npm - @blamejs/exceptd-skills - Versions diffs - 0.13.57 → 0.13.58 - Mend

@blamejs/exceptd-skills 0.13.57 → 0.13.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,23 @@
 # Changelog
+## 0.13.58 — 2026-05-22
+Air-gap mode now blocks every refresh source (not just GHSA/OSV). `doctor` help text catches up with runtime flag set, surfaces a fix status when nothing to remediate, and refuses unknown flags. `ask` stops returning false-positive substring matches and learns identity / phishing / SSO / famous-attack vocabulary.
+### Bugs
+- **`refresh --air-gap` was a partial guarantee.** GHSA + OSV honored `ctx.airGap` at the source-module level. `kev`, `epss`, `nvd`, `rfc`, and `pins` fell through to their live-network branches when neither `--from-fixture` nor `--from-cache` was wired up — operators got a banner promising no egress while CISA KEV updates were being applied to the catalog. The air-gap guard now lives at the central source-dispatch (`runOne` in `lib/refresh-external.js`) so the guarantee holds uniformly across every source. Sources with a `fixtures.<name>` or `cacheDir` offline path still run normally.
+- **`exceptd doctor --help` advertised 6 flags but the runtime accepted 10.** `--collectors`, `--ai-config`, `--exit-codes`, and `--shipped-tarball` were dispatchable but undiscoverable. The help block now enumerates the full set, with one-paragraph descriptions of what each surface checks. `--exit-codes` is now operator-discoverable as the canonical EXIT_CODES contract dump.
+- **`doctor --cves` breakdown arithmetic** silently dropped `BUG-*` and any non-CVE/non-MAL prefix entries from the named totals. `312 entries (301 CVE + 8 MAL)` is now `312 entries (3 BUG + 301 CVE + 8 MAL)` — exact sum. Output adds a structured `by_prefix` map so the breakdown is data-driven against the live catalog instead of hardcoded against two prefixes (same regression class as the v0.13.6 MAL fix, now generalized).
+- **`doctor --fix` silently no-op'd when nothing was wrong.** Operators couldn't distinguish "we tried and were already healthy" from "we tried and failed silently." The summary now carries `fix_status: "already_present"` + `fix_skipped_reason` on a healthy install. Existing `fix_applied` / `fix_attempted` / `fix_partial` states unchanged.
+- **`doctor` accepted unknown flags as no-ops** instead of refusing. `doctor --singatures` (typo), `doctor --data` (renamed-out flag), `doctor --bogus-flag-xyz` all ran a full default scan and exited 0. Refusal is now structured: ok:false + `unknown_flags[]` with did-you-mean candidates + `known_flags[]` listing every accepted flag. Non-zero exit.
+- **`ask` substring matching produced stopword false positives.** `"the"` substring-hit `"authentication"` in the haystack, so any query containing a stopword inflated scores. The pure-stopword query `"the the the the"` routed confidently to ai-api. Fix: tokenize the haystack with the same splitter as the question and match by whole-token Set membership instead of `String.includes`. Plus a stopword filter applied after synonym expansion to drop common English words that would otherwise dilute scoring.
+### Features
+- **`run` / `ai-run` / `ci` envelopes surface `air_gap_mode` at the top.** Stdout-parsing consumers can detect that air-gap was active without descending into `phases.govern`. Mirrors the existing result-hoist pattern (`verdict`, `rwep_score`, `evidence_completeness`, `attestation_path`).
+- **`ask` synonym map grew to cover identity / phishing / SSO / BEC / famous-attack vocabulary.** New keys: `phish*`, `sso`, `oauth`, `saml`, `okta`, `entra`, `bec`, `deepfake`, `left-pad`, `event-stream`, `shai-hulud`, `agentic`, `rogue`, `credential theft`, `developer laptop`. Queries like `"I think we got phished"` now top-route to identity-sso-compromise; `"left-pad style attack"` to library-author; `"credential theft from developer laptop"` to secrets (with cred-stores in top 3).
 ## 0.13.57 — 2026-05-22
 `attest list` populates the signed field. README + verb help document the ai-run JSONL event grammar. `--block-on-jurisdiction-clock` clarifies pending-vs-started semantics.

