npm - @blamejs/exceptd-skills - Versions diffs - 0.13.40 → 0.13.42 - Mend

@blamejs/exceptd-skills 0.13.40 → 0.13.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/AGENTS.md +1 -1
package/CHANGELOG.md +16 -0
package/data/_indexes/_meta.json +2 -2
package/lib/collectors/ai-api.js +231 -0
package/lib/collectors/mcp.js +312 -0
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +44 -14

package/AGENTS.md CHANGED Viewed

@@ -372,7 +372,7 @@ This split costs every consumer the same translation work on every invocation. C
 exceptd collect secrets | exceptd run secrets --evidence -
 ```
-The collector library is small and grows as playbooks are touched. Nine reference collectors ship today (`lib/collectors/secrets.js`, `lib/collectors/kernel.js`, `lib/collectors/sbom.js`, `lib/collectors/containers.js`, `lib/collectors/library-author.js`, `lib/collectors/crypto-codebase.js`, `lib/collectors/cred-stores.js`, `lib/collectors/hardening.js`, `lib/collectors/runtime.js`); the rest are written when each playbook needs them. Until a playbook has a collector, the AI/operator owns evidence collection as before.
+The collector library is small and grows as playbooks are touched. Eleven reference collectors ship today (`lib/collectors/secrets.js`, `lib/collectors/kernel.js`, `lib/collectors/sbom.js`, `lib/collectors/containers.js`, `lib/collectors/library-author.js`, `lib/collectors/crypto-codebase.js`, `lib/collectors/cred-stores.js`, `lib/collectors/hardening.js`, `lib/collectors/runtime.js`, `lib/collectors/ai-api.js`, `lib/collectors/mcp.js`); the rest are written when each playbook needs them. Until a playbook has a collector, the AI/operator owns evidence collection as before.
 ### Precision target for new `look.artifacts[].source` strings

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 # Changelog
+## 0.13.42 — 2026-05-20
+Eleventh reference collector.
+### Features
+- **`lib/collectors/mcp.js`** — inspects MCP client configurations across Cursor (`~/.cursor/mcp.json`), Claude Code (`~/.config/claude/config.json`, `~/.claude/settings.json`), Windsurf (`~/.codeium/windsurf/mcp_config.json`), VS Code Copilot (`~/.config/Code/User/settings.json`, macOS / Windows variants, project-level `.vscode/settings.json`), and Gemini CLI (`~/.gemini/settings.json`). Flips four deterministic indicators: `mcp-version-without-integrity` (any `mcpServers.<name>.command` / `args` containing `@scope/pkg@X.Y.Z` or `pkg==X.Y.Z` without an `integrity` / `sha256` / `sri` sibling), `copilot-yolo-mode-flag` (`chat.tools.autoApprove: true` at user-global / workspace scope OR any per-server `autoApprove: true|"all"` in `chat.mcp.servers`), `mcp-response-ansi-escape` (any 0x1B byte in MCP tool-response logs under `~/.claude/logs/mcp/*.jsonl`, `~/.cursor/logs/mcp*.{jsonl,log}`, `~/.codeium/windsurf/logs/mcp*`), `mcp-response-unicode-tag-smuggling` (any codepoint in U+E0000..U+E007F in the same log scope). Defers `unsigned-mcp-manifest` (sigstore lookup), `vulnerable-windsurf-version` (install detection), `mcp-server-running-as-root` (ps + capabilities), `mcp-server-invoked-from-ci-pipeline` (process-tree env-var correlation) — out of stdlib scope.
+## 0.13.41 — 2026-05-20
+Tenth reference collector.
+### Features
+- **`lib/collectors/ai-api.js`** — scans shell rc files (`~/.bashrc`, `~/.bash_profile`, `~/.zshrc`, `~/.zprofile`, `~/.profile`, `~/.config/fish/config.fish`, `~/.config/fish/conf.d/*.fish`) and vendor dotfiles (`~/.openai`, `~/.anthropic`, `~/.config/anthropic`, `~/.config/openai`, `~/.gemini`, `~/.config/google-genai`, `~/.config/azure-openai`) for cleartext AI API key exports — OpenAI `sk-*`, Anthropic `sk-ant-*`, Azure OpenAI, Google / Gemini / Generative AI, HuggingFace `hf_*`, Cohere. Honours `export VAR=value`, `VAR=value`, and fish-style `set -gx VAR value` shapes. Reuses the cred-stores carrier inspection for `long-lived-aws-keys` (any AWS profile with `aws_access_key_id` and no `aws_session_token` sibling), `gcp-service-account-json` (`type: service_account` in ADC JSON), `kubeconfig-with-static-token` (`users[].user.token` non-null, not the `auth-provider.config.access-token` sub-key). Behavioral indicators (`ai-api-egress-from-unexpected-process`, `ai-api-anomalous-volume`, `ai-api-beaconing-cadence`, `base64-or-encoded-payload-in-prompts`) need ss / netstat / auditd / process-list correlation and stay unflipped — the runner returns inconclusive and operator-supplied evidence completes the verdict.
 ## 0.13.40 — 2026-05-20
 Ninth reference collector.

