@blamejs/exceptd-skills 0.13.1 → 0.13.3

package/CHANGELOG.md

@@ -1,5 +1,78 @@
 # Changelog
 
+## 0.13.3 — 2026-05-18
+
+Audit close-out continuation: the items the prior pass marked for follow-up. Workflow hardening, lint enforcement promoted from warning to hard error, two new operator-facing health checks for the Shai-Hulud lesson controls, and 4 more primary-source pollers covering kernel.org / oss-security / JFrog / CISA.
+
+### Security
+
+**`refresh.yml` split into two jobs — `refresh-data` (no write credentials) + `open-pr` (contents:write + pull-requests:write + issues:write scoped to PR creation only).** Pre-split a single `refresh` job carried write capability against the repo throughout the long-running data-parse + prefetch + apply + predeploy sequence; a compromise of any of those steps had repo-write access during the whole run. The new shape scopes write capability to the few-second PR-creation window. Data mutations flow between jobs via an upload-artifact / download-artifact bundle. The `refresh-data` checkout now uses `persist-credentials: false`.
+
+**`lib/lint-skills.js` Hard Rule #1 body-scan flipped from warning to hard error.** v0.13.2 introduced the body-scan as a warning while the 2 pre-existing violations were triaged. Both are now resolved (`CVE-2024-21762` landed in the catalog with full Hard Rule #1 fields; the placeholder `CVE-2026-21370` reference was removed from `cloud-iam-incident`). The body-scan now errors when a skill cites a CVE not in the catalog. Draft references continue to surface as warnings.
+
+### Features
+
+**`exceptd doctor --ai-config` audits AI-assistant config-file permissions.** Implements NEW-CTRL-050 from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry. Walks `~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, `~/.continue` for sensitive files (`settings.json`, `mcp.json`, `*.mcp_config.json`, `api_key*`, `*.token`, `*.credentials`) and reports any not at mode 0600 on POSIX. On Windows the mode bits aren't load-bearing; each sensitive file is flagged with an info-level "manual ACL review" note. Opt-in via `--ai-config`; doesn't run as part of the default no-flag doctor pass.
+
+**`exceptd watchlist --org-scan` probes GitHub for threat-actor repo naming patterns.** Implements NEW-CTRL-052 from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry. Queries the GitHub Search API for repos matching the canonical Shai-Hulud / TeamPCP patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP") scoped to `--org <login>`. Custom patterns via repeatable `--pattern <s>`. Set `GITHUB_TOKEN` env var for private-repo coverage and higher rate limit; without it, public-repo search only.
+
+**4 more primary-source advisory pollers.** `lib/source-advisories.js` `FEEDS` grew 4 → 8:
+- `kernel-org` — torvalds/linux master commits atom feed. Catches the CVE-2026-46333 / ssh-keysign-pwn class at T+0, the moment the upstream fix lands. The v0.13.1 post-mortem identified this as the exact venue we missed.
+- `oss-security` — openwall.com `oss-security` mailing list atom feed. Coordinated-disclosure venue; many distro advisories announce CVEs here days before NVD enrichment.
+- `jfrog` — JFrog SecOps research blog feed. npm / PyPI / Maven supply-chain disclosures with CVE assignments (TanStack / Mini Shai-Hulud class).
+- `cisa-current` — CISA cybersecurity advisories feed (federal-vendor coordinated disclosures, separate from KEV which captures only exploited-in-the-wild items).
+
+### Bugs
+
+**`CVE-2024-21762` (Fortinet FortiOS SSL-VPN preauth RCE) added to catalog.** Was cited in skill prose without a backing catalog entry — surfaced by the v0.13.2 Hard Rule #1 body-scan. Full Hard Rule #1 fields (CVSS 9.8, CISA KEV 2024-02-09, public PoC, confirmed mass exploitation across multiple APT clusters, FortiOS patch versions 7.6.2 / 7.4.7 / 7.2.11 / 7.0.17 / 6.4.16). RWEP 85. Includes the 2025-04 follow-up advisory documenting symlink persistence that survives firmware patching.
+
+**`CVE-2026-21370` placeholder reference removed from `skills/cloud-iam-incident/skill.md`.** No record of CVE-2026-21370 in any source; was a class-marker parenthetical for the Azure managed-identity token-replay attack class. Rewritten as "design-class issue, not a single CVE" so the prose still accurately describes the IMDS-token-theft pattern without inventing threat intel.