package/bin/exceptd.js CHANGED Viewed

@@ -1989,14 +1989,42 @@ Subchecks:
                           Currently scoped to: regenerate the local Ed25519
                           private key when keys/public.pem exists but
                           .keys/private.pem is absent. Does NOT modify any
-                          file outside .keys/.
-  (no flag)               All four subchecks above (sans --registry-check
-                          unless explicitly requested), plus signing-status
-                          (private key presence under .keys/).
+                          file outside .keys/. When the key is already
+                          present, --fix is a no-op (surfaces fix_status:
+                          "already_present" so callers can distinguish
+                          clean-state from broken-state).
+  --collectors            Audit the per-playbook collector layer:
+                          which playbooks have a collector module under
+                          lib/collectors/, which are policy-skipped by
+                          design, and which collectors haven't been wired
+                          up yet. JSON emits has_collector / policy_skips /
+                          without_collector arrays.
+  --ai-config             Walk the operator's AI-assistant configuration
+                          files (~/.claude/, ~/.cursor/, ~/.codeium/,
+                          ~/.aider/, ~/.continue/) and surface sensitive
+                          content (API keys, tokens, MCP server
+                          definitions) plus on Windows the icacls ACL
+                          state. Combine with --fix to harden ACLs.
+                          Opt-in — never part of the default scan.
+  --exit-codes            Dump the canonical EXIT_CODES table as JSON.
+                          Useful for CI / scripting consumers that want
+                          the documented exit-code contract without parsing
+                          help text. Off by default.
+  --shipped-tarball       Round-trip the verify-shipped-tarball gate:
+                          npm pack → extract to a tempdir → run
+                          lib/verify.js against the extracted tree.
+                          Surfaces the signature-regression class where
+                          source-tree verify passes but the published
+                          tarball fails. Off by default.
+  (no flag)               --signatures + --currency + --cves + --rfcs +
+                          signing-status. --registry-check, --collectors,
+                          --ai-config, --exit-codes, --shipped-tarball are
+                          opt-in and never run as part of the default scan.
 Flags:
   --json                  Emit JSON (default is human-readable text).
   --pretty                Indented JSON output (implies --json).
+  --air-gap               Suppress the --registry-check network probe.
 Output: checks{} per subcheck + summary{all_green, issues_count}.`,
     "ai-run": `ai-run <playbook> — streaming JSONL contract for AI-driven runs (v0.11.0).
@@ -3165,6 +3193,15 @@ function cmdRun(runner, args, runOpts, pretty) {
   const result = runner.run(playbookId, directiveId, submission, runOpts);
   if (result && upstreamCheck) result.upstream_check = upstreamCheck;
+  // Audit 3 A.2: surface air_gap_mode at the top of the envelope so
+  // stdout-parsing consumers can detect that the run honored --air-gap
+  // (or the playbook's _meta.air_gap_mode flag) without descending into
+  // phases.govern. Mirrors the run-result hoist pattern (verdict,
+  // rwep_score, evidence_completeness, attestation_path).
+  if (result) {
+    result.air_gap_mode = !!(pb._meta?.air_gap_mode || runOpts.airGap);
+  }
   // v0.11.9 (#113/#114): surface --operator and --ack in the run result so
   // operators see the attribution + consent state without inspecting the
   // attestation file. Pre-0.11.9 these were persisted to disk only.
@@ -5920,6 +5957,27 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   const wantJson = !!args.json || !!args.pretty;
   const indent = !!args.pretty;
+  // Refuse unknown flags rather than silently running the full default
+  // scan. Pre-fix, typos and renamed-out flags all returned exit 0 with
+  // the operator believing they'd run a targeted check.
+  const KNOWN_DOCTOR_FLAGS = new Set([
+    "json", "pretty", "fix", "air-gap",
+    "signatures", "currency", "cves", "rfcs", "registry-check",
+    "ai-config", "collectors", "exit-codes", "shipped-tarball",
+    // Global flags the parser may inject regardless of verb.