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-21T05:39:44.447Z",
+  "generated_at": "2026-05-21T06:35:42.111Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "4dad124024253fc34e1c7ef1cce0677e22243c219523b460e82f23a928ce0a20",
+    "manifest.json": "d470159ac93dcfafc3f9b99204379c92cfd81a384b2f5d7d7001f5ad1f26b6dc",
     "data/atlas-ttps.json": "d296c1d3e71807c9279b731f047e57796e85137f186586743a8cdad214b408f9",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",

package/lib/collectors/ai-api.js ADDED Viewed

@@ -0,0 +1,231 @@
+"use strict";
+/**
+ * lib/collectors/ai-api.js
+ *
+ * Companion collector for the `ai-api` playbook. Scans shell rc
+ * files for cleartext AI API key exports, plus the standard
+ * credential carriers (~/.aws, ~/.kube, ~/.config/gcloud) for
+ * long-lived credentials likely to authenticate against AI APIs.
+ *
+ * Non-deterministic indicators (ai-api-egress-from-unexpected-
+ * process, ai-api-anomalous-volume, ai-api-beaconing-cadence,
+ * base64-or-encoded-payload-in-prompts) require ss/netstat/auditd
+ * traces and process-list correlation that fall outside the
+ * stdlib-only collector contract. They stay unflipped — the runner
+ * returns inconclusive and operator-supplied evidence completes
+ * the verdict.
+ *
+ * Interface: see lib/collectors/README.md
+ */
+const fs = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+const COLLECTOR_ID = "ai-api";
+function readSafe(full, max = 256 * 1024) {
+  try {
+    const s = fs.statSync(full);
+    if (s.size > max) return null;
+    return fs.readFileSync(full, "utf8");
+  } catch { return null; }
+}
+function fileExists(full) {
+  try { return fs.statSync(full).isFile(); } catch { return false; }
+}
+// Cleartext AI-API-key export patterns. Matches the standard
+// `export VAR=value` and `VAR=value` shell shapes plus fish-style
+// `set -gx VAR value`.
+const AI_KEY_PATTERNS = [
+  { id: "openai",       re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?OPENAI_API_KEY\s*[= ]\s*['"]?sk-[A-Za-z0-9_-]{20,}/m },
+  { id: "anthropic",    re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?ANTHROPIC_API_KEY\s*[= ]\s*['"]?sk-ant-[A-Za-z0-9_-]{20,}/m },
+  { id: "azure",        re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?AZURE_OPENAI(?:_API)?_KEY\s*[= ]\s*['"]?[A-Za-z0-9]{20,}/m },
+  { id: "google",       re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?(?:GOOGLE_API_KEY|GOOGLE_GENAI_API_KEY|GEMINI_API_KEY)\s*[= ]\s*['"]?[A-Za-z0-9_-]{20,}/m },
+  { id: "huggingface",  re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?(?:HUGGINGFACE_TOKEN|HF_TOKEN)\s*[= ]\s*['"]?hf_[A-Za-z0-9]{20,}/m },
+  { id: "cohere",       re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?COHERE_API_KEY\s*[= ]\s*['"]?[A-Za-z0-9-]{30,}/m },
+];
+function scanShellRc(content) {
+  if (!content) return [];
+  const hits = [];
+  for (const p of AI_KEY_PATTERNS) {
+    if (p.re.test(content)) hits.push(p.id);
+  }
+  return hits;
+}
+function parseAwsCredentials(content) {
+  if (!content) return { staticProfiles: [] };
+  const lines = content.split(/\r?\n/);
+  const profiles = {};
+  let current = null;
+  for (const raw of lines) {
+    const line = raw.replace(/[#;].*$/, "").trim();
+    if (!line) continue;
+    const sec = line.match(/^\[([^\]]+)\]$/);
+    if (sec) { current = sec[1].trim(); profiles[current] = {}; continue; }
+    if (!current) continue;
+    const kv = line.match(/^([A-Za-z0-9_-]+)\s*=\s*(.*)$/);
+    if (!kv) continue;
+    profiles[current][kv[1].trim().toLowerCase()] = kv[2].trim();
+  }
+  const staticProfiles = [];
+  for (const [name, kv] of Object.entries(profiles)) {
+    // long-lived-aws-keys: aws_access_key_id present AND no
+    // aws_session_token sibling (STS temporary creds carry the
+    // session token; IAM-user long-lived keys do not).
+    if (kv["aws_access_key_id"] && !kv["aws_session_token"]) {
+      staticProfiles.push(name);
+    }
+  }
+  return { staticProfiles };
+}
+function parseGcloudAdc(content) {
+  if (!content) return { hasServiceAccount: false };
+  try {
+    const j = JSON.parse(content);
+    return { hasServiceAccount: j?.type === "service_account" };
+  } catch { return { hasServiceAccount: false }; }
+}
+function parseKubeStaticToken(content) {
+  if (!content) return false;
+  // Same shape as cred-stores: token under user:, not auth-provider.
