npm - @blamejs/exceptd-skills - Versions diffs - 0.13.22 → 0.13.24 - Mend

@blamejs/exceptd-skills 0.13.22 → 0.13.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,30 @@
 # Changelog
+## 0.13.24 — 2026-05-20
+`attest verify` and `attest diff` are now usable at the terminal without piping through `jq`.
+### Features
+- **Human renderer for `attest verify`.** One-screen answer to "did anyone tamper with my evidence since I ran it?" — verdict icon (`[ok]` / `[!! TAMPERED]` / `[i REPLAY_TAMPER]`), per-file row with reason, then a next-step block: `attest diff` + `attest show` on a clean run, `attest show --pretty` + `attest list --playbook` on a tamper. `--json` / `--pretty` reach the structured envelope unchanged.
+- **Human renderer for `attest diff`.** Status line (`[ok] status=unchanged` / `[i DRIFTED] status=drifted`), prior + replay evidence_hash + capture timestamps, replay classification + RWEP, sidecar-verify class, replay record path. When DRIFTED, points at `attest show` + a fresh `run --evidence <new>` capture.
+## 0.13.23 — 2026-05-19
+Continuation of the v0.13.22 UX pass: stage-by-stage next-step guidance so an operator (or an AI walking the workflow cold) never has to ask "what do I do now?"
+### Features
+- **`ci` human renderer emits a "Next steps" block per verdict.** BLOCKED → one `exceptd lint <playbook> -` command per blocked playbook plus the `--evidence <file>` re-run. NO_EVIDENCE → lint the first playbook + `ci --evidence-dir <dir>`. FAIL/detected → `run <playbook> --format markdown` / `--format csaf-2.0`. CLOCK_STARTED → `--format csaf-2.0` for the advisory draft. Pre-0.13.23 a blocked or no-evidence run printed only the reason — operators saw *why* they were stuck without the concrete command to unblock.
+- **`run` verdict line surfaces evidence_completeness.** Every successful run now shows `evidence: complete (13/13 indicators evaluated)` (or `partial` / `missing`) under the classification line. Distinguishes "ran every indicator and found nothing" from "couldn't evaluate, no evidence supplied" — pre-0.13.23 both states printed identically. When evidence is partial or missing, a `→ next: exceptd lint <playbook> -` pointer is appended.
+- **`run` attestation persistence is now visible.** Successful runs print `Attestation written: <full path>` followed by `exceptd attest verify <session-id>` and `exceptd attest diff <session-id>` so the operator knows where the JSON lives and how to verify or diff it. The persisted file path is also hoisted to the result envelope as `attestation_path`. Pre-0.13.23 the attestation went to `~/.exceptd/attestations/<repo>@<branch>/<session-id>/attestation.json` with zero indication in any output.
+- **`run` remediation prose matches the verdict.** Pre-0.13.23 every classification printed `Recommended remediation: <id>` — misleading on `not_detected` and `inconclusive` runs, where there is nothing to remediate. Now non-detect runs print `Remediation path (informational — verdict=<x>, no action required now): <id>`; detected runs are unchanged.
+### Bugs
+- **Stale playbook count in error messages.** `exceptd run <unknown-id>` (and the lint-not-found path) said "Run \`exceptd brief --all\` to list the 13 playbooks." There are 23 playbooks shipped. Now uses the live `listPlaybooks().length`.
+- **`lint` did not warn on the artifact-only-no-signal_overrides path.** An operator following lint's per-artifact guidance for a nested submission populated every required artifact, ran the playbook, and got every indicator = inconclusive with no explanation. The detect phase needs `signal_overrides` (or a `verdict.classification` override) to mark indicators as hit / miss — artifact presence alone is not enough. The flat-shape path already surfaced this as `detect_will_be_inconclusive`; the nested-shape path was silent. Now lint emits `no_signal_overrides_supplied` with the exact JSON shape to add.
 ## 0.13.22 — 2026-05-19
 `ci` is now usable at the terminal without piping through `jq`.

