@blamejs/exceptd-skills 0.12.8 → 0.12.9

package/lib/refresh-external.js

@@ -669,17 +669,20 @@ function rfcDiffFromCache(ctx) {
 
 function pinsDiffFromCache(ctx) {
   // Cache layout under pins/: <owner>__<repo>__releases.json arrays.
+  // Only repos that publish via GitHub Releases live here — D3FEND and CWE
+  // were removed in the same pass that pruned them from lib/prefetch.js's
+  // SOURCES.pins (neither project tags releases on GitHub; D3FEND ships
+  // the ontology from d3fend/d3fend-ontology without tagged releases,
+  // and CWE distributes XML from cwe.mitre.org). Pin currency for those
+  // two frameworks is monitored via lib/upstream-check.js against their
+  // canonical mitre.org endpoints, not through the prefetch cache.
   const PIN_REPOS = {
     atlas_version:  "mitre-atlas__atlas-data__releases",
     attack_version: "mitre-attack__attack-stix-data__releases",
-    d3fend_version: "d3fend__d3fend-data__releases",
-    cwe_version:    "mitre__cwe__releases",
   };
   const localOf = {
     atlas_version:  ctx.manifest.atlas_version,
     attack_version: ctx.manifest.attack_version,
-    d3fend_version: ctx.d3fendCatalog?._meta?.version || ctx.d3fendCatalog?._meta?.d3fend_version || null,
-    cwe_version:    ctx.cweCatalog?._meta?.version || ctx.cweCatalog?._meta?.cwe_version || null,
   };
   const diffs = [];
   let errors = 0;

package/manifest-snapshot.json

@@ -1,6 +1,6 @@
 {
   "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
-  "_generated_at": "2026-05-13T13:51:52.021Z",
+  "_generated_at": "2026-05-13T15:30:27.029Z",
   "atlas_version": "5.1.0",
   "skill_count": 38,
   "skills": [

