@blamejs/exceptd-skills 0.12.27 → 0.12.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +4 -1
- package/CHANGELOG.md +54 -0
- package/bin/exceptd.js +30 -20
- package/data/_indexes/_meta.json +26 -23
- package/data/_indexes/activity-feed.json +32 -11
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/chains.json +965 -35
- package/data/_indexes/currency.json +68 -41
- package/data/_indexes/frequency.json +428 -124
- package/data/_indexes/handoff-dag.json +70 -19
- package/data/_indexes/jurisdiction-map.json +37 -12
- package/data/_indexes/section-offsets.json +282 -0
- package/data/_indexes/stale-content.json +3 -3
- package/data/_indexes/summary-cards.json +198 -0
- package/data/_indexes/token-budget.json +168 -3
- package/data/_indexes/trigger-table.json +190 -0
- package/data/_indexes/xref.json +145 -2
- package/data/atlas-ttps.json +61 -111
- package/data/attack-techniques.json +104 -19
- package/data/cve-catalog.json +101 -45
- package/data/cwe-catalog.json +149 -94
- package/data/d3fend-catalog.json +199 -53
- package/data/framework-control-gaps.json +1679 -89
- package/data/playbooks/cloud-iam-incident.json +1351 -0
- package/data/playbooks/crypto-codebase.json +1 -1
- package/data/playbooks/idp-incident.json +1259 -0
- package/data/playbooks/ransomware.json +1407 -0
- package/data/rfc-references.json +58 -59
- package/lib/exit-codes.js +2 -0
- package/lib/playbook-runner.js +25 -1
- package/manifest-snapshot.json +220 -3
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +287 -45
- package/package.json +3 -2
- package/sbom.cdx.json +1854 -11
- package/scripts/backfill-theater-test.js +806 -0
- package/scripts/refresh-reverse-refs.js +171 -0
- package/scripts/refresh-sbom.js +155 -8
- package/skills/cloud-iam-incident/skill.md +419 -0
- package/skills/idp-incident-response/skill.md +352 -0
- package/skills/ransomware-response/skill.md +374 -0
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"_meta": {
|
|
3
3
|
"schema_version": "1.0.0",
|
|
4
|
-
"reference_date": "2026-05-
|
|
4
|
+
"reference_date": "2026-05-15",
|
|
5
5
|
"note": "Pre-computed skill currency snapshot. Reference date is manifest.threat_review_date (deterministic). Re-runs of build-indexes against the same inputs produce byte-identical output. The orchestrator `currency` command produces a real-time view against today's date.",
|
|
6
6
|
"decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
|
|
7
7
|
},
|
|
8
8
|
"summary": {
|
|
9
|
-
"current":
|
|
9
|
+
"current": 42,
|
|
10
10
|
"acceptable": 0,
|
|
11
11
|
"stale": 0,
|
|
12
12
|
"critical_stale": 0,
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
{
|
|
17
17
|
"skill": "age-gates-child-safety",
|
|
18
18
|
"last_threat_review": "2026-05-11",
|
|
19
|
-
"days_since_review":
|
|
19
|
+
"days_since_review": 4,
|
|
20
20
|
"currency_score": 100,
|
|
21
21
|
"currency_label": "current",
|
|
22
22
|
"forward_watch_count": 10,
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
{
|
|
26
26
|
"skill": "ai-attack-surface",
|
|
27
27
|
"last_threat_review": "2026-05-01",
|
|
28
|
-
"days_since_review":
|
|
28
|
+
"days_since_review": 14,
|
|
29
29
|
"currency_score": 100,
|
|
30
30
|
"currency_label": "current",
|
|
31
31
|
"forward_watch_count": 8,
