@blamejs/exceptd-skills 0.12.26 → 0.12.28

package/data/rfc-references.json

@@ -152,8 +152,10 @@
     "lag_notes": "RFC 7519 is the spec; RFC 8725 (Best Current Practices) is what implementations should follow. Many MCP servers still hand-roll JWT validation and miss BCP 225 guidance.",
     "skills_referencing": [
       "api-security",
+      "cloud-iam-incident",
       "cloud-security",
       "identity-assurance",
+      "idp-incident-response",
       "mcp-agent-trust",
       "sector-financial",
       "sector-healthcare",
@@ -301,8 +303,10 @@
     "relevance": "BCP 225. Required reading for any MCP / agent / AI-API auth implementation. Covers algorithm-confusion attacks, kid traversal, audience pinning. mcp-agent-trust uses this as the JWT-handling baseline.",
     "skills_referencing": [
       "api-security",
+      "cloud-iam-incident",
       "cloud-security",
       "identity-assurance",
+      "idp-incident-response",
       "mcp-agent-trust",
       "sector-financial",
       "webapp-security"
@@ -421,6 +425,7 @@
     "skills_referencing": [
       "ai-c2-detection",
       "api-security",
+      "idp-incident-response",
       "mcp-agent-trust",
       "sector-financial",
       "sector-healthcare"
@@ -557,5 +562,44 @@
       "coordinated-vuln-disclosure"
     ],
     "last_verified": "2026-05-13"
+  },
+  "RFC-7591": {
+    "number": 7591,
+    "title": "OAuth 2.0 Dynamic Client Registration Protocol",
+    "status": "Proposed Standard",
+    "published": "2015-07",
+    "tracker": "https://www.rfc-editor.org/info/rfc7591",
+    "relevance": "Dynamic Client Registration is the legitimate OAuth flow for self-service app onboarding into an IdP. Operator-facing: when DCR is enabled without strong attestation, a compromised tenant or compromised admin can register a malicious app whose redirect_uri exfiltrates auth codes — the 2023-2024 Microsoft Storm-0558 / Midnight Blizzard incidents exercised this surface via consent abuse on tenant-published apps. Pair with RFC 7592 (DCR Management Protocol) for full lifecycle controls.",
+    "skills_referencing": [
+      "idp-incident-response",
+      "identity-assurance"
+    ],
+    "last_verified": "2026-05-15"
+  },
+  "RFC-8693": {
+    "number": 8693,
+    "title": "OAuth 2.0 Token Exchange",
+    "status": "Proposed Standard",
+    "published": "2020-01",
+    "tracker": "https://www.rfc-editor.org/info/rfc8693",
+    "relevance": "Token exchange is the canonical mechanism for cloud IAM impersonation and service-account delegation chains (AWS STS AssumeRoleWithWebIdentity, GCP Workload Identity Federation, Azure Workload Identity). Operator-facing: token-exchange chains are the modern equivalent of pass-the-token — a compromised upstream token mints downstream tokens with widened audience claims. Audit chain depth + audience expansion + lifetime ladder.",
+    "skills_referencing": [
+      "cloud-iam-incident",
+      "identity-assurance"
+    ],
+    "last_verified": "2026-05-15"
+  },
+  "RFC-9068": {
+    "number": 9068,
+    "title": "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens",
+    "status": "Proposed Standard",
+    "published": "2021-10",
+    "tracker": "https://www.rfc-editor.org/info/rfc9068",
+    "relevance": "Standardises the JWT claim set for OAuth access tokens (typ, scope, client_id, etc.) that cloud IAM and SaaS APIs accept as bearer credentials. Operator-facing: when tokens omit the audience claim or accept loose typ values, replay across services becomes trivial — most cloud-IAM token-forgery incidents (Azure storm-0558 key-leak class) reduce to insufficient claim validation. Pair with RFC 8725 (JWT BCP) for hardening.",
+    "skills_referencing": [
+      "cloud-iam-incident",
+      "identity-assurance"
+    ],
+    "last_verified": "2026-05-15"
   }
 }

