npm - @blamejs/exceptd-skills - Versions diffs - 0.13.57 → 0.13.59 - Mend

@blamejs/exceptd-skills 0.13.57 → 0.13.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,40 @@
 # Changelog
+## 0.13.59 — 2026-05-22
+Air-gap mode honored by `--upstream-check` and the `collect` envelope. `doctor` subchecks surface freshness timestamps + walk-cap markers. `--collectors` text matches its JSON.
+### Bugs
+- **`run --upstream-check --air-gap` was making the registry call anyway.** The upstream-check helper had no air-gap awareness, and the run path didn't gate the call. The refusal now lives at the central upstream-check dispatch so any future caller inherits it; the result envelope carries `upstream_check.air_gap_blocked: true` and `source: "air-gap"` so consumers see the refusal happened.
+- **`doctor --ai-config` walked unbounded** — 48k+ entries under `~/.claude/` (conversation logs, cache, plugin tarballs) before finishing. The walk now caps at 4 depth + 5000 files and skips known-noisy subdir names (`node_modules`, `.git`, `.cache`, `logs`, `sessions`, `conversations`, `history`, `tmp`, `cache`). When the cap fires, `walk_truncated: true` and `walk_caps: { max_depth, max_files }` surface so operators see the bound.
+- **`doctor --ai-config` text mode still said "manual ACL review noted for any sensitive files found"** on Windows even though the runtime ACL audit lands real findings via `icacls`. The placeholder dated to the original POSIX-only implementation; replaced with a description that matches the actual check.
+- **`doctor --collectors` text mode was a strict subset of JSON** — the count of policy-skipped playbooks was visible but the names were `--json`-only. Text now enumerates the first 5 names + a `+N more` indicator so terminal operators see the same actionable information.
+### Features
+- **`doctor --currency`** surfaces `oldest_last_threat_review`, `newest_last_threat_review`, `max_days_since_review`, and `checked_at` so operators can answer "is my skill catalog stale?" without parsing the per-skill report.
+- **`doctor --rfcs`** surfaces `index_last_modified` + `index_age_days` from the RFC index mtime so operators can answer "is the offline RFC catalog fresh?" without running a separate refresh.
+- **`collect` envelope** surfaces `air_gap_mode` at the top of the result so downstream `run --evidence -` and AI consumers see the collection-time mode propagating. Collectors themselves don't currently make network calls; the marker flags the collection context for future collector additions.
+## 0.13.58 — 2026-05-22
+Air-gap mode now blocks every refresh source (not just GHSA/OSV). `doctor` help text catches up with runtime flag set, surfaces a fix status when nothing to remediate, and refuses unknown flags. `ask` stops returning false-positive substring matches and learns identity / phishing / SSO / famous-attack vocabulary.
+### Bugs
+- **`refresh --air-gap` was a partial guarantee.** GHSA + OSV honored `ctx.airGap` at the source-module level. `kev`, `epss`, `nvd`, `rfc`, and `pins` fell through to their live-network branches when neither `--from-fixture` nor `--from-cache` was wired up — operators got a banner promising no egress while CISA KEV updates were being applied to the catalog. The air-gap guard now lives at the central source-dispatch (`runOne` in `lib/refresh-external.js`) so the guarantee holds uniformly across every source. Sources with a `fixtures.<name>` or `cacheDir` offline path still run normally.
+- **`exceptd doctor --help` advertised 6 flags but the runtime accepted 10.** `--collectors`, `--ai-config`, `--exit-codes`, and `--shipped-tarball` were dispatchable but undiscoverable. The help block now enumerates the full set, with one-paragraph descriptions of what each surface checks. `--exit-codes` is now operator-discoverable as the canonical EXIT_CODES contract dump.
+- **`doctor --cves` breakdown arithmetic** silently dropped `BUG-*` and any non-CVE/non-MAL prefix entries from the named totals. `312 entries (301 CVE + 8 MAL)` is now `312 entries (3 BUG + 301 CVE + 8 MAL)` — exact sum. Output adds a structured `by_prefix` map so the breakdown is data-driven against the live catalog instead of hardcoded against two prefixes (same regression class as the v0.13.6 MAL fix, now generalized).
+- **`doctor --fix` silently no-op'd when nothing was wrong.** Operators couldn't distinguish "we tried and were already healthy" from "we tried and failed silently." The summary now carries `fix_status: "already_present"` + `fix_skipped_reason` on a healthy install. Existing `fix_applied` / `fix_attempted` / `fix_partial` states unchanged.
+- **`doctor` accepted unknown flags as no-ops** instead of refusing. `doctor --singatures` (typo), `doctor --data` (renamed-out flag), `doctor --bogus-flag-xyz` all ran a full default scan and exited 0. Refusal is now structured: ok:false + `unknown_flags[]` with did-you-mean candidates + `known_flags[]` listing every accepted flag. Non-zero exit.
+- **`ask` substring matching produced stopword false positives.** `"the"` substring-hit `"authentication"` in the haystack, so any query containing a stopword inflated scores. The pure-stopword query `"the the the the"` routed confidently to ai-api. Fix: tokenize the haystack with the same splitter as the question and match by whole-token Set membership instead of `String.includes`. Plus a stopword filter applied after synonym expansion to drop common English words that would otherwise dilute scoring.
+### Features
+- **`run` / `ai-run` / `ci` envelopes surface `air_gap_mode` at the top.** Stdout-parsing consumers can detect that air-gap was active without descending into `phases.govern`. Mirrors the existing result-hoist pattern (`verdict`, `rwep_score`, `evidence_completeness`, `attestation_path`).
