@blamejs/exceptd-skills 0.13.5 → 0.13.7

package/AGENTS.md

@@ -228,6 +228,22 @@ Recently added (use the IDs in skill prose and operator briefings; full text in
 | `NEW-CTRL-053` | MCP-SERVER-CONFIG-ALLOWLIST | `CVE-2026-30623` (Anthropic MCP SDK stdio injection) | NIST AI RMF MEASURE 2.7, OWASP LLM Top 10 2025 LLM05 |
 | `NEW-CTRL-054` | BACKUP-TIER-NETWORK-ISOLATION | `CVE-2025-59389` (QNAP Hyper Data Protector preauth RCE) | ISO-27001-2022 A.8.13, NIS2 Art.21 business-continuity |
 | `NEW-CTRL-055` | SECURITY-TOOL-INTEGRITY-VERIFICATION | `CVE-2025-11837` (QNAP Malware Remover code-injection) | NIST-800-53 SI-3, ISO-27001-2022 A.8.7, PCI-DSS 4.0 §5.1 |
+| `NEW-CTRL-056` | MOBILE-ENDPOINT-MDM-ENFORCED-KEV-SLA | `CVE-2025-14174` / `CVE-2025-43529` / `CVE-2025-24201` / `CVE-2025-43300` | NIST-800-53 SI-2, ISO-27001-2022 A.8.8, CIS Benchmarks mobile-OS profiles |
+| `NEW-CTRL-057` | BROWSER-MANAGED-UPDATE-NO-DEFERRAL | `CVE-2025-10585` / `CVE-2025-14174` / `CVE-2025-43529` / `CVE-2025-4919` | NIST-800-53 SI-2, CISA KEV SLA, vendor-channel security-release contracts |
+| `NEW-CTRL-058` | CLOUD-CONTROL-PLANE-CROSS-TENANT-CLAIM-VALIDATION | `CVE-2025-55241` (Entra ID Actor-token impersonation) | NIST-800-53 AC-2/AU-2/AC-16, ISO-27001-2022 A.5.16, CIS Cloud Foundations |
+| `NEW-CTRL-059` | SENSITIVE-DATA-IN-LOGS-LINT | `CVE-2025-21085` (Cisco Duo credential leakage) | NIST-800-53 AU-9/SI-12, ISO-27001-2022 A.8.15, PCI-DSS 4.0 §10.5 |
+| `NEW-CTRL-060` | DATABASE-SERVER-SIDE-SCRIPTING-DEFAULT-DENY | `CVE-2025-49844` (Redis RediShell Lua UAF) | NIST-800-53 CM-6/CM-7, ISO-27001-2022 A.8.9, vendor secure-baseline profiles |
+| `NEW-CTRL-061` | IN-MEMORY-DATASTORE-MEMORY-DISCLOSURE-NETWORK-EXPOSURE-AUDIT | `CVE-2025-14847` (MongoBleed) | NIST-800-53 SC-7/SC-28, PCI-DSS 4.0 §1.4, ISO-27001-2022 A.8.20 |
+| `NEW-CTRL-062` | HTTP2-STREAM-RESET-ACCOUNTING | `CVE-2025-8671` (MadeYouReset) | NIST-800-53 SC-5, ISO-27001-2022 A.8.6, vendor HTTP/2 secure-default profiles |
+| `NEW-CTRL-063` | MULTIMODAL-INFERENCE-INPUT-DECODER-ISOLATION | `CVE-2026-22778` (vLLM heap-overflow RCE) | NIST AI RMF MANAGE 4.1, NIST-800-53 SC-39, OWASP LLM Top 10 2025 LLM10 |
+| `NEW-CTRL-064` | LLM-OUTPUT-DESERIALIZATION-TRUST-ZONE | `CVE-2025-68664` (LangChain LangGrinch) | NIST AI RMF MEASURE 2.7, OWASP LLM Top 10 2025 LLM03/LLM08, NIST-800-53 SI-10 |
+| `NEW-CTRL-065` | AI-MODEL-SERVER-DEFAULT-AUTHENTICATION | `CVE-2026-7482` (Ollama Bleeding Llama) | NIST-800-53 IA-2/AC-3, ISO-27001-2022 A.8.5, NIST AI RMF GOVERN 5.1 |
+| `NEW-CTRL-066` | AGENTIC-IDE-HOST-EXECUTION-SANDBOX | `CVE-2025-55319` (VSCode agentic-AI command-injection) | NIST AI RMF MANAGE 4.1, ISO/IEC 42001 §6.1.4, NIST-800-53 SC-39 |
+| `NEW-CTRL-067` | AI-PLATFORM-CONTROL-PLANE-RBAC-OVERLAY-AUDIT | `CVE-2025-10725` (OpenShift AI privilege escalation) | NIST-800-53 AC-2/AC-6, CIS Kubernetes Benchmark §5, NIST AI RMF GOVERN 1.5 |
+| `NEW-CTRL-068` | HYPERVISOR-VM-ESCAPE-TENANCY-ASSUMPTION | `CVE-2025-22224` / `CVE-2025-22225` / `CVE-2025-22226` (VMSA-2025-0004 ESXi chain) | NIST-800-53 SC-7/SI-2, ISO-27001-2022 A.8.20, CIS VMware ESXi Benchmark |
+| `NEW-CTRL-069` | ECOSYSTEM-PACKAGE-TEMPORAL-TRUST-DRIFT-DETECTION | `MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER` | NIST-800-218 SSDF PW.4, EU CRA Annex I §1(2)(b), SLSA Build L3 |
+| `NEW-CTRL-070` | TYPOSQUAT-INSTALL-TIME-NAME-CONFUSION-GUARD | `MAL-2025-PYPI-COLORAMA-SOLANA-STEALER` | NIST-800-218 SSDF PW.4, NIST-800-53 SI-7, EU CRA Annex I §1(2)(c) |
+| `NEW-CTRL-071` | AI-DISCOVERY-CREDIT-IN-COMPLIANCE-EVIDENCE | `MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP` + `CVE-2025-6965` + `CVE-2025-0133` + ZeroPath quartet | NIST AI RMF MEASURE 2.7, ISO/IEC 42001 §6.1.4 (records of AI use), EU AI Act Art.12 (record-keeping) |
 
