@blamejs/exceptd-skills 0.12.26 → 0.12.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/AGENTS.md +3 -0
  2. package/CHANGELOG.md +60 -0
  3. package/bin/exceptd.js +73 -1
  4. package/data/_indexes/_meta.json +22 -19
  5. package/data/_indexes/activity-feed.json +26 -5
  6. package/data/_indexes/catalog-summaries.json +3 -3
  7. package/data/_indexes/chains.json +994 -64
  8. package/data/_indexes/currency.json +28 -1
  9. package/data/_indexes/frequency.json +428 -124
  10. package/data/_indexes/handoff-dag.json +70 -19
  11. package/data/_indexes/jurisdiction-map.json +37 -12
  12. package/data/_indexes/section-offsets.json +282 -0
  13. package/data/_indexes/stale-content.json +2 -2
  14. package/data/_indexes/summary-cards.json +198 -0
  15. package/data/_indexes/token-budget.json +168 -3
  16. package/data/_indexes/trigger-table.json +190 -0
  17. package/data/_indexes/xref.json +145 -2
  18. package/data/attack-techniques.json +104 -19
  19. package/data/framework-control-gaps.json +498 -11
  20. package/data/playbooks/cloud-iam-incident.json +1351 -0
  21. package/data/playbooks/idp-incident.json +1259 -0
  22. package/data/playbooks/ransomware.json +1407 -0
  23. package/data/rfc-references.json +44 -0
  24. package/lib/flag-suggest.js +4 -0
  25. package/lib/playbook-runner.js +117 -10
  26. package/manifest-snapshot.json +227 -3
  27. package/manifest-snapshot.sha256 +1 -1
  28. package/manifest.json +282 -41
  29. package/package.json +1 -1
  30. package/sbom.cdx.json +7 -7
  31. package/skills/cloud-iam-incident/skill.md +419 -0
  32. package/skills/idp-incident-response/skill.md +352 -0
  33. package/skills/ransomware-response/skill.md +374 -0
package/data/_indexes/handoff-dag.json CHANGED
@@ -6,6 +6,7 @@
6
6
  "ai-risk-management",
7
7
  "api-security",
8
8
  "attack-surface-pentest",
9
+ "cloud-iam-incident",
9
10
  "cloud-security",
10
11
  "compliance-theater",
11
12
  "container-runtime-security",
@@ -18,6 +19,7 @@
18
19
  "fuzz-testing-strategy",
19
20
  "global-grc",
20
21
  "identity-assurance",
22
+ "idp-incident-response",
21
23
  "incident-response-playbook",
22
24
  "kernel-lpe-triage",
23
25
  "mcp-agent-trust",
@@ -26,6 +28,7 @@
26
28
  "policy-exception-gen",
27
29
  "pqc-first",
28
30
  "rag-pipeline-security",
31
+ "ransomware-response",
29
32
  "researcher",
30
33
  "sector-energy",
31
34
  "sector-federal-government",
@@ -374,6 +377,18 @@
374
377
  "threat-model-currency",
375
378
  "zeroday-gap-learn"
376
379
  ],
380
+ "ransomware-response": [
381
+ "compliance-theater",
382
+ "coordinated-vuln-disclosure",
383
+ "defensive-countermeasure-mapping",
384
+ "framework-gap-analysis",
385
+ "incident-response-playbook",
386
+ "sector-financial",
387
+ "sector-healthcare",
388
+ "skill-update-loop",
389
+ "threat-model-currency",
390
+ "zeroday-gap-learn"
391
+ ],
377
392
  "email-security-anti-phishing": [
378
393
  "ai-attack-surface",
379
394
  "compliance-theater",
@@ -393,48 +408,81 @@
393
408
  "identity-assurance",
394
409
  "incident-response-playbook",
395
410
  "sector-healthcare"
411
+ ],
412
+ "cloud-iam-incident": [
413
+ "ai-attack-surface",
414
+ "cloud-security",
415
+ "compliance-theater",
416
+ "coordinated-vuln-disclosure",
417
+ "dlp-gap-analysis",
418
+ "framework-gap-analysis",
419
+ "identity-assurance",
420
+ "incident-response-playbook",
421
+ "mcp-agent-trust",
422
+ "policy-exception-gen",
423
+ "sector-federal-government",
424
+ "sector-financial",
425
+ "sector-healthcare",
426
+ "supply-chain-integrity"
427
+ ],
428
+ "idp-incident-response": [