+- **`ask` synonym map grew to cover identity / phishing / SSO / BEC / famous-attack vocabulary.** New keys: `phish*`, `sso`, `oauth`, `saml`, `okta`, `entra`, `bec`, `deepfake`, `left-pad`, `event-stream`, `shai-hulud`, `agentic`, `rogue`, `credential theft`, `developer laptop`. Queries like `"I think we got phished"` now top-route to identity-sso-compromise; `"left-pad style attack"` to library-author; `"credential theft from developer laptop"` to secrets (with cred-stores in top 3).
 ## 0.13.57 — 2026-05-22
 `attest list` populates the signed field. README + verb help document the ai-run JSONL event grammar. `--block-on-jurisdiction-clock` clarifies pending-vs-started semantics.

package/bin/exceptd.js CHANGED Viewed

@@ -1989,14 +1989,42 @@ Subchecks:
                           Currently scoped to: regenerate the local Ed25519
                           private key when keys/public.pem exists but
                           .keys/private.pem is absent. Does NOT modify any
-                          file outside .keys/.
-  (no flag)               All four subchecks above (sans --registry-check
-                          unless explicitly requested), plus signing-status
-                          (private key presence under .keys/).
+                          file outside .keys/. When the key is already
+                          present, --fix is a no-op (surfaces fix_status:
+                          "already_present" so callers can distinguish
+                          clean-state from broken-state).
+  --collectors            Audit the per-playbook collector layer:
+                          which playbooks have a collector module under
+                          lib/collectors/, which are policy-skipped by
+                          design, and which collectors haven't been wired
+                          up yet. JSON emits has_collector / policy_skips /
+                          without_collector arrays.
+  --ai-config             Walk the operator's AI-assistant configuration
+                          files (~/.claude/, ~/.cursor/, ~/.codeium/,
+                          ~/.aider/, ~/.continue/) and surface sensitive
+                          content (API keys, tokens, MCP server
+                          definitions) plus on Windows the icacls ACL
+                          state. Combine with --fix to harden ACLs.
+                          Opt-in — never part of the default scan.
+  --exit-codes            Dump the canonical EXIT_CODES table as JSON.
+                          Useful for CI / scripting consumers that want
+                          the documented exit-code contract without parsing
+                          help text. Off by default.
+  --shipped-tarball       Round-trip the verify-shipped-tarball gate:
+                          npm pack → extract to a tempdir → run
+                          lib/verify.js against the extracted tree.
+                          Surfaces the signature-regression class where
+                          source-tree verify passes but the published
+                          tarball fails. Off by default.
+  (no flag)               --signatures + --currency + --cves + --rfcs +
+                          signing-status. --registry-check, --collectors,
+                          --ai-config, --exit-codes, --shipped-tarball are
+                          opt-in and never run as part of the default scan.
 Flags:
   --json                  Emit JSON (default is human-readable text).
   --pretty                Indented JSON output (implies --json).
+  --air-gap               Suppress the --registry-check network probe.
 Output: checks{} per subcheck + summary{all_green, issues_count}.`,
     "ai-run": `ai-run <playbook> — streaming JSONL contract for AI-driven runs (v0.11.0).
@@ -2326,7 +2354,23 @@ function cmdCollect(runner, args, runOpts, pretty) {
   // `exceptd run <playbook> --evidence -` to drive a real verdict.
   // Human-rendered version is concise so an interactive operator can
   // see what the collector found without parsing the JSON.
-  emit({ verb: "collect", playbook_id: playbookId, ...submission }, pretty, (obj) => {
+  // Audit 3 A.4: surface air_gap_mode on the collect envelope so the
+  // downstream `run --evidence -` sees the mode propagating from the
+  // collection step. Collectors themselves currently make no network
+  // calls — but the flag's intent is to flag the collection context for
+  // any future collector that might.
+  // Also honor _meta.air_gap_mode on the playbook itself — playbooks
+  // like secrets / cred-stores / containers declare air-gap intrinsically
+  // and `run` honors that even without --air-gap. Collect must mirror so
+  // automation downstream sees the same intrinsic mode.
+  let pbMetaAirGap = false;
+  try { pbMetaAirGap = !!(runner.loadPlaybook(playbookId)?._meta?.air_gap_mode); }
+  catch { /* playbook load shouldn't fail here — collector exists — but be defensive */ }
+  const collectAirGap = !!(runOpts.airGap || process.env.EXCEPTD_AIR_GAP === "1" || pbMetaAirGap);
+  // Spread `submission` first, then explicit fields, so a submission key
+  // named `air_gap_mode` (currently always undefined but defensive against
+  // future collector contracts) can't clobber the envelope marker.
+  emit({ verb: "collect", playbook_id: playbookId, ...submission, air_gap_mode: collectAirGap }, pretty, (obj) => {
     const lines = [];
     const meta = obj.collector_meta || {};
     lines.push(`collect: ${obj.playbook_id}  (${meta.collector_version || "?"} on ${meta.platform || "?"})`);
@@ -3146,25 +3190,47 @@ function cmdRun(runner, args, runOpts, pretty) {
   // Network bounded by an 8s timeout; degrades gracefully when offline.
   let upstreamCheck = null;
   if (args["upstream-check"]) {
-    try {
-      const cliPath = path.join(PKG_ROOT, "lib", "upstream-check-cli.js");
-      const res = spawnSync(process.execPath, [cliPath, "--timeout", "5000"], {
-        encoding: "utf8",
-        cwd: PKG_ROOT,
-        timeout: 8000,
-      });
-      try { upstreamCheck = JSON.parse((res.stdout || "").trim()); } catch { /* fall through */ }
-      if (upstreamCheck && upstreamCheck.behind) {
-        process.stderr.write(`[exceptd run --upstream-check] STALE: local v${upstreamCheck.local_version} < published v${upstreamCheck.latest_version} (published ${upstreamCheck.latest_published_at}, ${upstreamCheck.days_since_latest_publish}d ago). Continuing with local catalog. Run \`npm update -g @blamejs/exceptd-skills\` or \`exceptd refresh --network\` to consume the latest.\n`);
+    // Audit 3 A.6: --air-gap must refuse the registry probe. The
+    // upstream-check helper has no air-gap awareness of its own; the
+    // central refusal lives here so any future caller of --upstream-check
+    // inherits it.
