@blamejs/exceptd-skills 0.14.1 → 0.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/bin/exceptd.js +25 -1
- package/data/_indexes/_meta.json +3 -3
- package/data/_indexes/activity-feed.json +8 -8
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/frequency.json +1413 -1
- package/data/rfc-references.json +55757 -146
- package/lib/collectors/citation-hygiene.js +81 -1
- package/lib/flag-suggest.js +1 -1
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +23 -23
- package/scripts/refresh-upstream-catalogs.js +12 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.14.2 — 2026-05-27
|
|
4
|
+
|
|
5
|
+
`exceptd collect citation-hygiene --resolve` now resolves the cited CVEs the offline catalog can't confirm — once each, through the shared resolver cache — and flips their verdicts instead of parking them as inconclusive for an agent to chase: a rejected or disputed identifier becomes a hit, a well-formed identifier NVD doesn't know becomes fabricated, and a confirmed one clears. Honors `--air-gap` (catalog and cache only, no network).
|
|
6
|
+
|
|
7
|
+
The RFC index now includes obsoleted and historic RFCs (8888 entries, up from 7476). `exceptd rfc <number>` resolves a superseded RFC entirely offline — RFC 2616, for example, returns "Hypertext Transfer Protocol -- HTTP/1.1, obsoleted by RFC 7230–7235" — so confirming whether a cited RFC is still current no longer requires an IETF datatracker lookup.
|
|
8
|
+
|
|
3
9
|
## 0.14.1 — 2026-05-27
|
|
4
10
|
|
|
5
11
|
Two citation resolvers — `exceptd cve <id>` and `exceptd rfc <number>` — answer "is this CVE/RFC citation valid?" so an agent gets the answer from exceptd instead of researching each identifier against NVD or the IETF datatracker by hand. A fan-out of agents auditing a codebase previously re-researched the same citations independently; these resolvers do it once and cache the result for the rest.
|
package/bin/exceptd.js
CHANGED
|
@@ -2337,7 +2337,7 @@ Flags (selected — see \`exceptd run --help\` for the full list):
|
|
|
2337
2337
|
* its evidence JSON before going through phases 4-7. Returns a categorized
|
|
2338
2338
|
* list: ok / missing_required / unknown_keys / type_mismatch / suggestions.
|
|
2339
2339
|
*/
|
|
2340
|
-
function cmdCollect(runner, args, runOpts, pretty) {
|
|
2340
|
+
async function cmdCollect(runner, args, runOpts, pretty) {
|
|
2341
2341
|
const playbookId = args._[0];
|
|
2342
2342
|
if (!playbookId) {
|
|
2343
2343
|
return emitError(
|
|
@@ -2439,6 +2439,30 @@ function cmdCollect(runner, args, runOpts, pretty) {
|
|
|
2439
2439
|
try { pbMetaAirGap = !!(runner.loadPlaybook(playbookId)?._meta?.air_gap_mode); }
|
|
2440
2440
|
catch { /* playbook load shouldn't fail here — collector exists — but be defensive */ }
|
|
2441
2441
|
const collectAirGap = !!(runOpts.airGap || process.env.EXCEPTD_AIR_GAP === "1" || pbMetaAirGap);
|
|
2442
|
+
|
|
2443
|
+
// --resolve: resolve the citations the offline catalog couldn't confirm,
|
|
2444
|
+
// flipping their parked signals instead of leaving them inconclusive for the
|
|
2445
|
+
// operator to research. Opt-in, collector-specific (only citation-hygiene
|
|
2446
|
+
// exposes applyResolution). Honors the collect air-gap disposition.