+  const userKvRe = /^(\s+)(token|token-data)\s*:\s*(\S[^\n]*)/gm;
+  let staticFound = false;
+  for (const m of content.matchAll(userKvRe)) {
+    const upto = content.slice(0, m.index);
+    const lastUserAt = upto.lastIndexOf("\n  user:");
+    const lastAuthProviderAt = upto.lastIndexOf("auth-provider:");
+    if (lastAuthProviderAt > lastUserAt) continue;
+    const value = m[3];
+    if (!value || value.startsWith("null")) continue;
+    staticFound = true;
+    break;
+  }
+  return staticFound;
+}
+function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
+  const errors = [];
+  const startTime = Date.now();
+  const root = path.resolve(cwd);
+  const home = (env && env.HOME) || (env && env.USERPROFILE) || os.homedir();
+  // Shell rc + dotfile candidates.
+  const shellRcs = [
+    ".bashrc", ".bash_profile", ".zshrc", ".zprofile", ".profile",
+    path.join(".config", "fish", "config.fish"),
+  ].map(rel => path.join(home, rel));
+  // Glob fish/conf.d/*.
+  try {
+    const fishConfD = path.join(home, ".config", "fish", "conf.d");
+    for (const e of fs.readdirSync(fishConfD)) {
+      if (e.endsWith(".fish")) shellRcs.push(path.join(fishConfD, e));
+    }
+  } catch { /* fish not present */ }
+  const dotfileKeys = [
+    ".openai", ".anthropic",
+    path.join(".config", "anthropic"), path.join(".config", "openai"),
+    ".gemini",
+    path.join(".config", "google-genai"),
+    path.join(".config", "azure-openai"),
+  ].map(rel => path.join(home, rel));
+  const allKeyCarriers = [...shellRcs, ...dotfileKeys];
+  const cleartextHitsByFile = {};
+  for (const p of allKeyCarriers) {
+    if (!fileExists(p)) continue;
+    const c = readSafe(p);
+    if (c == null) continue;
+    const hits = scanShellRc(c);
+    if (hits.length > 0) {
+      cleartextHitsByFile[path.relative(home, p)] = hits;
+    }
+  }
+  const cleartextAnyHit = Object.keys(cleartextHitsByFile).length > 0;
+  // AWS / GCP / kube reuse.
+  const awsCredsPath = path.join(home, ".aws", "credentials");
+  const awsCredsContent = fileExists(awsCredsPath) ? readSafe(awsCredsPath) : null;
+  const awsParsed = parseAwsCredentials(awsCredsContent);
+  const longLivedAws = awsParsed.staticProfiles.length > 0;
+  const gcloudAdcPath = path.join(home, ".config", "gcloud", "application_default_credentials.json");
+  const gcloudContent = fileExists(gcloudAdcPath) ? readSafe(gcloudAdcPath) : null;
+  const gcloudParsed = parseGcloudAdc(gcloudContent);
+  const kubeCfgPath = (env && env.KUBECONFIG) || path.join(home, ".kube", "config");
+  const kubeContent = fileExists(kubeCfgPath) ? readSafe(kubeCfgPath) : null;
+  const kubeStaticToken = parseKubeStaticToken(kubeContent);
+  const signal_overrides = {
+    "cleartext-api-key-in-dotfile": cleartextAnyHit ? "hit" : "miss",
+    "long-lived-aws-keys": longLivedAws ? "hit" : "miss",
+    "gcp-service-account-json": gcloudParsed.hasServiceAccount ? "hit" : "miss",
+    "kubeconfig-with-static-token": kubeStaticToken ? "hit" : "miss",
+  };
+  const artifacts = {
+    "shell-rc-files": {
+      value: cleartextAnyHit
+        ? Object.entries(cleartextHitsByFile).map(([f, ids]) => `${f}: ${ids.join(",")}`).join("; ")
+        : `scanned ${shellRcs.length} shell rc + ${dotfileKeys.length} dotfile path(s); no cleartext AI API key exports`,
+      captured: true,
+    },
+    "dotfile-api-keys": {
+      value: dotfileKeys.filter(p => fileExists(p)).map(p => path.relative(home, p)).join(", ") || "no AI vendor dotfile carriers found at the canonical paths",
+      captured: true,
+    },
+    "aws-credentials": awsCredsContent
+      ? { value: `${awsParsed.staticProfiles.length} long-lived profile(s): ${awsParsed.staticProfiles.join(", ") || "none"}`, captured: true }
+      : { value: "~/.aws/credentials absent", captured: true },
+    "gcp-credentials": gcloudContent
+      ? { value: `application_default_credentials.json present; service_account=${gcloudParsed.hasServiceAccount}`, captured: true }
+      : { value: "no gcloud ADC at the canonical path", captured: true, reason: "credentials.db / legacy_credentials/*/adc.json inspection deferred (no stdlib SQLite reader)" },
+    "kube-config": kubeContent
+      ? { value: `kubeconfig present; static_token=${kubeStaticToken}`, captured: true }
+      : { value: "no kubeconfig at the canonical path", captured: true },
+    "ai-sdk-inventory": {
+      value: "skipped — npm/pip global listing deferred to operator/AI evidence",
+      captured: false,
+      reason: "spawning npm ls / pip list out of stdlib collector contract; operator should run those and submit as evidence",
+    },
+    "ai-api-egress-baseline": {
+      value: "skipped — ss/netstat capture deferred to operator/AI evidence",
+      captured: false,
