@blamejs/exceptd-skills 0.12.6 → 0.12.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/AGENTS.md +14 -0
  2. package/CHANGELOG.md +97 -0
  3. package/bin/exceptd.js +189 -52
  4. package/data/_indexes/_meta.json +37 -37
  5. package/data/_indexes/activity-feed.json +26 -26
  6. package/data/_indexes/catalog-summaries.json +8 -8
  7. package/data/_indexes/chains.json +238 -0
  8. package/data/_indexes/frequency.json +63 -5
  9. package/data/_indexes/jurisdiction-map.json +13 -3
  10. package/data/_indexes/section-offsets.json +881 -845
  11. package/data/_indexes/summary-cards.json +2 -2
  12. package/data/_indexes/token-budget.json +145 -125
  13. package/data/atlas-ttps.json +189 -1
  14. package/data/cwe-catalog.json +290 -1
  15. package/data/d3fend-catalog.json +163 -1
  16. package/data/framework-control-gaps.json +243 -0
  17. package/data/playbooks/containers.json +23 -5
  18. package/data/playbooks/cred-stores.json +9 -9
  19. package/data/playbooks/crypto.json +8 -8
  20. package/data/playbooks/hardening.json +46 -10
  21. package/data/playbooks/library-author.json +16 -20
  22. package/data/playbooks/mcp.json +64 -1
  23. package/data/playbooks/runtime.json +7 -7
  24. package/data/playbooks/sbom.json +11 -11
  25. package/data/playbooks/secrets.json +4 -4
  26. package/data/rfc-references.json +144 -0
  27. package/lib/refresh-external.js +25 -5
  28. package/lib/schemas/skill-frontmatter.schema.json +2 -2
  29. package/manifest-snapshot.json +1 -1
  30. package/manifest.json +67 -67
  31. package/package.json +2 -1
  32. package/sbom.cdx.json +6 -6
  33. package/scripts/check-sbom-currency.js +87 -0
  34. package/scripts/check-test-coverage.README.md +148 -0
  35. package/scripts/check-test-coverage.js +455 -0
  36. package/scripts/hooks/pre-commit.sh +19 -0
  37. package/scripts/predeploy.js +16 -30
  38. package/skills/age-gates-child-safety/skill.md +3 -0
  39. package/skills/ai-attack-surface/skill.md +4 -1
  40. package/skills/ai-c2-detection/skill.md +6 -1
  41. package/skills/ai-risk-management/skill.md +3 -0
  42. package/skills/api-security/skill.md +3 -0
  43. package/skills/attack-surface-pentest/skill.md +3 -0
  44. package/skills/cloud-security/skill.md +3 -0
  45. package/skills/container-runtime-security/skill.md +3 -0
  46. package/skills/coordinated-vuln-disclosure/skill.md +8 -1
  47. package/skills/defensive-countermeasure-mapping/skill.md +1 -1
  48. package/skills/dlp-gap-analysis/skill.md +3 -0
  49. package/skills/email-security-anti-phishing/skill.md +9 -1
  50. package/skills/identity-assurance/skill.md +6 -1
  51. package/skills/incident-response-playbook/skill.md +8 -2
  52. package/skills/kernel-lpe-triage/skill.md +24 -4
  53. package/skills/mcp-agent-trust/skill.md +4 -1
  54. package/skills/mlops-security/skill.md +3 -0
  55. package/skills/ot-ics-security/skill.md +3 -0
  56. package/skills/rag-pipeline-security/skill.md +3 -0
  57. package/skills/sector-energy/skill.md +3 -0