+
+**12 framework-gap forward-orphan references closed.** Each pre-existing orphan got a real gap entry with theater_test per Hard Rule #6: `CIS-Kubernetes-Benchmark-4.2.13`, `CIS-Kubernetes-Benchmark-5.3`, `CIS-Controls-v8-Control6`, `ISO-27001-2022-A.5.15`, `ISO-27001-2022-A.8.13`, `NIST-800-53-IA-2`, `NIST-AI-RMF-MEASURE-2.7`, `OWASP-ML-Top-10-2023-ML06`, `NIS2-Art21-network-security`, `NIS2-Art21-business-continuity`, `PCI-DSS-4.0-5.1`, `AU-ISM-1808`. Gap catalog 130 → 142 entries; orphan count for `framework-control-gaps.json` is now 0.
+
+**2 empty-`data_deps` skills fixed.** `api-security` and `email-security-anti-phishing` previously had empty `data_deps` because the bodies referenced no catalog file by name. Each now carries 6 catalog references (atlas-ttps, attack-techniques, cwe-catalog / dlp-controls, d3fend-catalog, framework-control-gaps, rfc-references) threaded through the body in 4 new prose passages each. Every cited ID resolves to a real entry in its respective catalog. `last_threat_review` bumped to 2026-05-18.
+
+### Internal
+
+- 8 new tests in `tests/v0_13_3-fixes.test.js` covering all 5 phases.
+- Test-count baseline refreshed to match the new test surface.
+- ADVISORIES_SOURCE test-fixture extended to include the 4 new feeds.
+- `tests/source-advisories.test.js` `FEEDS: exactly N feeds` pin updated 4 → 8.
+
+## 0.13.2 — 2026-05-18
+
+Audit close-out: the remaining v0.13 deferrals from the original 6-domain audit + the v0.13.1 post-mortem follow-ups. Patch-class — additive across CI hardening, lint enforcement, CLI UX, predeploy gates, catalog data cleanup, and skill metadata.
+
+### Security
+
+**`release.yml` publish job split: `publish-npm` (id-token:write only) + `publish-github-release` (contents:write only).** Pre-v0.13.2 a single `publish` job carried BOTH permissions at once — a compromise of any step in that job (leaked NODE_AUTH_TOKEN, malicious dependency in the runner image, third-party action with elevated trust) had access to the npm provenance signing identity AND repo-write simultaneously. The new shape isolates each permission to the minimum surface that needs it. `publish-github-release` depends on `publish-npm` so the GitHub Release only fires when npm publish succeeded — releases pointing at a tag whose npm publish failed are operator-confusing.
+
+### Features
+
+**`exceptd watchlist --alerts` 5 patterns now stable.** No change in v0.13.2; documenting that the v0.13.1 patterns are now operationally proven against the post-mortem seeds (`CVE-2026-46333` ssh-keysign-pwn surfacing under `kernel_lpe_with_poc`; `MAL-2026-SHAI-HULUD-OSS` under `supply_chain_family`).
+
+**Flag-value did-you-mean across 6 sites.** `run --mode`, `brief --phase`, `run --format`, `attest export --format`, `ci --format`, and orchestrator `report <format>` now surface a Levenshtein-≤2 typo suggestion in the structured error body alongside the accepted-set list. JSON shape: `{ok:false, error, provided, accepted, did_you_mean:["..."]}`. Example: `brief library-author --phase goven` → `did_you_mean: ["govern"]`.
+
+**`lib/lint-skills.js` Hard Rule #1 body-scan.** Every `CVE-* / MAL-*` reference in skill prose is now resolved against the canonical catalog. Missing-from-catalog surfaces as a WARNING in v0.13.2 (will hard-fail in v0.14.0); `_draft:true` references surface as WARNING. The forcing function lands; pre-existing violations on `ransomware-response` (CVE-2024-21762) and `cloud-iam-incident` (CVE-2026-21370) don't block the release but are now visible in every lint run.
+
+**`scripts/check-test-count.js` — new 15th predeploy gate.** Static-counts `test(` declarations across `tests/*.test.js` and refuses shrinkage beyond the configured tolerance (default 1). Baseline pinned in `tests/.test-count-baseline.json`. Catches accidentally-deleted test files / mass-skip mistakes that the lint + diff-coverage gates wouldn't surface. Initial baseline 924 declarations across 94 files; bump with `--update-baseline` on releases that legitimately add many tests.