+    if (runOpts.airGap || process.env.EXCEPTD_AIR_GAP === "1") {
+      upstreamCheck = {
+        ok: false,
+        source: "air-gap",
+        air_gap_blocked: true,
+        skipped_reason: "--upstream-check would query the npm registry; refused under --air-gap.",
+      };
+    } else {
+      try {
+        const cliPath = path.join(PKG_ROOT, "lib", "upstream-check-cli.js");
+        const res = spawnSync(process.execPath, [cliPath, "--timeout", "5000"], {
+          encoding: "utf8",
+          cwd: PKG_ROOT,
+          timeout: 8000,
+        });
+        try { upstreamCheck = JSON.parse((res.stdout || "").trim()); } catch { /* fall through */ }
+        if (upstreamCheck && upstreamCheck.behind) {
+          process.stderr.write(`[exceptd run --upstream-check] STALE: local v${upstreamCheck.local_version} < published v${upstreamCheck.latest_version} (published ${upstreamCheck.latest_published_at}, ${upstreamCheck.days_since_latest_publish}d ago). Continuing with local catalog. Run \`npm update -g @blamejs/exceptd-skills\` or \`exceptd refresh --network\` to consume the latest.\n`);
+        }
+      } catch (e) {
+        upstreamCheck = { ok: false, error: e.message, source: "offline" };
       }
-    } catch (e) {
-      upstreamCheck = { ok: false, error: e.message, source: "offline" };
     }
   }
   const result = runner.run(playbookId, directiveId, submission, runOpts);
   if (result && upstreamCheck) result.upstream_check = upstreamCheck;
+  // Audit 3 A.2: surface air_gap_mode at the top of the envelope so
+  // stdout-parsing consumers can detect that the run honored --air-gap
+  // (or the playbook's _meta.air_gap_mode flag) without descending into
+  // phases.govern. Mirrors the run-result hoist pattern (verdict,
+  // rwep_score, evidence_completeness, attestation_path).
+  if (result) {
+    result.air_gap_mode = !!(pb._meta?.air_gap_mode || runOpts.airGap);
+  }
   // v0.11.9 (#113/#114): surface --operator and --ack in the run result so
   // operators see the attribution + consent state without inspecting the
   // attestation file. Pre-0.11.9 these were persisted to disk only.
@@ -5920,6 +5986,27 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   const wantJson = !!args.json || !!args.pretty;
   const indent = !!args.pretty;
+  // Refuse unknown flags rather than silently running the full default
+  // scan. Pre-fix, typos and renamed-out flags all returned exit 0 with
+  // the operator believing they'd run a targeted check.
+  const KNOWN_DOCTOR_FLAGS = new Set([
+    "json", "pretty", "fix", "air-gap",
+    "signatures", "currency", "cves", "rfcs", "registry-check",
+    "ai-config", "collectors", "exit-codes", "shipped-tarball",
+    // Global flags the parser may inject regardless of verb.
+    "_", "json-stdout-only", "_jsonMode",
+  ]);
+  const unknownFlags = Object.keys(args).filter(k => !KNOWN_DOCTOR_FLAGS.has(k));
+  if (unknownFlags.length > 0) {
+    const dym = unknownFlags.map(f => {
+      const candidates = [...KNOWN_DOCTOR_FLAGS].filter(k => typeof k === "string" && k.length >= 2 && (k.includes(f) || f.includes(k) || levenshtein1(f, k) <= 1));
+      return { flag: `--${f}`, did_you_mean: candidates.slice(0, 3).map(c => `--${c}`) };
+    });
+    return emitError(`doctor: unknown flag(s): ${unknownFlags.map(f => `--${f}`).join(", ")}`,
+      { verb: "doctor", unknown_flags: dym, known_flags: [...KNOWN_DOCTOR_FLAGS].filter(k => k !== "_" && !k.startsWith("_") && k !== "json-stdout-only").sort().map(k => `--${k}`) },
+      pretty);
+  }
   // `doctor --exit-codes` dumps the canonical exit-code table as JSON so
   // operator-facing docs cannot drift from runtime behavior. Short-circuit
   // before the regular health checks since the dump is informational.
@@ -6039,12 +6126,25 @@ function cmdDoctor(runner, args, runOpts, pretty) {
         const stale = parsed.currency_report.filter(s => s.action_required || s.currency_label !== "current");
         const critical = parsed.currency_report.filter(s => s.currency_score !== undefined && s.currency_score < 50);
         const ok = stale.length === 0 && !parsed.action_required;
+        // Audit 3 B.7: surface the freshest + stalest last_threat_review
+        // so operators can answer "is my data stale?" without parsing the
+        // full report. Falls back gracefully when the upstream report
+        // omits the per-skill date.
+        const dates = parsed.currency_report
+          .map(s => s.last_threat_review)
+          .filter(d => typeof d === "string" && /^\d{4}-\d{2}-\d{2}$/.test(d))
+          .sort();
+        const minDaysSince = dates.length ? Math.floor((Date.now() - new Date(dates[0]).getTime()) / 86400000) : null;
         checks.currency = {
           ok,
           total_skills: parsed.currency_report.length,
           stale_skills: stale.map(s => s.skill),
           critical_stale: critical.map(s => s.skill),
           critical_count: parsed.critical_count || 0,
+          oldest_last_threat_review: dates[0] || null,
+          newest_last_threat_review: dates[dates.length - 1] || null,
+          max_days_since_review: minDaysSince,
+          checked_at: new Date().toISOString(),
         };
         if (!ok) issues.push("currency");
       } else {
@@ -6079,22 +6179,37 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       // MAL-* (malicious package) entries silently dropped from the
       // doctor report — operators reading "34 entries" assumed the
       // Shai-Hulud / TanStack worm intel had been removed when it was
-      // present all along. Read the catalog and report both totals.