package/manifest.json

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.12.8",
+  "version": "0.12.9",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -52,7 +52,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "GfdaqLFofMiou8doFBE68J+ll50MU3EfJh6N6mNL6RwjABmHsbyfOXCeEpR3NlhbDrYJaG4hpZg4PwhN+t9QAA==",
-      "signed_at": "2026-05-13T13:49:35.661Z",
+      "signed_at": "2026-05-13T15:30:26.578Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -115,8 +115,8 @@
         "SOC2-CC6-logical-access"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "nLX2BIN16cSk0wLO9f9lXrZgX8Xg1LTsewq2PUEdv96BTV/SmEWt9jsdHus7X+8bnBX24pGTVBA4lLkOcc1MCQ==",
-      "signed_at": "2026-05-13T13:49:35.664Z",
+      "signature": "m93naZQwujXBedWEjRN+88R1b2q/Dzs595Rz0ufsctsSVL2kiqlorzqqwL4mIXBDUM/HJAMRyFzPQoxOhh5qBw==",
+      "signed_at": "2026-05-13T15:30:26.580Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -178,8 +178,8 @@
         "RFC-9700"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "BfqANngtx1dcIgPqVbO1KkDV8MS4EjJrUM71zs7F9EdCnIA7/EO2tH/e1e5LKbx3K+XcUSrNKHCP/vjLDdU4Cg==",
-      "signed_at": "2026-05-13T13:49:35.664Z",
+      "signature": "gvC+DFTp8TONJiYIq/Uvg/uTCWyQ2vjdU8hhNEjYqTghxwnNbryePTmvcxb1VZDBSv1r+kyE2MpHRBzSdLhxDQ==",
+      "signed_at": "2026-05-13T15:30:26.581Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -225,7 +225,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "FqTRjHfEgw56pyHnyWzNtnhzDMEePBtmuamtW/iyX+h4yqbvP4Fyr7NRjRs3EgqT4j7oHuEZhV9Jt6ZTBgN4AA==",
-      "signed_at": "2026-05-13T13:49:35.664Z"
+      "signed_at": "2026-05-13T15:30:26.582Z"
     },
     {
       "name": "compliance-theater",
@@ -255,8 +255,8 @@
         "CMMC-2.0-Level-2"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "3fN4yotiIIq76PVTHwozCu28TzDZvWule6vX8SXUT3XXbIBSuvAO0M/euvc3pw3TdZ2UNf78dI18lOCNdJ0aAg==",
-      "signed_at": "2026-05-13T13:49:35.665Z"
+      "signature": "69KnW3ol+BZAcIbex0JJo6/71BgBE4S4o9CxZPd5kgzm5kb85PwzE6KfnK40OaE1jz36FUYJgiQZo/T7RiDhAA==",
+      "signed_at": "2026-05-13T15:30:26.582Z"
     },
     {
       "name": "exploit-scoring",
@@ -284,8 +284,8 @@
         "CIS-Controls-v8-Control7"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "yZfpk4lQMRXegj2ADWjMmZTchUN6Lxpv587O/0JMzbNkXQtD6FrSAQOBWjx8S7uQ/sTntxgGN7aQQDLxL9RWAA==",
-      "signed_at": "2026-05-13T13:49:35.665Z"
+      "signature": "k13lnnr4U4H58LOr2rj+ygF80RnVsdpAyGLXAdyLaY5oJFwfmEMMZQVLrcPhDx6cIQgP+Muzgtolhkh577kCCw==",
+      "signed_at": "2026-05-13T15:30:26.582Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -321,8 +321,8 @@
         "OWASP-LLM-Top-10-2025-LLM08"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "jftNQxDKXpcJQg5iZz2y0wNw7N6ZC3XuRrHsgxCv9bq5Mrke+L6sLyiYxcxOHZ/8Z0g7ThwBuyLEtnQOAyUvBQ==",
-      "signed_at": "2026-05-13T13:49:35.665Z",
+      "signature": "X4avgw01bNVZjoiYDF+NN9qSOTjaH2I/7nRbPByoTLzMcORO7zTrZtqpGExJiV3Dmn0EtJ2dX07P65MqQIWHCA==",
+      "signed_at": "2026-05-13T15:30:26.582Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -378,8 +378,8 @@
         "RFC-9000"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "y2SJLIuK/2QRD+hJxlANS0/fJUahvqbSCWEL+RCy7HpVOacpGZ7KyiVKYPAwbjc7MwRYIOfhcPixATMENV2TAA==",
-      "signed_at": "2026-05-13T13:49:35.666Z",
+      "signature": "SQWndklQmECBemQj42XTfdXM9+7iH+LgIb+qanQsUGT6dhQi7RsXlLeMxe74hVvwpDeUKsn22u23J4bWJh+HCw==",
+      "signed_at": "2026-05-13T15:30:26.583Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -413,8 +413,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "VMNGFvowXLbBjZp5nvWloKkqyqHKhnSzbVRU3gX9quOZJHH56w2M4id+oDsXIjR0CfRRb7eXl/so0Hq4xLBuBQ==",
-      "signed_at": "2026-05-13T13:49:35.666Z",
+      "signature": "Dc740zhVm0mtlbj80QfgPcAKFyLZbbDJx/gdNHyYui0XKC3YNxykjcbqKOXnfdLAKkeLwWjMqZefkQk49wueAQ==",
+      "signed_at": "2026-05-13T15:30:26.583Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -441,8 +441,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "5MaJs7gPCuFlK4oAttLulAPOA1noeV+xD/UqVWaVyRedXZgebBGKjnlE2t1qmTugvxlNIfeAnBZapk+Wz3VAAg==",
-      "signed_at": "2026-05-13T13:49:35.666Z"
+      "signature": "3w189PCSFqXTTqlzNc14EKcW7vZ/CtAkuKB2hE4ERdJX+0DNo5AOfrPLjOD1/LdZpPLayEjDTZ83WGtEsMu1Cw==",
+      "signed_at": "2026-05-13T15:30:26.583Z"
     },
     {
       "name": "global-grc",
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "S/YXUpI/mcG2FpdUTgMsccWBtTaR5A4Ph4QFQw31S9w9Hn/z3sOFHLkb1B5YSwlg+mMOtSIxMdet1eLGSZkTDg==",
-      "signed_at": "2026-05-13T13:49:35.667Z"
