@blamejs/exceptd-skills 0.12.39 → 0.12.41

package/data/global-frameworks.json

@@ -3,6 +3,7 @@
     "schema_version": "1.3.0",
     "version": "1.3.0",
     "last_updated": "2026-05-15",
+    "last_threat_review": "2026-05-17",
     "note": "Multi-jurisdiction framework registry. patch_sla in hours. notification_sla in hours. source field must be primary regulatory source. v1.3.0 expansion: NO, MX, AR, TR, TH, PH, US_CALIFORNIA top-level jurisdictions added; EU member-state sub-regulator blocks added for Germany (BSI), France (ANSSI), Spain (AEPD + AESIA), Italy (ACN + AgID); EU-level technical body ENISA added as cross-cutting reference. v1.2.0 expansion: IL, CH, HK, TW, ID, VN, US_NYDFS added; JP expanded with APPI/PPC, FISC, NISC, METI, Economic Security Promotion Act, AI Strategy Council guidance. v1.1.0 expansion: BR, CN, ZA, AE, SA, NZ, KR, CL added; IN and CA enriched with data-protection law entries (DPDPA, Quebec Law 25, PIPEDA).",
     "tlp": "CLEAR",
     "source_confidence": {

package/data/playbooks/crypto-codebase.json

@@ -381,6 +381,7 @@
           "id": "package-manifests",
           "type": "config_file",
           "source": "Read package.json, pyproject.toml, setup.py, go.mod, Cargo.toml, pom.xml, build.gradle, Gemfile, composer.json, mix.exs at repo root and at every nested package boundary. Use Glob `**/{package.json,pyproject.toml,go.mod,Cargo.toml,pom.xml,build.gradle,Gemfile,composer.json}` excluding `node_modules`, `vendor`, `.venv`, `target`, `dist`, `build`.",
+          "air_gap_alternative": "Identical local-filesystem read; no network dependency. Same Glob/Read against the working repo.",
           "description": "Package manifests — establish the language ecosystems present, declared crypto-adjacent dependencies, and the public API surface.",
           "required": true
         },
@@ -388,6 +389,7 @@
           "id": "lockfiles",
           "type": "config_file",
           "source": "Read package-lock.json, yarn.lock, pnpm-lock.yaml, poetry.lock, uv.lock, Pipfile.lock, go.sum, Cargo.lock, composer.lock at repo root and at every package boundary.",
+          "air_gap_alternative": "Identical local-filesystem read; no network dependency. Same Read against the working repo.",
           "description": "Lockfiles — concrete versions of crypto-adjacent deps actually shipped to consumers (openssl, sodium, libsodium-wrappers, tweetnacl, noble-curves, noble-hashes, noble-post-quantum, jsrsasign, node-forge, pqcrypto, oqs-rs, kyber-crystals, dilithium, aws-lc-rs, ring, rustls, rust-openssl).",
           "required": false
         },
@@ -395,6 +397,7 @@
           "id": "hash-primitive-call-sites",
           "type": "file",
           "source": "Grep across the repo (excluding test/spec/fixture/node_modules/vendor/.venv/target/dist/build) for hash-primitive call sites. Patterns: `crypto.createHash\\(`, `crypto.createHmac\\(`, `hashlib\\.(md5|sha1|sha224|sha256|sha384|sha512|blake2b|blake2s|sha3_)`, `MessageDigest\\.getInstance\\(`, `Digest::(MD5|SHA1|SHA256)`, `hash/md5`, `hash/sha1`, `\"md5\"`, `\"sha1\"`, `\"sha-1\"`, `\"sha256\"`, `\"sha3-256\"`. Use Grep with multiline=true where the algorithm-name string is on a different line from the constructor.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Every hash-primitive call site. Distinguish security-context usage (signature input, MAC input, integrity check, password derivation, token derivation) from non-security usage (cache key, ETag, dedup). The non-security distinction must be evidenced inline; absent evidence, treat as security-context.",
           "required": true
         },
@@ -402,6 +405,7 @@
           "id": "cipher-and-kex-call-sites",
           "type": "file",
