@blamejs/exceptd-skills 0.12.31 → 0.12.33

package/CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## 0.12.33 — 2026-05-15
+
+Same-day CVE intake (node-ipc supply-chain compromise) + cycle 13 audit fixes. Closes the long-standing `cred-stores` skill-vs-playbook semantic confusion that's surfaced in every audit since cycle 9.
+
+### Features
+
+**`MAL-2026-NODE-IPC-STEALER` — npm node-ipc supply-chain compromise (2026-05-14).** Three malicious versions (`9.1.6`, `9.2.3`, `12.0.1`) published by `atiertant`. Novel attack class: not credential theft, not typosquat, not lifecycle-hook worm — the attacker re-registered the maintainer's expired email domain (`atlantis-software.net`, expired and grabbed via Namecheap PrivateEmail on 2026-05-07) and abused npm's email-based password-reset flow to gain publish rights. 80 KB obfuscated IIFE in `node-ipc.cjs` fires on every `require()` (no hooks needed) and exfiltrates AWS / GCP / Azure / SSH / Kubernetes / Vault / Claude AI / Kiro IDE credentials via DNS TXT queries to an Azure-lookalike spoofed domain. 3.35M monthly downloads. Carries `kev_scope_note` per the cycle 11 ecosystem-package CISA-KEV-scope precedent. RWEP 43.
+
+**Three new control requirements in `zeroday-lessons`** capture the structural lesson: **NEW-CTRL-047 PACKAGE-MAINTAINER-DOMAIN-EXPIRY-MONITORING** (continuous WHOIS expiry monitoring on every critical-path maintainer email domain + dual-factor account recovery); **NEW-CTRL-048 NPM-MAINTAINER-MFA-ENFORCEMENT** (registry-side mandatory MFA on publish-enabled accounts); **NEW-CTRL-049 LOCKFILE-INTEGRITY-VERIFIED-AT-CI-BOOT** (`npm ci` / `--frozen-lockfile` / `--immutable` catches the swap even after a successful publish — `--ignore-scripts` does NOT mitigate because the payload ships in the main module, not a postinstall hook).
+
+**`D3-EFA` (Executable File Analysis) added to D3FEND catalog.** `sector-telecom` skill cited it but the entry didn't exist — cycle 13 finding. Distinct from `D3-EAL` (Executable Allowlisting): EAL blocks at execute-time; EFA inspects bytes at file-write / image-pull / artifact-fetch time and gates the allowlist decision itself.
+
+**CLI envelope-shape contract tests.** `tests/cli-output-envelope-shape.test.js` pins the EXACT top-level key set on `attest list --json`, `attest verify --json` (error path), and `version`. A contributor adding a new top-level field to these verbs now gets a forcing-function test failure that requires updating the contract. Expanded coverage to `run` / `ci` / `discover` / `brief` / `doctor` / `watchlist` deferred to future cycles as their shapes stabilize.
+
+### Bugs
+
+**`cred-stores` skill-vs-playbook semantic finally cleaned up.** Cycles 9, 12, and 13 all flagged that the 3 IR playbooks and 3 IR skills referenced `cred-stores` in `skill_preload` / `skill_chain` / Hand-Off sections as if it were a skill — but it's actually a playbook. Operators (and any tooling resolving these refs against `manifest.json.skills`) failed. Fixes: removed `cred-stores` from `data/playbooks/{idp-incident,cloud-iam-incident}.json` `skill_preload` + `skill_chain` (hand-off is via `_meta.feeds_into`, which was already present); annotated `cred-stores` / `framework` references in `skills/{idp-incident-response,cloud-iam-incident,ransomware-response}/skill.md` Hand-Off sections as *(playbook chain, not a skill)* with the explicit note that hand-off is via the playbook chain, not a skill load. Predeploy playbook validator now warning-free (was 6 warnings every release).
+
+### Internal
+
+- CVE catalog 36 → 37 entries; zeroday-lessons 21 → 22 entries.
+- AI-discovery rate stays at 16.2% (one more vendor/ecosystem-discovered entry dilutes the observed rate; floor remains 0.15).
+- D3FEND catalog 28 → 29 entries.