  58. package/skills/sector-federal-government/skill.md +3 -0
  59. package/skills/sector-financial/skill.md +3 -0
  60. package/skills/sector-healthcare/skill.md +3 -0
  61. package/skills/security-maturity-tiers/skill.md +19 -1
  62. package/skills/skill-update-loop/skill.md +32 -0
  63. package/skills/supply-chain-integrity/skill.md +3 -0
  64. package/skills/threat-modeling-methodology/skill.md +3 -0
  65. package/skills/webapp-security/skill.md +3 -0
package/data/_indexes/activity-feed.json CHANGED
@@ -5,6 +5,30 @@
5
5
  "event_count": 49
6
6
  },
7
7
  "events": [
8
+ {
9
+ "date": "2026-05-13",
10
+ "type": "catalog_update",
11
+ "artifact": "data/atlas-ttps.json",
12
+ "path": "data/atlas-ttps.json",
13
+ "schema_version": "1.0.0",
14
+ "entry_count": 15
15
+ },
16
+ {
17
+ "date": "2026-05-13",
18
+ "type": "catalog_update",
19
+ "artifact": "data/cwe-catalog.json",
20
+ "path": "data/cwe-catalog.json",
21
+ "schema_version": "1.0.0",
22
+ "entry_count": 51
23
+ },
24
+ {
25
+ "date": "2026-05-13",
26
+ "type": "catalog_update",
27
+ "artifact": "data/d3fend-catalog.json",
28
+ "path": "data/d3fend-catalog.json",
29
+ "schema_version": "1.0.0",
30
+ "entry_count": 28
31
+ },
8
32
  {
9
33
  "date": "2026-05-11",
10
34
  "type": "skill_review",
@@ -174,22 +198,6 @@
174
198
  "schema_version": "1.0.0",
175
199
  "entry_count": 6
176
200
  },
177
- {
178
- "date": "2026-05-11",
179
- "type": "catalog_update",
180
- "artifact": "data/cwe-catalog.json",
181
- "path": "data/cwe-catalog.json",
182
- "schema_version": "1.0.0",
183
- "entry_count": 34
184
- },
185
- {
186
- "date": "2026-05-11",
187
- "type": "catalog_update",
188
- "artifact": "data/d3fend-catalog.json",
189
- "path": "data/d3fend-catalog.json",
190
- "schema_version": "1.0.0",
191
- "entry_count": 20
192
- },
193
201
  {
194
202
  "date": "2026-05-11",
195
203
  "type": "catalog_update",
@@ -212,7 +220,7 @@
212
220
  "artifact": "data/rfc-references.json",
213
221
  "path": "data/rfc-references.json",
214
222
  "schema_version": "1.0.0",
215
- "entry_count": 19
223
+ "entry_count": 31
216
224
  },
217
225
  {
218
226
  "date": "2026-05-01",
@@ -319,14 +327,6 @@
319
327
  "path": "skills/security-maturity-tiers/skill.md",
320
328
  "note": "Three-tier implementation roadmap — MVP (ship this week), Practical (scalable today), Overkill (defense-in-depth)"
321
329
  },
322
- {
323
- "date": "2026-05-01",
324
- "type": "catalog_update",
325
- "artifact": "data/atlas-ttps.json",
326
- "path": "data/atlas-ttps.json",
327
- "schema_version": "1.0.0",
328
- "entry_count": 9
329
- },
330
330
  {
331
331
  "date": "2026-05-01",
332
332
  "type": "catalog_update",
@@ -341,7 +341,7 @@
341
341
  "artifact": "data/framework-control-gaps.json",
342
342
  "path": "data/framework-control-gaps.json",
343
343
  "schema_version": "1.0.0",
344
- "entry_count": 49
344
+ "entry_count": 59
345
345
  },
346
346
  {
347
347
  "date": "2026-05-01",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -9,7 +9,7 @@
