npm - @blamejs/exceptd-skills - Versions diffs - 0.13.30 → 0.13.32 - Mend

@blamejs/exceptd-skills 0.13.30 → 0.13.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,24 @@
 # Changelog
+## 0.13.32 — 2026-05-20
+Two more JSON-only paths get human-renderer treatment.
+### Features
+- **`run --upstream-check` surfaces version-currency in the human renderer.** The flag fired a registry check and recorded `upstream_check.{local_version, latest_version, behind, same, ahead, days_since_latest_publish}` in the JSON envelope but the human output was silent. Now the verdict block includes `> upstream check: local v<X> == published v<X> (current)` on match, `> upstream check: local v<X> BEHIND published v<Y> (Nd behind) — run \`npm install -g @blamejs/exceptd-skills@latest\`` on lag, and `> upstream check: local v<X> ahead ...` on dev installs.
+- **`doctor --ai-config` shows scanned counts + per-finding detail.** Previously `doctor --ai-config` ran a 46k-file walk across `~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, `~/.continue` but the operator saw only `summary: all checks green` — no way to see what was scanned. The doctor renderer now prints `[ok] AI-assistant config audit: scanned N file(s) across M dir(s) of K candidate root(s); P finding(s)` plus a Windows-mode-bits note when applicable. Findings render with severity icon + path + reason; truncated past 5 (full list via `--json`).
+## 0.13.31 — 2026-05-20
+Documentation refresh. No code change.
+### Internal
+- README gained a `Result envelope contract` table documenting the headline fields hoisted to the top of every `run` / per-playbook `ci` result (`verdict`, `rwep_score`, `top_finding`, `summary_line`, `evidence_completeness`, `indicators_evaluated`, `indicators_known`, `attestation_path`) so machine consumers do not need to walk `phases.*` to discover them. Also added a `Default terminal output vs --json / --pretty` section explaining the human-renderer path that fires by default on `ci` / `run` / `attest verify` / `attest diff` / `discover` and how to reach the structured envelope.
+- Corrected stale counts: `42/42` expected on `doctor --signatures` (was `38/38`); `38 jurisdictions` in the Status paragraph (was `35`).
+- Landing site (exceptd.com): bumped stale counts (23 playbooks / 42 skills / 18 indexes / 38 jurisdictions / 17 release-hygiene gates), added a `terminal-first output, no jq required` feature card covering the v0.13.22–0.13.30 UX work, bumped the JSON-LD `softwareVersion`.
 ## 0.13.30 — 2026-05-20
 `run --diff-from-latest` on a fresh attestation directory now prints an explicit "no prior — this run becomes the baseline" line. Previously the no-prior branch was silent; operators who passed the flag saw zero diff output and could not tell whether the flag took effect.

package/README.md CHANGED Viewed

@@ -30,7 +30,7 @@ This platform surfaces what is actually happening right now. Every skill explici
 ## Status
-Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) with signed npm provenance attestation and Ed25519-signed skill bodies. The package ships 42 skills across kernel LPE, MCP supply chain, AI-as-C2, prompt injection, post-quantum crypto, SBOM integrity, identity-incident response, and 35 other AI/security domains, plus 10 intelligence catalogs (CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons) covering 35 jurisdictions — the CVE catalog grew from 68 to 312 entries in v0.13.17 via a CISA KEV bulk-intake of `dateAdded >= 2024-01-01` actively-exploited vulnerabilities. 23 investigation playbooks (kernel, MCP, AI-API, framework, SBOM, runtime, hardening, secrets, cred-stores, containers, crypto, plus `webhook-callback-abuse`, `cicd-pipeline-compromise`, `identity-sso-compromise`, `llm-tool-use-exfil`, `post-quantum-migration`, `ai-discovered-cve-triage`, `supply-chain-recovery`, and more), a CLI for discovery and seven-phase investigation runs (`govern → direct → look → detect → analyze → validate → close`), and a nightly auto-refresh job that pulls KEV / NVD / EPSS / GHSA / OSV / IETF deltas plus 15 primary-source advisory + research-blog + tech-press feeds (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org, oss-security, JFrog, CISA, Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red, BleepingComputer security, The Hacker News, and a GitHub public-events tracker for the Nightmare-Eclipse researcher handle that anchors NEW-CTRL-073) into auto-PRs for editorial review. v0.13.17 also ships `lib/cve-regression-watcher.js` (NEW-CTRL-074) — a complementary detection method that surfaces poller-diff historical-CVE references as candidate silent-regression cases, the class anchored by MiniPlasma (a 2026 PoC drop that re-broke CVE-2020-17103 without any new ID being assigned).
+Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) with signed npm provenance attestation and Ed25519-signed skill bodies. The package ships 42 skills across kernel LPE, MCP supply chain, AI-as-C2, prompt injection, post-quantum crypto, SBOM integrity, identity-incident response, and 35 other AI/security domains, plus 10 intelligence catalogs (CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons) covering 38 jurisdictions — the CVE catalog grew from 68 to 312 entries in v0.13.17 via a CISA KEV bulk-intake of `dateAdded >= 2024-01-01` actively-exploited vulnerabilities. 23 investigation playbooks (kernel, MCP, AI-API, framework, SBOM, runtime, hardening, secrets, cred-stores, containers, crypto, plus `webhook-callback-abuse`, `cicd-pipeline-compromise`, `identity-sso-compromise`, `llm-tool-use-exfil`, `post-quantum-migration`, `ai-discovered-cve-triage`, `supply-chain-recovery`, and more), a CLI for discovery and seven-phase investigation runs (`govern → direct → look → detect → analyze → validate → close`), and a nightly auto-refresh job that pulls KEV / NVD / EPSS / GHSA / OSV / IETF deltas plus 15 primary-source advisory + research-blog + tech-press feeds (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org, oss-security, JFrog, CISA, Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red, BleepingComputer security, The Hacker News, and a GitHub public-events tracker for the Nightmare-Eclipse researcher handle that anchors NEW-CTRL-073) into auto-PRs for editorial review. v0.13.17 also ships `lib/cve-regression-watcher.js` (NEW-CTRL-074) — a complementary detection method that surfaces poller-diff historical-CVE references as candidate silent-regression cases, the class anchored by MiniPlasma (a 2026 PoC drop that re-broke CVE-2020-17103 without any new ID being assigned).
 ---
@@ -144,7 +144,7 @@ exceptd help
 First run — verify the signing chain and pin the public-key fingerprint for out-of-band checks:
 ```bash
-exceptd doctor --signatures            # verify Ed25519 chains (38/38 expected)
+exceptd doctor --signatures            # verify Ed25519 chains (42/42 expected)
 cat $(exceptd path)/keys/EXPECTED_FINGERPRINT   # pin fingerprint for OOB verify
 ```
@@ -412,6 +412,38 @@ The remaining v0.10.x verbs are aliases — still functional, no banner, no remo
 | `prefetch` | `refresh --no-network` |
 | `build-indexes` | `refresh --indexes-only` |
+### Result envelope contract
+Every `run` (and every per-playbook result inside a `ci` body) hoists the headline summary fields to the top of the JSON envelope so machine consumers do not have to walk `phases.*` to find them:
+| Field | Type | Meaning |
+|---|---|---|
+| `ok` | boolean | `true` on success, `false` on blocked-at-preflight or persistence failure |
+| `playbook_id` | string | Playbook id (present on blocked results too, so a `results[]` iterator can identify the row without joining against `playbooks_run[]` by index) |
+| `directive_id` | string | Directive within the playbook |
+| `session_id` | string | Run id (used by `attest verify <sid>` / `attest diff <sid>`) |
+| `verdict` | string | One of `detected` / `not_detected` / `inconclusive` / `pending` / `skipped` / `blocked` |
+| `rwep_score` | number \| null | `phases.analyze.rwep.adjusted`, or `null` on blocked / catalog-baseline-zero runs |
+| `top_finding` | string \| null | First matched CVE id, or the indicator classification when no CVE correlated |
+| `summary_line` | string | One-line human summary (~240 chars) — `<playbook>: <verdict> (rwep=<n>, <finding>, evidence=<state>)` |
+| `evidence_completeness` | string | One of `complete` / `partial` / `missing` / `unknown` / `not-evaluated` |
+| `indicators_evaluated` | number \| null | Indicators that produced a verdict |
+| `indicators_known` | number \| null | Indicators declared by the playbook |
+| `evidence_hash` | string | SHA-256 of the normalized submission |
+| `submission_digest` | string | SHA-256 of the structured envelope |
+| `attestation_path` | string | Absolute path to the persisted attestation JSON (success path only) |
+| `preflight_issues` | array | Preconditions evaluated, with per-precondition `on_fail` + `check` |
+| `precondition_check_source` | object | Per-precondition: `submission` / `runOpts` / `merged` |
+| `phases` | object | Full per-phase outputs — `govern`, `direct`, `look`, `detect`, `analyze`, `validate`, `close` |
+On a blocked result (preflight halt, missing precondition), `ok` is `false` and the envelope additionally carries `blocked_by` / `reason` / `remediation` / `phase: 'preflight'` / `verdict: 'blocked'`. `evidence_completeness` reports `not-evaluated`.
