@blamejs/exceptd-skills 0.12.29 → 0.12.30

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## 0.12.30 — 2026-05-15
+
+Catalog scoring honesty pass + diff-coverage gate tightening from the cycle 10 audit. Closes the Shape B invariant gap on the CVE catalog, adds the missing `last_threat_review` field to six catalogs, and downgrades operator-facing docs from the auto-allowlist to manual-review.
+
+### Features
+
+**Shape B invariant enforced on every CVE.** `lib/scoring.js` documents that `Σ Object.values(rwep_factors) === rwep_score` is an invariant on every catalog entry, but the existing `validate()` function never enforced it — it computed via `scoreCustom()` (clamps `blast_radius` to 30, uses canonical weights) which masked dishonest factor blocks as long as the stored score happened to match the clamped formula. Fourteen entries had non-canonical factor values that summed to a different number than the stored score (CVE-2026-GTIG-AI-2FA, CVE-2026-42945, CVE-2024-3094, CVE-2024-21626, CVE-2023-3519, CVE-2026-20182, CVE-2024-40635, CVE-2025-12686, CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, CVE-2025-59389, MAL-2026-TANSTACK-MINI, MAL-2026-ANTHROPIC-MCP-STDIO). All canonicalized — factor weights now derived from the operational fields (`cisa_kev`, `poc_available`, `ai_discovered`, `active_exploitation`, `blast_radius`, `patch_available`, `live_patch_available`, `patch_required_reboot`) via `lib/scoring.js` `RWEP_WEIGHTS` + `ACTIVE_EXPLOITATION_LADDER`. Where `blast_radius` exceeded the 30 cap (4 entries had values of 40), the value was clamped, which adjusted seven stored `rwep_score` values by ±5; each carries a `rwep_correction_note` documenting the delta. New `tests/cve-rwep-shape-b-invariant.test.js` blocks future drift with an exact-delta assertion.
+
+**Operator-facing docs downgraded from auto-allowlist to manual-review.** Cycle 9 P3 finding: `CHANGELOG.md`, `README.md`, `SECURITY.md`, `MIGRATING.md`, and `AGENTS.md` were in the diff-coverage gate's `DOCS_ALWAYS_GREEN` set — a PR could land arbitrary edits to release notes, install instructions, security disclosure policy, or AI-assistant ground truth without triggering any reviewer signal. New `DOCS_MANUAL_REVIEW` set routes them to "manual-review" instead, surfacing the diff in the gate output. Contributor-only / mechanical files (`CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`, `LICENSE`, `NOTICE`, `SUPPORT.md`, `.gitignore`, `.npmrc`, `.editorconfig`, `CLAUDE.md`) stay always-green.
+
+**`last_threat_review` mandatory on every catalog _meta.** Cycle 10 finding: `cve-catalog.json`, `cwe-catalog.json`, `d3fend-catalog.json`, `dlp-controls.json`, `rfc-references.json`, and `framework-control-gaps.json` carried only `last_updated` without the more specific `last_threat_review`. Hard Rule #8 makes per-catalog threat-review currency a release-blocker after a stated window; all six catalogs now carry the field. New `tests/threat-review-staleness.test.js` enforces presence + a 30-day staleness window between `manifest.threat_review_date` and every skill's `last_threat_review`.
+
+### Bugs
+
+- `CVE-2026-42208` `discovery_attribution_note` misattributed discovery to Sysdig Threat Research Team. The actual credited discoverer is Tencent YunDing Security Lab per the LiteLLM GHSA-r75f-5x8p-qvmc advisory; Sysdig published only post-disclosure exploitation telemetry. Attribution corrected; sources updated.
+
+### Internal
+
+- AI-discovery rate stays at 20% after cycle 10 deep-research pass (24 currently-false CVEs WebSearch'd; zero credible flips found). Methodology block updated: the 40% target reflects the broader 2025 zero-day population (Google Threat Intelligence Group), but the curated exceptd catalog is weighted toward Pwn2Own Ireland 2025 entries, historical anchors (CVE-2020-10148, CVE-2024-3094, etc.), and supply-chain incidents — none of which carry public AI-tool credit. Advancing the ladder from 20% → 30% → 40% will happen as the catalog rotates toward 2026 Big Sleep / AIxCC / GTIG-attributed entries; forcing flips on the current population would violate Hard Rule #1 (no speculation).
+
+
 ## 0.12.29 — 2026-05-15
 
 Catalog hygiene + pipeline integrity pass. Closes Hard Rule #1, #6, #7, and #8 gaps that had accumulated across the 2025-2026 catalog growth; tightens the SBOM + OpenVEX + exit-code surfaces.

package/data/_indexes/_meta.json

@@ -1,20 +1,20 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T01:17:57.741Z",
+  "generated_at": "2026-05-16T02:16:03.581Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "5b9c21d9c2d885b439990b7b499429bf8a59e69cc737abfb386aa0255f2e8228",
+    "manifest.json": "a9d4ea238c6c91f6d12ac8ce8c46fe096c3e448bc53ae1776932bc1c6779984d",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "72164f10238b4ba26a6c2fcacd0dfa3e745cd83b7c7c525ca26d8069511a4f24",
-    "data/cwe-catalog.json": "b6d1a950e9dec8b313f65a546dcff724bf27d3717deca74decc04a6ba15d4538",
-    "data/d3fend-catalog.json": "ac7c1b0ba5cc84754264846b8173011ca4328773dd981c7b42599e112e54b3c4",
-    "data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
+    "data/cve-catalog.json": "0802d09b5783d01ec99d0d629942adbd81844e3cf6ed2f39885b362f57841abd",
+    "data/cwe-catalog.json": "f4bdc070b94d5b829f541aab34e21f86b133e9750ce9bef2d0b3e141c880bd33",
+    "data/d3fend-catalog.json": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf",
+    "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
-    "data/framework-control-gaps.json": "0c4aa0d3c48da3b3a88d0b9faa078003af76a809b63d00f1da1c504738872a06",
+    "data/framework-control-gaps.json": "d7e40e7d5edcdcb1573905a9a01ef31962030b4a16e0a138a4c733f00c8701d1",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
-    "data/rfc-references.json": "e90ec6755f6a670fdb589bbdc61b3010c90531da46065ada377272f34d282fcb",
+    "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
     "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",

