@blamejs/exceptd-skills 0.14.0 → 0.14.1

package/AGENTS.md

@@ -8,7 +8,7 @@ Also read [CONTEXT.md](CONTEXT.md) for a complete orientation to the skill syste
 
 Each rule below carries a **Forcing function** annotation declaring whether it is mechanically enforced by a script in the predeploy / CI gate sequence, or whether it is policy-only (reviewer trust). Policy-only rules are not weaker — they are auditable through reviewer judgment, not via a script — but operators should know which class a given rule sits in.
 
-1. **No stale threat intel** — Every CVE reference must include: CVSS score, KEV status, PoC availability, AI-discovery flag, active exploitation status, and patch/live-patch availability. No theoretical vulnerabilities without real-world grounding.
+1. **No stale threat intel** — Every CVE reference must include: CVSS score, KEV status, PoC availability, AI-discovery flag, active exploitation status, and patch/live-patch availability. No theoretical vulnerabilities without real-world grounding. When validating a CVE or RFC citation during security work, the canonical move is `exceptd cve <CVE-ID>` / `exceptd rfc <number>` — it resolves the citation and caches the result, so a multi-agent fan-out resolves each id once rather than re-researching it independently against NVD/the datatracker.
    *Forcing function:* enforced by `lib/validate-cve-catalog.js` (predeploy gate).
 
 2. **Framework lag is a first-class concept** — Every skill must explicitly declare which framework controls are insufficient for the threats it covers. Never imply a framework control is adequate when current TTPs bypass it.
@@ -169,6 +169,8 @@ Cross-cutting playbook `framework` is the natural correlation layer — many pla
 | `exceptd attest list` | Inventory `.exceptd/attestations/` — newest first. `--playbook <id>` filters. |
 | `exceptd attest show <sid>` | Print the attestation body. |
 | `exceptd doctor` | Health checks. `--signatures` verifies Ed25519 chains; `--cves` / `--rfcs` check catalog currency; `--fix` repairs recoverable state; `--ai-config` audits AI-assistant config-file permissions (`~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, `~/.continue`) and flags sensitive files not at mode `0o600` on POSIX (NEW-CTRL-050). |
+| `exceptd cve <CVE-ID>` | Resolve a single CVE citation — returns status (`published`/`rejected`/`disputed`/`fabricated`/`nonexistent`/`unknown`) plus cvss/kev/product. Resolution order: curated catalog (offline) → resolved cache (`.cache/upstream/resolved/`, 7-day TTL) → one NVD lookup, then cached. `--air-gap`/`--no-network`/`EXCEPTD_AIR_GAP=1` force offline-only (returns `unknown` with a reason). Exit 2 when the citation won't stand up (rejected/fabricated/nonexistent/withdrawn). |
+| `exceptd rfc <number>` | Resolve an RFC number → title + status from the local index (whole current series, offline). `--check "<title>"` reports `title_match` true/false, exit 2 on mismatch (catches e.g. RFC 9404 cited as the Sieve spec — it's JMAP Blob Management). Not-found numbers are likely obsoleted/historic or nonexistent; with network it disambiguates via the datatracker. |
 | `exceptd lint` | Skill format lint — frontmatter completeness, required body sections, signature presence. |
 | `exceptd refresh --check-advisories` | Poll 15 primary-source advisory feeds — 8 advisory/coordinated-disclosure venues (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories), 4 vendor security research blogs (Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red — added in v0.13.14 after DirtyDecrypt fell through the advisory-only set), and 3 sources added in v0.13.17 (BleepingComputer security, The Hacker News, Nightmare-Eclipse GitLab activity-feed tracker, migrated from GitHub after the account was removed — closes the researcher-drop class anchored by MiniPlasma / YellowKey / GreenPlasma / UnDefend, NEW-CTRL-073). Pairs with `lib/cve-regression-watcher.js` (NEW-CTRL-074) which cross-checks poller diffs for historical-CVE references that may indicate silent vendor regression — the class anchored by MiniPlasma re-breaking CVE-2020-17103. Report-only; emits structured `diffs[]` without mutating the catalog. Route promising IDs through `refresh --advisory <CVE-ID> --apply` to enrich. |
 | `exceptd watchlist` | Default: aggregate every skill's `forward_watch` entries. `--by-skill` inverts grouping. `--alerts` switches to CVE-catalog pattern alerts (5 patterns: `kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`); sorts critical-first, then by RWEP. `--org-scan --org <login>` probes GitHub Search for repos matching threat-actor naming patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP"); custom patterns via repeatable `--pattern <s>`; set `GITHUB_TOKEN` for private-repo + rate-limit headroom (NEW-CTRL-052). |

