@blamejs/exceptd-skills 0.13.3 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/AGENTS.md +41 -4
  2. package/CHANGELOG.md +64 -0
  3. package/README.md +79 -13
  4. package/bin/exceptd.js +117 -9
  5. package/data/_indexes/_meta.json +44 -44
  6. package/data/_indexes/activity-feed.json +3 -3
  7. package/data/_indexes/catalog-summaries.json +3 -3
  8. package/data/_indexes/chains.json +0 -32
  9. package/data/_indexes/handoff-dag.json +127 -57
  10. package/data/_indexes/section-offsets.json +465 -411
  11. package/data/_indexes/summary-cards.json +34 -34
  12. package/data/_indexes/token-budget.json +298 -268
  13. package/data/cve-catalog.json +4 -146
  14. package/data/exploit-availability.json +0 -27
  15. package/data/framework-control-gaps.json +2 -2
  16. package/data/playbooks/ai-discovered-cve-triage.json +1146 -0
  17. package/data/playbooks/cicd-pipeline-compromise.json +3 -0
  18. package/data/playbooks/cred-stores.json +1 -0
  19. package/data/playbooks/crypto.json +3 -0
  20. package/data/playbooks/framework.json +3 -0
  21. package/data/playbooks/idp-incident.json +2 -1
  22. package/data/playbooks/kernel.json +1 -0
  23. package/data/playbooks/mcp.json +27 -2
  24. package/data/playbooks/post-quantum-migration.json +1268 -0
  25. package/data/playbooks/runtime.json +1 -0
  26. package/data/playbooks/sbom.json +3 -0
  27. package/data/playbooks/supply-chain-recovery.json +1332 -0
  28. package/data/zeroday-lessons.json +0 -89
  29. package/lib/schemas/cve-catalog.schema.json +2 -1
  30. package/lib/schemas/playbook.schema.json +5 -0
  31. package/lib/validate-cve-catalog.js +27 -0
  32. package/manifest.json +80 -80
  33. package/orchestrator/index.js +58 -1
  34. package/package.json +1 -1
  35. package/sbom.cdx.json +99 -66
  36. package/skills/age-gates-child-safety/skill.md +2 -0
  37. package/skills/ai-attack-surface/skill.md +2 -0
  38. package/skills/ai-c2-detection/skill.md +2 -0
  39. package/skills/ai-risk-management/skill.md +2 -0
  40. package/skills/api-security/skill.md +2 -0
  41. package/skills/attack-surface-pentest/skill.md +2 -0
  42. package/skills/cloud-security/skill.md +2 -0
  43. package/skills/compliance-theater/skill.md +28 -2
  44. package/skills/container-runtime-security/skill.md +2 -0
  45. package/skills/coordinated-vuln-disclosure/skill.md +1 -1
  46. package/skills/defensive-countermeasure-mapping/skill.md +2 -0
  47. package/skills/dlp-gap-analysis/skill.md +2 -0
  48. package/skills/exploit-scoring/skill.md +30 -1
  49. package/skills/framework-gap-analysis/skill.md +28 -1
  50. package/skills/fuzz-testing-strategy/skill.md +4 -2
  51. package/skills/global-grc/skill.md +2 -0
  52. package/skills/identity-assurance/skill.md +2 -0
  53. package/skills/kernel-lpe-triage/skill.md +2 -0
  54. package/skills/mcp-agent-trust/skill.md +4 -0
  55. package/skills/mlops-security/skill.md +2 -0
  56. package/skills/ot-ics-security/skill.md +2 -0
  57. package/skills/policy-exception-gen/skill.md +28 -1
  58. package/skills/pqc-first/skill.md +2 -0
  59. package/skills/rag-pipeline-security/skill.md +2 -0
  60. package/skills/researcher/skill.md +2 -0
  61. package/skills/sector-energy/skill.md +2 -0
  62. package/skills/sector-federal-government/skill.md +2 -0
  63. package/skills/sector-financial/skill.md +2 -0
  64. package/skills/sector-healthcare/skill.md +2 -0
  65. package/skills/security-maturity-tiers/skill.md +2 -0
  66. package/skills/skill-update-loop/skill.md +2 -0
  67. package/skills/supply-chain-integrity/skill.md +2 -0
  68. package/skills/threat-model-currency/skill.md +37 -1
  69. package/skills/threat-modeling-methodology/skill.md +2 -0
  70. package/skills/webapp-security/skill.md +2 -0
  71. package/skills/zeroday-gap-learn/skill.md +33 -1
package/data/playbooks/cicd-pipeline-compromise.json CHANGED
@@ -58,6 +58,9 @@
58
58
  "playbook_id": "framework",
59
59
  "condition": "analyze.compliance_theater_check.verdict == 'theater'"
60
60
  }
61
+ ],
62
+ "fed_by": [
63
+ "mcp"
61
64
  ]
62
65
  },
63
66
  "domain": {
package/data/playbooks/cred-stores.json CHANGED
@@ -47,6 +47,7 @@
47
47
  "ransomware",
48
48
  "runtime",
49
49
  "secrets",
50
+ "supply-chain-recovery",
50
51
  "webhook-callback-abuse"
51
52
  ]
52
53
  },
package/data/playbooks/crypto.json CHANGED
@@ -48,6 +48,9 @@
48
48
  "playbook_id": "sbom",
49
49
  "condition": "analyze.blast_radius_score >= 4"
50
50
  }
51
+ ],
52
+ "fed_by": [
53
+ "post-quantum-migration"
51
54
  ]
52
55
  },
53
56
  "domain": {
package/data/playbooks/framework.json CHANGED