package/lib/flag-suggest.js

@@ -79,21 +79,25 @@ const VERB_FLAG_ALLOWLIST = Object.freeze({
     'mode', 'air-gap', 'force-stale', 'operator', 'ack', 'csaf-status',
     'publisher-namespace', 'vex', 'all', 'scope', 'required', 'format',
     'strict-preconditions', 'block-on-jurisdiction-clock', 'tlp',
+    'bundle-deterministic', 'bundle-epoch',
   ],
   'run-all': [
     'evidence', 'evidence-dir', 'session-id', 'force-overwrite', 'attestation-root',
     'mode', 'air-gap', 'force-stale', 'operator', 'ack', 'csaf-status',
     'publisher-namespace', 'vex', 'scope', 'strict-preconditions', 'tlp',
+    'bundle-deterministic', 'bundle-epoch',
   ],
   'ai-run': [
     'evidence', 'no-stream', 'session-id', 'force-overwrite', 'attestation-root',
     'operator', 'ack', 'csaf-status', 'publisher-namespace', 'air-gap',
     'mode', 'force-stale', 'tlp',
+    'bundle-deterministic', 'bundle-epoch',
   ],
   ingest: [
     'evidence', 'session-id', 'force-overwrite', 'attestation-root', 'operator',
     'ack', 'csaf-status', 'publisher-namespace', 'air-gap', 'force-stale',
     'strict-preconditions',
+    'bundle-deterministic', 'bundle-epoch',
   ],
   brief: ['all', 'scope', 'directives', 'flat', 'phase'],
   discover: ['scan-only', 'scope'],

package/lib/playbook-runner.js

@@ -1515,6 +1515,13 @@ function close(playbookId, directiveId, analyzeResult, validateResult, agentSign
   // bypass run() (e.g. unit tests).
   const sessionId = runOpts.session_id || crypto.randomBytes(8).toString('hex');
 
+  // v0.12.27: when opt-in deterministic bundle mode is set, resolve the
+  // single frozen epoch used by every timestamp surface below. Cached for
+  // the whole close() call so notification_actions, regression_schedule,
+  // and the bundle emitter all agree on the same Date.
+  const deterministic = runOpts.bundleDeterministic === true;
+  const frozenEpoch = deterministic ? resolveFrozenEpoch(runOpts, playbook) : null;
+
   // notification_actions — compute ISO deadlines from clock_starts events.
   // v0.11.12 (#123): enrich each entry with the matched obligation's
   // jurisdiction/regulation/window_hours/evidence_required fields. The
@@ -1605,7 +1612,10 @@ function close(playbookId, directiveId, analyzeResult, validateResult, agentSign
           framework_id: playbook.domain.frameworks_in_scope[0] || 'unspecified',
           control_id: analyzeResult.framework_gap_mapping?.[0]?.claimed_control || 'unspecified',
           ciso_name: agentSignals.ciso_name || '<CISO NAME>',
-          acceptance_date: new Date().toISOString().slice(0, 10),
+          // v0.12.27: deterministic mode roots acceptance_date in the
+          // frozen epoch so two runs against the same evidence emit the
+          // same auditor-facing date.
+          acceptance_date: (deterministic ? frozenEpoch : new Date().toISOString()).slice(0, 10),
           duration_expiry: agentSignals.duration_expiry || 'until vendor patch'
         })
       };
@@ -1628,7 +1638,11 @@ function close(playbookId, directiveId, analyzeResult, validateResult, agentSign
   // spurious millisecond drift on tracking.initial_release_date /
   // timestamp / current_release_date.
   const evidencePackage = c.evidence_package ? (() => {
-    const issuedAt = new Date().toISOString();
+    // v0.12.27: deterministic mode pins issuedAt to the frozen epoch so
+    // CSAF tracking.{initial_release_date,current_release_date,
+    // generator.date,revision_history[0].date} and OpenVEX timestamp +
+    // statements[].timestamp all collapse to a single, byte-stable value.
+    const issuedAt = deterministic ? frozenEpoch : new Date().toISOString();
     const builtFormats = new Map();
     const buildOnce = (format) => {
       if (!builtFormats.has(format)) {
@@ -1680,11 +1694,27 @@ function close(playbookId, directiveId, analyzeResult, validateResult, agentSign
   } : { enabled: false };
 