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
{
|
|
35
35
|
"skill": "ai-c2-detection",
|
|
36
36
|
"last_threat_review": "2026-05-01",
|
|
37
|
-
"days_since_review":
|
|
37
|
+
"days_since_review": 14,
|
|
38
38
|
"currency_score": 100,
|
|
39
39
|
"currency_label": "current",
|
|
40
40
|
"forward_watch_count": 0,
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
{
|
|
44
44
|
"skill": "ai-risk-management",
|
|
45
45
|
"last_threat_review": "2026-05-11",
|
|
46
|
-
"days_since_review":
|
|
46
|
+
"days_since_review": 4,
|
|
47
47
|
"currency_score": 100,
|
|
48
48
|
"currency_label": "current",
|
|
49
49
|
"forward_watch_count": 0,
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
{
|
|
53
53
|
"skill": "api-security",
|
|
54
54
|
"last_threat_review": "2026-05-11",
|
|
55
|
-
"days_since_review":
|
|
55
|
+
"days_since_review": 4,
|
|
56
56
|
"currency_score": 100,
|
|
57
57
|
"currency_label": "current",
|
|
58
58
|
"forward_watch_count": 3,
|
|
@@ -61,16 +61,25 @@
|
|
|
61
61
|
{
|
|
62
62
|
"skill": "attack-surface-pentest",
|
|
63
63
|
"last_threat_review": "2026-05-11",
|
|
64
|
-
"days_since_review":
|
|
64
|
+
"days_since_review": 4,
|
|
65
65
|
"currency_score": 100,
|
|
66
66
|
"currency_label": "current",
|
|
67
67
|
"forward_watch_count": 5,
|
|
68
68
|
"action_required": false
|
|
69
69
|
},
|
|
70
|
+
{
|
|
71
|
+
"skill": "cloud-iam-incident",
|
|
72
|
+
"last_threat_review": "2026-05-15",
|
|
73
|
+
"days_since_review": 0,
|
|
74
|
+
"currency_score": 100,
|
|
75
|
+
"currency_label": "current",
|
|
76
|
+
"forward_watch_count": 11,
|
|
77
|
+
"action_required": false
|
|
78
|
+
},
|
|
70
79
|
{
|
|
71
80
|
"skill": "cloud-security",
|
|
72
81
|
"last_threat_review": "2026-05-11",
|
|
73
|
-
"days_since_review":
|
|
82
|
+
"days_since_review": 4,
|
|
74
83
|
"currency_score": 100,
|
|
75
84
|
"currency_label": "current",
|
|
76
85
|
"forward_watch_count": 14,
|
|
@@ -79,7 +88,7 @@
|
|
|
79
88
|
{
|
|
80
89
|
"skill": "compliance-theater",
|
|
81
90
|
"last_threat_review": "2026-05-01",
|
|
82
|
-
"days_since_review":
|
|
91
|
+
"days_since_review": 14,
|
|
83
92
|
"currency_score": 100,
|
|
84
93
|
"currency_label": "current",
|
|
85
94
|
"forward_watch_count": 0,
|
|
@@ -88,7 +97,7 @@
|
|
|
88
97
|
{
|
|
89
98
|
"skill": "container-runtime-security",
|
|
90
99
|
"last_threat_review": "2026-05-11",
|
|
91
|
-
"days_since_review":
|
|
100
|
+
"days_since_review": 4,
|
|
92
101
|
"currency_score": 100,
|
|
93
102
|
"currency_label": "current",
|
|
94
103
|
"forward_watch_count": 1,
|
|
@@ -97,7 +106,7 @@
|
|
|
97
106
|
{
|
|
98
107
|
"skill": "coordinated-vuln-disclosure",
|
|
99
108
|
"last_threat_review": "2026-05-11",
|
|
100
|
-
"days_since_review":
|
|
109
|
+
"days_since_review": 4,
|
|
101
110
|
"currency_score": 100,
|
|
102
111
|
"currency_label": "current",
|
|
103
112
|
"forward_watch_count": 6,
|
|
@@ -106,7 +115,7 @@
|
|
|
106
115
|
{
|
|
107
116
|
"skill": "defensive-countermeasure-mapping",
|
|
108
117
|
"last_threat_review": "2026-05-11",
|
|
109
|
-
"days_since_review":
|
|
118
|
+
"days_since_review": 4,
|
|
110
119
|
"currency_score": 100,
|
|
111
120
|
"currency_label": "current",
|
|
112
121
|
"forward_watch_count": 0,
|
|
@@ -115,7 +124,7 @@
|
|
|
115
124
|
