@blamejs/exceptd-skills 0.12.28 → 0.12.29

package/AGENTS.md

@@ -139,7 +139,7 @@ Cross-cutting playbook `framework` is the natural correlation layer — many pla
 
 | Verb | What it does |
 |---|---|
-| `exceptd brief --all` | Grouped-by-scope summary of all 13 playbooks. `--scope <type>` filters. `--directives` expands directive IDs/titles per playbook. `--flat` for non-grouped. Legacy alias: `exceptd plan` (deprecated, scheduled for removal in v0.13). |
+| `exceptd brief --all` | Grouped-by-scope summary of all 16 playbooks. `--scope <type>` filters. `--directives` expands directive IDs/titles per playbook. `--flat` for non-grouped. Legacy alias: `exceptd plan` (deprecated, scheduled for removal in v0.13). |
 | `exceptd brief <pb>` | Phase 2 threat-context briefing — threat context, RWEP thresholds, skill chain, token budget, jurisdiction obligations. |
 | `exceptd run <pb> --evidence <file>` | Phases 5-7 (analyze + validate + close) from agent evidence. Auto-detect cwd when no playbook positional. `--vex <file>` drops CycloneDX/OpenVEX `not_affected` CVEs. `--diff-from-latest` for drift mode. `--force-stale` overrides currency hard-block. |
 | `exceptd ai-run <pb>` | Streaming variant of `run` for AI agents; emits phase-by-phase NDJSON. |