+      reason: "live socket / process correlation needs ss / netstat / auditd traces; operator-supplied evidence completes the verdict",
+    },
+    "process-list": {
+      value: "skipped — ps -ef capture deferred to operator/AI evidence",
+      captured: false,
+      reason: "process-list correlation tied to network egress + behavioral signals out of stdlib collector scope",
+    },
+  };
+  return {
+    precondition_checks: {
+      "home-dir-readable": fs.existsSync(home),
+    },
+    artifacts,
+    signal_overrides,
+    collector_meta: {
+      collector_id: COLLECTOR_ID,
+      collector_version: "2026-05-20",
+      platform: process.platform,
+      captured_at: new Date().toISOString(),
+      cwd: root,
+      home,
+      duration_ms: Date.now() - startTime,
+    },
+    collector_errors: errors,
+  };
+}
+module.exports = { playbook_id: COLLECTOR_ID, collect };

package/lib/collectors/mcp.js ADDED Viewed

@@ -0,0 +1,312 @@
+"use strict";
+/**
+ * lib/collectors/mcp.js
+ *
+ * Companion collector for the `mcp` playbook. Reads MCP client
+ * config files (Cursor, Claude Code, Windsurf, VS Code Copilot,
+ * Gemini CLI) and tool-response logs, flipping deterministic
+ * indicators related to:
+ *   - mcp-version-without-integrity (pinned version without
+ *     sha256 / sri-integrity sibling)
+ *   - copilot-yolo-mode-flag (chat.tools.autoApprove true)
+ *   - mcp-response-ansi-escape (0x1B in tool response)
+ *   - mcp-response-unicode-tag-smuggling (U+E0000..U+E007F)
+ *
+ * Defers:
+ *   - unsigned-mcp-manifest (needs npm/pip package directory walk
+ *     + sigstore lookup; out of stdlib scope)
+ *   - vulnerable-windsurf-version (needs Windsurf install detection)
+ *   - mcp-server-running-as-root (needs ps + capabilities)
+ *   - mcp-server-invoked-from-ci-pipeline (needs process-tree
+ *     env-var inspection)
+ *
+ * Interface: see lib/collectors/README.md
+ */
+const fs = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+const COLLECTOR_ID = "mcp";
+function readSafe(full, max = 1024 * 1024) {
+  try {
+    const s = fs.statSync(full);
+    if (s.size > max) return null;
+    return fs.readFileSync(full, "utf8");
+  } catch { return null; }
+}
+function readJson(full) {
+  const c = readSafe(full);
+  if (c == null) return null;
+  try { return JSON.parse(c); } catch { return null; }
+}
+function fileExists(full) {
+  try { return fs.statSync(full).isFile(); } catch { return false; }
+}
+// Per-vendor config locations. We try each and capture which were
+// present so the artifact field tells the operator what scope the
+// collector actually exercised.
+function vendorConfigPaths(home) {
+  return {
+    cursor: [path.join(home, ".cursor", "mcp.json")],
+    "claude-code": [
+      path.join(home, ".config", "claude", "config.json"),
+      path.join(home, ".claude", "settings.json"),
+    ],
+    windsurf: [path.join(home, ".codeium", "windsurf", "mcp_config.json")],
+    "vscode-copilot": [
+      // user-global locations
+      path.join(home, ".config", "Code", "User", "settings.json"),
+      path.join(home, "Library", "Application Support", "Code", "User", "settings.json"),
+      path.join(home, "AppData", "Roaming", "Code", "User", "settings.json"),
+      path.join(home, ".vscode", "settings.json"),
+    ],
+    gemini: [path.join(home, ".gemini", "settings.json")],
+  };
+}
+// Walk mcpServers entries across vendor config shapes. Returns
+// [{ vendor, file, name, command, args }].
+function collectMcpServers(configsByVendor) {
+  const out = [];
+  for (const [vendor, files] of Object.entries(configsByVendor)) {
+    for (const f of files) {
+      const j = readJson(f);
+      if (!j) continue;
+      // Cursor / Claude Code / Windsurf: { mcpServers: { <name>: {...} } }
+      // VS Code Copilot: { chat: { mcp: { servers: { <name>: {...} } } } }
+      // Gemini: { mcpServers: { <name>: {...} } }
+      const containers = [
+        j.mcpServers,
+        j["chat.mcp.servers"],
+        j?.chat?.mcp?.servers,
+      ].filter(c => c && typeof c === "object");
+      for (const c of containers) {
+        for (const [name, entry] of Object.entries(c)) {
+          if (!entry || typeof entry !== "object") continue;
+          out.push({
+            vendor, file: f, name,
+            command: entry.command,
+            args: Array.isArray(entry.args) ? entry.args : [],
+            integrity: entry.integrity || entry.sha256 || entry.sri || null,
+          });
+        }
+      }
+    }
+  }
+  return out;
+}
+// A pinned version is the @1.2.3 / @v1.2.3 / =1.2.3 trailer on a
+// package spec in args[] or command. We look for shapes that
+// downstream operators care about: `npx -y @vendor/pkg@1.2.3`,
+// `uvx pkg==1.2.3`, `pip install pkg==1.2.3`, etc.