   // regression_schedule
-  const regressionSchedule = c.regression_schedule ? {
-    next_run: validateResult.regression_next_run,
-    trigger: c.regression_schedule.trigger,
-    notify_on_skip: c.regression_schedule.notify_on_skip !== false
-  } : null;
+  //
+  // v0.12.27: deterministic mode re-derives next_run from the frozen epoch
+  // rather than wall-clock-now-at-validate-time. Without this, two runs
+  // against the same evidence diverge on next_run by the interval between
+  // the two `validate()` invocations. Frozen base + the same interval set
+  // = byte-identical schedule.
+  const regressionSchedule = c.regression_schedule ? (() => {
+    let nextRun = validateResult.regression_next_run;
+    if (deterministic) {
+      // Re-derive against the validate phase's trigger set (not the
+      // close phase's regression_schedule subtree — close has no triggers
+      // of its own, just the canonical interval declared upstream).
+      const v = resolvedPhase(playbook, directiveId, 'validate');
+      nextRun = frozenRegressionNextRun(v.regression_trigger || [], new Date(frozenEpoch));
+    }
+    return {
+      next_run: nextRun,
+      trigger: c.regression_schedule.trigger,
+      notify_on_skip: c.regression_schedule.notify_on_skip !== false
+    };
+  })() : null;
 
   // feeds_into chaining — full analyze result is exposed so conditions can
   // reference `analyze.compliance_theater_check.verdict` etc.
@@ -1996,6 +2026,40 @@ function getEngineVersion() {
   return _CACHED_PKG_VERSION;
 }
 