+      // present all along. Read the catalog and report all prefix
+      // groups — the previous CVE+MAL-only enumeration silently dropped
+      // any other prefix (BUG-*, SNYK-*, etc.) from the breakdown even
+      // though they were summed into total. Same regression class as
+      // the original CVE-only fix; this generalizes it.
       let total = null;
       let cve_count = null;
       let mal_count = null;
+      let by_prefix = null;
       try {
         const catalog = require(path.join(PKG_ROOT, "data", "cve-catalog.json"));
         const keys = Object.keys(catalog).filter((k) => !k.startsWith("_"));
         cve_count = keys.filter((k) => k.startsWith("CVE-")).length;
         mal_count = keys.filter((k) => k.startsWith("MAL-")).length;
         total = keys.length;
+        // Enumerate every prefix present so future additions (BUG-*,
+        // SNYK-*, GHSA-*, RUSTSEC-*) surface in the breakdown instead
+        // of vanishing into the total - sum-of-named-prefixes gap.
+        by_prefix = {};
+        for (const k of keys) {
+          const m = k.match(/^([A-Z]+)-/);
+          const p = m ? m[1] : "OTHER";
+          by_prefix[p] = (by_prefix[p] || 0) + 1;
+        }
       } catch { /* fall through with nulls */ }
       checks.cves = {
         ok,
         total,
         cve_count,
         mal_count,
+        by_prefix,
         drift: driftMatch ? Number(driftMatch[1]) : 0,
         ...(ok ? {} : { exit_code: res.status, raw: text.slice(0, 500) }),
       };
@@ -6117,10 +6232,23 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       const rfcRows = (text.match(/^RFC-\d+/gm) || []).length;
       const driftMatch = text.match(/drift[:\s]+(\d+)/i);
       const ok = res.status === 0;
+      // Audit 3 B.7: surface the RFC catalog file's mtime + age so
+      // operators can answer "is the offline RFC index fresh?" without
+      // running a separate refresh.
+      let rfcMtime = null;
+      let rfcAgeDays = null;
+      try {
+        const rfcPath = path.join(PKG_ROOT, "data", "rfc-index.json");
+        const st = fs.statSync(rfcPath);
+        rfcMtime = st.mtime.toISOString();
+        rfcAgeDays = Math.floor((Date.now() - st.mtimeMs) / 86400000);
+      } catch { /* file may not exist on contributor checkouts */ }
       checks.rfcs = {
         ok,
         total: rfcRows,
         drift: driftMatch ? Number(driftMatch[1]) : 0,
+        index_last_modified: rfcMtime,
+        index_age_days: rfcAgeDays,
         ...(ok ? {} : { exit_code: res.status, raw: text.slice(0, 500) }),
       };
       if (!ok) issues.push("rfcs");
@@ -6271,18 +6399,47 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     const findings = [];
     let scannedDirs = 0;
     let scannedFiles = 0;
-    function walk(absDir, displayRoot, rel) {
+    let walkAborted = false;
+    // Audit 3 B.9: cap depth + file count to bound the walk. Without
+    // these, doctor --ai-config can read 48k+ entries under ~/.claude
+    // (conversation logs, cache dirs, plugin tarballs) before finishing.
+    // The five SENSITIVE_PATTERNS files all live within ~3 levels of an
+    // AI-assistant config root, so 4 is generous. The skipped dirs are
+    // known non-config noise that shouldn't carry credentials.
+    const MAX_DEPTH = 4;
+    const MAX_FILES = 5000;
+    const SKIP_DIR_NAMES = new Set([
+      'node_modules', '.git', '.cache', 'logs', 'log',
+      'sessions', 'session', 'transcripts', 'transcript',
+      'conversations', 'history', 'tmp', 'temp', 'cache',
+    ]);
+    function walk(absDir, displayRoot, rel, depth = 0) {
+      if (walkAborted) return;
+      if (depth > MAX_DEPTH) return;
+      if (scannedFiles > MAX_FILES) {
+        walkAborted = true;
+        return;
+      }
       if (!fs.existsSync(absDir)) return;
       let entries;
       try { entries = fs.readdirSync(absDir, { withFileTypes: true }); }
       catch { return; }
       for (const e of entries) {
+        if (walkAborted) return;
+        if (e.isDirectory() && SKIP_DIR_NAMES.has(e.name.toLowerCase())) continue;
         const childAbs = path.join(absDir, e.name);
         const childRel = rel ? rel + '/' + e.name : e.name;
         if (e.isDirectory()) {
-          walk(childAbs, displayRoot, childRel);
+          walk(childAbs, displayRoot, childRel, depth + 1);
         } else if (e.isFile()) {
           scannedFiles++;
+          // Check the file cap immediately after the increment so a
+          // single large directory doesn't process tens of thousands of
+          // entries before the next recursive call catches the bound.
+          if (scannedFiles > MAX_FILES) {
+            walkAborted = true;
+            return;
+          }
           if (!SENSITIVE_PATTERNS.some((re) => re.test(e.name))) continue;
           let st;
           try { st = fs.statSync(childAbs); } catch { continue; }
@@ -6375,6 +6532,8 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       severity: errorFindings.length > 0 && fixesFailed > 0 ? 'warn' : (errorFindings.length > 0 && !args.fix ? 'warn' : 'info'),
       scanned_dirs: scannedDirs,
       scanned_files: scannedFiles,
+      walk_truncated: walkAborted,
+      walk_caps: { max_depth: MAX_DEPTH, max_files: MAX_FILES },
       directories_inspected: AI_CONFIG_DIRS.map((d) => d.display),
       sensitive_patterns: ['settings.json', 'mcp.json', '*.mcp_config.json', 'api_key*', '*.token', '*.credentials'],
       findings,
@@ -6543,6 +6702,23 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     }
   }
+  // Audit 3 B.3: --fix was passed but nothing to fix. Pre-fix this was
+  // silently a no-op — operators couldn't distinguish "we tried and were
+  // already healthy" from "we tried and failed silently." Now surfaces a
+  // structured fix_status so callers reading the envelope can branch on
+  // it.