+### Default terminal output vs `--json` / `--pretty`
+By default `ci`, `run`, `attest verify`, `attest diff`, and `discover` emit a human-readable digest at the terminal — verdict line, per-playbook table (for `ci`), next-step block keyed on verdict (BLOCKED → `exceptd lint <pb> -`; NO_EVIDENCE → lint + `--evidence-dir`; FAIL → `--format markdown` / `--format csaf-2.0` per detected playbook; CLOCK_STARTED → CSAF advisory), pending jurisdiction obligations grouped by `clock_start_event`, deduped session warnings, framework-gap rollup.
+Pass `--json` (compact) or `--pretty` (indented) to reach the structured envelope when automating. Setting `EXCEPTD_RAW_JSON=1` in the environment has the same effect.
 ## Invoking a skill from your AI assistant
 Once your assistant has loaded `AGENTS.md`, type a trigger phrase or skill name:

package/bin/exceptd.js CHANGED Viewed

@@ -3222,6 +3222,22 @@ function cmdRun(runner, args, runOpts, pretty) {
         lines.push(`> drift vs prior: no prior attestation found for ${dfl.playbook_id || obj.playbook_id} — this run becomes the baseline`);
       }
     }
+    // --upstream-check fired a network call; surface the result so the
+    // operator who asked "am I current?" gets a one-line answer at the
+    // terminal without grepping the JSON envelope.
+    if (obj.upstream_check) {
+      const u = obj.upstream_check;
+      if (u.same) {
+        lines.push(`> upstream check: local v${u.local_version} == published v${u.latest_version} (current)`);
+      } else if (u.behind) {
+        const days = u.days_since_latest_publish != null ? `${u.days_since_latest_publish}d behind` : "behind";
+        lines.push(`> upstream check: local v${u.local_version} BEHIND published v${u.latest_version} (${days}) — run \`npm install -g @blamejs/exceptd-skills@latest\``);
+      } else if (u.ahead) {
+        lines.push(`> upstream check: local v${u.local_version} ahead of published v${u.latest_version} (unreleased / dev install)`);
+      } else if (!u.ok) {
+        lines.push(`> upstream check: skipped (${u.reason || u.hint || "registry unreachable"})`);
+      }
+    }
     const cves = obj.phases?.analyze?.matched_cves || [];
     const baseline = obj.phases?.analyze?.catalog_baseline_cves || [];
     if (cves.length) {
@@ -6091,6 +6107,22 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       lines.push(`  [!!] attestation signing: private key MISSING (.keys/private.pem) — run \`exceptd doctor --fix\` to enable`);
     }
   }
+  if (checks.ai_config) {
+    const c = checks.ai_config;
+    const findings = Array.isArray(c.findings) ? c.findings : [];
+    const icon = findings.length === 0 ? "[ok]" : "[!!]";
+    const dirCount = c.scanned_dirs ?? 0;
+    const fileCount = c.scanned_files ?? 0;
+    lines.push(`  ${icon} AI-assistant config audit: scanned ${fileCount} file(s) across ${dirCount} dir(s) of ${(c.directories_inspected || []).length} candidate root(s); ${findings.length} finding(s)`);
+    if (c.platform === "win32" && findings.length === 0 && fileCount > 0) {
+      lines.push(`       (on Windows, POSIX mode bits are not load-bearing — manual ACL review noted for any sensitive files found)`);
+    }
+    for (const f of findings.slice(0, 5)) {
+      const sev = f.severity === "error" ? "[!!]" : f.severity === "warn" ? "[warn]" : "[info]";
+      lines.push(`       ${sev} ${f.path || "?"}: ${f.reason || f.note || "(no detail)"}`);
+    }