+// v0.12.27: deterministic-bundle epoch resolution. Priority:
+//   1. runOpts.bundleEpoch (operator-supplied --bundle-epoch <ISO>)
+//   2. playbook._meta.last_threat_review (the freshness anchor that already
+//      gates every shipped playbook — stable across re-runs of the same
+//      catalog version)
+//   3. '1970-01-01T00:00:00Z' fallback (effectively impossible in practice
+//      because every shipped playbook carries last_threat_review, but
+//      guarantees the deterministic path never crashes on a malformed
+//      playbook).
+// Returns a full ISO-8601 timestamp (date-only inputs are normalised).
+function resolveFrozenEpoch(runOpts, playbook) {
+  const raw = runOpts && runOpts.bundleEpoch
+    ? runOpts.bundleEpoch
+    : (playbook && playbook._meta && playbook._meta.last_threat_review)
+      || '1970-01-01T00:00:00Z';
+  try { return new Date(raw).toISOString(); }
+  catch { return '1970-01-01T00:00:00Z'; }
+}
+
+// Recompute regression_schedule.next_run against a frozen `now` so two
+// deterministic-mode runs of the same playbook produce byte-identical
+// schedules. Mirrors computeRegressionNextRun but with an injected base
+// date. Returns the soonest ISO timestamp or null when no interval-based
+// trigger fired.
+function frozenRegressionNextRun(triggers, frozenNow) {
+  let soonest = null;
+  for (const t of (triggers || [])) {
+    const parsed = parseInterval(t.interval, frozenNow);
+    if (!parsed || !parsed.date) continue;
+    if (!soonest || parsed.date < soonest) soonest = parsed.date;
+  }
+  return soonest ? soonest.toISOString() : null;
+}
+
 // Operator-supplied identity strings (--operator) and publisher namespace
 // URLs (--publisher-namespace) flow into operator-facing CSAF surfaces.
 // Strip ASCII control characters as defence in depth — bin/exceptd.js
@@ -2410,7 +2474,19 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
         if (branches.length > 0) tree.branches = branches;
         return tree;
       })(),
-      vulnerabilities: [...cveVulns, ...indicatorVulns],
+      vulnerabilities: (function () {
+        // v0.12.27: deterministic mode sorts vulnerabilities[] by their
+        // primary identifier (cve_id for CVE entries, ids[0].text otherwise)
+        // ascending. Default mode preserves insertion order so existing
+        // operators see byte-identical output to pre-v0.12.27.
+        const all = [...cveVulns, ...indicatorVulns];
+        if (runOpts && runOpts.bundleDeterministic === true) {
+          const keyOf = (v) => (typeof v.cve === 'string' && v.cve)
+            || (Array.isArray(v.ids) && v.ids[0] && typeof v.ids[0].text === 'string' ? v.ids[0].text : '');
+          return all.slice().sort((a, b) => keyOf(a).localeCompare(keyOf(b)));
+        }
+        return all;
+      })(),
       exceptd_extension: {
         classification: analyze._detect_classification,
         rwep: analyze.rwep,
@@ -2642,7 +2718,17 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
       author: 'exceptd',
       timestamp: issued,
       version: 1,
-      statements: [...cveStatements, ...indicatorStatements],
+      statements: (function () {
+        // v0.12.27: deterministic mode sorts statements[] by
+        // vulnerability['@id'] ascending. Insertion order otherwise.
+        const all = [...cveStatements, ...indicatorStatements];
+        if (runOpts && runOpts.bundleDeterministic === true) {
+          const keyOf = (s) => (s && s.vulnerability && typeof s.vulnerability['@id'] === 'string')
+            ? s.vulnerability['@id'] : '';
+          return all.slice().sort((a, b) => keyOf(a).localeCompare(keyOf(b)));
+        }
+        return all;
+      })(),
     };
   }
 
@@ -2948,7 +3034,28 @@ function run(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
   // Without the single-source-of-truth, close() would mint its own id
   // and operators correlating attestation files to embedded bundle URNs
   // would see mismatches.
-  const sessionId = runOpts.session_id || crypto.randomBytes(8).toString('hex');
+  //
+  // v0.12.27: when runOpts.bundleDeterministic is set AND the operator did
+  // not pass --session-id, derive the session_id from the submission shape
+  // so two runs against identical evidence produce the same id (and
+  // therefore the same CSAF tracking.id / OpenVEX @id / attestation file
+  // name). Mirrors the evidence_hash path further down but is computed
+  // here so close() can thread it through. Operator-supplied --session-id
+  // still wins on collision.
+  let sessionId;
+  if (runOpts.session_id) {
+    sessionId = runOpts.session_id;
+  } else if (runOpts.bundleDeterministic) {
+    const submissionDigest = crypto.createHash('sha256')
+      .update(canonicalStringify(extractSubmissionForHash(agentSubmission)))
+      .digest('hex');
+    sessionId = crypto.createHash('sha256')
+      .update(`${playbookId}\0${submissionDigest}\0${getEngineVersion()}`)
+      .digest('hex')
+      .slice(0, 16);
+  } else {
+    sessionId = crypto.randomBytes(8).toString('hex');
+  }
   const cachedRunOpts = { ...runOpts, _playbookCache: playbook, session_id: sessionId };
   // Run-time error accumulator for evalCondition regex failures and other
   // non-fatal anomalies surfaced into analyze.runtime_errors[].