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 0.14.1 — 2026-05-27
+
+Two citation resolvers — `exceptd cve <id>` and `exceptd rfc <number>` — answer "is this CVE/RFC citation valid?" so an agent gets the answer from exceptd instead of researching each identifier against NVD or the IETF datatracker by hand. A fan-out of agents auditing a codebase previously re-researched the same citations independently; these resolvers do it once and cache the result for the rest.
+
+`exceptd cve <id>` returns a structured status — published, rejected, disputed, fabricated, nonexistent, or unknown — alongside CVSS / KEV / product. It resolves offline-first: the curated catalog, then a resolved cache, then a single NVD lookup whose result is cached under `.cache/upstream/resolved/` (7-day TTL). The first lookup of an uncatalogued identifier serves every later agent and every offline run. NVD's authoritative `vulnStatus` and `cveTags` are now read — they were previously fetched and discarded — so a rejected or disputed CVE is flagged rather than treated as valid (the class that lets a withdrawn identifier sit cited in a codebase unnoticed). A non-canonical identifier such as `CVE-2024-XXXX` is caught as fabricated with no network call. Network is opt-out: `--air-gap`, `--no-network`, or `EXCEPTD_AIR_GAP=1` keep resolution offline-only and return `unknown` with a reason. Exit code 2 when a citation will not stand up.
+
+`exceptd rfc <number>` resolves an RFC number to its title and status from the local index — the whole current RFC series, fully offline. `--check "<claimed title>"` reports whether a claimed title matches the real one (exit code 2 on mismatch), catching an RFC number cited under the wrong specification.
+
+Catalog entries may now carry a structured `status` field (`published` / `rejected` / `disputed` / `withdrawn` / `reserved`), sourced from NVD `vulnStatus` / `cveTags` or OSV / GHSA `withdrawn`, replacing the prior free-text heuristic. The `citation-hygiene` playbook now routes its "needs external verification" guidance through `exceptd cve` / `exceptd rfc`.
+
 ## 0.14.0 — 2026-05-26
 
 New playbook — `citation-hygiene`. Validates a codebase's own cited security references: it scans source, comments, and docs for CVE and RFC citations and flags fabricated CVE IDs (the non-numeric `CVE-2024-XXXX` form), catalog-rejected/disputed CVEs, and RFC number-vs-title mismatches. Well-formed CVE IDs absent from the curated catalog are routed to an inconclusive "needs external verification" result rather than a false clear or a false fabrication flag. Ships with a companion collector — `exceptd collect citation-hygiene | exceptd run citation-hygiene --evidence -`. The catalog now holds 24 playbooks.

package/README.md

@@ -349,6 +349,35 @@ exceptd lint <pb> <evidence>          Pre-flight check submission shape vs
                                       playbook (preconditions / artifacts /
                                       indicators) without executing phases 4-7.
 
+exceptd cve <CVE-ID>                  Resolve one CVE citation → status
+                                      (published / rejected / disputed /
+                                      fabricated / nonexistent / unknown) plus
+                                      cvss / kev / product. Order: curated
+                                      catalog (offline) → resolved cache
+                                      (7-day TTL, warmed by a prior lookup) →
+                                      one NVD lookup, then cached. Lets a
+                                      fan-out of agents share one answer
+                                      instead of each researching the same id.
+  --air-gap | --no-network            Offline-only (also EXCEPTD_AIR_GAP=1).
+                                      Returns unknown + a reason when the id
+                                      isn't in catalog/cache.
+  --json | --pretty                   Machine output.
+                                      Exit 2 when the citation won't stand up
+                                      (rejected / fabricated / nonexistent /
+                                      withdrawn).
+
+exceptd rfc <number>                  Resolve an RFC number → title + status
+                                      from the local index (whole current
+                                      series, fully offline).
+  --check "<title>"                   Report title_match true/false; exit 2 on
+                                      mismatch (e.g. RFC 9404 cited as the
+                                      Sieve spec — it's JMAP Blob Management).
+  --air-gap                           Offline-only. Not-found numbers are
+                                      likely obsoleted/historic or nonexistent;
+                                      with network it disambiguates via the
+                                      datatracker.
+  --json | --pretty                   Machine output.
+
 exceptd refresh                       Refresh upstream catalogs + indexes.
                                       Replaces prefetch + refresh + build-indexes.
   --apply                             Write diffs back + rebuild indexes.
@@ -549,6 +578,8 @@ The `agents/` directory ships markdown role cards documenting authoring conventi
 
 All skills pull from `data/`. Cross-validated against canonical upstream sources via `exceptd refresh` / `exceptd doctor --cves` / `exceptd doctor --rfcs`.
 