+      "signed_at": "2026-05-13T15:30:26.584Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -500,8 +500,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
-      "signature": "AKS+JsmhhBtytY2eIMuydjkZOYprWCmQ+RqxyxcVG9XcEI29ZSM/JbVIINQHozFl7OPPrOu1ouiTnk7LOJ86Bg==",
-      "signed_at": "2026-05-13T13:49:35.667Z"
+      "signature": "84nQaJylnNIZ47BD7dSBryWwntprRc9zqoTb6i5K7jV6cq7bUm6fVlrCTlFGg/oWLMX3x9JHmc9hqZhgdzRMCw==",
+      "signed_at": "2026-05-13T15:30:26.585Z"
     },
     {
       "name": "pqc-first",
@@ -553,7 +553,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "oEkK5bLS/G5RIHnxlNFJYdzhTJbKZnkJv+W4iS9UJ/uszZHgZGoxygELPc4kn3FowV5eE988SQYG4WKlXtNzCg==",
-      "signed_at": "2026-05-13T13:49:35.668Z",
+      "signed_at": "2026-05-13T15:30:26.585Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -599,8 +599,8 @@
         "Framework publication updates"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "yX9SfZAba8XA8qIYHVtY8je6Jju40Y5ZnoOoWsze1vWlh++wO6OwDWdd2gXie78K6VjeGq8OzGRnSB49IOtXCQ==",
-      "signed_at": "2026-05-13T13:49:35.668Z"
+      "signature": "JCrqB0GmldDIYPpgC+U3DDzxpYWJa0QgEQF7L1T8kxY0U0bsa7cw87CNC5KGk1VZRNsCa3v/I4XR1E/T5GkpBA==",
+      "signed_at": "2026-05-13T15:30:26.585Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -636,8 +636,8 @@
         "PQC tooling maturity shifting overkill to practical"
       ],
       "last_threat_review": "2026-05-01",
-      "signature": "43fjE2TSziIncgs+TssBWtY6dHGsmAWfLMsqecDd25Jj3gWruRMDBWe3IpGTE8PGbd27v7ySWGPPrz/kF/FTAQ==",
-      "signed_at": "2026-05-13T13:49:35.668Z",
+      "signature": "ctxS+0nGTJgJ4YroLpckhG+ryjYxfwvisSeGt2o8OF6eiQBlu/VbrOk03Jb+qkahgD0mLnSeBE4sjRwekGL9BQ==",
+      "signed_at": "2026-05-13T15:30:26.585Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -671,8 +671,8 @@
       "attack_refs": [],
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
-      "signature": "+evehnd2wSBb8uMTlTr5/aTN4bfLjsKzZJk/+OMLMOJrjCt+OuMU7EQC6xMUGeSc4cPEGajghDvq3xVaacV2Dw==",
-      "signed_at": "2026-05-13T13:49:35.669Z"
+      "signature": "cdmQWTu9bFjeheH/B6pa88zCtPqVeEDDElnC/h7pUQ/JQSh9HuqCSiK/Jv2C4gaLA9h0dmKVe7NEFajshrZZDA==",
+      "signed_at": "2026-05-13T15:30:26.586Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -743,7 +743,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "6YqZpHsmUz1/aTyOPNDUgJquKaacOqEqTIELHc5wlaydDz4bYboutEu/YiTYy+wF/nYo2nOyuJfMdR8jsYwEDQ==",
-      "signed_at": "2026-05-13T13:49:35.669Z"
+      "signed_at": "2026-05-13T15:30:26.586Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -803,7 +803,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "+ELdD+1AY5DymBitH7wU65CS60NY1nDoLowJAFn7cE5Gr/5jy9BTkyxsm7PEXaSlXWMOkTf/HQ+uyzyxUVD/Bw==",
-      "signed_at": "2026-05-13T13:49:35.669Z"
+      "signed_at": "2026-05-13T15:30:26.586Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -878,7 +878,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "H1N113M/YhnEPQptJ2B88wwAOB4eMPKuVABQ4DSlMjFMsX0ts1DBCupHHDoHcJHbi8vs+Wi10ekpL5SnsroZDQ==",
-      "signed_at": "2026-05-13T13:49:35.669Z"
+      "signed_at": "2026-05-13T15:30:26.586Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -955,7 +955,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "TmV9ZBDYqp2pHIbNZKQYf+kZLNAiyagnH/pjK9+LiSd7OdFIN3KEpFHPUNzcivB/CT5q7nl7Tsmvc9UvGo8WDg==",
-      "signed_at": "2026-05-13T13:49:35.670Z"
+      "signed_at": "2026-05-13T15:30:26.587Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1012,7 +1012,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "XZigwq8X/csfrdG10O6Q1V5q0zUqSQGd3QrjRKkZ4fkaodG4mZahYuIQqxc8rU9jjtGAm9LtBXYB+I5csqj9Bw==",
-      "signed_at": "2026-05-13T13:49:35.670Z"
+      "signed_at": "2026-05-13T15:30:26.587Z"
     },
     {
       "name": "identity-assurance",
@@ -1079,7 +1079,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "pCvavMUh5wR/TFl03Vh6ggKJHWPjakOEPDh7IjaD/U3WLBGPF3eyLBzieNLrPDXxIBbCJqnt9E79Bd4e73xCCg==",
-      "signed_at": "2026-05-13T13:49:35.670Z"
+      "signed_at": "2026-05-13T15:30:26.588Z"
     },
     {
       "name": "ot-ics-security",
@@ -1135,7 +1135,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "3V0ZpDLRTmCBx5Li+9m3XKA+k9QR+l0aE55cRPMX+UTDRlStKSG5PgrSGcL2ZKJog9hKaUPmjIVh7kkn54SfAg==",
-      "signed_at": "2026-05-13T13:49:35.670Z"
+      "signed_at": "2026-05-13T15:30:26.588Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1187,7 +1187,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "UCiNjncvhkZItmLQA/Sm1/NCsOiLMwdCjfUw+067v4NIxhaMMaqRrAeD3KgMyEtov7m2Hq2kfwYSt5+DQsYDCQ==",
