npm - @blamejs/exceptd-skills - Versions diffs - 0.14.13 → 0.14.15 - Mend

@blamejs/exceptd-skills 0.14.13 → 0.14.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 # Changelog
+## 0.14.15 — 2026-05-27
+Emitted CSAF 2.0 and SARIF 2.1.0 documents now pass strict schema/profile validation:
+- Every CSAF vulnerability carries `notes` (CVE-keyed entries previously omitted it, failing the security-advisory profile's mandatory test).
+- A clean run's `csaf_informational_advisory` no longer carries a `/vulnerabilities` array or a `/product_tree` (both are wrong for the informational profile) and now includes the required external `/document/references` entry.
+- `tracking.version` equals the last `revision_history` number and uses the same versioning scheme as it (previously the version was the playbook semver while the revision number was the integer `1` — two violations: a version/revision mismatch and mixed versioning schemes).
+- SARIF results with `kind: "informational"` (framework-gap findings) now use `level: "none"` instead of `"note"`; the SARIF spec requires `level: "none"` whenever `kind` is not `"fail"`, so strict validators and GitHub code scanning previously rejected those results.
+- SARIF `artifactLocation.uri` values from a submission-supplied evidence location are normalized to forward slashes. A Windows operator passing a native backslash path previously produced URIs that violate the SARIF URI-reference requirement (the collector-derived locations were already normalized; submission-threaded ones were not).
+## 0.14.14 — 2026-05-27
+Attestation durability and verification:
+- Attestations are now written atomically. The body and its Ed25519 `.sig` sidecar are written to fsync'd temporary files and placed together (the body via an atomic create that still detects a session-id collision, the sidecar alongside it), so a crash or out-of-space mid-write can no longer leave a truncated `attestation.json` or a body without its signature. A failed write also leaves no partial file at the slot.
+- `attest verify` now flags a deleted `.sig` sidecar as tampering (exit 6) when a signature was expected — i.e. when a signing key is present or a sibling attestation in the same session is signed — instead of accepting it as a benign "unsigned" attestation (exit 0). This makes the default `attest verify` agree with `reattest`, which already refused. A genuinely unsigned attestation on a keyless host stays benign.
+- A `run` now blocks (`blocked_by: "mutex"`) when a live concurrent process holds the run lock, rather than proceeding without the lock after losing the acquire race. Same-process reentrancy and filesystem quirks are unaffected.
 ## 0.14.13 — 2026-05-27
 Security: a collector scanning a hostile repository no longer hangs on a crafted file. Three workflow/Dockerfile/manifest scanners (`library-author`, `cicd-pipeline-compromise`, `containers`) had a regex that backtracked catastrophically on a long whitespace line — a single planted file could wedge the scan for minutes. The regexes are fixed and a per-line length cap bounds any future regression.

package/bin/exceptd.js CHANGED Viewed

@@ -4564,23 +4564,68 @@ function persistAttestation(args) {
         prior_evidence_hash: priorEvidenceHash,
         prior_captured_at: priorCapturedAt,
       };
-      // Atomic-create via O_EXCL ('wx' flag) eliminates the TOCTOU window
-      // between existsSync and writeFileSync. Two concurrent run-with-same-
-      // session-id invocations now produce one winner + one EEXIST loser,
-      // not silent last-write-wins.
+      // Atomic write: the body and its .sig are written to fsync'd tmp files,
+      // then placed with linkSync (create) / rename (force-overwrite) so a
+      // crash mid-write can never leave a TRUNCATED attestation.json, and the
+      // body never appears partially written. linkSync preserves the O_EXCL
+      // collision guarantee the old "wx" flag gave: it throws EEXIST when the
+      // slot is taken (one winner + one EEXIST loser on concurrent same-
+      // session-id runs), and the placed file has the full content instantly.
       //
-      // v0.12.38 (cycle 18 P1 F2): mode 0o600 + Windows ACL hardening.
-      // Pre-fix attestations were written world-readable (umask-derived
-      // 0o644). On multi-tenant shared hosts a different user could read
-      // the operator's evidence submission, jurisdiction obligations,
-      // and consent records. Mirrors the existing private-key handling
-      // in lib/sign.js (mode 0o600 + restrictWindowsAcl).
-      fs.writeFileSync(filePath, JSON.stringify(attestation, null, 2), { flag, mode: 0o600 });
+      // v0.12.38: mode 0o600 + Windows ACL hardening — attestations carry the
+      // operator's evidence, jurisdiction obligations, and consent records and
+      // must not be world-readable on multi-tenant hosts.
+      const crypto = require("crypto");
+      const jsonStr = JSON.stringify(attestation, null, 2);
+      const sigPath = filePath + ".sig";
+      const suffix = `.${process.pid}.${crypto.randomBytes(6).toString("hex")}.tmp`;
+      const jsonTmp = filePath + suffix;
+      const sigTmp = sigPath + suffix;
+      const writeFsync = (p, data) => {
+        const fd = fs.openSync(p, "w", 0o600);
+        try { fs.writeFileSync(fd, data); fs.fsyncSync(fd); }
+        finally { fs.closeSync(fd); }
+      };
+      // Sidecar is computed over the SAME normalized bytes that will land, so
+      // the sig always matches the placed body.