9
9
  "path": "data/atlas-ttps.json",
10
10
  "purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.1.0 (November 2025).",
11
11
  "schema_version": "1.0.0",
12
- "last_updated": "2026-05-01",
12
+ "last_updated": "2026-05-13",
13
13
  "tlp": "CLEAR",
14
14
  "source_confidence_default": "A1",
15
15
  "freshness_policy": {
@@ -18,7 +18,7 @@
18
18
  "rebuild_after_days": 365,
19
19
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
20
20
  },
21
- "entry_count": 9,
21
+ "entry_count": 15,
22
22
  "sample_keys": [
23
23
  "AML.T0043",
24
24
  "AML.T0010",
@@ -53,7 +53,7 @@
53
53
  "path": "data/cwe-catalog.json",
54
54
  "purpose": "MITRE CWE entries used by the project (subset with skill citations), with severity hint and category. Pinned to a CWE catalog version.",
55
55
  "schema_version": "1.0.0",
56
- "last_updated": "2026-05-11",
56
+ "last_updated": "2026-05-13",
57
57
  "tlp": "CLEAR",
58
58
  "source_confidence_default": "A1",
59
59
  "freshness_policy": {
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 34,
65
+ "entry_count": 51,
66
66
  "sample_keys": [
67
67
  "CWE-787",
68
68
  "CWE-79",
@@ -75,7 +75,7 @@
75
75
  "path": "data/d3fend-catalog.json",
76
76
  "purpose": "MITRE D3FEND countermeasures (D3-xxx) keyed by id, with tactic + name. Pinned to D3FEND v1.0.0 release.",
77
77
  "schema_version": "1.0.0",
78
- "last_updated": "2026-05-11",
78
+ "last_updated": "2026-05-13",
79
79
  "tlp": "CLEAR",
80
80
  "source_confidence_default": "A1",
81
81
  "freshness_policy": {
@@ -84,7 +84,7 @@
84
84
  "rebuild_after_days": 365,
85
85
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
86
86
  },
87
- "entry_count": 20,
87
+ "entry_count": 28,
88
88
  "sample_keys": [
89
89
  "D3-EAL",
90
90
  "D3-EHB",
@@ -150,7 +150,7 @@
150
150
  "rebuild_after_days": 365,
151
151
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
152
152
  },
153
- "entry_count": 49,
153
+ "entry_count": 59,
154
154
  "sample_keys": [
155
155
  "NIST-800-53-SI-2",
156
156
  "NIST-800-53-SC-8",
@@ -194,7 +194,7 @@
194
194
  "rebuild_after_days": 365,
195
195
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
196
196
  },
197
- "entry_count": 19,
197
+ "entry_count": 31,
198
198
  "sample_keys": [
199
199
  "RFC-8446",
200
200
  "DRAFT-IETF-TLS-ECDHE-MLKEM",
package/data/_indexes/chains.json CHANGED
@@ -7148,5 +7148,243 @@
7148
7148
  "CVE-2025-53773",
7149
7149
  "CVE-2026-30615"
7150
7150
  ]
7151
+ },
7152
+ "CWE-250": {
7153
+ "name": "Execution with Unnecessary Privileges",
7154
+ "category": "Privilege Management",
7155
+ "referencing_skills": [],
7156
+ "skill_count": 0,
7157
+ "chain": {
7158
+ "atlas": [],
7159
+ "attack_refs": [],
7160
+ "framework_gaps": [],
7161
+ "d3fend": [],
7162
+ "rfc_refs": []
7163
+ },
7164
+ "related_cves": []
7165
+ },
7166
+ "CWE-256": {
7167
+ "name": "Plaintext Storage of a Password",
7168
+ "category": "Credentials Management",
7169
+ "referencing_skills": [],
7170
+ "skill_count": 0,