-      "signed_at": "2026-05-13T13:49:35.671Z"
+      "signed_at": "2026-05-13T15:30:26.588Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1237,7 +1237,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "i8ZUFT7hwTQJyqYXWh8rchdEUNv1kk0bzkF3BHOANFwuVoM0+mukOPr+rhKdOWCPjTX72EG+0Mbs6hBTSfBBAg==",
-      "signed_at": "2026-05-13T13:49:35.671Z"
+      "signed_at": "2026-05-13T15:30:26.588Z"
     },
     {
       "name": "webapp-security",
@@ -1311,7 +1311,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "3d+Hs8yfERF/NUuVhO3YFYCY+bVn7aAGbNCCyGeqYM2VIt7q/nzNXGfbNfJbSPezClwutOyxbzPwXMj+TjmMDA==",
-      "signed_at": "2026-05-13T13:49:35.671Z"
+      "signed_at": "2026-05-13T15:30:26.589Z"
     },
     {
       "name": "ai-risk-management",
@@ -1361,7 +1361,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "runa3PkfcThZmv5I+F6D1hOR/kfBeVOcdDZHsJ/59WOjsPj4BPi4d9MtP1vV7G9qq9daGGz6YzZGnejjin4pCA==",
-      "signed_at": "2026-05-13T13:49:35.672Z"
+      "signed_at": "2026-05-13T15:30:26.589Z"
     },
     {
       "name": "sector-healthcare",
@@ -1421,7 +1421,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "58fEAPnojhmGSpEIIyWIwfj65A2KB4SMyUCoieJ28OZaUktUF+56wLHQOdAW6v2fSeiriFqZEqGyKyLryGGcBg==",
-      "signed_at": "2026-05-13T13:49:35.672Z"
+      "signed_at": "2026-05-13T15:30:26.589Z"
     },
     {
       "name": "sector-financial",
@@ -1502,7 +1502,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "wByxWUburbU5PB7EHLDVAByCpMbhKRTWqSoVsBmxIDsz2jCiKb3ogJutFnAV2r2oXuQIUaffGvrvACIrJ2GlBQ==",
-      "signed_at": "2026-05-13T13:49:35.672Z"
+      "signed_at": "2026-05-13T15:30:26.590Z"
     },
     {
       "name": "sector-federal-government",
@@ -1571,7 +1571,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "gdiwq/+AQxxNJ2t90dITyLd2ZWdDKHxbyS2I+AVRdM45VVKQEAY4XyheGZW8m5wdDF7N9X2ENIE5CRMfP5jnCA==",
-      "signed_at": "2026-05-13T13:49:35.673Z"
+      "signed_at": "2026-05-13T15:30:26.590Z"
     },
     {
       "name": "sector-energy",
@@ -1636,7 +1636,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "3M6nshB0ZNfr3H/rpcy58+/yve91u8kiTOhwUBePTZ0lQeuzlXZZV6/36i/NTWKC4SwgMn8fsZCpLxA5llRaCg==",
-      "signed_at": "2026-05-13T13:49:35.673Z"
+      "signed_at": "2026-05-13T15:30:26.590Z"
     },
     {
       "name": "api-security",
@@ -1705,7 +1705,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rLOJBYVELFSVT2zLEByuko5Z1+HwGY99pQOC1XIVHs9l7gmY7F8N8luU/EBvVDcnT9w6nPiC5YKmCy/50LbxBQ==",
-      "signed_at": "2026-05-13T13:49:35.673Z"
+      "signed_at": "2026-05-13T15:30:26.591Z"
     },
     {
       "name": "cloud-security",
@@ -1786,7 +1786,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "PyA9IHcGNrCLC0AJW2jF5D5XheA60igeirjHb3IOz/HitBEg3t2g/siP6pAUImx3IUmwp9vh+A6k+KBuyHRgBQ==",
-      "signed_at": "2026-05-13T13:49:35.674Z"
+      "signed_at": "2026-05-13T15:30:26.591Z"
     },
     {
       "name": "container-runtime-security",
@@ -1848,7 +1848,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "/RQD2SZghTsrG7qurGb1uabyJ2IL9nmbqd412k8tqZw6nzdvvNFWcYDUGBACEQLbSlJvuaJeQdMHQH5ZzzkNDA==",
-      "signed_at": "2026-05-13T13:49:35.674Z"
+      "signed_at": "2026-05-13T15:30:26.591Z"
     },
     {
       "name": "mlops-security",
@@ -1919,7 +1919,7 @@
         "MITRE ATLAS v5.2 — track AML.T0010 sub-technique expansion and any new MLOps-pipeline-specific TTPs"
       ],
       "signature": "BeACZFTsTRZyGuOEc7NPGnGUQ84ZrFbYRsg+yqJxCH7QOM69jYJTnExyAyxXfiJyoytzSffJQNK3h0E48rm0BQ==",
-      "signed_at": "2026-05-13T13:49:35.674Z"
+      "signed_at": "2026-05-13T15:30:26.592Z"
     },
     {
       "name": "incident-response-playbook",
@@ -1981,7 +1981,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "oy63A4wX5g9rYq3wWYGSS9L7wndNaa1+wJPRPtiHMvQ6CNhTzN8kCs9Ur2SkT7U9BKYdfPLni0gGMjoeDbx+AA==",
-      "signed_at": "2026-05-13T13:49:35.675Z"
+      "signed_at": "2026-05-13T15:30:26.592Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2034,7 +2034,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "EFhMVyQdiLRtYPHsMADrX3aDXyWd/F5sjnGoWtUTeTiIOmrhFMOCHsvpTPotfsLt0u3LgRK5ACgjgeON8PgQAg==",
-      "signed_at": "2026-05-13T13:49:35.675Z"
+      "signed_at": "2026-05-13T15:30:26.592Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2102,7 +2102,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "MMWvg3lIf5ygm31zyf1E43t3W9MfRbMBBPrqlj1wOa8AxVJL8LICnAXfmyJ/TNJXwpF+rfZeDdoxXkql8wmtBA==",
-      "signed_at": "2026-05-13T13:49:35.675Z"
+      "signed_at": "2026-05-13T15:30:26.593Z"
     }
   ]
 }

