npm - @blamejs/exceptd-skills - Versions diffs - 0.14.12 → 0.14.14 - Mend

@blamejs/exceptd-skills 0.14.12 → 0.14.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md +25 -0
package/README.md +38 -8
package/bin/exceptd.js +166 -70
package/data/_indexes/_meta.json +2 -2
package/lib/collectors/cicd-pipeline-compromise.js +6 -1
package/lib/collectors/containers.js +9 -1
package/lib/collectors/library-author.js +6 -1
package/lib/playbook-runner.js +87 -11
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +24 -24

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,30 @@
 # Changelog
+## 0.14.14 — 2026-05-27
+Attestation durability and verification:
+- Attestations are now written atomically. The body and its Ed25519 `.sig` sidecar are written to fsync'd temporary files and placed together (the body via an atomic create that still detects a session-id collision, the sidecar alongside it), so a crash or out-of-space mid-write can no longer leave a truncated `attestation.json` or a body without its signature. A failed write also leaves no partial file at the slot.
+- `attest verify` now flags a deleted `.sig` sidecar as tampering (exit 6) when a signature was expected — i.e. when a signing key is present or a sibling attestation in the same session is signed — instead of accepting it as a benign "unsigned" attestation (exit 0). This makes the default `attest verify` agree with `reattest`, which already refused. A genuinely unsigned attestation on a keyless host stays benign.
+- A `run` now blocks (`blocked_by: "mutex"`) when a live concurrent process holds the run lock, rather than proceeding without the lock after losing the acquire race. Same-process reentrancy and filesystem quirks are unaffected.
+## 0.14.13 — 2026-05-27
+Security: a collector scanning a hostile repository no longer hangs on a crafted file. Three workflow/Dockerfile/manifest scanners (`library-author`, `cicd-pipeline-compromise`, `containers`) had a regex that backtracked catastrophically on a long whitespace line — a single planted file could wedge the scan for minutes. The regexes are fixed and a per-line length cap bounds any future regression.
+Deeply-nested evidence is now rejected with an actionable message instead of crashing with an opaque "internal error". The submission canonicalizer (which runs on every `run` to compute the evidence hash) recursed without bound; it now refuses a submission nested beyond 200 levels.
+`run --strict-preconditions` now fails (exit 1) when a `skip_phase` precondition is false. Previously such a run skipped the detect phase and exited 0, so a CI gate relying on the flag silently passed despite the detection never running.
+Detection no longer silently loses or buries a result:
+- A `signal_overrides` value that isn't a recognized result (e.g. `"maybe"`, a number) now surfaces a `signal_override_unrecognized` runtime error instead of being dropped as if the signal were never supplied.
+- A `not_detected` / `clean` classification override is refused when it would bury a deterministic indicator hit (a deterministic hit is too strong to downgrade to "nothing found"); the run stays inconclusive with an explanatory error. Probabilistic hits remain overridable for the legitimate "I confirmed these are benign" workflow. A refused override is no longer reported as applied.
+`run --all` / `run-all` now exits 7 (session-id collision) when a reused `--session-id` collides across the batch, matching the single-run behavior — previously a batch that persisted nothing exited 0 and reported success.
+`watch --help` prints usage and exits instead of starting the blocking daemon and hanging the terminal; `collect --help` now prints its synopsis. The `--help` synopsis for the spawned verbs (`watch`, `watchlist`, `report`, `scan`, `dispatch`, `currency`, `validate-cves`, `validate-rfcs`) is filled in.
+README corrects the `watch` / `watchlist` documentation (the one-shot aggregator with `--alerts` / `--org-scan` is `watchlist`; `watch` is the long-running daemon) and the `refresh --prefetch` description (it warms the cache by fetching, the opposite of the report-only `--no-network`).
 ## 0.14.12 — 2026-05-27
 Structured-bundle accuracy:

package/README.md CHANGED Viewed

@@ -116,7 +116,7 @@ npx @blamejs/exceptd-skills path
 That prints the absolute path of the installed package. Point your AI assistant at:
 - `<path>/AGENTS.md` — canonical project rules + ground truth for every skill
-- `<path>/data/_indexes/summary-cards.json` — 100-word abstract per skill (12 KB)
+- `<path>/data/_indexes/summary-cards.json` — 100-word abstract per skill (~95 KB)
 - `<path>/data/_indexes/recipes.json` — curated multi-skill chains for common use cases
 No clone, no signing keys, no Node 24 required for assistants that read directly from disk. If your assistant needs a local copy as a regular checkout, use `npx degit blamejs/exceptd-skills my-skills` instead.
@@ -156,9 +156,9 @@ Fresh-disclosure workflow (v0.12.0): the nightly auto-PR job pulls KEV / NVD / E
 Primary-source advisory polling: `exceptd refresh --check-advisories` polls 15 vendor and coordinated-disclosure feeds — 8 advisory/coordinated-disclosure venues (Qualys TRU, Red Hat RHSA, Ubuntu USN, Zero Day Initiative, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories), 4 vendor security research blogs added in v0.13.14 (Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red), and 3 additions in v0.13.17 (BleepingComputer security, The Hacker News, and a GitLab activity-feed tracker for the Nightmare-Eclipse researcher handle that anchors NEW-CTRL-073). Combined coverage publishes CVE IDs at T+0 to T+1 — typically 3–14 days ahead of NVD enrichment. The command is report-only: it returns a structured `diffs[]` listing each newly-seen CVE ID with its source attributions and advisory URLs, but does not mutate the catalog. v0.13.17 also adds a complementary detection method (NEW-CTRL-074 / `lib/cve-regression-watcher.js`): the watcher cross-checks poller diffs for historical-CVE references (year ≤ currentYear − 2) and surfaces candidate silent-regression cases — the class anchored by MiniPlasma (a 2026 PoC drop that re-broke CVE-2020-17103 without any new ID being assigned). Operators triage the output and route promising IDs through `exceptd refresh --advisory <CVE-ID> --apply`. Pairs naturally with the daily scheduled remote agent below.
-CVE-class alert surfacing: `exceptd watch --alerts` matches the live `cve-catalog.json` against five operational patterns (`kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`) and returns the matches sorted critical-severity-first, then by RWEP. Use as a fast operational triage on a refreshed catalog without scanning every entry by hand.
+CVE-class alert surfacing: `exceptd watchlist --alerts` matches the live `cve-catalog.json` against five operational patterns (`kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`) and returns the matches sorted critical-severity-first, then by RWEP. Use as a fast operational triage on a refreshed catalog without scanning every entry by hand.
-GitHub repo-pattern monitoring: `exceptd watch --org-scan --org <login>` probes GitHub Search for repositories matching known threat-actor naming patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP") scoped to one org. Custom patterns via repeatable `--pattern <s>`. Implements the canonical detection for the Shai-Hulud / TeamPCP supply-chain framework class — the attacker uses GitHub itself as the exfil channel. Set `GITHUB_TOKEN` for private-repo coverage and rate-limit headroom; public-repo search works without auth.
+GitHub repo-pattern monitoring: `exceptd watchlist --org-scan --org <login>` probes GitHub Search for repositories matching known threat-actor naming patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP") scoped to one org. Custom patterns via repeatable `--pattern <s>`. Implements the canonical detection for the Shai-Hulud / TeamPCP supply-chain framework class — the attacker uses GitHub itself as the exfil channel. Set `GITHUB_TOKEN` for private-repo coverage and rate-limit headroom; public-repo search works without auth.
 AI-assistant config-file audit: `exceptd doctor --ai-config` walks `~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, and `~/.continue`, flagging sensitive files (`settings.json`, `mcp.json`, `*.mcp_config.json`, `api_key*`, `*.token`, `*.credentials`) not at mode 0600 on POSIX. On Windows the mode bits aren't load-bearing; each finding is surfaced with an info-level "manual ACL review" note. Catches the AI-config-credential-exfil class that the Shai-Hulud framework targets. Opt-in — does not run as part of the default no-flag `doctor` pass.
