@blamejs/exceptd-skills 0.12.7 → 0.12.8

package/data/playbooks/crypto.json

@@ -442,7 +442,7 @@
         {
           "id": "ml-kem-absent",
           "type": "log_pattern",
-          "value": "openssl list -kem-algorithms does NOT contain ML-KEM-768 (or ML-KEM-512 / ML-KEM-1024)",
+          "value": "Within the openssl-kem-algorithms artifact: `openssl list -kem-algorithms` output does NOT contain ML-KEM-768 (or ML-KEM-512 / ML-KEM-1024); cross-reference openssl-providers artifact — if no oqsprovider / pqc provider is loaded the KEM absence is library-wide not provider-conditional",
           "description": "Primary detector — TLS library cannot negotiate ML-KEM. Entire stack is classical-only.",
           "confidence": "deterministic",
           "deterministic": true
@@ -450,7 +450,7 @@
         {
           "id": "ml-dsa-slh-dsa-absent",
           "type": "log_pattern",
-          "value": "openssl list -signature-algorithms does NOT contain ML-DSA-44/65/87 AND does NOT contain SLH-DSA-*",
+          "value": "Within the openssl-kem-algorithms artifact (its `openssl list -signature-algorithms` half): output does NOT contain ML-DSA-44/65/87 AND does NOT contain SLH-DSA-*",
           "description": "TLS library cannot use PQC signatures. Certificate-chain PQC migration is blocked.",
           "confidence": "deterministic",
           "deterministic": true
@@ -458,7 +458,7 @@
         {
           "id": "openssl-pre-3-5",
           "type": "log_pattern",
-          "value": "openssl version starts with 'OpenSSL 1.', 'OpenSSL 2.', 'OpenSSL 3.0', 'OpenSSL 3.1', 'OpenSSL 3.2', 'OpenSSL 3.3', or 'OpenSSL 3.4'",
+          "value": "Within the openssl-version artifact: output starts with 'OpenSSL 1.', 'OpenSSL 2.', 'OpenSSL 3.0', 'OpenSSL 3.1', 'OpenSSL 3.2', 'OpenSSL 3.3', or 'OpenSSL 3.4'; cross-check libssl-libraries artifact to detect coexisting older libcrypto.so loaded via LD_LIBRARY_PATH or vendored builds (LibreSSL, BoringSSL, vendored OpenSSL under /usr/local/lib)",
           "description": "Pre-3.5 OpenSSL lacks native ML-KEM. Requires oqsprovider or upgrade.",
           "confidence": "deterministic",
           "deterministic": true
@@ -466,7 +466,7 @@
         {
           "id": "sshd-no-pqc-kex",
           "type": "log_pattern",
-          "value": "sshd -T effective KexAlgorithms does NOT contain sntrup761x25519-sha512@openssh.com AND does NOT contain mlkem768x25519-sha256",
+          "value": "Within the sshd-config-effective artifact: KexAlgorithms does NOT contain sntrup761x25519-sha512@openssh.com AND does NOT contain mlkem768x25519-sha256; cross-check ssh-version artifact — OpenSSH 9.0+ supports sntrup761 hybrid, so an older ssh-version reading explains why even an updated sshd-config-effective would lack it",
           "description": "SSH daemon cannot negotiate PQC hybrid KEX. All SSH session keys HNDL-recordable.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -475,7 +475,7 @@
         {
           "id": "tls-no-hybrid-group",
           "type": "network_pattern",
-          "value": "openssl s_client -groups X25519MLKEM768 fails to negotiate (server returns 'no shared group' or downgrades to X25519)",
+          "value": "Within the tls-server-handshake artifact: `openssl s_client -groups X25519MLKEM768` against each locally-terminated TLS port fails to negotiate (server returns 'no shared group' or downgrades to X25519)",
           "description": "Local TLS service cannot negotiate hybrid PQC group. HNDL-recordable handshake.",
           "confidence": "high",
           "deterministic": false,
@@ -484,7 +484,7 @@
         {
           "id": "rsa-2048-cert-long-life",
           "type": "file_path",
-          "value": "Any cert in trust chain or as host cert uses RSA <= 2048 AND validity period > 10 years (or signs long-retention data)",
+          "value": "Across the certificate-store and host-cert-keys artifacts: any cert in the trust chain or serving as a TLS host cert uses RSA <= 2048 AND validity period > 10 years (or signs long-retention data)",
           "description": "Classical RSA cert with sensitivity horizon exceeding CRQC estimate.",
           "confidence": "deterministic",
           "deterministic": true
@@ -492,7 +492,7 @@
         {
           "id": "weak-mac-or-cipher",
           "type": "log_pattern",
-          "value": "sshd MACs contain hmac-sha1, hmac-md5, or *-cbc, OR sshd Ciphers contain 3des-cbc / aes*-cbc / arcfour*",
+          "value": "Within the sshd-config-effective artifact: MACs contain hmac-sha1, hmac-md5, or *-cbc, OR Ciphers contain 3des-cbc / aes*-cbc / arcfour*",
           "description": "Weak symmetric or MAC algorithms accepted by sshd.",
           "confidence": "deterministic",
           "deterministic": true
@@ -500,7 +500,7 @@
         {
           "id": "no-crypto-inventory",
           "type": "behavioral_signal",
-          "value": "No /etc/crypto-inventory, no centralized PQC migration tracker, no per-asset cryptography mapping",
