@blamejs/exceptd-skills 0.12.30 → 0.12.32

package/CHANGELOG.md

@@ -1,5 +1,66 @@
 # Changelog
 
+## 0.12.32 — 2026-05-15
+
+Cycle 11 CLI polish + cycle 12 catalog hardening. The headline closes a silent regression where the 6 CVEs advertised by v0.12.31 were shipped as `_draft: true` and therefore invisible to default `cross-ref-api` queries — operators running `exceptd` against Exchange would have gotten a clean bill on CVE-2026-42897.
+
+### Bugs
+
+**6 CVEs from v0.12.31 promoted from draft to non-draft.** Cycle 12 audit caught the regression: every CVE in cycle 11's intake shipped as `_draft: true`, which `lib/cross-ref-api.js` skips by default. v0.12.31 CHANGELOG advertised "6 new CISA-KEV CVEs" but operators couldn't actually query them. All 6 promoted with `_editorial_promoted: 2026-05-15` provenance; full required fields validated (iocs, vendor_advisories, verification_sources, complexity, affected_versions, RWEP Shape B invariant).
+
+**9 unmatched `framework_control_gaps` keys on the new CVEs now resolve.** `NIS2-Art21-vulnerability-management`, `DORA-Art-9`, `NIST-800-53-AC-3`, `OWASP-LLM-Top-10-2025-LLM05`, `NIST-800-53-AC-6`, `NIS2-Art21-identity-management`, `ISO-27001-2022-A.8.7`, `NIST-800-53-SC-44`, `CIS-Controls-v8-10.1` — referenced by the new CVEs but absent from the framework-gap catalog. All 9 now present with `theater_test` blocks (catalog 109 → 118 entries). Reverse `evidence_cves` links also added on the 6 existing entries (NIST-800-53-SI-2 / SI-3 / etc.) that the new CVEs reference.
+
+**CVE → CWE reverse-references auto-regenerated.** Cycle 9 introduced `npm run refresh-reverse-refs` for the skill direction (manifest → atlas/cwe/d3fend/rfc), but the CWE catalog's `evidence_cves` field — the operator-facing "which CVEs map to this CWE" index — was still hand-maintained and drifted with every CVE intake. The script now also walks `cve.cwe_refs` → `cwe.evidence_cves`. Drafts excluded (they're invisible to default consumers; the reverse direction tracks operator-queryable truth). 14 CWE entries updated on first run. New `tests/reverse-ref-drift.test.js` test pins the contract.
+
+### Features
+
+**`exceptd help <verb>`** now routes to the per-verb help text (`exceptd help run` returns the run-verb help, not the top-level banner). Pre-fix the verb arg was silently dropped. Unknown verbs fall through to top-level help with a stderr note. New `tests/help-verb-attest-list-deprecation.test.js` pins the contract.
+
+**`exceptd attest list` empty-state now names every candidate root.** Pre-fix the human output said "(no attestations under )" with an empty path list when no `.exceptd/` directory existed. New `roots_evaluated[]` field on the JSON output + `[scanned-empty]` / `[not-present]` markers in the human renderer.
+
+**Legacy-verb deprecation banner auto-suppresses across invocations.** Pre-fix the per-process env-var guard reset on every fresh node process, so operators saw the banner on every `exceptd plan` invocation. Now persists suppression via an OS-tempdir marker keyed by exceptd version — banner shows once per version per host, re-shows on upgrade. Explicit `EXCEPTD_DEPRECATION_SHOWN=1` still suppresses even the first display.
+
+### Internal
+
+- 6 matching `data/zeroday-lessons.json` entries authored for the promoted CVEs (rule #6 enforcement: zero-day learning is live for every non-draft catalog entry).
+- Test count 1099 → 1109 (10 new tests across F4/F5/F7 + reverse-ref drift extension + Shape B canonicalization staying green).
+- 14/14 predeploy gates green.
+
+
+## 0.12.31 — 2026-05-15
+
+CLI ergonomics + 30-day CVE intake from the cycle 11 audit. Closes a silent-misrouting bug in the CI gate and adds six high-impact CVEs that landed on CISA KEV between 2026-04-15 and 2026-05-15.