package/bin/exceptd.js CHANGED Viewed

@@ -1624,7 +1624,7 @@ function buildSkillToPlaybookHint(runner, wanted) {
     if (matches.length > 0) {
       return `That is a SKILL (read-only knowledge unit), not a PLAYBOOK (executable). Skill "${wanted}" is loaded by playbook${matches.length === 1 ? "" : "s"}: ${matches.join(", ")}. ` +
              `To execute: \`exceptd run ${matches[0]}\`. To read the skill: \`exceptd skill ${wanted}\`. ` +
-             `Tip: \`exceptd brief --all\` lists all 13 playbooks; \`exceptd watch\` lists skills.`;
+             `Tip: \`exceptd brief --all\` lists all ${ids.length} playbooks; \`exceptd watch\` lists skills.`;
     }
     // No matching skill either — provide nearest-playbook suggestions.
     // v0.12.9 (P3 #9 from production smoke): substring fallback first (cheap),
@@ -1638,7 +1638,7 @@ function buildSkillToPlaybookHint(runner, wanted) {
     if (near.length > 0) {
       return `Did you mean: ${near.join(", ")}? Run \`exceptd brief --all\` for the full list.`;
     }
-    return `Run \`exceptd brief --all\` to list the 13 playbooks.`;
+    return `Run \`exceptd brief --all\` to list the ${ids.length} playbooks.`;
   } catch { return null; }
 }
@@ -2288,6 +2288,27 @@ function cmdLint(runner, args, runOpts, pretty) {
         hint: `Flat submission with ${observationsCount} observation(s) but no indicator+result fields and no verdict.classification. detect() will return 'inconclusive'. Each observation needs { "indicator": "<id>", "result": "hit"|"miss"|"inconclusive" } to drive an indicator outcome. Run \`exceptd run ${playbookId} --signal-list\` for the indicator IDs.`,
       });
     }
+  } else {
+    // v0.13.23 — nested submission with artifacts but no signal_overrides
+    // also lands every indicator on inconclusive. The flat-shape branch
+    // already surfaced this; the nested-shape silence was the workflow gap
+    // operators hit: they fill in lint's per-artifact guidance, run, and
+    // get an opaque "every indicator inconclusive" result. Surface the
+    // signal_overrides shape explicitly so the operator/AI knows the
+    // next step is to set `signal_overrides[<indicator-id>] = "hit" |
+    // "miss" | "inconclusive"` per indicator they investigated.
+    const verdictClass = submission.verdict?.classification;
+    const verdictWillDrive = verdictClass === "clean" || verdictClass === "not_detected" || verdictClass === "detected" || verdictClass === "inconclusive";
+    const normalizedHasOverrides = Object.keys(normalized.signal_overrides || {}).length > 0;
+    const submissionHasArtifacts = Object.keys(submission.artifacts || {}).length > 0;
+    if (submissionHasArtifacts && !verdictWillDrive && !normalizedHasOverrides) {
+      const someIndicatorIds = [...knownIndicators].slice(0, 3).join('", "');
+      issues.push({
+        severity: "info",
+        kind: "no_signal_overrides_supplied",
+        hint: `Nested submission has artifacts but no signal_overrides — every indicator will return 'inconclusive' (verdict will be 'inconclusive', not 'detected' / 'not_detected'). To drive a concrete verdict, populate \`signal_overrides\` with the indicators you investigated: { "${someIndicatorIds}": "hit"|"miss" }. ${knownIndicators.size} indicator(s) known — see \`exceptd brief ${playbookId}\` for the full list. Alternatively, supply \`verdict.classification = "clean"|"not_detected"|"detected"\` to bypass indicator evaluation.`,
+      });
+    }
   }
   const ok = issues.every(i => i.severity !== "error");
@@ -2928,6 +2949,12 @@ function cmdRun(runner, args, runOpts, pretty) {
       result.prior_session_id = persistResult.prior_session_id;
       result.overwrote_at = persistResult.overwrote_at;
     }
+    // v0.13.23 — surface the attestation file path so the human renderer
+    // can echo it and the next-step guidance (attest verify <sid>) lands
+    // on an artifact the operator can actually find.