+    "_", "json-stdout-only", "_jsonMode",
+  ]);
+  const unknownFlags = Object.keys(args).filter(k => !KNOWN_DOCTOR_FLAGS.has(k));
+  if (unknownFlags.length > 0) {
+    const dym = unknownFlags.map(f => {
+      const candidates = [...KNOWN_DOCTOR_FLAGS].filter(k => typeof k === "string" && k.length >= 2 && (k.includes(f) || f.includes(k) || levenshtein1(f, k) <= 1));
+      return { flag: `--${f}`, did_you_mean: candidates.slice(0, 3).map(c => `--${c}`) };
+    });
+    return emitError(`doctor: unknown flag(s): ${unknownFlags.map(f => `--${f}`).join(", ")}`,
+      { verb: "doctor", unknown_flags: dym, known_flags: [...KNOWN_DOCTOR_FLAGS].filter(k => k !== "_" && !k.startsWith("_") && k !== "json-stdout-only").sort().map(k => `--${k}`) },
+      pretty);
+  }
   // `doctor --exit-codes` dumps the canonical exit-code table as JSON so
   // operator-facing docs cannot drift from runtime behavior. Short-circuit
   // before the regular health checks since the dump is informational.
@@ -6079,22 +6137,37 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       // MAL-* (malicious package) entries silently dropped from the
       // doctor report — operators reading "34 entries" assumed the
       // Shai-Hulud / TanStack worm intel had been removed when it was
-      // present all along. Read the catalog and report both totals.
+      // present all along. Read the catalog and report all prefix
+      // groups — the previous CVE+MAL-only enumeration silently dropped
+      // any other prefix (BUG-*, SNYK-*, etc.) from the breakdown even
+      // though they were summed into total. Same regression class as
+      // the original CVE-only fix; this generalizes it.
       let total = null;
       let cve_count = null;
       let mal_count = null;
+      let by_prefix = null;
       try {
         const catalog = require(path.join(PKG_ROOT, "data", "cve-catalog.json"));
         const keys = Object.keys(catalog).filter((k) => !k.startsWith("_"));
         cve_count = keys.filter((k) => k.startsWith("CVE-")).length;
         mal_count = keys.filter((k) => k.startsWith("MAL-")).length;
         total = keys.length;
+        // Enumerate every prefix present so future additions (BUG-*,
+        // SNYK-*, GHSA-*, RUSTSEC-*) surface in the breakdown instead
+        // of vanishing into the total - sum-of-named-prefixes gap.
+        by_prefix = {};
+        for (const k of keys) {
+          const m = k.match(/^([A-Z]+)-/);
+          const p = m ? m[1] : "OTHER";
+          by_prefix[p] = (by_prefix[p] || 0) + 1;
+        }
       } catch { /* fall through with nulls */ }
       checks.cves = {
         ok,
         total,
         cve_count,
         mal_count,
+        by_prefix,
         drift: driftMatch ? Number(driftMatch[1]) : 0,
         ...(ok ? {} : { exit_code: res.status, raw: text.slice(0, 500) }),
       };
@@ -6543,6 +6616,23 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     }
   }
+  // Audit 3 B.3: --fix was passed but nothing to fix. Pre-fix this was
+  // silently a no-op — operators couldn't distinguish "we tried and were
+  // already healthy" from "we tried and failed silently." Now surfaces a
+  // structured fix_status so callers reading the envelope can branch on
+  // it.
+  // The ai-config branch tracks its remediations on checks.ai_config
+  // (fix_applied / fix_failed are nested there, not on out.summary), so
+  // include that signal when deciding whether ANY fix actually ran.
+  // Without this, doctor --ai-config --fix applying chmod/icacls would
+  // simultaneously report checks.ai_config.fix_applied > 0 AND
+  // summary.fix_status: "already_present", which is contradictory.
+  const aiConfigFixed = !!(checks.ai_config && ((checks.ai_config.fix_applied || 0) > 0 || (checks.ai_config.fix_failed || 0) > 0));
+  if (args.fix && !out.summary.fix_applied && !out.summary.fix_attempted && !out.summary.fix_partial && !out.summary.fix_decline_reason && !aiConfigFixed) {
+    out.summary.fix_status = "already_present";
+    out.summary.fix_skipped_reason = "Signing key + skill signatures are already valid; nothing to remediate.";
+  }
   if (wantJson) {
     emit(out, indent);
     if (!allGreen) process.exitCode = EXIT_CODES.GENERIC_FAILURE;
@@ -6578,7 +6668,12 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   mark(checks.cves, c => {
     if (!c.ok) return `CVE catalog FAILED (exit=${c.exit_code ?? "?"})`;
     const total = c.total ?? "?";
-    const breakdown = (c.cve_count != null && c.mal_count != null)
+    // Audit 3 B.2: enumerate every prefix so the sum equals total.