package/orchestrator/index.js

@@ -246,7 +246,7 @@ function runSkillContext(skillName) {
   const context = getSkillContext(skillName);
   if (!context) {
     // Unified error shape across the CLI surface — see v0.10.3 bug #18.
-    process.stderr.write(JSON.stringify({ ok: false, error: `Skill not found: ${skillName}`, verb: "skill", hint: "Run `exceptd plan` or check skills/ for available skill IDs." }) + "\n");
+    process.stderr.write(JSON.stringify({ ok: false, error: `Skill not found: ${skillName}`, verb: "skill", hint: "Run `exceptd brief --all` or check skills/ for available skill IDs." }) + "\n");
     process.exit(1);
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.12.8",
+  "version": "0.12.9",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json

@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:2cda6fb1-3404-42b8-9567-cf563b1e2306",
+  "serialNumber": "urn:uuid:f5c39899-1746-48ea-92a0-6a78a4d1cae2",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-13T13:51:52.436Z",
+    "timestamp": "2026-05-13T15:30:27.459Z",
     "tools": [
       {
         "name": "hand-written",
@@ -13,10 +13,10 @@
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.8",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.12.9",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.12.8",
+      "version": "0.12.9",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 38 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,11 +25,11 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.8",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.12.9",
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.8"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.12.9"
         },
         {
           "type": "vcs",

package/scripts/check-test-coverage.js

@@ -212,7 +212,17 @@ function diffSets(before, after) {
 function extractLibExports(content) {
   if (!content) return new Set();
   const out = new Set();
-  const m = content.match(/module\.exports\s*=\s*\{([^}]+)\}/);
+  // v0.12.9: strip block + line comments before matching `module.exports`
+  // so a doc-comment example like `module.exports = {...}` inside a /** */
+  // block does not shadow the real exports lower in the file. Pre-fix, the
+  // analyzer's own file matched a 3-char doc-comment fragment first and
+  // returned an empty export set — any source that mentions `module.exports`
+  // in a JSDoc/banner block hit the same bug. After stripping comments,
+  // the `module.exports = {...}` match runs against real code only.
+  const stripped = content
+    .replace(/\/\*[\s\S]*?\*\//g, "")
+    .replace(/^\s*\/\/.*$/gm, "");
+  const m = stripped.match(/module\.exports\s*=\s*\{([^}]+)\}/);
   if (m) {
     for (const tok of m[1].split(",")) {
       const id = tok.split(":")[0].trim();
@@ -221,9 +231,9 @@ function extractLibExports(content) {
   }
   const re = /module\.exports\.([a-zA-Z_$][\w$]*)\s*=/g;
   let mm;
-  while ((mm = re.exec(content)) !== null) out.add(mm[1]);
+  while ((mm = re.exec(stripped)) !== null) out.add(mm[1]);
   const re2 = /^exports\.([a-zA-Z_$][\w$]*)\s*=/gm;
-  while ((mm = re2.exec(content)) !== null) out.add(mm[1]);
+  while ((mm = re2.exec(stripped)) !== null) out.add(mm[1]);
   return out;
 }
 