{
|
|
116
125
|
"skill": "dlp-gap-analysis",
|
|
117
126
|
"last_threat_review": "2026-05-11",
|
|
118
|
-
"days_since_review":
|
|
127
|
+
"days_since_review": 4,
|
|
119
128
|
"currency_score": 100,
|
|
120
129
|
"currency_label": "current",
|
|
121
130
|
"forward_watch_count": 5,
|
|
@@ -124,7 +133,7 @@
|
|
|
124
133
|
{
|
|
125
134
|
"skill": "email-security-anti-phishing",
|
|
126
135
|
"last_threat_review": "2026-05-11",
|
|
127
|
-
"days_since_review":
|
|
136
|
+
"days_since_review": 4,
|
|
128
137
|
"currency_score": 100,
|
|
129
138
|
"currency_label": "current",
|
|
130
139
|
"forward_watch_count": 0,
|
|
@@ -133,7 +142,7 @@
|
|
|
133
142
|
{
|
|
134
143
|
"skill": "exploit-scoring",
|
|
135
144
|
"last_threat_review": "2026-05-01",
|
|
136
|
-
"days_since_review":
|
|
145
|
+
"days_since_review": 14,
|
|
137
146
|
"currency_score": 100,
|
|
138
147
|
"currency_label": "current",
|
|
139
148
|
"forward_watch_count": 0,
|
|
@@ -142,7 +151,7 @@
|
|
|
142
151
|
{
|
|
143
152
|
"skill": "framework-gap-analysis",
|
|
144
153
|
"last_threat_review": "2026-05-01",
|
|
145
|
-
"days_since_review":
|
|
154
|
+
"days_since_review": 14,
|
|
146
155
|
"currency_score": 100,
|
|
147
156
|
"currency_label": "current",
|
|
148
157
|
"forward_watch_count": 0,
|
|
@@ -151,7 +160,7 @@
|
|
|
151
160
|
{
|
|
152
161
|
"skill": "fuzz-testing-strategy",
|
|
153
162
|
"last_threat_review": "2026-05-11",
|
|
154
|
-
"days_since_review":
|
|
163
|
+
"days_since_review": 4,
|
|
155
164
|
"currency_score": 100,
|
|
156
165
|
"currency_label": "current",
|
|
157
166
|
"forward_watch_count": 4,
|
|
@@ -160,7 +169,7 @@
|
|
|
160
169
|
{
|
|
161
170
|
"skill": "global-grc",
|
|
162
171
|
"last_threat_review": "2026-05-01",
|
|
163
|
-
"days_since_review":
|
|
172
|
+
"days_since_review": 14,
|
|
164
173
|
"currency_score": 100,
|
|
165
174
|
"currency_label": "current",
|
|
166
175
|
"forward_watch_count": 0,
|
|
@@ -169,16 +178,25 @@
|
|
|
169
178
|
{
|
|
170
179
|
"skill": "identity-assurance",
|
|
171
180
|
"last_threat_review": "2026-05-11",
|
|
172
|
-
"days_since_review":
|
|
181
|
+
"days_since_review": 4,
|
|
173
182
|
"currency_score": 100,
|
|
174
183
|
"currency_label": "current",
|
|
175
184
|
"forward_watch_count": 0,
|
|
176
185
|
"action_required": false
|
|
177
186
|
},
|
|
187
|
+
{
|
|
188
|
+
"skill": "idp-incident-response",
|
|
189
|
+
"last_threat_review": "2026-05-15",
|
|
190
|
+
"days_since_review": 0,
|
|
191
|
+
"currency_score": 100,
|
|
192
|
+
"currency_label": "current",
|
|
193
|
+
"forward_watch_count": 11,
|
|
194
|
+
"action_required": false
|
|
195
|
+
},
|
|
178
196
|
{
|
|
179
197
|
"skill": "incident-response-playbook",
|
|
180
198
|
"last_threat_review": "2026-05-11",
|
|
181
|
-
"days_since_review":
|
|
199
|
+
"days_since_review": 4,
|
|
182
200
|
"currency_score": 100,
|
|
183
201
|
"currency_label": "current",
|
|
184
202
|
"forward_watch_count": 8,
|
|
@@ -187,7 +205,7 @@
|
|
|
187
205
|
{
|
|
188
206
|
"skill": "kernel-lpe-triage",
|
|
189
207
|
"last_threat_review": "2026-05-01",
|
|
190
|
-
"days_since_review":
|
|
208
|
+
"days_since_review": 14,
|
|
191
209
|
"currency_score": 100,
|
|
192
210
|
"currency_label": "current",
|
|
193
211
|
"forward_watch_count": 4,
|
|