+    if (persistResult.attestation_path) {
+      result.attestation_path = persistResult.attestation_path;
+    }
   }
   if (result && result.ok === false) {
@@ -3151,6 +3178,21 @@ function cmdRun(runner, args, runOpts, pretty) {
     const top = rwep?.threshold?.escalate ?? "n/a";
     const verdictIcon = cls === "detected" ? "[!! DETECTED]" : cls === "inconclusive" ? "[i  INCONCLUSIVE]" : "[ok]";
     lines.push(`\n${verdictIcon}  classification=${cls}  RWEP ${adj}/${top}${adj !== base ? ` (Δ${adj - base} from operator evidence)` : " (catalog baseline)"}  blast_radius=${obj.phases?.analyze?.blast_radius_score ?? "n/a"}/5`);
+    // v0.13.23 — surface evidence_completeness on the verdict line so
+    // operators distinguish "ran every indicator and found nothing"
+    // (evidence=complete) from "couldn't evaluate, no evidence supplied"
+    // (evidence=missing). Pre-v0.13.23 the two states printed identically
+    // — a not_detected run with zero evidence looked the same as one
+    // with a fully-populated submission.
+    if (obj.evidence_completeness && obj.indicators_known != null) {
+      const ev = obj.evidence_completeness;
+      const ke = obj.indicators_evaluated ?? 0;
+      const kn = obj.indicators_known;
+      lines.push(`  evidence: ${ev}  (${ke}/${kn} indicators evaluated)`);
+      if (ev === "missing" || ev === "partial") {
+        lines.push(`  → next: exceptd lint ${obj.playbook_id} -    # paste {} on stdin, see exact JSON paths to populate`);
+      }
+    }
     // F11: surface --diff-from-latest verdict in the human renderer so
     // operators see whether the run drifted from the previous attestation
     // without adding --json. One summary line follows the classification.
@@ -3189,9 +3231,20 @@ function cmdRun(runner, args, runOpts, pretty) {
       lines.push(`\nIndicators that fired (${hits.length}):`);
       for (const i of hits.slice(0, 8)) lines.push(`  ${i.id}  (${i.confidence}${i.deterministic ? "/deterministic" : ""})`);
     }
+    // v0.13.23 — selected_remediation is informational on non-detect
+    // runs (validate() always picks the highest-priority remediation
+    // path as a "what would you do IF you found something" anchor).
+    // Rendering it as "Recommended remediation:" on a not_detected /
+    // inconclusive verdict misleads operators into thinking action is
+    // required. Tag it conditionally so the operator-facing prose
+    // matches the verdict.
     const rem = obj.phases?.validate?.selected_remediation;
     if (rem) {
-      lines.push(`\nRecommended remediation: ${rem.id} (priority ${rem.priority})`);
+      if (cls === "detected") {
+        lines.push(`\nRecommended remediation: ${rem.id} (priority ${rem.priority})`);
+      } else {
+        lines.push(`\nRemediation path (informational — verdict=${cls}, no action required now): ${rem.id} (priority ${rem.priority})`);
+      }
       lines.push(`  ${rem.description?.slice(0, 200) || ""}`);
     }
     const notif = (obj.phases?.close?.notification_actions || []).filter(n => n.clock_started_at);
@@ -3201,6 +3254,18 @@ function cmdRun(runner, args, runOpts, pretty) {
     }
     const feeds = obj.phases?.close?.feeds_into || [];
     if (feeds.length) lines.push(`\nNext playbooks suggested: ${feeds.join(", ")}`);
+    // v0.13.23 — tell the operator WHERE the attestation went and HOW
+    // to verify/diff it. Pre-v0.13.23 a successful run silently wrote
+    // ~/.exceptd/attestations/<repo>@<branch>/<sid>/attestation.json
+    // with zero indication to the operator. The next-time-they-asked-
+    // about-this-run lookup ("attest verify <sid>") then failed with
+    // "no session dir" because they were in a different cwd.
+    if (obj.attestation_path) {
+      lines.push(`\nAttestation written: ${obj.attestation_path}`);
+      lines.push(`  exceptd attest verify ${obj.session_id}     # tamper check`);
+      lines.push(`  exceptd attest diff ${obj.session_id}       # vs. most-recent prior for this playbook`);
+    }
     const issues = obj.preflight_issues || [];
     if (issues.length) {
       lines.push(`\nPreflight warnings (${issues.length}):`);
@@ -3757,7 +3822,12 @@ function persistAttestation(args) {
     try {
       writeAttestation(null, null, "wx");
-      return { ok: true, prior_session_id: null, overwrote_at: null };
+      // v0.13.23 — surface the absolute path so the caller can echo it
+      // in the human renderer. Pre-v0.13.23 the attestation was silently
+      // written to ~/.exceptd/attestations/<repo>@<branch>/<session-id>/
+      // and the operator had no way to find it short of grepping the
+      // filesystem.