@@ -294,10 +304,21 @@ function coversCliFlag(corpus, flag) {
 
 function coversLibExport(corpus, libRel, ident) {
   const baseName = path.basename(libRel).replace(/\.js$/, "");
-  const requireRe = new RegExp("require\\([^)]*" + escapeRe(baseName) + "[^)]*\\)");
-  if (!requireRe.test(corpus)) return false;
+  const baseFile = path.basename(libRel); // e.g. "check-sbom-currency.js"
   const identRe = new RegExp("\\b" + escapeRe(ident) + "\\b");
-  return identRe.test(corpus);
+  // Primary: a `require()` that mentions the module name AND a reference
+  // to the identifier anywhere in the test corpus. Catches the canonical
+  // `const { foo } = require('../lib/x')` test shape.
+  const requireRe = new RegExp("require\\([^)]*" + escapeRe(baseName) + "[^)]*\\)");
+  if (requireRe.test(corpus) && identRe.test(corpus)) return true;
+  // v0.12.9: a test that spawns the script under test (e.g.
+  // `spawnSync(node, [".../scripts/check-sbom-currency.js", ...])`) is
+  // real coverage too. Accept that shape when the corpus references the
+  // full filename AND the identifier elsewhere. The `.js` suffix is what
+  // distinguishes a real spawn-path from an arbitrary mention of the
+  // module base name.
+  if (corpus.includes(baseFile) && identRe.test(corpus)) return true;
+  return false;
 }
 
 function coversPlaybookId(corpus, id) {

package/scripts/predeploy.js

@@ -152,18 +152,16 @@ const GATES = [
     requiresKeys: true,
   },
   {
-    // v0.12.8 — AGENTS.md hard rule #15 (e2e no-MVP). Every diff that
-    // touches a CLI verb, CLI flag, lib/orchestrator/scripts export,
-    // playbook indicator, or CVE iocs field must land with a covering
-    // test reference in the same PR. The analyzer parses git diff against
+    // AGENTS.md hard rule #15 (e2e no-MVP). Every diff that touches a
+    // CLI verb, CLI flag, lib/orchestrator/scripts export, playbook
+    // indicator, or CVE iocs field must land with a covering test
+    // reference in the same PR. The analyzer parses git diff against
     // origin/main, classifies each change shape, and fails if a covered
-    // surface lacks a test literal anywhere under tests/. Run with
-    // --warn-only during the v0.12.8 → v0.12.9 rollout window so the gate
-    // surfaces gaps without blocking; flip to blocking after one release
-    // cycle.
+    // surface lacks a test literal anywhere under tests/. Blocking — a
+    // covered surface change without a covering test fails the gate.
     name: "Diff coverage (feature changes require test coverage)",
     command: process.execPath,
-    args: [path.join(ROOT, "scripts", "check-test-coverage.js"), "--warn-only"],
+    args: [path.join(ROOT, "scripts", "check-test-coverage.js")],
     ciJobName: "Diff coverage",
   },
 ];

package/skills/ai-attack-surface/skill.md

@@ -49,6 +49,9 @@ cwe_refs:
 d3fend_refs:
   - D3-IOPR
   - D3-NTA
+  - D3-EAL
+  - D3-FAPA
+  - D3-CSPP
 last_threat_review: "2026-05-13"
 ---
 
@@ -278,6 +281,28 @@ For each identified risk, declare the framework gap:
 