+To resolve a single citation rather than refresh the whole catalog, `exceptd cve <CVE-ID>` and `exceptd rfc <number>` return a status verdict for one id (catalog → resolved cache → one NVD / datatracker lookup, offline-capable). The lookup caches, so a fan-out of agents shares the answer instead of each independently re-researching the same citation.
+
 - `cve-catalog.json` — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info
 - `atlas-ttps.json` — MITRE ATLAS v5.6.0 TTPs with gap flags and exploitation examples. Each TTP now carries a `cve_refs[]` back-edge — operators reading an ATLAS entry see the catalogued CVEs that cite it without grepping `cve-catalog.json`. The same back-edge is populated on `attack-techniques.json`, and each playbook carries a `_meta.fed_by[]` reverse field naming the upstream playbooks that chain into it.
 - `framework-control-gaps.json` — Per-framework, per-control: what it was designed for vs. what it misses

package/bin/exceptd.js

@@ -154,6 +154,10 @@ const COMMANDS = {
   watch:           () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   "framework-gap": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
   "framework-gap-analysis": () => path.join(PKG_ROOT, "orchestrator", "index.js"),
+  // Citation resolvers — answer "is this CVE/RFC citation valid?" offline-first
+  // (catalog/index -> resolved cache -> opt-in single network lookup, cached).
+  cve:             () => path.join(PKG_ROOT, "lib", "cve-cli.js"),
+  rfc:             () => path.join(PKG_ROOT, "lib", "rfc-cli.js"),
   // Seven-phase playbook verbs — handled in-process via lib/playbook-runner.js.
   plan:     null,
   govern:   null,
@@ -738,6 +742,8 @@ function main() {
     skill: "exceptd skill <name>          Show the full context document for one skill.",
     "framework-gap": "exceptd framework-gap <framework> <cve-or-scenario>   One-framework gap analysis.",
     "framework-gap-analysis": "exceptd framework-gap <framework> <cve-or-scenario>   One-framework gap analysis.",
+    cve: "exceptd cve <CVE-ID> [--json] [--air-gap|--no-network]   Resolve a CVE: published/rejected/disputed/fabricated/nonexistent (catalog -> cache -> NVD).",
+    rfc: "exceptd rfc <number> [--check \"<title>\"] [--json] [--air-gap]   Resolve an RFC number -> title + status (local index, offline).",
   };
   if ((effectiveRest.includes("--help") || effectiveRest.includes("-h")) && SPAWN_HELP_USAGE[effectiveCmd]) {
     process.stdout.write(SPAWN_HELP_USAGE[effectiveCmd] + "\n  Full reference: exceptd help\n");

package/data/_indexes/_meta.json

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-27T06:54:45.872Z",
+  "generated_at": "2026-05-27T12:31:54.921Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "b6388ed9b3b0e87f6f65d050c2aef4fb3121e2135892e59313ba05b6fa5090e7",
+    "manifest.json": "cc72d668222e9cd18eaef7928e173ad17434ff4b411235bbba2b13fca722db9e",
     "data/atlas-ttps.json": "d24bc02859d40ccf1615db75cca68c077585904e41e0d8f6de448121e9b1abb0",
     "data/attack-techniques.json": "fa193f0d2d248176a8beddb641e9fe56ba4faa9e15dc253ff876dbf0c5d58a77",
     "data/cve-catalog.json": "3d451dda7ac0c7d57a4075ae4bafd3148c6184b35dc1bc59d8b81d1f2641e430",