package/manifest-snapshot.json

@@ -1,8 +1,8 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-15T22:10:24.906Z",
+  "_generated_at": "2026-05-15T23:28:24.427Z",
   "atlas_version": "5.1.0",
-  "skill_count": 39,
+  "skill_count": 42,
   "skills": [
     {
       "name": "age-gates-child-safety",
@@ -339,6 +339,82 @@
       ],
       "dlp_refs": []
     },
+    {
+      "name": "cloud-iam-incident",
+      "version": "1.0.0",
+      "triggers": [
+        "access key public repo",
+        "aws account takeover",
+        "aws sso compromise",
+        "azure managed identity replay",
+        "cloud iam compromise",
+        "cloudtrail anomaly",
+        "cross account assume role",
+        "crypto mining cloud",
+        "federated trust abuse",
+        "gcp service account compromise",
+        "iam access key leak",
+        "iam identity center",
+        "imds metadata abuse",
+        "imdsv1 ssrf",
+        "oidc trust policy",
+        "scattered spider aws",
+        "snowflake aa24",
+        "workload identity federation"
+      ],
+      "data_deps": [
+        "atlas-ttps.json",
+        "attack-techniques.json",
+        "cve-catalog.json",
+        "cwe-catalog.json",
+        "d3fend-catalog.json",
+        "framework-control-gaps.json",
+        "global-frameworks.json"
+      ],
+      "atlas_refs": [
+        "AML.T0051"
+      ],
+      "attack_refs": [
+        "T1078",
+        "T1078.004",
+        "T1098.001",
+        "T1538",
+        "T1552.005",
+        "T1580"
+      ],
+      "framework_gaps": [
+        "AU-ISM-1546-Cloud-Service-Account",
+        "AWS-Security-Hub-Coverage-Gap",
+        "CISA-Snowflake-AA24-IdP-Cloud",
+        "FedRAMP-IL5-IAM-Federated",
+        "ISO-27017-Cloud-IAM",
+        "NIST-800-53-AC-2-Cross-Account",
+        "SOC2-CC6-Access-Key-Leak-Public-Repo",
+        "UK-CAF-B2-Cloud-IAM"
+      ],
+      "rfc_refs": [
+        "RFC-7519",
+        "RFC-8693",
+        "RFC-8725",
+        "RFC-9068"
+      ],
+      "cwe_refs": [
+        "CWE-269",
+        "CWE-287",
+        "CWE-522",
+        "CWE-732",
+        "CWE-798",
+        "CWE-863"
+      ],
+      "d3fend_refs": [
+        "D3-CAA",
+        "D3-CBAN",
+        "D3-IOPR",
+        "D3-MFA",
+        "D3-NTA"
+      ],
+      "dlp_refs": []
+    },
     {
       "name": "cloud-security",
       "version": "1.0.0",
@@ -894,6 +970,83 @@
       "d3fend_refs": [],
       "dlp_refs": []
     },
+    {
+      "name": "idp-incident-response",
+      "version": "1.0.0",
+      "triggers": [
+        "apt29 entra",
+        "auth0 breach",
+        "cozy bear",
+        "cross-tenant abuse",
+        "entra app consent",
+        "entra id compromise",
+        "federated trust abuse",
+        "help-desk social engineering",
+        "identity provider incident",
+        "idp incident",
+        "management api token leak",
+        "mfa factor swap",
+        "midnight blizzard",
+        "oauth consent abuse",
+        "octo tempest",
+        "okta breach",
+        "okta compromise",
+        "onelogin breach",
+        "ping identity breach",
+        "saml token forgery",
+        "scattered spider",
+        "service account compromise",
+        "storm-0875",
+        "tenant compromise"
+      ],
+      "data_deps": [
+        "attack-techniques.json",
+        "cve-catalog.json",
+        "cwe-catalog.json",
+        "d3fend-catalog.json",