 ---
 
+## Defensive Countermeasure Mapping
+
+D3FEND v1.0+ references from `data/d3fend-catalog.json`. The AI attack surface enumerated above lands on five primary defensive techniques. Each entry below identifies which ATLAS TTP class the countermeasure addresses and the defense-in-depth layer it occupies.
+
+| D3FEND ID | Name | Layer | Rationale (what it counters here) |
+|---|---|---|---|
+| `D3-IOPR` | Input/Output Profiling | SDK / application | SDK-level prompt and completion inspection — the foundational control for AML.T0051 (prompt injection), AML.T0096 (LLM C2), AML.T0054 (extraction). Without per-call I/O profiling, every detection step below is degraded. |
+| `D3-CSPP` | Client-server Payload Profiling | LLM / MCP gateway | Gateway-layer inspection of tool-call args and prompt/completion bodies. Necessary when the AI client (mobile app, browser extension, IDE) cannot host `D3-IOPR` instrumentation in-process — the gateway becomes the only content-aware control. |
+| `D3-EAL` | Executable Allowlisting | Endpoint / managed host | Restricts which AI-tool binaries (IDE assistants, browser extensions, MCP servers) can execute on managed endpoints. Direct counter to AML.T0010 (ML supply-chain compromise) for tooling shipped as native binaries; precondition for managed-endpoint clipboard- and code-completion controls. |
+| `D3-FAPA` | File Access Pattern Analysis | Endpoint / data tier | Detects RAG-corpus and training-data abuse by pattern-matching the file-access shape of AML.T0018 (model poisoning at training time) and AML.T0020 (RAG retrieval abuse). Anchors the data-tier defence against poisoning that prompt-layer controls cannot see. |
+| `D3-NTA` | Network Traffic Analysis | Network egress | Per-identity baseline of model-API and MCP-server egress. Catches the AML.T0017 capability-development pattern (PROMPTFLUX-style rapid querying) and the AML.T0096 covert-C2 destination shape when SDK instrumentation is partial or missing. |
+
+**Defense-in-depth posture:** `D3-EAL` is the prerequisite endpoint layer (only sanctioned AI clients run); `D3-FAPA` is the data-tier layer (RAG and training corpora); `D3-IOPR` and `D3-CSPP` are the content-aware application and gateway layers; `D3-NTA` is the network-observability backstop. Skills that recommend a single layer alone are flagged as incomplete during Analysis Procedure Step 7.
+
+**Least-privilege scope:** every AI principal (human developer, agent identity, MCP server) has the minimum set of model-API, MCP-tool, and RAG-corpus authorisations required for its sanctioned use case. `D3-EAL` allowlists are per-host-class (developer ≠ production ≠ CI); `D3-FAPA` access-pattern baselines are per-corpus-per-principal; `D3-IOPR` logs include the principal identity on every prompt/completion pair.
+
+**Zero-trust posture:** every prompt is verified content-shape and origin-identity before downstream tool invocation; every RAG retrieval is clearance-checked at retrieval time (not just at index time); every MCP tool call has its args inspected at the gateway before reaching the tool. No "trusted prompt" exemption — AML.T0051 indirect prompt injection enters via documents and tool outputs, not just user prompts.
+
+**AI-pipeline applicability (per AGENTS.md Hard Rule #9):** `D3-EAL` is not applicable to serverless inference endpoints (no executable to allowlist on the consumer side). The scoped alternative is `D3-CSPP` at the gateway plus signed-image attestation at the provider — the model-serving container is the executable surface, and its provenance is the prerequisite. `D3-FAPA` on ephemeral RAG indices degrades to per-query retrieval logging (`D3-IOPR`) plus index-build provenance signed at construction.
+
+---
+
 ## Compliance Theater Check
 
 > "Your security awareness training includes phishing detection. 82.6% of phishing emails now contain AI-generated content indistinguishable by grammar or style checks. Open your most recent phishing simulation report: what percentage of simulated phishes used AI-generated content? If zero, the simulation is testing resistance to 2021 phishing, not 2026 phishing. If your detection rule set has not been updated to reflect AI-generated content as the baseline, the control is theater for the threat it claims to address."

package/skills/ai-c2-detection/skill.md

@@ -395,6 +395,30 @@ For every identity flagged in Step 2, every prompt flagged in Step 3, every Sesa
 
