@blamejs/exceptd-skills 0.12.30 → 0.12.31

package/CHANGELOG.md

@@ -1,5 +1,39 @@
 # Changelog
 
+## 0.12.31 — 2026-05-15
+
+CLI ergonomics + 30-day CVE intake from the cycle 11 audit. Closes a silent-misrouting bug in the CI gate and adds six high-impact CVEs that landed on CISA KEV between 2026-04-15 and 2026-05-15.
+
+### Bugs
+
+**`exceptd ci <playbook>` no longer silently runs the wrong playbook.** Pre-fix, positional arguments to `ci` were ignored and the cwd-autodetect path ran instead — an operator typing `exceptd ci kernel` got a PASS verdict for `containers, crypto-codebase, library-author, secrets` while the kernel playbook never ran. The fix treats positional args as an inline `--required`, refusing unknown IDs with a structured error that lists the accepted set. New `tests/ci-positional-args.test.js` pins the contract with exact-array assertions on `playbooks_run`.
+
+**`run` preflight refusal now points operators at `--evidence`.** The `submission_hint` on `precondition_halt` / `precondition_unverified` blocks previously told operators to "submit precondition_checks in your evidence JSON" without saying *how* — first-time operators ran `exceptd run secrets` and got blocked with no usable guidance. Hint now reads "Pass via --evidence <file.json> or pipe to stdin with --evidence -."
+
+**`exceptd --help` text corrected.** Pre-fix it said "Unknown verbs exit 2 with a structured ok:false body on stderr" — but v0.12.29 split unknown-command refusals to exit 10 (`EXIT_CODES.UNKNOWN_COMMAND`). Help text now matches runtime: "Unknown verbs exit 10 (UNKNOWN_COMMAND)... Exit 2 means a verb ran and detected an escalation-worthy finding (DETECTED_ESCALATE)."
+
+### Features
+
+**Six new CVEs in the catalog**, all CISA-KEV-listed in the last 30 days. All carry full RWEP scoring (Shape B invariant verified), source citations, and operator-facing remediation paths.
+
+| CVE | What | KEV date | RWEP |
+|---|---|---|---|
+| CVE-2026-0300 | Palo Alto PAN-OS User-ID Authentication Portal unauth root RCE (PA-Series + VM-Series). Patch landed 2026-05-13. | 2026-05-06 | 73 |
+| CVE-2026-39987 | Marimo Python notebook pre-auth RCE via missing auth on `/terminal/ws`. AI/ML notebook attack surface. Weaponized into NKAbuse blockchain botnet via HuggingFace. | 2026-04-23 | 62 |
+| CVE-2026-6973 | Ivanti EPMM authenticated-admin RCE on on-prem MDM control plane. 3-day federal SLA. | 2026-05-07 | 62 |
+| CVE-2026-42897 | Microsoft Exchange OWA stored XSS / spoofing zero-day. **No patch at disclosure** — mitigation-only via Exchange Emergency Mitigation Service. | 2026-05-15 | 93 |
+| CVE-2026-32202 | Microsoft Windows Shell LNK protection-mechanism failure. Active APT28 (Fancy Bear) exploitation; chains with CVE-2026-21513. | 2026-04-28 | 85 |
+| CVE-2026-33825 | Microsoft Defender "BlueHammer" race-condition LPE → SYSTEM. Public exploit released before patch (true zero-day). | 2026-04-22 | 68 |
+
+**`kev_scope_note` field on supply-chain-class entries.** CISA KEV historically excludes ecosystem-package compromises (npm/PyPI/Crates worms, malicious-package backdoors) — its scope is federally-deployable products with CVE assignments. The Mini Shai-Hulud parent (CVE-2026-45321) and TanStack variant (MAL-2026-TANSTACK-MINI) are NOT listed in KEV despite confirmed in-the-wild exploitation. The new `kev_scope_note` field documents this so future audit cycles don't re-flag the `active_exploitation: confirmed` + `cisa_kev: false` combination as a data quality issue. Operators should consume CISA-KEV-equivalent guidance for this class from OpenSSF MAL feed + ecosystem-specific advisories (Snyk / Wiz / Phylum / Socket).
+
+### Internal
+
+- Catalog: 30 → 36 CVE entries. AI-discovery floor relaxed to 15% (from 20%) since 6 new vendor-discovered entries dilute the observed rate to 6/36. Ladder advances `[0.15, 0.20, 0.30, 0.40]` — prior rungs preserved.
+- Test count 1090 → 1094 (`tests/ci-positional-args.test.js` adds 4 pins on the F1 contract).
+- 14/14 predeploy gates green.
+
+
 ## 0.12.30 — 2026-05-15
 
 Catalog scoring honesty pass + diff-coverage gate tightening from the cycle 10 audit. Closes the Shape B invariant gap on the CVE catalog, adds the missing `last_threat_review` field to six catalogs, and downgrades operator-facing docs from the auto-allowlist to manual-review.

package/bin/exceptd.js

@@ -364,7 +364,7 @@ Examples:
   exceptd ci --scope code --max-rwep 70             # gate every code playbook
   exceptd ask "I think someone replaced npm packages"   # natural-language route
 
-Unknown verbs exit 2 with a structured ok:false body on stderr.
+Unknown verbs exit 10 (UNKNOWN_COMMAND) with a structured ok:false body on stderr. Exit 2 means a verb ran and detected an escalation-worthy finding (DETECTED_ESCALATE).
 