package/data/playbooks/citation-hygiene.json

@@ -372,7 +372,7 @@
           "confidence": "low",
           "deterministic": false,
           "false_positive_checks_required": [
-            "Resolve the identifier against an authoritative source (NVD, the issuing CNA's advisory) out of band. If it resolves to a real, non-rejected advisory whose product matches the surrounding claim, the citation is sound; record verified and demote to miss.",
+            "Resolve the identifier with `exceptd cve <id>` (catalog -> resolved cache -> one NVD lookup, then cached so sibling agents reuse it instead of each researching the same id). If it returns status=published with a product matching the surrounding claim, the citation is sound; record verified and demote to miss. For RFC numbers use `exceptd rfc <number> --check \"<claimed title>\"`.",
             "If it resolves to a REJECTED / DISPUTED record at NVD, re-classify under rejected-or-disputed-cve rather than leaving it inconclusive."
           ]
         },

package/lib/citation-resolve.js

@@ -0,0 +1,226 @@
+"use strict";
+
+/**
+ * lib/citation-resolve.js
+ *
+ * Answers "is this CVE/RFC citation valid?" so an agent gets the answer FROM
+ * exceptd instead of researching each citation against NVD / the IETF
+ * datatracker by hand. Offline-first:
+ *
+ *   CVE: local catalog -> resolved cache -> (opt-in) one NVD lookup, cached.
+ *   RFC: local index    -> resolved cache -> (opt-in) one datatracker lookup.
+ *
+ * The resolved cache lives at .cache/upstream/resolved/<kind>/<id>.json with a
+ * 7-day TTL. The FIRST agent to resolve an uncatalogued id pays one network
+ * call and writes the cache; sibling agents (and later offline runs) read it —
+ * turning N agents x M citations of redundant lookups into one lookup per id.
+ *
+ * Network is opt-out: --air-gap / EXCEPTD_AIR_GAP=1 / { noNetwork:true } make
+ * resolution offline-only (catalog + cache), returning status "unknown" with a
+ * reason rather than reaching out. Network-resolved records are transient
+ * (cache only) and are never written into the signed catalog.
+ */
+
+const fs = require("node:fs");
+const path = require("node:path");
+
+const PKG_ROOT = path.join(__dirname, "..");
+const CVE_CATALOG = process.env.EXCEPTD_CVE_CATALOG || path.join(PKG_ROOT, "data", "cve-catalog.json");
+const RFC_INDEX = process.env.EXCEPTD_RFC_INDEX || path.join(PKG_ROOT, "data", "rfc-references.json");
+const RESOLVE_CACHE_DIR = process.env.EXCEPTD_RESOLVE_CACHE_DIR || path.join(PKG_ROOT, ".cache", "upstream", "resolved");
+const CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1000; // matches the prefetch freshness window
+
+const CVE_RE = /^CVE-\d{4}-\d{4,}$/;
+const RFC_RE = /^(?:RFC[-\s]?)?(\d+)$/i;
+
+let _cve = null;
+let _rfc = null;
+function cveCatalog() {
+  if (!_cve) _cve = JSON.parse(fs.readFileSync(CVE_CATALOG, "utf8"));
+  return _cve;
+}
+function rfcIndex() {
+  if (!_rfc) _rfc = JSON.parse(fs.readFileSync(RFC_INDEX, "utf8"));
+  return _rfc;
+}
+
+// --- resolved-id cache (atomic JSON files, TTL-bounded, best-effort) ---
+function cachePath(kind, id) {
+  // Read the env at call time so tests can isolate the cache per-case.
+  const dir = process.env.EXCEPTD_RESOLVE_CACHE_DIR || RESOLVE_CACHE_DIR;
+  const safe = id.replace(/[^A-Za-z0-9._-]/g, "_");
+  return path.join(dir, kind, `${safe}.json`);
+}
+function cacheGet(kind, id) {
+  try {
+    const p = cachePath(kind, id);
+    const st = fs.statSync(p);
+    if (Date.now() - st.mtimeMs > CACHE_TTL_MS) return null;
+    return JSON.parse(fs.readFileSync(p, "utf8"));
+  } catch { return null; }
+}
+function cachePut(kind, id, record) {
+  try {
+    const p = cachePath(kind, id);
+    fs.mkdirSync(path.dirname(p), { recursive: true });
+    const tmp = `${p}.${process.pid}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(record));
+    fs.renameSync(tmp, p); // atomic — concurrent agents can't read a half-written file
+  } catch { /* cache is an optimization, never fatal */ }
+}
+
+function isAirGap(opts) {
+  return !!(opts && opts.airGap) || process.env.EXCEPTD_AIR_GAP === "1";
+}
+
+/**
+ * Resolve a CVE citation. Returns { id, kind:"cve", status, from, ... }.
+ * status: published | rejected | disputed | fabricated | nonexistent | unknown
+ * from:   format | catalog | cache | network | offline | error
+ */
+async function resolveCve(id, opts = {}) {
+  const cveId = String(id || "").toUpperCase();
+  const base = { id: cveId, kind: "cve" };
+
+  if (!CVE_RE.test(cveId)) {
+    return { ...base, status: "fabricated", from: "format",
+      reason: "not the canonical CVE-YYYY-NNNN form — a non-numeric tail is a fabricated identifier" };
+  }
+
+  // 1. curated catalog (offline, authoritative for the ids it covers)
+  const entry = cveCatalog()[cveId];
+  if (entry && typeof entry === "object") {
+    return {
+      ...base,
+      status: entry.status || "published",
+      cvss: entry.cvss_score ?? null,
+      kev: entry.cisa_kev ?? null,
+      product: entry.name || entry.type || null,
+      exploitation: entry.active_exploitation ?? null,
+      from: "catalog",
+    };
+  }
+
+  // 2. resolved cache (offline, warmed by a prior agent's lookup)
+  const cached = cacheGet("cve", cveId);
+  if (cached) return { ...cached, from: "cache" };
+
+  // 3. offline / air-gap: cannot resolve uncatalogued ids without network
+  if (isAirGap(opts)) {
+    return { ...base, status: "unknown", from: "offline",