+    // Falls back to the legacy CVE + MAL display only if by_prefix isn't
+    // present (older catalog read paths).
+    const breakdown = c.by_prefix
+      ? ` (${Object.entries(c.by_prefix).sort().map(([p, n]) => `${n} ${p}`).join(" + ")})`
+      : (c.cve_count != null && c.mal_count != null)
       ? ` (${c.cve_count} CVE + ${c.mal_count} MAL)`
       : "";
     return `CVE catalog: ${total} entries${breakdown}, drift ${c.drift ?? 0}`;
@@ -7243,10 +7338,10 @@ function cmdAsk(runner, args, runOpts, pretty) {
   // Keeps cmdAsk dependency-free; rich enough to cover the 80% of natural
   // queries listed in the operator report.
   const SYNONYMS = {
-    "credential": ["secret", "key", "token", "password", "cred"],
-    "credentials": ["secret", "key", "token", "password", "cred"],
-    "api key": ["secret", "credential"],
-    "api keys": ["secret", "credential"],
+    "credential": ["secret", "key", "token", "password", "cred", "secrets"],
+    "credentials": ["secret", "key", "token", "password", "cred", "secrets"],
+    "api key": ["secret", "credential", "secrets"],
+    "api keys": ["secret", "credential", "secrets"],
     "supply chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
     "supply-chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
     "npm package": ["sbom", "dependency", "library", "publish"],
@@ -7262,8 +7357,48 @@ function cmdAsk(runner, args, runOpts, pretty) {
     "secret": ["credential", "key", "token", "env", "leak"],
     "secrets": ["credential", "key", "token", "env", "leak", "repo"],
     "config": ["configuration", "settings"],
+    // Audit 3 C.2: missing identity / phishing / SSO / BEC vocabulary.
+    "phish": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "phishing": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "phished": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "sso": ["identity-sso-compromise", "idp-incident", "okta", "azure-ad", "entra"],
+    "oauth": ["identity-sso-compromise", "idp-incident", "openid", "oidc"],
+    "saml": ["identity-sso-compromise", "idp-incident"],
+    "okta": ["identity-sso-compromise", "idp-incident", "sso"],
+    "entra": ["identity-sso-compromise", "idp-incident", "azure-ad", "sso"],
+    "bec": ["identity-sso-compromise", "phish"],
+    "deepfake": ["identity-sso-compromise", "phish", "ai-c2"],
+    // Famous-attack vocabulary maps to library-author / sbom / supply-chain.
+    "left-pad": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "left pad": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "event-stream": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "shai-hulud": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "ransomware": ["ransomware", "kernel", "runtime"],
+    "rogue": ["ai-c2", "llm-tool-use-exfil"],
+    "agentic": ["ai-c2", "llm-tool-use-exfil", "mcp"],
+    // Credential theft from a developer laptop is cred-stores territory.
+    "credential theft": ["cred-stores", "secrets"],
+    "cred theft": ["cred-stores", "secrets"],
+    "credential exfil": ["cred-stores", "llm-tool-use-exfil"],
+    "developer laptop": ["cred-stores", "hardening"],
   };
+  // Audit 3 C.1: stopwords filtered after synonym expansion so common
+  // English words don't drive false positives via raw substring matching.
+  // "the the the the" used to route to ai-api because "the" substring-hit
+  // "anthropic" in the haystack.
+  const STOPWORDS = new Set([
+    "the", "and", "for", "are", "but", "not", "you", "all", "can", "had",
+    "her", "was", "one", "our", "out", "day", "get", "has", "him", "his",
+    "how", "man", "new", "now", "old", "see", "two", "way", "who", "boy",
+    "did", "its", "let", "put", "say", "she", "too", "use", "any", "got",
+    "from", "this", "that", "with", "have", "they", "what", "your", "when",
+    "which", "would", "could", "should", "there", "their", "about", "into",
+    "than", "then", "them", "some", "more", "most", "very", "much", "such",
+    "been", "were", "want", "well", "back", "good", "make", "made", "take",
+    "took", "give", "gave", "find", "found", "know", "knew", "told", "ago",
+  ]);
   // Tokenize question (length >= 2, lowercase) + expand via synonyms.