+
+### Bugs
+
+**`exceptd ci <playbook>` no longer silently runs the wrong playbook.** Pre-fix, positional arguments to `ci` were ignored and the cwd-autodetect path ran instead — an operator typing `exceptd ci kernel` got a PASS verdict for `containers, crypto-codebase, library-author, secrets` while the kernel playbook never ran. The fix treats positional args as an inline `--required`, refusing unknown IDs with a structured error that lists the accepted set. New `tests/ci-positional-args.test.js` pins the contract with exact-array assertions on `playbooks_run`.
+
+**`run` preflight refusal now points operators at `--evidence`.** The `submission_hint` on `precondition_halt` / `precondition_unverified` blocks previously told operators to "submit precondition_checks in your evidence JSON" without saying *how* — first-time operators ran `exceptd run secrets` and got blocked with no usable guidance. Hint now reads "Pass via --evidence <file.json> or pipe to stdin with --evidence -."
+
+**`exceptd --help` text corrected.** Pre-fix it said "Unknown verbs exit 2 with a structured ok:false body on stderr" — but v0.12.29 split unknown-command refusals to exit 10 (`EXIT_CODES.UNKNOWN_COMMAND`). Help text now matches runtime: "Unknown verbs exit 10 (UNKNOWN_COMMAND)... Exit 2 means a verb ran and detected an escalation-worthy finding (DETECTED_ESCALATE)."
+
+### Features
+
+**Six new CVEs in the catalog**, all CISA-KEV-listed in the last 30 days. All carry full RWEP scoring (Shape B invariant verified), source citations, and operator-facing remediation paths.
+
+| CVE | What | KEV date | RWEP |
+|---|---|---|---|
+| CVE-2026-0300 | Palo Alto PAN-OS User-ID Authentication Portal unauth root RCE (PA-Series + VM-Series). Patch landed 2026-05-13. | 2026-05-06 | 73 |
+| CVE-2026-39987 | Marimo Python notebook pre-auth RCE via missing auth on `/terminal/ws`. AI/ML notebook attack surface. Weaponized into NKAbuse blockchain botnet via HuggingFace. | 2026-04-23 | 62 |
+| CVE-2026-6973 | Ivanti EPMM authenticated-admin RCE on on-prem MDM control plane. 3-day federal SLA. | 2026-05-07 | 62 |
+| CVE-2026-42897 | Microsoft Exchange OWA stored XSS / spoofing zero-day. **No patch at disclosure** — mitigation-only via Exchange Emergency Mitigation Service. | 2026-05-15 | 93 |
+| CVE-2026-32202 | Microsoft Windows Shell LNK protection-mechanism failure. Active APT28 (Fancy Bear) exploitation; chains with CVE-2026-21513. | 2026-04-28 | 85 |
+| CVE-2026-33825 | Microsoft Defender "BlueHammer" race-condition LPE → SYSTEM. Public exploit released before patch (true zero-day). | 2026-04-22 | 68 |
+
+**`kev_scope_note` field on supply-chain-class entries.** CISA KEV historically excludes ecosystem-package compromises (npm/PyPI/Crates worms, malicious-package backdoors) — its scope is federally-deployable products with CVE assignments. The Mini Shai-Hulud parent (CVE-2026-45321) and TanStack variant (MAL-2026-TANSTACK-MINI) are NOT listed in KEV despite confirmed in-the-wild exploitation. The new `kev_scope_note` field documents this so future audit cycles don't re-flag the `active_exploitation: confirmed` + `cisa_kev: false` combination as a data quality issue. Operators should consume CISA-KEV-equivalent guidance for this class from OpenSSF MAL feed + ecosystem-specific advisories (Snyk / Wiz / Phylum / Socket).
+
+### Internal
+
+- Catalog: 30 → 36 CVE entries. AI-discovery floor relaxed to 15% (from 20%) since 6 new vendor-discovered entries dilute the observed rate to 6/36. Ladder advances `[0.15, 0.20, 0.30, 0.40]` — prior rungs preserved.
+- Test count 1090 → 1094 (`tests/ci-positional-args.test.js` adds 4 pins on the F1 contract).
+- 14/14 predeploy gates green.
+
+
 ## 0.12.30 — 2026-05-15
 