+
+**Skill `discovery_mode: standalone` frontmatter field.** 16 skills that are intentionally reached via `exceptd brief <name>` or `exceptd ask` rather than playbook `skill_chain` now carry the explicit marker. Closes the v0.12 audit gap that flagged these as "unreferenced" — operator intent now explicit. Affected: `age-gates-child-safety`, `ai-risk-management`, `defensive-countermeasure-mapping`, `email-security-anti-phishing`, `fuzz-testing-strategy`, `mlops-security`, `ot-ics-security`, `researcher`, `sector-energy`, `sector-federal-government`, `sector-telecom`, `skill-update-loop`, `threat-model-currency`, `threat-modeling-methodology`, `webapp-security`, `zeroday-gap-learn`.
+
+### Bugs
+
+**14 still-draft CVEs flipped to verified.** Each got a matching `zeroday-lessons.json` entry (the AGENTS.md rule #6 requirement) and had `_draft` removed: `CVE-2024-3154` (CRI-O kernel-module load), `CVE-2023-43472` (MLflow path-traversal), `CVE-2020-10148` (SUNBURST), `CVE-2023-3519` (Citrix NetScaler unauth RCE), `CVE-2024-1709` (ConnectWise ScreenConnect), `CVE-2026-20182` (Cisco SD-WAN), `CVE-2024-40635` (containerd integer overflow), `CVE-2026-30623` (Anthropic MCP SDK stdio injection), `CVE-2025-12686` (Synology BeeStation Pwn2Own), `CVE-2025-62847` / `CVE-2025-62848` / `CVE-2025-62849` (QNAP QTS DEVCORE chain), `CVE-2025-59389` (QNAP Hyper Data Protector), `CVE-2025-11837` (QNAP Malware Remover). Three new control requirements introduced where the CVE surfaced a novel class: `NEW-CTRL-053` MCP-SERVER-CONFIG-ALLOWLIST, `NEW-CTRL-054` BACKUP-TIER-NETWORK-ISOLATION, `NEW-CTRL-055` SECURITY-TOOL-INTEGRITY-VERIFICATION. Catalog now 37/39 entries verified; 2 remaining drafts are quarantined / embargoed placeholders.
+
+**8 framework-gap forward-orphan refs cleaned up.** The v0.13.0 Hard Rule #5 backfill surfaced 8 framework-control gap IDs cited by CVE entries' `framework_control_gaps` field but missing from `framework-control-gaps.json`. All 8 added with theater_test blocks per Hard Rule #6: `NIST-800-53-SC-39` (Process Isolation), `ISO-27001-2022-A.8.22` (Segregation of networks), `CIS-Kubernetes-Benchmark-5.7` (Network Policies), `NIST-800-218-SSDF-PW.4` (Reuse Existing, Well-Secured Software), `NIST-800-53-SR-3` (Supply Chain Controls), `SLSA-v1.0-Source-L3`, `NIST-AI-RMF-MAP-3.4`, `OWASP-Top-10-2021-A06`. Gap catalog 122 → 130 entries.
+
+**`release.yml` CHANGELOG-extraction fallback now emits `::warning::`.** Surfaces the parse failure on the run page rather than silently shipping a generic body.
+
+### Internal
+
+- 11 new tests in `tests/v0_13_2-fixes.test.js`. Test count baseline 924 (initial pin).
+- Predeploy gate count 14 → 15.
+- `refresh.yml` split-checkout pattern (persist-credentials hardening) deferred to v0.14 — needs peter-evans/create-pull-request auth-mode research first.
+
 ## 0.13.1 — 2026-05-17
 
 Threat-intake gap closure. Driven by the post-mortem on CVE-2026-46333 (ssh-keysign-pwn) — disclosed 2026-05-14 by Qualys, missed by the toolkit at T+0 through T+3 because the existing source set (KEV, EPSS, NVD, RFC, PINS, GHSA, OSV) sits at the END of the disclosure pipeline. Adds primary-source polling, CVE-class alert surfacing, and seeds two retroactive catalog entries for the disclosures the toolkit should have caught.

package/bin/exceptd.js

@@ -1236,7 +1236,14 @@ function dispatchPlaybook(cmd, argv) {
     // `--mode garbage` was silently accepted.
     const VALID_MODES = ["self_service", "authorized_pentest", "ir_response", "ctf", "research", "compliance_audit"];
     if (!VALID_MODES.includes(args.mode)) {
-      return emitError(`run: --mode "${args.mode}" not in accepted set ${JSON.stringify(VALID_MODES)}.`, { provided: args.mode }, pretty);
+      // v0.13.2: did-you-mean on flag-value typos (Levenshtein ≤ 2).