+      return { ok: true, prior_session_id: null, overwrote_at: null, attestation_path: filePath };
     } catch (eExcl) {
       if (eExcl.code !== "EEXIST") throw eExcl;
       // Slot already taken — read prior to chain audit trail, then decide.
@@ -3874,6 +3944,7 @@ function persistAttestation(args) {
           ok: true,
           prior_session_id: lockedPrior ? sessionId : null,
           overwrote_at: lockedPrior ? lockedPrior.captured_at : null,
+          attestation_path: filePath,
         };
       } finally {
         try { fs.unlinkSync(lockPath); } catch {}
@@ -4525,7 +4596,32 @@ function cmdReattest(runner, args, runOpts, pretty) {
     // reason) so an auditor reading the CLI response can locate the
     // on-disk artifact without re-deriving the filename.
     replay_persisted: replayPersisted,
-  }, pretty);
+  }, pretty, (obj) => {
+    // v0.13.24 — human renderer for `attest diff` (reattest path).
+    // Pre-v0.13.24 the only output was JSON, so an operator asking "did
+    // anything change since the last run?" had to parse the envelope to
+    // get the one-line answer they wanted.
+    const lines = [];
+    lines.push(`attest diff: ${obj.session_id} (${obj.playbook_id})`);
+    const icon = obj.status === "unchanged" ? "[ok]" : "[i  DRIFTED]";
+    lines.push(`\n${icon}  status=${obj.status}`);
+    lines.push(`  prior:  ${obj.prior_evidence_hash}  (${obj.prior_captured_at})`);
+    lines.push(`  replay: ${obj.replay_evidence_hash}  (${obj.replayed_at})`);
+    if (obj.replay_classification) {
+      lines.push(`  replay classification: ${obj.replay_classification}  RWEP=${obj.replay_rwep_adjusted ?? 0}`);
+    }
+    if (obj.sidecar_verify_class) {
+      lines.push(`  sidecar verify: ${obj.sidecar_verify_class}`);
+    }
+    if (obj.replay_persisted && obj.replay_persisted.ok && obj.replay_persisted.path) {
+      lines.push(`  replay record: ${obj.replay_persisted.path}`);
+    }
+    if (obj.status === "drifted") {
+      lines.push(`\n  → next: exceptd attest show ${obj.session_id}            # inspect the prior submission`);
+      lines.push(`         exceptd run ${obj.playbook_id} --evidence <new>      # capture a fresh attestation against the new state`);
+    }
+    return lines.join("\n");
+  });
 }
 /**
@@ -4843,7 +4939,63 @@ function cmdAttest(runner, args, runOpts, pretty) {
       body.replay_tamper = true;
       body.warnings = ["one or more replay records failed Ed25519 verification — audit-trail corruption suspected, regenerate via reattest"];
     }
-    emit(body, pretty);
+    // v0.13.24 — human renderer for `attest verify`. Pre-v0.13.24 the
+    // only output was a JSON envelope, even at the terminal. The whole
+    // point of `attest verify` is "did anyone tamper with my evidence
+    // since I ran it?" — that question deserves a one-line answer.
+    emit(body, pretty, (obj) => {
+      const lines = [];
+      lines.push(`attest verify: ${obj.session_id}`);
+      const att = obj.results || [];
+      const rep = obj.replay_results || [];
+      if (att.length === 0 && rep.length === 0) {
+        lines.push(`  [!! NO_DATA] no attestation files found for session.`);
+        lines.push(`\n  → next: exceptd attest list                  # browse persisted sessions`);
+        return lines.join("\n");
+      }
+      // "Clean enough to proceed" = no tamper signal. Explicitly-unsigned
+      // attestations are NOT a tamper (the operator's environment lacks
+      // .keys/private.pem; this is the default on CI runners and on hosts
+      // doing posture-only walks). Distinguish from real verification
+      // failures (tamper_class present) so the next-step block still fires.