@@ -329,6 +329,21 @@ exceptd doctor                        One-shot health check.
                                       note for each sensitive file on Windows.
                                       Opt-in; not part of the default doctor
                                       pass.
+  --fix                               Auto-remediate signing gaps: regenerate
+                                      the local Ed25519 private key when
+                                      keys/public.pem exists but .keys/private.pem
+                                      is absent. No-op when the key is present.
+  --registry-check                    Probe the npm registry for the latest
+                                      published version + days-since-publish.
+                                      Off by default; --air-gap suppresses it.
+  --collectors                        Enumerate the per-playbook collector layer:
+                                      which playbooks ship a collector, which are
+                                      policy-skipped, and which are unwired.
+  --shipped-tarball                   Run the pack + extract + verify round-trip
+                                      against the tarball operators receive, not
+                                      just the source tree.
+  --exit-codes                        Print the canonical exit-code table as
+                                      JSON for CI / scripting consumers.
 exceptd ci                            One-shot CI gate. Exit codes: 0 PASS,
                                       1 framework error, 2 detected/escalate
@@ -382,8 +397,12 @@ exceptd refresh                       Refresh upstream catalogs + indexes.
                                       Replaces prefetch + refresh + build-indexes.
   --apply                             Write diffs back + rebuild indexes.
   --from-cache [<dir>]                Read from prefetch cache.
-  --prefetch                          Populate the offline cache (alias for
-                                      --no-network).
+  --prefetch                          Warm the offline cache by fetching every
+                                      upstream artifact now (network required).
+                                      Run on a connected host, then point
+                                      --from-cache at the result on the air-gap.
+  --no-network                        Report-only dry-run: list what would be
+                                      fetched without touching the network.
   --network                           (v0.11.14) Fetch latest signed catalog
                                       snapshot from npm tarball, verify against
                                       local public.pem, swap data/ in place.
@@ -417,9 +436,10 @@ Packages dataset (`MAL-*` keys). New IDs land as drafts that the catalog
 validator treats as warnings, not errors — editorial review (framework
 gaps, IoCs, ATLAS/ATT&CK refs) is still required.
-exceptd watch                         Default mode: aggregate every skill's
+exceptd watchlist                     Default mode: aggregate every skill's
                                       forward_watch entries (upcoming standards,
-                                      RFC publications, new TTPs to monitor).
+                                      RFC publications, new TTPs to monitor) in
+                                      one shot.
                                       `--by-skill` inverts the grouping.
   --alerts                            Switch to CVE-catalog pattern alerts.
                                       Five patterns ship:
@@ -448,6 +468,15 @@ exceptd watch                         Default mode: aggregate every skill's
                                       limit; without it, public-repo search
                                       only.
+exceptd watch                         Long-running forward-watch daemon. Blocks
+                                      and listens for KEV additions, ATLAS
+                                      updates, CVE drops, and framework
+                                      amendments, with scheduled currency /
+                                      validation checks. Ctrl-C (or SIGTERM /
+                                      SIGHUP / SIGBREAK) to stop. For one-shot
+                                      aggregation, pattern alerts, or org-scan,
+                                      use `exceptd watchlist`.
 exceptd skill <name>                  Show context for one skill.
 exceptd framework-gap <FW> <ref>      One framework + one CVE/scenario, JSON
                                       or human. (Operates outside the seven-
@@ -455,7 +484,8 @@ exceptd framework-gap <FW> <ref>      One framework + one CVE/scenario, JSON
 exceptd path                          Absolute path to the installed package.
 exceptd version                       Package version.
 exceptd help                          This help.
-exceptd <verb> --help                 Per-verb usage with flag descriptions.
+exceptd <verb> --help                 Most verbs print per-verb usage with flag
+                                      descriptions.
 ```
 ### Legacy v0.10.x verbs

package/bin/exceptd.js CHANGED Viewed

@@ -761,6 +761,16 @@ function main() {
     "framework-gap-analysis": "exceptd framework-gap <framework> <cve-or-scenario>   One-framework gap analysis.",
     cve: "exceptd cve <CVE-ID> [--json] [--air-gap|--no-network]   Resolve a CVE: published/rejected/disputed/fabricated/nonexistent (catalog -> cache -> NVD). Exit 2 when the citation won't stand up (rejected/fabricated/nonexistent/withdrawn).",
     rfc: "exceptd rfc <number> [--check \"<title>\"] [--json] [--air-gap]   Resolve an RFC number -> title + status (local index, offline). Exit 2 when nonexistent or --check title MISMATCH.",
+    // watch MUST be here: without the interception `watch --help` falls through
+    // to spawning the blocking daemon, hanging the operator's terminal.
+    watch: "exceptd watch          Long-running forward-watch daemon (blocks; Ctrl-C to stop). For a one-shot aggregator use `exceptd watchlist`.",
+    watchlist: "exceptd watchlist [--alerts] [--org-scan --org <login>] [--by-skill] [--json]   One-shot forward-watch aggregator across skills.",
+    report: "exceptd report [executive] [--json]   Structured posture report.",
+    scan: "exceptd scan [--json]          [legacy] Working-directory CVE/KEV scan (orchestrator). See `exceptd discover`.",
+    dispatch: "exceptd dispatch [--json]      [legacy] Scan + route findings to skills (orchestrator). See `exceptd discover`.",
+    currency: "exceptd currency [--json]      [legacy] Skill threat-currency report. See `exceptd doctor --currency`.",
+    "validate-cves": "exceptd validate-cves [--offline|--air-gap] [--json]   Validate the CVE catalog against upstream (offline-first).",
+    "validate-rfcs": "exceptd validate-rfcs [--offline|--air-gap] [--json]   Validate the RFC index against upstream (offline-first).",
   };
   if ((effectiveRest.includes("--help") || effectiveRest.includes("-h")) && SPAWN_HELP_USAGE[effectiveCmd]) {
     process.stdout.write(SPAWN_HELP_USAGE[effectiveCmd] + "\n  Full reference: exceptd help\n");
@@ -2314,6 +2324,20 @@ Exit codes:
 Output: verb, session_id, playbooks_run, summary{total, detected,
 max_rwep_observed, jurisdiction_clocks_started, verdict, fail_reasons[]},
 results[].`,
+    collect: `collect <playbook> [--cwd <dir>] [--resolve] [--air-gap] [--json]
+Scan the working directory (or --cwd <dir>) and emit an evidence submission
+for <playbook>, ready to pipe into \`run\`:
+  exceptd collect <playbook> | exceptd run <playbook> --evidence -
+Flags:
+  --cwd <dir>             Scan <dir> instead of the current directory.
+  --resolve               (citation-hygiene) resolve uncatalogued CVE/RFC
+                          citations found during the scan.
+  --air-gap               Do not touch the network during collection.
+  --json                  Raw JSON (default when piped; collect output is the
+                          submission, not a human digest).`,
     brief: `brief [playbook] — unified info doc (v0.11.0).
 Collapses the three info-only phases plan + govern + direct + look into a
@@ -3553,8 +3577,13 @@ function cmdRun(runner, args, runOpts, pretty) {
   // behavior where warn-level issues stay informational. CI gates wanting
   // "fail on any unverified precondition" pass this flag.
   if (args["strict-preconditions"] && result && Array.isArray(result.preflight_issues)) {
+    // precondition_skip MUST be included: a false skip_phase precondition
+    // means detect never ran, so a CI gate relying on --strict-preconditions
+    // ("any precondition_check returning false fails the run", per --help) would
+    // otherwise silently pass (verdict:skipped, exit 0) — the exact gap the
+    // flag exists to close.
     const warnIssues = result.preflight_issues.filter(i =>
-      i.kind === "precondition_unverified" || i.kind === "precondition_warn"
+      i.kind === "precondition_unverified" || i.kind === "precondition_warn" || i.kind === "precondition_skip"
     );
     if (warnIssues.length > 0) {
       // v0.12.12: surface the contract violation in the emitted body so
@@ -4303,9 +4332,19 @@ function cmdRunMulti(runner, ids, args, runOpts, pretty, meta) {
   // remediation without parsing the body.
   const anyLockBusy = results.some(r => r.attestation_persist && r.attestation_persist.lock_contention === true);
   const anyStorageExhausted = results.some(r => r.attestation_persist && r.attestation_persist.storage_exhausted === true);
+  // A persist failure that is neither lock-contention nor storage-exhaustion is
+  // a session-id collision (the single-run path exits 7 for the same
+  // condition). Pre-fix a batch where every attestation refused to overwrite
+  // exited 0, so a re-run with a reused --session-id silently persisted nothing
+  // while reporting success. Surface it with the same code as the single-run
+  // path so a CI gate sees it.
