@blamejs/exceptd-skills 0.12.41 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/CHANGELOG.md +91 -0
  2. package/bin/exceptd.js +52 -44
  3. package/data/_indexes/_meta.json +47 -47
  4. package/data/_indexes/chains.json +485 -13
  5. package/data/_indexes/jurisdiction-map.json +15 -4
  6. package/data/_indexes/section-offsets.json +1244 -1244
  7. package/data/_indexes/token-budget.json +173 -173
  8. package/data/atlas-ttps.json +54 -11
  9. package/data/attack-techniques.json +113 -17
  10. package/data/cve-catalog.json +17 -24
  11. package/data/cwe-catalog.json +8 -2
  12. package/data/framework-control-gaps.json +13 -3
  13. package/data/playbooks/ai-api.json +5 -0
  14. package/data/playbooks/cicd-pipeline-compromise.json +970 -0
  15. package/data/playbooks/cloud-iam-incident.json +4 -1
  16. package/data/playbooks/cred-stores.json +10 -0
  17. package/data/playbooks/framework.json +16 -0
  18. package/data/playbooks/hardening.json +4 -0
  19. package/data/playbooks/identity-sso-compromise.json +951 -0
  20. package/data/playbooks/idp-incident.json +3 -0
  21. package/data/playbooks/kernel.json +6 -0
  22. package/data/playbooks/llm-tool-use-exfil.json +963 -0
  23. package/data/playbooks/mcp.json +6 -0
  24. package/data/playbooks/runtime.json +4 -0
  25. package/data/playbooks/sbom.json +13 -0
  26. package/data/playbooks/secrets.json +6 -0
  27. package/data/playbooks/webhook-callback-abuse.json +916 -0
  28. package/lib/cross-ref-api.js +33 -13
  29. package/lib/cve-curation.js +12 -1
  30. package/lib/exit-codes.js +29 -0
  31. package/lib/lint-skills.js +24 -2
  32. package/lib/refresh-external.js +10 -1
  33. package/lib/scoring.js +55 -0
  34. package/manifest.json +83 -83
  35. package/orchestrator/index.js +32 -24
  36. package/package.json +1 -1
  37. package/sbom.cdx.json +122 -78
  38. package/scripts/predeploy.js +7 -13
  39. package/scripts/refresh-reverse-refs.js +86 -0
  40. package/scripts/refresh-sbom.js +21 -4
  41. package/skills/age-gates-child-safety/skill.md +1 -5
  42. package/skills/ai-attack-surface/skill.md +11 -4
  43. package/skills/ai-c2-detection/skill.md +11 -2
  44. package/skills/ai-risk-management/skill.md +4 -2
  45. package/skills/api-security/skill.md +7 -8
  46. package/skills/attack-surface-pentest/skill.md +2 -2
  47. package/skills/cloud-iam-incident/skill.md +1 -5
  48. package/skills/cloud-security/skill.md +0 -4
  49. package/skills/compliance-theater/skill.md +10 -2
  50. package/skills/container-runtime-security/skill.md +1 -3
  51. package/skills/dlp-gap-analysis/skill.md +3 -4
  52. package/skills/email-security-anti-phishing/skill.md +1 -8
  53. package/skills/exploit-scoring/skill.md +7 -2
  54. package/skills/framework-gap-analysis/skill.md +1 -1
  55. package/skills/fuzz-testing-strategy/skill.md +1 -2
  56. package/skills/global-grc/skill.md +3 -2
  57. package/skills/identity-assurance/skill.md +1 -3
  58. package/skills/idp-incident-response/skill.md +1 -4
  59. package/skills/incident-response-playbook/skill.md +1 -5
  60. package/skills/kernel-lpe-triage/skill.md +2 -2
  61. package/skills/mcp-agent-trust/skill.md +13 -3
  62. package/skills/mlops-security/skill.md +2 -3
  63. package/skills/ot-ics-security/skill.md +0 -3