+      const noTamper = att.every(r => !r.tamper_class) && rep.every(r => !r.tamper_class);
+      const allVerified = att.every(r => r.verified) && rep.every(r => r.verified);
+      const icon = obj.ok === false ? "[!! TAMPERED]" : (obj.replay_tamper ? "[i  REPLAY_TAMPER]" : (allVerified ? "[ok]" : "[i  UNSIGNED]"));
+      lines.push(`\n${icon}  ${att.filter(r => r.verified).length}/${att.length} attestation(s) verified, ${rep.filter(r => r.verified).length}/${rep.length} replay record(s) verified`);
+      // Status icon precedence: verified → [ok]. tamper_class set →
+      // [!! <CLASS>] (real tamper signal). signed=false AND no
+      // tamper_class → [i UNSIGNED] (not a failure — the attestation
+      // was legitimately written without a key, e.g. on a CI runner
+      // without .keys/private.pem). signed=true but verified=false
+      // without a tamper_class indicates a verify error (missing pub
+      // key, read error) — [i  VERIFY-ERROR].
+      const statusFor = (r) => {
+        if (r.verified) return "[ok]";
+        if (r.tamper_class) return `[!! ${r.tamper_class.toUpperCase()}]`;
+        if (r.signed === false) return "[i  UNSIGNED]";
+        return "[i  VERIFY-ERROR]";
+      };
+      for (const r of att) {
+        lines.push(`  ${statusFor(r)}  ${r.file}  — ${r.reason || "(no reason)"}`);
+      }
+      for (const r of rep) {
+        lines.push(`  ${statusFor(r)}  ${r.file}  (replay)  — ${r.reason || "(no reason)"}`);
+      }
+      if (obj.ok === false) {
+        lines.push(`\n  → next: exceptd attest show ${obj.session_id} --pretty   # inspect the disputed file directly`);
+        lines.push(`         exceptd attest list --playbook <id>                # find a non-tampered prior session for the same playbook`);
+      } else if (obj.replay_tamper) {
+        lines.push(`\n  → next: exceptd attest diff ${obj.session_id} --force-replay   # regenerate the replay record`);
+      } else if (allVerified || noTamper) {
+        // allVerified → signed + verified; noTamper → unsigned but not
+        // tampered (legitimate CI / posture-only state). Both states are
+        // safe to keep working with, so point at the same next-step
+        // commands.
+        lines.push(`\n  → next: exceptd attest diff ${obj.session_id}            # compare against prior session for this playbook`);
+        lines.push(`         exceptd attest show ${obj.session_id} --pretty     # inspect the persisted attestation`);
+      }
+      return lines.join("\n");
+    });
     return;
   }
@@ -6993,6 +7145,63 @@ function cmdCi(runner, args, runOpts, pretty) {
         for (const r of s.fail_reasons) lines.push(`  - ${r}`);
       }
+      // v0.13.23 — Next-step guidance. An operator (or an AI walking the
+      // workflow cold) reading the ci output should never have to ask
+      // "what do I do now?" The verdict dictates the next move:
+      //   BLOCKED        → operator must supply evidence asserting the
+      //                    halted preconditions; `exceptd lint <pb> -`
+      //                    emits the exact JSON paths to fill in.
+      //   NO_EVIDENCE    → no --evidence was supplied and every playbook
+      //                    returned inconclusive; same lint -> run loop.
+      //   FAIL/detected  → look at the matched_cves + recommended
+      //                    remediation in the per-playbook results.
+      //   CLOCK_STARTED  → notification clock running; see deadline above.
+      //   PASS           → nothing to do.
+      const blockedRows = (obj.results || []).filter(r => r && r.ok === false);
+      const lintCmd = (id) => `  exceptd lint ${id} -                          # paste {} on stdin, get exact JSON paths`;
+      if (s.verdict === "BLOCKED" && blockedRows.length) {
+        lines.push(`\nNext steps (unblock the ${blockedRows.length} halted playbook(s)):`);
+        for (const row of blockedRows.slice(0, 4)) {
+          lines.push(lintCmd(row.playbook_id || "?"));
+        }
+        lines.push(`  exceptd run <playbook> --evidence <file>     # re-run after filling in evidence`);
+      } else if (s.verdict === "NO_EVIDENCE") {
+        const firstId = (obj.results[0] && obj.results[0].playbook_id) || (obj.playbooks_run[0]) || "<playbook>";
+        lines.push(`\nNext steps (every playbook ran inconclusive — no evidence supplied):`);
+        lines.push(lintCmd(firstId));
+        lines.push(`  exceptd ci --scope <type> --evidence-dir <dir>  # gate again with real submissions`);
+      } else if (s.verdict === "FAIL") {
+        // codex P2 (PR #63): FAIL can fire in two distinct shapes —
+        //   (a) at least one playbook classification=detected → s.detected > 0
+        //   (b) inconclusive playbook(s) whose rwep_delta (operator
+        //       evidence) crossed the cap → s.detected stays at 0
+        // Pre-fix this branch was keyed on `s.detected > 0`, so the
+        // shape-(b) FAIL exited with no "Next steps" footer at all,
+        // contradicting the v0.13.23 stage-by-stage promise.