+          "value": "The crypto-policy artifact returns empty / no /etc/crypto-policies/config, no /etc/crypto-inventory, no /etc/ssl/openssl.cnf-derived organisation-level policy, no centralized PQC migration tracker, no per-asset cryptography mapping",
           "description": "NIS2 Art.21(2)(h) requires cryptographic asset inventory. Absence is itself a finding.",
           "confidence": "high",
           "deterministic": false

package/data/playbooks/hardening.json

@@ -397,7 +397,7 @@
         {
           "id": "kptr-restrict-disabled",
           "type": "behavioral_signal",
-          "value": "kernel.kptr_restrict == 0",
+          "value": "Within the sysctl-kernel-hardening artifact: kernel.kptr_restrict == 0",
           "description": "/proc/kallsyms is world-readable; KASLR is effectively defeated for any local user. Decisive for kernel LPE exploitability.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -406,7 +406,7 @@
         {
           "id": "unprivileged-userns-enabled",
           "type": "behavioral_signal",
-          "value": "kernel.unprivileged_userns_clone == 1",
+          "value": "Within the sysctl-kernel-hardening artifact: kernel.unprivileged_userns_clone == 1",
           "description": "Unprivileged user namespaces enabled. Required primitive for CVE-2026-31431 and userns-class LPEs.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -415,7 +415,7 @@
         {
           "id": "unprivileged-bpf-allowed",
           "type": "behavioral_signal",
-          "value": "kernel.unprivileged_bpf_disabled == 0",
+          "value": "Within the sysctl-kernel-hardening artifact: kernel.unprivileged_bpf_disabled == 0",
           "description": "Unprivileged BPF allowed. Required primitive for BPF-class LPEs.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -424,7 +424,7 @@
         {
           "id": "yama-ptrace-permissive",
           "type": "behavioral_signal",
-          "value": "kernel.yama.ptrace_scope == 0",
+          "value": "Within the sysctl-kernel-hardening artifact: kernel.yama.ptrace_scope == 0",
           "description": "Yama ptrace_scope=0 allows any process to ptrace any same-UID process. Credential-theft + privilege-pivot primitive.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -433,7 +433,7 @@
         {
           "id": "kaslr-disabled-at-boot",
           "type": "log_pattern",
-          "value": "/proc/cmdline contains 'nokaslr' OR 'kaslr=off'",
+          "value": "Within the kernel-cmdline artifact: /proc/cmdline contains 'nokaslr' OR 'kaslr=off'",
           "description": "Boot-time KASLR disabled. Makes catalogued kernel LPEs deterministic.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -442,7 +442,7 @@
         {
           "id": "mitigations-off",
           "type": "log_pattern",
-          "value": "/proc/cmdline contains 'mitigations=off'",
+          "value": "Within the kernel-cmdline artifact: /proc/cmdline contains 'mitigations=off'; corroborate against cpu-vulnerabilities artifact which should then report 'Vulnerable' for at least one of Spectre v1/v2, Meltdown, MDS, L1TF, Retbleed, Downfall, GDS, RFDS, or Reptar",
           "description": "Boot-time CPU mitigations disabled. Spectre/Meltdown/MDS/Retbleed/Downfall class becomes exploitable.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -451,7 +451,7 @@
         {
           "id": "selinux-not-enforcing",
           "type": "behavioral_signal",
-          "value": "getenforce != 'Enforcing' AND aa-status reports no enforcing profiles",
+          "value": "Within the selinux-state artifact: getenforce != 'Enforcing' AND within the apparmor-state artifact: aa-status reports no enforcing profiles",
           "description": "No MAC enforcement. Several catalogued LPEs that would be blocked by an Enforcing MAC layer are open.",
           "confidence": "high",
           "deterministic": false
@@ -459,7 +459,7 @@
         {
           "id": "sshd-permitrootlogin-yes",
           "type": "log_pattern",
-          "value": "sshd_config effective: PermitRootLogin yes (or 'without-password' on legacy)",
+          "value": "Within the sshd-config artifact: effective PermitRootLogin yes (or 'without-password' on legacy)",
           "description": "Direct root SSH login enabled. Eliminates the privilege-escalation step.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -468,7 +468,7 @@
         {
           "id": "sshd-password-auth-enabled",
           "type": "log_pattern",
-          "value": "sshd_config effective: PasswordAuthentication yes AND no MFA via PAM",
+          "value": "Within the sshd-config artifact: effective PasswordAuthentication yes AND within the pam-stack artifact: no MFA module loaded (pam_google_authenticator / pam_u2f / pam_oath / pam_yubico absent from common-auth or system-auth)",
           "description": "Password-only SSH authentication. Credential-spray primitive.",