 Catalog scoring honesty pass + diff-coverage gate tightening from the cycle 10 audit. Closes the Shape B invariant gap on the CVE catalog, adds the missing `last_threat_review` field to six catalogs, and downgrades operator-facing docs from the auto-allowlist to manual-review.

package/bin/exceptd.js

@@ -364,7 +364,7 @@ Examples:
   exceptd ci --scope code --max-rwep 70             # gate every code playbook
   exceptd ask "I think someone replaced npm packages"   # natural-language route
 
-Unknown verbs exit 2 with a structured ok:false body on stderr.
+Unknown verbs exit 10 (UNKNOWN_COMMAND) with a structured ok:false body on stderr. Exit 2 means a verb ran and detected an escalation-worthy finding (DETECTED_ESCALATE).
 
 Full documentation: ${PKG_ROOT}/README.md
 Project rules:      ${PKG_ROOT}/AGENTS.md
@@ -400,6 +400,20 @@ function main() {
   const rest = argv.slice(1);
 
   if (cmd === "help" || cmd === "--help" || cmd === "-h") {
+    // Cycle 11 F4 (v0.12.32): `exceptd help <verb>` previously dropped the
+    // verb argument and printed the top-level help. Route through the same
+    // printPlaybookVerbHelp() that `exceptd <verb> --help` already uses so
+    // operators get a consistent verb-specific help surface regardless of
+    // which way they reached it.
+    if (rest.length > 0 && typeof rest[0] === 'string' && rest[0].length > 0) {
+      const verb = rest[0];
+      if (printPlaybookVerbHelp(verb)) {
+        process.exit(0);
+      }
+      // Verb not found — emit a one-line note pointing at the top-level
+      // help so operators don't silently see the wrong content.
+      process.stderr.write(`[exceptd help] no verb-specific help for "${verb}" — falling through to top-level help. Run \`exceptd help\` for the full verb list.\n`);
+    }
     printHelp();
     process.exit(0);
   }
@@ -449,15 +463,31 @@ function main() {
   // (plan, govern, direct, look, ingest, reattest, list-attestations).
   if (LEGACY_VERB_REPLACEMENTS[cmd] && !process.env.EXCEPTD_DEPRECATION_SHOWN) {
     const ver = readPkgVersion();
-    const haveBrief = ver !== "unknown" && ver.match(/^(\d+)\.(\d+)/) && (parseInt(RegExp.$1, 10) > 0 || parseInt(RegExp.$2, 10) >= 11);
-    process.stderr.write(
-      `[exceptd] DEPRECATION: \`${cmd}\` is a v0.10.x verb. ` +
-      (haveBrief
-        ? `Prefer \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (available in this install, v${ver}). `
-        : `Upgrade to v0.11.0+ then use \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (currently installed: v${ver}). `) +
-      `Legacy verbs remain functional through this release; they will be removed in v0.13. ` +
-      `Suppress: export EXCEPTD_DEPRECATION_SHOWN=1.\n`
-    );
+    // Cycle 11 F7 (v0.12.32): persist the suppression across invocations via
+    // an OS-tempdir marker keyed by exceptd version. Pre-fix the env-var
+    // guard reset every fresh node process so operators saw the same banner
+    // on every `exceptd plan` invocation, even after they'd already read it.
+    // Per-version key means a new version (legitimate new content) shows the
+    // banner once; subsequent runs within the same version stay quiet. The
+    // explicit EXCEPTD_DEPRECATION_SHOWN=1 env-var opt-out still suppresses
+    // even the first display, matching the documented contract.
+    const markerDir = require("os").tmpdir();
+    const markerFile = path.join(markerDir, `exceptd-deprecation-shown-v${ver}`);
+    let alreadyShown = false;
+    try { alreadyShown = fs.existsSync(markerFile); } catch { /* tmpdir unwritable; degrade to per-process */ }
+    if (!alreadyShown) {
+      const haveBrief = ver !== "unknown" && ver.match(/^(\d+)\.(\d+)/) && (parseInt(RegExp.$1, 10) > 0 || parseInt(RegExp.$2, 10) >= 11);
+      process.stderr.write(
+        `[exceptd] DEPRECATION: \`${cmd}\` is a v0.10.x verb. ` +
+        (haveBrief
+          ? `Prefer \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (available in this install, v${ver}). `
+          : `Upgrade to v0.11.0+ then use \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (currently installed: v${ver}). `) +
+        `Legacy verbs remain functional through this release; they will be removed in v0.13. ` +
+        `This banner shows once per exceptd version per host (re-shown on upgrade). Permanent suppress: export EXCEPTD_DEPRECATION_SHOWN=1.\n`
+      );
+      try { fs.writeFileSync(markerFile, `shown_at=${new Date().toISOString()}\nversion=${ver}\n`); }
+      catch { /* tmpdir unwritable; the env-var guard below keeps the per-process suppression intact */ }
+    }
     process.env.EXCEPTD_DEPRECATION_SHOWN = "1";
   }
 