+      reason: "air-gap: not in local catalog and no cached resolution — verify against NVD when online" };
+  }
+  if (opts.noNetwork) {
+    return { ...base, status: "unknown", from: "offline",
+      reason: "not in local catalog and no cached resolution (network disabled)" };
+  }
+
+  // 4. resolve once via NVD, then cache for sibling agents.
+  // opts._validateCve is a test seam (inject a fake validator); production uses
+  // the real NVD-backed validator.
+  let validateCve = opts._validateCve;
+  if (!validateCve) {
+    try { ({ validateCve } = require("../sources/validators/cve-validator.js")); }
+    catch { return { ...base, status: "unknown", from: "error", reason: "cve validator unavailable" }; }
+  }
+  let v;
+  try { v = await validateCve(cveId, {}); }
+  catch (e) { return { ...base, status: "unknown", from: "error", reason: e.message }; }
+
+  if (v.status === "unreachable") {
+    return { ...base, status: "unknown", from: "offline", reason: "NVD unreachable — retry online" };
+  }
+  // NVD is the authority for a CVE's existence and lifecycle. validateCve only
+  // returns "unreachable" when EVERY source fails — if NVD is down but KEV/EPSS
+  // answer, it returns match/drift with sources.nvd.reachable === false. Do NOT
+  // declare "published" on KEV/EPSS alone during an NVD outage; that would
+  // falsely validate an unconfirmed (or nonexistent) identifier.
+  const nvd = v.fetched && v.fetched.sources && v.fetched.sources.nvd;
+  if (!nvd || nvd.reachable !== true) {
+    return { ...base, status: "unknown", from: "offline",
+      reason: "NVD unreachable — CVE existence/status unconfirmed; retry online" };
+  }
+  let status;
+  if (v.status === "rejected") status = "rejected";
+  else if (v.status === "missing" || nvd.found !== true) status = "nonexistent";
+  else if ((v.fetched?.cve_tags || []).some(t => /disputed/i.test(t)) || /disputed/i.test(v.fetched?.nvd_vuln_status || "")) status = "disputed";
+  else status = "published";
+
+  const record = {
+    id: cveId, kind: "cve", status,
+    cvss: v.fetched?.cvss_score ?? null,
+    kev: v.fetched?.in_kev ?? null,
+    // NVD English description — carries the product/scope a citation must match,
+    // so an agent can confirm status=published applies to the right product
+    // without a second manual NVD lookup.
+    product: v.fetched?.description ?? null,
+    nvd_vuln_status: v.fetched?.nvd_vuln_status ?? null,
+    cve_tags: v.fetched?.cve_tags || [],
+    source: "nvd",
+    resolved_at: new Date().toISOString(),
+  };
+  cachePut("cve", cveId, record);
+  return { ...record, from: "network" };
+}
+
+/**
+ * Resolve an RFC citation. Returns { id, kind:"rfc", number, title, rfc_status,
+ * found, from, ... }. The local index covers the whole current RFC series, so
+ * number->title resolution is fully offline. Obsoleted/historic RFCs are
+ * excluded from the index, so a not-found number is either obsoleted or
+ * nonexistent; the optional network step disambiguates.
+ */
+async function resolveRfc(id, opts = {}) {
+  const raw = String(id || "").trim();
+  const m = raw.match(RFC_RE);
+  const base = { id: raw, kind: "rfc" };
+  if (!m) {
+    return { ...base, found: false, status: "unknown", from: "format",
+      reason: "not an RFC number — expected `RFC <n>` or a bare number" };
+  }
+  const num = Number(m[1]);
+  const key = `RFC-${num}`;
+
+  // 1. local index (offline, whole current series)
+  const entry = rfcIndex()[key];
+  if (entry && typeof entry === "object") {
+    return {
+      ...base, number: num, found: true,
+      title: entry.title || null,
+      rfc_status: entry.status || null,
+      published: entry.published || null,
+      obsoleted_by: entry.obsoleted_by || null,
+      from: "index",
+    };
+  }
+
+  // 2. resolved cache
+  const cached = cacheGet("rfc", String(num));
+  if (cached) return { ...cached, from: "cache" };
+
+  // 3. offline: report the ambiguity rather than guessing
+  if (isAirGap(opts) || opts.noNetwork) {
+    return { ...base, number: num, found: false, status: "unknown", from: "offline",
+      reason: "not in the local RFC index — likely obsoleted/historic (excluded from the index) or nonexistent; verify at datatracker.ietf.org when online" };
+  }
+
+  // 4. disambiguate obsoleted vs nonexistent via the datatracker, once + cached
+  let validateRfc;
+  try { ({ validateRfc } = require("../sources/validators/rfc-validator.js")); }
+  catch { return { ...base, number: num, found: false, status: "unknown", from: "error", reason: "rfc validator unavailable" }; }
+  let v;
+  try { v = await validateRfc(key, {}); }
+  catch (e) { return { ...base, number: num, found: false, status: "unknown", from: "error", reason: e.message }; }
+  if (v.status === "unreachable") {
+    return { ...base, number: num, found: false, status: "unknown", from: "offline", reason: "datatracker unreachable — retry online" };
+  }
+  const record = v.status === "missing"
+    ? { id: raw, kind: "rfc", number: num, found: false, status: "nonexistent", source: "datatracker", resolved_at: new Date().toISOString() }
+    : { id: raw, kind: "rfc", number: num, found: true, status: "obsoleted-or-historic",
+        title: v.fetched?.title || null, source: "datatracker", resolved_at: new Date().toISOString(),
+        note: "resolves at the datatracker but is absent from the local index (obsoleted/historic RFCs are excluded)" };
+  cachePut("rfc", String(num), record);
+  return { ...record, from: "network" };
+}
+
+module.exports = { resolveCve, resolveRfc };