+- `tests/v0_12_33-node-ipc-coverage.test.js` pins MAL-2026-NODE-IPC-STEALER entry shape (iocs object with ≥1 category, kev_scope_note presence, NEW-CTRL-047 in lessons).
+- Reverse-ref regen: 3 CWE entries updated with the new MAL-* CVE evidence; 1 D3FEND skill_referencing prune (sector-telecom now correctly anchored against D3-EFA).
+- Test count 1109 → 1119.
+- 14/14 predeploy gates green.
+
+
+## 0.12.32 — 2026-05-15
+
+Cycle 11 CLI polish + cycle 12 catalog hardening. The headline closes a silent regression where the 6 CVEs advertised by v0.12.31 were shipped as `_draft: true` and therefore invisible to default `cross-ref-api` queries — operators running `exceptd` against Exchange would have gotten a clean bill on CVE-2026-42897.
+
+### Bugs
+
+**6 CVEs from v0.12.31 promoted from draft to non-draft.** Cycle 12 audit caught the regression: every CVE in cycle 11's intake shipped as `_draft: true`, which `lib/cross-ref-api.js` skips by default. v0.12.31 CHANGELOG advertised "6 new CISA-KEV CVEs" but operators couldn't actually query them. All 6 promoted with `_editorial_promoted: 2026-05-15` provenance; full required fields validated (iocs, vendor_advisories, verification_sources, complexity, affected_versions, RWEP Shape B invariant).
+
+**9 unmatched `framework_control_gaps` keys on the new CVEs now resolve.** `NIS2-Art21-vulnerability-management`, `DORA-Art-9`, `NIST-800-53-AC-3`, `OWASP-LLM-Top-10-2025-LLM05`, `NIST-800-53-AC-6`, `NIS2-Art21-identity-management`, `ISO-27001-2022-A.8.7`, `NIST-800-53-SC-44`, `CIS-Controls-v8-10.1` — referenced by the new CVEs but absent from the framework-gap catalog. All 9 now present with `theater_test` blocks (catalog 109 → 118 entries). Reverse `evidence_cves` links also added on the 6 existing entries (NIST-800-53-SI-2 / SI-3 / etc.) that the new CVEs reference.
+
+**CVE → CWE reverse-references auto-regenerated.** Cycle 9 introduced `npm run refresh-reverse-refs` for the skill direction (manifest → atlas/cwe/d3fend/rfc), but the CWE catalog's `evidence_cves` field — the operator-facing "which CVEs map to this CWE" index — was still hand-maintained and drifted with every CVE intake. The script now also walks `cve.cwe_refs` → `cwe.evidence_cves`. Drafts excluded (they're invisible to default consumers; the reverse direction tracks operator-queryable truth). 14 CWE entries updated on first run. New `tests/reverse-ref-drift.test.js` test pins the contract.
+
+### Features
+
+**`exceptd help <verb>`** now routes to the per-verb help text (`exceptd help run` returns the run-verb help, not the top-level banner). Pre-fix the verb arg was silently dropped. Unknown verbs fall through to top-level help with a stderr note. New `tests/help-verb-attest-list-deprecation.test.js` pins the contract.
+
+**`exceptd attest list` empty-state now names every candidate root.** Pre-fix the human output said "(no attestations under )" with an empty path list when no `.exceptd/` directory existed. New `roots_evaluated[]` field on the JSON output + `[scanned-empty]` / `[not-present]` markers in the human renderer.
+
+**Legacy-verb deprecation banner auto-suppresses across invocations.** Pre-fix the per-process env-var guard reset on every fresh node process, so operators saw the banner on every `exceptd plan` invocation. Now persists suppression via an OS-tempdir marker keyed by exceptd version — banner shows once per version per host, re-shows on upgrade. Explicit `EXCEPTD_DEPRECATION_SHOWN=1` still suppresses even the first display.
+
+### Internal
+
+- 6 matching `data/zeroday-lessons.json` entries authored for the promoted CVEs (rule #6 enforcement: zero-day learning is live for every non-draft catalog entry).
+- Test count 1099 → 1109 (10 new tests across F4/F5/F7 + reverse-ref drift extension + Shape B canonicalization staying green).
+- 14/14 predeploy gates green.
+
+
 ## 0.12.31 — 2026-05-15
 