package/data/_indexes/chains.json

@@ -1836,7 +1836,7 @@
   },
   "CVE-2024-21626": {
     "name": "runc /proc/self/fd leak (Leaky Vessels)",
-    "rwep": 75,
+    "rwep": 80,
     "cvss": 8.6,
     "cisa_kev": true,
     "epss_score": 0.65,
@@ -1916,7 +1916,7 @@
   },
   "CVE-2023-3519": {
     "name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
-    "rwep": 75,
+    "rwep": 80,
     "cvss": 9.8,
     "cisa_kev": true,
     "epss_score": 0.967,
@@ -2044,7 +2044,7 @@
   },
   "CVE-2025-12686": {
     "name": "Synology BeeStation unauth RCE (Pwn2Own Ireland 2025)",
-    "rwep": 50,
+    "rwep": 45,
     "cvss": 9.8,
     "cisa_kev": false,
     "epss_score": 0.04,
@@ -2060,7 +2060,7 @@
   },
   "CVE-2025-62847": {
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 1/3)",
-    "rwep": 45,
+    "rwep": 40,
     "cvss": 9.8,
     "cisa_kev": false,
     "epss_score": 0.03,
@@ -2076,7 +2076,7 @@
   },
   "CVE-2025-62848": {
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 2/3)",
-    "rwep": 45,
+    "rwep": 40,
     "cvss": 9.8,
     "cisa_kev": false,
     "epss_score": 0.03,
@@ -2092,7 +2092,7 @@
   },
   "CVE-2025-62849": {
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 3/3)",
-    "rwep": 40,
+    "rwep": 35,
     "cvss": 8.8,
     "cisa_kev": false,
     "epss_score": 0.02,

