npm - @blamejs/exceptd-skills - Versions diffs - 0.12.28 → 0.12.30 - Mend

@blamejs/exceptd-skills 0.12.28 → 0.12.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/AGENTS.md +1 -1
package/CHANGELOG.md +53 -0
package/bin/exceptd.js +30 -20
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +7 -7
package/data/_indexes/chains.json +9 -9
package/data/_indexes/currency.json +43 -43
package/data/_indexes/stale-content.json +1 -1
package/data/atlas-ttps.json +61 -111
package/data/cve-catalog.json +136 -65
package/data/cwe-catalog.json +151 -95
package/data/d3fend-catalog.json +201 -54
package/data/dlp-controls.json +2 -1
package/data/framework-control-gaps.json +1214 -110
package/data/playbooks/crypto-codebase.json +1 -1
package/data/rfc-references.json +23 -67
package/lib/exit-codes.js +2 -0
package/lib/playbook-runner.js +25 -1
package/manifest-snapshot.json +2 -2
package/manifest-snapshot.sha256 +1 -1
package/manifest.json +49 -48
package/package.json +3 -2
package/sbom.cdx.json +1853 -10
package/scripts/backfill-theater-test.js +806 -0
package/scripts/check-test-coverage.js +18 -4
package/scripts/refresh-reverse-refs.js +171 -0
package/scripts/refresh-sbom.js +155 -8

package/data/atlas-ttps.json CHANGED Viewed

@@ -47,10 +47,7 @@
       "ISO-27001-2022-A.8.28"
     ],
     "detection": "Public-facing AI endpoint scan-pattern monitoring; HuggingFace / model-repository view-pattern anomaly detection where attribution is possible; public-research-paper citation tracking for victim-named systems; honeytoken model cards seeded in public registries for victim attribution.",
-    "exceptd_skills": [
-      "ai-attack-surface",
-      "ai-c2-detection"
-    ],
+    "exceptd_skills": [],
     "last_verified": "2026-05-15"
   },
   "AML.T0040": {
@@ -82,9 +79,7 @@
     ],
     "detection": "MCP-server inventory + signature attestation; tool-call audit logs reviewed for typosquat patterns; agent-side outbound API call monitoring for credential exfiltration patterns; plugin-installation event correlation with prompt-injection IOCs.",
     "exceptd_skills": [
-      "mcp-agent-trust",
-      "ai-attack-surface",
-      "mcp-supply-chain"
+      "sector-telecom"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -116,8 +111,13 @@
     ],
     "detection": "Hash verification of downloaded models; provenance attestation checking; anomaly on newly installed MCP server processes",
     "exceptd_skills": [
+      "attack-surface-pentest",
+      "cloud-security",
+      "container-runtime-security",
       "mcp-agent-trust",
-      "ai-attack-surface"
+      "mlops-security",
+      "ot-ics-security",
+      "supply-chain-integrity"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -145,7 +145,6 @@
     "detection": "Threat intelligence feeds tracking offensive AI research; monitoring for AI-generated exploit code in underground forums",
     "exceptd_skills": [
       "ai-attack-surface",
-      "ai-c2-detection",
       "mcp-agent-trust"
     ],
     "secure_ai_v2_layer": true,
@@ -176,8 +175,16 @@
     ],
     "detection": "AI API query rate monitoring; semantic similarity clustering of queries (probe pattern detection); alert on high query volume from single identity",
     "exceptd_skills": [
+      "ai-attack-surface",
       "ai-c2-detection",
-      "ai-attack-surface"
+      "ai-risk-management",
+      "api-security",
+      "cloud-security",
+      "dlp-gap-analysis",
+      "incident-response-playbook",
+      "mlops-security",
+      "sector-financial",
+      "sector-healthcare"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -208,8 +215,8 @@
     "detection": "Behavioral test suite with known-clean inputs; model output distribution monitoring; cryptographic hash of model weights at training completion",
     "exceptd_skills": [
       "ai-attack-surface",
-      "rag-pipeline-security",
-      "skill-update-loop"
+      "mlops-security",
+      "supply-chain-integrity"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
@@ -239,8 +246,9 @@
     ],
     "detection": "Vector store content integrity monitoring; embedding distribution shift detection; hash-based integrity verification of knowledge base documents",
     "exceptd_skills": [
-      "rag-pipeline-security",
-      "ai-attack-surface"
+      "ai-attack-surface",
+      "mlops-security",
+      "rag-pipeline-security"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -272,11 +280,7 @@
       "PCI-DSS-v4-A1"
     ],
     "detection": "Content-aware DLP applied to outbound AI prompts and tool arguments; per-prompt secret-pattern scan before egress; behavioral baseline of typical prompt entropy + length per user; alert on unusual completion-response sizes correlated with sensitive-file reads",