@@ -47,6 +47,7 @@
47
47
  ],
48
48
  "fed_by": [
49
49
  "ai-api",
50
+ "ai-discovered-cve-triage",
50
51
  "cicd-pipeline-compromise",
51
52
  "cloud-iam-incident",
52
53
  "crypto",
@@ -57,8 +58,10 @@
57
58
  "library-author",
58
59
  "llm-tool-use-exfil",
59
60
  "mcp",
61
+ "post-quantum-migration",
60
62
  "ransomware",
61
63
  "sbom",
64
+ "supply-chain-recovery",
62
65
  "webhook-callback-abuse"
63
66
  ]
64
67
  },
package/data/playbooks/idp-incident.json CHANGED
@@ -55,7 +55,8 @@
55
55
  }
56
56
  ],
57
57
  "fed_by": [
58
- "identity-sso-compromise"
58
+ "identity-sso-compromise",
59
+ "supply-chain-recovery"
59
60
  ]
60
61
  },
61
62
  "domain": {
package/data/playbooks/kernel.json CHANGED
@@ -59,6 +59,7 @@
59
59
  }
60
60
  ],
61
61
  "fed_by": [
62
+ "ai-discovered-cve-triage",
62
63
  "containers",
63
64
  "hardening",
64
65
  "runtime",
package/data/playbooks/mcp.json CHANGED
@@ -1,10 +1,17 @@
1
1
  {
2
2
  "_meta": {
3
3
  "id": "mcp",
4
- "version": "1.3.0",
5
- "last_threat_review": "2026-05-13",
4
+ "version": "1.4.0",
5
+ "last_threat_review": "2026-05-17",
6
6
  "threat_currency_score": 98,
7
7
  "changelog": [
8
+ {
9
+ "version": "1.4.0",
10
+ "date": "2026-05-17",
11
+ "summary": "Skill-chain: adds `feeds_into` arc to `cicd-pipeline-compromise` so an MCP tool-poisoning finding inside a CI runner escalates to supply-chain handling (OIDC + signing-key + publish-channel scope). New deterministic indicator `mcp-server-invoked-from-ci-pipeline` keys on GITHUB_ACTIONS / GITLAB_CI / BUILDKITE / JENKINS_URL / CIRCLECI / RUNNER_OS and known runner workdirs (`/_work/`, `/builds/`, `/var/jenkins_home/workspace/`, `/var/lib/buildkite-agent/builds/`). Without this arc, MCP findings in CI got the local-dev close playbook only — under-counting publish-channel blast radius. The cicd-pipeline-compromise playbook gains a matching `fed_by: [\"sbom\", \"mcp\", \"cred-stores\"]` entry so the relationship is bidirectional.",
12
+ "cves_added": [],
13
+ "framework_gaps_updated": []
14
+ },
8
15
  {
9
16
  "version": "1.3.0",
10
17
  "date": "2026-05-13",
@@ -77,12 +84,17 @@
77
84
  {
78
85
  "playbook_id": "ai-api",
79
86
  "condition": "finding.includes_credential_exposure == true"
87
+ },
88
+ {
89
+ "playbook_id": "cicd-pipeline-compromise",
90
+ "condition": "finding.mcp_server_location matches '(github_actions|gitlab_runner|jenkins|buildkite|circleci)' OR finding.tool_invoked_from == 'ci_pipeline' OR analyze.blast_radius_score >= 4 AND finding.pipeline_credentials_in_scope == true"
80
91
  }
81
92
  ],
82
93
  "fed_by": [
83
94
  "ai-api",
84
95
  "llm-tool-use-exfil",
85
96
  "sbom",
97
+ "supply-chain-recovery",
86
98
  "webhook-callback-abuse"
87
99
  ]
88
100
  },
@@ -643,6 +655,19 @@
643
655
  "confidence": "high",
644
656
  "deterministic": false,
645
657
  "attack_ref": "T1552.001"
658
+ },
659
+ {
660
+ "id": "mcp-server-invoked-from-ci-pipeline",
661
+ "type": "env_var",
662
+ "value": "MCP server process or its parent shell carries any of GITHUB_ACTIONS=true, CI=true with GITLAB_CI=true, BUILDKITE=true, JENKINS_URL set, CIRCLECI=true, or RUNNER_OS set; OR mcp-process-list artifact shows the MCP server's working directory under a known CI runner path (`/_work/`, `/builds/`, `/var/jenkins_home/workspace/`, `/var/lib/buildkite-agent/builds/`)",
663
+ "description": "MCP server invoked from inside a CI/CD pipeline runner has access to OIDC tokens, build secrets, signing keys, and the package-publish channel. A tool-poisoning compromise in this context escalates from local-dev exposure to supply-chain emission. Feeds the `cicd-pipeline-compromise` playbook when paired with any other high-confidence MCP indicator. Source: 2026-04 GitHub-blog runner-context MCP advisory + AGENTS.md Hard Rule #5 (blast-radius escalation when credentials in scope).",
664
+ "confidence": "deterministic",
665
+ "deterministic": true,
666
+ "attack_ref": "T1078.004",
667
+ "false_positive_checks_required": [
668
+ "Local-dev environments may set CI=true via direnv / .envrc for matrix-test parity. Confirm at least one of GITHUB_ACTIONS / GITLAB_CI / BUILDKITE / JENKINS_URL / CIRCLECI is set (these are runner-emitted, not user-settable) before treating as a true positive.",
669
+ "Self-hosted runners on developer machines blur the boundary. Verify the runner has registered with the upstream control plane (gh api /repos/:owner/:repo/actions/runners) and is currently executing a job before flagging."
670
+ ]
646
671
  }
647
672
  ],
648
673
  "false_positive_profile": [