+      const dym = suggestFlag(String(args.mode), VALID_MODES);
+      const hint = dym ? ` Did you mean "${dym}"?` : '';
+      return emitError(
+        `run: --mode "${args.mode}" not in accepted set ${JSON.stringify(VALID_MODES)}.${hint}`,
+        { provided: args.mode, accepted: VALID_MODES, did_you_mean: dym ? [dym] : [] },
+        pretty,
+      );
     }
     runOpts.mode = args.mode;
   }
@@ -2268,7 +2275,13 @@ function cmdBrief(runner, args, runOpts, pretty) {
   if (onlyPhase != null) {
     const ACCEPTED_PHASES = ["govern", "direct", "look"];
     if (!ACCEPTED_PHASES.includes(onlyPhase)) {
-      return emitError(`brief: --phase "${onlyPhase}" not in accepted set ${JSON.stringify(ACCEPTED_PHASES)}.`, { verb: "brief", provided: onlyPhase }, pretty);
+      const dym = suggestFlag(String(onlyPhase), ACCEPTED_PHASES);
+      const hint = dym ? ` Did you mean "${dym}"?` : '';
+      return emitError(
+        `brief: --phase "${onlyPhase}" not in accepted set ${JSON.stringify(ACCEPTED_PHASES)}.${hint}`,
+        { verb: "brief", provided: onlyPhase, accepted: ACCEPTED_PHASES, did_you_mean: dym ? [dym] : [] },
+        pretty,
+      );
     }
   }
 
@@ -2998,7 +3011,13 @@ function cmdRun(runner, args, runOpts, pretty) {
     const requested = Array.isArray(args.format) ? args.format[0] : args.format;
     const VALID = ["summary", "markdown", "csaf-2.0", "csaf", "sarif", "openvex", "json"];
     if (!VALID.includes(requested)) {
-      return emitError(`run: --format "${requested}" not in accepted set ${JSON.stringify(VALID)}.`, null, pretty);
+      const dym = suggestFlag(String(requested), VALID);
+      const hint = dym ? ` Did you mean "${dym}"?` : '';
+      return emitError(
+        `run: --format "${requested}" not in accepted set ${JSON.stringify(VALID)}.${hint}`,
+        { verb: "run", provided: requested, accepted: VALID, did_you_mean: dym ? [dym] : [] },
+        pretty,
+      );
     }
     if (requested === "summary") {
       const cls = result.phases?.detect?.classification;
@@ -4788,7 +4807,13 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // accepting any value the operator passed.
     const VALID_EXPORT_FORMATS = ["json", "csaf", "csaf-2.0"];
     if (!VALID_EXPORT_FORMATS.includes(formatRaw)) {
-      return emitError(`attest export: --format "${formatRaw}" not in accepted set ${JSON.stringify(VALID_EXPORT_FORMATS)}.`, null, pretty);
+      const dym = suggestFlag(String(formatRaw), VALID_EXPORT_FORMATS);
+      const hint = dym ? ` Did you mean "${dym}"?` : '';
+      return emitError(
+        `attest export: --format "${formatRaw}" not in accepted set ${JSON.stringify(VALID_EXPORT_FORMATS)}.${hint}`,
+        { verb: "attest export", provided: formatRaw, accepted: VALID_EXPORT_FORMATS, did_you_mean: dym ? [dym] : [] },
+        pretty,
+      );
     }
     const redacted = attestations.map(a => ({
       session_id: a.session_id,
@@ -5180,16 +5205,24 @@ function cmdDoctor(runner, args, runOpts, pretty) {
 
   // Selective subchecks. If any of the four flags is passed, run only those.
   // If none are passed, run all four plus signing-status.
+  // v0.13.3: --ai-config audits AI-assistant config-file permissions per
+  // NEW-CTRL-050 (from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry).
+  // It's a separate flag because the check is opt-in — most operators
+  // don't want their AI-config state probed by default.
   const onlySigs = !!args.signatures;
   const onlyCurrency = !!args.currency;
   const onlyCves = !!args.cves;
   const onlyRfcs = !!args.rfcs;
-  const anySelected = onlySigs || onlyCurrency || onlyCves || onlyRfcs;
+  const onlyAiConfig = !!args["ai-config"];
+  const anySelected = onlySigs || onlyCurrency || onlyCves || onlyRfcs || onlyAiConfig;
   const runSigs = !anySelected || onlySigs;
   const runCurrency = !anySelected || onlyCurrency;
   const runCves = !anySelected || onlyCves;
   const runRfcs = !anySelected || onlyRfcs;
   const runSigning = !anySelected;
+  // --ai-config is opt-in — never runs as part of the default no-flag
+  // doctor pass. Operators ask for it explicitly.