-    "exceptd_skills": [
-      "dlp-gap-analysis",
-      "rag-pipeline-security",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -308,6 +312,9 @@
     "detection": "Model output confidence monitoring; behavioral anomaly on repeated low-confidence outputs from same source",
     "exceptd_skills": [
       "ai-attack-surface",
+      "attack-surface-pentest",
+      "fuzz-testing-strategy",
+      "mlops-security",
       "rag-pipeline-security"
     ],
     "secure_ai_v2_layer": true,
@@ -339,11 +346,7 @@
       "NIST-800-53-CM-7"
     ],
     "detection": "Object-storage access audit on model artifact paths; query-budget anomaly detection (high-volume systematic queries from single identity); model-watermark verification on extracted artifacts",
-    "exceptd_skills": [
-      "dlp-gap-analysis",
-      "ai-attack-surface",
-      "ai-risk-management"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -373,11 +376,7 @@
       "SOC2-CC7"
     ],
     "detection": "Statistical drift detection on output distribution; periodic golden-test-set regression scoring; user-feedback anomaly mining for unusual complaint clusters",
-    "exceptd_skills": [
-      "ai-attack-surface",
-      "rag-pipeline-security",
-      "ai-risk-management"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -409,8 +408,15 @@
     "detection": "AI action audit trail — log every tool call with triggering prompt content; alert on AI actions that diverge from user-stated intent; adversarial instruction classifier on external content before model ingestion",
     "exceptd_skills": [
       "ai-attack-surface",
-      "mcp-agent-trust",
-      "rag-pipeline-security"
+      "ai-risk-management",
+      "attack-surface-pentest",
+      "cloud-iam-incident",
+      "dlp-gap-analysis",
+      "identity-assurance",
+      "incident-response-playbook",
+      "rag-pipeline-security",
+      "sector-healthcare",
+      "webapp-security"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -441,10 +447,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Plugin-manifest signature verification; plugin-call audit trail (model decision + plugin name + arguments + result); plugin reputation scoring; alert on newly-installed plugin invocations during the first 72h",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -474,7 +477,7 @@
     "detection": "Content policy violation logging; output safety scoring; alert on repeated refusal-bypass attempts from same user",
     "exceptd_skills": [
       "ai-attack-surface",
-      "mcp-agent-trust"
+      "rag-pipeline-security"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -505,11 +508,7 @@
       "NIST-800-53-AC-2"
     ],
     "detection": "Pre-commit and CI-time secret scanning with AI-provider key signatures; notebook-output sanitization; log-aggregation regex on AI provider key shapes; vendor-side anomaly detection on leaked-key usage patterns",
-    "exceptd_skills": [
-      "dlp-gap-analysis",
-      "mcp-agent-trust",
-      "rag-pipeline-security"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -541,11 +540,7 @@
       "NIST-800-53-SI-12"
     ],
     "detection": "Differential-privacy-style output auditing; canary insertions in training data + retrieval corpus with leak-detection on outputs; tenant-tag verification on RAG-retrieved documents; system-prompt-leak red team during release",
-    "exceptd_skills": [
-      "rag-pipeline-security",
-      "ai-attack-surface",
-      "dlp-gap-analysis"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -576,8 +571,14 @@
     ],
     "detection": "Process-level AI API query monitoring; alert on AI API calls from unexpected process identities; query volume anomaly; payload entropy analysis for steganographic encoding",
     "exceptd_skills": [
+      "ai-attack-surface",
       "ai-c2-detection",
-      "ai-attack-surface"
+      "ai-risk-management",
+      "api-security",
+      "dlp-gap-analysis",
+      "incident-response-playbook",
+      "mcp-agent-trust",
+      "sector-financial"
     ],
     "secure_ai_v2_layer": true,
     "maturity": "high",
@@ -605,10 +606,7 @@
       "NIST-800-53-SC-7"
     ],
     "detection": "Egress monitoring for AI API calls from analysis-sandbox networks; behavioral divergence comparison between sandbox detonation and production execution traces",
-    "exceptd_skills": [