+        if (s.detected > 0) {
+          lines.push(`\nNext steps (review the ${s.detected} detected finding(s)):`);
+          lines.push(`  exceptd run <playbook> --format markdown    # operator-readable digest`);
+          lines.push(`  exceptd run <playbook> --format csaf-2.0    # advisory bundle for downstream`);
+        } else {
+          // Operator evidence pushed RWEP across --max-rwep cap on an
+          // otherwise-inconclusive run. The fix is to review which
+          // signals moved the score and decide whether they warrant
+          // escalation or whether the cap is set too low for the
+          // current evidence quality.
+          const inconclusivePb = (obj.results || [])
+            .filter(r => r && r.ok !== false && r.phases?.detect?.classification === "inconclusive")
+            .map(r => r.playbook_id)
+            .filter(Boolean);
+          const exampleId = inconclusivePb[0] || (obj.playbooks_run && obj.playbooks_run[0]) || "<playbook>";
+          lines.push(`\nNext steps (RWEP-delta cap exceeded — no playbook hit "detected", but operator evidence raised at least one score past --max-rwep):`);
+          lines.push(`  exceptd run ${exampleId} --pretty           # inspect phases.analyze.rwep.base + adjusted to see which signal moved the score`);
+          lines.push(`  exceptd ci ... --max-rwep <higher>           # raise the cap if the evidence-driven escalation is acceptable for your gate`);
+        }
+      } else if (s.verdict === "CLOCK_STARTED") {
+        lines.push(`\nNext steps (jurisdiction clock running — notification deadlines above):`);
+        lines.push(`  exceptd run <playbook> --format csaf-2.0    # draft the operator-of-record advisory`);
+      }
       lines.push(`\nFull structured result: --json (or --pretty for indented JSON).`);
       return lines.join("\n");
     });

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-19T22:22:02.165Z",
+  "generated_at": "2026-05-20T00:33:15.546Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "068eb6c464d8999f41906bd3ea080b6b579d6dc15c3c1b05c1caf94adb72cd27",
+    "manifest.json": "4740f0bfc023012b913852e96c3085f4d843c0d13cc7f24e11a469cbbdf3f578",
     "data/atlas-ttps.json": "d296c1d3e71807c9279b731f047e57796e85137f186586743a8cdad214b408f9",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.22",
+  "version": "0.13.24",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-19T22:21:07.815Z",
+      "signed_at": "2026-05-20T00:33:14.269Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
-      "signed_at": "2026-05-19T22:21:07.817Z",
+      "signed_at": "2026-05-20T00:33:14.270Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
-      "signed_at": "2026-05-19T22:21:07.817Z",
+      "signed_at": "2026-05-20T00:33:14.271Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "RYOxeq/o3uTwTWq4H7RcdH2Aclg9UyCERfUH9Frwkzncsowg7LgxpaEDc3swTCv73HMEGbU8wVbXguZ4JxHUCQ==",
-      "signed_at": "2026-05-19T22:21:07.818Z"
+      "signed_at": "2026-05-20T00:33:14.271Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DneJCPKCPcoe6nQ82XptqSqNfSRdt1orKaO+o7K36YCciDrzwJb+1BuBLusPDtpcdDaGY0y0e+AqiTYJklhBAQ==",
-      "signed_at": "2026-05-19T22:21:07.818Z"
+      "signed_at": "2026-05-20T00:33:14.272Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-19T22:21:07.819Z"
+      "signed_at": "2026-05-20T00:33:14.272Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XgrzcA2brPhXrSTxrcLnJec0OpgGYJBoSTUlJ10UdePHffxqb9LTVGnfbmEk1ykQifXREZexui2bG7X/+eFfCQ==",
-      "signed_at": "2026-05-19T22:21:07.819Z",
+      "signed_at": "2026-05-20T00:33:14.273Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
-      "signed_at": "2026-05-19T22:21:07.819Z",
+      "signed_at": "2026-05-20T00:33:14.273Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ciqhVloMWWXEigPZvvwoV2c54tEqsDqsoc+sS/mNTFFJk2H+tz2+XUrgfEPRuYw0FeyNB6/+27pL2NpKHzUqAg==",