+  const anySessionCollision = results.some(r =>
+    r.attestation_persist && r.attestation_persist.ok === false
+    && !r.attestation_persist.lock_contention && !r.attestation_persist.storage_exhausted);
   const anyBlocked = results.some(r => r.ok === false);
   if (anyLockBusy) { process.exitCode = EXIT_CODES.LOCK_CONTENTION; return; }
   if (anyStorageExhausted) { process.exitCode = EXIT_CODES.STORAGE_EXHAUSTED; return; }
+  if (anySessionCollision) { process.exitCode = EXIT_CODES.SESSION_ID_COLLISION; return; }
   if (anyBlocked) { process.exitCode = EXIT_CODES.GENERIC_FAILURE; return; }
 }
@@ -4525,23 +4564,68 @@ function persistAttestation(args) {
         prior_evidence_hash: priorEvidenceHash,
         prior_captured_at: priorCapturedAt,
       };
-      // Atomic-create via O_EXCL ('wx' flag) eliminates the TOCTOU window
-      // between existsSync and writeFileSync. Two concurrent run-with-same-
-      // session-id invocations now produce one winner + one EEXIST loser,
-      // not silent last-write-wins.
+      // Atomic write: the body and its .sig are written to fsync'd tmp files,
+      // then placed with linkSync (create) / rename (force-overwrite) so a
+      // crash mid-write can never leave a TRUNCATED attestation.json, and the
+      // body never appears partially written. linkSync preserves the O_EXCL
+      // collision guarantee the old "wx" flag gave: it throws EEXIST when the
+      // slot is taken (one winner + one EEXIST loser on concurrent same-
+      // session-id runs), and the placed file has the full content instantly.
       //
-      // v0.12.38 (cycle 18 P1 F2): mode 0o600 + Windows ACL hardening.
-      // Pre-fix attestations were written world-readable (umask-derived
-      // 0o644). On multi-tenant shared hosts a different user could read
-      // the operator's evidence submission, jurisdiction obligations,
-      // and consent records. Mirrors the existing private-key handling
-      // in lib/sign.js (mode 0o600 + restrictWindowsAcl).
-      fs.writeFileSync(filePath, JSON.stringify(attestation, null, 2), { flag, mode: 0o600 });
+      // v0.12.38: mode 0o600 + Windows ACL hardening — attestations carry the
+      // operator's evidence, jurisdiction obligations, and consent records and
+      // must not be world-readable on multi-tenant hosts.
+      const crypto = require("crypto");
+      const jsonStr = JSON.stringify(attestation, null, 2);
+      const sigPath = filePath + ".sig";
+      const suffix = `.${process.pid}.${crypto.randomBytes(6).toString("hex")}.tmp`;
+      const jsonTmp = filePath + suffix;
+      const sigTmp = sigPath + suffix;
+      const writeFsync = (p, data) => {
+        const fd = fs.openSync(p, "w", 0o600);
+        try { fs.writeFileSync(fd, data); fs.fsyncSync(fd); }
+        finally { fs.closeSync(fd); }
+      };
+      // Sidecar is computed over the SAME normalized bytes that will land, so
+      // the sig always matches the placed body.
+      const sidecarBytes = computeSidecarBytes(normalizeAttestationBytes(jsonStr));
+      writeFsync(jsonTmp, jsonStr);
+      writeFsync(sigTmp, sidecarBytes);
+      try {
+        if (flag === "wx") {
+          // Atomic create + collision detection.
+          try {
+            fs.linkSync(jsonTmp, filePath);
+          } catch (linkErr) {
+            if (linkErr.code === "EEXIST") throw linkErr; // collision — outer handler decides
+            // Filesystems without hard-link support (EPERM/EXDEV/ENOSYS): fall
+            // back to an existsSync collision check + atomic rename. Narrow
+            // TOCTOU window, only on such filesystems.
+            if (fs.existsSync(filePath)) { const e = new Error("EEXIST"); e.code = "EEXIST"; throw e; }
+            fs.renameSync(jsonTmp, filePath);
+          }
+          // Slot won — place the sidecar (sigPath is fresh on a create).
+          fs.renameSync(sigTmp, sigPath);
+          try { fs.unlinkSync(jsonTmp); } catch { /* hard-link path leaves a second name */ }
+        } else {
+          // Force-overwrite, under the persist lock: atomic replace of both.
+          // Both tmps are fully written + fsync'd, so the new body and its
+          // matching new sidecar are placed back-to-back.
+          fs.renameSync(jsonTmp, filePath);
+          fs.renameSync(sigTmp, sigPath);
+        }
+      } catch (placeErr) {
+        // Clean up tmps on any placement failure (incl. EEXIST collision) so
+        // a failed/refused write never leaves orphan tmp files at the slot.
+        try { fs.unlinkSync(jsonTmp); } catch { /* may already be linked/renamed */ }
+        try { fs.unlinkSync(sigTmp); } catch { /* may already be renamed */ }
+        throw placeErr;
+      }
       try {
         const { restrictWindowsAcl } = require(path.join(PKG_ROOT, "lib", "sign.js"));
         restrictWindowsAcl(filePath);
+        restrictWindowsAcl(sigPath);
       } catch { /* sign.js not loadable in some test paths — best-effort */ }
-      maybeSignAttestation(filePath);
     };
     try {
@@ -4714,40 +4798,18 @@ function normalizeAttestationBytes(input) {
   return s.replace(/\r\n/g, "\n");
 }
-function maybeSignAttestation(filePath) {
+// Compute the `.sig` sidecar bytes for an attestation's (already-normalized)
+// content. Pure — does NOT write any file; the persist path writes the
+// returned string to a tmp and atomically renames it into place alongside the
+// attestation body, so the body never lands without its sidecar bytes ready.
+// Emits the one-time-per-process unsigned warning.
+function computeSidecarBytes(contentNormalized) {
   const crypto = require("crypto");
-  const sigPath = filePath + ".sig";
-  // v0.12.9 (P2 #3 from production smoke + codex P1 PR #4 review): keep the
-  // sign key aligned with the VERIFY key. `attest verify` checks signatures
-  // against PKG_ROOT/keys/public.pem; if we sign with cwd/.keys/private.pem
-  // (e.g. the maintainer's repo-local keypair) the resulting `.sig` will
-  // verify INVALID and report a false tamper signal on every freshly-written
-  // attestation. PKG_ROOT-only resolution is the right answer; the original
-  // smoke report's "doctor finds key, run does not" gap is fixed in `doctor`
-  // (reporting only PKG_ROOT now), not by making `run` follow a cwd key the
-  // verifier doesn't trust.
+  // v0.12.9: keep the sign key aligned with the VERIFY key. `attest verify`
+  // checks signatures against PKG_ROOT/keys/public.pem; signing with a
+  // cwd-local key would verify INVALID. PKG_ROOT-only resolution is correct.
   const privKeyPath = path.join(PKG_ROOT, ".keys", "private.pem");
-  // Normalize attestation bytes before sign — strip leading UTF-8 BOM +
-  // collapse CRLF to LF. Mirrors lib/sign.js / lib/verify.js /
-  // lib/refresh-network.js / scripts/verify-shipped-tarball.js. The
-  // attestation file lives on disk under .exceptd/ and can pick up CRLF
-  // through git-attribute / editor round-trips on Windows; without
-  // normalization the sign/verify pair diverges on the same logical content.