package/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Changelog
 
+## 0.12.29 — 2026-05-15
+
+Catalog hygiene + pipeline integrity pass. Closes Hard Rule #1, #6, #7, and #8 gaps that had accumulated across the 2025-2026 catalog growth; tightens the SBOM + OpenVEX + exit-code surfaces.
+
+### Features
+
+**Compliance-theater test on every framework gap.** Every entry in the framework-control-gaps catalog (109 entries spanning NIST 800-53, ISO/IEC 27001/27017/27035/42001, SOC 2, UK CAF, AU ISM/Essential 8, EU DORA, EU NIS2, EU AI Act, HIPAA, PCI DSS, FedRAMP, CMMC, HITRUST, IEC 62443, OWASP, telecom standards, ransomware-class gaps, and OFAC sanctions screening) now carries a `theater_test` field with a falsifiable test that distinguishes paper compliance from actual security. Closes Hard Rule #6. Sample shape: `{claim, test, evidence_required[], verdict_when_failed: "compliance-theater"}`. The test must reference a concrete artifact (audit log, config dump, tabletop exercise stopwatch) whose result is binary.
+
+**SBOM per-file SHA-256 + bundle digest.** `sbom.cdx.json` now includes `metadata.component.hashes[]` (bundle digest, SHA-256) and one `components[type=file]` entry per shipped file with its own SHA-256. Downstream supply-chain consumers can verify any individual file against the bundle. Excludes the regenerable `data/_indexes/` cache from per-file inventory (covered by the `Pre-computed indexes freshness` gate instead). Also corrects `metadata.tools` from the placeholder `name: "hand-written"` to the real generator script and bound package version.
+
+**OpenVEX `author` threads operator attribution.** Previously hard-pinned to `"exceptd"`, which falsely attributed every disposition statement to the tooling vendor. Now mirrors the CSAF publisher.namespace fallback ladder: `runOpts.publisherNamespace` → `runOpts.operator` → `urn:exceptd:operator:unknown` with a `bundle_publisher_unclaimed` runtime warning. Operators running scans correctly own their dispositions.
+
+**Exit code 10: UNKNOWN_COMMAND.** The dispatcher's unknown-command / missing-script / spawn-error paths previously exited 2, colliding with `EXIT_CODES.DETECTED_ESCALATE` semantics. Split into `EXIT_CODES.UNKNOWN_COMMAND = 10`. CI gates wiring `case 2)` for escalation triage no longer false-alarm on operator typos. Same regression class v0.12.24 closed for the SESSION_ID_COLLISION / RAN_NO_EVIDENCE code-3 collision.
+
+**Reverse-reference auto-regeneration.** New `npm run refresh-reverse-refs` rebuilds the `skills_referencing` / `exceptd_skills` arrays on `data/atlas-ttps.json`, `data/cwe-catalog.json`, `data/d3fend-catalog.json`, and `data/rfc-references.json` from the manifest forward direction. Idempotent. A new `tests/reverse-ref-drift.test.js` blocks merges that leave the reverse direction out of sync with the manifest — eliminates the one-sided-reference drift class that audits have flagged repeatedly.
+
+### Bugs
+
+- `crypto-codebase` `feeds_into` condition used the unsupported `contains` operator; the chain to the `secrets` playbook never fired. Replaced with `analyze.classification == 'detected'`. Same class of bug v0.12.28 corrected on the IR-cluster playbooks.
+- Manifest `atlas_version` / `attack_version` had drifted to v5.1.0 / v17 while the data catalogs already pinned v5.4.0 / v19.0. Manifest now matches the catalogs and AGENTS.md ground truth.
+- 14 sites in `bin/exceptd.js` used bare numeric `process.exitCode = 1` / `finish(1)` / `finish(0)` instead of `EXIT_CODES.*` constants. All migrated to the constant.
+- `cmdCi` per-id loop called `runner.loadPlaybook(id)` without first running `validateIdComponent('playbook')` — a defense-in-depth gap relative to `cmdRunMulti`. Now validates before load.
+
+### Internal
+
+- AI-discovery rate on `data/cve-catalog.json` moves 10% → 20% with three new flag flips backed by citations: CVE-2026-43284 + CVE-2026-43500 (Dirty Frag pair, Hyunwoo Kim with AI-assisted methodology per Sysdig); CVE-2026-46300 (Fragnesia, William Bowling using Zellic.io's AI agentic auditor). All other CVEs gain a `discovery_attribution_note` field citing the human researcher or vendor team. New `_meta.ai_discovery_methodology` block documents the 20%/30%/40% advancement ladder against the AGENTS.md Hard Rule #7 target. Gap to 40% explicitly tracked.
+- AGENTS.md Quick Skill Reference: playbook count "all 13 playbooks" → "all 16 playbooks".
+- `package.json.description`: "38 skills" → "42 skills".
+- 22 reverse-reference entries across 4 catalogs cleaned up by the new regen script (atlas: 30 entries changed, cwe: 46, d3fend: 28, rfc: 22).
+- Test suite 1064 → 1082 (six new test files: framework-gaps-theater-test-coverage, cve-ai-discovery-attribution, sbom-per-file-hash, reverse-ref-drift, plus updates to bin-dispatcher, cli-exit-codes, lib-exit-codes, cve-additions-v0-12-21 for the new contract).
+
+
 ## 0.12.28 — 2026-05-15
 
 Incident-response cluster — three new playbooks and skills covering identity-provider tenant compromise, cloud-IAM account takeover, and ransomware response. The existing `incident-response-playbook` skill stays as the generic PICERL backbone; the new surface adds attack-class-specific depth for the three IR scenarios that dominate 2025-2026 breach reporting.

package/bin/exceptd.js

@@ -516,10 +516,11 @@ function main() {
     // Emit a structured JSON error matching the seven-phase verbs so operators
     // piping through `jq` get one consistent shape across the CLI surface.
     // emitError() sets exitCode + returns rather than calling process.exit()
-    // so the stderr JSON drains before teardown; promote the exit code to 2
-    // afterwards (unknown-command remains a distinct exit class).
+    // so the stderr JSON drains before teardown; promote the exit code to
+    // UNKNOWN_COMMAND (10) afterwards. Cycle 9 split this away from
+    // DETECTED_ESCALATE (2) — the two semantics had collided since v0.12.24.
     emitError(`unknown command "${cmd}"`, { hint: "Run `exceptd help` for the list of verbs.", verb: cmd });
-    process.exitCode = 2;
+    process.exitCode = EXIT_CODES.UNKNOWN_COMMAND;
     return;
   }
 