           "confidence": "high",
           "deterministic": false,
@@ -477,10 +477,46 @@
         {
           "id": "core-pid-dumpable",
           "type": "behavioral_signal",
-          "value": "fs.suid_dumpable >= 1",
+          "value": "Within the sysctl-kernel-hardening artifact: fs.suid_dumpable >= 1",
           "description": "SUID binaries can produce core dumps. Credential leakage primitive (cores can contain decrypted secrets in memory).",
           "confidence": "high",
           "deterministic": false
+        },
+        {
+          "id": "kernel-lockdown-none",
+          "type": "behavioral_signal",
+          "value": "Within the kernel-lockdown artifact: /sys/kernel/security/lockdown reports 'none' (no integrity / no confidentiality bracket), OR the file is absent AND the kernel-cmdline artifact contains no `lockdown=integrity` / `lockdown=confidentiality` parameter",
+          "description": "Lockdown 'none' leaves /dev/mem-style reads, kexec_load, BPF tracing of kernel addresses, kprobe attach, and unsigned-module loading all available — each is a primitive that catalogued kernel-LPE chains rely on.",
+          "confidence": "deterministic",
+          "deterministic": true,
+          "attack_ref": "T1068"
+        },
+        {
+          "id": "sudoers-tty-pty-logging-absent",
+          "type": "log_pattern",
+          "value": "Within the sudoers-structure artifact: Defaults line does NOT include `requiretty` AND does NOT include `use_pty` AND does NOT include `log_input,log_output` (or `logfile=` directive)",
+          "description": "Sudo missing pty enforcement + I/O logging means privileged-session forensics is unrecoverable post-incident: no record of what root commands were executed by which operator, which defeats CMMC AU.L2-3.3.1 / NIST 800-53 AU-2 / NIS2 Art.21(2)(j) accountability obligations.",
+          "confidence": "high",
+          "deterministic": false,
+          "attack_ref": "T1548.003"
+        },
+        {
+          "id": "audit-rules-empty-or-skeletal",
+          "type": "log_pattern",
+          "value": "Within the audit-rules artifact: `auditctl -l` returns 'No rules' OR the loaded ruleset has fewer than 10 rules AND does NOT include watches on /etc/passwd, /etc/shadow, /etc/sudoers, /etc/sudoers.d/, OR -a always,exit -F arch=b64 -S execve",
+          "description": "Skeletal audit ruleset means none of the catalogued kernel LPE chains (sudoers tampering, execve under attacker-controlled paths, /etc/shadow read) leave a trail. Detection coverage for the very anti-patterns this playbook enumerates is missing.",
+          "confidence": "high",
+          "deterministic": false,
+          "attack_ref": "T1562.006"
+        },
+        {
+          "id": "umask-permissive",
+          "type": "log_pattern",
+          "value": "Within the umask-defaults artifact: effective default UMASK is 022 OR a more permissive value (000, 002) in /etc/login.defs, /etc/profile, /etc/bash.bashrc, or /etc/profile.d/*.sh — and no shell-rc override tightens it",
+          "description": "Permissive default umask leaves new files world-readable; combined with credentials-file-bad-perms class findings (cred-stores playbook), permissive umask is the upstream cause that produces those file modes in the first place.",
+          "confidence": "high",
+          "deterministic": false,
+          "attack_ref": "T1552.004"
         }
       ],
       "false_positive_profile": [

package/data/playbooks/library-author.json

@@ -52,10 +52,6 @@
       {
         "playbook_id": "framework",
         "condition": "analyze.compliance_theater_check.verdict == 'theater'"
-      },
-      {
-        "playbook_id": "compliance-theater",
-        "condition": "analyze.compliance_theater_check.verdict == 'theater'"
       }
     ]
   },
@@ -755,7 +751,7 @@
         {
           "id": "publish-workflow-uses-static-token",
           "type": "file_path",
-          "value": "Any .github/workflows/*.yml publish/release job references secrets.NPM_TOKEN / secrets.PYPI_TOKEN / secrets.CARGO_TOKEN / secrets.RUBYGEMS_API_KEY / secrets.GEM_HOST_API_KEY without an OIDC alternative path",
+          "value": "Within the release-workflows artifact: any .github/workflows/*.yml publish/release job references secrets.NPM_TOKEN / secrets.PYPI_TOKEN / secrets.CARGO_TOKEN / secrets.RUBYGEMS_API_KEY / secrets.GEM_HOST_API_KEY without an OIDC alternative path; corroborate via the repo-secrets artifact — the listed secret name is also present in the org/repo-level secret inventory",
           "description": "Long-lived publisher credential — fingerprint for non-OIDC publishing (theater #7).",
           "confidence": "deterministic",
           "deterministic": true,
@@ -764,7 +760,7 @@
         {
           "id": "publish-workflow-no-id-token-write",
           "type": "file_path",
-          "value": "Publish/release job lacks permissions.id-token: write AND lacks Trusted Publisher configuration",