           "source": "Grep for cipher and KEX call sites: `createCipheriv\\(`, `createDecipheriv\\(`, `crypto\\.publicEncrypt\\(`, `crypto\\.privateDecrypt\\(`, `createDiffieHellman\\(`, `createECDH\\(`, `crypto\\.generateKeyPair`, `Cipher\\.getInstance\\(`, `aesgcm`, `ChaCha20Poly1305`, `\\.(seal|open)\\(`, `OpenSSL::Cipher`, hardcoded curve names `\"P-256\"`, `\"secp256r1\"`, `\"prime256v1\"`, `\"P-384\"`, `\"secp384r1\"`, `\"P-521\"`, `\"secp521r1\"`, `\"secp256k1\"`, `\"X25519\"`, `\"X448\"`.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Cipher and key-exchange call sites. Identify mode (GCM/CBC/CTR/ECB), curve, key size, IV-generation pattern. ECB mode anywhere is a hard fail. CBC without HMAC is a hard fail. AES-128 without GCM authenticator is a finding.",
           "required": true
         },
@@ -409,6 +413,7 @@
           "id": "signature-call-sites",
           "type": "file",
           "source": "Grep for signature operations: `crypto\\.sign\\(`, `crypto\\.verify\\(`, `Signature\\.getInstance\\(`, `\\.sign_pss\\(`, `\\.verify_pss\\(`, `RSA-PSS`, `RSA-PKCS1`, `ECDSA`, `Ed25519`, `Ed448`, `ML-DSA`, `Dilithium`, `SLH-DSA`, `SPHINCS`. Capture key sizes for RSA (look for `modulusLength`, `key_size`, `--rsa-2048` literals), curve choice for ECDSA, hash choice paired with signature (RSA-SHA1 is a hard fail).",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Signature scheme inventory. RSA-1024 anywhere is a hard fail; RSA-2048 with > 5-year sensitivity requires PQC roadmap; ECDSA-P256 acceptable today but needs hybrid ML-DSA migration plan; bare RSA-PKCS1 (not PSS) for new signatures is a finding.",
           "required": true
         },
@@ -416,6 +421,7 @@
           "id": "kdf-call-sites",
           "type": "file",
           "source": "Grep for key-derivation calls: `pbkdf2(Sync)?\\(`, `PBKDF2`, `hashlib\\.pbkdf2_hmac`, `bcrypt\\.(hash|hashSync|compare)`, `scrypt(Sync)?\\(`, `argon2\\.(hash|verify)`, `argon2id`, `hkdf\\(`, `HKDF`, `derive_key`. For each, extract the cost parameters: PBKDF2 iterations, bcrypt cost factor, scrypt N/r/p, argon2 t/m/p.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Key-derivation parameter inventory. Apply OWASP 2023 minimums: PBKDF2-HMAC-SHA256 >= 600,000; PBKDF2-HMAC-SHA512 >= 210,000; bcrypt cost >= 12; scrypt N >= 2^17, r=8, p=1; argon2id m >= 19 MiB (19456 KiB), t >= 2, p >= 1. Any parameter below minimum is a finding.",
           "required": true
         },
@@ -423,6 +429,7 @@
           "id": "rng-call-sites",
           "type": "file",
           "source": "Grep for RNG sources: `Math\\.random\\(`, `random\\.random\\(`, `random\\.randint\\(`, `random\\.choice\\(`, `rand\\(`, `srand\\(`, `mt_rand\\(`, `secrets\\.(token_|randbits|choice)`, `crypto\\.randomBytes\\(`, `crypto\\.getRandomValues\\(`, `crypto\\.randomUUID\\(`, `os\\.urandom\\(`, `getrandom\\(`, `SecureRandom`, `OsRng`, `ThreadRng`, `/dev/urandom`, `/dev/random`. Capture file_path:line for each.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "RNG-source inventory. Production-context Math.random / random.random / rand without cryptographic-RNG fallback is CWE-338. Distinguish test/spec/fixture usage explicitly via path allowlist; production usage requires a cryptographic RNG.",
           "required": true
         },
@@ -430,6 +437,7 @@
           "id": "hardcoded-key-material",
           "type": "file",
           "source": "Grep for hardcoded crypto material: PEM markers `-----BEGIN (RSA |EC |DSA |PRIVATE |PUBLIC |CERTIFICATE )?(PRIVATE|PUBLIC) KEY-----`, SSH key prefixes `ssh-rsa AAAA`, `ssh-ed25519 AAAA`, `ecdsa-sha2-nistp256 AAAA`, hex-blob heuristics for keys (>= 64 hex chars on a single literal line), base64-encoded blobs >= 256 chars in source files. Cross-reference with the `secrets` playbook for the exfil-secret angle; here the focus is library-author shipping defaults that look like keys (e.g. example certs, demo keys, sample HMAC seeds that downstream consumers fail to rotate).",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Hardcoded key material shipped with the library. Library-author angle: any 'demo' or 'example' key that downstream consumers fail to rotate becomes a universal-default vulnerability (cf. embedded-router demo keys, Wi-Fi default WPA keys, IoT bootloader signing keys).",