+  const runAiConfig = onlyAiConfig;
 
   const checks = {};
   const issues = [];
@@ -5428,6 +5461,102 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     }
   }
 
+  // v0.13.3 — AI-assistant config-file permission audit per NEW-CTRL-050
+  // (from the MAL-2026-SHAI-HULUD-OSS zeroday-lessons entry). Walks
+  // ~/.claude/, ~/.cursor/, ~/.codeium/, ~/.aider/, ~/.continue/ for
+  // sensitive config files (settings.json, mcp.json, *.mcp_config.json,
+  // api_key*, *.token, *.credentials) and reports any not at mode 0600.
+  // The MAL-2026-SHAI-HULUD-OSS framework reads these files at
+  // unprivileged-process scope; tightening to 0600 forces npm/node-spawned
+  // processes that don't share UID to fail the read.
+  //
+  // Opt-in only — never runs as part of the default no-flag doctor pass.
+  // Operators request it via `exceptd doctor --ai-config`.
+  if (runAiConfig) {
+    const os = require('os');
+    const HOME = os.homedir();
+    const AI_CONFIG_DIRS = [
+      { dir: '.claude', display: '~/.claude' },
+      { dir: '.cursor', display: '~/.cursor' },
+      { dir: '.codeium', display: '~/.codeium' },
+      { dir: '.aider', display: '~/.aider' },
+      { dir: '.continue', display: '~/.continue' },
+    ];
+    // Files within those dirs that warrant the strict-mode check.
+    const SENSITIVE_PATTERNS = [
+      /^settings\.json$/,
+      /^mcp\.json$/,
+      /\.mcp_config\.json$/,
+      /^api_key/,
+      /\.token$/,
+      /\.credentials$/,
+    ];
+    const findings = [];
+    let scannedDirs = 0;
+    let scannedFiles = 0;
+    function walk(absDir, displayRoot, rel) {
+      if (!fs.existsSync(absDir)) return;
+      let entries;
+      try { entries = fs.readdirSync(absDir, { withFileTypes: true }); }
+      catch { return; }
+      for (const e of entries) {
+        const childAbs = path.join(absDir, e.name);
+        const childRel = rel ? rel + '/' + e.name : e.name;
+        if (e.isDirectory()) {
+          walk(childAbs, displayRoot, childRel);
+        } else if (e.isFile()) {
+          scannedFiles++;
+          if (!SENSITIVE_PATTERNS.some((re) => re.test(e.name))) continue;
+          let st;
+          try { st = fs.statSync(childAbs); } catch { continue; }
+          if (process.platform === 'win32') {
+            // Windows POSIX mode bits don't carry meaningful ACL info.
+            // Flag every sensitive file with a manual-review note rather
+            // than emit a noisy permission claim that's likely wrong.
+            findings.push({
+              path: `${displayRoot}/${childRel}`,
+              mode: null,
+              severity: 'info',
+              issue: 'win32_acl_check_not_implemented',
+              hint: 'On Windows the POSIX mode bits are not load-bearing. Use icacls to confirm only the current user has read access. Tracked for v0.14+.',
+            });
+            continue;
+          }
+          const mode = st.mode & 0o777;
+          if ((mode & 0o077) !== 0) {
+            findings.push({
+              path: `${displayRoot}/${childRel}`,
+              mode: '0' + mode.toString(8),
+              severity: 'warn',
+              issue: 'group_or_other_readable',
+              hint: `chmod 600 '${childAbs}'  # NEW-CTRL-050: AI-assistant configs holding MCP tokens / API keys must be 0600 to defeat unprivileged exfil`,
+            });
+          }
+        }
+      }
+    }
+    for (const d of AI_CONFIG_DIRS) {
+      const abs = path.join(HOME, d.dir);
+      if (fs.existsSync(abs)) {
+        scannedDirs++;
+        walk(abs, d.display, '');
+      }
+    }
+    const errorFindings = findings.filter((f) => f.severity === 'warn');
+    checks.ai_config = {
+      ok: errorFindings.length === 0,
+      severity: errorFindings.length > 0 ? 'warn' : 'info',
+      scanned_dirs: scannedDirs,
+      scanned_files: scannedFiles,
+      directories_inspected: AI_CONFIG_DIRS.map((d) => d.display),
+      sensitive_patterns: ['settings.json', 'mcp.json', '*.mcp_config.json', 'api_key*', '*.token', '*.credentials'],
+      findings,
+      platform: process.platform,
+      control_reference: 'NEW-CTRL-050 (MAL-2026-SHAI-HULUD-OSS lesson)',
+    };
+    if (errorFindings.length > 0) issues.push('ai_config');
+  }
+
   // Walk every check and split: errors (severity error/missing/fail) vs warnings
   // (severity warn). all_green is true ONLY when zero errors AND zero warnings.
   const warnList = [];
@@ -6551,9 +6680,13 @@ function cmdCi(runner, args, runOpts, pretty) {
     // Route through emitError so the body propagates exit codes via the
     // emit() ok:false contract. ci-format-typo is operator-decision class
     // (GENERIC_FAILURE), not DETECTED_ESCALATE.