+    if (findings.length > 5) lines.push(`       … and ${findings.length - 5} more (use --json for full list)`);
+  }
   lines.push("");
   if (allGreen) {
     lines.push(`summary: all checks green`);

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-20T19:54:55.712Z",
+  "generated_at": "2026-05-20T20:45:51.276Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "b15c857c287c5d32b0abcd5ccb0ed14738bb5367aa4088d1052f6230e1c6d009",
+    "manifest.json": "7fd55bae58a680322553f9c0c646c6a0a5308e306053d8116512582a14f47cf7",
     "data/atlas-ttps.json": "d296c1d3e71807c9279b731f047e57796e85137f186586743a8cdad214b408f9",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.30",
+  "version": "0.13.32",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-20T19:54:06.164Z",
+      "signed_at": "2026-05-20T20:45:00.467Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
-      "signed_at": "2026-05-20T19:54:06.166Z",
+      "signed_at": "2026-05-20T20:45:00.468Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
-      "signed_at": "2026-05-20T19:54:06.167Z",
+      "signed_at": "2026-05-20T20:45:00.469Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "RYOxeq/o3uTwTWq4H7RcdH2Aclg9UyCERfUH9Frwkzncsowg7LgxpaEDc3swTCv73HMEGbU8wVbXguZ4JxHUCQ==",
-      "signed_at": "2026-05-20T19:54:06.168Z"
+      "signed_at": "2026-05-20T20:45:00.469Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DneJCPKCPcoe6nQ82XptqSqNfSRdt1orKaO+o7K36YCciDrzwJb+1BuBLusPDtpcdDaGY0y0e+AqiTYJklhBAQ==",
-      "signed_at": "2026-05-20T19:54:06.168Z"
+      "signed_at": "2026-05-20T20:45:00.469Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-20T19:54:06.169Z"
+      "signed_at": "2026-05-20T20:45:00.470Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XgrzcA2brPhXrSTxrcLnJec0OpgGYJBoSTUlJ10UdePHffxqb9LTVGnfbmEk1ykQifXREZexui2bG7X/+eFfCQ==",
-      "signed_at": "2026-05-20T19:54:06.170Z",
+      "signed_at": "2026-05-20T20:45:00.470Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
-      "signed_at": "2026-05-20T19:54:06.170Z",
+      "signed_at": "2026-05-20T20:45:00.471Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ciqhVloMWWXEigPZvvwoV2c54tEqsDqsoc+sS/mNTFFJk2H+tz2+XUrgfEPRuYw0FeyNB6/+27pL2NpKHzUqAg==",
-      "signed_at": "2026-05-20T19:54:06.171Z",
+      "signed_at": "2026-05-20T20:45:00.471Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-20T19:54:06.171Z"
+      "signed_at": "2026-05-20T20:45:00.472Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-20T19:54:06.172Z"
+      "signed_at": "2026-05-20T20:45:00.472Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-20T19:54:06.172Z"
+      "signed_at": "2026-05-20T20:45:00.472Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-20T19:54:06.173Z",
+      "signed_at": "2026-05-20T20:45:00.473Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "MS35nWm8djfJGn4OOoT0JKJ2aO+Dkbb6wOOWJYvNZlRKT3UGA59o2gxg1JOnD20hb/RwxtkmCujhl2tuYSR+AQ==",
-      "signed_at": "2026-05-20T19:54:06.173Z"
+      "signed_at": "2026-05-20T20:45:00.473Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-20T19:54:06.173Z",
+      "signed_at": "2026-05-20T20:45:00.473Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-20T19:54:06.174Z"
+      "signed_at": "2026-05-20T20:45:00.473Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "7eEwCXFd9pDKUw7yCUbRJSjfzozE44dwwwemCQUPm8JBPztLltibD9bL/RszSbYyCrYJmVb5Drncz2cGe62gCw==",
-      "signed_at": "2026-05-20T19:54:06.174Z"
+      "signed_at": "2026-05-20T20:45:00.474Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-20T19:54:06.175Z"