package/data/cve-catalog.json

@@ -66,7 +66,8 @@
         "GHSA-*"
       ],
       "note": "Catalog keys are CVE-* by default. For pre-CVE-assignment advisories under active operational impact, the project accepts OSV-native identifier shapes as the canonical key, with cross-references retained in `aliases`: MAL-* (OSSF Malicious Packages dataset — published into OSV.dev; primary key for malicious-package compromises), GHSA-* (GitHub Advisory Database; primary key when the package is on GitHub and no CVE has issued yet), and SNYK-* (Snyk advisory dataset; primary key for advisories Snyk catalogued before OSV/GHSA ingested them). When MITRE issues a CVE, the entry is renamed in lockstep with the matching zeroday-lessons key; the previous identifier is retained in `aliases` so historical references continue to resolve. Precedent: MAL-2026-3083 added 2026-05-13 (the elementary-data PyPI worm, 1.1M monthly downloads, OSV/OSSF-cataloged before any CVE issued). EPSS coverage does not extend to non-CVE identifiers; epss_score is null with a documenting epss_note on such entries. Upstream pull from OSV.dev: `exceptd refresh --source osv` (added v0.12.10)."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "CVE-2025-53773": {
     "name": "GitHub Copilot / VS Code 'YOLO mode' Prompt Injection RCE",
@@ -642,7 +643,7 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Sysdig Threat Research Team — Stefano Chierici and the Sysdig Sage / TRT analysts — surfaced the SQLi via post-disclosure exploitation telemetry; Bishop Fox researchers reproduced and confirmed the auth-path SQLi sink. All named-human research; no AI-discovery attribution from either firm. Source: https://www.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure and https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy."
+    "discovery_attribution_note": "Tencent YunDing Security Lab is the credited discoverer per the LiteLLM GHSA-r75f-5x8p-qvmc advisory and confirmed by downstream The Hacker News / Tenable / cve.news coverage. Sysdig TRT (Stefano Chierici + Sysdig Sage analysts) published the post-disclosure 36-hour-to-exploitation telemetry; Bishop Fox reproduced the auth-path SQLi sink. All named-human research; no AI-discovery attribution from any of the three teams. Sources: https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc and https://www.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure and https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy."
   },
   "CVE-2026-43284": {
     "name": "Dirty Frag (ESP/IPsec component)",
@@ -1483,7 +1484,7 @@
     "attack_refs": [
       "T1611"
     ],
-    "rwep_score": 75,
+    "rwep_score": 80,
     "rwep_factors": {
       "cisa_kev": 25,
       "poc_available": 20,
@@ -1506,7 +1507,8 @@
       "https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by Rory McNamara of Snyk Security Labs as part of the four-vulnerability Leaky Vessels disclosure (CVE-2024-21626 + CVE-2024-23651/23652/23653) published January 2024. Named human researcher; no AI-tool credited. Source: https://labs.snyk.io/resources/leaky-vessels-docker-runc-container-breakout-vulnerabilities/."
+    "discovery_attribution_note": "Discovered by Rory McNamara of Snyk Security Labs as part of the four-vulnerability Leaky Vessels disclosure (CVE-2024-21626 + CVE-2024-23651/23652/23653) published January 2024. Named human researcher; no AI-tool credited. Source: https://labs.snyk.io/resources/leaky-vessels-docker-runc-container-breakout-vulnerabilities/.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: +5 (75 -> 80)."
   },
   "CVE-2024-3094": {
     "_draft": true,
@@ -1559,7 +1561,7 @@
       "poc_available": 20,
       "ai_factor": 0,
       "active_exploitation": 10,
-      "blast_radius": 40,
+      "blast_radius": 30,
       "patch_available": -15,
       "live_patch_available": 0,
       "reboot_required": 0
@@ -1577,7 +1579,8 @@
       "https://research.swtch.com/xz-script"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by Andres Freund (Microsoft engineer, PostgreSQL developer) on 2024-03-28 via a 0.5-second SSH-login latency regression traced to liblzma symbol resolution; reported to oss-security. Named human researcher; no AI tooling involved. Source: https://en.wikipedia.org/wiki/XZ_Utils_backdoor."
+    "discovery_attribution_note": "Discovered by Andres Freund (Microsoft engineer, PostgreSQL developer) on 2024-03-28 via a 0.5-second SSH-login latency regression traced to liblzma symbol resolution; reported to oss-security. Named human researcher; no AI tooling involved. Source: https://en.wikipedia.org/wiki/XZ_Utils_backdoor.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2024-3154": {
     "_draft": true,
@@ -1814,7 +1817,7 @@
     "attack_refs": [
       "T1190"
     ],
-    "rwep_score": 75,
+    "rwep_score": 80,
     "rwep_factors": {
       "cisa_kev": 25,
       "poc_available": 20,
@@ -1837,7 +1840,8 @@
       "https://support.citrix.com/article/CTX561482"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Independent security researchers via Citrix coordinated disclosure (CTX561482, 2023-07-18); no individual researcher named in the Citrix advisory. NSA/CISA AA23-201A documents in-wild exploitation by Chinese state-sponsored actors. No AI-tool credited. Source: https://support.citrix.com/article/CTX561482/ and https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a."
+    "discovery_attribution_note": "Independent security researchers via Citrix coordinated disclosure (CTX561482, 2023-07-18); no individual researcher named in the Citrix advisory. NSA/CISA AA23-201A documents in-wild exploitation by Chinese state-sponsored actors. No AI-tool credited. Source: https://support.citrix.com/article/CTX561482/ and https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: +5 (75 -> 80)."
   },
   "CVE-2024-1709": {
     "_draft": true,
@@ -1945,7 +1949,7 @@
       "poc_available": 0,
       "ai_factor": 0,
       "active_exploitation": 20,
-      "blast_radius": 35,
+      "blast_radius": 30,
       "patch_available": -15,
       "live_patch_available": 0,
       "reboot_required": 5
@@ -1961,7 +1965,8 @@
       "https://sec.cloudapps.cisco.com/security/center/publicationListing.x"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by Stephen Fewer (Senior Principal Security Researcher) and Jonah Burgess (Senior Security Researcher), both at Rapid7, while researching the related CVE-2026-20127 vdaemon authentication-bypass. Named human researchers; no AI-tool credited. Source: https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/."
+    "discovery_attribution_note": "Discovered by Stephen Fewer (Senior Principal Security Researcher) and Jonah Burgess (Senior Security Researcher), both at Rapid7, while researching the related CVE-2026-20127 vdaemon authentication-bypass. Named human researchers; no AI-tool credited. Source: https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "CVE-2024-40635": {
     "_draft": true,
@@ -2006,7 +2011,7 @@
       "cisa_kev": 0,
       "poc_available": 20,
       "ai_factor": 0,
-      "active_exploitation": 0,
+      "active_exploitation": 5,
       "blast_radius": 20,
       "patch_available": -15,
       "live_patch_available": 0,
@@ -2023,7 +2028,8 @@
       "https://github.com/containerd/containerd/security/advisories"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Reported via the containerd security team (GO-2025-3528, Snyk SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987); no individual researcher byline in the advisory and no AI-tool credited. Bug class is straight integer overflow in WithUser() UID handling. Source: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987."
+    "discovery_attribution_note": "Reported via the containerd security team (GO-2025-3528, Snyk SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987); no individual researcher byline in the advisory and no AI-tool credited. Bug class is straight integer overflow in WithUser() UID handling. Source: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "MAL-2026-TANSTACK-MINI": {
     "_draft": true,
@@ -2076,8 +2082,8 @@
       "poc_available": 20,
       "ai_factor": 0,
       "active_exploitation": 20,
-      "blast_radius": 40,
-      "patch_available": -10,
+      "blast_radius": 30,
+      "patch_available": -15,
       "live_patch_available": 0,
       "reboot_required": 0
     },
@@ -2094,7 +2100,8 @@
       "https://www.npmjs.com/advisories"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Same incident-class as CVE-2026-45321 (Mini Shai-Hulud); discovery by ecosystem detection across multiple firms (Snyk, Wiz, StepSecurity, Socket, Orca, JFrog) within minutes of the 2026-05-11 publish window. No AI-tool discovery attribution on the defender side. Source: https://snyk.io/blog/tanstack-npm-packages-compromised/."