   const baseTokens = q.split(/\W+/).filter(t => t.length >= 2);
   const expanded = new Set(baseTokens);
@@ -7275,13 +7410,16 @@ function cmdAsk(runner, args, runOpts, pretty) {
   for (const t of baseTokens) {
     if (SYNONYMS[t]) for (const s of SYNONYMS[t]) expanded.add(s);
   }
+  // Filter stopwords AFTER synonym expansion (synonym lookup may have
+  // pulled in canonical tokens via a stopword-adjacent multi-word phrase).
+  for (const sw of STOPWORDS) expanded.delete(sw);
   const tokens = [...expanded];
   const scored = [];
   for (const id of ids) {
     let pb;
     try { pb = runner.loadPlaybook(id); } catch { continue; }
-    const haystack = [
+    const haystackText = [
       pb._meta?.id || id,
       pb.domain?.name || "",
       pb.domain?.attack_class || "",
@@ -7297,8 +7435,14 @@ function cmdAsk(runner, args, runOpts, pretty) {
       pb.phases?.look?.collection_scope?.asset_scope || "",
       pb.phases?.look?.collection_scope?.time_window || "",
     ].join(" ").toLowerCase();
+    // Audit 3 C.1: tokenize the haystack and use Set membership instead
+    // of raw substring matching. The substring approach matched "the" in
+    // "authentication" and "got" inside larger words, allowing stopword
+    // and partial-word false positives. Tokenized membership matches
+    // whole tokens only.
+    const haystackTokens = new Set(haystackText.split(/\W+/).filter(t => t.length >= 2));
     let score = 0;
-    for (const t of tokens) if (haystack.includes(t)) score++;
+    for (const t of tokens) if (haystackTokens.has(t)) score++;
     // ID match counts double — "secrets" should map to the secrets playbook.
     if (tokens.some(t => (pb._meta?.id || id) === t)) score += 3;
     scored.push({ id: pb._meta?.id || id, score });

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-22T07:28:48.846Z",
+  "generated_at": "2026-05-22T22:29:25.619Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "f02056365a264901e95631245efa002968acee2e6432ab2e5131b6b53eadcd81",
+    "manifest.json": "0118e0d6c9e44545bc599ab7a7fc2d2d6208202def470bac06239ea3397f47dc",
     "data/atlas-ttps.json": "d296c1d3e71807c9279b731f047e57796e85137f186586743a8cdad214b408f9",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",

package/lib/refresh-external.js CHANGED Viewed

@@ -1426,6 +1426,22 @@ async function main() {
   // against each other for tokens. The two modes produce the same report
   // structure; only wall-clock differs.
   const runOne = async (src) => {
+    // Audit 3 A.1: --air-gap was honored by GHSA/OSV at the source-module
+    // level, but kev/epss/nvd/rfc/pins fell through to their live-network
+    // branches when neither fixtures nor cacheDir was wired up. Refuse
+    // here so the air-gap guarantee holds uniformly across every source.
+    if (ctx.airGap && !ctx.fixtures?.[src.name] && !ctx.cacheDir) {
+      return {
+        src,
+        diff: {
+          status: "unreachable",
+          diffs: [],
+          errors: 0,
+          summary: `air-gap mode: ${src.name} skipped (no fixture or cache configured; would have made a live network call)`,
+          air_gap_blocked: true,
+        },
+      };
+    }
     let diff;
     try {
       diff = await src.fetchDiff(ctx);
@@ -1457,6 +1473,10 @@ async function main() {
       diffs: diff.diffs,
       applies_to: src.applies_to,
       report_only: !!src.report_only,
+      // Audit 3 A.1: thread the central-dispatch air-gap short-circuit
+      // marker through to the persisted report so stdout-parsing consumers
+      // and the regression test can verify the network refusal happened.