-  // The byte-stability contract spans five sites; tests/normalize-contract
-  // .test.js enforces byte-identical output across all of them.
-  const rawContent = fs.readFileSync(filePath, "utf8");
-  const content = normalizeAttestationBytes(rawContent);
   // One-time-per-process unsigned warning so cron jobs don't spam stderr.
-  // Operators who set `.keys/private.pem` get tamper-evident attestations;
-  // operators without the keypair get a single nudge per session telling them
-  // exactly how to enable signing.
-  //
-  // Consumer installs (`npm install -g`) land PKG_ROOT under
-  // node_modules/ where the operator typically can't write to
-  // .keys/. For those installs the multi-line nudge prescribes a
-  // remediation (doctor --fix) the operator doesn't own — surface a
-  // single-line marker so the unsigned attestation isn't silent, but
-  // skip the call-to-action that doesn't apply.
   if (!fs.existsSync(privKeyPath) && !process.env.EXCEPTD_UNSIGNED_WARNED) {
     const pkgRootSegments = PKG_ROOT.split(/[\\/]/);
     const isConsumerInstall =
@@ -4768,37 +4830,45 @@ function maybeSignAttestation(filePath) {
   try {
     if (fs.existsSync(privKeyPath)) {
       const privateKey = fs.readFileSync(privKeyPath, "utf8");
-      const sig = crypto.sign(null, Buffer.from(content, "utf8"), {
+      const sig = crypto.sign(null, Buffer.from(contentNormalized, "utf8"), {
         key: privateKey,
         dsaEncoding: "ieee-p1363",
       });
-      // The sidecar's Ed25519 signature covers ONLY the attestation file
-      // bytes. Fields that travel inside the .sig but are NOT in the signed
-      // message are replay-rewrite trivial: an attacker who can write the
-      // directory can mutate them without invalidating the signature. The
-      // sidecar therefore carries only the algorithm tag, the Ed25519
-      // signature payload, and an explanatory note — no `signed_at`,
-      // `signs_path`, or `signs_sha256`. Operators reading freshness use
-      // filesystem mtime; the attestation file's `captured_at` field is
-      // what's signed.
-      fs.writeFileSync(sigPath, JSON.stringify({
+      // The Ed25519 signature covers ONLY the attestation file bytes; no
+      // replay-rewritable metadata travels in the sidecar.
+      return JSON.stringify({
         algorithm: "Ed25519",
         signature_base64: sig.toString("base64"),
         note: "Ed25519 signature covers the attestation file bytes only. Use filesystem mtime for freshness; use the attestation's `captured_at` for the signed timestamp.",
-      }, null, 2), { mode: 0o600 });
-      // Mirror the v0.12.38 attestation.json hardening: 0o600 on POSIX +
-      // icacls inheritance strip on win32. The sidecar carries the
-      // signature payload; multi-tenant hosts shouldn't leak it.
-      try { require("./../lib/sign.js").restrictWindowsAcl(sigPath); } catch { /* best-effort */ }
-    } else {
-      fs.writeFileSync(sigPath, JSON.stringify({
-        algorithm: "unsigned",
-        signed: false,
-        note: "No private key at .keys/private.pem — attestation is hash-stable but unsigned. Run `exceptd doctor --fix` to enable signing.",
-      }, null, 2), { mode: 0o600 });
-      try { require("./../lib/sign.js").restrictWindowsAcl(sigPath); } catch { /* best-effort */ }
+      }, null, 2);
     }
-  } catch { /* non-fatal — signing failure shouldn't block the run */ }
+    return JSON.stringify({
+      algorithm: "unsigned",
+      signed: false,
+      note: "No private key at .keys/private.pem — attestation is hash-stable but unsigned. Run `exceptd doctor --fix` to enable signing.",
+    }, null, 2);
+  } catch {
+    // Signing failure must not block the run — fall back to an unsigned marker
+    // so the sidecar always exists alongside the body.
+    return JSON.stringify({
+      algorithm: "unsigned",
+      signed: false,
+      note: "Signing failed at write time; attestation is hash-stable but unsigned.",
+    }, null, 2);
+  }
+}
+// Sign an already-written file in place by computing + writing its `.sig`
+// sidecar. The main attestation-persist path writes the sidecar atomically
+// alongside the body (via computeSidecarBytes); this helper serves the
+// replay-record path, which writes a uniquely-named file and so needs no
+// atomic-collision handling. Best-effort: a sign-time failure leaves the
+// record unsigned (still a valid audit entry) rather than aborting.
+function maybeSignAttestation(filePath) {
+  const content = normalizeAttestationBytes(fs.readFileSync(filePath, "utf8"));
+  const sidecar = computeSidecarBytes(content);
+  fs.writeFileSync(filePath + ".sig", sidecar, { mode: 0o600 });
+  try { require(path.join(PKG_ROOT, "lib", "sign.js")).restrictWindowsAcl(filePath + ".sig"); } catch { /* best-effort */ }
 }
 /**
@@ -5754,6 +5824,22 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // tampered attestation.json and overwrote .sig with the unsigned stub).
     const privKeyPath = path.join(PKG_ROOT, ".keys", "private.pem");
     const hasPrivKey = fs.existsSync(privKeyPath);
+    // Does any sidecar in this session dir carry a real Ed25519 signature? If
+    // so, a sibling attestation with NO sidecar is suspicious (a sig was
+    // expected). Combined with hasPrivKey, this lets default `attest verify`
+    // treat a deleted sidecar as tamper — agreeing with `reattest`, which
+    // already refuses. The keyless case (no key, all-unsigned peers) stays
+    // benign so keyless CI is unaffected.
+    let anyPeerEd25519Signed = false;
+    try {
+      for (const sf of fs.readdirSync(dir)) {
+        if (!sf.endsWith(".sig")) continue;
+        try {
+          const sd = JSON.parse(fs.readFileSync(path.join(dir, sf), "utf8"));
+          if (sd && sd.algorithm === "Ed25519") { anyPeerEd25519Signed = true; break; }
+        } catch { /* skip unparseable sidecar */ }
+      }
+    } catch { /* dir unreadable — fall through */ }
     // Sidecar-verify helper shared by both the attestations[] and
     // replay-records[] partitions. Centralising the per-file verify
@@ -5761,7 +5847,16 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // instead of two parallel branches.
     const verifySidecar = (f) => {
       const sigPath = path.join(dir, f + ".sig");
-      if (!fs.existsSync(sigPath)) return { file: f, signed: false, verified: false, reason: "no .sig sidecar" };
+      if (!fs.existsSync(sigPath)) {
+        // A missing sidecar is benign ONLY when none was ever expected (the
+        // attestation was written on a keyless host and no peer is signed).
+        // When a sig SHOULD exist, an absent one is a deletion-to-evade-tamper
+        // signal — flag it so default verify matches reattest's refusal.
+        if (hasPrivKey || anyPeerEd25519Signed) {
+          return { file: f, signed: false, verified: false, reason: "no .sig sidecar, but one was expected (signing key present or a signed peer attestation exists) — sidecar deletion suspected", tamper_class: "sidecar-missing" };
+        }
+        return { file: f, signed: false, verified: false, reason: "no .sig sidecar" };
+      }
       let sigDoc;
       try { sigDoc = JSON.parse(fs.readFileSync(sigPath, "utf8")); }
       catch (e) {
@@ -5837,7 +5932,8 @@ function cmdAttest(runner, args, runOpts, pretty) {
       (r.signed && !r.verified)
       || r.tamper_class === "sidecar-corrupt"
       || r.tamper_class === "unsigned-substitution"
-      || r.tamper_class === "algorithm-unsupported";
+      || r.tamper_class === "algorithm-unsupported"
+      || r.tamper_class === "sidecar-missing";
     const attTampered = attResults.some(tamperPredicate);
     const replayTampered = replayResults.some(tamperPredicate);

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-27T21:30:21.745Z",
+  "generated_at": "2026-05-27T23:08:52.304Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "9dfc540e93aa24c5c61de5a568ac4ed94a21c04cddea458bb647c17ee3a4ec48",
+    "manifest.json": "008292f92fc956004d340bf314748a28ab03a6f14c88ddf7f5deabdab8b14b4d",
     "data/atlas-ttps.json": "d24bc02859d40ccf1615db75cca68c077585904e41e0d8f6de448121e9b1abb0",
     "data/attack-techniques.json": "fa193f0d2d248176a8beddb641e9fe56ba4faa9e15dc253ff876dbf0c5d58a77",
     "data/cve-catalog.json": "3d451dda7ac0c7d57a4075ae4bafd3148c6184b35dc1bc59d8b81d1f2641e430",

package/lib/collectors/cicd-pipeline-compromise.js CHANGED Viewed

@@ -180,7 +180,12 @@ function scanWorkflow(content, rel) {
   // composite actions (`uses: ./`).
   const lines2 = content.split(/\r?\n/);
   for (let i = 0; i < lines2.length; i++) {
-    const m = lines2[i].match(/^\s*-?\s*uses:\s*['"]?([^'"\s#]+)['"]?/);
+    // A real `uses:` line is never multiple KB. Skip overlong lines so a
+    // crafted whitespace run can't drive regex backtracking.