+    "discovery_attribution_note": "Same incident-class as CVE-2026-45321 (Mini Shai-Hulud); discovery by ecosystem detection across multiple firms (Snyk, Wiz, StepSecurity, Socket, Orca, JFrog) within minutes of the 2026-05-11 publish window. No AI-tool discovery attribution on the defender side. Source: https://snyk.io/blog/tanstack-npm-packages-compromised/.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "MAL-2026-ANTHROPIC-MCP-STDIO": {
     "_draft": true,
@@ -2142,12 +2149,12 @@
     "rwep_score": 25,
     "rwep_factors": {
       "cisa_kev": 0,
-      "poc_available": 10,
+      "poc_available": 0,
       "ai_factor": 0,
       "active_exploitation": 5,
       "blast_radius": 30,
       "patch_available": 0,
-      "live_patch_available": -5,
+      "live_patch_available": -10,
       "reboot_required": 0
     },
     "epss_score": null,
@@ -2162,7 +2169,8 @@
       "https://modelcontextprotocol.io/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by OX Security research team (Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok); part of the four-exploitation-family April 2026 MCP advisory. Named-human research; no AI-tool credited for the discovery despite the target being an AI SDK. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/."
+    "discovery_attribution_note": "Discovered by OX Security research team (Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok); part of the four-exploitation-family April 2026 MCP advisory. Named-human research; no AI-tool credited for the discovery despite the target being an AI SDK. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2026-GTIG-AI-2FA": {
     "_draft": true,
@@ -2215,12 +2223,12 @@
     "rwep_score": 55,
     "rwep_factors": {
       "cisa_kev": 0,
-      "poc_available": 10,
-      "ai_factor": 25,
+      "poc_available": 0,
+      "ai_factor": 15,
       "active_exploitation": 20,
       "blast_radius": 30,
       "patch_available": 0,
-      "live_patch_available": -5,
+      "live_patch_available": -10,
       "reboot_required": 0
     },
     "epss_score": null,
@@ -2235,7 +2243,8 @@
       "https://services.google.com/fh/files/misc/gtig-2026-ai-attack-trends.pdf"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "AI-developed zero-day per Google Threat Intelligence Group 2026-05-11 disclosure; first publicly-attributed in-the-wild AI-built zero-day exploit. GTIG assesses with high confidence that an LLM was weaponized to facilitate discovery + weaponization of a 2FA bypass in a popular open-source web administration tool. Source: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access and https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html."
+    "discovery_attribution_note": "AI-developed zero-day per Google Threat Intelligence Group 2026-05-11 disclosure; first publicly-attributed in-the-wild AI-built zero-day exploit. GTIG assesses with high confidence that an LLM was weaponized to facilitate discovery + weaponization of a 2FA bypass in a popular open-source web administration tool. Source: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access and https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2026-30623": {
     "_draft": true,
@@ -2339,7 +2348,7 @@
     "attack_refs": [
       "T1190"
     ],
-    "rwep_score": 50,
+    "rwep_score": 45,
     "rwep_factors": {
       "cisa_kev": 0,
       "poc_available": 20,
@@ -2361,7 +2370,8 @@
       "https://www.zerodayinitiative.com/blog"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 (Cork, 2025-10-21) — exploited by @Tek_7987 and @_Anyfun of Synacktiv's offensive security team. Disclosure methodology: attack-surface enumeration + manual code auditing + exploit development per Synacktiv's published writeup; no AI-tool credit. Source: https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 (Cork, 2025-10-21) — exploited by @Tek_7987 and @_Anyfun of Synacktiv's offensive security team. Disclosure methodology: attack-surface enumeration + manual code auditing + exploit development per Synacktiv's published writeup; no AI-tool credit. Source: https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (50 -> 45)."
   },
   "CVE-2025-62847": {
     "_draft": true,
@@ -2400,7 +2410,7 @@
     "attack_refs": [
       "T1190"
     ],
-    "rwep_score": 45,
+    "rwep_score": 40,
     "rwep_factors": {
       "cisa_kev": 0,
       "poc_available": 20,
@@ -2422,7 +2432,8 @@
       "https://www.qnap.com/en/security-advisory/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 — exploited by DEVCORE Research Team (chained injection + format-string bug, $40,000 + 4 Master of Pwn points). Named-human team via ZDI live-blog credit; no AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 — exploited by DEVCORE Research Team (chained injection + format-string bug, $40,000 + 4 Master of Pwn points). Named-human team via ZDI live-blog credit; no AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
   },
   "CVE-2025-62848": {
     "_draft": true,
@@ -2461,7 +2472,7 @@
     "attack_refs": [
       "T1190"
     ],
-    "rwep_score": 45,
+    "rwep_score": 40,
     "rwep_factors": {
       "cisa_kev": 0,
       "poc_available": 20,
@@ -2483,7 +2494,8 @@
       "https://www.qnap.com/en/security-advisory/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 2/3 of the DEVCORE Research Team QNAP TS-453E exploit. Same researcher attribution as CVE-2025-62847; ZDI live-blog credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 2/3 of the DEVCORE Research Team QNAP TS-453E exploit. Same researcher attribution as CVE-2025-62847; ZDI live-blog credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
   },
   "CVE-2025-62849": {
     "_draft": true,
@@ -2522,7 +2534,7 @@
     "attack_refs": [
       "T1068"
     ],
-    "rwep_score": 40,
+    "rwep_score": 35,
     "rwep_factors": {
       "cisa_kev": 0,
       "poc_available": 20,
@@ -2544,7 +2556,8 @@
       "https://www.qnap.com/en/security-advisory/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 3/3 of the DEVCORE Research Team QNAP TS-453E exploit (post-auth elevation). Same attribution as CVE-2025-62847/62848; ZDI credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 3/3 of the DEVCORE Research Team QNAP TS-453E exploit (post-auth elevation). Same attribution as CVE-2025-62847/62848; ZDI credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (40 -> 35)."
   },
   "CVE-2025-59389": {
     "_draft": true,
@@ -2589,7 +2602,7 @@
       "poc_available": 20,
       "ai_factor": 0,
       "active_exploitation": 5,
-      "blast_radius": 35,
+      "blast_radius": 30,
       "patch_available": -15,
       "live_patch_available": 0,
       "reboot_required": 5
@@ -2605,7 +2618,8 @@
       "https://www.qnap.com/en/security-advisory/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 — Sina Kheirkhah of Summoning Team chained a hardcoded-credential issue with an injection flaw against QNAP Hyper Data Protector ($20,000 award). Named-human researcher; no AI-tool credit. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results and https://www.qnap.com/en/security-advisory/qsa-25-48."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 — Sina Kheirkhah of Summoning Team chained a hardcoded-credential issue with an injection flaw against QNAP Hyper Data Protector ($20,000 award). Named-human researcher; no AI-tool credit. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results and https://www.qnap.com/en/security-advisory/qsa-25-48.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "CVE-2025-11837": {
     "_draft": true,
@@ -2726,9 +2740,9 @@
     "rwep_factors": {
       "cisa_kev": 0,
       "poc_available": 20,
-      "ai_factor": 25,
+      "ai_factor": 15,
       "active_exploitation": 0,
-      "blast_radius": 40,
+      "blast_radius": 30,
       "patch_available": -15,
       "live_patch_available": -10,
       "reboot_required": 0
@@ -2747,6 +2761,7 @@
       "https://nginx.org/en/security_advisories.html"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by depthfirst's autonomous vulnerability-analysis platform; flagged the heap-buffer-overflow in nginx ngx_http_rewrite_module (present since nginx 0.6.27, 2008) within six hours of scan time. First publicly-attributed AI-discovered nginx CVE; jointly disclosed by F5 + depthfirst on 2026-05-13. Source: https://depthfirst.com/nginx-rift and https://github.com/depthfirstdisclosures/nginx-rift."
+    "discovery_attribution_note": "Discovered by depthfirst's autonomous vulnerability-analysis platform; flagged the heap-buffer-overflow in nginx ngx_http_rewrite_module (present since nginx 0.6.27, 2008) within six hours of scan time. First publicly-attributed AI-discovered nginx CVE; jointly disclosed by F5 + depthfirst on 2026-05-13. Source: https://depthfirst.com/nginx-rift and https://github.com/depthfirstdisclosures/nginx-rift.",
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   }
 }