|
|
2447
|
+
if (args.resolve) {
|
|
2448
|
+
if (typeof mod.applyResolution !== "function") {
|
|
2449
|
+
return emitError(
|
|
2450
|
+
`collect: --resolve is not supported by the "${playbookId}" collector (no resolution step).`,
|
|
2451
|
+
{ verb: "collect", playbook_id: playbookId },
|
|
2452
|
+
pretty,
|
|
2453
|
+
);
|
|
2454
|
+
}
|
|
2455
|
+
try {
|
|
2456
|
+
submission = await mod.applyResolution(submission, { airGap: collectAirGap });
|
|
2457
|
+
} catch (e) {
|
|
2458
|
+
return emitError(
|
|
2459
|
+
`collect: --resolve failed for "${playbookId}": ${e.message}`,
|
|
2460
|
+
{ verb: "collect", playbook_id: playbookId, exit_code: 2 },
|
|
2461
|
+
pretty,
|
|
2462
|
+
);
|
|
2463
|
+
}
|
|
2464
|
+
}
|
|
2465
|
+
|
|
2442
2466
|
// Spread `submission` first, then explicit fields, so a submission key
|
|
2443
2467
|
// named `air_gap_mode` (currently always undefined but defensive against
|
|
2444
2468
|
// future collector contracts) can't clobber the envelope marker.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-27T13:10:02.958Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "e3c6dc62608d025f8f60ae232bdd54da7433eb8c1d29bdef81deee51122dae4c",
|
|
8
8
|
"data/atlas-ttps.json": "d24bc02859d40ccf1615db75cca68c077585904e41e0d8f6de448121e9b1abb0",
|
|
9
9
|
"data/attack-techniques.json": "fa193f0d2d248176a8beddb641e9fe56ba4faa9e15dc253ff876dbf0c5d58a77",
|
|
10
10
|
"data/cve-catalog.json": "3d451dda7ac0c7d57a4075ae4bafd3148c6184b35dc1bc59d8b81d1f2641e430",
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
15
|
"data/framework-control-gaps.json": "46094ad9b9584f454daddd28f4c5d27faf0ea0510daafd38fb60bf9d30f6a305",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
|
-
"data/rfc-references.json": "
|
|
17
|
+
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
18
|
"data/zeroday-lessons.json": "258252b9bff1fc11b05b76e10b659c1195971884bd44c92af5fefe17a5ca9512",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
@@ -5,6 +5,14 @@
|
|
|
5
5
|
"event_count": 54
|
|
6
6
|
},
|
|
7
7
|
"events": [
|
|
8
|
+
{
|
|
9
|
+
"date": "2026-05-27",
|
|
10
|
+
"type": "catalog_update",
|
|
11
|
+
"artifact": "data/rfc-references.json",
|
|
12
|
+
"path": "data/rfc-references.json",
|
|
13
|
+
"schema_version": "1.0.0",
|
|
14
|
+
"entry_count": 8888
|
|
15
|
+
},
|
|
8
16
|
{
|
|
9
17
|
"date": "2026-05-22",
|
|
10
18
|
"type": "skill_review",
|
|
@@ -100,14 +108,6 @@
|
|
|
100
108
|
"schema_version": "1.0.0",
|
|
101
109
|
"entry_count": 468
|
|
102
110
|
},
|
|
103
|
-
{
|
|
104
|
-
"date": "2026-05-19",
|
|
105
|
-
"type": "catalog_update",
|
|
106
|
-
"artifact": "data/rfc-references.json",
|
|
107
|
-
"path": "data/rfc-references.json",
|
|
108
|
-
"schema_version": "1.0.0",
|
|
109
|
-
"entry_count": 7476
|
|
110
|
-
},
|
|
111
111
|
{
|
|
112
112
|
"date": "2026-05-18",
|
|
113
113
|
"type": "skill_review",
|
|
@@ -207,7 +207,7 @@
|
|
|
207
207
|
"path": "data/rfc-references.json",
|
|
208
208
|
"purpose": "IETF RFCs + active Internet-Drafts cited by skills (TLS, IPsec, PQ crypto migration, HTTP/3, CT). Cross-validated against IETF Datatracker via validate-rfcs.",
|
|
209
209
|
"schema_version": "1.0.0",
|
|
210
|
-
"last_updated": "2026-05-
|
|
210
|
+
"last_updated": "2026-05-27",
|
|
211
211
|
"tlp": "CLEAR",
|
|
212
212
|
"source_confidence_default": "A1",
|
|
213
213
|
"freshness_policy": {
|
|
@@ -216,7 +216,7 @@
|
|
|
216
216
|
"rebuild_after_days": 365,
|
|
217
217
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
218
218
|
},
|
|
219
|
-
"entry_count":
|
|
219
|
+
"entry_count": 8888,
|
|
220
220
|
"sample_keys": [
|
|
221
221
|
"RFC-4301",
|
|
222
222
|
"RFC-4303",
|