           "required": false
         },
@@ -437,6 +445,7 @@
           "id": "tls-config-construction",
           "type": "file",
           "source": "Grep for in-code TLS context construction: `tls\\.createSecureContext`, `tls\\.createServer`, `https\\.createServer`, `ssl\\.SSLContext\\(`, `ssl\\.create_default_context`, `rustls::ServerConfig`, `rustls::ClientConfig`, `tls\\.Config\\{`, `SSL_CTX_new`, options like `minVersion`, `maxVersion`, `secureProtocol`, `ciphers`, `ecdhCurve`, `sigalgs`, `groups`, `ALPNProtocols`.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "In-code TLS configuration. Library authors that construct TLS contexts internally must default to TLS 1.3 minimum, X25519MLKEM768 group preference (when openssl >= 3.5 detected), modern cipher list. Hardcoded `secureProtocol: 'TLSv1_method'` or `minVersion: 'TLSv1'` is a hard fail.",
           "required": false
         },
@@ -444,6 +453,7 @@
           "id": "pqc-adoption-signals",
           "type": "file",
           "source": "Grep for PQC adoption: `ml[-_]?kem`, `ml[-_]?dsa`, `slh[-_]?dsa`, `kyber`, `dilithium`, `sphincs`, `falcon`, `kemEncapsulate`, `kemDecapsulate`, `EVP_KEM_`, `OQS_KEM_`, `oqsprovider`, `liboqs`, `noble-post-quantum`, `pqcrypto::`, `aws-lc-rs::pqc`, `circl/sign/dilithium`, `circl/kem/kyber`.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "PQC adoption signals. If `pqc-readiness-gap` directive runs, this artifact is the primary input. Distinguish concrete cryptographic operations from configuration strings, feature-flag names, and comments.",
           "required": false
         },
@@ -451,6 +461,7 @@
           "id": "fips-provider-activation",
           "type": "file",
           "source": "Grep for FIPS-mode activation: `OSSL_PROVIDER_load.*fips`, `crypto\\.setFips\\(`, `openssl::provider::Provider::load_default`, `Provider::load.*\"fips\"`, openssl.cnf or fipsmodule.cnf files in the repo, environment-variable references to `OPENSSL_FIPS`, `OPENSSL_CONF`. Capture whether the activation is conditional (e.g. only if env var set) or unconditional.",
+          "air_gap_alternative": "Identical local-filesystem Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "FIPS-provider activation evidence. The `fips-validation-status` directive uses this to distinguish runtime FIPS activation from link-time FIPS claims.",
           "required": false
         },
@@ -458,6 +469,7 @@
           "id": "vendored-crypto-tree",
           "type": "file",
           "source": "Glob for vendored crypto: `vendor/**/{crypto,openssl,sodium,nacl,kyber,dilithium,sphincs,curve25519,blake2,sha3,argon2}*`, `third_party/**/*crypto*`, `crates/**/*crypto*` (excluding the package's own crypto module). Look for upstream-reference files: `UPSTREAM`, `ORIGIN`, `PROVENANCE.md`, `.upstream-commit`, integrity hashes in lockfiles.",
+          "air_gap_alternative": "Identical local-filesystem Glob; no network dependency. Run the same patterns against the working repo.",
           "description": "Vendored cryptographic primitives. Library authors sometimes vendor crypto to reduce dep tree or for licensing reasons. Without provenance + integrity audit, vendored crypto is a supply-chain backdoor opportunity.",
           "required": false
         },
@@ -465,6 +477,7 @@
           "id": "ci-crypto-tests",
           "type": "file",
           "source": "Glob for CI configs: `.github/workflows/**/*.yml`, `.gitlab-ci.yml`, `.circleci/config.yml`, `azure-pipelines.yml`, `Jenkinsfile`. Grep for crypto-test invocations, FIPS-test runs, constant-time analysis tools (`dudect`, `valgrind --tool=memcheck` on secret-dependent code, `ctgrind`).",
+          "air_gap_alternative": "Identical local-filesystem Glob + Grep; no network dependency. Run the same patterns against the working repo.",
           "description": "Build-time crypto verification. Absence of constant-time tests on vendored PQC primitives is a finding for the `pqc-readiness-gap` directive.",
           "required": false
         }