@@ -1949,7 +1979,15 @@ Flags (selected — see \`exceptd run --help\` for the full list):
   --bundle-deterministic  Emit byte-stable bundles across the multi-run set.
   --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.`,
   };
-  process.stdout.write((cmds[verb] || `${verb} — no per-verb help available; see \`exceptd help\` for the full list.`) + "\n");
+  // Cycle 11 F4 (v0.12.32): return whether a verb-specific help block was
+  // found so the `exceptd help <verb>` caller can decide whether to fall
+  // through to the top-level help (verb unknown) or stop here (verb known).
+  if (cmds[verb]) {
+    process.stdout.write(cmds[verb] + "\n");
+    return true;
+  }
+  process.stdout.write(`${verb} — no per-verb help available; see \`exceptd help\` for the full list.\n`);
+  return false;
 }
 
 /**
@@ -5399,9 +5437,14 @@ function cmdListAttestations(runner, args, runOpts, pretty) {
   }
   // Enumerate sessions across both v0.11.0 default root and legacy cwd-
   // relative root, so operators with prior attestations still see them.
-  const roots = [resolveAttestationRoot(runOpts), path.join(process.cwd(), ".exceptd", "attestations")];
+  // Cycle 11 F5 (v0.12.32): also track candidate roots that didn't exist
+  // so operators can tell whether the directory was scanned-and-empty or
+  // simply never created. Pre-fix the human output said "(no attestations
+  // under )" with no path — operators couldn't see where the verb looked.
+  const roots = [...new Set([resolveAttestationRoot(runOpts), path.join(process.cwd(), ".exceptd", "attestations")])];
   const entries = [];
   const seenRoots = new Set();
+  const rootsEvaluated = roots.map(r => ({ root: r, exists: fs.existsSync(r) }));
   for (const root of roots) {
     if (seenRoots.has(root) || !fs.existsSync(root)) continue;
     seenRoots.add(root);
@@ -5442,11 +5485,24 @@ function cmdListAttestations(runner, args, runOpts, pretty) {
     count: entries.length,
     filter: { playbook: playbookFilter ? [...playbookFilter] : null, since: args.since || null },
     roots_searched: [...seenRoots],
+    // Cycle 11 F5 (v0.12.32): every candidate root + whether it existed,
+    // so JSON consumers can distinguish scanned-and-empty from never-created.
+    // The human renderer below also surfaces this rather than printing
+    // "(no attestations under )" with an empty path list.
+    roots_evaluated: rootsEvaluated,
   }, pretty, (obj) => {
     // v0.11.6 (#95) human renderer for attest list: one row per session.
     const lines = [`attest list — ${obj.count} attestation(s)`];
     if (obj.count === 0) {
-      lines.push(`  (no attestations under ${obj.roots_searched.join(' or ')})`);
+      const evald = obj.roots_evaluated || [];
+      if (evald.length === 0) {
+        lines.push(`  (no attestation root resolved; set EXCEPTD_HOME or run from a project with .exceptd/)`);
+      } else {
+        lines.push(`  candidate roots evaluated:`);
+        for (const r of evald) {
+          lines.push(`    ${r.exists ? '[scanned-empty]' : '[not-present]'} ${r.root}`);
+        }
+      }
       return lines.join("\n");
     }
     lines.push(`  ${"session-id".padEnd(20)}  ${"playbook".padEnd(16)}  ${"captured-at".padEnd(20)}  evidence-hash`);
@@ -5994,7 +6050,42 @@ function cmdCi(runner, args, runOpts, pretty) {
   // --scope and --all. Operators specifying an explicit set get exactly that
   // set, no more, no less. Pre-0.11.9 the flag was silently ignored.
   let ids;
-  if (args.required) {
+  // Cycle 11 F1 (v0.12.31): positional args (`exceptd ci kernel cred-stores`)
+  // were silently ignored and the cwd-autodetect path ran instead. Operators
+  // got a green PASS for playbooks that were never actually executed. Treat
+  // positional args as an inline --required, with the same unknown-id refusal.
+  // Bare `exceptd ci` (no positional, no flags) still falls through to scope
+  // autodetect for backward compatibility.
+  //
+  // codex P1 (v0.12.31 follow-up): explicitly refuse `positional + --scope/--all/
+  // --required` as ambiguous. Pre-fix the guard `!args.all && !args.scope`
+  // would silently ignore the positional when a scope flag was also passed
+  // (`exceptd ci kernel --scope code` ran code-scope, dropping `kernel`).
+  // Combining selectors is operator error; surface it loudly.
+  const positional = Array.isArray(args._) ? args._.filter(s => typeof s === 'string' && s.length > 0) : [];
+  if (positional.length > 0) {
+    const conflicting = [];
+    if (args.required) conflicting.push('--required');
+    if (args.all) conflicting.push('--all');
+    if (args.scope) conflicting.push('--scope');
+    if (conflicting.length > 0) {
+      return emitError(
+        `ci: positional playbook arg(s) ${JSON.stringify(positional)} cannot be combined with ${conflicting.join(' / ')}. Pick one selector: either positional playbook IDs, OR --required <list>, OR --all, OR --scope <type>.`,
+        { positional, conflicting_flags: conflicting },
+        pretty,
+      );
+    }
+    const all = runner.listPlaybooks();
+    const unknown = positional.filter(r => !all.includes(r));
+    if (unknown.length > 0) {
+      return emitError(
+        `ci: unknown playbook ID(s) ${JSON.stringify(unknown)} on positional args. Known: ${all.join(", ")}. Pass --all for every playbook, --scope <type> for a class, or omit positional args to auto-detect from cwd.`,
+        { unknown, accepted: all },
+        pretty,
+      );
+    }
+    ids = positional;
+  } else if (args.required) {
     const requestedRaw = Array.isArray(args.required) ? args.required.join(",") : args.required;
     const requested = requestedRaw.split(",").map(s => s.trim()).filter(Boolean);
     const all = runner.listPlaybooks();