@@ -196,7 +214,7 @@
|
|
|
196
214
|
{
|
|
197
215
|
"skill": "mcp-agent-trust",
|
|
198
216
|
"last_threat_review": "2026-05-01",
|
|
199
|
-
"days_since_review":
|
|
217
|
+
"days_since_review": 14,
|
|
200
218
|
"currency_score": 100,
|
|
201
219
|
"currency_label": "current",
|
|
202
220
|
"forward_watch_count": 4,
|
|
@@ -205,7 +223,7 @@
|
|
|
205
223
|
{
|
|
206
224
|
"skill": "mlops-security",
|
|
207
225
|
"last_threat_review": "2026-05-11",
|
|
208
|
-
"days_since_review":
|
|
226
|
+
"days_since_review": 4,
|
|
209
227
|
"currency_score": 100,
|
|
210
228
|
"currency_label": "current",
|
|
211
229
|
"forward_watch_count": 6,
|
|
@@ -214,7 +232,7 @@
|
|
|
214
232
|
{
|
|
215
233
|
"skill": "ot-ics-security",
|
|
216
234
|
"last_threat_review": "2026-05-11",
|
|
217
|
-
"days_since_review":
|
|
235
|
+
"days_since_review": 4,
|
|
218
236
|
"currency_score": 100,
|
|
219
237
|
"currency_label": "current",
|
|
220
238
|
"forward_watch_count": 0,
|
|
@@ -223,7 +241,7 @@
|
|
|
223
241
|
{
|
|
224
242
|
"skill": "policy-exception-gen",
|
|
225
243
|
"last_threat_review": "2026-05-01",
|
|
226
|
-
"days_since_review":
|
|
244
|
+
"days_since_review": 14,
|
|
227
245
|
"currency_score": 100,
|
|
228
246
|
"currency_label": "current",
|
|
229
247
|
"forward_watch_count": 4,
|
|
@@ -232,7 +250,7 @@
|
|
|
232
250
|
{
|
|
233
251
|
"skill": "pqc-first",
|
|
234
252
|
"last_threat_review": "2026-05-01",
|
|
235
|
-
"days_since_review":
|
|
253
|
+
"days_since_review": 14,
|
|
236
254
|
"currency_score": 100,
|
|
237
255
|
"currency_label": "current",
|
|
238
256
|
"forward_watch_count": 11,
|
|
@@ -241,16 +259,25 @@
|
|
|
241
259
|
{
|
|
242
260
|
"skill": "rag-pipeline-security",
|
|
243
261
|
"last_threat_review": "2026-05-01",
|
|
244
|
-
"days_since_review":
|
|
262
|
+
"days_since_review": 14,
|
|
245
263
|
"currency_score": 100,
|
|
246
264
|
"currency_label": "current",
|
|
247
265
|
"forward_watch_count": 1,
|
|
248
266
|
"action_required": false
|
|
249
267
|
},
|
|
268
|
+
{
|
|
269
|
+
"skill": "ransomware-response",
|
|
270
|
+
"last_threat_review": "2026-05-15",
|
|
271
|
+
"days_since_review": 0,
|
|
272
|
+
"currency_score": 100,
|
|
273
|
+
"currency_label": "current",
|
|
274
|
+
"forward_watch_count": 10,
|
|
275
|
+
"action_required": false
|
|
276
|
+
},
|
|
250
277
|
{
|
|
251
278
|
"skill": "researcher",
|
|
252
279
|
"last_threat_review": "2026-05-11",
|
|
253
|
-
"days_since_review":
|
|
280
|
+
"days_since_review": 4,
|
|
254
281
|
"currency_score": 100,
|
|
255
282
|
"currency_label": "current",
|
|
256
283
|
"forward_watch_count": 0,
|
|
@@ -259,7 +286,7 @@
|
|
|
259
286
|
{
|
|
260
287
|
"skill": "sector-energy",
|
|
261
288
|
"last_threat_review": "2026-05-11",
|
|
262
|
-
"days_since_review":
|
|
289
|
+
"days_since_review": 4,
|
|
263
290
|
"currency_score": 100,
|
|
264
291
|
"currency_label": "current",
|
|
265
292
|
"forward_watch_count": 8,
|
|
@@ -268,7 +295,7 @@
|
|
|
268
295
|
{
|
|
269
296
|
"skill": "sector-federal-government",
|
|
270
297
|
"last_threat_review": "2026-05-11",
|
|
271
|
-
"days_since_review":
|
|
298
|
+
"days_since_review": 4,
|
|
272
299
|
"currency_score": 100,
|
|
273
300
|
"currency_label": "current",
|
|
274
301
|
"forward_watch_count": 10,
|
|