+  // The ai-config branch tracks its remediations on checks.ai_config
+  // (fix_applied / fix_failed are nested there, not on out.summary), so
+  // include that signal when deciding whether ANY fix actually ran.
+  // Without this, doctor --ai-config --fix applying chmod/icacls would
+  // simultaneously report checks.ai_config.fix_applied > 0 AND
+  // summary.fix_status: "already_present", which is contradictory.
+  const aiConfigFixed = !!(checks.ai_config && ((checks.ai_config.fix_applied || 0) > 0 || (checks.ai_config.fix_failed || 0) > 0));
+  if (args.fix && !out.summary.fix_applied && !out.summary.fix_attempted && !out.summary.fix_partial && !out.summary.fix_decline_reason && !aiConfigFixed) {
+    out.summary.fix_status = "already_present";
+    out.summary.fix_skipped_reason = "Signing key + skill signatures are already valid; nothing to remediate.";
+  }
   if (wantJson) {
     emit(out, indent);
     if (!allGreen) process.exitCode = EXIT_CODES.GENERIC_FAILURE;
@@ -6578,7 +6754,12 @@ function cmdDoctor(runner, args, runOpts, pretty) {
   mark(checks.cves, c => {
     if (!c.ok) return `CVE catalog FAILED (exit=${c.exit_code ?? "?"})`;
     const total = c.total ?? "?";
-    const breakdown = (c.cve_count != null && c.mal_count != null)
+    // Audit 3 B.2: enumerate every prefix so the sum equals total.
+    // Falls back to the legacy CVE + MAL display only if by_prefix isn't
+    // present (older catalog read paths).
+    const breakdown = c.by_prefix
+      ? ` (${Object.entries(c.by_prefix).sort().map(([p, n]) => `${n} ${p}`).join(" + ")})`
+      : (c.cve_count != null && c.mal_count != null)
       ? ` (${c.cve_count} CVE + ${c.mal_count} MAL)`
       : "";
     return `CVE catalog: ${total} entries${breakdown}, drift ${c.drift ?? 0}`;
@@ -6644,6 +6825,16 @@ function cmdDoctor(runner, args, runOpts, pretty) {
       ? ` (${c.policy_skips.length} judgement-shaped playbooks intentionally without a collector — see AGENTS.md)`
       : "";
     lines.push(`  ${icon} collector layer: ${c.with_collector ?? "?"}/${c.total_playbooks ?? "?"} playbooks have collectors${skipNote}`);
+    // Enumerate the policy-skipped playbooks in text mode so it carries
+    // the same operator-actionable information as the JSON envelope.
+    // Pre-fix the count was visible but the names appeared only in the
+    // structured output, forcing operators to parse JSON to learn which
+    // playbooks are policy-skipped.
+    if (Array.isArray(c.policy_skips) && c.policy_skips.length > 0) {
+      const shown = c.policy_skips.slice(0, 5).join(", ");
+      const more = c.policy_skips.length > 5 ? `, … +${c.policy_skips.length - 5} more` : "";
+      lines.push(`       policy-skipped: ${shown}${more}`);
+    }
     if (Array.isArray(c.load_errors) && c.load_errors.length > 0) {
       lines.push(`       ${c.load_errors.length} collector(s) failed to load:`);
       for (const e of c.load_errors.slice(0, 5)) {
@@ -6660,7 +6851,10 @@ function cmdDoctor(runner, args, runOpts, pretty) {
     const fileCount = c.scanned_files ?? 0;
     lines.push(`  ${icon} AI-assistant config audit: scanned ${fileCount} file(s) across ${dirCount} dir(s) of ${(c.directories_inspected || []).length} candidate root(s); ${findings.length} finding(s)`);
     if (c.platform === "win32" && findings.length === 0 && fileCount > 0) {
-      lines.push(`       (on Windows, POSIX mode bits are not load-bearing — manual ACL review noted for any sensitive files found)`);
+      lines.push(`       (Windows: ACL inspected via icacls; every sensitive file restricted to the workstation user)`);
+    }
+    if (c.walk_truncated) {
+      lines.push(`       (walk truncated at ${c.walk_caps?.max_files || "?"} file(s) / depth ${c.walk_caps?.max_depth || "?"}; rerun under a narrower path if you need exhaustive coverage)`);
     }
     for (const f of findings.slice(0, 5)) {
       const sev = f.severity === "error" ? "[!!]" : f.severity === "warn" ? "[warn]" : "[info]";
@@ -7243,10 +7437,10 @@ function cmdAsk(runner, args, runOpts, pretty) {
   // Keeps cmdAsk dependency-free; rich enough to cover the 80% of natural
   // queries listed in the operator report.
   const SYNONYMS = {
-    "credential": ["secret", "key", "token", "password", "cred"],
-    "credentials": ["secret", "key", "token", "password", "cred"],
-    "api key": ["secret", "credential"],
-    "api keys": ["secret", "credential"],
+    "credential": ["secret", "key", "token", "password", "cred", "secrets"],
+    "credentials": ["secret", "key", "token", "password", "cred", "secrets"],
+    "api key": ["secret", "credential", "secrets"],
+    "api keys": ["secret", "credential", "secrets"],
     "supply chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
     "supply-chain": ["sbom", "dependency", "vendor", "package", "library", "publish"],
     "npm package": ["sbom", "dependency", "library", "publish"],
@@ -7262,8 +7456,48 @@ function cmdAsk(runner, args, runOpts, pretty) {
     "secret": ["credential", "key", "token", "env", "leak"],
     "secrets": ["credential", "key", "token", "env", "leak", "repo"],
     "config": ["configuration", "settings"],
+    // Audit 3 C.2: missing identity / phishing / SSO / BEC vocabulary.