 When you cite a `NEW-CTRL-*` ID in a skill body, the lint reads the upstream `zeroday-lessons.json` entry as the authoritative source for the requirement text — do not paraphrase the description in the skill body, link to the ID instead.
 

package/CHANGELOG.md

@@ -1,5 +1,49 @@
 # Changelog
 
+## 0.13.7 — 2026-05-18
+
+Catalog cross-reference closure + two test-isolation fixes that surfaced after the v0.13.6 expansion.
+
+### Bugs
+
+**`exceptd doctor --ai-config` now matches the canonical Windsurf MCP config path.** The audit walker uses `SENSITIVE_PATTERNS` to identify files that need mode 0o600. Prior regex `/\.mcp_config\.json$/` required a literal `.` before `mcp_config.json` — so `~/.codeium/windsurf/mcp_config.json` (the real-world install path, no leading dot) was silently skipped. New regex `^mcp_config\.json$` covers the bare filename while `\.mcp_config\.json$` is kept for vendor-prefixed variants like `default.mcp_config.json`.
+
+**`refresh-external --from-fixture` no longer falls through to live RSS for the advisories source.** Fixture mode populated frozen payloads for kev / epss / nvd / rfc / pins / ghsa / osv but left the advisories poller (Qualys / RHSA / USN / ZDI / kernel.org / oss-security / JFrog / CISA) unfixturized — it called `fetch()` against the real RSS endpoints. Back-to-back fixture-mode runs (sequential vs `--swarm`) hit moving upstream data within the 10-15s test window and the `swarm and sequential reports diverge` assertion fired intermittently on macOS runners. The fixture loader now reads `tests/fixtures/refresh/advisories.json` into `ctx.fixtures.advisories` so all 8 feeds resolve to frozen content. New regression pin verifies `8/8 feeds reachable` from the fixture instead of any live count.
+
+### Features
+
+**42 new framework-control-gap entries** close every orphan forward reference introduced by the v0.13.6 catalog expansion. Coverage spans NIST 800-53 (IA-8, AU-9, SC-5), ISO 27001:2022 (A.5.21, A.8.9, A.8.15, A.8.21, A.8.24), PCI DSS 4.0 (2.2.3, 3.5, 6.2.4, 6.3.2, 10.5), OWASP LLM Top 10 (LLM01, LLM02, LLM05, LLM06, LLM07), OWASP API / Top 10 / SAMM, FedRAMP (AC-3, AC-4, SC-4, SC-7), EU AI Act Art.10 + Art.15, ISO/IEC 42001-AIMS (root + A.6.2.5), CIS Controls v8 7.4, ENISA mobile / IoT secure baselines, GDPR Art.32, NIS2 Art.21 availability, ATLAS AML.T0048, DORA Art.10, SLSA-3, OpenSSF Scorecard PinnedDependenciesID, NIST 800-218 SSDF (PO.4.2, PW.7.1). Each entry carries operator-facing `designed_for` / `misses[]` / `real_requirement` text and at least one evidence CVE from the v0.13.6 additions. `framework-control-gaps.json` total: 142 → 184.
+
+The high-leverage closures: `EU-AI-Act-Art15` (10 CVE anchors covering inference-server bundled-codec RCE, agentic-IDE command-injection, managed-AI-service SSRF, AI-platform overlay privesc, serialization-injection); `SLSA-3` (sleeper-package temporal-trust failure mode that L3-correct provenance alone does not catch); `ISO-IEC-42001-AIMS-A.6.2.5` (AIMS lifecycle gates extended to IDE-resident agentic primitives and managed-AI-platform overlays).
+
+## 0.13.6 — 2026-05-18
+
+CVE catalog expansion (38 → 67 entries) covering threat classes the catalog previously did not address, plus a `doctor` undercount fix.
+
+### Features
+
+**29 new catalog entries** across the under-represented classes:
+
+- **Browsers (4)** — Chrome V8 TAG-disclosed zero-day `CVE-2025-10585`, WebKit DarkSword chain `CVE-2025-14174` + `CVE-2025-43529`, Firefox SpiderMonkey Pwn2Own `CVE-2025-4919`.