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T02:16:03.581Z",
+  "generated_at": "2026-05-16T04:00:50.186Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "a9d4ea238c6c91f6d12ac8ce8c46fe096c3e448bc53ae1776932bc1c6779984d",
+    "manifest.json": "4fdf61fee00b774deaec5cc6cc8d2241d9f073b3b9ee58e990565f5fe336e342",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "0802d09b5783d01ec99d0d629942adbd81844e3cf6ed2f39885b362f57841abd",
-    "data/cwe-catalog.json": "f4bdc070b94d5b829f541aab34e21f86b133e9750ce9bef2d0b3e141c880bd33",
+    "data/cve-catalog.json": "f2bb3210f29fecaaedf2fa71ded77b545ad57bfcb36d3e2678b93b6592893b01",
+    "data/cwe-catalog.json": "e843729d4d1b688abadeab51ef261f16161eb25b05b7a44f5bc995f60525e089",
     "data/d3fend-catalog.json": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
-    "data/framework-control-gaps.json": "d7e40e7d5edcdcb1573905a9a01ef31962030b4a16e0a138a4c733f00c8701d1",
+    "data/framework-control-gaps.json": "f88c5757553e3626981546ad1772189c6d40f9ddc24f730def949414cbab9cd0",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
+    "data/zeroday-lessons.json": "d9b9c13b0bb5bc18c933b5e2f41c9422c4a2d1f639e20a0f2979f94a2494f1e3",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
     "skills/mcp-agent-trust/skill.md": "3cec1dce668deec44cb7330e165e89cee8379dd90833519004d566baf72c038c",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 27,
+    "chains_cve_entries": 33,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -63,7 +63,7 @@
       "artifact": "data/framework-control-gaps.json",
       "path": "data/framework-control-gaps.json",
       "schema_version": "1.0.0",
-      "entry_count": 109
+      "entry_count": 118
     },
     {
       "date": "2026-05-15",
@@ -87,7 +87,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 15
+      "entry_count": 21
     },
     {
       "date": "2026-05-15",
@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 30
+      "entry_count": 36
     },
     {
       "date": "2026-05-13",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 30,
+      "entry_count": 36,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 109,
+      "entry_count": 118,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 15,
+      "entry_count": 21,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",