+function isPinnedNoIntegrity(server) {
+  if (server.integrity) return false;
+  const tokens = [server.command, ...server.args].filter(Boolean);
+  for (const tok of tokens) {
+    if (typeof tok !== "string") continue;
+    // npm package@version (excluding scope name@version)
+    if (/@[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+@\d+\.\d+\.\d+\b/.test(tok)) return true;
+    if (/\bpip\s+install\b/.test(tok)) continue;
+    if (/==\d+\.\d+\.\d+/.test(tok)) return true;
+  }
+  return false;
+}
+// VS Code yolo-mode flag: chat.tools.autoApprove === true OR any
+// per-tool autoApprove === true.
+function hasYoloMode(j) {
+  if (!j || typeof j !== "object") return false;
+  if (j["chat.tools.autoApprove"] === true) return true;
+  if (j?.chat?.tools?.autoApprove === true) return true;
+  // Per-server autoApprove flags in chat.mcp.servers.<name>.autoApprove
+  const servers = j["chat.mcp.servers"] || j?.chat?.mcp?.servers;
+  if (servers && typeof servers === "object") {
+    for (const e of Object.values(servers)) {
+      if (e && (e.autoApprove === true || e.autoApprove === "all")) return true;
+    }
+  }
+  return false;
+}
+// ANSI escape: any 0x1B byte in tool response content.
+function hasAnsiEscape(content) {
+  return content.indexOf("\x1b") !== -1;
+}
+// Unicode tag smuggling: codepoints in U+E0000..U+E007F. These are
+// invisible in normal renders but carry instruction-coercion
+// payloads through MCP responses.
+function hasUnicodeTagSmuggling(content) {
+  for (let i = 0; i < content.length; i++) {
+    const code = content.codePointAt(i);
+    if (code >= 0xE0000 && code <= 0xE007F) return true;
+    // Surrogate pair — skip the low surrogate slot.
+    if (code > 0xFFFF) i++;
+  }
+  return false;
+}
+function findMcpLogs(home) {
+  // Candidate log directories per vendor. Caller scans each for
+  // *.jsonl / *.log files. Directories like ~/.claude/logs/mcp/ are
+  // already MCP-scoped by path; we accept every log file inside.
+  // Generic log directories (~/.cursor/logs/) are filtered to
+  // filenames containing "mcp".
+  const dirs = [
+    { path: path.join(home, ".claude", "logs", "mcp"), filterByName: false },
+    { path: path.join(home, ".cursor", "logs"), filterByName: true },
+    { path: path.join(home, ".codeium", "windsurf", "logs"), filterByName: true },
+  ];
+  const out = [];
+  for (const { path: d, filterByName } of dirs) {
+    let entries;
+    try { entries = fs.readdirSync(d, { withFileTypes: true }); } catch { continue; }
+    for (const e of entries) {
+      if (!e.isFile()) continue;
+      if (!/\.(jsonl|log)$/i.test(e.name)) continue;
+      if (filterByName && !/mcp/i.test(e.name)) continue;
+      out.push(path.join(d, e.name));
+    }
+  }
+  return out;
+}
+function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
+  const errors = [];
+  const startTime = Date.now();
+  const root = path.resolve(cwd);
+  const home = (env && env.HOME) || (env && env.USERPROFILE) || os.homedir();
+  // Vendor MCP configs.
+  const configsByVendor = vendorConfigPaths(home);
+  const servers = collectMcpServers(configsByVendor);
+  const pinnedNoIntegrity = servers.filter(isPinnedNoIntegrity);
+  // VS Code yolo-mode across the candidate VS Code settings files.
+  let yoloHit = false;
+  let yoloFile = null;
+  for (const f of configsByVendor["vscode-copilot"]) {
+    const j = readJson(f);
+    if (j && hasYoloMode(j)) { yoloHit = true; yoloFile = f; break; }
+  }
+  // Project-level .vscode/settings.json under cwd
+  if (!yoloHit) {
+    const projVsc = path.join(root, ".vscode", "settings.json");
+    const j = readJson(projVsc);
+    if (j && hasYoloMode(j)) { yoloHit = true; yoloFile = projVsc; }
+  }
+  // MCP response log scan for ANSI / unicode-tag smuggling.
+  const logFiles = findMcpLogs(home);
+  let ansiHit = false;
+  let unicodeTagHit = false;
+  let ansiSourceFile = null;
+  let unicodeTagSourceFile = null;
+  let logBytesScanned = 0;
+  for (const f of logFiles) {
+    const c = readSafe(f, 4 * 1024 * 1024);
+    if (c == null) continue;
+    logBytesScanned += c.length;
+    if (!ansiHit && hasAnsiEscape(c)) { ansiHit = true; ansiSourceFile = f; }
+    if (!unicodeTagHit && hasUnicodeTagSmuggling(c)) {
+      unicodeTagHit = true; unicodeTagSourceFile = f;
+    }
+    if (ansiHit && unicodeTagHit) break;
+  }
+  const logsScanned = logFiles.length > 0;
+  const signal_overrides = {
+    "mcp-version-without-integrity": pinnedNoIntegrity.length > 0 ? "hit" : "miss",
+    "copilot-yolo-mode-flag": yoloHit ? "hit" : "miss",
+  };
+  // ANSI / unicode-tag indicators: only emit when we actually
+  // scanned at least one log file. If no logs exist, leave the
+  // indicators unflipped (the operator may not have enabled MCP
+  // logging — the runner returns inconclusive).
+  if (logsScanned) {
+    signal_overrides["mcp-response-ansi-escape"] = ansiHit ? "hit" : "miss";
+    signal_overrides["mcp-response-unicode-tag-smuggling"] = unicodeTagHit ? "hit" : "miss";
+  }
+  const artifacts = {
+    "cursor-mcp-config": {
+      value: fileExists(configsByVendor.cursor[0])
+        ? `${configsByVendor.cursor[0]} present`
+        : "absent",
+      captured: true,
+    },
+    "claude-code-mcp-config": {
+      value: configsByVendor["claude-code"].filter(fileExists).join(", ") || "absent",
+      captured: true,
+    },
+    "windsurf-mcp-config": {
+      value: fileExists(configsByVendor.windsurf[0]) ? "present" : "absent",
+      captured: true,
+    },
+    "vscode-copilot-mcp-config": {
+      value: configsByVendor["vscode-copilot"].filter(fileExists).map(f => path.relative(home, f)).join(", ") || "absent",
+      captured: true,
+    },
+    "gemini-cli-mcp-config": {
+      value: fileExists(configsByVendor.gemini[0]) ? "present" : "absent",
+      captured: true,
+    },
+    "mcp-server-inventory": {
+      value: `${servers.length} server(s) across ${new Set(servers.map(s => s.vendor)).size} vendor(s); ${pinnedNoIntegrity.length} pinned without integrity`,
+      captured: true,
+    },
+    "vscode-copilot-yolo-mode": {
+      value: yoloHit ? `chat.tools.autoApprove flag set in ${path.relative(home, yoloFile || "")}` : "scanned VS Code settings; auto-approve flag not set",
+      captured: true,
+    },
+    "mcp-tool-response-log": {
+      value: logsScanned
+        ? `${logFiles.length} log file(s), ${logBytesScanned} byte(s) scanned; ansi_hit=${ansiHit} (${ansiSourceFile ? path.relative(home, ansiSourceFile) : ""}); unicode_tag_hit=${unicodeTagHit} (${unicodeTagSourceFile ? path.relative(home, unicodeTagSourceFile) : ""})`
+        : "no MCP log files found at the canonical paths",
+      captured: logsScanned,
+      reason: logsScanned ? undefined : "MCP client logging may be disabled; ansi-escape / unicode-tag indicators left unflipped (inconclusive)",
+    },
+    "mcp-process-list": {
+      value: "skipped — process-list capture deferred to operator/AI evidence",
+      captured: false,
+      reason: "mcp-server-running-as-root / mcp-server-invoked-from-ci-pipeline need ps + env-var inspection that's out of stdlib scope",
+    },
+    "mcp-manifest-signatures": {
+      value: "skipped — sigstore lookup deferred to operator/AI evidence",
+      captured: false,
+      reason: "unsigned-mcp-manifest needs package-directory + sigstore-rekor / in-toto attestation lookup that's out of stdlib scope",
+    },
+  };
+  return {
+    precondition_checks: {
+      "home-dir-readable": fs.existsSync(home),
+    },
+    artifacts,
+    signal_overrides,
+    collector_meta: {
+      collector_id: COLLECTOR_ID,
+      collector_version: "2026-05-20",
+      platform: process.platform,
+      captured_at: new Date().toISOString(),
+      cwd: root,
+      home,
+      duration_ms: Date.now() - startTime,
+      vendors_with_config: Object.entries(configsByVendor)
+        .filter(([_, files]) => files.some(fileExists))
+        .map(([v]) => v),
+      servers_found: servers.length,
+      logs_scanned: logFiles.length,
+    },
+    collector_errors: errors,
+  };
+}
+module.exports = { playbook_id: COLLECTOR_ID, collect };

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.40",
+  "version": "0.13.42",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-21T05:38:53.468Z",
+      "signed_at": "2026-05-21T06:34:52.087Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
-      "signed_at": "2026-05-21T05:38:53.470Z",
+      "signed_at": "2026-05-21T06:34:52.089Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
-      "signed_at": "2026-05-21T05:38:53.470Z",
+      "signed_at": "2026-05-21T06:34:52.089Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "RYOxeq/o3uTwTWq4H7RcdH2Aclg9UyCERfUH9Frwkzncsowg7LgxpaEDc3swTCv73HMEGbU8wVbXguZ4JxHUCQ==",
-      "signed_at": "2026-05-21T05:38:53.471Z"
+      "signed_at": "2026-05-21T06:34:52.089Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DneJCPKCPcoe6nQ82XptqSqNfSRdt1orKaO+o7K36YCciDrzwJb+1BuBLusPDtpcdDaGY0y0e+AqiTYJklhBAQ==",
-      "signed_at": "2026-05-21T05:38:53.471Z"
+      "signed_at": "2026-05-21T06:34:52.090Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-21T05:38:53.472Z"
+      "signed_at": "2026-05-21T06:34:52.090Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XgrzcA2brPhXrSTxrcLnJec0OpgGYJBoSTUlJ10UdePHffxqb9LTVGnfbmEk1ykQifXREZexui2bG7X/+eFfCQ==",
-      "signed_at": "2026-05-21T05:38:53.472Z",