+      "signed_at": "2026-05-20T20:45:00.474Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
-      "signed_at": "2026-05-20T19:54:06.175Z"
+      "signed_at": "2026-05-20T20:45:00.474Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-20T19:54:06.176Z"
+      "signed_at": "2026-05-20T20:45:00.475Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-20T19:54:06.176Z"
+      "signed_at": "2026-05-20T20:45:00.475Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-20T19:54:06.177Z"
+      "signed_at": "2026-05-20T20:45:00.475Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-20T19:54:06.177Z"
+      "signed_at": "2026-05-20T20:45:00.476Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-20T19:54:06.178Z"
+      "signed_at": "2026-05-20T20:45:00.476Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-20T19:54:06.178Z"
+      "signed_at": "2026-05-20T20:45:00.476Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-20T19:54:06.179Z"
+      "signed_at": "2026-05-20T20:45:00.477Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-20T19:54:06.179Z"
+      "signed_at": "2026-05-20T20:45:00.477Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-20T19:54:06.180Z"
+      "signed_at": "2026-05-20T20:45:00.478Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-20T19:54:06.180Z"
+      "signed_at": "2026-05-20T20:45:00.478Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-20T19:54:06.181Z"
+      "signed_at": "2026-05-20T20:45:00.478Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-20T19:54:06.182Z"
+      "signed_at": "2026-05-20T20:45:00.479Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-20T19:54:06.182Z"
+      "signed_at": "2026-05-20T20:45:00.479Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-20T19:54:06.182Z"
+      "signed_at": "2026-05-20T20:45:00.479Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-20T19:54:06.183Z"
+      "signed_at": "2026-05-20T20:45:00.480Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-20T19:54:06.183Z"
+      "signed_at": "2026-05-20T20:45:00.480Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.6.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "BGNE6ZQWBA1LmsUFe8tU0L67iGDSrFqiuqaZD2f1KqfcyqqzQfMs9PWNHFzxxaJmXeKlm87eU8lgELF0bX+RBA==",
-      "signed_at": "2026-05-20T19:54:06.184Z"
+      "signed_at": "2026-05-20T20:45:00.480Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FkZQerh3VHVJAwIcCktDyMRh5KE2+Em/i0ek8zEz7JG/PXtQx8ujHWTh3VjZbOLhPNtdB2qxgXOIAYIofaVOAQ==",
-      "signed_at": "2026-05-20T19:54:06.184Z"
+      "signed_at": "2026-05-20T20:45:00.481Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n3UToNuN3A1HgLvcuqmIx8vrZY71+r/79waK92jG+rSX4uYOzkmxMUpROrE5K9bDwMezNBHdjWv8Uul6zugyDQ==",
-      "signed_at": "2026-05-20T19:54:06.185Z"
+      "signed_at": "2026-05-20T20:45:00.481Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-20T19:54:06.185Z"
+      "signed_at": "2026-05-20T20:45:00.481Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
-      "signed_at": "2026-05-20T19:54:06.186Z"
+      "signed_at": "2026-05-20T20:45:00.482Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-20T19:54:06.186Z"
+      "signed_at": "2026-05-20T20:45:00.482Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-20T19:54:06.187Z"
+      "signed_at": "2026-05-20T20:45:00.483Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "Uumgg4SSDOXHOOuVKpRqX3kuvX9B0QwPaU2O2NxeX0KB7zRyeDJv5/+5ODLJb/HFR/GwFLh8gD3PKXrFW3DsDw=="