package/data/zeroday-lessons.json

@@ -2,6 +2,7 @@
   "_meta": {
     "schema_version": "1.1.0",
     "last_updated": "2026-05-15",
+    "last_threat_review": "2026-05-17",
     "purpose": "Zero-day learning loop output. Each entry maps a CVE to: attack vector, defense chain analysis, framework coverage, new control requirements generated, and exposure scoring. v1.1.0 (2026-05-15): every entry now carries ai_discovered_zeroday boolean + ai_discovery_source enum + ai_discovery_date + ai_assist_factor ladder, per AGENTS.md Hard Rule #7.",
     "note": "Never delete entries. Closed gaps are marked status: closed. History is data.",
     "tlp": "CLEAR",

package/lib/framework-gap.js

@@ -189,12 +189,22 @@ function gapReport(frameworkIds, threatScenario, controlGaps, cveCatalog = {}) {
     };
   }
 
+  // Cycle 20 A P1 (v0.12.40): pre-fix this filtered on `theater_pattern`
+  // (a legacy field) but the v0.12.29 backfill added a structured
+  // `theater_test` block on all 118 entries while leaving most without
+  // `theater_pattern`. Result: the per-entry badge (line 188 above)
+  // showed "⚠ THEATER RISK" for every open gap, but the summary
+  // footer reported "0 theater-risk controls" because nothing matched
+  // the legacy field. Now: an entry is theater-risk if it's open AND
+  // carries EITHER `theater_test` OR `theater_pattern`. Footer + badge
+  // count agree.
   const theaterRisks = relevantGaps
-    .filter(([, g]) => g.status === 'open' && g.theater_pattern)
+    .filter(([, g]) => g.status === 'open' && (g.theater_test || g.theater_pattern))
     .map(([key, g]) => ({
       control: key,
-      pattern: g.theater_pattern,
-      framework: g.framework
+      pattern: g.theater_pattern || (g.theater_test && g.theater_test.claim) || null,
+      framework: g.framework,
+      theater_test_present: !!g.theater_test,
     }));
 
   return {

package/lib/lint-skills.js

@@ -759,7 +759,7 @@ function main() {
     for (const o of orphans) {
       console.log(`FAIL  <orphan>`);
       console.log(`        - skill.md exists on disk but not in manifest: ${o}`);
-      console.log(`          fix: re-run \`node lib/sign.js sign-all\` after adding it to manifest.json, OR delete the orphan directory`);
+      console.log(`          fix: re-run sign-all (\`node $(exceptd path)/lib/sign.js sign-all\` from a contributor checkout) after adding it to manifest.json, OR delete the orphan directory`);
     }
     // P4 — air-gap completeness lint over data/playbooks/*.json.
     airGapWarnings = lintPlaybookAirGap();