+    if (lines2[i].length > 4096) continue;
+    // `^[ \t]*(?:-[ \t]*)?` anchors the indentation once, then an optional
+    // `- ` list marker — no overlapping `\s*` runs that backtrack.
+    const m = lines2[i].match(/^[ \t]*(?:-[ \t]*)?uses:\s*['"]?([^'"\s#]+)['"]?/);
     if (!m) continue;
     const refStr = m[1];
     if (refStr.startsWith("./") || refStr.startsWith("docker://")) continue;

package/lib/collectors/containers.js CHANGED Viewed

@@ -222,6 +222,9 @@ function scanCompose(content, rel) {
   for (let i = 0; i < lines.length; i++) {
     const line = lines[i];
+    // A real compose line is never multiple KB. Skip overlong lines so a
+    // crafted whitespace run can't drive regex backtracking.
+    if (line.length > 4096) continue;
     if (/^\s*#/.test(line)) continue;
     if (/^\s*privileged:\s*true\b/i.test(line)) hits["compose-privileged"].push({ file: rel, line: i + 1, snippet: line.trim() });
     // compose-host-network: per playbook, fires on any of
@@ -268,6 +271,9 @@ function scanK8s(content, rel) {
   for (let i = 0; i < lines.length; i++) {
     const line = lines[i];
+    // A real manifest line is never multiple KB. Skip overlong lines so a
+    // crafted whitespace run can't drive regex backtracking.
+    if (line.length > 4096) continue;
     if (/^\s*#/.test(line)) continue;
     if (/^\s*privileged:\s*true\b/i.test(line)) hits["k8s-privileged"].push({ file: rel, line: i + 1, snippet: line.trim() });
     if (/^\s*(hostNetwork|hostPID|hostIPC):\s*true\b/.test(line)) hits["k8s-host-namespaces"].push({ file: rel, line: i + 1, snippet: line.trim() });
@@ -287,7 +293,9 @@ function scanK8s(content, rel) {
     }
     // image: ...:latest OR image: ... (no tag, defaults to latest)
     // Allow optional leading `-` from a YAML list item: `- image: ...`.
-    const imageMatch = line.match(/^\s*-?\s*image:\s*['"]?([^'"@\s]+)(?:@[^'"]+)?['"]?\s*$/);
+    // `^[ \t]*(?:-[ \t]*)?` anchors the indentation once, then an optional
+    // `- ` list marker — no overlapping `\s*` runs that backtrack.
+    const imageMatch = line.match(/^[ \t]*(?:-[ \t]*)?image:\s*['"]?([^'"@\s]+)(?:@[^'"]+)?['"]?\s*$/);
     if (imageMatch) {
       const ref = imageMatch[1];
       const tagMatch = ref.match(/:([^/]+)$/);

package/lib/collectors/library-author.js CHANGED Viewed

@@ -157,8 +157,13 @@ function scanPublishWorkflow(content, rel) {
   const lines = content.split(/\r?\n/);
   for (let i = 0; i < lines.length; i++) {
     const line = lines[i];
+    // A real `uses:` line is never multiple KB. Skip overlong lines so a
+    // crafted whitespace run can't drive regex backtracking.
+    if (line.length > 4096) continue;
     // Allow optional leading `-` from a YAML list item: `- uses: ...`.
-    const m = line.match(/^\s*-?\s*uses:\s*['"]?([^'"\s]+)['"]?\s*$/);
+    // `^[ \t]*(?:-[ \t]*)?` anchors the indentation once, then an optional
+    // `- ` list marker — no overlapping `\s*` runs that backtrack.
+    const m = line.match(/^[ \t]*(?:-[ \t]*)?uses:\s*['"]?([^'"\s]+)['"]?\s*$/);
     if (!m) continue;
     const ref = m[1];
     if (ref.startsWith("./") || ref.startsWith("./.github/")) continue; // local

package/lib/playbook-runner.js CHANGED Viewed

@@ -691,15 +691,26 @@ function detect(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
         }
       }
     } else {
-      // Without an explicit override, treat any captured artifact as evidence
+      // An override WAS supplied for this indicator but its value didn't
+      // canonicalize to hit/miss/inconclusive (e.g. "maybe", "present", a
+      // number). Pre-fix this was silently dropped — the operator believed
+      // they'd asserted a result but the signal vanished, yielding a false
+      // not_detected. Surface it as a runtime_error (mirrors the
+      // classification_override_invalid signal) so the drop is visible.
+      if (rawOverride !== undefined && runOpts && Array.isArray(runOpts._runErrors)) {
+        pushRunError(runOpts._runErrors, {
+          kind: 'signal_override_unrecognized',
+          indicator_id: ind.id,
+          supplied_value: (typeof rawOverride === 'object') ? JSON.stringify(rawOverride).slice(0, 80) : String(rawOverride).slice(0, 80),
+          message: `signal_overrides["${ind.id}"] value was not recognized (expected hit/miss/inconclusive or a boolean); the signal was ignored.`,
+        }, { dedupeKey: e => e.indicator_id || '' });
+      }
+      // Without a usable override, treat any captured artifact as evidence
       // the indicator could be evaluated. Mark inconclusive if any artifact
       // was captured (engine doesn't pattern-match raw artifact content; the
       // host AI is responsible for that). With NO captured artifacts, this is
       // a clean empty submission — emit 'miss' so the run can reach
       // classification:'not_detected' rather than getting stuck inconclusive.
-      // A clean empty run with no captured artifacts must emit 'miss' so
-      // classification can reach 'not_detected'; otherwise theater_verdict
-      // stays 'pending_agent_run' indefinitely.
       const anyCaptured = Object.values(artifacts).some(a => a && a.captured);
       verdict = anyCaptured ? 'inconclusive' : 'miss';
     }
@@ -765,12 +776,16 @@ function detect(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
   const anyFpDowngrade = indicatorResults.some(r => Array.isArray(r.fp_checks_unsatisfied) && r.fp_checks_unsatisfied.length > 0);
   let classification;
+  // Track whether the override was actually honored, so we don't report a
+  // refused override as "applied" (L6).
+  let overrideEffective = !!override;
   if (override) {
     classification = override === 'clean' ? 'not_detected' : override;
     if (anyFpDowngrade) {
       const substituted = 'inconclusive';
       const attempted = override; // record what the operator submitted, not the mapped form
       classification = substituted;
+      overrideEffective = false;
       if (runOpts && Array.isArray(runOpts._runErrors)) {
         pushRunError(runOpts._runErrors, {
           kind: 'classification_override_blocked',
@@ -782,6 +797,24 @@ function detect(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
             .map(r => ({ id: r.id, fp_checks_unsatisfied_count: r.fp_checks_unsatisfied.length })),
         }, { dedupeKey: e => String(e.attempted) });
       }
+    } else if (classification === 'not_detected' && hasDeterministicHit) {
+      // A not_detected/clean override must not silently bury a DETERMINISTIC
+      // hit. A deterministic indicator firing is high-signal evidence; hiding
+      // it as not_detected is a strictly worse false-negative than leaving the
+      // run inconclusive. (Probabilistic hits remain overridable — that's the
+      // legitimate "I confirmed these are benign" workflow.) Substitute
+      // inconclusive and surface why.
