@blamejs/exceptd-skills 0.12.29 → 0.12.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/CHANGELOG.md +55 -0
  2. package/bin/exceptd.js +37 -2
  3. package/data/_indexes/_meta.json +9 -9
  4. package/data/_indexes/activity-feed.json +1 -1
  5. package/data/_indexes/catalog-summaries.json +1 -1
  6. package/data/_indexes/chains.json +102 -6
  7. package/data/cve-catalog.json +730 -37
  8. package/data/cwe-catalog.json +2 -1
  9. package/data/d3fend-catalog.json +2 -1
  10. package/data/dlp-controls.json +2 -1
  11. package/data/framework-control-gaps.json +2 -1
  12. package/data/rfc-references.json +2 -1
  13. package/lib/playbook-runner.js +1 -1
  14. package/manifest-snapshot.json +1 -1
  15. package/manifest-snapshot.sha256 +1 -1
  16. package/manifest.json +44 -44
  17. package/package.json +1 -1
  18. package/sbom.cdx.json +21 -21
  19. package/scripts/check-test-coverage.js +18 -4
package/scripts/check-test-coverage.js CHANGED
@@ -184,15 +184,29 @@ function readMaybe(p) {
184
184
 
185
185
  // --- Categorization ---------------------------------------------------------
186
186
 
187
+ // Mechanical / contributor-only docs the gate auto-allows: their content
188
+ // has no operator-facing semantic surface (CONTRIBUTING is for PRs;
189
+ // LICENSE / NOTICE / CODE_OF_CONDUCT are boilerplate; .gitignore / .npmrc
190
+ // / .editorconfig are tooling). Edits here never need a regression test.
187
191
  const DOCS_ALWAYS_GREEN = new Set([
188
- "CHANGELOG.md", "README.md", "CONTRIBUTING.md", "SECURITY.md",
189
- "LICENSE", "NOTICE", "CODE_OF_CONDUCT.md", "AGENTS.md", "CLAUDE.md",
190
- "SUPPORT.md", "MIGRATING.md", ".gitignore", ".npmrc", ".editorconfig",
192
+ "CONTRIBUTING.md", "LICENSE", "NOTICE", "CODE_OF_CONDUCT.md",
193
+ "CLAUDE.md", "SUPPORT.md", ".gitignore", ".npmrc", ".editorconfig",
194
+ ]);
195
+
196
+ // Cycle 9 finding: operator-facing docs (release notes, install instructions,
197
+ // security disclosure policy, migration guides, AI-assistant ground truth)
198
+ // previously auto-greened. A PR could land deceptive copy here without any
199
+ // reviewer signal. Downgrade to manual-review so the diff surfaces in the
200
+ // gate output — a human (or the maintainer reviewing the bot summary) at
201
+ // least sees the change exists.
202
+ const DOCS_MANUAL_REVIEW = new Set([
203
+ "CHANGELOG.md", "README.md", "SECURITY.md", "MIGRATING.md", "AGENTS.md",
191
204
  ]);
192
205
 
193
206
  function categorize(file) {
194
207
  const norm = file.replace(/\\/g, "/");
195
208
  if (DOCS_ALWAYS_GREEN.has(norm)) return "docs";
209
+ if (DOCS_MANUAL_REVIEW.has(norm)) return "manual-review";
196
210
  if (norm.startsWith("tests/")) return "test"; // no recursion
197
211
  if (norm.startsWith("docs/")) return "docs";
198
212
  if (norm.endsWith(".md") && !norm.startsWith("data/")) return "docs";
@@ -662,5 +676,5 @@ module.exports = {
662
676
  extractCliSurface, extractLibExports, extractPlaybookIds, extractCveIocChanges,
663
677
  coversCliVerb, coversCliFlag, coversLibExport, coversPlaybookId, coversCveIoc,
664
678
  scanForCoincidenceAsserts,
665
- DOCS_ALWAYS_GREEN,
679
+ DOCS_ALWAYS_GREEN, DOCS_MANUAL_REVIEW,
666
680
  };