 ---
 
+## Defensive Countermeasure Mapping
+
+D3FEND v1.0+ references from `data/d3fend-catalog.json`. Maps the SesameOp / PROMPTFLUX / PROMPTSTEAL detection surfaces to the defense-in-depth layer they actually live on.
+
+| D3FEND ID | Name | Layer | Rationale (what it counters here) |
+|---|---|---|---|
+| `D3-NTA` | Network Traffic Analysis | Network egress | Establishes the AI-provider-egress baseline (per-identity volume, cadence, time-of-day) that SesameOp's persistent bursty-but-aperiodic shape violates. Primary detection control when SDK-level prompt logging is absent. |
+| `D3-NTPM` | Network Traffic Policy Mapping | Network egress | Per-identity sanctioned-business-reason allowlist for AI provider domains. Implements the SC-7 real_requirement; without it, blanket domain allowlisting is theater. |
+| `D3-CSPP` | Client-server Payload Profiling | Gateway / TLS-inspected proxy | The only layer that can observe prompt/completion content shape (entropy, base64 ratio, recognisable IOC tokens) without per-SDK instrumentation. Covers the QUIC / HTTP/3 case where boundary inspection sees only ciphertext. |
+| `D3-IOPR` | Input/Output Profiling | SDK / application | SDK-level prompt and completion logging with identity binding. The single most-load-bearing control for AI C2 — every Step in the Analysis Procedure degrades to "structurally zero coverage" without it. |
+| `D3-CA` | Connection Attempt Analysis | Network egress | Detects the AI-API connection from processes that have no business reason on this host type (e.g. a system service contacting `api.openai.com`). Cheap; deployable without TLS interception. |
+| `D3-DA` | Domain Analysis | Network egress | Catches Oblivious HTTP (RFC 9458) relays and atypical AI-provider edge endpoints whose direct upstream is a sanctioned LLM provider — the SesameOp evasion shape when ECH is in play. |
+| `D3-NI` | Network Isolation | Network segmentation | For non-developer host classes (databases, network gear, OT) where no AI API egress is ever sanctioned, hard-blocking the provider AS-paths removes the C2 channel entirely. |
+
+**Defense-in-depth posture:** `D3-NTA` + `D3-CA` + `D3-NI` are the network layer; `D3-CSPP` is the gateway layer; `D3-IOPR` is the SDK layer; `D3-NTPM` is the policy layer that binds the other four to identity. No single layer is sufficient — SesameOp is invisible to network-only deployments without `D3-CSPP` or `D3-IOPR`, and `D3-IOPR` is invisible without `D3-NTPM` to give it the per-identity baseline against which Step 3 anomaly detection fires.
+
+**Least-privilege scope:** `D3-NTPM` is implemented per-identity-per-business-reason — the developer using Cursor on a workstation is allowlisted for `api.anthropic.com`; the same developer's service account is not. `D3-IOPR` retention is scoped to the identities authorised to call AI APIs; prompts from unauthorised identities trigger Step 2 the moment they appear in the log, not after retention review.
+
+**Zero-trust posture:** every prompt is logged and identity-bound regardless of source host trust level; `D3-CSPP` and `D3-IOPR` verify content shape on every call rather than sampling. The verification primitive at the gateway is entropy + identity + business-reason; at the SDK layer it is full prompt + identity + retention. No "trusted developer" exemption — PROMPTFLUX is delivered to developer workstations as readily as to production hosts.
+
+**AI-pipeline applicability (per AGENTS.md Hard Rule #9):** `D3-IOPR` is the only control that survives serverless / ephemeral runtimes; per-host `D3-NTA` and `D3-CA` cannot baseline a host whose lifetime is shorter than the correlation window. The scoped alternative for ephemeral workloads is workload-identity-bound `D3-IOPR` correlated by IAM role / service-account identity rather than by host — preserving the PROMPTFLUX cadence shape and PROMPTSTEAL credential-access correlation across short-lived function invocations.
+
+---
+
 ## Compliance Theater Check
 
 > "Your SC-7 boundary-protection evidence shows AI provider domains — `api.openai.com`, `api.anthropic.com`, `generativelanguage.googleapis.com`, Azure OpenAI endpoints, Bedrock endpoints — on the egress allowlist, with NetFlow or Zeek records demonstrating that egress is monitored. Now answer two questions. First: for each AI provider domain on the allowlist, does the allowlist entry enumerate the specific sanctioned business reason and the identities or services entitled to use it, or is the entry a blanket allow for the domain? Second: do you have SDK-level prompt and completion logging, bound to identity, retained for at least 90 days, and forwarded to the SIEM, for every place AI APIs are called in production? If the allowlist is a blanket domain allow and SDK-level prompt logging is absent, the SC-7 control is theater for AI C2 — boundary inspection of an allowlisted domain cannot distinguish a developer prompt from a SesameOp-encoded C2 prompt, and you have no content-layer evidence to fall back on. SC-7 evidence is structurally incomplete for any org using AI APIs in production unless both an identity-bound business-reason allowlist and SDK-level prompt logging are in place. The control gap is recorded in `data/framework-control-gaps.json` under NIST-800-53-SC-7 — the real requirement names exactly these components."

package/skills/compliance-theater/skill.md

@@ -32,6 +32,12 @@ This skill identifies the specific, testable conditions where audit-passing cont
 
 ---
 
+## Frontmatter Scope
+
+The `atlas_refs` and `attack_refs` arrays are intentionally empty. This skill is a meta-analysis that correlates findings *across* every other playbook and skill in the project — it has no native TTP attachment because its input is the existing TTP-to-control evidence base produced elsewhere. The `framework_gaps` array is populated because each theater pattern below points at specific named controls (FedRAMP-Rev5-Moderate, CMMC-2.0-Level-2, and the two ALL- gaps) whose mid-2026 inadequacy is the skill's primary subject. Defensive Countermeasure Mapping is not present as a body section because this skill produces a *coverage-gap* output, not a defensive-control prescription — the D3FEND mapping is the responsibility of the downstream skills the gap-findings route into.
+
+---
+
 ## Threat Context (mid-2026)
 
 The defining mid-2026 reality is that an organization can pass a clean ISO 27001:2022, SOC 2 Type II, or PCI DSS 4.0 audit while remaining exposed to KEV-listed deterministic LPEs and zero-interaction RCEs. The contrast cases drive every theater pattern below: