@blamejs/exceptd-skills 0.14.0 → 0.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/AGENTS.md +3 -1
  2. package/CHANGELOG.md +16 -0
  3. package/README.md +31 -0
  4. package/bin/exceptd.js +31 -1
  5. package/data/_indexes/_meta.json +3 -3
  6. package/data/_indexes/activity-feed.json +8 -8
  7. package/data/_indexes/catalog-summaries.json +2 -2
  8. package/data/_indexes/frequency.json +1413 -1
  9. package/data/playbooks/citation-hygiene.json +1 -1
  10. package/data/rfc-references.json +55757 -146
  11. package/lib/citation-resolve.js +226 -0
  12. package/lib/collectors/citation-hygiene.js +81 -1
  13. package/lib/cve-cli.js +51 -0
  14. package/lib/flag-suggest.js +1 -1
  15. package/lib/rfc-cli.js +68 -0
  16. package/lib/schemas/cve-catalog.schema.json +13 -0
  17. package/lib/source-ghsa.js +3 -0
  18. package/lib/source-osv.js +4 -0
  19. package/lib/validate-package.js +7 -2
  20. package/manifest.json +44 -44
  21. package/package.json +2 -2
  22. package/sbom.cdx.json +84 -39
  23. package/scripts/refresh-upstream-catalogs.js +12 -2
  24. package/sources/validators/cve-validator.js +46 -1
package/data/playbooks/citation-hygiene.json CHANGED
@@ -372,7 +372,7 @@
372
372
  "confidence": "low",
373
373
  "deterministic": false,
374
374
  "false_positive_checks_required": [
375
- "Resolve the identifier against an authoritative source (NVD, the issuing CNA's advisory) out of band. If it resolves to a real, non-rejected advisory whose product matches the surrounding claim, the citation is sound; record verified and demote to miss.",
375
+ "Resolve the identifier with `exceptd cve <id>` (catalog -> resolved cache -> one NVD lookup, then cached so sibling agents reuse it instead of each researching the same id). If it returns status=published with a product matching the surrounding claim, the citation is sound; record verified and demote to miss. For RFC numbers use `exceptd rfc <number> --check \"<claimed title>\"`.",
376
376
  "If it resolves to a REJECTED / DISPUTED record at NVD, re-classify under rejected-or-disputed-cve rather than leaving it inconclusive."
377
377
  ]
378
378
  },