7171
+ "chain": {
7172
+ "atlas": [],
7173
+ "attack_refs": [],
7174
+ "framework_gaps": [],
7175
+ "d3fend": [],
7176
+ "rfc_refs": []
7177
+ },
7178
+ "related_cves": []
7179
+ },
7180
+ "CWE-284": {
7181
+ "name": "Improper Access Control",
7182
+ "category": "Access Control",
7183
+ "referencing_skills": [],
7184
+ "skill_count": 0,
7185
+ "chain": {
7186
+ "atlas": [],
7187
+ "attack_refs": [],
7188
+ "framework_gaps": [],
7189
+ "d3fend": [],
7190
+ "rfc_refs": []
7191
+ },
7192
+ "related_cves": []
7193
+ },
7194
+ "CWE-310": {
7195
+ "name": "Cryptographic Issues",
7196
+ "category": "Cryptography",
7197
+ "referencing_skills": [],
7198
+ "skill_count": 0,
7199
+ "chain": {
7200
+ "atlas": [],
7201
+ "attack_refs": [],
7202
+ "framework_gaps": [],
7203
+ "d3fend": [],
7204
+ "rfc_refs": []
7205
+ },
7206
+ "related_cves": []
7207
+ },
7208
+ "CWE-312": {
7209
+ "name": "Cleartext Storage of Sensitive Information",
7210
+ "category": "Data Protection",
7211
+ "referencing_skills": [],
7212
+ "skill_count": 0,
7213
+ "chain": {
7214
+ "atlas": [],
7215
+ "attack_refs": [],
7216
+ "framework_gaps": [],
7217
+ "d3fend": [],
7218
+ "rfc_refs": []
7219
+ },
7220
+ "related_cves": []
7221
+ },
7222
+ "CWE-326": {
7223
+ "name": "Inadequate Encryption Strength",
7224
+ "category": "Cryptography",
7225
+ "referencing_skills": [],
7226
+ "skill_count": 0,
7227
+ "chain": {
7228
+ "atlas": [],
7229
+ "attack_refs": [],
7230
+ "framework_gaps": [],
7231
+ "d3fend": [],
7232
+ "rfc_refs": []
7233
+ },
7234
+ "related_cves": []
7235
+ },
7236
+ "CWE-328": {
7237
+ "name": "Use of Weak Hash",
7238
+ "category": "Cryptography",
7239
+ "referencing_skills": [],
7240
+ "skill_count": 0,
7241
+ "chain": {
7242
+ "atlas": [],
7243
+ "attack_refs": [],
7244
+ "framework_gaps": [],
7245
+ "d3fend": [],
7246
+ "rfc_refs": []
7247
+ },
7248
+ "related_cves": []
7249
+ },
7250
+ "CWE-329": {
7251
+ "name": "Generation of Predictable IV with CBC Mode",
7252
+ "category": "Cryptography",
7253
+ "referencing_skills": [],
7254
+ "skill_count": 0,
7255
+ "chain": {
7256
+ "atlas": [],
7257
+ "attack_refs": [],
7258
+ "framework_gaps": [],
7259
+ "d3fend": [],
7260
+ "rfc_refs": []
7261
+ },
7262
+ "related_cves": []
7263
+ },
7264
+ "CWE-330": {
7265
+ "name": "Use of Insufficiently Random Values",
7266
+ "category": "Cryptography",
7267
+ "referencing_skills": [],
7268
+ "skill_count": 0,
7269
+ "chain": {
7270
+ "atlas": [],
7271
+ "attack_refs": [],
7272
+ "framework_gaps": [],
7273
+ "d3fend": [],
7274
+ "rfc_refs": []
7275
+ },
7276
+ "related_cves": []
7277
+ },
7278
+ "CWE-331": {
7279
+ "name": "Insufficient Entropy",
7280
+ "category": "Cryptography",
7281
+ "referencing_skills": [],
7282
+ "skill_count": 0,
7283
+ "chain": {
7284
+ "atlas": [],
7285
+ "attack_refs": [],
7286
+ "framework_gaps": [],
7287
+ "d3fend": [],
7288
+ "rfc_refs": []
7289
+ },
7290
+ "related_cves": []
7291
+ },
7292
+ "CWE-338": {
7293
+ "name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