+          "value": "Within the release-workflows artifact: publish/release job lacks permissions.id-token: write AND lacks Trusted Publisher configuration",
           "description": "Cannot use Sigstore keyless or registry Trusted Publisher — OIDC publish is structurally unavailable.",
           "confidence": "deterministic",
           "deterministic": true
@@ -772,7 +768,7 @@
         {
           "id": "publish-workflow-action-refs-mutable",
           "type": "file_path",
-          "value": "Any uses: in the publish/release workflow references a tag or branch (e.g. @v4, @main) rather than a 40-char SHA",
+          "value": "Within the release-workflows artifact: any uses: in the publish/release workflow references a tag or branch (e.g. @v4, @main) rather than a 40-char SHA",
           "description": "Mutable action reference — upstream owner can substitute action code under the same tag.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -781,7 +777,7 @@
         {
           "id": "package-json-provenance-missing",
           "type": "file_path",
-          "value": "For npm publishers: package.json has no publishConfig.provenance == true AND publish workflow command does not carry --provenance",
+          "value": "Within the package-manifest artifact (for npm publishers): package.json has no publishConfig.provenance == true AND within the release-workflows artifact the publish command does not carry --provenance; corroborate via the registry-publisher-config artifact — dist.attestations should be absent on the latest registry-published version",
           "description": "npm provenance not enabled — no dist.attestations on the published package (theater #2).",
           "confidence": "deterministic",
           "deterministic": true
@@ -789,7 +785,7 @@
         {
           "id": "release-workflow-non-frozen-install",
           "type": "file_path",
-          "value": "Release workflow uses `npm install` / `pnpm install` / `pip install -r` / `bundle install` (not the --frozen / --locked / --require-hashes variant) before the build step",
+          "value": "Within the release-workflows artifact: release workflow uses `npm install` / `pnpm install` / `pip install -r` / `bundle install` (not the --frozen / --locked / --require-hashes variant) before the build step",
           "description": "Mid-build dependency resolution — release artifact is not reproducible (theater #5).",
           "confidence": "high",
           "deterministic": false
@@ -805,7 +801,7 @@
         {
           "id": "sbom-absent-or-unsigned",
           "type": "file_path",
-          "value": "No SBOM artifact present in repo OR most-recent-release SBOM is present but no matching .sig / .sigstore / *.intoto.jsonl signature artifact",
+          "value": "Within the sbom-artifacts artifact: no SBOM file present in repo OR most-recent-release SBOM is present but no matching .sig / .sigstore artifact AND no entry in the intoto-attestations artifact carries an in-toto predicateType referencing the SBOM digest",
           "description": "SBOM theater #1 — present but unsigned, OR absent entirely.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -814,7 +810,7 @@
         {
           "id": "sbom-regenerated-at-request-time",
           "type": "behavioral_signal",
-          "value": "SBOM generation script exists in repo (e.g. scripts/generate-sbom.*) but no SBOM artifact is committed AND no release-workflow step uploads an SBOM to release assets",
+          "value": "SBOM generation script exists in repo (e.g. scripts/generate-sbom.*) but the sbom-artifacts artifact has no committed SBOM file AND the release-workflows artifact has no step that uploads an SBOM to release assets",
           "description": "SBOM-on-demand — historical releases have no immutable SBOM.",
           "confidence": "high",
           "deterministic": false
@@ -822,7 +818,7 @@
         {
           "id": "no-rekor-entry-for-latest-release",
           "type": "behavioral_signal",
-          "value": "Network mode: rekor-cli search by sha256 of latest release artifact returns empty AND project README/docs claim SLSA L3 or higher",
+          "value": "Network mode: rekor-cli search by sha256 of the latest entry in the release-history artifact returns empty AND project README/docs claim SLSA L3 or higher",
           "description": "SLSA-claim-without-attestation (theater #4).",
           "confidence": "high",
           "deterministic": false
@@ -830,7 +826,7 @@
         {
           "id": "tag-protection-absent",
           "type": "api_response",
-          "value": "gh api repos/${owner}/${repo}/tags/protection returns empty array OR 404 AND publish workflow triggers on push tags: ['v*']",
+          "value": "Within the branch-tag-protection artifact: gh api repos/${owner}/${repo}/tags/protection returns empty array OR 404 AND the release-workflows artifact contains a publish workflow that triggers on push tags: ['v*']",