package/lib/playbook-runner.js

@@ -1679,7 +1679,7 @@ function close(playbookId, directiveId, analyzeResult, validateResult, agentSign
     evidencePackage.signature_algorithm = 'HMAC-SHA256-session-key';
   } else if (evidencePackage && evidencePackage.signed) {
     evidencePackage.signature = null;
-    evidencePackage.signature_pending = 'No session_key provided. Sign with Ed25519 via `node lib/sign.js sign-evidence <bundle.json>` post-emit.';
+    evidencePackage.signature_pending = 'No session_key provided. Sign with Ed25519 via `node $(exceptd path)/lib/sign.js sign-evidence <bundle.json>` post-emit (contributor checkout) or `exceptd doctor --fix` to enable signing.';
   }
 
   // learning_loop lesson
@@ -2830,13 +2830,17 @@ function normalizeSubmission(submission, playbook) {
   // which confuses detect()'s indicator-id lookup. Strip and log instead.
   if (submission.signal_overrides !== undefined && submission.signal_overrides !== null
       && (typeof submission.signal_overrides !== 'object' || Array.isArray(submission.signal_overrides))) {
-    if (!submission._runErrors) submission._runErrors = [];
-    pushRunError(submission._runErrors, {
+    // Clone before mutating _runErrors so a frozen / shared input
+    // submission isn't modified in place. Pre-fix a caller passing a
+    // frozen submission (Object.freeze for safety, or a shared reference
+    // across parallel runs) threw uncaught on the _runErrors push.
+    const carry = Array.isArray(submission._runErrors) ? submission._runErrors.slice() : [];
+    pushRunError(carry, {
       kind: 'signal_overrides_invalid',
       supplied_type: Array.isArray(submission.signal_overrides) ? 'array' : typeof submission.signal_overrides,
       reason: 'signal_overrides must be a plain object mapping indicator-id → verdict.'
     }, { dedupeKey: e => String(e.supplied_type) });
-    submission = { ...submission, signal_overrides: {} };
+    submission = { ...submission, signal_overrides: {}, _runErrors: carry };
   }
 
   // v0.11.3 #71 fix: the CLI may inject `signals._bundle_formats` before

package/lib/scoring.js

@@ -300,7 +300,15 @@ function compare(cveId, catalog, opts) {
   // SLA is insufficient. ±10 is the tightest classifier that still treats
   // ordinary CVSS rounding noise as alignment.
   let explanation = '';
-  if (delta > 10) {
+  // Surface the "no scoring signal" case distinctly from "broadly
+  // aligned". Pre-fix a CVE with rwep_score: 0 AND cvss_score: 0 (e.g.
+  // catalog entry created before scoring backfill) printed "broadly
+  // aligned" — coincidence-passing per the field-present-not-populated
+  // pitfall. Now the operator sees a specific signal pointing at the
+  // catalog gap rather than a false sense of alignment.
+  if ((rwep == null || rwep === 0) && (cvss == null || cvss === 0)) {
+    explanation = 'No scoring signal — both RWEP and CVSS are zero/null. Investigate the catalog entry; this CVE has no usable risk score.';
+  } else if (delta > 10) {
     explanation = `RWEP significantly higher than CVSS equivalent. Factors driving delta: `;
     const driving = [];
     if (entry.cisa_kev) driving.push('CISA KEV (+25)');

package/lib/sign.js

@@ -101,6 +101,22 @@ function generateKeypair({ rotate = false } = {}) {
     process.exit(1);
   }
 