7294
+ "category": "Cryptography",
7295
+ "referencing_skills": [],
7296
+ "skill_count": 0,
7297
+ "chain": {
7298
+ "atlas": [],
7299
+ "attack_refs": [],
7300
+ "framework_gaps": [],
7301
+ "d3fend": [],
7302
+ "rfc_refs": []
7303
+ },
7304
+ "related_cves": []
7305
+ },
7306
+ "CWE-353": {
7307
+ "name": "Missing Support for Integrity Check",
7308
+ "category": "Integrity",
7309
+ "referencing_skills": [],
7310
+ "skill_count": 0,
7311
+ "chain": {
7312
+ "atlas": [],
7313
+ "attack_refs": [],
7314
+ "framework_gaps": [],
7315
+ "d3fend": [],
7316
+ "rfc_refs": []
7317
+ },
7318
+ "related_cves": []
7319
+ },
7320
+ "CWE-426": {
7321
+ "name": "Untrusted Search Path",
7322
+ "category": "Privilege Management",
7323
+ "referencing_skills": [],
7324
+ "skill_count": 0,
7325
+ "chain": {
7326
+ "atlas": [],
7327
+ "attack_refs": [],
7328
+ "framework_gaps": [],
7329
+ "d3fend": [],
7330
+ "rfc_refs": []
7331
+ },
7332
+ "related_cves": []
7333
+ },
7334
+ "CWE-522": {
7335
+ "name": "Insufficiently Protected Credentials",
7336
+ "category": "Credentials Management",
7337
+ "referencing_skills": [],
7338
+ "skill_count": 0,
7339
+ "chain": {
7340
+ "atlas": [],
7341
+ "attack_refs": [],
7342
+ "framework_gaps": [],
7343
+ "d3fend": [],
7344
+ "rfc_refs": []
7345
+ },
7346
+ "related_cves": []
7347
+ },
7348
+ "CWE-759": {
7349
+ "name": "Use of a One-Way Hash without a Salt",
7350
+ "category": "Cryptography",
7351
+ "referencing_skills": [],
7352
+ "skill_count": 0,
7353
+ "chain": {
7354
+ "atlas": [],
7355
+ "attack_refs": [],
7356
+ "framework_gaps": [],
7357
+ "d3fend": [],
7358
+ "rfc_refs": []
7359
+ },
7360
+ "related_cves": []
7361
+ },
7362
+ "CWE-760": {
7363
+ "name": "Use of a One-Way Hash with a Predictable Salt",
7364
+ "category": "Cryptography",
7365
+ "referencing_skills": [],
7366
+ "skill_count": 0,
7367
+ "chain": {
7368
+ "atlas": [],
7369
+ "attack_refs": [],
7370
+ "framework_gaps": [],
7371
+ "d3fend": [],
7372
+ "rfc_refs": []
7373
+ },
7374
+ "related_cves": []
7375
+ },
7376
+ "CWE-916": {
7377
+ "name": "Use of Password Hash With Insufficient Computational Effort",
7378
+ "category": "Cryptography",
7379
+ "referencing_skills": [],
7380
+ "skill_count": 0,
7381
+ "chain": {
7382
+ "atlas": [],
7383
+ "attack_refs": [],
7384
+ "framework_gaps": [],
7385
+ "d3fend": [],
7386
+ "rfc_refs": []
7387
+ },
7388
+ "related_cves": []
7151
7389
  }
7152
7390
  }
package/data/_indexes/frequency.json CHANGED
@@ -2039,11 +2039,69 @@
2039
2039
  "dlp_refs": []
2040
2040
  },
2041
2041
  "uncited": {
2042
- "cwe_refs": [],
2043
- "atlas_refs": [],
2044
- "d3fend_refs": [],
2045
- "framework_gaps": [],
2046
- "rfc_refs": [],
2042
+ "cwe_refs": [
2043
+ "CWE-250",
2044
+ "CWE-256",
2045
+ "CWE-284",
2046
+ "CWE-310",
2047
+ "CWE-312",
2048
+ "CWE-326",
2049
+ "CWE-328",
2050
+ "CWE-329",
2051
+ "CWE-330",
2052
+ "CWE-331",
2053
+ "CWE-338",
2054
+ "CWE-353",
2055
+ "CWE-426",
2056
+ "CWE-522",