@@ -530,7 +531,7 @@ function main() {
       `command "${cmd}" not available — expected ${path.relative(PKG_ROOT, script)} in the installed package.`,
       { verb: cmd }
     );
-    process.exitCode = 2;
+    process.exitCode = EXIT_CODES.UNKNOWN_COMMAND;
     return;
   }
 
@@ -541,7 +542,7 @@ function main() {
   if (res.error) {
     // emitError + exitCode rather than stderr + exit() so the JSON drains.
     emitError(`failed to run ${cmd}: ${res.error.message}`, { verb: cmd });
-    process.exitCode = 2;
+    process.exitCode = EXIT_CODES.UNKNOWN_COMMAND;
     return;
   }
   // Propagate the child's exit status via exitCode so any buffered output
@@ -615,7 +616,7 @@ function emit(obj, pretty, humanRenderer) {
   // and CI gates. The previous fix was per-verb; this is a universal catch
   // so new verbs / new ok:false paths can't regress the contract.
   if (obj && obj.ok === false && !process.exitCode) {
-    process.exitCode = 1;
+    process.exitCode = EXIT_CODES.GENERIC_FAILURE;
   }
   const wantJson = !!global.__exceptdWantJson || !!process.env.EXCEPTD_RAW_JSON;
   if (humanRenderer && !wantJson && !pretty) {
@@ -638,7 +639,7 @@ function emitError(msg, extra, pretty) {
   const body = Object.assign({ ok: false, error: msg }, extra || {});
   const s = pretty ? JSON.stringify(body, null, 2) : JSON.stringify(body);
   process.stderr.write(s + "\n");
-  process.exitCode = 1;
+  process.exitCode = EXIT_CODES.GENERIC_FAILURE;
 }
 
 /**
@@ -2107,7 +2108,7 @@ function cmdLint(runner, args, runOpts, pretty) {
     }
     return lines.join("\n");
   });
-  if (!ok) process.exitCode = 1;
+  if (!ok) process.exitCode = EXIT_CODES.GENERIC_FAILURE;
 }
 
 function cmdBrief(runner, args, runOpts, pretty) {
@@ -3398,7 +3399,7 @@ function cmdIngest(runner, args, runOpts, pretty) {
 
   if (result && result.ok === false) {
     process.stderr.write((pretty ? JSON.stringify(result, null, 2) : JSON.stringify(result)) + "\n");
-    process.exitCode = 1;
+    process.exitCode = EXIT_CODES.GENERIC_FAILURE;
     return;
   }
   emit(result, pretty);
@@ -5276,7 +5277,7 @@ function cmdDoctor(runner, args, runOpts, pretty) {
 
   if (wantJson) {
     emit(out, indent);
-    if (!allGreen) process.exitCode = 1;
+    if (!allGreen) process.exitCode = EXIT_CODES.GENERIC_FAILURE;
     return;
   }
 
@@ -5367,10 +5368,10 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     process.stdout.write(`\n[doctor --fix] ${out.summary.fix_applied} — re-run \`exceptd doctor\` to confirm.\n`);
   } else if (out.summary.fix_attempted) {
     process.stdout.write(`\n[doctor --fix] ${out.summary.fix_attempted} (exit=${out.summary.fix_exit_code}); run \`node lib/sign.js generate-keypair\` manually.\n`);
-    process.exitCode = 1;
+    process.exitCode = EXIT_CODES.GENERIC_FAILURE;
     return;
   }
-  if (errorList.length > 0) process.exitCode = 1;
+  if (errorList.length > 0) process.exitCode = EXIT_CODES.GENERIC_FAILURE;
   // Warnings alone do NOT force exit 1 — CI gates use exit 0 to mean "ran
   // successfully" even with informational warnings. Operators reading the
   // visible "[!! warn]" line still see the issue.
@@ -5502,7 +5503,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
     // the framed error event so the stdout-only JSONL contract holds — host
     // AIs reading this stream must see structured frames, never bare text.
     process.stdout.write(JSON.stringify({ event: "error", reason: e.message, phase: "info", playbook_id: playbookId, directive_id: directiveId }) + "\n");
-    process.exitCode = 1;
+    process.exitCode = EXIT_CODES.GENERIC_FAILURE;
     return;
   }
 