+      "signed_at": "2026-05-21T06:34:52.091Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
-      "signed_at": "2026-05-21T05:38:53.473Z",
+      "signed_at": "2026-05-21T06:34:52.091Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ciqhVloMWWXEigPZvvwoV2c54tEqsDqsoc+sS/mNTFFJk2H+tz2+XUrgfEPRuYw0FeyNB6/+27pL2NpKHzUqAg==",
-      "signed_at": "2026-05-21T05:38:53.473Z",
+      "signed_at": "2026-05-21T06:34:52.091Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-21T05:38:53.473Z"
+      "signed_at": "2026-05-21T06:34:52.092Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-21T05:38:53.474Z"
+      "signed_at": "2026-05-21T06:34:52.092Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-21T05:38:53.474Z"
+      "signed_at": "2026-05-21T06:34:52.092Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-21T05:38:53.474Z",
+      "signed_at": "2026-05-21T06:34:52.093Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "MS35nWm8djfJGn4OOoT0JKJ2aO+Dkbb6wOOWJYvNZlRKT3UGA59o2gxg1JOnD20hb/RwxtkmCujhl2tuYSR+AQ==",
-      "signed_at": "2026-05-21T05:38:53.475Z"
+      "signed_at": "2026-05-21T06:34:52.093Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-21T05:38:53.475Z",
+      "signed_at": "2026-05-21T06:34:52.093Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-21T05:38:53.475Z"
+      "signed_at": "2026-05-21T06:34:52.094Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "7eEwCXFd9pDKUw7yCUbRJSjfzozE44dwwwemCQUPm8JBPztLltibD9bL/RszSbYyCrYJmVb5Drncz2cGe62gCw==",
-      "signed_at": "2026-05-21T05:38:53.475Z"
+      "signed_at": "2026-05-21T06:34:52.094Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-21T05:38:53.476Z"
+      "signed_at": "2026-05-21T06:34:52.094Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
-      "signed_at": "2026-05-21T05:38:53.476Z"
+      "signed_at": "2026-05-21T06:34:52.095Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-21T05:38:53.476Z"
+      "signed_at": "2026-05-21T06:34:52.095Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-21T05:38:53.477Z"
+      "signed_at": "2026-05-21T06:34:52.095Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-21T05:38:53.477Z"
+      "signed_at": "2026-05-21T06:34:52.096Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-21T05:38:53.477Z"
+      "signed_at": "2026-05-21T06:34:52.096Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-21T05:38:53.478Z"
+      "signed_at": "2026-05-21T06:34:52.096Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-21T05:38:53.478Z"
+      "signed_at": "2026-05-21T06:34:52.097Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-21T05:38:53.478Z"
+      "signed_at": "2026-05-21T06:34:52.097Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-21T05:38:53.478Z"
+      "signed_at": "2026-05-21T06:34:52.097Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-21T05:38:53.479Z"
+      "signed_at": "2026-05-21T06:34:52.098Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-21T05:38:53.479Z"
+      "signed_at": "2026-05-21T06:34:52.098Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-21T05:38:53.480Z"
+      "signed_at": "2026-05-21T06:34:52.098Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-21T05:38:53.480Z"
+      "signed_at": "2026-05-21T06:34:52.099Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-21T05:38:53.481Z"
+      "signed_at": "2026-05-21T06:34:52.099Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-21T05:38:53.481Z"
+      "signed_at": "2026-05-21T06:34:52.099Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-21T05:38:53.481Z"
+      "signed_at": "2026-05-21T06:34:52.100Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-21T05:38:53.481Z"
+      "signed_at": "2026-05-21T06:34:52.100Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.6.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "BGNE6ZQWBA1LmsUFe8tU0L67iGDSrFqiuqaZD2f1KqfcyqqzQfMs9PWNHFzxxaJmXeKlm87eU8lgELF0bX+RBA==",
-      "signed_at": "2026-05-21T05:38:53.482Z"
+      "signed_at": "2026-05-21T06:34:52.100Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FkZQerh3VHVJAwIcCktDyMRh5KE2+Em/i0ek8zEz7JG/PXtQx8ujHWTh3VjZbOLhPNtdB2qxgXOIAYIofaVOAQ==",
-      "signed_at": "2026-05-21T05:38:53.482Z"
+      "signed_at": "2026-05-21T06:34:52.101Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n3UToNuN3A1HgLvcuqmIx8vrZY71+r/79waK92jG+rSX4uYOzkmxMUpROrE5K9bDwMezNBHdjWv8Uul6zugyDQ==",
-      "signed_at": "2026-05-21T05:38:53.482Z"
+      "signed_at": "2026-05-21T06:34:52.101Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-21T05:38:53.483Z"
+      "signed_at": "2026-05-21T06:34:52.101Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