+      classification = 'inconclusive';
+      overrideEffective = false;
+      if (runOpts && Array.isArray(runOpts._runErrors)) {
+        pushRunError(runOpts._runErrors, {
+          kind: 'classification_override_masks_deterministic_hit',
+          attempted: override,
+          substituted: 'inconclusive',
+          reason: 'A not_detected/clean classification override was refused because one or more deterministic indicators fired. A deterministic hit cannot be downgraded to not_detected.',
+          deterministic_hit_indicators: hits.filter(r => r.deterministic).map(r => r.id),
+        }, { dedupeKey: e => String(e.attempted) });
+      }
     }
   } else if (hasDeterministicHit || hasHighConfHit) {
     classification = 'detected';
@@ -818,7 +851,11 @@ function detect(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
       from_observation: agentSubmission._signal_origins?.[i.id] || null,
     })),
     indicators_evaluated_count: indicatorResults.length,
-    classification_override_applied: override ? (override === 'clean' ? 'not_detected' : override) : null,
+    // Only report the override as applied when it was actually honored — a
+    // refused override (FP-downgrade or deterministic-hit masking) left
+    // `classification` as inconclusive, so reporting the attempted value here
+    // would contradict the verdict.
+    classification_override_applied: (override && overrideEffective) ? (override === 'clean' ? 'not_detected' : override) : null,
     submission_shape_seen: agentSubmission._original_shape || (agentSubmission.artifacts ? 'nested (v0.10.x)' : 'empty'),
     // Pass through any flat-shape observation collisions detected at
     // normalize time so analyze() can publish them under
@@ -3148,10 +3185,38 @@ function run(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
     };
   }
+  // Cross-process mutex lock for this run. Use the diagnostic variant so a
+  // CONFIRMED live foreign holder BLOCKS the run. The bare acquireLock returned
+  // null on a lost race (the TOCTOU window between preflight's check and the
+  // acquire) and the run then proceeded UNLOCKED, defeating the mutex. Block
+  // only on `held_by_live_pid` — same-PID reentrancy and FS quirks still
+  // proceed best-effort (lockPath null), so no legitimate nested/edge case
+  // regresses. Released in the finally block.
+  const lockResult = acquireLockDiagnostic(playbookId);
+  // Block ONLY on a confirmed live foreign holder with a real numeric pid.
+  // acquireLockDiagnostic also returns reason:'held_by_live_pid' with
+  // holder_pid:null for a MALFORMED/truncated lockfile (it can't parse a pid to
+  // probe). Blocking on that would let one corrupted lockfile left by a crash
+  // deny every future run forever. A null-pid (malformed) lock instead falls
+  // through to proceed best-effort (lockPath null) — matching how the preflight
+  // mutex check treats unparsable lockfiles as stale.
+  if (!lockResult.ok && lockResult.reason === 'held_by_live_pid'
+      && Number.isInteger(lockResult.holder_pid) && lockResult.holder_pid > 0) {
+    return {
+      ok: false,
+      playbook_id: playbookId,
+      directive_id: directiveId,
+      verdict: 'blocked',
+      summary_line: `${playbookId}: blocked — a concurrent run holds the mutex (pid ${lockResult.holder_pid})`.slice(0, 240),
+      phase: 'preflight',
+      blocked_by: 'mutex',
+      reason: `A concurrent run of "${playbookId}" holds the run lock (live pid ${lockResult.holder_pid}). Retry after it completes.`,
+      remediation: 'Wait for the in-flight run to finish, then retry.',
+      evidence_completeness: 'not-evaluated'
+    };
+  }
+  const lockPath = lockResult.ok ? lockResult.path : null;
   _activeRuns.add(playbookId);
-  // Cross-process mutex lock for this run. preflight verified no other lock
-  // exists; we acquire ours and release in the finally block.
-  const lockPath = acquireLock(playbookId);
   // Parse the playbook once at run() entry and thread the parsed object
   // through each phase via runOpts._playbookCache. Each phase otherwise
   // calls loadPlaybook() independently; for a single run that's seven
@@ -3377,11 +3442,22 @@ function run(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
  * through directly. Avoids JSON.stringify's replacer indirection because
  * a top-level array would otherwise miss the canonicalization recursion.
  */
-function canonicalStringify(v) {
+const CANONICAL_MAX_DEPTH = 200;
+function canonicalStringify(v, _depth = 0) {
   if (v === null || typeof v !== 'object') return JSON.stringify(v);
-  if (Array.isArray(v)) return '[' + v.map(canonicalStringify).join(',') + ']';
+  // Bounded recursion: adversarial (or accidental) deeply-nested evidence
+  // would otherwise overflow the stack with an opaque "internal error". This
+  // runs on every run() (evidence_hash + session_id derivation), so the guard
+  // turns a crash into an actionable rejection. 200 levels is far beyond any
+  // legitimate submission.
+  if (_depth > CANONICAL_MAX_DEPTH) {
+    const e = new Error(`evidence nesting exceeds the maximum depth of ${CANONICAL_MAX_DEPTH} — flatten the submission`);
+    e.code = 'EVIDENCE_TOO_DEEP';
+    throw e;
+  }
+  if (Array.isArray(v)) return '[' + v.map(x => canonicalStringify(x, _depth + 1)).join(',') + ']';
   const keys = Object.keys(v).sort();
-  return '{' + keys.map(k => JSON.stringify(k) + ':' + canonicalStringify(v[k])).join(',') + '}';
+  return '{' + keys.map(k => JSON.stringify(k) + ':' + canonicalStringify(v[k], _depth + 1)).join(',') + '}';
 }
 /**

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.14.12",
+  "version": "0.14.14",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-27T21:28:58.633Z",
+      "signed_at": "2026-05-27T22:43:04.125Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -123,7 +123,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "ztSKk/zFMFbT12qRcEeBKpydBn7fTT86KxMmor0DTCoKQWk5fJ0fSInfP1XMSB6rFk4/SuSjKVxQRMKVJ5a+Cg==",
-      "signed_at": "2026-05-27T21:28:58.635Z",
+      "signed_at": "2026-05-27T22:43:04.127Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -196,7 +196,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "K6QdPHNK5c4K5QFjrW0QsUhjp71D7SOisSoulwPNSvKRdi2rY+yg0kdckijBMkLMsVPyUvcC9giu93mKJ1OZDg==",
-      "signed_at": "2026-05-27T21:28:58.635Z",
+      "signed_at": "2026-05-27T22:43:04.127Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -248,7 +248,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "Qd3SBWmUAaaT++e1Ry2wBIz/dCBmNBMl0+4Rb0etvJLES0fIBEAkU1mTbgNZnT5XOg9J5twdUpymWtmKnDDQCQ==",
-      "signed_at": "2026-05-27T21:28:58.635Z"
+      "signed_at": "2026-05-27T22:43:04.127Z"
     },
     {
       "name": "compliance-theater",
@@ -279,7 +279,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "F2Shxae0ua0gPtvwzTRVzzHaIgJcFDRT3/akLUAZ4aaMQhkleKkcTaTpkjp+pTVEdPfLeLGNCeAOMs+whVYOBg==",
-      "signed_at": "2026-05-27T21:28:58.636Z"
+      "signed_at": "2026-05-27T22:43:04.128Z"
     },
     {
       "name": "exploit-scoring",
@@ -308,7 +308,7 @@
       ],
       "last_threat_review": "2026-05-18",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-27T21:28:58.636Z"
+      "signed_at": "2026-05-27T22:43:04.128Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -345,7 +345,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "W3pS8lnaCP96TQzsJpG5d5yv5IwgaQyS4Z2Ctcz5BOJf6LbajSIgeDgTZ4f4Bhr5m4E7KsgWGjZS4x7Fwd33BQ==",