+    // v0.13.2: did-you-mean on the unknown format value (Levenshtein ≤ 2).
+    const CI_FORMATS = ["summary", "markdown", "csaf-2.0", "sarif", "openvex", "json"];
+    const dym = suggestFlag(String(fmt), CI_FORMATS);
+    const hint = dym ? ` Did you mean "${dym}"?` : '';
     emitError(
-      `ci: --format "${fmt}" not in accepted set ["summary","markdown","csaf-2.0","sarif","openvex","json"].`,
-      { verb: "ci" },
+      `ci: --format "${fmt}" not in accepted set ${JSON.stringify(CI_FORMATS)}.${hint}`,
+      { verb: "ci", provided: fmt, accepted: CI_FORMATS, did_you_mean: dym ? [dym] : [] },
       pretty
     );
     return;

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-18T01:04:18.854Z",
+  "generated_at": "2026-05-18T03:04:24.499Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "500446c009c4da12a8e33794fefaffea287d10ee6f3b4d1e5298fb87447ed09e",
-    "data/atlas-ttps.json": "0ec427652a9e613f04675beb26dc4c08934ba291e47427972b2a008c151cca78",
-    "data/attack-techniques.json": "0ca33f8b0cf55a43de1290e310096020c4e0d16305bd01bcbe6cb46e0278caa8",
-    "data/cve-catalog.json": "7fae34cf0abbd09abbbbd6a61ea06e487ddbd57060d3af6a58528c684156cf60",
-    "data/cwe-catalog.json": "832d096bd52081fe43c082fd6958f9054d6b6e136df5b3d4cef7efd0ea49a843",
+    "manifest.json": "b1b4b86879805e28975155d7aa29c1d1463ec266f2c98a1045d543ecf5acaa6c",
+    "data/atlas-ttps.json": "2b021f47355365d1ba59078dfa582397c7a64c2b4ebea4657ea260a66b76daf6",
+    "data/attack-techniques.json": "76461dbec048c5e072435d57e3a04b780e3992dab9f316b1b52608e0a997e355",
+    "data/cve-catalog.json": "1d34601fbc4ff925ac38b8eb325375a32dc60ffaff31a23a5ca5f3e1524e88f8",
+    "data/cwe-catalog.json": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35",
     "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "003a400f5ae5b15527589571679ccdb9b3a62e60073627b5fbdeb2a9fe330a7a",
-    "data/framework-control-gaps.json": "5e2baf1e435c5b61b183e3f603636eae4fab34ee800488919c679665882c4f62",
+    "data/framework-control-gaps.json": "ce1535f13d29ab90fac99b983f38a23dd685702b3f12ac9f2371294cb9859ecf",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "40d666d0932da24b425b01ced0f9c9e5f2e6cfd2082f53861d982919dde56a4a",
+    "data/zeroday-lessons.json": "1438620d2c8b0606eac4f63e620906b9ba079c57bfa7f737ceb6a50370cdc9a5",
     "skills/kernel-lpe-triage/skill.md": "ae4a0af924d0078ffc6cd051a3ef9fce75a6a3f9c0c15d1c07900ae5faf80502",
     "skills/ai-attack-surface/skill.md": "dcca7d92a1ab4d1e4c46356b614a138b1c1f79b65a6a290eccf2095d8d443993",
     "skills/mcp-agent-trust/skill.md": "6821f6d38f6e23bbed953f8f86a279597b0b95a2d0548b5383e851bca7442531",
@@ -25,38 +25,38 @@
     "skills/rag-pipeline-security/skill.md": "ff07e48918090247aef71def4150b0df372a24bcdaa34eb6e11d246b9e71e1ee",
     "skills/ai-c2-detection/skill.md": "3da9f549f5c62e6163cddd70c8edccbef7be622d5a45fa89c90c6550e68c6b2e",
     "skills/policy-exception-gen/skill.md": "a7d886f7fa99a150b040f158b09045ba45e107439315389aea785311b0013395",
-    "skills/threat-model-currency/skill.md": "ecc6441cb47ef2bc24547e47be018098228c956a41d61ddb50de7e7b37114a37",
+    "skills/threat-model-currency/skill.md": "cf1cc27ae5ae68d336c56d9f3afd950641e1d8d5b9f90b64c2daf00abe92bab0",
     "skills/global-grc/skill.md": "1dca534cce7612c1d26a7b1bfd088a811081555ecfa25b1f68cff2ca2ba28c98",