package/data/cwe-catalog.json

@@ -22,7 +22,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "CWE-20": {
     "id": "CWE-20",

package/data/d3fend-catalog.json

@@ -28,7 +28,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "D3-EAL": {
     "id": "D3-EAL",

package/data/dlp-controls.json

@@ -15,7 +15,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "DLP-CHAN-EMAIL-OUT": {
     "id": "DLP-CHAN-EMAIL-OUT",

package/data/framework-control-gaps.json

@@ -14,7 +14,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "ALL-AI-PIPELINE-INTEGRITY": {
     "framework": "ALL",

package/data/rfc-references.json

@@ -24,7 +24,8 @@
       "stale_after_days": 180,
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
-    }
+    },
+    "last_threat_review": "2026-05-15"
   },
   "RFC-4301": {
     "number": 4301,

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-16T01:08:44.785Z",
+  "_generated_at": "2026-05-16T02:01:45.936Z",
   "atlas_version": "5.4.0",
   "skill_count": 42,
   "skills": [

package/manifest-snapshot.sha256

@@ -1 +1 @@
-2b2fe8086b9dd8ff974651b9ee0a00df002209856fd3e6cbacd4cd9b0029b530  manifest-snapshot.json
+3cc97ea81650ff630b335d8bb83a11ba5a847ac0dcada34ff0e36e24055d551e  manifest-snapshot.json