 CLI ergonomics + 30-day CVE intake from the cycle 11 audit. Closes a silent-misrouting bug in the CI gate and adds six high-impact CVEs that landed on CISA KEV between 2026-04-15 and 2026-05-15.

package/bin/exceptd.js

@@ -400,6 +400,20 @@ function main() {
   const rest = argv.slice(1);
 
   if (cmd === "help" || cmd === "--help" || cmd === "-h") {
+    // Cycle 11 F4 (v0.12.32): `exceptd help <verb>` previously dropped the
+    // verb argument and printed the top-level help. Route through the same
+    // printPlaybookVerbHelp() that `exceptd <verb> --help` already uses so
+    // operators get a consistent verb-specific help surface regardless of
+    // which way they reached it.
+    if (rest.length > 0 && typeof rest[0] === 'string' && rest[0].length > 0) {
+      const verb = rest[0];
+      if (printPlaybookVerbHelp(verb)) {
+        process.exit(0);
+      }
+      // Verb not found — emit a one-line note pointing at the top-level
+      // help so operators don't silently see the wrong content.
+      process.stderr.write(`[exceptd help] no verb-specific help for "${verb}" — falling through to top-level help. Run \`exceptd help\` for the full verb list.\n`);
+    }
     printHelp();
     process.exit(0);
   }
@@ -449,15 +463,31 @@ function main() {
   // (plan, govern, direct, look, ingest, reattest, list-attestations).
   if (LEGACY_VERB_REPLACEMENTS[cmd] && !process.env.EXCEPTD_DEPRECATION_SHOWN) {
     const ver = readPkgVersion();
-    const haveBrief = ver !== "unknown" && ver.match(/^(\d+)\.(\d+)/) && (parseInt(RegExp.$1, 10) > 0 || parseInt(RegExp.$2, 10) >= 11);
-    process.stderr.write(
-      `[exceptd] DEPRECATION: \`${cmd}\` is a v0.10.x verb. ` +
-      (haveBrief
-        ? `Prefer \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (available in this install, v${ver}). `
-        : `Upgrade to v0.11.0+ then use \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (currently installed: v${ver}). `) +
-      `Legacy verbs remain functional through this release; they will be removed in v0.13. ` +
-      `Suppress: export EXCEPTD_DEPRECATION_SHOWN=1.\n`
-    );
+    // Cycle 11 F7 (v0.12.32): persist the suppression across invocations via
+    // an OS-tempdir marker keyed by exceptd version. Pre-fix the env-var
+    // guard reset every fresh node process so operators saw the same banner
+    // on every `exceptd plan` invocation, even after they'd already read it.
+    // Per-version key means a new version (legitimate new content) shows the
+    // banner once; subsequent runs within the same version stay quiet. The
+    // explicit EXCEPTD_DEPRECATION_SHOWN=1 env-var opt-out still suppresses
+    // even the first display, matching the documented contract.
+    const markerDir = require("os").tmpdir();
+    const markerFile = path.join(markerDir, `exceptd-deprecation-shown-v${ver}`);
+    let alreadyShown = false;
+    try { alreadyShown = fs.existsSync(markerFile); } catch { /* tmpdir unwritable; degrade to per-process */ }
+    if (!alreadyShown) {
+      const haveBrief = ver !== "unknown" && ver.match(/^(\d+)\.(\d+)/) && (parseInt(RegExp.$1, 10) > 0 || parseInt(RegExp.$2, 10) >= 11);
+      process.stderr.write(
+        `[exceptd] DEPRECATION: \`${cmd}\` is a v0.10.x verb. ` +
+        (haveBrief
+          ? `Prefer \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (available in this install, v${ver}). `
+          : `Upgrade to v0.11.0+ then use \`${LEGACY_VERB_REPLACEMENTS[cmd]}\` (currently installed: v${ver}). `) +
+        `Legacy verbs remain functional through this release; they will be removed in v0.13. ` +
+        `This banner shows once per exceptd version per host (re-shown on upgrade). Permanent suppress: export EXCEPTD_DEPRECATION_SHOWN=1.\n`
+      );
+      try { fs.writeFileSync(markerFile, `shown_at=${new Date().toISOString()}\nversion=${ver}\n`); }
+      catch { /* tmpdir unwritable; the env-var guard below keeps the per-process suppression intact */ }
+    }
     process.env.EXCEPTD_DEPRECATION_SHOWN = "1";
   }
 