+    "signature_base64": "xOESJ4dOCBiNTghZ5wc41vS2aoo7jDR+wMznFxwEXtR3VCBKe5EjceQGlrctXbOhFr8uFcJ/3ZqU5xuVuu7kAQ=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.30",
+  "version": "0.13.32",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:ea16864e-8428-4244-911a-670415cb1403",
+  "serialNumber": "urn:uuid:92091f39-8e14-49e8-a248-a318f189ecdb",
   "version": 1,
   "metadata": {
-    "timestamp": "2150-06-15T09:05:18.000Z",
+    "timestamp": "2103-08-23T07:22:33.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.30"
+        "version": "0.13.32"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.30",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.32",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.30",
+      "version": "0.13.32",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.30",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.32",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fd1b2c8102ad15132ef8ec2d93f61eb6155b482cc7a53bdb2cde22dc4eb79369"
+          "content": "7af435c5025366428f977f3803b8d8027fd968dcb1391a54953c66cd379a8372"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.30"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.32"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5102940170464b9fdf52dd2ce40e4fe05e89f3c6ea5ee1aeb8431684ac0e449b"
+          "content": "61d0b396e6151130b6ffea166cde468b7b5c3a9123e71b1cb57211ab1dcf3697"
         },
         {
           "alg": "SHA3-512",
-          "content": "0f748d9cbd88adcf144bf4735984daa7630ac831cd0827a2519c9b43435a644408c870795a1df6f3b48c0b82f6b61017cb8095d01d1272097a5b794d6d13fbb0"
+          "content": "22dc23fcb79f8fb57a777c6578d6587896ff81cc6337838eb2e745786619930fde4f7977a0d2988915d78855de962947cc9b2ed60259c6db2b51bef33dbc1cd7"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eeb0eb71c4da381f7e8de2584e5cd0a513a8e35f7b90ec329593a0fb6d738949"
+          "content": "31af6cab873ca74dab6f9f05b32054b2926911575f5ee88554474798f3aa0792"
         },
         {
           "alg": "SHA3-512",
-          "content": "33888420a5a55647832366efd487710d1d997ab104516a5f221980b519814fb1f8e232c6e17cc91fb70745e73387736e67b2dd42affa3505d4fb2f65ee243ff6"
+          "content": "6510ae240e80bcc21dd75ae4a1202ad88e9a8e29fd45b5b6d1d240a5f552689eb968c13399a6b3e77600ce4776f48f63876b787bd99703d9afe44e73c91567c4"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "13d64ca0e0152a27e1fc5896c1eff216d5492ba0ea0cfe7d5605c476c623cac3"
+          "content": "93e251ee250938f9ab22792a7a43b5ccc48589225bb0bcb087f8fd5623236036"
         },
         {
           "alg": "SHA3-512",
-          "content": "638baf0125d7cdf3bd7ef1aea012f35d4bb556ba90854039f17585721b5f1e1bef893133cbebc20ef4abb735966889aa69aa46c648abb5ac43d61b9ca22cb824"
+          "content": "0f805f5c7ae4f67fde44ffc09262a515477d25034ba3a4d16fd0d1bab87da44b9fa806d281a8ec6d0260df6f1ddef503fa0e83027a9f9253116c64826c0703b9"
         }
       ]
     },
@@ -1451,11 +1451,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b15c857c287c5d32b0abcd5ccb0ed14738bb5367aa4088d1052f6230e1c6d009"
+          "content": "7fd55bae58a680322553f9c0c646c6a0a5308e306053d8116512582a14f47cf7"
         },
         {
           "alg": "SHA3-512",
-          "content": "ce25c190f1caaa9d7c068ccfad9094a53c2cd976e3302134861a7b6d1973a952feefbd4be977a1f97dc3528cf99fff6298cba8f99bbd8373ef3ca66889396aa8"
+          "content": "4493d56d97940f9bae84a38fdc53da644babf1c694dcd6eec77103bbb81609b500aedd29b69ec5e50a8d1c49b139507c55a7e5f79e5a04a8a6b31318f68b2c27"
         }
       ]
     },