+        "framework-control-gaps.json",
+        "global-frameworks.json"
+      ],
+      "atlas_refs": [],
+      "attack_refs": [
+        "T1078.004",
+        "T1098.001",
+        "T1199",
+        "T1556.007",
+        "T1606.002"
+      ],
+      "framework_gaps": [
+        "AU-ISM-1559-IdP",
+        "DORA-Art-19-IdP-4h",
+        "ISO-27001-2022-A.5.16-Federated",
+        "NIS2-Art-21-Federated-Identity",
+        "NIST-800-53-IA-5-Federated",
+        "OFAC-Sanctions-Threat-Actor-Negotiation",
+        "SOC2-CC6-OAuth-Consent",
+        "UK-CAF-B2-IdP-Tenant"
+      ],
+      "rfc_refs": [
+        "RFC-7519",
+        "RFC-7591",
+        "RFC-8725",
+        "RFC-9421"
+      ],
+      "cwe_refs": [
+        "CWE-269",
+        "CWE-284",
+        "CWE-287",
+        "CWE-345",
+        "CWE-522",
+        "CWE-863"
+      ],
+      "d3fend_refs": [
+        "D3-CBAN",
+        "D3-IOPR",
+        "D3-MFA",
+        "D3-NTA"
+      ],
+      "dlp_refs": []
+    },
     {
       "name": "incident-response-playbook",
       "version": "1.0.0",
@@ -1289,6 +1442,70 @@
       ],
       "dlp_refs": []
     },
+    {
+      "name": "ransomware-response",
+      "version": "1.0.0",
+      "triggers": [
+        "akira ransomware",
+        "alphv",
+        "blackcat",
+        "blacksuit",
+        "cuba ransomware",
+        "cyber insurance ransomware",
+        "data theft before encryption",
+        "decryptor availability",
+        "double extortion",
+        "encryption event",
+        "exfil before encrypt",
+        "hunters international",
+        "immutable backup",
+        "lockbit",
+        "no more ransom",
+        "ofac sanctions ransomware",
+        "ransom payment",
+        "ransomhub",
+        "ransomware",
+        "ransomware incident",
+        "royal ransomware",
+        "shadow copy deletion"
+      ],
+      "data_deps": [
+        "atlas-ttps.json",
+        "cve-catalog.json",
+        "cwe-catalog.json",
+        "d3fend-catalog.json",
+        "framework-control-gaps.json",
+        "global-frameworks.json",
+        "zeroday-lessons.json"
+      ],
+      "atlas_refs": [],
+      "attack_refs": [
+        "T1059",
+        "T1078",
+        "T1486",
+        "T1567"
+      ],
+      "framework_gaps": [
+        "Decryptor-Availability-Pre-Decision",
+        "EU-Sanctions-Reg-2014-833-Cyber",
+        "Immutable-Backup-Recovery",
+        "Insurance-Carrier-24h-Notification",
+        "OFAC-SDN-Payment-Block",
+        "PHI-Exfil-Before-Encrypt-Breach-Class"
+      ],
+      "rfc_refs": [],
+      "cwe_refs": [
+        "CWE-287",
+        "CWE-798"
+      ],
+      "d3fend_refs": [
+        "D3-CSPP",
+        "D3-IOPR",
+        "D3-NTA",
+        "D3-RPA"
+      ],
+      "dlp_refs": []
+    },
     {
       "name": "researcher",
       "version": "1.0.0",
@@ -1570,7 +1787,14 @@
         "uk tsa 2021",
         "volt typhoon"
       ],
-      "data_deps": [],
+      "data_deps": [
+        "atlas-ttps.json",
+        "cve-catalog.json",
+        "cwe-catalog.json",
+        "d3fend-catalog.json",
+        "framework-control-gaps.json",
+        "global-frameworks.json"
+      ],
       "atlas_refs": [
         "AML.T0040"
       ],

package/manifest-snapshot.sha256

@@ -1 +1 @@
-3b2e3c3a40554d760ee71eded57828b0dcd3237ed0c4499ee123606d041bf1dc  manifest-snapshot.json
+ac16c35fbc0c164c00294ca821b6e44c12908800b5e6cfb339ea472c9a9ed5e0  manifest-snapshot.json