2057
+ "CWE-759",
2058
+ "CWE-760",
2059
+ "CWE-916"
2060
+ ],
2061
+ "atlas_refs": [
2062
+ "AML.T0024",
2063
+ "AML.T0044",
2064
+ "AML.T0048",
2065
+ "AML.T0053",
2066
+ "AML.T0055",
2067
+ "AML.T0057"
2068
+ ],
2069
+ "d3fend_refs": [
2070
+ "D3-ANCI",
2071
+ "D3-CAA",
2072
+ "D3-CH",
2073
+ "D3-EI",
2074
+ "D3-FCR",
2075
+ "D3-KBPI",
2076
+ "D3-SCA",
2077
+ "D3-SFA"
2078
+ ],
2079
+ "framework_gaps": [
2080
+ "AU-Essential-8-App-Hardening",
2081
+ "AU-Essential-8-Backup",
2082
+ "AU-Essential-8-MFA",
2083
+ "AU-Essential-8-Patch",
2084
+ "EU-AI-Act-Art-15",
2085
+ "NIS2-Art21-incident-handling",
2086
+ "UK-CAF-A1",
2087
+ "UK-CAF-B2",
2088
+ "UK-CAF-C1",
2089
+ "UK-CAF-D1"
2090
+ ],
2091
+ "rfc_refs": [
2092
+ "CSAF-2.0",
2093
+ "ISO-29147",
2094
+ "ISO-30111",
2095
+ "RFC-6376",
2096
+ "RFC-6545",
2097
+ "RFC-6546",
2098
+ "RFC-7208",
2099
+ "RFC-7489",
2100
+ "RFC-7970",
2101
+ "RFC-8461",
2102
+ "RFC-8616",
2103
+ "RFC-9116"
2104
+ ],
2047
2105
  "dlp_refs": [
2048
2106
  "DLP-CHAN-CLIPBOARD-AI",
2049
2107
  "DLP-CHAN-CODE-COMPLETION",
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -2,6 +2,8 @@
2
2
  "EU": {
3
3
  "skills": [
4
4
  "age-gates-child-safety",
5
+ "ai-attack-surface",
6
+ "ai-c2-detection",
5
7
  "ai-risk-management",
6
8
  "api-security",
7
9
  "attack-surface-pentest",
@@ -24,6 +26,7 @@
24
26
  "ot-ics-security",
25
27
  "policy-exception-gen",
26
28
  "pqc-first",
29
+ "rag-pipeline-security",
27
30
  "researcher",
28
31
  "sector-energy",
29
32
  "sector-federal-government",
@@ -38,11 +41,13 @@
38
41
  "zeroday-gap-learn"
39
42
  ],
40
43
  "example_excerpts": {},
41
- "skill_count": 35
44
+ "skill_count": 38
42
45
  },
43
46
  "UK": {
44
47
  "skills": [
45
48
  "age-gates-child-safety",
49
+ "ai-attack-surface",
50
+ "ai-c2-detection",
46
51
  "ai-risk-management",
47
52
  "api-security",
48
53
  "attack-surface-pentest",
@@ -59,9 +64,11 @@
59
64
  "identity-assurance",
60
65
  "incident-response-playbook",
61
66
  "kernel-lpe-triage",
67
+ "mcp-agent-trust",
62
68
  "mlops-security",
63
69
  "ot-ics-security",
64
70
  "pqc-first",
71
+ "rag-pipeline-security",
65
72
  "researcher",
66
73
  "sector-energy",
67
74
  "sector-federal-government",
@@ -75,11 +82,13 @@
75
82
  "webapp-security"
76
83
  ],
77
84
  "example_excerpts": {},
78
- "skill_count": 31
85
+ "skill_count": 35
79
86
  },
80
87
  "AU": {
81
88
  "skills": [
82
89
  "age-gates-child-safety",
90
+ "ai-attack-surface",
91
+ "ai-c2-detection",
83
92
  "ai-risk-management",
84
93
  "api-security",
85
94
  "attack-surface-pentest",
@@ -101,6 +110,7 @@
101
110
  "mlops-security",
102
111
  "ot-ics-security",
103
112
  "pqc-first",
113
+ "rag-pipeline-security",
104
114
  "researcher",
105
115
  "sector-energy",
106
116
  "sector-federal-government",
@@ -115,7 +125,7 @@
115
125
  "zeroday-gap-learn"
116
126
  ],
117
127
  "example_excerpts": {},
118
- "skill_count": 34
128
+ "skill_count": 37
119
129
  },
120
130
  "SG": {
121
131
  "skills": [