-      "signed_at": "2026-05-27T21:28:58.637Z",
+      "signed_at": "2026-05-27T22:43:04.129Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -405,7 +405,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "/WDGygh1Ck4yWlBWDGtEUVCqKB8d+UaJXoAoBXujtt+GAl8JbMNpaN1TvI0WkEltQ9dTxaAzSn20/eVDqv8iDQ==",
-      "signed_at": "2026-05-27T21:28:58.637Z",
+      "signed_at": "2026-05-27T22:43:04.129Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -440,7 +440,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "za1NKBpy9LC91F/ESO/qhUfmvVr8GNItQOjR5OJLeHm+2dQ9HHiFWQK2eo53V/n/0uhubuggURA3yS6kJuWwBg==",
-      "signed_at": "2026-05-27T21:28:58.637Z",
+      "signed_at": "2026-05-27T22:43:04.129Z",
       "cwe_refs": [
         "CWE-1188"
       ],
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-27T21:28:58.638Z",
+      "signed_at": "2026-05-27T22:43:04.130Z",
       "forward_watch": [
         "New AI attack classes as ATLAS v6 publishes",
         "Post-quantum adversary capability timeline",
@@ -513,7 +513,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-27T21:28:58.638Z"
+      "signed_at": "2026-05-27T22:43:04.130Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -540,7 +540,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-27T21:28:58.638Z",
+      "signed_at": "2026-05-27T22:43:04.131Z",
       "forward_watch": [
         "New CISA KEV entries",
         "New ATLAS TTP additions in each ATLAS release",
@@ -604,7 +604,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "i/17u4kJiSpcZAz7LnTyRePFugQOstQ1P4kVoe0oGf4E2/j8oIN9U9DccjUn/YHZhKWIJ2AILG/DMhvMrr3bBg==",
-      "signed_at": "2026-05-27T21:28:58.639Z",
+      "signed_at": "2026-05-27T22:43:04.131Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -652,7 +652,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "QuOVaQ4E2Sl39TClbhZ7HA9XrYAyRrDL44HY3RTE7aWLue0hV2cxaBt40ALGmHS++631QGFDlZTLZI77Tr6nAA==",
-      "signed_at": "2026-05-27T21:28:58.639Z"
+      "signed_at": "2026-05-27T22:43:04.131Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -689,7 +689,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-27T21:28:58.639Z",
+      "signed_at": "2026-05-27T22:43:04.132Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -724,7 +724,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "urRcataVWg6/utyEkSiOWoNxTL8sABRjPR7ShyDfZGnAozFph/yDktSoaPVxQDXwu9EfJE+qhUW5OYR/yJECBQ==",
-      "signed_at": "2026-05-27T21:28:58.640Z"
+      "signed_at": "2026-05-27T22:43:04.132Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -796,7 +796,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
       ],
       "signature": "C7lv65/Ecm8JJgSKxrX5lxx0YFzKWtrIQSKp+vy50I5e8945s1JmifGUUrnQwRQhq/Pkv7EmfiH5XSO8h75bDg==",
-      "signed_at": "2026-05-27T21:28:58.640Z"
+      "signed_at": "2026-05-27T22:43:04.132Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -856,7 +856,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-27T21:28:58.640Z"
+      "signed_at": "2026-05-27T22:43:04.133Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -931,7 +931,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "IgEnpHOhCftAyfUNdKsjbrd169T9pJkk/rRM2ZEna+H18y7p5x48+1kME2sJMZjJuyAdQFBJi8PJXZFwLGI+DQ==",
-      "signed_at": "2026-05-27T21:28:58.640Z"
+      "signed_at": "2026-05-27T22:43:04.133Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -1010,7 +1010,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-27T21:28:58.641Z"
+      "signed_at": "2026-05-27T22:43:04.133Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1067,7 +1067,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "G5q5elh7Q7eu2xcwTVQJGDTGfvZR0OGQaLSLJPb2wjzCHFF8PWuZfCHZdjjqisiRzRWPyLlzgfHeMJqOdy7cBw==",
-      "signed_at": "2026-05-27T21:28:58.641Z"
+      "signed_at": "2026-05-27T22:43:04.133Z"
     },
     {
       "name": "identity-assurance",
@@ -1134,7 +1134,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-27T21:28:58.641Z"
+      "signed_at": "2026-05-27T22:43:04.134Z"
     },
     {
       "name": "ot-ics-security",
@@ -1190,7 +1190,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-27T21:28:58.642Z"
+      "signed_at": "2026-05-27T22:43:04.134Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1242,7 +1242,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-27T21:28:58.642Z"
+      "signed_at": "2026-05-27T22:43:04.135Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1292,7 +1292,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-27T21:28:58.642Z"
+      "signed_at": "2026-05-27T22:43:04.135Z"
     },
     {
       "name": "webapp-security",
@@ -1366,7 +1366,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-27T21:28:58.643Z",
+      "signed_at": "2026-05-27T22:43:04.135Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
       ]
@@ -1419,7 +1419,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-27T21:28:58.643Z"
+      "signed_at": "2026-05-27T22:43:04.136Z"
     },
     {
       "name": "sector-healthcare",
@@ -1479,7 +1479,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-27T21:28:58.644Z"
+      "signed_at": "2026-05-27T22:43:04.136Z"
     },
     {
       "name": "sector-financial",
@@ -1560,7 +1560,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-27T21:28:58.644Z"
+      "signed_at": "2026-05-27T22:43:04.137Z"
     },
     {
       "name": "sector-federal-government",
@@ -1629,7 +1629,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-27T21:28:58.644Z"
+      "signed_at": "2026-05-27T22:43:04.137Z"
     },
     {
       "name": "sector-energy",
@@ -1694,7 +1694,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-27T21:28:58.645Z"
+      "signed_at": "2026-05-27T22:43:04.137Z"
     },
     {
       "name": "sector-telecom",
@@ -1780,7 +1780,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-27T21:28:58.645Z"
+      "signed_at": "2026-05-27T22:43:04.138Z"
     },
     {
       "name": "api-security",
@@ -1849,7 +1849,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-27T21:28:58.645Z",
+      "signed_at": "2026-05-27T22:43:04.138Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
@@ -1935,7 +1935,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-27T21:28:58.646Z"
+      "signed_at": "2026-05-27T22:43:04.138Z"
     },
     {
       "name": "container-runtime-security",
@@ -1997,7 +1997,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-27T21:28:58.646Z",
+      "signed_at": "2026-05-27T22:43:04.139Z",
       "forward_watch": [
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
       ]
@@ -2071,7 +2071,7 @@
         "MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "IL+DlRCDJN/p08iiJCFkasKcoyjcB0uWrJ6ORLjQcS1HrUa5Xt62QxVjYPHzaevlm5y36ZdmfESqsZJmzK3lCg==",
-      "signed_at": "2026-05-27T21:28:58.646Z"
+      "signed_at": "2026-05-27T22:43:04.139Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2133,7 +2133,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "MmjLjlmOMLjhJJ4ZfR8MYlHam+ZB+eSqfh6Nv+DecaG4O5zeo9DBP/iL3cbyDVZxmhnhivgJild2ccYeWTeZAg==",
-      "signed_at": "2026-05-27T21:28:58.647Z"
+      "signed_at": "2026-05-27T22:43:04.139Z"
     },
     {
       "name": "ransomware-response",
@@ -2213,7 +2213,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "ssueL03g9fWlhXpTe+IiY5l7RqQkunN4DTN5QETKE+VOX+qggdjAR8PONxk77ol4xWYmHrM/VcH8CNtXUEvgBA==",
-      "signed_at": "2026-05-27T21:28:58.647Z"