+- **Mobile OS (3)** — WebKit Glass Cage iOS chain `CVE-2025-24201`, ImageIO zero-click root `CVE-2025-43300`, Android POSIX-CPU-timer race `CVE-2025-38352`.
+- **Identity providers (2)** — Entra ID cross-tenant Actor-token impersonation `CVE-2025-55241` (CVSS 10.0), Cisco Duo log credential disclosure `CVE-2025-21085`.
+- **Database engines (3)** — PostgreSQL psql ACE `CVE-2025-1094` (BeyondTrust / Treasury breaches), Redis RediShell Lua UAF `CVE-2025-49844` (CVSS 10.0), MongoBleed memory disclosure `CVE-2025-14847`.
+- **HTTP/2 (1)** — MadeYouReset stream-reset DoS `CVE-2025-8671` (Rapid Reset successor, 2.8M+ vulnerable instances).
+- **AI model serving (4)** — vLLM heap-overflow RCE `CVE-2026-22778`, Ollama Bleeding Llama `CVE-2026-7482`, LangChain LangGrinch `CVE-2025-68664`, Big Sleep SQLite zero-day `CVE-2025-6965`.
+- **VMware ESXi (3)** — `CVE-2025-22224` / `CVE-2025-22225` / `CVE-2025-22226` (VMSA-2025-0004, ransomware-active VM-escape chain).
+- **Malicious packages (3)** — ultralytics XMRig `MAL-2024-PYPI-ULTRALYTICS-XMRIG` (60M-download AI library), RubyGems + Go sleeper `MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER`, PyPI colorama Solana stealer `MAL-2025-PYPI-COLORAMA-SOLANA-STEALER`.
+- **AI-discovery anchors (6)** — XBOW Palo Alto GlobalProtect `CVE-2025-0133` (HackerOne #1 Q2 2025), ZeroPath cluster (`CVE-2025-59529` / `CVE-2025-55319` / `CVE-2025-53767` / `CVE-2025-10725`), Big Sleep FFmpeg + ImageMagick tranche `MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP`.
+
+Every entry carries the full RWEP factor set, named verification sources, vendor advisory references, and a matching `data/zeroday-lessons.json` lesson. AI-discovered rate climbs 5/38 (0.132) → 12/67 (0.179), clearing the next ladder rung toward the Hard Rule #7 target of 0.40.
+
+**16 new control requirements** mint `NEW-CTRL-056` through `NEW-CTRL-071`, named in `AGENTS.md` with the surfacing zero-day and gap-closed framework controls. Coverage spans mobile MDM SLA enforcement, browser managed-update no-deferral, cloud-control-plane cross-tenant claim validation, sensitive-data-in-logs lint, database server-side scripting default-deny, in-memory datastore memory-disclosure exposure audit, HTTP/2 stream-reset accounting, multimodal inference decoder isolation, LLM-output deserialization trust zone, AI-model-server default auth, agentic-IDE host-execution sandbox, AI-platform control-plane RBAC overlay, hypervisor tenancy assumption, ecosystem-package temporal trust drift, typosquat install-time guard, and AI-discovery credit in compliance evidence.
+
+**ATT&CK + ATLAS catalogs extended** to back the new entries: 8 new ATT&CK techniques (T1005, T1189, T1496, T1498, T1499.001, T1499.002, T1539, T1657) and 3 new ATLAS TTPs (AML.T0007 Discover ML Artifacts, AML.T0011 User Execution, AML.T0047 LLM Meta Prompt Extraction).
+
+### Bugs
+
+**`exceptd doctor` no longer undercounts the catalog.** The prior implementation parsed `validate-cves` text output, which only counts `CVE-*` prefixes — `MAL-*` (malicious-package) entries were silently dropped from the total. An operator reading `CVE catalog: 34 entries` on a 38-entry catalog would conclude that the Shai-Hulud / TanStack worm intelligence had been removed when it was present all along. The check now reads `data/cve-catalog.json` directly and reports the combined total with the per-prefix breakdown: `CVE catalog: 67 entries (60 CVE + 7 MAL), drift 0`. The `validate-cves` text output gains a clarifying suffix noting that the count is CVE-IDs queued for NVD validation and that the combined catalog total lives under `exceptd doctor`.
+
 ## 0.13.5 — 2026-05-18
 