package/lib/cve-cli.js

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+"use strict";
+
+/**
+ * lib/cve-cli.js — `exceptd cve <CVE-ID>` resolver.
+ *
+ * Catalog -> resolved cache -> one NVD lookup (cached). Tells an agent whether
+ * a cited CVE is published / rejected / disputed / fabricated / nonexistent
+ * without it researching NVD by hand. Network is opt-out (--air-gap /
+ * --no-network / EXCEPTD_AIR_GAP=1).
+ */
+
+const { resolveCve } = require("./citation-resolve.js");
+
+(async () => {
+  const argv = process.argv.slice(2);
+  const flags = new Set(argv.filter((a) => a.startsWith("--")));
+  const id = argv.find((a) => !a.startsWith("--"));
+  const pretty = flags.has("--pretty");
+  const json = flags.has("--json") || pretty;
+
+  if (!id) {
+    process.stderr.write(
+      JSON.stringify({ ok: false, verb: "cve", error: "usage: exceptd cve <CVE-ID> [--json|--pretty] [--air-gap|--no-network]" }) + "\n"
+    );
+    process.exitCode = 1;
+    return;
+  }
+
+  const r = await resolveCve(id, { airGap: flags.has("--air-gap"), noNetwork: flags.has("--no-network") });
+  const body = { ok: true, verb: "cve", ...r };
+
+  if (json) {
+    process.stdout.write(JSON.stringify(body, null, pretty ? 2 : 0) + "\n");
+  } else {
+    const bits = [];
+    bits.push(`${r.id}: ${String(r.status).toUpperCase()}`);
+    if (r.cvss != null) bits.push(`CVSS ${r.cvss}`);
+    if (r.kev != null) bits.push(`KEV=${r.kev}`);
+    if (r.product) bits.push(r.product);
+    let line = bits.join("  ·  ") + `  (${r.from})`;
+    if (r.nvd_vuln_status) line += `\n  NVD vulnStatus: ${r.nvd_vuln_status}`;
+    if (Array.isArray(r.cve_tags) && r.cve_tags.length) line += `\n  NVD tags: ${r.cve_tags.join(", ")}`;
+    if (r.reason) line += `\n  ${r.reason}`;
+    process.stdout.write(line + "\n");
+  }
+  // A citation that won't stand up is a non-zero exit so a CI/script gate trips.
+  if (r.status === "rejected" || r.status === "fabricated" || r.status === "nonexistent" || r.status === "withdrawn") {
+    process.exitCode = 2;
+  }
+})();