+      const sidecarBytes = computeSidecarBytes(normalizeAttestationBytes(jsonStr));
+      writeFsync(jsonTmp, jsonStr);
+      writeFsync(sigTmp, sidecarBytes);
+      try {
+        if (flag === "wx") {
+          // Atomic create + collision detection.
+          try {
+            fs.linkSync(jsonTmp, filePath);
+          } catch (linkErr) {
+            if (linkErr.code === "EEXIST") throw linkErr; // collision — outer handler decides
+            // Filesystems without hard-link support (EPERM/EXDEV/ENOSYS): fall
+            // back to an existsSync collision check + atomic rename. Narrow
+            // TOCTOU window, only on such filesystems.
+            if (fs.existsSync(filePath)) { const e = new Error("EEXIST"); e.code = "EEXIST"; throw e; }
+            fs.renameSync(jsonTmp, filePath);
+          }
+          // Slot won — place the sidecar (sigPath is fresh on a create).
+          fs.renameSync(sigTmp, sigPath);
+          try { fs.unlinkSync(jsonTmp); } catch { /* hard-link path leaves a second name */ }
+        } else {
+          // Force-overwrite, under the persist lock: atomic replace of both.
+          // Both tmps are fully written + fsync'd, so the new body and its
+          // matching new sidecar are placed back-to-back.
+          fs.renameSync(jsonTmp, filePath);
+          fs.renameSync(sigTmp, sigPath);
+        }
+      } catch (placeErr) {
+        // Clean up tmps on any placement failure (incl. EEXIST collision) so
+        // a failed/refused write never leaves orphan tmp files at the slot.
+        try { fs.unlinkSync(jsonTmp); } catch { /* may already be linked/renamed */ }
+        try { fs.unlinkSync(sigTmp); } catch { /* may already be renamed */ }
+        throw placeErr;
+      }
       try {
         const { restrictWindowsAcl } = require(path.join(PKG_ROOT, "lib", "sign.js"));
         restrictWindowsAcl(filePath);
+        restrictWindowsAcl(sigPath);
       } catch { /* sign.js not loadable in some test paths — best-effort */ }
-      maybeSignAttestation(filePath);
     };
     try {
@@ -4753,40 +4798,18 @@ function normalizeAttestationBytes(input) {
   return s.replace(/\r\n/g, "\n");
 }
-function maybeSignAttestation(filePath) {
+// Compute the `.sig` sidecar bytes for an attestation's (already-normalized)
+// content. Pure — does NOT write any file; the persist path writes the
+// returned string to a tmp and atomically renames it into place alongside the
+// attestation body, so the body never lands without its sidecar bytes ready.
+// Emits the one-time-per-process unsigned warning.
+function computeSidecarBytes(contentNormalized) {
   const crypto = require("crypto");
-  const sigPath = filePath + ".sig";
-  // v0.12.9 (P2 #3 from production smoke + codex P1 PR #4 review): keep the
-  // sign key aligned with the VERIFY key. `attest verify` checks signatures
-  // against PKG_ROOT/keys/public.pem; if we sign with cwd/.keys/private.pem
-  // (e.g. the maintainer's repo-local keypair) the resulting `.sig` will
-  // verify INVALID and report a false tamper signal on every freshly-written
-  // attestation. PKG_ROOT-only resolution is the right answer; the original
-  // smoke report's "doctor finds key, run does not" gap is fixed in `doctor`
-  // (reporting only PKG_ROOT now), not by making `run` follow a cwd key the
-  // verifier doesn't trust.
+  // v0.12.9: keep the sign key aligned with the VERIFY key. `attest verify`
+  // checks signatures against PKG_ROOT/keys/public.pem; signing with a
+  // cwd-local key would verify INVALID. PKG_ROOT-only resolution is correct.
   const privKeyPath = path.join(PKG_ROOT, ".keys", "private.pem");
-  // Normalize attestation bytes before sign — strip leading UTF-8 BOM +
-  // collapse CRLF to LF. Mirrors lib/sign.js / lib/verify.js /
-  // lib/refresh-network.js / scripts/verify-shipped-tarball.js. The
-  // attestation file lives on disk under .exceptd/ and can pick up CRLF
-  // through git-attribute / editor round-trips on Windows; without
-  // normalization the sign/verify pair diverges on the same logical content.
-  // The byte-stability contract spans five sites; tests/normalize-contract
-  // .test.js enforces byte-identical output across all of them.
-  const rawContent = fs.readFileSync(filePath, "utf8");
-  const content = normalizeAttestationBytes(rawContent);
   // One-time-per-process unsigned warning so cron jobs don't spam stderr.