-      "signed_at": "2026-05-19T22:21:07.819Z",
+      "signed_at": "2026-05-20T00:33:14.273Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-19T22:21:07.820Z"
+      "signed_at": "2026-05-20T00:33:14.274Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-19T22:21:07.820Z"
+      "signed_at": "2026-05-20T00:33:14.274Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-19T22:21:07.820Z"
+      "signed_at": "2026-05-20T00:33:14.274Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-19T22:21:07.821Z",
+      "signed_at": "2026-05-20T00:33:14.275Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "MS35nWm8djfJGn4OOoT0JKJ2aO+Dkbb6wOOWJYvNZlRKT3UGA59o2gxg1JOnD20hb/RwxtkmCujhl2tuYSR+AQ==",
-      "signed_at": "2026-05-19T22:21:07.821Z"
+      "signed_at": "2026-05-20T00:33:14.275Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-19T22:21:07.821Z",
+      "signed_at": "2026-05-20T00:33:14.275Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-19T22:21:07.822Z"
+      "signed_at": "2026-05-20T00:33:14.276Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "7eEwCXFd9pDKUw7yCUbRJSjfzozE44dwwwemCQUPm8JBPztLltibD9bL/RszSbYyCrYJmVb5Drncz2cGe62gCw==",
-      "signed_at": "2026-05-19T22:21:07.822Z"
+      "signed_at": "2026-05-20T00:33:14.276Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-19T22:21:07.822Z"
+      "signed_at": "2026-05-20T00:33:14.276Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
-      "signed_at": "2026-05-19T22:21:07.822Z"
+      "signed_at": "2026-05-20T00:33:14.277Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-19T22:21:07.823Z"
+      "signed_at": "2026-05-20T00:33:14.277Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-19T22:21:07.823Z"
+      "signed_at": "2026-05-20T00:33:14.277Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-19T22:21:07.823Z"
+      "signed_at": "2026-05-20T00:33:14.278Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-19T22:21:07.824Z"
+      "signed_at": "2026-05-20T00:33:14.278Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-19T22:21:07.824Z"
+      "signed_at": "2026-05-20T00:33:14.278Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-19T22:21:07.824Z"
+      "signed_at": "2026-05-20T00:33:14.279Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-19T22:21:07.825Z"
+      "signed_at": "2026-05-20T00:33:14.279Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-19T22:21:07.825Z"
+      "signed_at": "2026-05-20T00:33:14.279Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-19T22:21:07.825Z"
+      "signed_at": "2026-05-20T00:33:14.280Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-19T22:21:07.826Z"
+      "signed_at": "2026-05-20T00:33:14.280Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-19T22:21:07.826Z"
+      "signed_at": "2026-05-20T00:33:14.281Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-19T22:21:07.827Z"
+      "signed_at": "2026-05-20T00:33:14.281Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-19T22:21:07.827Z"
+      "signed_at": "2026-05-20T00:33:14.281Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-19T22:21:07.827Z"
+      "signed_at": "2026-05-20T00:33:14.282Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-19T22:21:07.827Z"
+      "signed_at": "2026-05-20T00:33:14.282Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-19T22:21:07.828Z"
+      "signed_at": "2026-05-20T00:33:14.282Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.6.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "BGNE6ZQWBA1LmsUFe8tU0L67iGDSrFqiuqaZD2f1KqfcyqqzQfMs9PWNHFzxxaJmXeKlm87eU8lgELF0bX+RBA==",
-      "signed_at": "2026-05-19T22:21:07.828Z"
+      "signed_at": "2026-05-20T00:33:14.283Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FkZQerh3VHVJAwIcCktDyMRh5KE2+Em/i0ek8zEz7JG/PXtQx8ujHWTh3VjZbOLhPNtdB2qxgXOIAYIofaVOAQ==",
-      "signed_at": "2026-05-19T22:21:07.829Z"