package/lib/rfc-cli.js

@@ -0,0 +1,68 @@
+#!/usr/bin/env node
+"use strict";
+
+/**
+ * lib/rfc-cli.js — `exceptd rfc <number>` resolver.
+ *
+ * Local index (whole current RFC series, offline) -> resolved cache -> one
+ * datatracker lookup to disambiguate obsoleted-vs-nonexistent. Resolves an RFC
+ * number to its title + status so an agent can confirm a citation (e.g. "is
+ * RFC 9404 the Sieve spec?") without the datatracker. Optional --check
+ * "<claimed title>" reports whether the claimed title matches.
+ */
+
+const { resolveRfc } = require("./citation-resolve.js");
+
+(async () => {
+  const argv = process.argv.slice(2);
+  const flags = new Set(argv.filter((a) => a.startsWith("--")));
+  const positionals = argv.filter((a) => !a.startsWith("--"));
+  const id = positionals[0];
+  const pretty = flags.has("--pretty");
+  const json = flags.has("--json") || pretty;
+
+  // --check "<claimed title>" : the next non-flag token after the number.
+  let claimedTitle = null;
+  const checkIdx = argv.indexOf("--check");
+  if (checkIdx !== -1 && argv[checkIdx + 1] && !argv[checkIdx + 1].startsWith("--")) {
+    claimedTitle = argv[checkIdx + 1];
+  }
+
+  if (!id) {
+    process.stderr.write(
+      JSON.stringify({ ok: false, verb: "rfc", error: "usage: exceptd rfc <number> [--check \"<claimed title>\"] [--json|--pretty] [--air-gap|--no-network]" }) + "\n"
+    );
+    process.exitCode = 1;
+    return;
+  }
+
+  const r = await resolveRfc(id, { airGap: flags.has("--air-gap"), noNetwork: flags.has("--no-network") });
+
+  let titleMatch = null;
+  if (claimedTitle && r.title) {
+    const norm = (s) => s.toLowerCase().replace(/[^a-z0-9]+/g, " ").trim();
+    const a = norm(claimedTitle), b = norm(r.title);
+    titleMatch = a.length > 0 && (b.includes(a) || a.includes(b));
+  }
+  const body = { ok: true, verb: "rfc", ...r, ...(claimedTitle ? { claimed_title: claimedTitle, title_match: titleMatch } : {}) };
+
+  if (json) {
+    process.stdout.write(JSON.stringify(body, null, pretty ? 2 : 0) + "\n");
+  } else {
+    let line;
+    if (r.found && r.title) {
+      line = `RFC ${r.number}: ${r.title}`;
+      if (r.rfc_status) line += `  (${r.rfc_status})`;
+      if (r.obsoleted_by) line += `\n  obsoleted by: ${r.obsoleted_by}`;
+      if (claimedTitle) line += `\n  claimed "${claimedTitle}" -> ${titleMatch ? "MATCH" : "MISMATCH"}`;
+    } else {
+      line = `RFC ${r.number ?? r.id}: ${String(r.status).toUpperCase()}`;
+      if (r.note) line += `\n  ${r.note}`;
+      if (r.reason) line += `\n  ${r.reason}`;
+    }
+    line += `  (${r.from})`;
+    process.stdout.write(line + "\n");
+  }
+  // A mismatched or nonexistent citation is a non-zero exit for gates.
+  if (r.status === "nonexistent" || titleMatch === false) process.exitCode = 2;
+})();