-    "skills/zeroday-gap-learn/skill.md": "59a0d7cd85b923b3f5633bdc15c1a88eef7dea6332480d93b0bb0ae93a4cd0fe",
+    "skills/zeroday-gap-learn/skill.md": "e26f194880cd6acf46abe31e9348d445e9222c7691e9b9b953662c4a472462f5",
     "skills/pqc-first/skill.md": "a7131b65d0ceee47887b16679ee4e4b065d32d8751fe59921762388703662913",
-    "skills/skill-update-loop/skill.md": "cf2b996cb18a5146614c06e3a50f4734a07d02b5be36bbdf492583f9cdcfed4d",
+    "skills/skill-update-loop/skill.md": "b6f3bee321833dc18f5624a9be4d28673d22e22018254b0bd1f3690b945073af",
     "skills/security-maturity-tiers/skill.md": "ed962937c45f3d95f325f231b787d272fe45c4cb91d4c5a2d982493d722c2acf",
-    "skills/researcher/skill.md": "b47daaa26fdac07aa23e7becaa18487c5302e65c654f99fecab3689f23ec1bd2",
+    "skills/researcher/skill.md": "fd441131484dc5af4cd785ded0bac039123e6205483543752cb16fa508460c00",
     "skills/attack-surface-pentest/skill.md": "0d301beb9fb8e247ec80256a7e647804b5f9a41c7156e5724555ca9f93ccb986",
-    "skills/fuzz-testing-strategy/skill.md": "51acb746cd63366ca62567588c700a9eb3f37c43250bd9ae4e1477ccb71c5b6d",
+    "skills/fuzz-testing-strategy/skill.md": "fb8c261def9e3344b44fd219c209027029e1eddf0e6bee1ecffb2d2176e1585e",
     "skills/dlp-gap-analysis/skill.md": "1c4e1d7da2421b82f202eaf2c9e21876af34ab5c76ce1359166842ee473f02dd",
     "skills/supply-chain-integrity/skill.md": "ad69b72f5c5df095f8618b977fbc8f0fbff396eebd4a8448b44c3f93309f63f9",
-    "skills/defensive-countermeasure-mapping/skill.md": "e62c71ba3be2b4d0f7dfa529fec007cba6bee3013f76b93756e3e6310f2d22ab",
+    "skills/defensive-countermeasure-mapping/skill.md": "3d0c7ca85f32ee1fe74598889361ef2be16d099fe6e9e8d8c8184b7004306b30",
     "skills/identity-assurance/skill.md": "4ee7096fd82997c66b0f9e825ea3c04c3aa84768b74e6f668c1a9104104138cf",
-    "skills/ot-ics-security/skill.md": "9ece7b1fb7f24e37dbdd8618b94b2a4434e182e3426e15f17e26464c0a1fdfd1",
+    "skills/ot-ics-security/skill.md": "7423cca19aab1026c07de63279137441018345731d3ee895c474316d432adaa2",
     "skills/coordinated-vuln-disclosure/skill.md": "0e875953bb8a38a89c8ec5d2a9ef967b12e9a9f166dc9356723f10304fd0535e",
-    "skills/threat-modeling-methodology/skill.md": "ac623f61585de66c9ef5ed63e9c6059faef77e525abc672ac6d435c616a7268f",
-    "skills/webapp-security/skill.md": "fdb07324b69a3a724e3eaba17bf687d72d4bd9d5c4f440be816bc9b08b8aef04",
-    "skills/ai-risk-management/skill.md": "67e62791f60231f2ff53408922fa7137a9060de72097769c630f838a1c227c45",
+    "skills/threat-modeling-methodology/skill.md": "cebeba3940320ebc5b44ad2bb7b4cdcda412257c1a6319a1b7379c875ebe8d6a",
+    "skills/webapp-security/skill.md": "f2063eaea3f5ddf0f3d37b41985bf522b682a41f104796b3f0dff611cefd043c",
+    "skills/ai-risk-management/skill.md": "2b611eb8fa4841fdfc3f1dd1ffd504a46c6ecdc654213a955efbabefb6b1db87",
     "skills/sector-healthcare/skill.md": "a18e11d25524cdbf40df3798f4c2aa3cb51a4db1b088242ea53fa2885e86b64c",
     "skills/sector-financial/skill.md": "023b5440d614e6b83ba7294219bcac3cdbffd28fdfdd5f0ec23abbeea71b8230",
-    "skills/sector-federal-government/skill.md": "c63cf1c7c98e920f968cfe60f14e718ea71b120c1b01616af22f64a796963bbe",
-    "skills/sector-energy/skill.md": "643fd951359c2602d9b029a244fe66c1e23f726e711141a06c09cc760a479534",
-    "skills/sector-telecom/skill.md": "862f9482af88e5409e011a6981a5d719863deeb646e41cd4df63e5d6597c50b1",