+      "signed_at": "2026-05-20T00:33:14.283Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n3UToNuN3A1HgLvcuqmIx8vrZY71+r/79waK92jG+rSX4uYOzkmxMUpROrE5K9bDwMezNBHdjWv8Uul6zugyDQ==",
-      "signed_at": "2026-05-19T22:21:07.829Z"
+      "signed_at": "2026-05-20T00:33:14.283Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-19T22:21:07.829Z"
+      "signed_at": "2026-05-20T00:33:14.284Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
-      "signed_at": "2026-05-19T22:21:07.830Z"
+      "signed_at": "2026-05-20T00:33:14.284Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-19T22:21:07.830Z"
+      "signed_at": "2026-05-20T00:33:14.284Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-19T22:21:07.830Z"
+      "signed_at": "2026-05-20T00:33:14.285Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "6RWl1bUtDhlyizAkvu6GBBmMFW7EvtD68X552wCliURN1GsvyvercoB2JDdXJFwR2rNZdlFuhxpWa7UR+4vGAg=="
+    "signature_base64": "UR1pyH7Jbsptyh55rc9Z7G2d1f3V6Yz9Z3ssxrBGjj/HsvsCLrbDwGJ6g5oEt65YLm/Ef6P9zzq6sTH19NymCw=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.22",
+  "version": "0.13.24",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:7f62a713-9c4b-42e1-bfdf-a445644dcc1a",
+  "serialNumber": "urn:uuid:cfdcbf8e-e88f-44e0-b871-5e7ca0e19f9c",
   "version": 1,
   "metadata": {
-    "timestamp": "2093-09-21T18:48:51.000Z",
+    "timestamp": "2136-07-05T20:31:10.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.22"
+        "version": "0.13.24"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.22",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.24",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.22",
+      "version": "0.13.24",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.22",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.24",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "dfcb0e018fbcbd75bfe5b68c68f21a46b30eb98e9663a6ca8a2b3318a447abbd"
+          "content": "eb0888b7437c0c6d63ac7afdf5bdba1885f2fed74eceb86ed7eff97a3bce22e6"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.22"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.24"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f8f20d7d8a9c4a826dfe21240752016c9ddaa6e02c16b0c37fa04461dbb78c2b"
+          "content": "430120b0433642c04374e2da25fc41df0258ceba4280398fa9d7ed22a18b018e"
         },
         {
           "alg": "SHA3-512",
-          "content": "fd4d4db63a2eae9d1cac3e745d53e3ec0af66bf7847cdba8922a9044d9c7658d348e0f82334e4642e06409c766493dd69ae16e78593e3e1fe2882a1025d1a33a"
+          "content": "45b40d2ccac8e4accd19291c159d7ca4919684b18ceb53264cb808f351c3510073c9228c1f6cb131ebe66ce7358f0fe6adc5bc177e5d81661c87f45190a3b2bf"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "41c11c8960c05923ed4650f2a451029bd41f4149f24baf9f8d77dc5a5974bd12"
+          "content": "3e7347a2e6cd07fa465648be7a35a1c696c2f4b5d52f8f9e6977e33d48c17cb9"
         },
         {
           "alg": "SHA3-512",
-          "content": "27d6e17884c3a8e18a42a424086ebaaf48f1cfb9f8da0b83f91b16af7fb36cc3e1de9f05b39176310ecdbd8b84eb6e627134f64a4c37df9d32fededd72c14d80"
+          "content": "292aa5fba8a763c2cc7f5cd6bcb5f36c8648f542f1d04d61553786dcdc7196f74a8e8e9c000363958fe5ca7316576a7b80779896ddc978d882078569cef77bb2"
         }
       ]
     },
@@ -1451,11 +1451,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "068eb6c464d8999f41906bd3ea080b6b579d6dc15c3c1b05c1caf94adb72cd27"
+          "content": "4740f0bfc023012b913852e96c3085f4d843c0d13cc7f24e11a469cbbdf3f578"
         },
         {
           "alg": "SHA3-512",
-          "content": "258f9d6343d5b9a2d983ed483e8038d2442d7830fe1d5a8b84541bd8fbae9a2dbd23a682c7e34cc769fea48ca22bd7cfc49ed21ba8f3dab7bac384f77ea24490"
+          "content": "2e9bb5c05229e90c14ea6e5105e84209e4b9146dd10e6cb9702d73b6cda90553d87a63cc0cc63a1e2e5cf452e10bb3f6e6eefb235e2c6240a922017d5b847421"
         }
       ]
     },