 Three new playbooks, two cross-cutting CLI behaviours, and a deterministic schema gate on `active_exploitation` vocabulary.

package/bin/exceptd.js

@@ -5395,19 +5395,36 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   if (runCves) {
     try {
       const orchPath = path.join(PKG_ROOT, "orchestrator", "index.js");
-      // validate-cves doesn't emit JSON; parse text for row count + drift.
+      // validate-cves doesn't emit JSON; parse text for drift signal.
       const res = spawnSync(process.execPath, [orchPath, "validate-cves", "--offline"], {
         encoding: "utf8",
         cwd: PKG_ROOT,
         timeout: 30000,
       });
       const text = (res.stdout || "") + (res.stderr || "");
-      const totalMatch = text.match(/(\d+)\s+CVEs?\s+in\s+catalog/i);
       const driftMatch = text.match(/drift[:\s]+(\d+)/i);
       const ok = res.status === 0;
+      // v0.13.6: total comes from the catalog file directly. The
+      // validate-cves text-scrape only ever counted CVE-* prefixes, so
+      // MAL-* (malicious package) entries silently dropped from the
+      // doctor report — operators reading "34 entries" assumed the
+      // Shai-Hulud / TanStack worm intel had been removed when it was
+      // present all along. Read the catalog and report both totals.
+      let total = null;
+      let cve_count = null;
+      let mal_count = null;
+      try {
+        const catalog = require(path.join(PKG_ROOT, "data", "cve-catalog.json"));
+        const keys = Object.keys(catalog).filter((k) => !k.startsWith("_"));
+        cve_count = keys.filter((k) => k.startsWith("CVE-")).length;
+        mal_count = keys.filter((k) => k.startsWith("MAL-")).length;
+        total = keys.length;
+      } catch { /* fall through with nulls */ }
       checks.cves = {
         ok,
-        total: totalMatch ? Number(totalMatch[1]) : null,
+        total,
+        cve_count,
+        mal_count,
         drift: driftMatch ? Number(driftMatch[1]) : 0,
         ...(ok ? {} : { exit_code: res.status, raw: text.slice(0, 500) }),
       };
@@ -5540,9 +5557,16 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       { dir: '.continue', display: '~/.continue' },
     ];
     // Files within those dirs that warrant the strict-mode check.
+    // v0.13.7: prior `/\.mcp_config\.json$/` regex required a literal `.`
+    // before `mcp_config.json`, so the real-world Windsurf install path
+    // (`~/.codeium/windsurf/mcp_config.json` — no leading dot) was
+    // silently missed by the audit. `^mcp_config\.json$` now matches the
+    // bare filename, and the trailing `.mcp_config.json` form is kept
+    // for vendor variants that prefix with a tag (e.g. `default.mcp_config.json`).
     const SENSITIVE_PATTERNS = [
       /^settings\.json$/,
       /^mcp\.json$/,
+      /^mcp_config\.json$/,
       /\.mcp_config\.json$/,
       /^api_key/,
       /\.token$/,
@@ -5793,11 +5817,14 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       ? `skill currency: all green (${c.total_skills ?? "?"} skills)`
       : `skill currency: ${c.stale_skills?.length || "?"} stale, ${c.critical_count ?? 0} critical`
   );
-  mark(checks.cves, c =>
-    c.ok
-      ? `CVE catalog: ${c.total ?? "?"} entries, drift ${c.drift ?? 0}`
-      : `CVE catalog FAILED (exit=${c.exit_code ?? "?"})`
-  );
+  mark(checks.cves, c => {
+    if (!c.ok) return `CVE catalog FAILED (exit=${c.exit_code ?? "?"})`;
+    const total = c.total ?? "?";
+    const breakdown = (c.cve_count != null && c.mal_count != null)
+      ? ` (${c.cve_count} CVE + ${c.mal_count} MAL)`
+      : "";
+    return `CVE catalog: ${total} entries${breakdown}, drift ${c.drift ?? 0}`;
+  });
   mark(checks.rfcs, c =>
     c.ok
       ? `RFC catalog: ${c.total ?? "?"} entries, drift ${c.drift ?? 0}`