           "description": "Release tags unprotected (theater #6) — any branch can push v* and trigger publish.",
           "confidence": "deterministic",
           "deterministic": true
@@ -838,7 +834,7 @@
         {
           "id": "release-tag-not-signed",
           "type": "behavioral_signal",
-          "value": "git tag -v <latest_release_tag> returns 'no signature found' OR signature does not verify",
+          "value": "Within the release-history artifact: `git tag -v <latest_release_tag>` returns 'no signature found' OR signature does not verify",
           "description": "Tag-signing absent — release authenticity rests on push-time access control only.",
           "confidence": "deterministic",
           "deterministic": true
@@ -846,7 +842,7 @@
         {
           "id": "release-signed-with-personal-gpg-key",
           "type": "behavioral_signal",
-          "value": "Tag signature verifies against a PGP key whose UID is a personal email (not an org / project address) AND key is not registered in Sigstore Rekor / Web Key Directory",
+          "value": "From the release-history artifact: tag signature verifies against a PGP key whose UID is a personal email (not an org / project address) AND that key (located via the signing-key-material artifact) is not registered in Sigstore Rekor / Web Key Directory",
           "description": "Personal-laptop signing key (theater #3) — XZ-class compromise vector.",
           "confidence": "high",
           "deterministic": false
@@ -878,7 +874,7 @@
         {
           "id": "vex-feed-absent",
           "type": "file_path",
-          "value": "Absence of vex/, *.vex.json, *.csaf.json, *.openvex.json AND project has at least one published GitHub Security Advisory OR at least one filed CVE in NVD",
+          "value": "Within the vex-feed artifact: absence of vex/, *.vex.json, *.csaf.json, *.openvex.json AND the github-security-advisories artifact lists at least one published advisory for the repo (or NVD has at least one filed CVE against the product)",
           "description": "VEX issuance gap (theater #9) — CVEs filed against the product, no machine-readable exploitability declaration.",
           "confidence": "deterministic",
           "deterministic": true
@@ -886,7 +882,7 @@
         {
           "id": "vendored-no-provenance",
           "type": "file_path",
-          "value": "vendor/ or third_party/ directories present AND no provenance manifest (vendor.json, THIRD_PARTY_PROVENANCE.md, modules.txt) AND not a Go vendored module",
+          "value": "Within the vendored-code artifact: vendor/ or third_party/ directories present AND no provenance manifest (vendor.json, THIRD_PARTY_PROVENANCE.md, modules.txt) AND not a Go vendored module",
           "description": "Vendored code without machine-verifiable upstream provenance (theater #11).",
           "confidence": "deterministic",
           "deterministic": true
@@ -894,7 +890,7 @@
         {
           "id": "skill-signing-but-verification-not-gated",
           "type": "file_path",
-          "value": "Repo contains skill / plugin signing infrastructure (sign.js / cosign sign-blob in workflow) AND verify step exists in a separate workflow OR is conditionally skipped on the publish workflow",
+          "value": "The skill-signing-infrastructure artifact reports sign.js / cosign sign-blob present AND within the release-workflows artifact the verify step exists in a separate workflow OR is conditionally skipped on the publish workflow",
           "description": "Signing-without-gating (theater #8) — AI-tool publisher fingerprint.",
           "confidence": "high",
           "deterministic": false
@@ -902,7 +898,7 @@
         {
           "id": "ssdf-claimed-cra-not-ready",
           "type": "behavioral_signal",
-          "value": "README / docs / SECURITY.md claim NIST SSDF compliance AND no five-year-support-commitment statement AND no CSAF advisory pipeline AND no signed-and-distributed SBOM",
+          "value": "README / docs / SECURITY.md (security-md artifact) claim NIST SSDF compliance AND the changelog artifact + release-checklist artifact carry no documented five-year-support-commitment statement AND no CSAF advisory pipeline (github-security-advisories artifact shows no CSAF-formatted disclosures) AND no signed-and-distributed SBOM (cross-references the sbom-absent-or-unsigned finding)",
           "description": "SSDF-as-CRA-readiness theater (theater #12).",
           "confidence": "high",
           "deterministic": false
@@ -910,7 +906,7 @@
         {
           "id": "publish-workflow-runs-on-self-hosted",
           "type": "file_path",
-          "value": "Publish/release job runs-on includes 'self-hosted' OR a non-GitHub-hosted ephemeral runner",
+          "value": "Within the release-workflows artifact: publish/release job runs-on includes 'self-hosted' OR a non-GitHub-hosted ephemeral runner",