429
+ "ai-attack-surface",
430
+ "compliance-theater",
431
+ "coordinated-vuln-disclosure",
432
+ "dlp-gap-analysis",
433
+ "framework-gap-analysis",
434
+ "identity-assurance",
435
+ "incident-response-playbook",
436
+ "mcp-agent-trust",
437
+ "policy-exception-gen",
438
+ "sector-federal-government",
439
+ "sector-financial",
440
+ "sector-telecom"
396
441
  ]
397
442
  },
398
443
  "in_degree": {
399
444
  "age-gates-child-safety": 1,
400
- "ai-attack-surface": 19,
445
+ "ai-attack-surface": 21,
401
446
  "ai-c2-detection": 11,
402
447
  "ai-risk-management": 5,
403
448
  "api-security": 3,
404
449
  "attack-surface-pentest": 13,
405
- "cloud-security": 4,
406
- "compliance-theater": 16,
450
+ "cloud-iam-incident": 0,
451
+ "cloud-security": 5,
452
+ "compliance-theater": 19,
407
453
  "container-runtime-security": 3,
408
- "coordinated-vuln-disclosure": 9,
409
- "defensive-countermeasure-mapping": 16,
410
- "dlp-gap-analysis": 13,
454
+ "coordinated-vuln-disclosure": 12,
455
+ "defensive-countermeasure-mapping": 17,
456
+ "dlp-gap-analysis": 15,
411
457
  "email-security-anti-phishing": 2,
412
458
  "exploit-scoring": 10,
413
- "framework-gap-analysis": 15,
459
+ "framework-gap-analysis": 18,
414
460
  "fuzz-testing-strategy": 3,
415
461
  "global-grc": 12,
416
- "identity-assurance": 15,
417
- "incident-response-playbook": 4,
462
+ "identity-assurance": 17,
463
+ "idp-incident-response": 0,
464
+ "incident-response-playbook": 7,
418
465
  "kernel-lpe-triage": 10,
419
- "mcp-agent-trust": 18,
466
+ "mcp-agent-trust": 20,
420
467
  "mlops-security": 3,
421
468
  "ot-ics-security": 4,
422
- "policy-exception-gen": 9,
469
+ "policy-exception-gen": 11,
423
470
  "pqc-first": 6,
424
471
  "rag-pipeline-security": 8,
472
+ "ransomware-response": 0,
425
473
  "researcher": 1,
426
474
  "sector-energy": 3,
427
- "sector-federal-government": 4,
428
- "sector-financial": 5,
429
- "sector-healthcare": 4,
430
- "sector-telecom": 0,
475
+ "sector-federal-government": 6,
476
+ "sector-financial": 8,
477
+ "sector-healthcare": 6,
478
+ "sector-telecom": 1,
431
479
  "security-maturity-tiers": 1,
432
- "skill-update-loop": 2,
433
- "supply-chain-integrity": 15,
434
- "threat-model-currency": 5,
480
+ "skill-update-loop": 3,
481
+ "supply-chain-integrity": 16,
482
+ "threat-model-currency": 6,
435
483
  "threat-modeling-methodology": 4,
436
484
  "webapp-security": 3,
437
- "zeroday-gap-learn": 6
485
+ "zeroday-gap-learn": 7
438
486
  },
439
487
  "out_degree": {
440
488
  "age-gates-child-safety": 10,
@@ -443,6 +491,7 @@
443
491
  "ai-risk-management": 13,
444
492
  "api-security": 6,
445
493
  "attack-surface-pentest": 1,
494
+ "cloud-iam-incident": 14,
446
495
  "cloud-security": 15,
447
496
  "compliance-theater": 0,
448
497
  "container-runtime-security": 18,
@@ -455,6 +504,7 @@
455
504
  "fuzz-testing-strategy": 0,
456
505
  "global-grc": 0,
457
506
  "identity-assurance": 6,
507
+ "idp-incident-response": 12,
458
508
  "incident-response-playbook": 20,
459
509
  "kernel-lpe-triage": 5,
460
510
  "mcp-agent-trust": 5,
@@ -463,6 +513,7 @@
463
513
  "policy-exception-gen": 0,
464
514
  "pqc-first": 0,
465
515
  "rag-pipeline-security": 5,
516
+ "ransomware-response": 10,
466
517
  "researcher": 37,
467
518
  "sector-energy": 14,
468
519
  "sector-federal-government": 9,
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -7,6 +7,7 @@
7
7
  "ai-risk-management",
8
8
  "api-security",
9
9
  "attack-surface-pentest",
10
+ "cloud-iam-incident",
10
11
  "cloud-security",
11
12
  "compliance-theater",
12