+      ...(diff.air_gap_blocked ? { air_gap_blocked: true } : {}),
     };
     if (opts.apply && diff.diffs.length > 0 && !src.report_only) {
       const r = await src.applyDiff(ctx, diff.diffs);

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.57",
+  "version": "0.13.58",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-22T07:13:12.339Z",
+      "signed_at": "2026-05-22T22:28:34.347Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
-      "signed_at": "2026-05-22T07:13:12.341Z",
+      "signed_at": "2026-05-22T22:28:34.349Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
-      "signed_at": "2026-05-22T07:13:12.341Z",
+      "signed_at": "2026-05-22T22:28:34.350Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "RYOxeq/o3uTwTWq4H7RcdH2Aclg9UyCERfUH9Frwkzncsowg7LgxpaEDc3swTCv73HMEGbU8wVbXguZ4JxHUCQ==",
-      "signed_at": "2026-05-22T07:13:12.341Z"
+      "signed_at": "2026-05-22T22:28:34.350Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DneJCPKCPcoe6nQ82XptqSqNfSRdt1orKaO+o7K36YCciDrzwJb+1BuBLusPDtpcdDaGY0y0e+AqiTYJklhBAQ==",
-      "signed_at": "2026-05-22T07:13:12.342Z"
+      "signed_at": "2026-05-22T22:28:34.351Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-22T07:13:12.342Z"
+      "signed_at": "2026-05-22T22:28:34.351Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XgrzcA2brPhXrSTxrcLnJec0OpgGYJBoSTUlJ10UdePHffxqb9LTVGnfbmEk1ykQifXREZexui2bG7X/+eFfCQ==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T22:28:34.352Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T22:28:34.352Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ciqhVloMWWXEigPZvvwoV2c54tEqsDqsoc+sS/mNTFFJk2H+tz2+XUrgfEPRuYw0FeyNB6/+27pL2NpKHzUqAg==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T22:28:34.352Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T22:28:34.353Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T22:28:34.353Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T22:28:34.353Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-22T07:13:12.345Z",
+      "signed_at": "2026-05-22T22:28:34.354Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "MS35nWm8djfJGn4OOoT0JKJ2aO+Dkbb6wOOWJYvNZlRKT3UGA59o2gxg1JOnD20hb/RwxtkmCujhl2tuYSR+AQ==",
-      "signed_at": "2026-05-22T07:13:12.345Z"
+      "signed_at": "2026-05-22T22:28:34.354Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-22T07:13:12.346Z",
+      "signed_at": "2026-05-22T22:28:34.354Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-22T07:13:12.346Z"
+      "signed_at": "2026-05-22T22:28:34.355Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "7eEwCXFd9pDKUw7yCUbRJSjfzozE44dwwwemCQUPm8JBPztLltibD9bL/RszSbYyCrYJmVb5Drncz2cGe62gCw==",
-      "signed_at": "2026-05-22T07:13:12.346Z"
+      "signed_at": "2026-05-22T22:28:34.355Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T22:28:34.355Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T22:28:34.356Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T22:28:34.356Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T22:28:34.356Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T22:28:34.357Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T22:28:34.357Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T22:28:34.357Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T22:28:34.358Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T22:28:34.358Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T22:28:34.358Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-22T07:13:12.350Z"
+      "signed_at": "2026-05-22T22:28:34.359Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-22T07:13:12.350Z"
+      "signed_at": "2026-05-22T22:28:34.360Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-22T07:13:12.351Z"
+      "signed_at": "2026-05-22T22:28:34.360Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T22:28:34.360Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T22:28:34.361Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T22:28:34.361Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T22:28:34.361Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-22T07:13:12.353Z"
+      "signed_at": "2026-05-22T22:28:34.362Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.6.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "BGNE6ZQWBA1LmsUFe8tU0L67iGDSrFqiuqaZD2f1KqfcyqqzQfMs9PWNHFzxxaJmXeKlm87eU8lgELF0bX+RBA==",
-      "signed_at": "2026-05-22T07:13:12.353Z"