@@ -5589,7 +5590,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
       // v0.12.12: same exit-after-write anti-pattern as the pre-stream
       // load path. Use exitCode + return so stderr drains.
       process.stderr.write((pretty ? JSON.stringify(result || {}, null, 2) : JSON.stringify(result || {})) + "\n");
-      process.exitCode = 1;
+      process.exitCode = EXIT_CODES.GENERIC_FAILURE;
       return;
     }
     // v0.12.14: ai-run --no-stream previously emitted a
@@ -5696,7 +5697,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
     catch (e) {
       handled = true;
       writeLine({ event: "error", reason: `invalid JSON on stdin: ${e.message}`, line_preview: line.slice(0, 120) });
-      return finish(1);
+      return finish(EXIT_CODES.GENERIC_FAILURE);
     }
     if (!parsed || parsed.event !== "evidence" || !parsed.payload) {
       // Ignore non-evidence chatter so the host AI can interleave its own
@@ -5710,11 +5711,11 @@ function cmdAiRun(runner, args, runOpts, pretty) {
       result = runner.run(playbookId, directiveId, submission, runOpts);
     } catch (e) {
       writeLine({ event: "error", reason: `runner threw: ${e.message}` });
-      return finish(1);
+      return finish(EXIT_CODES.GENERIC_FAILURE);
     }
     if (!result || result.ok === false) {
       writeLine({ event: "error", reason: result?.reason || "runner returned ok:false", result });
-      return finish(1);
+      return finish(EXIT_CODES.GENERIC_FAILURE);
     }
     writeLine({ phase: "detect", ...result.phases?.detect });
     writeLine({ phase: "analyze", ...result.phases?.analyze });
@@ -5759,7 +5760,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
       }
     }
     writeLine({ event: "done", ok: true, session_id: result.session_id, evidence_hash: result.evidence_hash });
-    return finish(0);
+    return finish(EXIT_CODES.SUCCESS);
   };
 
   // Handle empty/closed stdin: emit a hint then exit cleanly so AI agents
@@ -5767,7 +5768,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
   // a hung process.
   if (process.stdin.isTTY) {
     writeLine({ event: "error", reason: "ai-run streaming mode requires evidence on stdin; pipe {\"event\":\"evidence\",\"payload\":{...}} or use --no-stream." });
-    process.exitCode = 1;
+    process.exitCode = EXIT_CODES.GENERIC_FAILURE;
     return;
   }
 
@@ -5803,7 +5804,7 @@ function cmdAiRun(runner, args, runOpts, pretty) {
         } catch { /* fall through to error */ }
       }
       writeLine({ event: "error", reason: "stdin closed without an evidence event. Pipe `{\"event\":\"evidence\",\"payload\":{...}}` for streaming mode, or pass --no-stream + --evidence <file> for single-shot." });
-      process.exitCode = 1;
+      process.exitCode = EXIT_CODES.GENERIC_FAILURE;
       return;
     }
   });
@@ -6061,6 +6062,15 @@ function cmdCi(runner, args, runOpts, pretty) {
   let clockStartedReasons = [];
 
   for (const id of ids) {
+    // Cycle 9 B4: defense-in-depth — validate id even though the catalog-iter
+    // upstream is trusted. A corrupt catalog returning a malformed id would
+    // otherwise reach loadPlaybook unchecked. Matches the cmdRunMulti pattern.
+    const idCheck = validateIdComponent(id, "playbook");
+    if (!idCheck.ok) {
+      results.push({ playbook_id: id, ok: false, error: idCheck.reason });
+      fail = true;
+      continue;
+    }
     let pb;
     try { pb = runner.loadPlaybook(id); }
     catch (e) { results.push({ playbook_id: id, ok: false, error: e.message }); fail = true; continue; }