+    "phish": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "phishing": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "phished": ["identity-sso-compromise", "idp-incident", "sso", "bec"],
+    "sso": ["identity-sso-compromise", "idp-incident", "okta", "azure-ad", "entra"],
+    "oauth": ["identity-sso-compromise", "idp-incident", "openid", "oidc"],
+    "saml": ["identity-sso-compromise", "idp-incident"],
+    "okta": ["identity-sso-compromise", "idp-incident", "sso"],
+    "entra": ["identity-sso-compromise", "idp-incident", "azure-ad", "sso"],
+    "bec": ["identity-sso-compromise", "phish"],
+    "deepfake": ["identity-sso-compromise", "phish", "ai-c2"],
+    // Famous-attack vocabulary maps to library-author / sbom / supply-chain.
+    "left-pad": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "left pad": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "event-stream": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "shai-hulud": ["library-author", "sbom", "supply-chain-recovery", "npm"],
+    "ransomware": ["ransomware", "kernel", "runtime"],
+    "rogue": ["ai-c2", "llm-tool-use-exfil"],
+    "agentic": ["ai-c2", "llm-tool-use-exfil", "mcp"],
+    // Credential theft from a developer laptop is cred-stores territory.
+    "credential theft": ["cred-stores", "secrets"],
+    "cred theft": ["cred-stores", "secrets"],
+    "credential exfil": ["cred-stores", "llm-tool-use-exfil"],
+    "developer laptop": ["cred-stores", "hardening"],
   };
+  // Audit 3 C.1: stopwords filtered after synonym expansion so common
+  // English words don't drive false positives via raw substring matching.
+  // "the the the the" used to route to ai-api because "the" substring-hit
+  // "anthropic" in the haystack.
+  const STOPWORDS = new Set([
+    "the", "and", "for", "are", "but", "not", "you", "all", "can", "had",
+    "her", "was", "one", "our", "out", "day", "get", "has", "him", "his",
+    "how", "man", "new", "now", "old", "see", "two", "way", "who", "boy",
+    "did", "its", "let", "put", "say", "she", "too", "use", "any", "got",
+    "from", "this", "that", "with", "have", "they", "what", "your", "when",
+    "which", "would", "could", "should", "there", "their", "about", "into",
+    "than", "then", "them", "some", "more", "most", "very", "much", "such",
+    "been", "were", "want", "well", "back", "good", "make", "made", "take",
+    "took", "give", "gave", "find", "found", "know", "knew", "told", "ago",
+  ]);
   // Tokenize question (length >= 2, lowercase) + expand via synonyms.
   const baseTokens = q.split(/\W+/).filter(t => t.length >= 2);
   const expanded = new Set(baseTokens);
@@ -7275,13 +7509,16 @@ function cmdAsk(runner, args, runOpts, pretty) {
   for (const t of baseTokens) {
     if (SYNONYMS[t]) for (const s of SYNONYMS[t]) expanded.add(s);
   }
+  // Filter stopwords AFTER synonym expansion (synonym lookup may have
+  // pulled in canonical tokens via a stopword-adjacent multi-word phrase).
+  for (const sw of STOPWORDS) expanded.delete(sw);
   const tokens = [...expanded];
   const scored = [];
   for (const id of ids) {
     let pb;
     try { pb = runner.loadPlaybook(id); } catch { continue; }
-    const haystack = [
+    const haystackText = [
       pb._meta?.id || id,
       pb.domain?.name || "",
       pb.domain?.attack_class || "",
@@ -7297,8 +7534,14 @@ function cmdAsk(runner, args, runOpts, pretty) {
       pb.phases?.look?.collection_scope?.asset_scope || "",
       pb.phases?.look?.collection_scope?.time_window || "",
     ].join(" ").toLowerCase();
+    // Audit 3 C.1: tokenize the haystack and use Set membership instead
+    // of raw substring matching. The substring approach matched "the" in
+    // "authentication" and "got" inside larger words, allowing stopword
+    // and partial-word false positives. Tokenized membership matches
+    // whole tokens only.
+    const haystackTokens = new Set(haystackText.split(/\W+/).filter(t => t.length >= 2));
     let score = 0;
-    for (const t of tokens) if (haystack.includes(t)) score++;
+    for (const t of tokens) if (haystackTokens.has(t)) score++;
     // ID match counts double — "secrets" should map to the secrets playbook.
     if (tokens.some(t => (pb._meta?.id || id) === t)) score += 3;
     scored.push({ id: pb._meta?.id || id, score });

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-22T07:28:48.846Z",
+  "generated_at": "2026-05-22T23:28:32.508Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "f02056365a264901e95631245efa002968acee2e6432ab2e5131b6b53eadcd81",
+    "manifest.json": "020990fd6a13ea3a2a0273e80d0607c1cf0fd8887f03bb48294d2568a22d2789",
     "data/atlas-ttps.json": "d296c1d3e71807c9279b731f047e57796e85137f186586743a8cdad214b408f9",
     "data/attack-techniques.json": "49b6010b317edd219def135171ea8f3b1bbf1e00e9c5a08bf7237215ff54e2c3",
     "data/cve-catalog.json": "a09c83af3f9679a7ea73935726a1ff9de2cab94b4ab6321fc017fc147747d7c3",

package/lib/refresh-external.js CHANGED Viewed

@@ -1426,6 +1426,22 @@ async function main() {
   // against each other for tokens. The two modes produce the same report
   // structure; only wall-clock differs.
   const runOne = async (src) => {
+    // Audit 3 A.1: --air-gap was honored by GHSA/OSV at the source-module
+    // level, but kev/epss/nvd/rfc/pins fell through to their live-network
+    // branches when neither fixtures nor cacheDir was wired up. Refuse
+    // here so the air-gap guarantee holds uniformly across every source.