-      "ai-c2-detection",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -636,11 +634,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Agent prompt + tool-call audit trail with secret-pattern scan; per-tool credential allowlist; egress block on agent identities making outbound requests to non-allowlisted destinations",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "dlp-gap-analysis",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -667,11 +661,7 @@
       "ISO-27001-2022-A.8.28"
     ],
     "detection": "Agent write-operation audit with content diff; rate-of-change anomaly on datastores accessed by agent identities; canary records in agent-writable corpora",
-    "exceptd_skills": [
-      "rag-pipeline-security",
-      "mcp-agent-trust",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -697,11 +687,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Retrieval-side content reputation scoring; injection-classifier on retrieved web pages prior to model ingestion; allowlist enforcement on agent retrieval domains for high-trust workflows",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "ai-attack-surface",
-      "rag-pipeline-security"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -728,11 +714,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Two-step confirmation on destructive agent tools; immutable backups outside agent write scope; alert on agent-issued DELETE/DROP/PURGE patterns",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "ai-attack-surface",
-      "incident-response-playbook"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -760,11 +742,7 @@
       "NIST-800-53-SC-7"
     ],
     "detection": "Behavioral execution analytics (uniqueness-per-instance suggests freshly-generated code); endpoint AI-API egress monitoring from non-developer processes",
-    "exceptd_skills": [
-      "ai-c2-detection",
-      "ai-attack-surface",
-      "exploit-scoring"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -791,11 +769,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Inventory of AI-agent identities + their tool scopes; alert on new agent registrations; behavioral baseline on agent activity hours and operation classes",
-    "exceptd_skills": [
-      "ai-c2-detection",
-      "mcp-agent-trust",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -824,11 +798,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Registry-side reputation scoring on newly published tools; signature requirement enforcement at registry boundary; victim-side allowlist of audited tools",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "supply-chain-integrity",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -857,11 +827,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Pod-spec audit for hostPath / privileged / device-passthrough on AI workloads; runtime detection on container-to-host process transitions; eBPF tracing for namespace escape primitives",
-    "exceptd_skills": [
-      "container-runtime-security",
-      "mlops-security",
-      "ai-attack-surface"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -889,11 +855,7 @@
       "NIST-800-53-IA-5"
     ],
     "detection": "AI-pipeline CVE scanning with pipeline-specific KEV-equivalent prioritization; IMDSv2 enforcement on AI workloads; per-workload credential rotation cadence",
-    "exceptd_skills": [
-      "mlops-security",
-      "ai-attack-surface",
-      "mcp-agent-trust"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -921,11 +883,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Inference-server log integrity verification; out-of-band telemetry from agent runtime; redundant logging at gateway + model + agent layers with cross-correlation",
-    "exceptd_skills": [
-      "ai-c2-detection",
-      "mcp-agent-trust",
-      "incident-response-playbook"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"
@@ -954,12 +912,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Behavioral indicators of agentic attacker tempo (consistent inter-request timing, parallelized recon, prompt-style fingerprints in residual artifacts); threat-intel feed on offensive-agent capability releases",
-    "exceptd_skills": [
-      "ai-c2-detection",
-      "ai-attack-surface",
-      "exploit-scoring",
-      "threat-model-currency"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "high",
     "last_verified": "2026-05-15"
@@ -983,10 +936,7 @@
       "NIST-800-53-SI-3"
     ],
     "detection": "Tool-vetting policy + human-review gate on new agent tool installation; allowlist enforcement at the agent-runtime layer",
-    "exceptd_skills": [
-      "mcp-agent-trust",
-      "supply-chain-integrity"
-    ],
+    "exceptd_skills": [],
     "secure_ai_v2_layer": true,
     "maturity": "moderate",
     "last_verified": "2026-05-15"