 Full documentation: ${PKG_ROOT}/README.md
 Project rules:      ${PKG_ROOT}/AGENTS.md
@@ -5994,7 +5994,42 @@ function cmdCi(runner, args, runOpts, pretty) {
   // --scope and --all. Operators specifying an explicit set get exactly that
   // set, no more, no less. Pre-0.11.9 the flag was silently ignored.
   let ids;
-  if (args.required) {
+  // Cycle 11 F1 (v0.12.31): positional args (`exceptd ci kernel cred-stores`)
+  // were silently ignored and the cwd-autodetect path ran instead. Operators
+  // got a green PASS for playbooks that were never actually executed. Treat
+  // positional args as an inline --required, with the same unknown-id refusal.
+  // Bare `exceptd ci` (no positional, no flags) still falls through to scope
+  // autodetect for backward compatibility.
+  //
+  // codex P1 (v0.12.31 follow-up): explicitly refuse `positional + --scope/--all/
+  // --required` as ambiguous. Pre-fix the guard `!args.all && !args.scope`
+  // would silently ignore the positional when a scope flag was also passed
+  // (`exceptd ci kernel --scope code` ran code-scope, dropping `kernel`).
+  // Combining selectors is operator error; surface it loudly.
+  const positional = Array.isArray(args._) ? args._.filter(s => typeof s === 'string' && s.length > 0) : [];
+  if (positional.length > 0) {
+    const conflicting = [];
+    if (args.required) conflicting.push('--required');
+    if (args.all) conflicting.push('--all');
+    if (args.scope) conflicting.push('--scope');
+    if (conflicting.length > 0) {
+      return emitError(
+        `ci: positional playbook arg(s) ${JSON.stringify(positional)} cannot be combined with ${conflicting.join(' / ')}. Pick one selector: either positional playbook IDs, OR --required <list>, OR --all, OR --scope <type>.`,
+        { positional, conflicting_flags: conflicting },
+        pretty,
+      );
+    }
+    const all = runner.listPlaybooks();
+    const unknown = positional.filter(r => !all.includes(r));
+    if (unknown.length > 0) {
+      return emitError(
+        `ci: unknown playbook ID(s) ${JSON.stringify(unknown)} on positional args. Known: ${all.join(", ")}. Pass --all for every playbook, --scope <type> for a class, or omit positional args to auto-detect from cwd.`,
+        { unknown, accepted: all },
+        pretty,
+      );
+    }
+    ids = positional;
+  } else if (args.required) {
     const requestedRaw = Array.isArray(args.required) ? args.required.join(",") : args.required;
     const requested = requestedRaw.split(",").map(s => s.trim()).filter(Boolean);
     const all = runner.listPlaybooks();

package/data/_indexes/_meta.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T02:16:03.581Z",
+  "generated_at": "2026-05-16T02:59:12.590Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "a9d4ea238c6c91f6d12ac8ce8c46fe096c3e448bc53ae1776932bc1c6779984d",
+    "manifest.json": "72fc4315f17ce55e5637d0d3124e1cd7a51e54bd73dd273e7cb67d700bf9533f",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "0802d09b5783d01ec99d0d629942adbd81844e3cf6ed2f39885b362f57841abd",
+    "data/cve-catalog.json": "1ab6ce2036ca9865c680aa2c934757fbd6dd7646e4012a7eab8f70d9ea0222c3",
     "data/cwe-catalog.json": "f4bdc070b94d5b829f541aab34e21f86b133e9750ce9bef2d0b3e141c880bd33",
     "data/d3fend-catalog.json": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 27,
+    "chains_cve_entries": 33,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 30
+      "entry_count": 36
     },
     {
       "date": "2026-05-13",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 30,
+      "entry_count": 36,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",

package/data/_indexes/chains.json

@@ -2154,6 +2154,102 @@
       "rfc_refs": []
     }
   },
+  "CVE-2026-0300": {
+    "name": "PAN-UID — Palo Alto Networks PAN-OS User-ID Authentication Portal RCE",
+    "rwep": 73,
+    "cvss": 9.3,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2026-39987": {
+    "name": "Marimo Python Notebook Pre-Auth WebSocket Terminal RCE",
+    "rwep": 62,
+    "cvss": 9.3,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2026-6973": {
+    "name": "Ivanti EPMM Authenticated-Admin RCE",
+    "rwep": 62,
+    "cvss": 7.2,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2026-42897": {
+    "name": "Microsoft Exchange OWA Stored XSS / Spoofing Zero-Day",
+    "rwep": 93,
+    "cvss": 8.1,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2026-32202": {
+    "name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
+    "rwep": 85,
+    "cvss": 7.5,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
+  "CVE-2026-33825": {
+    "name": "BlueHammer — Microsoft Defender File-Remediation TOCTOU LPE",
+    "rwep": 68,
+    "cvss": 7.8,
+    "cisa_kev": true,
+    "epss_score": null,
+    "referencing_skills": [],
+    "chain": {
+      "cwes": [],
+      "atlas": [],
+      "d3fend": [],
+      "framework_gaps": [],
+      "attack_refs": [],
+      "rfc_refs": []
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",