           "description": "Self-hosted runner — persistent runner state can be poisoned across runs.",
           "confidence": "high",
           "deterministic": false

package/data/playbooks/runtime.json

@@ -406,7 +406,7 @@
         {
           "id": "non-baseline-suid",
           "type": "file_path",
-          "value": "Any SUID/SGID binary not in /var/lib/exceptd/suid-baseline.txt AND not in the distro's official SUID list for the running version",
+          "value": "Within the suid-binaries artifact: any SUID/SGID binary not in /var/lib/exceptd/suid-baseline.txt AND not in the distro's official SUID list for the running version",
           "description": "Non-baseline SUID binary. Could be (a) post-install drift, (b) attacker-planted persistence, or (c) third-party install. All three need a finding.",
           "confidence": "high",
           "deterministic": false,
@@ -415,7 +415,7 @@
         {
           "id": "sudoers-nopasswd-wildcard",
           "type": "log_pattern",
-          "value": "sudoers entry matching regex `NOPASSWD:\\s*(ALL|/[^,]*\\*)` for non-root user",
+          "value": "Within the sudo-rules artifact: any sudoers entry matching regex `NOPASSWD:\\s*(ALL|/[^,]*\\*)` for non-root user",
           "description": "Wildcard NOPASSWD entry for a non-root user is an LPE primitive. Indistinguishable on the host from an attacker-planted backdoor.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -424,7 +424,7 @@
         {
           "id": "duplicate-uid-zero",
           "type": "log_pattern",
-          "value": "/etc/passwd contains more than one entry with UID 0",
+          "value": "Within the passwd-shadow-baseline artifact: /etc/passwd contains more than one entry with UID 0",
           "description": "Multiple UID=0 accounts. T1136.001 persistence pattern. Outside legitimate installs.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -433,7 +433,7 @@
         {
           "id": "listening-socket-unknown-bind",
           "type": "network_pattern",
-          "value": "Listening TCP/UDP socket bound to 0.0.0.0 or :: on a port not in the host's documented service inventory",
+          "value": "Within the union of listening-sockets and listening-sockets-udp artifacts: any TCP/UDP socket bound to 0.0.0.0 or :: on a port not in the host's documented service inventory",
           "description": "Unknown external-bound listener. Could be a forgotten test service, a rogue agent, or a C2 listener.",
           "confidence": "high",
           "deterministic": false,
@@ -442,7 +442,7 @@
         {
           "id": "cron-or-timer-outside-policy",
           "type": "file_path",
-          "value": "Cron entry in /etc/cron.{d,hourly,daily,weekly,monthly} OR systemd timer in /etc/systemd/system/ NOT in the org's scheduled-task inventory",
+          "value": "Across the cron-entries, user-cron, systemd-timers, and systemd-services artifacts: any unit / cron entry NOT in the org's scheduled-task inventory (system-wide cron under /etc/cron.{d,hourly,daily,weekly,monthly}, per-user crontab from user-cron, OR systemd .timer / enabled .service in systemd-timers/systemd-services)",
           "description": "Scheduled task not in change-management record. T1053.003 / T1053.006 persistence.",
           "confidence": "high",
           "deterministic": false,
@@ -451,7 +451,7 @@
         {
           "id": "world-writable-in-trusted-path",
           "type": "file_path",
-          "value": "World-writable file under /etc, /usr/local/bin, /usr/local/sbin, /opt",
+          "value": "Within the world-writable-paths artifact: any world-writable file under /etc, /usr/local/bin, /usr/local/sbin, /opt",
           "description": "Hijack-execution-flow primitive. Any non-root process can replace the file.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -460,7 +460,7 @@
         {
           "id": "orphan-privileged-process",
           "type": "process_name",
-          "value": "Process running as UID 0 with PPID 1 AND parent != systemd/init AND executable path under /tmp, /dev/shm, /var/tmp, /home",
+          "value": "Within the process-tree artifact: any process running as UID 0 with PPID 1 AND parent != systemd/init AND executable path under /tmp, /dev/shm, /var/tmp, /home",
           "description": "Privileged orphan in a writable temp path. Common implant shape.",
           "confidence": "deterministic",
           "deterministic": true,

package/data/playbooks/sbom.json

@@ -627,7 +627,7 @@
         {
           "id": "package-matches-catalogued-cve",
           "type": "log_pattern",
-          "value": "Any inventoried package version falls inside any catalogued CVE's affected_versions range, where the CVE's framework and category match the package's class",