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.29",
+  "version": "0.12.30",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "N6H4u/u1fCFE6f/3QVkAr2cumZvLNE+xYBC91CCxKoeaSKm5zqbwzb2mvFDk9XKUegUy5W6npLFGi75yxNMIAg==",
-      "signed_at": "2026-05-16T01:10:55.139Z",
+      "signed_at": "2026-05-16T02:15:30.223Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "Xen6ojQGzT4AZUN/WtuQon+gT2UrJyX50nrZwEdxLw5aiz8gDaeMkWo/Bic+h4NFEF7MRd7uDTm0dvKgWnlRBA==",
-      "signed_at": "2026-05-16T01:10:55.141Z",
+      "signed_at": "2026-05-16T02:15:30.225Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "IDhdamTvyWfnz7SvIMrVMz2cwLuiP2/Iw2iYHFNbI1O302XnrGyIVsJcoKZa5QFClBYPiABVt+yI5HEuLxMCBw==",
-      "signed_at": "2026-05-16T01:10:55.142Z",
+      "signed_at": "2026-05-16T02:15:30.225Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "cPRRTsNQT1MYR3cE5O3KdC4MB037EMc0fsMIbOyfOv16sR+DkiXmAhQOjlIC47HngHz3vhLI+rbqItN91VWpBg==",
-      "signed_at": "2026-05-16T01:10:55.142Z"
+      "signed_at": "2026-05-16T02:15:30.225Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "79NrFMRsqGsipWeE5ETQSVICGO4BjTJYgyir+PSaNVFpkLqLcwZd8Dr1V7iwX0H0fXFL3WpPz35gtrYCEG32BQ==",
-      "signed_at": "2026-05-16T01:10:55.142Z"
+      "signed_at": "2026-05-16T02:15:30.226Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "O7YIzAOQtSCFD0pyUdF0otYy9xwksrRGCLnSw5aMMGOs0SYeYA1JsMX5XLxNOQJC8tURC21HgQc/yx22jLtvAw==",
-      "signed_at": "2026-05-16T01:10:55.143Z"
+      "signed_at": "2026-05-16T02:15:30.226Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "ai6ebp9pz7dBigm2rQvQ0SklhDZtHqP3exKtolbEBiN0shQScypJfDBaQN2J3aoOC4dZjjTgIZvGfWLmBxrxBA==",
-      "signed_at": "2026-05-16T01:10:55.143Z",
+      "signed_at": "2026-05-16T02:15:30.226Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "BkDjyCF53MAATVfzERmIhEhi474eWloxD0qyw9Gvw+VFE8aH3pOi+yeCpc0kq0vHAVmAEszwxBKEcuLkJbmSBg==",
-      "signed_at": "2026-05-16T01:10:55.143Z",
+      "signed_at": "2026-05-16T02:15:30.227Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "DxfXhSyoAGUo1emHh0uIIcg324ZreBYxmFdBDVAKOOuPmMlfN4RqNc/JGDSfVmMv5CjgYCUcSmkcYB0A5lk0Cg==",
-      "signed_at": "2026-05-16T01:10:55.144Z",
+      "signed_at": "2026-05-16T02:15:30.227Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "rFQ82v+1oAHWixWcGwokKhjZHfXUf6N7EfSgldhQ5Jrbiy3kv5CIbnOCsI6zPWyErSnpKVeBFTabJXnzLrzDCQ==",
-      "signed_at": "2026-05-16T01:10:55.144Z"
+      "signed_at": "2026-05-16T02:15:30.228Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "7yVjZkanFMKDQqXdX4B/7oLc2Rz72xHC1zscYd8F/+e5UAbR7ikK8Bn5EKZt3aBEOhHPAviSQNCMxpZD9U00CA==",
-      "signed_at": "2026-05-16T01:10:55.145Z"
+      "signed_at": "2026-05-16T02:15:30.228Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "VlPR7yY39hEwDJYYKPgHAOeax9LU0X7eIrR8L7zMFJWS0SdKTalOXXJtD9GppByftnkYAAdryZ8tHQ/KWLtaBQ==",
-      "signed_at": "2026-05-16T01:10:55.145Z"
+      "signed_at": "2026-05-16T02:15:30.228Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "V+qn5FqUlETfsEjvvi6jZGuQdqLFtFejfgPA6KSYxSlBXBTbOBXP3BGk5S+ba9akIzgbKh1j9VGB1MqsIt56DA==",
-      "signed_at": "2026-05-16T01:10:55.145Z",
+      "signed_at": "2026-05-16T02:15:30.229Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "WCNz19186cER1eEhCophTIbnL3ltS3FC98I1rfv463aRnuVxPB3sUlD9xHTbxTM2rUABhqKijhdkWiMh2uKxCQ==",
-      "signed_at": "2026-05-16T01:10:55.146Z"
+      "signed_at": "2026-05-16T02:15:30.229Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "zjq6ACAHD46xvhvQJKlrCPh5xDCuBuIWBI+QJB8RxcudpC7p7I1pqv+BY8DZdsAgU4tquCU8KC+xlduMIk3/DQ==",
-      "signed_at": "2026-05-16T01:10:55.146Z",
+      "signed_at": "2026-05-16T02:15:30.229Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "/lGgWehCMQUXjI6w4FUa+5wrbyRnct+txvVcXA+D2/ZEkoJKh+J/psO3j5HPf7Hpv+Y5SmkH71CoO+9qilyVDQ==",
-      "signed_at": "2026-05-16T01:10:55.146Z"
+      "signed_at": "2026-05-16T02:15:30.229Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "RqQMwOKK7xjG9e/Ls4986NOrDwKz/nQmpw1DwNJwV2nlOztyo7MgxUG3kTuLbuW3qCrrkO+CbpBA5nGS1cmKBQ==",
-      "signed_at": "2026-05-16T01:10:55.146Z"
+      "signed_at": "2026-05-16T02:15:30.230Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-16T01:10:55.147Z"
+      "signed_at": "2026-05-16T02:15:30.230Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "vL5XeQOk7vwX0sLMuKghj6XLnXsqKcGpCUNMui9HwqnWyNQwgSRGu+JFqP7ZqpP3SUYRZHcVlWhXeTJHyOtiAA==",
-      "signed_at": "2026-05-16T01:10:55.147Z"
+      "signed_at": "2026-05-16T02:15:30.230Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "jp3MxKukV7zW47eX3VcAIMG5WxypMDcfHqwYDodI9YQgTxEojCrRcMSApaoZHTdD3yTQC1JtkXeKxU6K3C5NCg==",
-      "signed_at": "2026-05-16T01:10:55.147Z"
+      "signed_at": "2026-05-16T02:15:30.231Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-16T01:10:55.148Z"
+      "signed_at": "2026-05-16T02:15:30.231Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "k0HrsZMBxiPWB1jl4dRwhv/R5IsqbZ+SLDv1Jx3/sRl51JyXjtm8vyogTNhSwsl5/IkaRakqIPJFRFRl5h/9CQ==",
-      "signed_at": "2026-05-16T01:10:55.148Z"
+      "signed_at": "2026-05-16T02:15:30.231Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "oHxjumOhk8y86WcwhAX8sSWIlPzt60KfTMn4DCJLeRrrQd5+i54fVADKAdZ3vOqfDN+DexO0uX4f5dLPtacRCQ==",
-      "signed_at": "2026-05-16T01:10:55.148Z"
+      "signed_at": "2026-05-16T02:15:30.232Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
-      "signed_at": "2026-05-16T01:10:55.148Z"
+      "signed_at": "2026-05-16T02:15:30.232Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "V9kl8Cf8UMjNFyn3D/fSyhWHLeXWlx3WV/jT9jdF9SrjfDqymimuTt2o91cZ2FOEJndAH9V0JGXB13Ohz8K4CQ==",
-      "signed_at": "2026-05-16T01:10:55.149Z"
+      "signed_at": "2026-05-16T02:15:30.232Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ENSL4MJSNXhriKsTVBjg2jTc7JTtb6mxqbfBw/SVVajPMkLMcLBk4Gem9LhZWZ8DSqyWLnFO2d6hlz5q8bjuCg==",
-      "signed_at": "2026-05-16T01:10:55.149Z"
+      "signed_at": "2026-05-16T02:15:30.232Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8E82UwKFNraXV/MKAbiUV6gUryYuN+Ff/kiv1aW4/XtriShdTyt/UgRuQJ8LXGXl0jMH8hRJ/xTAV8LOJqexDA==",
-      "signed_at": "2026-05-16T01:10:55.149Z"
+      "signed_at": "2026-05-16T02:15:30.233Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BDuLcpTeFp2BNSf1q4rYOhYKNhlgd3o5RZ0Uw9xW5olyYxPbZSgqekQ+6Ggaec09s7y6sqR37GS0vuAMdbrdDQ==",
-      "signed_at": "2026-05-16T01:10:55.150Z"
+      "signed_at": "2026-05-16T02:15:30.233Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "w12QqGBlRDaDVYug9uQVmEbxR7+gX23rOKZSjlt3XcszYDHBCRiP4cBRKMuEguu44DCaQsg+Btu4vAVMlss9Dg==",
-      "signed_at": "2026-05-16T01:10:55.150Z"
+      "signed_at": "2026-05-16T02:15:30.233Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "nMsyJ+rp5fM8/VjC7zsZyDjOC4hpxB+noT1VX7W0HBlq5t3SY56cwOGApwES/kBcCuf4qexKY376OxUr93zvCQ==",
-      "signed_at": "2026-05-16T01:10:55.151Z"
+      "signed_at": "2026-05-16T02:15:30.234Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "L1moEqEGkBkqY/3ohJcfqrlJn40UurDCyb2MOP/IwTAeZD+QbVZ17/drdsydkJ6qSXPiyiE6u8HDfZsDS13NBQ==",
-      "signed_at": "2026-05-16T01:10:55.151Z"
+      "signed_at": "2026-05-16T02:15:30.234Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "VKLuoRkFq7lNXqySipwzPSaiHaqemHQ2cReemF/Xy9hUpD9orQaTVZWClOA4lzoF6d2eQ/CeS///Jjnj4g9dCg==",
-      "signed_at": "2026-05-16T01:10:55.152Z"
+      "signed_at": "2026-05-16T02:15:30.235Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "JHGu5OI35payaFR1At3XZIX4HnflgF3lI9vk/XsHpu0loWHtbTiA/SrNzTuWO+be8aIfd36uNz7WnJNwBTCHDA==",
-      "signed_at": "2026-05-16T01:10:55.152Z"
+      "signed_at": "2026-05-16T02:15:30.235Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "UEn0305KAEqIfYOdzadLBdPG/PJ+3sJ/8ubvPFNcXfqXp2uOWTfqGUqY65PApA992VEEa1RBQt5R7Nyhd/OjDQ==",
-      "signed_at": "2026-05-16T01:10:55.152Z"
+      "signed_at": "2026-05-16T02:15:30.235Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "lPd9tHAskNapjrWwFWhsb8ntAL0xovDCIGElsOCyjcafzby4ArwRw5Lq28sfNloJZAhMN+AWj+lDdFytiUQHCQ==",
-      "signed_at": "2026-05-16T01:10:55.153Z"
+      "signed_at": "2026-05-16T02:15:30.236Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "U+HyElcP007FIblXUE/nFpj/rZ5z3VohsvxRCWEuuJDLdOnsXYEadb7ccr3X7S4aRG2MC4T2KtVtgbKIuO5QDw==",
-      "signed_at": "2026-05-16T01:10:55.153Z"
+      "signed_at": "2026-05-16T02:15:30.236Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "XB3TVjNRBlqqbIhatFoYtTJHTS51nVt9k7DVrb2roUflLDjbCnaTbrpztA2oqJyyxwgnLlX+K7NW8oYOYEMeCg==",
-      "signed_at": "2026-05-16T01:10:55.153Z"
+      "signed_at": "2026-05-16T02:15:30.236Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ChZ8EWZFfrQYLNH6gJBdcRrayROvcQfiPOpb4H+0rio99OZS0AmQgWQjlWfrF1K5KPEYsLjDqtp2i5P7xLfyBw==",
-      "signed_at": "2026-05-16T01:10:55.154Z"
+      "signed_at": "2026-05-16T02:15:30.237Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "RiCryJEd66T2NNcSo/mZTd3sGWDycE3C37guLJanLdVL5co35DrPFmIl8qy3ZM/y+Wzg5vpny8VKgr1//1/bCA==",
-      "signed_at": "2026-05-16T01:10:55.154Z"
+      "signed_at": "2026-05-16T02:15:30.237Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
-      "signed_at": "2026-05-16T01:10:55.154Z"
+      "signed_at": "2026-05-16T02:15:30.237Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "03brHySNWPVnrfZwGBZH5rKLh20DQxVNln0w30fhdcMXtaHQYRuCfhhvqbHVHHoLEogMfsixQX1YtbiqOojsAQ==",
-      "signed_at": "2026-05-16T01:10:55.155Z"
+      "signed_at": "2026-05-16T02:15:30.238Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "EMdSANZrYCCWZ3+PL8CGKiXM7gQVsPBfj7BNMzNlEkjMIc+OccHUSjNEIWLgVZH6H5So1Le4JQSePqLq/nPABA==",
-      "signed_at": "2026-05-16T01:10:55.155Z"
+      "signed_at": "2026-05-16T02:15:30.238Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "TjDIktv6rQU897k5KWBhnOiZOlqCQy9sJJT65r9uXfRjc0RV6tmnoagQgerRo/u9DyroTdcbY40THgHrC3vsCA=="
+    "signature_base64": "cwGLjPDDm7XSC20Ub5GQid3BvrJX/vprQNHNa1c7h0YQT9PIlza1vzOX2ysYEMHIn1W0XpOURUnUYuHE1HFfCQ=="
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.29",
+  "version": "0.12.30",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0e60e9bd-5657-4629-ab3a-8235c39a6868",
+  "serialNumber": "urn:uuid:7150dfe9-d8fa-4de6-9a84-6382eeda157d",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-16T01:18:25.445Z",
+    "timestamp": "2026-05-16T02:16:31.433Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.12.29"
+        "version": "0.12.30"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.29",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.30",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.29",
+      "version": "0.12.30",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.29",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.30",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d4cc401770faf40a8584db666685b2eb05dc4966346116423eb3843dea7e7136"
+          "content": "80e6f4b66c77729400d40271423b06ed791d013a071767a9e2640a078cdd2ddf"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.29"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.30"
         },
         {
           "type": "vcs",
@@ -108,7 +108,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9ce54562c066124a51341200915991a63126235bd3187cca80d89a41d0cbdf6d"
+          "content": "69833513ff4e8c9365cad9eca0948eaf648394b928ae2c52d74d656c4efaaaca"
         }
       ]
     },
@@ -262,7 +262,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "72164f10238b4ba26a6c2fcacd0dfa3e745cd83b7c7c525ca26d8069511a4f24"
+          "content": "0802d09b5783d01ec99d0d629942adbd81844e3cf6ed2f39885b362f57841abd"
         }
       ]
     },
@@ -273,7 +273,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b6d1a950e9dec8b313f65a546dcff724bf27d3717deca74decc04a6ba15d4538"
+          "content": "f4bdc070b94d5b829f541aab34e21f86b133e9750ce9bef2d0b3e141c880bd33"
         }
       ]
     },
@@ -284,7 +284,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ac7c1b0ba5cc84754264846b8173011ca4328773dd981c7b42599e112e54b3c4"
+          "content": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf"
         }
       ]
     },
@@ -295,7 +295,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5"
+          "content": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19"
         }
       ]
     },
@@ -317,7 +317,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0c4aa0d3c48da3b3a88d0b9faa078003af76a809b63d00f1da1c504738872a06"
+          "content": "d7e40e7d5edcdcb1573905a9a01ef31962030b4a16e0a138a4c733f00c8701d1"
         }
       ]
     },
@@ -515,7 +515,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "e90ec6755f6a670fdb589bbdc61b3010c90531da46065ada377272f34d282fcb"
+          "content": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0"
         }
       ]
     },
@@ -911,7 +911,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2b2fe8086b9dd8ff974651b9ee0a00df002209856fd3e6cbacd4cd9b0029b530"
+          "content": "3cc97ea81650ff630b335d8bb83a11ba5a847ac0dcada34ff0e36e24055d551e"
         }
       ]
     },
@@ -922,7 +922,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "900d1f4f0d5b8cec3f0340115b95f6720e57ab2a8d87adf07f8584a47282320b"
+          "content": "defa4415eebe3d3f0ad741a1c838b43be61b8fabc85a147633be0a7a20b9ad72"
         }
       ]
     },
@@ -933,7 +933,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5b9c21d9c2d885b439990b7b499429bf8a59e69cc737abfb386aa0255f2e8228"
+          "content": "a9d4ea238c6c91f6d12ac8ce8c46fe096c3e448bc53ae1776932bc1c6779984d"
         }
       ]
     },
@@ -1252,7 +1252,7 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a5f091b056107977c6804e888084a06552fd55f82b31d80617cd0184028c3e54"
+          "content": "7268e2b1096db71e4104830a16859a47a993e0abbb6d3c7c4032715c046a2e11"
         }
       ]
     },

