@blamejs/exceptd-skills 0.12.41 → 0.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/CHANGELOG.md +124 -0
  2. package/bin/exceptd.js +52 -44
  3. package/data/_indexes/_meta.json +49 -49
  4. package/data/_indexes/activity-feed.json +2 -2
  5. package/data/_indexes/catalog-summaries.json +2 -2
  6. package/data/_indexes/chains.json +1531 -575
  7. package/data/_indexes/jurisdiction-map.json +15 -4
  8. package/data/_indexes/section-offsets.json +1244 -1244
  9. package/data/_indexes/token-budget.json +173 -173
  10. package/data/atlas-ttps.json +55 -11
  11. package/data/attack-techniques.json +124 -19
  12. package/data/cve-catalog.json +194 -27
  13. package/data/cwe-catalog.json +15 -5
  14. package/data/framework-control-gaps.json +32 -10
  15. package/data/playbooks/ai-api.json +5 -0
  16. package/data/playbooks/cicd-pipeline-compromise.json +970 -0
  17. package/data/playbooks/cloud-iam-incident.json +4 -1
  18. package/data/playbooks/cred-stores.json +10 -0
  19. package/data/playbooks/framework.json +16 -0
  20. package/data/playbooks/hardening.json +4 -0
  21. package/data/playbooks/identity-sso-compromise.json +951 -0
  22. package/data/playbooks/idp-incident.json +3 -0
  23. package/data/playbooks/kernel.json +6 -0
  24. package/data/playbooks/llm-tool-use-exfil.json +963 -0
  25. package/data/playbooks/mcp.json +6 -0
  26. package/data/playbooks/runtime.json +4 -0
  27. package/data/playbooks/sbom.json +13 -0
  28. package/data/playbooks/secrets.json +6 -0
  29. package/data/playbooks/webhook-callback-abuse.json +916 -0
  30. package/data/zeroday-lessons.json +178 -0
  31. package/lib/cross-ref-api.js +33 -13
  32. package/lib/cve-curation.js +12 -1
  33. package/lib/exit-codes.js +29 -0
  34. package/lib/lint-skills.js +24 -2
  35. package/lib/refresh-external.js +17 -1
  36. package/lib/scoring.js +55 -0
  37. package/lib/source-advisories.js +281 -0
  38. package/manifest.json +83 -83
  39. package/orchestrator/index.js +207 -24
  40. package/package.json +1 -1
  41. package/sbom.cdx.json +134 -79
  42. package/scripts/predeploy.js +7 -13
  43. package/scripts/refresh-reverse-refs.js +86 -0
  44. package/scripts/refresh-sbom.js +21 -4
  45. package/skills/age-gates-child-safety/skill.md +1 -5
  46. package/skills/ai-attack-surface/skill.md +11 -4
  47. package/skills/ai-c2-detection/skill.md +11 -2
  48. package/skills/ai-risk-management/skill.md +4 -2
  49. package/skills/api-security/skill.md +7 -8
  50. package/skills/attack-surface-pentest/skill.md +2 -2
  51. package/skills/cloud-iam-incident/skill.md +1 -5
  52. package/skills/cloud-security/skill.md +0 -4
  53. package/skills/compliance-theater/skill.md +10 -2
  54. package/skills/container-runtime-security/skill.md +1 -3
  55. package/skills/dlp-gap-analysis/skill.md +3 -4
  56. package/skills/email-security-anti-phishing/skill.md +1 -8
  57. package/skills/exploit-scoring/skill.md +7 -2
  58. package/skills/framework-gap-analysis/skill.md +1 -1
  59. package/skills/fuzz-testing-strategy/skill.md +1 -2
  60. package/skills/global-grc/skill.md +3 -2
  61. package/skills/identity-assurance/skill.md +1 -3
  62. package/skills/idp-incident-response/skill.md +1 -4
  63. package/skills/incident-response-playbook/skill.md +1 -5
  64. package/skills/kernel-lpe-triage/skill.md +2 -2
  65. package/skills/mcp-agent-trust/skill.md +13 -3
  66. package/skills/mlops-security/skill.md +2 -3
  67. package/skills/ot-ics-security/skill.md +0 -3
  68. package/skills/policy-exception-gen/skill.md +11 -3
  69. package/skills/pqc-first/skill.md +4 -2
  70. package/skills/rag-pipeline-security/skill.md +2 -0
  71. package/skills/ransomware-response/skill.md +1 -5
  72. package/skills/researcher/skill.md +4 -3
  73. package/skills/sector-energy/skill.md +0 -4
  74. package/skills/sector-federal-government/skill.md +2 -3
  75. package/skills/sector-financial/skill.md +1 -4
  76. package/skills/sector-healthcare/skill.md +0 -5
  77. package/skills/sector-telecom/skill.md +0 -4
  78. package/skills/security-maturity-tiers/skill.md +1 -2
  79. package/skills/skill-update-loop/skill.md +4 -3
  80. package/skills/supply-chain-integrity/skill.md +4 -3
  81. package/skills/threat-model-currency/skill.md +1 -1
  82. package/skills/threat-modeling-methodology/skill.md +2 -1
  83. package/skills/webapp-security/skill.md +0 -5
package/data/playbooks/idp-incident.json CHANGED
@@ -53,6 +53,9 @@
53
53
  "playbook_id": "framework",
54
54
  "condition": "analyze.compliance_theater_check.verdict == 'theater'"
55
55
  }
56
+ ],
57
+ "fed_by": [
58
+ "identity-sso-compromise"
56
59
  ]
57
60
  },
58
61
  "domain": {
package/data/playbooks/kernel.json CHANGED
@@ -57,6 +57,12 @@
57
57
  "playbook_id": "framework",
58
58
  "condition": "analyze.compliance_theater_check.verdict == 'theater'"
59
59
  }
60
+ ],
61
+ "fed_by": [
62
+ "containers",
63
+ "hardening",
64
+ "runtime",
65
+ "sbom"
60
66
  ]
61
67
  },
62
68
  "domain": {