@@ -1949,7 +1979,15 @@ Flags (selected — see \`exceptd run --help\` for the full list):
   --bundle-deterministic  Emit byte-stable bundles across the multi-run set.
   --bundle-epoch <ISO>    Frozen epoch for --bundle-deterministic.`,
   };
-  process.stdout.write((cmds[verb] || `${verb} — no per-verb help available; see \`exceptd help\` for the full list.`) + "\n");
+  // Cycle 11 F4 (v0.12.32): return whether a verb-specific help block was
+  // found so the `exceptd help <verb>` caller can decide whether to fall
+  // through to the top-level help (verb unknown) or stop here (verb known).
+  if (cmds[verb]) {
+    process.stdout.write(cmds[verb] + "\n");
+    return true;
+  }
+  process.stdout.write(`${verb} — no per-verb help available; see \`exceptd help\` for the full list.\n`);
+  return false;
 }
 
 /**
@@ -5399,9 +5437,14 @@ function cmdListAttestations(runner, args, runOpts, pretty) {
   }
   // Enumerate sessions across both v0.11.0 default root and legacy cwd-
   // relative root, so operators with prior attestations still see them.
-  const roots = [resolveAttestationRoot(runOpts), path.join(process.cwd(), ".exceptd", "attestations")];
+  // Cycle 11 F5 (v0.12.32): also track candidate roots that didn't exist
+  // so operators can tell whether the directory was scanned-and-empty or
+  // simply never created. Pre-fix the human output said "(no attestations
+  // under )" with no path — operators couldn't see where the verb looked.
+  const roots = [...new Set([resolveAttestationRoot(runOpts), path.join(process.cwd(), ".exceptd", "attestations")])];
   const entries = [];
   const seenRoots = new Set();
+  const rootsEvaluated = roots.map(r => ({ root: r, exists: fs.existsSync(r) }));
   for (const root of roots) {
     if (seenRoots.has(root) || !fs.existsSync(root)) continue;
     seenRoots.add(root);
@@ -5442,11 +5485,24 @@ function cmdListAttestations(runner, args, runOpts, pretty) {
     count: entries.length,
     filter: { playbook: playbookFilter ? [...playbookFilter] : null, since: args.since || null },
     roots_searched: [...seenRoots],
+    // Cycle 11 F5 (v0.12.32): every candidate root + whether it existed,
+    // so JSON consumers can distinguish scanned-and-empty from never-created.
+    // The human renderer below also surfaces this rather than printing
+    // "(no attestations under )" with an empty path list.
+    roots_evaluated: rootsEvaluated,
   }, pretty, (obj) => {
     // v0.11.6 (#95) human renderer for attest list: one row per session.
     const lines = [`attest list — ${obj.count} attestation(s)`];
     if (obj.count === 0) {
-      lines.push(`  (no attestations under ${obj.roots_searched.join(' or ')})`);
+      const evald = obj.roots_evaluated || [];
+      if (evald.length === 0) {
+        lines.push(`  (no attestation root resolved; set EXCEPTD_HOME or run from a project with .exceptd/)`);
+      } else {
+        lines.push(`  candidate roots evaluated:`);
+        for (const r of evald) {
+          lines.push(`    ${r.exists ? '[scanned-empty]' : '[not-present]'} ${r.root}`);
+        }
+      }
       return lines.join("\n");
     }
     lines.push(`  ${"session-id".padEnd(20)}  ${"playbook".padEnd(16)}  ${"captured-at".padEnd(20)}  evidence-hash`);