+    if (ctx.airGap && !ctx.fixtures?.[src.name] && !ctx.cacheDir) {
+      return {
+        src,
+        diff: {
+          status: "unreachable",
+          diffs: [],
+          errors: 0,
+          summary: `air-gap mode: ${src.name} skipped (no fixture or cache configured; would have made a live network call)`,
+          air_gap_blocked: true,
+        },
+      };
+    }
     let diff;
     try {
       diff = await src.fetchDiff(ctx);
@@ -1457,6 +1473,10 @@ async function main() {
       diffs: diff.diffs,
       applies_to: src.applies_to,
       report_only: !!src.report_only,
+      // Audit 3 A.1: thread the central-dispatch air-gap short-circuit
+      // marker through to the persisted report so stdout-parsing consumers
+      // and the regression test can verify the network refusal happened.
+      ...(diff.air_gap_blocked ? { air_gap_blocked: true } : {}),
     };
     if (opts.apply && diff.diffs.length > 0 && !src.report_only) {
       const r = await src.applyDiff(ctx, diff.diffs);

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.57",
+  "version": "0.13.59",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-22T07:13:12.339Z",
+      "signed_at": "2026-05-22T23:28:31.011Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vSVqu4wBm+d68ujZmM6Rto/HzViCkE0gPUcv/MYE/bjFiqamf/s0On4kTOo1KIveV9cOwYNxiItaGEWlVkRFDg==",
-      "signed_at": "2026-05-22T07:13:12.341Z",
+      "signed_at": "2026-05-22T23:28:31.013Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "RIgXKvolQjgJdnlrDnVOd90IOY1B7VHHZD/YJQRzouL+wUeOLclPrdK/EgEuFyiu7lR4bi+Pl6aGB9G9tOxYCQ==",
-      "signed_at": "2026-05-22T07:13:12.341Z",
+      "signed_at": "2026-05-22T23:28:31.013Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "RYOxeq/o3uTwTWq4H7RcdH2Aclg9UyCERfUH9Frwkzncsowg7LgxpaEDc3swTCv73HMEGbU8wVbXguZ4JxHUCQ==",
-      "signed_at": "2026-05-22T07:13:12.341Z"
+      "signed_at": "2026-05-22T23:28:31.014Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "DneJCPKCPcoe6nQ82XptqSqNfSRdt1orKaO+o7K36YCciDrzwJb+1BuBLusPDtpcdDaGY0y0e+AqiTYJklhBAQ==",
-      "signed_at": "2026-05-22T07:13:12.342Z"
+      "signed_at": "2026-05-22T23:28:31.014Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-22T07:13:12.342Z"
+      "signed_at": "2026-05-22T23:28:31.015Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "XgrzcA2brPhXrSTxrcLnJec0OpgGYJBoSTUlJ10UdePHffxqb9LTVGnfbmEk1ykQifXREZexui2bG7X/+eFfCQ==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T23:28:31.015Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9+hZlZOqZdeACUmamQk66L5levZhhwnFXuYRhdT6Mce99eQaKT7wNfWq12hXQztkRcVRKaFH+a01zwJQwsRQCA==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T23:28:31.016Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "ciqhVloMWWXEigPZvvwoV2c54tEqsDqsoc+sS/mNTFFJk2H+tz2+XUrgfEPRuYw0FeyNB6/+27pL2NpKHzUqAg==",
-      "signed_at": "2026-05-22T07:13:12.343Z",
+      "signed_at": "2026-05-22T23:28:31.016Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T23:28:31.016Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T23:28:31.017Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-22T07:13:12.344Z"
+      "signed_at": "2026-05-22T23:28:31.017Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-22T07:13:12.345Z",
+      "signed_at": "2026-05-22T23:28:31.018Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "MS35nWm8djfJGn4OOoT0JKJ2aO+Dkbb6wOOWJYvNZlRKT3UGA59o2gxg1JOnD20hb/RwxtkmCujhl2tuYSR+AQ==",
-      "signed_at": "2026-05-22T07:13:12.345Z"
+      "signed_at": "2026-05-22T23:28:31.018Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-22T07:13:12.346Z",
+      "signed_at": "2026-05-22T23:28:31.018Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-22T07:13:12.346Z"
+      "signed_at": "2026-05-22T23:28:31.019Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "7eEwCXFd9pDKUw7yCUbRJSjfzozE44dwwwemCQUPm8JBPztLltibD9bL/RszSbYyCrYJmVb5Drncz2cGe62gCw==",
-      "signed_at": "2026-05-22T07:13:12.346Z"
+      "signed_at": "2026-05-22T23:28:31.019Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T23:28:31.019Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "fgxG344JGYBWWWwFXZ1IzGipWKP7EyBhrsvsbsb0CCGXfv/MvNHVNI6G0zQddCsWX1JeQbhZT3Vk8v1uJKDTDA==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T23:28:31.020Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T23:28:31.020Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-22T07:13:12.347Z"
+      "signed_at": "2026-05-22T23:28:31.020Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T23:28:31.021Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T23:28:31.021Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-22T07:13:12.348Z"
+      "signed_at": "2026-05-22T23:28:31.021Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T23:28:31.022Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T23:28:31.022Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-22T07:13:12.349Z"
+      "signed_at": "2026-05-22T23:28:31.022Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-22T07:13:12.350Z"
+      "signed_at": "2026-05-22T23:28:31.023Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-22T07:13:12.350Z"
+      "signed_at": "2026-05-22T23:28:31.023Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-22T07:13:12.351Z"
