e46d70962c9",
     "skills/api-security/skill.md": "302f7f6a071b856cc55a4cb5f0bc3f8566e31b5ebca58ca3bd78a91d4b6665ca",
     "skills/cloud-security/skill.md": "e0574c153aefbb0fc4581c78bc2d708ab7c49d6b5a45a985e51967b8ea740eb9",
     "skills/container-runtime-security/skill.md": "f06260f0c468d6a4f0409294899017edab45c98d71db1fedd7a630fe6a7bf53a",
@@ -55,35 +56,35 @@
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
     "skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d"
   },
-  "skill_count": 38,
+  "skill_count": 39,
   "catalog_count": 11,
   "index_stats": {
     "xref_entries": {
       "cwe_refs": 34,
       "d3fend_refs": 20,
-      "framework_gaps": 49,
-      "atlas_refs": 9,
-      "attack_refs": 30,
-      "rfc_refs": 19,
+      "framework_gaps": 58,
+      "atlas_refs": 10,
+      "attack_refs": 32,
+      "rfc_refs": 20,
       "dlp_refs": 0
     },
-    "trigger_table_entries": 453,
+    "trigger_table_entries": 475,
     "chains_cve_entries": 27,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
-    "handoff_dag_nodes": 38,
-    "summary_cards": 38,
-    "section_offsets_skills": 38,
-    "token_budget_total_approx": 357564,
+    "handoff_dag_nodes": 39,
+    "summary_cards": 39,
+    "section_offsets_skills": 39,
+    "token_budget_total_approx": 362735,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,
     "theater_fingerprints": 7,
     "currency_action_required": 0,
     "frequency_fields": 7,
-    "activity_feed_events": 50,
+    "activity_feed_events": 51,
     "catalog_summaries": 11,
-    "stale_content_findings": 1
+    "stale_content_findings": 3
   },
   "invalidation_note": "If any source file in source_hashes has a different SHA-256 than recorded here, the indexes are stale. Re-run `npm run build-indexes`."
 }

package/data/_indexes/activity-feed.json

@@ -2,16 +2,23 @@
   "_meta": {
     "schema_version": "1.0.0",
     "note": "Per-artifact 'last changed' feed sorted descending by date. Skill events from manifest.last_threat_review; catalog events from data/<catalog>.json _meta.last_updated.",
-    "event_count": 50
+    "event_count": 51
   },
   "events": [
+    {
+      "date": "2026-05-15",
+      "type": "skill_review",
+      "artifact": "sector-telecom",
+      "path": "skills/sector-telecom/skill.md",
+      "note": "Telecom and 5G security for mid-2026 — Salt Typhoon, Volt Typhoon, CALEA / IPA-LI gateway compromise, signaling-protocol abuse (SS7 / Diameter / GTP), 5G N6 / N9 isolation, gNB / DU / CU integrity, OEM-equipment supply-chain compromise, AI-RAN / O-RAN security"
+    },
     {
       "date": "2026-05-15",
       "type": "catalog_update",
       "artifact": "data/atlas-ttps.json",
       "path": "data/atlas-ttps.json",
       "schema_version": "1.0.0",
-      "entry_count": 29
+      "entry_count": 30
     },
     {
       "date": "2026-05-15",
@@ -35,7 +42,7 @@
       "artifact": "data/framework-control-gaps.json",
       "path": "data/framework-control-gaps.json",
       "schema_version": "1.0.0",
-      "entry_count": 78
+      "entry_count": 87
     },
     {
       "date": "2026-05-15",
@@ -364,7 +371,7 @@
       "type": "manifest_review",
       "artifact": "manifest.json",
       "path": "manifest.json",
-      "note": "manifest threat_review_date — 38 skills, 11 catalogs"
+      "note": "manifest threat_review_date — 39 skills, 11 catalogs"
     }
   ]
 }

package/data/_indexes/catalog-summaries.json

@@ -18,13 +18,13 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 29,
+      "entry_count": 30,
       "sample_keys": [
         "AML.T0001",
+        "AML.T0040",
         "AML.T0010",
         "AML.T0016",
-        "AML.T0017",
-        "AML.T0018"
+        "AML.T0017"
       ]
     },
     "attack-techniques.json": {
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 78,
+      "entry_count": 87,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",