package/data/_indexes/_meta.json

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-18T04:58:08.316Z",
+  "generated_at": "2026-05-18T14:18:03.242Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "6bbf4f4d9540c2539d6f2635b39ba42f963e3a2238e9e8b6569d0cc65719b813",
-    "data/atlas-ttps.json": "2b021f47355365d1ba59078dfa582397c7a64c2b4ebea4657ea260a66b76daf6",
-    "data/attack-techniques.json": "76461dbec048c5e072435d57e3a04b780e3992dab9f316b1b52608e0a997e355",
-    "data/cve-catalog.json": "4b8c05074744f9e099c776e0f9c3afd2b978fc52d702bc8805c3b5bfecdbafcb",
+    "manifest.json": "dc4472e1476028be9f69537ae5b19998b32eeaa6951bacf570898ed4abdef2d1",
+    "data/atlas-ttps.json": "c2aee9c70ec24cf48f1ea4daf170aa6e7b93292888239c46a8ec9e522ee32119",
+    "data/attack-techniques.json": "29cd5690040c7153dbf293b7e3a99b72fc897b0495478e369f7ce7004b8d64f4",
+    "data/cve-catalog.json": "b3731361d298483648264215fd8dbfca36d0f4e2ead4aebf7c49718e12038e1f",
     "data/cwe-catalog.json": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35",
     "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "994bf3203f3a2c80fe21194d00f67ecffa77b80193ba3f4b046e9d38e7b09f0f",
+    "data/framework-control-gaps.json": "a8bb654f6ed2fba5290dc6acac73ee423c1afcb2dca27bce3303adc3ee40f791",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "3d4c18977f2100f200e209dc55331931a5d0adc54af35879fc58f1b43deac56f",
+    "data/zeroday-lessons.json": "bb3fec080f649a5968f8d0c6d69ca4d32fb120de0f7d07b1f5058184d4d3ff3a",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "d1361c53c8360999e1ec6a403bcbfaa53d0afc11689e8781d26081196dd079d4",
     "skills/mcp-agent-trust/skill.md": "19a6b54375808e59143070011328d8c936836845bca4a484108738bbef290694",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 34,
+    "chains_cve_entries": 59,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json