package/lib/schemas/cve-catalog.schema.json

@@ -92,6 +92,19 @@
       "enum": ["confirmed", "suspected", "theoretical", "none", "unknown"],
       "description": "v0.13.5: enum reconciled with the _meta.active_exploitation_vocabulary block (5 values). 'theoretical' added — distinct from 'suspected' because it captures the 'PoC exists but no observation in the wild' state without committing to a probability claim."
     },
+    "status": {
+      "type": "string",
+      "enum": ["published", "rejected", "disputed", "withdrawn", "reserved", "unknown"],
+      "description": "Assignment lifecycle status (distinct from active_exploitation). 'rejected'/'disputed' come from NVD vulnStatus/cveTags; 'withdrawn' from OSV/GHSA. Optional — absent means 'published' is assumed. Lets a citation check read a structured field instead of grepping free-text notes. Pair with status_source + status_verified for provenance."
+    },
+    "status_source": {
+      "type": "string",
+      "description": "Provenance of `status` (e.g. 'nvd:vulnStatus', 'osv:withdrawn', 'ghsa:withdrawn_at', 'curated')."
+    },
+    "status_verified": {
+      "type": "string",
+      "description": "ISO-8601 timestamp the status was last confirmed against its source."
+    },
     "affected": {
       "type": "string",
       "minLength": 1,

package/lib/source-ghsa.js

@@ -364,6 +364,9 @@ function normalizeAdvisory(adv) {
       _draft_reason: "Imported from GHSA on " + new Date().toISOString().slice(0, 10) + ". Editorial fields (framework_control_gaps, atlas_refs, attack_refs, iocs, vector, complexity, rwep_factors) require human review. Run `exceptd run sbom --evidence -` against an affected repo to gather IoCs; consult MITRE ATLAS + ATT&CK catalogs for refs.",
       _source_ghsa_id: adv.ghsa_id || null,
       _source_published_at: adv.published_at || null,
+      // GitHub sets `withdrawn_at` when an advisory is retracted. Surface it as
+      // structured status so a withdrawn advisory is flagged, not imported as live.
+      ...(adv.withdrawn_at ? { status: "withdrawn", status_source: "ghsa:withdrawn_at", status_verified: new Date().toISOString().slice(0, 10) } : {}),
       last_updated: new Date().toISOString().slice(0, 10),
     },
   };

package/lib/source-osv.js

@@ -810,6 +810,10 @@ function normalizeAdvisory(rec) {
       _draft_reason: "Imported from OSV.dev on " + today + ". Editorial fields (framework_control_gaps, atlas_refs, attack_refs, iocs, vector, complexity, rwep_factors) require human review. Run `exceptd run sbom --evidence -` against an affected repo to gather IoCs; consult MITRE ATLAS + ATT&CK catalogs for refs.",
       _source_osv_id: rec.id,
       _source_published_at: rec.published || null,
+      // OSV sets a top-level `withdrawn` timestamp when a record is retracted.
+      // Surface it as structured status so a citation check (and the resolver)
+      // can flag a withdrawn advisory instead of importing it as if live.
+      ...(rec.withdrawn ? { status: "withdrawn", status_source: "osv:withdrawn", status_verified: today } : {}),
       last_updated: modified || today,
     },
   };

package/lib/validate-package.js

@@ -7,7 +7,7 @@
  *
  *   - includes every required file from package.json `files`
  *   - excludes every forbidden file (secrets, tests, caches, dev artifacts)
- *   - is under the size budget (currently 5 MB)
+ *   - is under the size budget (currently 7 MB)
  *   - `bin/exceptd.js` has the expected shebang
  *   - the bin target listed in package.json exists on disk
  *
@@ -22,7 +22,12 @@ const { spawnSync } = require("child_process");
 
 const ROOT = path.join(__dirname, "..");
 const ABS = (p) => path.join(ROOT, p);
-const SIZE_BUDGET_BYTES = 5 * 1024 * 1024;          // 5 MB published-tarball cap
+// Published-tarball cap. Guards against accidental bloat (a vendored
+// node_modules, a committed binary — tens of MB), not the curated data that
+// legitimately grows each release: the CVE catalog gains entries and the RFC
+// index spans the full series. Packed size crossed 5 MB through that gradual
+// growth; 7 MB restores headroom while still catching a gross-bloat accident.
+const SIZE_BUDGET_BYTES = 7 * 1024 * 1024;
 
 const REQUIRED_PATHS = [
   "package.json",