13
  "container-runtime-security",
@@ -19,6 +20,7 @@
19
20
  "fuzz-testing-strategy",
20
21
  "global-grc",
21
22
  "identity-assurance",
23
+ "idp-incident-response",
22
24
  "incident-response-playbook",
23
25
  "kernel-lpe-triage",
24
26
  "mcp-agent-trust",
@@ -27,6 +29,7 @@
27
29
  "policy-exception-gen",
28
30
  "pqc-first",
29
31
  "rag-pipeline-security",
32
+ "ransomware-response",
30
33
  "researcher",
31
34
  "sector-energy",
32
35
  "sector-federal-government",
@@ -42,7 +45,7 @@
42
45
  "zeroday-gap-learn"
43
46
  ],
44
47
  "example_excerpts": {},
45
- "skill_count": 39
48
+ "skill_count": 42
46
49
  },
47
50
  "UK": {
48
51
  "skills": [
@@ -52,6 +55,7 @@
52
55
  "ai-risk-management",
53
56
  "api-security",
54
57
  "attack-surface-pentest",
58
+ "cloud-iam-incident",
55
59
  "cloud-security",
56
60
  "compliance-theater",
57
61
  "container-runtime-security",
@@ -63,6 +67,7 @@
63
67
  "fuzz-testing-strategy",
64
68
  "global-grc",
65
69
  "identity-assurance",
70
+ "idp-incident-response",
66
71
  "incident-response-playbook",
67
72
  "kernel-lpe-triage",
68
73
  "mcp-agent-trust",
@@ -70,6 +75,7 @@
70
75
  "ot-ics-security",
71
76
  "pqc-first",
72
77
  "rag-pipeline-security",
78
+ "ransomware-response",
73
79
  "researcher",
74
80
  "sector-energy",
75
81
  "sector-federal-government",
@@ -85,7 +91,7 @@
85
91
  "zeroday-gap-learn"
86
92
  ],
87
93
  "example_excerpts": {},
88
- "skill_count": 37
94
+ "skill_count": 40
89
95
  },
90
96
  "AU": {
91
97
  "skills": [
@@ -95,6 +101,7 @@
95
101
  "ai-risk-management",
96
102
  "api-security",
97
103
  "attack-surface-pentest",
104
+ "cloud-iam-incident",
98
105
  "cloud-security",
99
106
  "compliance-theater",
100
107
  "container-runtime-security",
@@ -107,6 +114,7 @@
107
114
  "fuzz-testing-strategy",
108
115
  "global-grc",
109
116
  "identity-assurance",
117
+ "idp-incident-response",
110
118
  "incident-response-playbook",
111
119
  "kernel-lpe-triage",
112
120
  "mcp-agent-trust",
@@ -114,6 +122,7 @@
114
122
  "ot-ics-security",
115
123
  "pqc-first",
116
124
  "rag-pipeline-security",
125
+ "ransomware-response",
117
126
  "researcher",
118
127
  "sector-energy",
119
128
  "sector-federal-government",
@@ -129,13 +138,14 @@
129
138
  "zeroday-gap-learn"
130
139
  ],
131
140
  "example_excerpts": {},
132
- "skill_count": 38
141
+ "skill_count": 41
133
142
  },
134
143
  "SG": {
135
144
  "skills": [
136
145
  "age-gates-child-safety",
137
146
  "ai-attack-surface",
138
147
  "api-security",
148
+ "cloud-iam-incident",
139
149
  "cloud-security",
140
150
  "container-runtime-security",
141
151
  "coordinated-vuln-disclosure",
@@ -155,13 +165,14 @@
155
165
  "webapp-security"
156
166
  ],
157
167
  "example_excerpts": {},
158
- "skill_count": 20
168
+ "skill_count": 21
159
169
  },
160
170
  "JP": {
161
171
  "skills": [
162
172
  "age-gates-child-safety",
163
173
  "ai-risk-management",
164
174
  "api-security",
175
+ "cloud-iam-incident",
165
176
  "cloud-security",
166
177
  "container-runtime-security",
167
178
  "coordinated-vuln-disclosure",
@@ -174,6 +185,7 @@
174
185
  "mlops-security",
175
186
  "ot-ics-security",
176
187
  "pqc-first",
188
+ "ransomware-response",
177
189
  "sector-energy",
178
190
  "sector-federal-government",
179
191
  "sector-financial",
@@ -184,7 +196,7 @@
184
196
  "webapp-security"
185
197
  ],
186
198
  "example_excerpts": {},
187
- "skill_count": 23
199
+ "skill_count": 25
188
200
  },
189
201
  "IN": {
190
202
  "skills": [
@@ -212,12 +224,14 @@
212
224
  "skills": [
213
225
  "age-gates-child-safety",