package/scripts/check-test-coverage.js

@@ -184,15 +184,29 @@ function readMaybe(p) {
 
 // --- Categorization ---------------------------------------------------------
 
+// Mechanical / contributor-only docs the gate auto-allows: their content
+// has no operator-facing semantic surface (CONTRIBUTING is for PRs;
+// LICENSE / NOTICE / CODE_OF_CONDUCT are boilerplate; .gitignore / .npmrc
+// / .editorconfig are tooling). Edits here never need a regression test.
 const DOCS_ALWAYS_GREEN = new Set([
-  "CHANGELOG.md", "README.md", "CONTRIBUTING.md", "SECURITY.md",
-  "LICENSE", "NOTICE", "CODE_OF_CONDUCT.md", "AGENTS.md", "CLAUDE.md",
-  "SUPPORT.md", "MIGRATING.md", ".gitignore", ".npmrc", ".editorconfig",
+  "CONTRIBUTING.md", "LICENSE", "NOTICE", "CODE_OF_CONDUCT.md",
+  "CLAUDE.md", "SUPPORT.md", ".gitignore", ".npmrc", ".editorconfig",
+]);
+
+// Cycle 9 finding: operator-facing docs (release notes, install instructions,
+// security disclosure policy, migration guides, AI-assistant ground truth)
+// previously auto-greened. A PR could land deceptive copy here without any
+// reviewer signal. Downgrade to manual-review so the diff surfaces in the
+// gate output — a human (or the maintainer reviewing the bot summary) at
+// least sees the change exists.
+const DOCS_MANUAL_REVIEW = new Set([
+  "CHANGELOG.md", "README.md", "SECURITY.md", "MIGRATING.md", "AGENTS.md",
 ]);
 
 function categorize(file) {
   const norm = file.replace(/\\/g, "/");
   if (DOCS_ALWAYS_GREEN.has(norm)) return "docs";
+  if (DOCS_MANUAL_REVIEW.has(norm)) return "manual-review";
   if (norm.startsWith("tests/")) return "test"; // no recursion
   if (norm.startsWith("docs/")) return "docs";
   if (norm.endsWith(".md") && !norm.startsWith("data/")) return "docs";
@@ -662,5 +676,5 @@ module.exports = {
   extractCliSurface, extractLibExports, extractPlaybookIds, extractCveIocChanges,
   coversCliVerb, coversCliFlag, coversLibExport, coversPlaybookId, coversCveIoc,
   scanForCoincidenceAsserts,
-  DOCS_ALWAYS_GREEN,
+  DOCS_ALWAYS_GREEN, DOCS_MANUAL_REVIEW,
 };