  64. package/skills/policy-exception-gen/skill.md +11 -3
  65. package/skills/pqc-first/skill.md +4 -2
  66. package/skills/rag-pipeline-security/skill.md +2 -0
  67. package/skills/ransomware-response/skill.md +1 -5
  68. package/skills/researcher/skill.md +4 -3
  69. package/skills/sector-energy/skill.md +0 -4
  70. package/skills/sector-federal-government/skill.md +2 -3
  71. package/skills/sector-financial/skill.md +1 -4
  72. package/skills/sector-healthcare/skill.md +0 -5
  73. package/skills/sector-telecom/skill.md +0 -4
  74. package/skills/security-maturity-tiers/skill.md +1 -2
  75. package/skills/skill-update-loop/skill.md +4 -3
  76. package/skills/supply-chain-integrity/skill.md +4 -3
  77. package/skills/threat-model-currency/skill.md +1 -1
  78. package/skills/threat-modeling-methodology/skill.md +2 -1
  79. package/skills/webapp-security/skill.md +0 -5
package/data/playbooks/cloud-iam-incident.json CHANGED
@@ -58,6 +58,9 @@
58
58
  "playbook_id": "sbom",
59
59
  "condition": "compromised_account_has_published_assets == true"
60
60
  }
61
+ ],
62
+ "fed_by": [
63
+ "identity-sso-compromise"
61
64
  ]
62
65
  },
63
66
  "domain": {
@@ -516,7 +519,7 @@
516
519
  {
517
520
  "assumption": "Cloud audit logging is enabled and configured to log all management-plane events for the full 90-day window",
518
521
  "if_false": "If CloudTrail / Cloud Audit Logs / Activity Log is disabled, partially enabled, or short-retention, the look phase is structurally incomplete. Mark `audit-log-coverage-gap` and emit a `cloudtrail_logging_disabled_event` indicator regardless of whether a specific disable event was found — absence is the finding."
519
- },
522
+ },
520
523
  {
521
524
  "assumption": "The investigator's IAM read-only access covers every account in the org / project / management group",
522
525
  "if_false": "Some accounts unreadable. Mark per-account inconclusive; emit a coverage note in the close phase rather than treating absence of evidence as evidence of absence."
package/data/playbooks/cred-stores.json CHANGED
@@ -38,6 +38,16 @@
38
38
  "playbook_id": "runtime",
39
39
  "condition": "finding.severity == 'critical'"
40
40
  }
41
+ ],
42
+ "fed_by": [
43
+ "cicd-pipeline-compromise",
44
+ "cloud-iam-incident",
45
+ "identity-sso-compromise",
46
+ "idp-incident",
47
+ "ransomware",
48
+ "runtime",
49
+ "secrets",
50
+ "webhook-callback-abuse"
41
51
  ]
42
52
  },
43
53
  "domain": {
package/data/playbooks/framework.json CHANGED
@@ -44,6 +44,22 @@
44
44
  "playbook_id": "sbom",
45
45
  "condition": "any compliance_theater_check.verdict == 'theater' AND blast_radius_score >= 4"
46
46
  }
47
+ ],
48
+ "fed_by": [
49
+ "ai-api",
50
+ "cicd-pipeline-compromise",
51
+ "cloud-iam-incident",
52
+ "crypto",
53
+ "crypto-codebase",
54
+ "identity-sso-compromise",
55
+ "idp-incident",
56
+ "kernel",
57
+ "library-author",
58
+ "llm-tool-use-exfil",
59
+ "mcp",
60
+ "ransomware",
61
+ "sbom",
62
+ "webhook-callback-abuse"
47
63
  ]
48
64
  },
49
65
  "domain": {
package/data/playbooks/hardening.json CHANGED
@@ -47,6 +47,10 @@
47
47
  "playbook_id": "runtime",
48
48
  "condition": "finding.severity >= 'high'"
49
49
  }
50
+ ],
51
+ "fed_by": [
52
+ "cicd-pipeline-compromise",
53
+ "runtime"
50
54
  ]
51
55
  },
52
56
  "domain": {