214
226
  "ai-c2-detection",
227
+ "cloud-iam-incident",
215
228
  "cloud-security",
216
229
  "defensive-countermeasure-mapping",
217
230
  "dlp-gap-analysis",
218
231
  "framework-gap-analysis",
219
232
  "global-grc",
220
233
  "identity-assurance",
234
+ "idp-incident-response",
221
235
  "sector-energy",
222
236
  "sector-federal-government",
223
237
  "sector-financial",
@@ -227,7 +241,7 @@
227
241
  "zeroday-gap-learn"
228
242
  ],
229
243
  "example_excerpts": {},
230
- "skill_count": 15
244
+ "skill_count": 17
231
245
  },
232
246
  "BR": {
233
247
  "skills": [
@@ -332,6 +346,7 @@
332
346
  "skills": [
333
347
  "ai-risk-management",
334
348
  "api-security",
349
+ "cloud-iam-incident",
335
350
  "cloud-security",
336
351
  "container-runtime-security",
337
352
  "coordinated-vuln-disclosure",
@@ -353,7 +368,7 @@
353
368
  "webapp-security"
354
369
  ],
355
370
  "example_excerpts": {},
356
- "skill_count": 21
371
+ "skill_count": 22
357
372
  },
358
373
  "CH": {
359
374
  "skills": [
@@ -372,12 +387,13 @@
372
387
  "dlp-gap-analysis",
373
388
  "framework-gap-analysis",
374
389
  "global-grc",
390
+ "idp-incident-response",
375
391
  "pqc-first",
376
392
  "sector-financial",
377
393
  "supply-chain-integrity"
378
394
  ],
379
395
  "example_excerpts": {},
380
- "skill_count": 6
396
+ "skill_count": 7
381
397
  },
382
398
  "TW": {
383
399
  "skills": [
@@ -401,6 +417,7 @@
401
417
  "ai-risk-management",
402
418
  "api-security",
403
419
  "attack-surface-pentest",
420
+ "cloud-iam-incident",
404
421
  "cloud-security",
405
422
  "compliance-theater",
406
423
  "container-runtime-security",
@@ -413,6 +430,7 @@
413
430
  "fuzz-testing-strategy",
414
431
  "global-grc",
415
432
  "identity-assurance",
433
+ "idp-incident-response",
416
434
  "incident-response-playbook",
417
435
  "kernel-lpe-triage",
418
436
  "mcp-agent-trust",
@@ -421,6 +439,7 @@
421
439
  "policy-exception-gen",
422
440
  "pqc-first",
423
441
  "rag-pipeline-security",
442
+ "ransomware-response",
424
443
  "researcher",
425
444
  "sector-energy",
426
445
  "sector-federal-government",
@@ -435,7 +454,7 @@
435
454
  "zeroday-gap-learn"
436
455
  ],
437
456
  "example_excerpts": {},
438
- "skill_count": 38
457
+ "skill_count": 41
439
458
  },
440
459
  "VN": {
441
460
  "skills": [
@@ -451,6 +470,7 @@
451
470
  "skills": [
452
471
  "ai-risk-management",
453
472
  "api-security",
473
+ "cloud-iam-incident",
454
474
  "cloud-security",
455
475
  "coordinated-vuln-disclosure",
456
476
  "dlp-gap-analysis",
@@ -458,9 +478,11 @@
458
478
  "framework-gap-analysis",
459
479
  "global-grc",
460
480
  "identity-assurance",
481
+ "idp-incident-response",
461
482
  "incident-response-playbook",
462
483
  "mlops-security",
463
484
  "pqc-first",
485
+ "ransomware-response",
464
486
  "researcher",
465
487
  "sector-financial",
466
488
  "skill-update-loop",
@@ -468,7 +490,7 @@
468
490
  "webapp-security"
469
491
  ],
470
492
  "example_excerpts": {},
471
- "skill_count": 17
493
+ "skill_count": 20
472
494
  },
473
495
  "NO": {
474
496
  "skills": [
@@ -512,13 +534,16 @@
512
534
  "US_CALIFORNIA": {
513
535
  "skills": [
514
536
  "age-gates-child-safety",
537
+ "cloud-iam-incident",
515
538
  "compliance-theater",
516
539
  "dlp-gap-analysis",
517
540
  "framework-gap-analysis",
518
- "global-grc"
541
+ "global-grc",
542
+ "idp-incident-response",
543
+ "ransomware-response"
519
544
  ],
520
545
  "example_excerpts": {},
521
- "skill_count": 5
546
+ "skill_count": 8
522
547
  },
523
548
  "EU_DE_BSI": {
524
549
  "skills": [