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-16T02:59:12.590Z",
+  "generated_at": "2026-05-16T04:40:25.150Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "72fc4315f17ce55e5637d0d3124e1cd7a51e54bd73dd273e7cb67d700bf9533f",
+    "manifest.json": "e7956bcec2b7aee7f469013be4aff46698c0cb269786775ad54a5096fd348920",
     "data/atlas-ttps.json": "259e76e4252c7a56c17bbe96982a5e37ac89131c2d37a547fe38d64dcacfd763",
     "data/attack-techniques.json": "51f60819aef36e960fd768e44dcc725e137781534fbbb028e5ef6baa21defa1d",
-    "data/cve-catalog.json": "1ab6ce2036ca9865c680aa2c934757fbd6dd7646e4012a7eab8f70d9ea0222c3",
-    "data/cwe-catalog.json": "f4bdc070b94d5b829f541aab34e21f86b133e9750ce9bef2d0b3e141c880bd33",
-    "data/d3fend-catalog.json": "35f076cd65d82ac97db90b72e884ec7ab2895c052567ee7d0c579c1965e6baaf",
+    "data/cve-catalog.json": "55aa571423fd254e6581b22a189a1c0eeb76d467b0ef645d1dfa39f74b28c569",
+    "data/cwe-catalog.json": "6e7349a0fac39bdf9c4cb4598e101e51400f67d64c5d653bbca462f28bc1a0cb",
+    "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "a9eeda95d24b56c28a0d0178fc601b531653e2ba7dc857160b35ad23ad6c7471",
-    "data/framework-control-gaps.json": "d7e40e7d5edcdcb1573905a9a01ef31962030b4a16e0a138a4c733f00c8701d1",
+    "data/framework-control-gaps.json": "f88c5757553e3626981546ad1772189c6d40f9ddc24f730def949414cbab9cd0",
     "data/global-frameworks.json": "0168825497e03f079274c9da2e5529310a2ba5bd7c7da7c93acd0b66ed845b8a",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "d960e5f8ca7a83c10194cd60207e13046a7eee1b8793e2f3de79475db283f800",
+    "data/zeroday-lessons.json": "c927653e6d9d86d1a36c23a3d782b099a49675ccd928cdc204887c79b0cfbbf1",
     "skills/kernel-lpe-triage/skill.md": "8e94bfd38d6db47342fbbe95a0c8df8f7c38743982c13e9de6a1c59cd3783d33",
     "skills/ai-attack-surface/skill.md": "13e543fc92b9b27cdb647dce96a9eeb44919e0fa92ec41e8265a9981a23e7b79",
     "skills/mcp-agent-trust/skill.md": "3cec1dce668deec44cb7330e165e89cee8379dd90833519004d566baf72c038c",
@@ -53,11 +53,11 @@
     "skills/container-runtime-security/skill.md": "f06260f0c468d6a4f0409294899017edab45c98d71db1fedd7a630fe6a7bf53a",
     "skills/mlops-security/skill.md": "e6a296fc67724aa3b026c0039f44867b44cf0926eade4fe616bfd0a4c77310bf",
     "skills/incident-response-playbook/skill.md": "8ef7ce1246dc1329b6df3cc9de8d79d35e2c02c703dcef20f35b312b1c24fd52",
-    "skills/ransomware-response/skill.md": "ffe07ba8c196aabceb69b07dafa7a9c3ca2ec8e5ce079107f4eec82512a01be1",
+    "skills/ransomware-response/skill.md": "603126d81f6c3619f0b2f6d81ea1d6b64f9c8c1296f877ad2e6d802ddab09165",
     "skills/email-security-anti-phishing/skill.md": "b5a7693b3ddbd6cd83303d092bc5e324db431245d25c4945d9f65fcffa1995e7",
     "skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d",
-    "skills/cloud-iam-incident/skill.md": "35a9dd108679103c0eca54ea0c5b8f3db0a199975f87e20660b2c3a11440f40b",
-    "skills/idp-incident-response/skill.md": "39b5b492914e9092fe1c0b2be5af83d4ed869939996b6a201f2d0cd8142ab8f3"
+    "skills/cloud-iam-incident/skill.md": "10e2af2cf8292f457cd3877bcee37f6ee30c80037a3ef5b367fba25195c7a791",
+    "skills/idp-incident-response/skill.md": "3d75d7a0fc5b9a3c584ac5c6510f8b6bd63b7b780488541eb193250ae795b4e2"
   },
   "skill_count": 42,
   "catalog_count": 11,
@@ -78,7 +78,7 @@
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 397336,
+    "token_budget_total_approx": 397485,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/activity-feed.json

@@ -63,7 +63,7 @@
       "artifact": "data/framework-control-gaps.json",
       "path": "data/framework-control-gaps.json",
       "schema_version": "1.0.0",
-      "entry_count": 109
+      "entry_count": 118
     },
     {
       "date": "2026-05-15",
@@ -87,7 +87,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 15
+      "entry_count": 22
     },
     {
       "date": "2026-05-15",
@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 36
+      "entry_count": 37
     },
     {
       "date": "2026-05-13",
@@ -118,7 +118,7 @@
       "artifact": "data/d3fend-catalog.json",
       "path": "data/d3fend-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 28
+      "entry_count": 29
     },
     {
       "date": "2026-05-11",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 36,
+      "entry_count": 37,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -106,7 +106,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 28,
+      "entry_count": 29,
       "sample_keys": [
         "D3-EAL",
         "D3-EHB",
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 109,
+      "entry_count": 118,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 15,
+      "entry_count": 22,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",