@blamejs/exceptd-skills 0.12.7 → 0.12.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/AGENTS.md +15 -1
  2. package/ARCHITECTURE.md +21 -5
  3. package/CHANGELOG.md +150 -0
  4. package/README.md +1 -1
  5. package/bin/exceptd.js +416 -69
  6. package/data/_indexes/_meta.json +44 -44
  7. package/data/_indexes/activity-feed.json +34 -34
  8. package/data/_indexes/catalog-summaries.json +9 -9
  9. package/data/_indexes/chains.json +249 -11
  10. package/data/_indexes/frequency.json +63 -5
  11. package/data/_indexes/jurisdiction-map.json +13 -3
  12. package/data/_indexes/section-offsets.json +1171 -1027
  13. package/data/_indexes/summary-cards.json +2 -2
  14. package/data/_indexes/token-budget.json +232 -152
  15. package/data/atlas-ttps.json +189 -1
  16. package/data/cve-catalog.json +34 -22
  17. package/data/cwe-catalog.json +290 -1
  18. package/data/d3fend-catalog.json +163 -1
  19. package/data/framework-control-gaps.json +243 -0
  20. package/data/playbooks/containers.json +23 -5
  21. package/data/playbooks/cred-stores.json +9 -9
  22. package/data/playbooks/crypto.json +8 -8
  23. package/data/playbooks/hardening.json +46 -10
  24. package/data/playbooks/library-author.json +16 -20
  25. package/data/playbooks/mcp.json +1 -0
  26. package/data/playbooks/runtime.json +7 -7
  27. package/data/playbooks/sbom.json +11 -11
  28. package/data/playbooks/secrets.json +4 -4
  29. package/data/rfc-references.json +144 -0
  30. package/lib/playbook-runner.js +119 -35
  31. package/lib/prefetch.js +27 -6
  32. package/lib/refresh-external.js +32 -9
  33. package/lib/schemas/skill-frontmatter.schema.json +2 -2
  34. package/manifest-snapshot.json +1 -1
  35. package/manifest.json +73 -73
  36. package/orchestrator/index.js +1 -1
  37. package/package.json +2 -1
  38. package/sbom.cdx.json +6 -6
  39. package/scripts/check-sbom-currency.js +87 -0
  40. package/scripts/check-test-coverage.README.md +148 -0
  41. package/scripts/check-test-coverage.js +476 -0
  42. package/scripts/hooks/pre-commit.sh +19 -0
  43. package/scripts/predeploy.js +14 -30
  44. package/skills/age-gates-child-safety/skill.md +3 -0
  45. package/skills/ai-attack-surface/skill.md +29 -1
  46. package/skills/ai-c2-detection/skill.md +30 -1
  47. package/skills/ai-risk-management/skill.md +3 -0
  48. package/skills/api-security/skill.md +3 -0
  49. package/skills/attack-surface-pentest/skill.md +3 -0
  50. package/skills/cloud-security/skill.md +3 -0
  51. package/skills/compliance-theater/skill.md +6 -0
  52. package/skills/container-runtime-security/skill.md +3 -0
  53. package/skills/coordinated-vuln-disclosure/skill.md +8 -1
  54. package/skills/defensive-countermeasure-mapping/skill.md +1 -1
  55. package/skills/dlp-gap-analysis/skill.md +3 -0
  56. package/skills/email-security-anti-phishing/skill.md +9 -1
  57. package/skills/exploit-scoring/skill.md +6 -0
  58. package/skills/identity-assurance/skill.md +6 -1
  59. package/skills/incident-response-playbook/skill.md +8 -2
  60. package/skills/kernel-lpe-triage/skill.md +24 -4
  61. package/skills/mcp-agent-trust/skill.md +28 -1
  62. package/skills/mlops-security/skill.md +3 -0
  63. package/skills/ot-ics-security/skill.md +3 -0
  64. package/skills/policy-exception-gen/skill.md +6 -0
  65. package/skills/rag-pipeline-security/skill.md +30 -1
  66. package/skills/researcher/skill.md +6 -0
  67. package/skills/sector-energy/skill.md +3 -0
  68. package/skills/sector-federal-government/skill.md +3 -0
  69. package/skills/sector-financial/skill.md +3 -0
  70. package/skills/sector-healthcare/skill.md +3 -0
  71. package/skills/security-maturity-tiers/skill.md +25 -1
  72. package/skills/skill-update-loop/skill.md +38 -0
  73. package/skills/supply-chain-integrity/skill.md +3 -0