-      "signed_at": "2026-05-21T05:38:53.483Z"
+      "signed_at": "2026-05-21T06:34:52.102Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-21T05:38:53.484Z"
+      "signed_at": "2026-05-21T06:34:52.102Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-21T05:38:53.484Z"
+      "signed_at": "2026-05-21T06:34:52.103Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "1mSXY7/bnDmchEZF/0Jdss7tHBYuskd/T+QKJhEacUcW5ljgB5szs3z8ntR26a+6FHiZkumBjGvLf5eOEE6TBQ=="
+    "signature_base64": "jNlZrTaAHpeF6HpmX/V6wTfgNLPxvbWpW+bppWgbpUaddiVHgr/n0O6rjUIjauFc1rYBDkLg19H5zzWDrnmXBg=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.40",
+  "version": "0.13.42",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:0bd03e0f-8de6-4b53-a14d-2d953484c845",
+  "serialNumber": "urn:uuid:d003ce1d-8abb-4094-adee-aefc8aa89e60",
   "version": 1,
   "metadata": {
-    "timestamp": "2032-04-12T22:39:11.000Z",
+    "timestamp": "2136-08-04T11:31:41.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.40"
+        "version": "0.13.42"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.40",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.42",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.40",
+      "version": "0.13.42",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.40",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.42",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2b49e07a531b3c9bb51361b84dac3fb9fede0d1572627b77a10a3c93605052b0"
+          "content": "9bc2049db9f6afa215d9c6625fd34d17915a4c518ecc31e24f97152387a14824"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.40"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.42"
         },
         {
           "type": "vcs",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8911f20b0f7409dea94f84bc3a809e1275afb433d92a2f587be9ec9c8a38c3bf"
+          "content": "3616afde6ccd9b8e691be5b8a192ec7b20d2269eb9ac4223c1379c246400a55d"
         },
         {
           "alg": "SHA3-512",
-          "content": "ad0978dc3f30facc785c57314e792ceafa5c56fe82604eb850c4fc9da3213321c39455f712571dc9cdfd155815ce0f80831ab6048006eecfdb1a52b30602be1f"
+          "content": "677489b807f10aa29a5078449fc302fe8ab29e01e2517eb85e666b4778c624a51bfa15af61051db78e00a1850b1ff156db1a820c43a347564a6fb34c6702880c"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5f0a98a0c98e7f58fad2ae6e978cbcd72c4f99b6659ed0c940f4e99f6cf46ffd"
+          "content": "ec88cea99c103bb83adde112d90d0f92635e6da6bf2b513e2564fd1eb8a3eac3"
         },
         {
           "alg": "SHA3-512",
-          "content": "8e1186081ae33ac87f285751bea486be304767cadd9dc883012bc2ff9974115f6c7b1d1a326f8b06b2dac3da4c8888c63f7cbdcf9fc3f7b498324982e7a931f2"
+          "content": "5fc0bcb9c1a6e540667fdadfc5317914929cb0ace5c7e28bee21bf7b96f0a8d6a808a682ade91be6a28678513490f7b71534157b71a60c0624cdcb4ce8681d37"
         }
       ]
     },
@@ -874,6 +874,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:lib/collectors/ai-api.js",
+      "type": "file",
+      "name": "lib/collectors/ai-api.js",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "f7f37f5567c4d6d31cbe076d9be0fcbefaac89e8f4db7b339fe4a9a441d25246"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "8a183e4d43cf51e8f45c0f2a630ee3004df83ded3e0d2879c1a38da927ff1ec9eb0c22321c98d1c0ee15979d49ec6fff6e37fd947b01e48e9c7a99ea3ee255b3"
+        }
+      ]
+    },
     {
       "bom-ref": "file:lib/collectors/containers.js",
       "type": "file",
@@ -964,6 +979,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:lib/collectors/mcp.js",
+      "type": "file",
+      "name": "lib/collectors/mcp.js",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "1b6f614c62b528e159eb325f2e4326749d89f96add26c2133a63fb3e7746382b"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "78816fe42de6d9773b91dfd68abba8c8681f099a8a12e300a3f1b0b4e63f8f43cf4c0260e9404df61bbe18c7ae4960ff61e5dc17be61e065ac576a9605b06413"
+        }
+      ]
+    },
     {
       "bom-ref": "file:lib/collectors/runtime.js",
       "type": "file",
@@ -1601,11 +1631,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4dad124024253fc34e1c7ef1cce0677e22243c219523b460e82f23a928ce0a20"
+          "content": "d470159ac93dcfafc3f9b99204379c92cfd81a384b2f5d7d7001f5ad1f26b6dc"
         },
         {
           "alg": "SHA3-512",
-          "content": "5e9a9663f2e9f3b9da97e746b1865473fb10c95ac7eb47273c8048644c5f1fc5f912e178cadf1a58dab0643bae349081dc9b2c9bfb39d979d1ad548e8a84f65e"
+          "content": "8ba02c07c391abf1d343334c614abf057c432a4a11b90e64e4dd79289dfefa2d6c8221e2df0cdc9f46b2d8afccc0b26b3617fa2e866f9365663434049dc40e58"
         }
       ]
     },