+      "signed_at": "2026-05-27T22:43:04.140Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2266,7 +2266,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-27T21:28:58.647Z"
+      "signed_at": "2026-05-27T22:43:04.140Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2334,7 +2334,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "Rgho5TOFUL1txOzcVR0kASCNdovSU4yt99JlGilJlJRyg0A+BdeeQYrZrhPF6Vx2reUAVG0BeHfcZtSbi+cwCg==",
-      "signed_at": "2026-05-27T21:28:58.648Z"
+      "signed_at": "2026-05-27T22:43:04.141Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2414,7 +2414,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-27T21:28:58.648Z",
+      "signed_at": "2026-05-27T22:43:04.141Z",
       "forward_watch": [
         "AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
         "GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
@@ -2508,7 +2508,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-27T21:28:58.648Z",
+      "signed_at": "2026-05-27T22:43:04.141Z",
       "forward_watch": [
         "Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
         "Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
@@ -2526,6 +2526,6 @@
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "XXpEWoGHaLyKnh3mclNAnbJVrnzeFrsAimxLIf5rxzxOrlcVJ2eVB4+gkRbbRU0J0T52S2ODDAiE+qWnEdhOBA=="
+    "signature_base64": "VaHQUp8N+B8LWN2cE5Ma/r5QUuCeeXd1qQZRVdxMsZuywrBbCgET5iiP8miDXVAVw6I/bKVxUeBQzPDzbgTCBQ=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.14.12",
+  "version": "0.14.14",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (406 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:3c3dcfa9-3a0d-41e3-ba8b-fc9074eb6c91",
+  "serialNumber": "urn:uuid:09ce22ed-cf4c-428a-b4ce-4ed39f08cf46",
   "version": 1,
   "metadata": {
-    "timestamp": "2058-01-10T17:30:17.000Z",
+    "timestamp": "2031-03-19T23:38:21.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.14.12"
+        "version": "0.14.14"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.14.12",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.14.14",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.14.12",
+      "version": "0.14.14",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (406 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.14.12",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.14.14",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0c93edb6886bb6d399d389a24226d4baa22f7779ae3996d4d7fbcf0a6e5114d6"
+          "content": "c662ffd7c9591378303810e656ef236bc95461441b0e100888fe51590f04a81e"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.14.12"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.14.14"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ddd5c86511d4ea2e2fa500a67bd5cb5e1111e1fb678d6715500f3ab8729ca2e1"
+          "content": "35200404f3ec807af037296532675b3b89d4edfde5be7906f8f51de79e64b9c1"
         },
         {
           "alg": "SHA3-512",
-          "content": "7a0dfecb42ade2ab79c7e5286c2612b644a5d044b22a9f662aaef40e9793c68d9d019ae93ba8a0f52ac9134e694b00216890bc430362561fbe5757ca31d19e0c"
+          "content": "791909b843163e1295f359e24b1928c2f592f33a99795a1cb0fc73c8282715b78eb4696e30b48a61f63cb5651da945fd11b1707c91a53cea80723fab7553bcec"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ae39088caf4e044bf0449b97c99acfe76ad30b8a9d8e008b438f1cbda0dc16d5"
+          "content": "7ec3434f017d0f634d64518178cb0fbe051450e180ae91335f951bfc1901d5ff"
         },
         {
           "alg": "SHA3-512",
-          "content": "21a01dee170f40b3b5d77360fb209c89b60a8decbbf4c0a871d72176fed03cfb7b45698830741802a903deee84c601ab25a47db6d600679e259368a4ce4c171d"
+          "content": "ec79b55f86aa52f266f6bbcf3f62132bd8a55f853fec892158996deaa495f6776d406efd2945910e8ff61b297d0fb4b3713904d97d3080a8b33fb3e462293fc7"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3d755197adfee59c67dafc46dc19636a491e59986fa088d8b51daee75dfab19b"
+          "content": "447e6ba93e05120de060cca6636c8419c465034744d93606bbe6c7175be1a844"
         },
         {
           "alg": "SHA3-512",
-          "content": "cc3309521915ada4277a09dbe9c33c13510f0508e0e710b8b9a877ebcd5a2a79c3448a08aa8d96286ade6c2dc3ef357794afdbbfb62f8d2531d4bf46e2ee7d58"
+          "content": "23f28a5eefab97d5ad447033826279f34424a728123a2a2c6e551fea601504f06fd9b2860b718e515a7e31bfa1a9cb349bffb926a91c63682753c0c979826db6"
         }
       ]
     },
@@ -926,11 +926,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "dc02ee2b01a753f70b8812f38d7999c3ca666d0a3e4a1255f6d0d21f7faa629c"
+          "content": "e8ab11fa2f22bfac303b39cec8226ee61f9eb638a38bb91d38ed31e5f245e036"
         },
         {
           "alg": "SHA3-512",
-          "content": "918ae3acdbbebc2764e6eac82229b20448300bf8d26b2d79850b9137f48e41cf98ed11b129b328cf2c433553edc31997fa2af3297848f8867217326e0a3f1dcd"
+          "content": "206ccebd277a7da70a8ad26d9bd6fa2ebf39b7deee02f04de70031dce3a36b1ef7f7c3c8c3af080afa86b00e094dc88000ef42b424cb28a0cc52a7f96ba7db36"
         }
       ]
     },
@@ -956,11 +956,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "73fca55e2330e73529d06eb8944114d2f18b483294d373719356dce0556a831d"
+          "content": "bbf451e8828b34b6dfad052a80bb41d6d41c823d0896b7b0af88adc1bc3d0363"
         },
         {
           "alg": "SHA3-512",
-          "content": "d1deb64457f7be99a4dd5fcc504cffdc6b4ddec26d778946af93c5ea60ee399f9c6bb82de1a4cb0165e7708914a7a56e1b61f4f443e6c83b62ece23ceff2d11b"
+          "content": "3cc1ae78ab1fd3995140adf5daad3a276c5c191e37f12183ea4cd1d05faed9b3f52bf7cc028dad36d5bfc347b081ff69f7311b91a70f9f5f235e13297e84846a"
         }
       ]
     },
@@ -1046,11 +1046,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f8a32293e9a8707e05846bbc0c07336d9f5f31a3551ec9df9c146386005cba7c"
+          "content": "adacaf29b1359d15de4974508b06f41da7811aa9602fc56b724ddc01b9211938"
         },
         {
           "alg": "SHA3-512",
-          "content": "b4859aec9f78d53ce82a871eba0069714a6cee8c2b1ce043dc3389fad6ee3e17127c8f5e3e5ae901737410be5491df016412cd1b00954278a768a446252b5b1e"
+          "content": "c4d98ecbc6bc8a897a37e0ae7d5883c71816b3665e2c20a313955b3e0917f81657851c61790dc793c28bf85937d07be2623311a54cfa1c5823bcdaf9d9221c2f"
         }
       ]
     },
@@ -1316,11 +1316,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ce4e0915fd4a758891e1799055d7f21bfeb1c283950668fe125533008c551547"
+          "content": "9c32c19d0d16a52b1d2d9e44f5f74f27b0c68f7869373b63d1b29c9ed43c36a8"
         },
         {
           "alg": "SHA3-512",
-          "content": "e81350df04396a41caaa15f810011fecb50c7efc25dbd3b48133337295948d9c8e5839e9d744891e330b607e9c776710daea7ed1a7b04ff66b9b7b4330f5a15e"
+          "content": "d711a870f6b4a91b78efd2d883df0c1df8cd82547aedd3affce2c7ab4a16832c67a6c40b9dc478dc55cd932cde1105de42231f560f7580ba881fecd3f488945c"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9dfc540e93aa24c5c61de5a568ac4ed94a21c04cddea458bb647c17ee3a4ec48"
+          "content": "008292f92fc956004d340bf314748a28ab03a6f14c88ddf7f5deabdab8b14b4d"
         },
         {
           "alg": "SHA3-512",
-          "content": "30f7961d052a1c680d5eb52afa18a85a669e69591f6dabd19da3c795a4dab4f87c786d852ec08020262c742001abec1c03a45194c9c81077f263749927e6ece6"
+          "content": "99f7d34bc0516df27402740184eb99a961e3d8db7929187df1bab453f0a9356029753246d8efcf003bda0ccd57caa29a51c04c8e4fe2f20a6e385f743dc6f9cc"
         }
       ]
     },