@@ -277,7 +304,7 @@
|
|
|
277
304
|
{
|
|
278
305
|
"skill": "sector-financial",
|
|
279
306
|
"last_threat_review": "2026-05-11",
|
|
280
|
-
"days_since_review":
|
|
307
|
+
"days_since_review": 4,
|
|
281
308
|
"currency_score": 100,
|
|
282
309
|
"currency_label": "current",
|
|
283
310
|
"forward_watch_count": 12,
|
|
@@ -286,7 +313,7 @@
|
|
|
286
313
|
{
|
|
287
314
|
"skill": "sector-healthcare",
|
|
288
315
|
"last_threat_review": "2026-05-11",
|
|
289
|
-
"days_since_review":
|
|
316
|
+
"days_since_review": 4,
|
|
290
317
|
"currency_score": 100,
|
|
291
318
|
"currency_label": "current",
|
|
292
319
|
"forward_watch_count": 0,
|
|
@@ -295,7 +322,7 @@
|
|
|
295
322
|
{
|
|
296
323
|
"skill": "sector-telecom",
|
|
297
324
|
"last_threat_review": "2026-05-15",
|
|
298
|
-
"days_since_review":
|
|
325
|
+
"days_since_review": 0,
|
|
299
326
|
"currency_score": 100,
|
|
300
327
|
"currency_label": "current",
|
|
301
328
|
"forward_watch_count": 7,
|
|
@@ -304,7 +331,7 @@
|
|
|
304
331
|
{
|
|
305
332
|
"skill": "security-maturity-tiers",
|
|
306
333
|
"last_threat_review": "2026-05-01",
|
|
307
|
-
"days_since_review":
|
|
334
|
+
"days_since_review": 14,
|
|
308
335
|
"currency_score": 100,
|
|
309
336
|
"currency_label": "current",
|
|
310
337
|
"forward_watch_count": 4,
|
|
@@ -313,7 +340,7 @@
|
|
|
313
340
|
{
|
|
314
341
|
"skill": "skill-update-loop",
|
|
315
342
|
"last_threat_review": "2026-05-01",
|
|
316
|
-
"days_since_review":
|
|
343
|
+
"days_since_review": 14,
|
|
317
344
|
"currency_score": 100,
|
|
318
345
|
"currency_label": "current",
|
|
319
346
|
"forward_watch_count": 7,
|
|
@@ -322,7 +349,7 @@
|
|
|
322
349
|
{
|
|
323
350
|
"skill": "supply-chain-integrity",
|
|
324
351
|
"last_threat_review": "2026-05-11",
|
|
325
|
-
"days_since_review":
|
|
352
|
+
"days_since_review": 4,
|
|
326
353
|
"currency_score": 100,
|
|
327
354
|
"currency_label": "current",
|
|
328
355
|
"forward_watch_count": 8,
|
|
@@ -331,7 +358,7 @@
|
|
|
331
358
|
{
|
|
332
359
|
"skill": "threat-model-currency",
|
|
333
360
|
"last_threat_review": "2026-05-01",
|
|
334
|
-
"days_since_review":
|
|
361
|
+
"days_since_review": 14,
|
|
335
362
|
"currency_score": 100,
|
|
336
363
|
"currency_label": "current",
|
|
337
364
|
"forward_watch_count": 5,
|
|
@@ -340,7 +367,7 @@
|
|
|
340
367
|
{
|
|
341
368
|
"skill": "threat-modeling-methodology",
|
|
342
369
|
"last_threat_review": "2026-05-11",
|
|
343
|
-
"days_since_review":
|
|
370
|
+
"days_since_review": 4,
|
|
344
371
|
"currency_score": 100,
|
|
345
372
|
"currency_label": "current",
|
|
346
373
|
"forward_watch_count": 6,
|
|
@@ -349,7 +376,7 @@
|
|
|
349
376
|
{
|
|
350
377
|
"skill": "webapp-security",
|
|
351
378
|
"last_threat_review": "2026-05-11",
|
|
352
|
-
"days_since_review":
|
|
379
|
+
"days_since_review": 4,
|
|
353
380
|
"currency_score": 100,
|
|
354
381
|
"currency_label": "current",
|
|
355
382
|
"forward_watch_count": 1,
|
|
@@ -358,7 +385,7 @@
|
|
|
358
385
|
{
|
|
359
386
|
"skill": "zeroday-gap-learn",
|
|
360
387
|
"last_threat_review": "2026-05-01",
|
|
361
|
-
"days_since_review":
|
|
388
|
+
"days_since_review": 14,
|
|
362
389
|
"currency_score": 100,
|
|
363
390
|
"currency_label": "current",
|
|
364
391
|
"forward_watch_count": 4,
|