+      "signed_at": "2026-05-22T22:28:34.362Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FkZQerh3VHVJAwIcCktDyMRh5KE2+Em/i0ek8zEz7JG/PXtQx8ujHWTh3VjZbOLhPNtdB2qxgXOIAYIofaVOAQ==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T22:28:34.363Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n3UToNuN3A1HgLvcuqmIx8vrZY71+r/79waK92jG+rSX4uYOzkmxMUpROrE5K9bDwMezNBHdjWv8Uul6zugyDQ==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T22:28:34.363Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T22:28:34.363Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T22:28:34.364Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T22:28:34.364Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T22:28:34.364Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "Mqdh4G/iwFRFGu8rZzRnFr9lRtUZuHwTLJhvCMik7tfut7rHh2YKeGKojYcQ//dM7KISIHkkq3wnC+zJzWcpCw=="
+    "signature_base64": "mdQrCl48PftO+TYlZYuLcv+CwlLJbnZVHnRroxdJN/aT3fkQrspI4uuO5fNffKfCOSAtGvJAjnJSicyzSmWCAA=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.57",
+  "version": "0.13.58",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b0a6b327-121e-40c6-8092-871c7183b709",
+  "serialNumber": "urn:uuid:a16b275c-093a-4a24-8455-a4b16ca4f30a",
   "version": 1,
   "metadata": {
-    "timestamp": "2119-12-02T06:07:35.000Z",
+    "timestamp": "2111-10-27T09:03:24.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.57"
+        "version": "0.13.58"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.57",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.58",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.57",
+      "version": "0.13.58",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.57",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.58",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "699e406210e768c36fb8c34f9c860c744a6e34e39eb3e2faec853b870a65a0b4"
+          "content": "2b33022649383cbe6192cceb44beea752813e3e7b98f01cad792ed72d6e099f6"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.57"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.58"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "95bd558e91d2239599d30e889edd3313493776362fb57cb4b76b153b6ee2792a"
+          "content": "fefb8a8b46c7af0dbc4e50e0fb8097cf69dd9b17c1e118a68f8cae52dfb6e395"
         },
         {
           "alg": "SHA3-512",
-          "content": "585290d78871e4effc0465ddbfdf5316466c6a1719d2df68faa8521d0445b759269ec27f12726943ef10eb5ce463702d1d883aa53ca82743dda335c416af4ec9"
+          "content": "e235ed19a6dfdab65bd07d5648c290e3dfed674ffc5c175ca078c699ba2a3876d684d234269ae0f7b424c0852f6295659bffc1537a1e7cb4784df0ce86c0e475"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "75b10d80c2b634e132427542056cd2ca67dba954141e6d767677a1ab18ffac9d"
+          "content": "349069b61c499fbe4fec22632b210de1c22715801ead96f4a4978bdce4294dd8"
         },
         {
           "alg": "SHA3-512",
-          "content": "70e8c7016d5be30a646de75e7f2aaa7b9999277ecbfbaea660ff546ece14e4dfe513af956ccacbe56f67ae3cf052148e863526a72ac93ccd0e3d76b888aa503b"
+          "content": "6a1aab850c608bf69c04cd3602a9bf53b8661cba65e0d8dd8ec6f0abb149318c9d1d446b750e6e78bf0d379a9fa9bf4fb0727a1832b6bb29c689656ca36df53e"
         }
       ]
     },
@@ -1271,11 +1271,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "edf7fe483cffe4fe0429ff6f43cd1fec1b35a66d39d4bbd2ae7298886c3af3b9"
+          "content": "f769111b2412cd0ae3ff6f2adc54002355a271262d79a2c645a4e0f41e2a1c1a"
         },
         {
           "alg": "SHA3-512",
-          "content": "3bffc99ca6c2120b67e004fb100f9fb8674831a1d201fc4b93061933b69b31bef6cd3a90b4dc77fb554c023b88cfda8969a4a4a53a0ec6faa5171dfb8f4b044b"
+          "content": "5f58125b5706702ad3c6f1c4738772d8a61f6183426af178ae3666f16c8201c623920f668f0b83075484bfd1b100b83563161b7e36e6ffba7c073af5dadbb4b9"
         }
       ]
     },
@@ -1661,11 +1661,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f02056365a264901e95631245efa002968acee2e6432ab2e5131b6b53eadcd81"
+          "content": "0118e0d6c9e44545bc599ab7a7fc2d2d6208202def470bac06239ea3397f47dc"
         },
         {
           "alg": "SHA3-512",
-          "content": "3f2f83b42aceb51653aa005f11404db852ca9d043536eb626cd03240f15ef92ec5a353fea1024518e149a59ac2e2b38623417c7b49907240d484686975d1e95f"
+          "content": "453bd67efc81e04681233de9155acce4eb7acd762fefdb824820046e79780dc7028b91472f55f8f0e105f30c75905bb3a32ecb2fa49254b8acc17c502a046d56"
         }
       ]
     },