+  // Refuse to silently overwrite an existing public key when no private key
+  // is present. This is the v0.11.x signature-regression class: a host with
+  // a working pubkey but missing privkey running generate-keypair would
+  // produce a fresh pubkey divergent from every shipped signature. Operators
+  // running `exceptd doctor --fix` on a stock install would replace the
+  // shipped keys/public.pem with one whose private half exists only on
+  // their machine — every subsequent verify against shipped signatures fails.
+  // Force the operator to be explicit via --rotate (which signals intent to
+  // re-sign).
+  if (fs.existsSync(PUBLIC_KEY_PATH) && !rotate) {
+    console.error('[sign] Public key already exists at keys/public.pem but no matching private key.');
+    console.error('[sign] Refusing to overwrite the public key — that would orphan every existing signature.');
+    console.error('[sign] If you are setting up a fresh signing identity, pass --rotate to confirm. After --rotate you must re-sign all skills with sign-all.');
+    process.exit(1);
+  }
+
   fs.mkdirSync(KEYS_DIR, { recursive: true, mode: 0o700 });
   fs.mkdirSync(PUBLIC_KEYS_DIR, { recursive: true });
 
@@ -115,20 +131,35 @@ function generateKeypair({ rotate = false } = {}) {
   // on win32, fs.writeFileSync `mode` does not produce
   // a POSIX-style restrictive ACL. Tighten via icacls so other desktop
   // users on the same workstation / CI runner can't read the key.
-  restrictWindowsAcl(PRIVATE_KEY_PATH);
+  const aclHardened = restrictWindowsAcl(PRIVATE_KEY_PATH);
 
   if (rotate) {
-    console.log('[sign] Keypair rotated. All existing signatures are now invalid — run: node lib/sign.js sign-all');
+    console.log('[sign] Keypair rotated. All existing signatures are now invalid — re-sign with sign-all.');
   } else {
     console.log('[sign] Ed25519 keypair generated.');
     console.log(`  Private key: .keys/private.pem (gitignored — do not commit)`);
     console.log(`  Public key:  keys/public.pem (tracked — commit this)`);
   }
+  if (process.platform === 'win32') {
+    console.log(`  Windows ACL hardened: ${aclHardened ? 'yes' : 'NO — other desktop users on this machine may be able to read the private key'}`);
+  }
 
   console.log('\nNext steps:');
-  console.log('  1. node lib/sign.js sign-all    — sign all current skills');
-  console.log('  2. node lib/verify.js           — confirm all signatures');
-  console.log('  3. git add keys/public.pem && git commit -m "add signing public key"');
+  if (rotate) {
+    // After --rotate the private key IS present, so `doctor --fix`'s
+    // missing-key path won't fire. Tell the operator to re-sign
+    // directly. (doctor --fix v0.12.41+ also detects this case and
+    // chains sign-all, so either path converges.)
+    console.log('  1. exceptd doctor --fix     — detects post-rotate stale signatures and chains sign-all');
+    console.log('     (or: node $(exceptd path)/lib/sign.js sign-all   — re-sign directly)');
+    console.log('  2. exceptd doctor           — confirm signatures verify against the new public key');
+    console.log('  3. git add keys/public.pem && git commit -m "rotate signing public key"');
+  } else {
+    console.log('  1. exceptd doctor --fix     — chains sign-all after first key generation');
+    console.log('  2. exceptd doctor           — confirm signatures verify');
+    console.log('  3. git add keys/public.pem && git commit -m "add signing public key"');
+  }
+  return { aclHardened };
 }
 
 /**
@@ -380,11 +411,11 @@ function signCanonicalManifest(manifest, privateKey) {
  * @param {string} targetPath absolute path of the private key file
  */
 function restrictWindowsAcl(targetPath) {
-  if (process.platform !== 'win32') return;
+  if (process.platform !== 'win32') return true;
   const user = process.env.USERNAME;
   if (!user) {
     console.warn('[sign] WARN: USERNAME env var not set — skipping Windows ACL hardening on ' + targetPath);
-    return;
+    return false;
   }
   try {
     execFileSync('icacls', [
@@ -393,6 +424,7 @@ function restrictWindowsAcl(targetPath) {
       '/grant:r',
       `${user}:F`,
     ], { stdio: ['ignore', 'ignore', 'pipe'] });
+    return true;
   } catch (err) {
     console.warn(
       '[sign] WARN: icacls hardening failed on ' + targetPath + ': ' +
@@ -400,6 +432,7 @@ function restrictWindowsAcl(targetPath) {
       ' — the key was written but ACL inheritance was not stripped. ' +
       'Other desktop users on this machine may be able to read it.'
     );
+    return false;
   }
 }
 