  74. package/skills/threat-model-currency/skill.md +4 -0
  75. package/skills/threat-modeling-methodology/skill.md +3 -0
  76. package/skills/webapp-security/skill.md +3 -0
  77. package/skills/zeroday-gap-learn/skill.md +6 -0
package/data/_indexes/frequency.json CHANGED
@@ -2039,11 +2039,69 @@
2039
2039
  "dlp_refs": []
2040
2040
  },
2041
2041
  "uncited": {
2042
- "cwe_refs": [],
2043
- "atlas_refs": [],
2044
- "d3fend_refs": [],
2045
- "framework_gaps": [],
2046
- "rfc_refs": [],
2042
+ "cwe_refs": [
2043
+ "CWE-250",
2044
+ "CWE-256",
2045
+ "CWE-284",
2046
+ "CWE-310",
2047
+ "CWE-312",
2048
+ "CWE-326",
2049
+ "CWE-328",
2050
+ "CWE-329",
2051
+ "CWE-330",
2052
+ "CWE-331",
2053
+ "CWE-338",
2054
+ "CWE-353",
2055
+ "CWE-426",
2056
+ "CWE-522",
2057
+ "CWE-759",
2058
+ "CWE-760",
2059
+ "CWE-916"
2060
+ ],
2061
+ "atlas_refs": [
2062
+ "AML.T0024",
2063
+ "AML.T0044",
2064
+ "AML.T0048",
2065
+ "AML.T0053",
2066
+ "AML.T0055",
2067
+ "AML.T0057"
2068
+ ],
2069
+ "d3fend_refs": [
2070
+ "D3-ANCI",
2071
+ "D3-CAA",
2072
+ "D3-CH",
2073
+ "D3-EI",
2074
+ "D3-FCR",
2075
+ "D3-KBPI",
2076
+ "D3-SCA",
2077
+ "D3-SFA"
2078
+ ],
2079
+ "framework_gaps": [
2080
+ "AU-Essential-8-App-Hardening",
2081
+ "AU-Essential-8-Backup",
2082
+ "AU-Essential-8-MFA",
2083
+ "AU-Essential-8-Patch",
2084
+ "EU-AI-Act-Art-15",
2085
+ "NIS2-Art21-incident-handling",
2086
+ "UK-CAF-A1",
2087
+ "UK-CAF-B2",
2088
+ "UK-CAF-C1",
2089
+ "UK-CAF-D1"
2090
+ ],
2091
+ "rfc_refs": [
2092
+ "CSAF-2.0",
2093
+ "ISO-29147",
2094
+ "ISO-30111",
2095
+ "RFC-6376",
2096
+ "RFC-6545",
2097
+ "RFC-6546",
2098
+ "RFC-7208",
2099
+ "RFC-7489",
2100
+ "RFC-7970",
2101
+ "RFC-8461",
2102
+ "RFC-8616",
2103
+ "RFC-9116"
2104
+ ],
2047
2105
  "dlp_refs": [
2048
2106
  "DLP-CHAN-CLIPBOARD-AI",
2049
2107
  "DLP-CHAN-CODE-COMPLETION",
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -2,6 +2,8 @@
2
2
  "EU": {
3
3
  "skills": [
4
4
  "age-gates-child-safety",
5
+ "ai-attack-surface",
6
+ "ai-c2-detection",
5
7
  "ai-risk-management",
6
8
  "api-security",
7
9
  "attack-surface-pentest",
@@ -24,6 +26,7 @@
24
26
  "ot-ics-security",
25
27
  "policy-exception-gen",
26
28
  "pqc-first",
29
+ "rag-pipeline-security",
27
30
  "researcher",
28
31
  "sector-energy",
29
32
  "sector-federal-government",
@@ -38,11 +41,13 @@
38
41
  "zeroday-gap-learn"
39
42
  ],
40
43
  "example_excerpts": {},
41
- "skill_count": 35
44
+ "skill_count": 38
42
45
  },
43
46
  "UK": {
44
47
  "skills": [
45
48
  "age-gates-child-safety",
49
+ "ai-attack-surface",
50
+ "ai-c2-detection",
46
51
  "ai-risk-management",
47
52
  "api-security",
48
53
  "attack-surface-pentest",
@@ -59,9 +64,11 @@
59
64
  "identity-assurance",
60
65
  "incident-response-playbook",
61
66
  "kernel-lpe-triage",
67
+ "mcp-agent-trust",
62
68
  "mlops-security",
63
69
  "ot-ics-security",
64
70
  "pqc-first",
71
+ "rag-pipeline-security",
65
72
  "researcher",
66
73
  "sector-energy",
67
74
  "sector-federal-government",
@@ -75,11 +82,13 @@
75
82
  "webapp-security"
76
83
  ],
77
84
  "example_excerpts": {},
78
- "skill_count": 31
85
+ "skill_count": 35
79
86
  },
80
87
  "AU": {
81
88
  "skills": [
82
89
  "age-gates-child-safety",
90
+ "ai-attack-surface",
91
+ "ai-c2-detection",
83
92
  "ai-risk-management",
84
93
  "api-security",
85
94
  "attack-surface-pentest",
@@ -101,6 +110,7 @@
101
110
  "mlops-security",
102
111
  "ot-ics-security",
103
112
  "pqc-first",
113
+ "rag-pipeline-security",
104
114
  "researcher",
105
115
  "sector-energy",
106
116
  "sector-federal-government",
@@ -115,7 +125,7 @@
115
125
  "zeroday-gap-learn"
116
126
  ],
117
127
  "example_excerpts": {},
118
- "skill_count": 34
128
+ "skill_count": 37
119
129
  },
120
130
  "SG": {
121
131
  "skills": [