+      "signed_at": "2026-05-22T23:28:31.024Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T23:28:31.024Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T23:28:31.025Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T23:28:31.025Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-22T07:13:12.352Z"
+      "signed_at": "2026-05-22T23:28:31.025Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-22T07:13:12.353Z"
+      "signed_at": "2026-05-22T23:28:31.026Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.6.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "BGNE6ZQWBA1LmsUFe8tU0L67iGDSrFqiuqaZD2f1KqfcyqqzQfMs9PWNHFzxxaJmXeKlm87eU8lgELF0bX+RBA==",
-      "signed_at": "2026-05-22T07:13:12.353Z"
+      "signed_at": "2026-05-22T23:28:31.026Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "FkZQerh3VHVJAwIcCktDyMRh5KE2+Em/i0ek8zEz7JG/PXtQx8ujHWTh3VjZbOLhPNtdB2qxgXOIAYIofaVOAQ==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T23:28:31.027Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "n3UToNuN3A1HgLvcuqmIx8vrZY71+r/79waK92jG+rSX4uYOzkmxMUpROrE5K9bDwMezNBHdjWv8Uul6zugyDQ==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T23:28:31.027Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-22T07:13:12.354Z"
+      "signed_at": "2026-05-22T23:28:31.027Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "+OO0RhQ303RJV7kaH38IuZpLeQbapep6Ds4Re/WEZu0FHBwKSlwvF7jbtP7KQ57xldJYn/xZm2jaszyOacMfDg==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T23:28:31.028Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T23:28:31.028Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-22T07:13:12.355Z"
+      "signed_at": "2026-05-22T23:28:31.028Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "Mqdh4G/iwFRFGu8rZzRnFr9lRtUZuHwTLJhvCMik7tfut7rHh2YKeGKojYcQ//dM7KISIHkkq3wnC+zJzWcpCw=="
+    "signature_base64": "jYdDFzIsg9EdwlNtBAT5NYGZYTtQzpZxo5lGAUJ4lG2hSWgmFy8dOqe4fL1o++uqDYDbUfh8tF/CkDOiGqJrCg=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.57",
+  "version": "0.13.59",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b0a6b327-121e-40c6-8092-871c7183b709",
+  "serialNumber": "urn:uuid:eb996267-363d-46e0-9a5c-f259a8c46d9b",
   "version": 1,
   "metadata": {
-    "timestamp": "2119-12-02T06:07:35.000Z",
+    "timestamp": "2151-04-04T19:39:19.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.57"
+        "version": "0.13.59"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.57",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.59",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.57",
+      "version": "0.13.59",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs (312 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 7476 RFCs), 34 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.57",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.59",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "699e406210e768c36fb8c34f9c860c744a6e34e39eb3e2faec853b870a65a0b4"
+          "content": "97387465e487f40271bdfd6dc20958446c2772c571c9c7671e9f912e0a6b32ae"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.57"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.59"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "95bd558e91d2239599d30e889edd3313493776362fb57cb4b76b153b6ee2792a"
+          "content": "d08eca001f3bd9547d899b0531b59b5bcf929bcc1134f5f920bc85453a96bee8"
         },
         {
           "alg": "SHA3-512",
-          "content": "585290d78871e4effc0465ddbfdf5316466c6a1719d2df68faa8521d0445b759269ec27f12726943ef10eb5ce463702d1d883aa53ca82743dda335c416af4ec9"
+          "content": "9b6e0d750008f8b273c44016fd002d31f38ebb95b00787cd57081c29f8afed8c9c56b94a85c17b9a1bd4edacdbf12ba602acda6459d7743ab409ff3471114932"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "75b10d80c2b634e132427542056cd2ca67dba954141e6d767677a1ab18ffac9d"
+          "content": "679a543aec746f1e99d891099bd04ab88fd0b8ba6e20a3484c9d9e3a9d33fd7e"
         },
         {
           "alg": "SHA3-512",
-          "content": "70e8c7016d5be30a646de75e7f2aaa7b9999277ecbfbaea660ff546ece14e4dfe513af956ccacbe56f67ae3cf052148e863526a72ac93ccd0e3d76b888aa503b"
+          "content": "694240b8a9268abc9ec54bdb52df56389fb115a81f99d70121ccb7e427d7bc670d7d4651fbaaec9b7be35f03c861b75b06177ba4e372890304542aa1a4615a83"
         }
       ]
     },
@@ -1271,11 +1271,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "edf7fe483cffe4fe0429ff6f43cd1fec1b35a66d39d4bbd2ae7298886c3af3b9"
+          "content": "f769111b2412cd0ae3ff6f2adc54002355a271262d79a2c645a4e0f41e2a1c1a"
         },
         {
           "alg": "SHA3-512",
-          "content": "3bffc99ca6c2120b67e004fb100f9fb8674831a1d201fc4b93061933b69b31bef6cd3a90b4dc77fb554c023b88cfda8969a4a4a53a0ec6faa5171dfb8f4b044b"
+          "content": "5f58125b5706702ad3c6f1c4738772d8a61f6183426af178ae3666f16c8201c623920f668f0b83075484bfd1b100b83563161b7e36e6ffba7c073af5dadbb4b9"
         }
       ]
     },
@@ -1661,11 +1661,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f02056365a264901e95631245efa002968acee2e6432ab2e5131b6b53eadcd81"
+          "content": "020990fd6a13ea3a2a0273e80d0607c1cf0fd8887f03bb48294d2568a22d2789"
         },
         {
           "alg": "SHA3-512",
-          "content": "3f2f83b42aceb51653aa005f11404db852ca9d043536eb626cd03240f15ef92ec5a353fea1024518e149a59ac2e2b38623417c7b49907240d484686975d1e95f"
+          "content": "4bbf18c5ec14dbae987465ebca8dc06b2fcce0347eae3f834fb1fc33115289acf6484385b25f728548b70e37a7f4f2ce3d4c314b36465961cc22dbaf7c974e14"
         }
       ]
     },