package/lib/verify.js

@@ -87,7 +87,7 @@ const EXPECTED_FINGERPRINT_PATH = path.join(ROOT, 'keys', 'EXPECTED_FINGERPRINT'
 function verifyAll() {
   const publicKey = loadPublicKey();
   if (!publicKey) {
-    console.error('[verify] No public key at keys/public.pem — run: node lib/sign.js generate-keypair');
+    console.error('[verify] No public key at keys/public.pem — run `exceptd doctor --fix` (or `node $(exceptd path)/lib/sign.js generate-keypair` from a contributor checkout)');
     return { valid: [], invalid: [], missing_sig: [], missing_file: [], no_key: true };
   }
 
@@ -128,7 +128,7 @@ function verifyOne(skillName) {
  */
 function signAll() {
   const privateKey = loadPrivateKey();
-  if (!privateKey) throw new Error('No private key at .keys/private.pem — run: node lib/sign.js generate-keypair');
+  if (!privateKey) throw new Error('No private key at .keys/private.pem — run `exceptd doctor --fix` (or `node $(exceptd path)/lib/sign.js generate-keypair` from a contributor checkout)');
 
   // P1-4: load the manifest without the signature gate. We're about to
   // mutate the manifest (re-sign skills + re-sign the manifest itself),
@@ -236,7 +236,7 @@ function validateSkillPath(skillPath) {
 
 function verifySkill(skill, publicKey) {
   if (!skill.signature) {
-    return { status: 'missing_sig', reason: 'No Ed25519 signature in manifest — run: node lib/sign.js sign-all' };
+    return { status: 'missing_sig', reason: 'No Ed25519 signature in manifest — run `exceptd doctor --fix` (or `node $(exceptd path)/lib/sign.js sign-all` from a contributor checkout)' };
   }
 
   const skillPath = path.join(ROOT, skill.path);
@@ -447,7 +447,7 @@ function loadManifestValidated() {
     // console.warn would spam stderr per call. Node's emitWarning() with
     // a stable `code` collapses repeated emissions automatically.
     process.emitWarning(
-      'manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `node lib/sign.js sign-all` to add the signature.',
+      'manifest.json has no top-level manifest_signature field. This tarball predates v0.12.17 manifest signing; skills will still be verified but a coordinated rewrite of manifest.json could go undetected. Re-run `exceptd doctor --fix` (or `node $(exceptd path)/lib/sign.js sign-all` from a contributor checkout) to add the signature.',
       { code: 'EXCEPTD_MANIFEST_UNSIGNED' }
     );
   } else if (sigResult.status === 'no-key') {
@@ -693,7 +693,7 @@ if (require.main === module) {
   if (arg === 'check-key') {
     const pub = loadPublicKey();
     if (!pub) {
-      console.error('[verify] No public key — run: node lib/sign.js generate-keypair');
+      console.error('[verify] No public key — run `exceptd doctor --fix` (or `node $(exceptd path)/lib/sign.js generate-keypair` from a contributor checkout)');
       process.exit(1);
     }
     console.log('[verify] Public key present at keys/public.pem');

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-16T15:27:47.469Z",
+  "_generated_at": "2026-05-16T15:50:05.906Z",
   "atlas_version": "5.4.0",
   "skill_count": 42,
   "skills": [

package/manifest-snapshot.sha256

@@ -1 +1 @@
-fa542106c79317aef0571fec9a38b457ffdfe6161567c20284f43ac48dcd6d71  manifest-snapshot.json
+1185d2dadcd6f08e15fb2b142c1b9c8bc106730893bbb439614510ca4bdec2af  manifest-snapshot.json