package/data/_indexes/_meta.json

@@ -1,20 +1,20 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-15T23:31:25.676Z",
+  "generated_at": "2026-05-16T01:17:57.741Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "41d91731d616c0e2514783212f7eb32761298ab40cde66aa6076724aff729190",
-    "data/atlas-ttps.json": "db52a797f6ba7c9a61fd7b1225ebbc268ddf21abe29a106c4246c2ed2e617b86",
+    "manifest.json": "5b9c21d9c2d885b439990b7b499429bf8a59e69cc737abfb386aa0255f2e8228",
+    "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "a2acad16f5e3856b07019fa00110e9dcb38ec5cc71b318d0e164bfcba7f4f644",
-    "data/cwe-catalog.json": "19893d2a7139d86ff3fcf296b0e6cda10e357727a1d1ffb56af282104e99157a",
-    "data/d3fend-catalog.json": "d219520c8d3eb61a270b25ea60f64721035e98a8d5d51d1a4e1f1140d9a586f9",
+    "data/cve-catalog.json": "72164f10238b4ba26a6c2fcacd0dfa3e745cd83b7c7c525ca26d8069511a4f24",
+    "data/cwe-catalog.json": "b6d1a950e9dec8b313f65a546dcff724bf27d3717deca74decc04a6ba15d4538",
+    "data/d3fend-catalog.json": "ac7c1b0ba5cc84754264846b8173011ca4328773dd981c7b42599e112e54b3c4",
     "data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
-    "data/framework-control-gaps.json": "8d6cbf6c8fc38060c5cea9f300a61b4d0cbbda5e490983bd6780d0b0ae841e5a",
+    "data/framework-control-gaps.json": "0c4aa0d3c48da3b3a88d0b9faa078003af76a809b63d00f1da1c504738872a06",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
-    "data/rfc-references.json": "a11de1bcff62b8f5e0bb8ce47a9b3fa26cf733ba283a8f1c9c4185d74efaad3e",
+    "data/rfc-references.json": "e90ec6755f6a670fdb589bbdc61b3010c90531da46065ada377272f34d282fcb",
     "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",

package/data/_indexes/activity-feed.json

@@ -89,6 +89,13 @@
       "schema_version": "1.1.0",
       "entry_count": 15
     },
+    {
+      "date": "2026-05-15",
+      "type": "manifest_review",
+      "artifact": "manifest.json",
+      "path": "manifest.json",
+      "note": "manifest threat_review_date — 42 skills, 11 catalogs"
+    },
     {
       "date": "2026-05-13",
       "type": "catalog_update",
@@ -386,13 +393,6 @@
       "artifact": "security-maturity-tiers",
       "path": "skills/security-maturity-tiers/skill.md",
       "note": "Three-tier implementation roadmap — MVP (ship this week), Practical (scalable today), Overkill (defense-in-depth)"
-    },
-    {
-      "date": "2026-05-01",
-      "type": "manifest_review",
-      "artifact": "manifest.json",
-      "path": "manifest.json",
-      "note": "manifest threat_review_date — 42 skills, 11 catalogs"
     }
   ]
 }

package/data/_indexes/chains.json

@@ -1367,7 +1367,7 @@
   },
   "CVE-2026-43284": {
     "name": "Dirty Frag (ESP/IPsec component)",
-    "rwep": 38,
+    "rwep": 53,
     "cvss": 8.8,
     "cisa_kev": false,
     "epss_score": 0.00007,
@@ -1577,7 +1577,7 @@
   },
   "CVE-2026-43500": {
     "name": "Dirty Frag (RxRPC component)",
-    "rwep": 32,
+    "rwep": 47,
     "cvss": 7.6,
     "cisa_kev": false,
     "epss_score": 0.0001,
@@ -1821,7 +1821,7 @@
   },
   "CVE-2026-46300": {
     "name": "Fragnesia",
-    "rwep": 20,
+    "rwep": 35,
     "cvss": 7.8,
     "cisa_kev": false,
     "referencing_skills": [],