+          "value": "Across the union of inventoried packages — dpkg-packages, rpm-packages, brew-packages, npm-global-packages, pip-packages, cargo-installed, gem-packages, go-binaries, repo-lockfiles entries, AND container-image-layers package manifests — any version falls inside any affected_versions range in the cve-catalog artifact, where the cve-catalog entry's framework and category match the inventoried package's class",
           "description": "Primary detector — installed-package version matches a catalogued CVE.",
           "confidence": "high",
           "deterministic": false,
@@ -636,7 +636,7 @@
         {
           "id": "lockfile-no-integrity",
           "type": "log_pattern",
-          "value": "Any pinned dependency in walked lockfiles lacks an integrity field (sha512/sha384/sha256, sri-integrity, go.sum-style hash)",
+          "value": "Within the repo-lockfiles artifact: any pinned dependency lacks an integrity field (sha512/sha384/sha256, sri-integrity, go.sum-style hash)",
           "description": "Theater fingerprint #2 detection — name-pinned without integrity.",
           "confidence": "deterministic",
           "deterministic": true
@@ -644,7 +644,7 @@
         {
           "id": "transitive-deps-incomplete-sbom",
           "type": "log_pattern",
-          "value": "SBOM artifact present AND transitive dep count > SBOM component count * 1.05",
+          "value": "The sbom-artifacts artifact has at least one entry present AND the transitive dep count (computed from repo-lockfiles + container-image-layers) > SBOM component count * 1.05",
           "description": "Theater fingerprint #3 — SBOM lists direct deps only.",
           "confidence": "high",
           "deterministic": false
@@ -652,7 +652,7 @@
         {
           "id": "matched-cve-without-vex",
           "type": "log_pattern",
-          "value": "package-matches-catalogued-cve == true AND no VEX statement exists for the matched CVE in the org's VEX register",
+          "value": "package-matches-catalogued-cve == true AND no entry in the vex-statements artifact covers the matched CVE (no *.vex.json / *.csaf.json statement carrying status_notes for the CVE id) — and the cve-catalog entry for that CVE is not marked vendor-rejected",
           "description": "Theater fingerprint #4 detection — matched CVE without exploitability declaration.",
           "confidence": "deterministic",
           "deterministic": true
@@ -660,7 +660,7 @@
         {
           "id": "ai-code-no-provenance",
           "type": "behavioral_signal",
-          "value": "ai-coding-assistant-inventory shows at least one installed assistant AND SBOM has no fields capturing AI-emitted code (no ml-bom, no spdx ai-profile, no commit-trailer convention)",
+          "value": "ai-coding-assistant-inventory shows at least one installed assistant AND the sbom-artifacts artifact has no fields capturing AI-emitted code (no ml-bom, no spdx ai-profile, no commit-trailer convention)",
           "description": "Theater fingerprint #5 detection — AI in use, AI-emitted code not in SBOM.",
           "confidence": "high",
           "deterministic": false
@@ -694,7 +694,7 @@
         {
           "id": "tanstack-worm-payload-files",
           "type": "file_path",
-          "value": "node_modules/@tanstack/*/router_init.js exists OR node_modules/@tanstack/*/router_runtime.js exists",
+          "value": "Within the tanstack-payload-sweep artifact: node_modules/@tanstack/*/router_init.js exists OR node_modules/@tanstack/*/router_runtime.js exists",
           "description": "CVE-2026-45321 (Mini Shai-Hulud) payload markers — these files do not exist in clean TanStack packages.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -703,7 +703,7 @@
         {
           "id": "tanstack-worm-resolved-during-publish-window",
           "type": "log_pattern",
-          "value": "Lockfile entry for any @tanstack/* package resolved within 2026-05-11T19:20Z..2026-05-11T19:26Z (the malicious publish window)",
+          "value": "Within the repo-lockfiles artifact: any @tanstack/* entry resolved within 2026-05-11T19:20Z..2026-05-11T19:26Z (the malicious publish window)",
           "description": "CVE-2026-45321 timing match — any @tanstack/* package whose lockfile-recorded resolution timestamp falls inside the 6-minute attacker publish window is suspect even if the payload markers were since cleaned.",
           "confidence": "high",
           "deterministic": false,
@@ -712,7 +712,7 @@
         {
           "id": "agent-persistence-claude-session-start-hook",
           "type": "file_path",
-          "value": ".claude/settings.json contains hooks.SessionStart referencing .vscode/setup.mjs OR any non-blamejs-installed script",
+          "value": "Within the agent-persistence-claude-settings artifact: .claude/settings.json contains hooks.SessionStart referencing .vscode/setup.mjs OR any non-blamejs-installed script",