@@ -5,6 +5,30 @@
     "event_count": 54
   },
   "events": [
+    {
+      "date": "2026-05-18",
+      "type": "catalog_update",
+      "artifact": "data/cve-catalog.json",
+      "path": "data/cve-catalog.json",
+      "schema_version": "1.0.0",
+      "entry_count": 67
+    },
+    {
+      "date": "2026-05-18",
+      "type": "catalog_update",
+      "artifact": "data/framework-control-gaps.json",
+      "path": "data/framework-control-gaps.json",
+      "schema_version": "1.0.0",
+      "entry_count": 184
+    },
+    {
+      "date": "2026-05-18",
+      "type": "catalog_update",
+      "artifact": "data/zeroday-lessons.json",
+      "path": "data/zeroday-lessons.json",
+      "schema_version": "1.1.0",
+      "entry_count": 67
+    },
     {
       "date": "2026-05-15",
       "type": "skill_review",
@@ -39,7 +63,7 @@
       "artifact": "data/atlas-ttps.json",
       "path": "data/atlas-ttps.json",
       "schema_version": "1.0.0",
-      "entry_count": 30
+      "entry_count": 33
     },
     {
       "date": "2026-05-15",
@@ -47,7 +71,7 @@
       "artifact": "data/attack-techniques.json",
       "path": "data/attack-techniques.json",
       "schema_version": "1.0.0",
-      "entry_count": 98
+      "entry_count": 106
     },
     {
       "date": "2026-05-15",
@@ -57,14 +81,6 @@
       "schema_version": "1.1.0",
       "entry_count": 28
     },
-    {
-      "date": "2026-05-15",
-      "type": "catalog_update",
-      "artifact": "data/framework-control-gaps.json",
-      "path": "data/framework-control-gaps.json",
-      "schema_version": "1.0.0",
-      "entry_count": 142
-    },
     {
       "date": "2026-05-15",
       "type": "catalog_update",
@@ -81,14 +97,6 @@
       "schema_version": "1.0.0",
       "entry_count": 41
     },
-    {
-      "date": "2026-05-15",
-      "type": "catalog_update",
-      "artifact": "data/zeroday-lessons.json",
-      "path": "data/zeroday-lessons.json",
-      "schema_version": "1.1.0",
-      "entry_count": 38
-    },
     {
       "date": "2026-05-15",
       "type": "manifest_review",
@@ -96,14 +104,6 @@
       "path": "manifest.json",
       "note": "manifest threat_review_date — 42 skills, 11 catalogs"
     },
-    {
-      "date": "2026-05-13",
-      "type": "catalog_update",
-      "artifact": "data/cve-catalog.json",
-      "path": "data/cve-catalog.json",
-      "schema_version": "1.0.0",
-      "entry_count": 38
-    },
     {
       "date": "2026-05-13",
       "type": "catalog_update",

package/data/_indexes/catalog-summaries.json

@@ -18,7 +18,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 30,
+      "entry_count": 33,
       "sample_keys": [
         "AML.T0001",
         "AML.T0040",
@@ -40,7 +40,7 @@
         "rebuild_after_days": 365,
         "note": "Catalog must be rebuilt against the upstream ATT&CK release whenever MITRE publishes a new version. AGENTS.md external-data version-pinning rule requires the bump to be intentional, not silent. ATT&CK ships semi-annually (April + October); audit on each release for tactic moves, technique splits, and new Detection Strategies."
       },
-      "entry_count": 98,
+      "entry_count": 106,
       "sample_keys": [
         "T0001",
         "T0017",
@@ -53,7 +53,7 @@
       "path": "data/cve-catalog.json",
       "purpose": "Per-CVE record (CVSS, EPSS, CISA KEV, RWEP, AI-discovery, vendor advisories, framework gaps, ATLAS/ATT&CK mappings). Cross-validated against NVD + CISA KEV + FIRST EPSS via validate-cves.",
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-13",
+      "last_updated": "2026-05-18",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 38,
+      "entry_count": 67,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -163,7 +163,7 @@
       "path": "data/framework-control-gaps.json",
       "purpose": "Per-control framework gap declarations: SI-2, A.8.8, PCI 6.3.3, etc. Each entry names the control, the lag, the evidence CVE, and remediation guidance.",
       "schema_version": "1.0.0",
-      "last_updated": "2026-05-15",
+      "last_updated": "2026-05-18",
       "tlp": "CLEAR",
       "source_confidence_default": "A1",
       "freshness_policy": {
@@ -172,7 +172,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 142,
+      "entry_count": 184,
       "sample_keys": [
         "ALL-AI-PIPELINE-INTEGRITY",
         "ALL-MCP-TOOL-TRUST",
@@ -229,7 +229,7 @@
       "path": "data/zeroday-lessons.json",
       "purpose": "Distilled lessons from notable zero-days and campaigns (SesameOp, Copy Fail, Dirty Frag, Copilot RCE, Windsurf MCP). Each entry: technique, distinguishing characteristic, what it means for the framework lag.",
       "schema_version": "1.1.0",
-      "last_updated": "2026-05-15",
+      "last_updated": "2026-05-18",
       "tlp": "CLEAR",
       "source_confidence_default": "B2",
       "freshness_policy": {
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 38,
+      "entry_count": 67,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",