-    "skills/api-security/skill.md": "2bdfa3dbe534efa3df245e0da37998ad7ab2da4a3171d5000d3346513c10bceb",
+    "skills/sector-federal-government/skill.md": "a73c3f36f23c12750d369931b7e3f884edae4a8aef35fc8690d15ef4500c4dd0",
+    "skills/sector-energy/skill.md": "91f00e7a9be2608393ec8cb6d5f0c9828f81b954a12a7c9fd04bd642b9091e09",
+    "skills/sector-telecom/skill.md": "59193e39c2fd73fdd7fede38a956bc730bbe4b712d7d6020788bb4d85f001ad8",
+    "skills/api-security/skill.md": "9fc2252cbcf6162591e70d0bf5499a430b0584495ad584ce49fb7daf070d335f",
     "skills/cloud-security/skill.md": "c9fad9ed3663cf2faec74ad8f06d62eb86e6636f79933560d8c8d50e0e82d1da",
     "skills/container-runtime-security/skill.md": "605a8e8eb1af09835b967ec7179456015ec116c6b9051af3a8d225866cc2f7af",
-    "skills/mlops-security/skill.md": "ca3fd922b43fc57aeb5e65c2d5a2823e6bc438167d6afa3a767cee83e4af1f96",
+    "skills/mlops-security/skill.md": "72429f05010accbcb191cb1544f1b88493c2f5249362846e5713ec3226b83dc2",
     "skills/incident-response-playbook/skill.md": "2017515d899c1b2bcb878bc6731e4059623ac52345b2cebbd92204583657bf60",
     "skills/ransomware-response/skill.md": "2e4fc488f86ed1ba7791ab0e7021160d8ca5ad33a02cdf92a5b916c8afecaa54",
-    "skills/email-security-anti-phishing/skill.md": "e4e9e5a820c0ed3fde9483282e7a0ecaf79284cd2e9923ce66f2b0fb1fc44626",
-    "skills/age-gates-child-safety/skill.md": "66e7773d29c179ab62f409007c05e05993e04a19273225a1e520f2481fd9a90d",
-    "skills/cloud-iam-incident/skill.md": "6494ee3856edeb212e65fe5cdb208357c1a832eb8ac374b26055586bfc71f629",
+    "skills/email-security-anti-phishing/skill.md": "250f266908f51f99a4cb3aec0d5dacfcf91fac9f3d95e5a117429a40ed2ff45a",
+    "skills/age-gates-child-safety/skill.md": "51295c849bcced965b6448eb6b4bbd5caef5ba0b0cea7ce48abbacf47d331621",
+    "skills/cloud-iam-incident/skill.md": "5ec3800a0049b2123aff67bfab4ff28491a86d2daeb712283e5e88b10c3d5d7b",
     "skills/idp-incident-response/skill.md": "e67a2576e7f1c3bf89f499f5c977bc470ef29e8b3e3e45f4cb5bd45a82674282"
   },
   "skill_count": 42,
@@ -72,13 +72,13 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 34,
+    "chains_cve_entries": 35,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,
     "summary_cards": 42,
     "section_offsets_skills": 42,
-    "token_budget_total_approx": 402643,
+    "token_budget_total_approx": 404483,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/activity-feed.json

@@ -63,7 +63,7 @@
       "artifact": "data/framework-control-gaps.json",
       "path": "data/framework-control-gaps.json",
       "schema_version": "1.0.0",
-      "entry_count": 122
+      "entry_count": 142
     },
     {
       "date": "2026-05-15",
@@ -87,7 +87,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 24
+      "entry_count": 39
     },
     {
       "date": "2026-05-15",
@@ -102,7 +102,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 39
+      "entry_count": 40
     },
     {
       "date": "2026-05-13",

package/data/_indexes/catalog-summaries.json

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 39,
+      "entry_count": 40,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 122,
+      "entry_count": 142,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 24,
+      "entry_count": 39,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",