           "description": "CVE-2026-45321 persistence vector — worm installs a SessionStart hook to re-arm on next Claude Code launch. Any SessionStart hook running an in-repo .mjs that the operator didn't author is suspect.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -721,7 +721,7 @@
         {
           "id": "agent-persistence-vscode-folder-open-task",
           "type": "file_path",
-          "value": ".vscode/tasks.json contains a runOptions.runOn=folderOpen task pointing at .vscode/setup.mjs or similar",
+          "value": "Within the agent-persistence-vscode-tasks artifact: .vscode/tasks.json contains a runOptions.runOn=folderOpen task pointing at .vscode/setup.mjs or similar",
           "description": "CVE-2026-45321 persistence vector — folder-open hook re-arms on every VS Code re-open of the directory.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -739,7 +739,7 @@
         {
           "id": "ci-cache-poisoning-co-residency",
           "type": "log_pattern",
-          "value": "Repo .github/workflows/ contains BOTH (a) a workflow with `on: pull_request_target` AND (b) any workflow with `permissions: id-token: write` AND (c) any actions/cache step shared between the two",
+          "value": "Within the github-workflows artifact: the .github/workflows/ set contains BOTH (a) a workflow with `on: pull_request_target` AND (b) any workflow with `permissions: id-token: write` AND (c) any actions/cache step shared between the two",
           "description": "Architectural pre-condition for CVE-2026-45321-style chained-primitives attacks. Even without the payload, this co-residency means any successful fork-PR exploit can poison the cache that the publish workflow restores. Mitigation: separate cache namespaces, or remove pull_request_target.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -748,7 +748,7 @@
         {
           "id": "npm-registry-no-cooldown",
           "type": "file_path",
-          "value": ".npmrc and ~/.npmrc both lack `before=` or `minimumReleaseAge=` settings, AND project consumes any npm package",
+          "value": "Within the npmrc-cooldown-policy artifact: .npmrc and ~/.npmrc both lack `before=` or `minimumReleaseAge=` settings, AND the project consumes any npm package (any repo-lockfiles entry of class npm/yarn/pnpm exists)",
           "description": "Mitigation gap for CVE-2026-45321 and similar fresh-publish worms. Without a registry cooldown, `npm install` will accept a version published seconds ago. Recommended: `before=72h` (npm 11+) or `minimumReleaseAge=4320` minutes. The worm was caught publicly within 20 minutes; 72h is overkill-safe.",
           "confidence": "high",
           "deterministic": false

package/data/playbooks/secrets.json

@@ -376,7 +376,7 @@
         {
           "id": "aws-access-key-id",
           "type": "log_pattern",
-          "value": "AKIA[0-9A-Z]{16}",
+          "value": "Within the secret-regex-scan-text-files artifact, bounded by the repo-tree scope and applied to env-files, auth-config-files, and iac-credential-bearers content: regex AKIA[0-9A-Z]{16}",
           "description": "AWS Access Key ID. Long-lived IAM user credential. Scraper-bot priority target.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -448,7 +448,7 @@
         {
           "id": "ssh-private-key-block",
           "type": "log_pattern",
-          "value": "-----BEGIN ((RSA|EC|DSA|OPENSSH|ENCRYPTED) )?PRIVATE KEY-----",
+          "value": "Across the union of secret-regex-scan-text-files (text-file content) and ssh-private-keys (file inventory) artifacts: regex `-----BEGIN ((RSA|EC|DSA|OPENSSH|ENCRYPTED) )?PRIVATE KEY-----` matches, OR the ssh-private-keys artifact lists any private-key file under the repo tree (committed key material is always a finding regardless of regex hit on the surrounding text)",
           "description": "Inline SSH/PEM private key material in a text file.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -475,7 +475,7 @@
         {
           "id": "world-writable-env-file",
           "type": "file_path",
-          "value": ".env / .env.* / .envrc with mode 0666 or 0664 (group/world writable)",
+          "value": "Within the world-writable-secret-files artifact, restricted to entries from the env-files artifact: any .env / .env.* / .envrc with mode 0666 or 0664 (group/world writable)",
           "description": "Env file writable by group or world. Tampering primitive.",
           "confidence": "deterministic",
           "deterministic": true,
@@ -484,7 +484,7 @@
         {
           "id": "ssh-key-bad-perms",
           "type": "file_path",
-          "value": "~/.ssh/id_* file with mode != 0600",
+          "value": "Within the world-writable-secret-files artifact, restricted to entries from the ssh-private-keys artifact and ~/.ssh/id_* paths: any private-key file with mode != 0600",
           "description": "SSH private key with permissive permissions. ssh-agent refuses to load; user often chmods to 0644 or 0666 'to make it work'.",
           "confidence": "deterministic",
           "deterministic": true,