-  // Operators who set `.keys/private.pem` get tamper-evident attestations;
-  // operators without the keypair get a single nudge per session telling them
-  // exactly how to enable signing.
-  //
-  // Consumer installs (`npm install -g`) land PKG_ROOT under
-  // node_modules/ where the operator typically can't write to
-  // .keys/. For those installs the multi-line nudge prescribes a
-  // remediation (doctor --fix) the operator doesn't own — surface a
-  // single-line marker so the unsigned attestation isn't silent, but
-  // skip the call-to-action that doesn't apply.
   if (!fs.existsSync(privKeyPath) && !process.env.EXCEPTD_UNSIGNED_WARNED) {
     const pkgRootSegments = PKG_ROOT.split(/[\\/]/);
     const isConsumerInstall =
@@ -4807,37 +4830,45 @@ function maybeSignAttestation(filePath) {
   try {
     if (fs.existsSync(privKeyPath)) {
       const privateKey = fs.readFileSync(privKeyPath, "utf8");
-      const sig = crypto.sign(null, Buffer.from(content, "utf8"), {
+      const sig = crypto.sign(null, Buffer.from(contentNormalized, "utf8"), {
         key: privateKey,
         dsaEncoding: "ieee-p1363",
       });
-      // The sidecar's Ed25519 signature covers ONLY the attestation file
-      // bytes. Fields that travel inside the .sig but are NOT in the signed
-      // message are replay-rewrite trivial: an attacker who can write the
-      // directory can mutate them without invalidating the signature. The
-      // sidecar therefore carries only the algorithm tag, the Ed25519
-      // signature payload, and an explanatory note — no `signed_at`,
-      // `signs_path`, or `signs_sha256`. Operators reading freshness use
-      // filesystem mtime; the attestation file's `captured_at` field is
-      // what's signed.
-      fs.writeFileSync(sigPath, JSON.stringify({
+      // The Ed25519 signature covers ONLY the attestation file bytes; no
+      // replay-rewritable metadata travels in the sidecar.
+      return JSON.stringify({
         algorithm: "Ed25519",
         signature_base64: sig.toString("base64"),
         note: "Ed25519 signature covers the attestation file bytes only. Use filesystem mtime for freshness; use the attestation's `captured_at` for the signed timestamp.",
-      }, null, 2), { mode: 0o600 });
-      // Mirror the v0.12.38 attestation.json hardening: 0o600 on POSIX +
-      // icacls inheritance strip on win32. The sidecar carries the
-      // signature payload; multi-tenant hosts shouldn't leak it.
-      try { require("./../lib/sign.js").restrictWindowsAcl(sigPath); } catch { /* best-effort */ }
-    } else {
-      fs.writeFileSync(sigPath, JSON.stringify({
-        algorithm: "unsigned",
-        signed: false,
-        note: "No private key at .keys/private.pem — attestation is hash-stable but unsigned. Run `exceptd doctor --fix` to enable signing.",
-      }, null, 2), { mode: 0o600 });
-      try { require("./../lib/sign.js").restrictWindowsAcl(sigPath); } catch { /* best-effort */ }
+      }, null, 2);
     }
-  } catch { /* non-fatal — signing failure shouldn't block the run */ }
+    return JSON.stringify({
+      algorithm: "unsigned",
+      signed: false,
+      note: "No private key at .keys/private.pem — attestation is hash-stable but unsigned. Run `exceptd doctor --fix` to enable signing.",
+    }, null, 2);
+  } catch {
+    // Signing failure must not block the run — fall back to an unsigned marker
+    // so the sidecar always exists alongside the body.
+    return JSON.stringify({
+      algorithm: "unsigned",
+      signed: false,
+      note: "Signing failed at write time; attestation is hash-stable but unsigned.",
+    }, null, 2);
+  }
+}
+// Sign an already-written file in place by computing + writing its `.sig`
+// sidecar. The main attestation-persist path writes the sidecar atomically
+// alongside the body (via computeSidecarBytes); this helper serves the
+// replay-record path, which writes a uniquely-named file and so needs no
+// atomic-collision handling. Best-effort: a sign-time failure leaves the
+// record unsigned (still a valid audit entry) rather than aborting.
+function maybeSignAttestation(filePath) {
+  const content = normalizeAttestationBytes(fs.readFileSync(filePath, "utf8"));
+  const sidecar = computeSidecarBytes(content);
+  fs.writeFileSync(filePath + ".sig", sidecar, { mode: 0o600 });
+  try { require(path.join(PKG_ROOT, "lib", "sign.js")).restrictWindowsAcl(filePath + ".sig"); } catch { /* best-effort */ }
 }
 /**
@@ -5793,6 +5824,22 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // tampered attestation.json and overwrote .sig with the unsigned stub).
     const privKeyPath = path.join(PKG_ROOT, ".keys", "private.pem");
     const hasPrivKey = fs.existsSync(privKeyPath);
+    // Does any sidecar in this session dir carry a real Ed25519 signature? If
+    // so, a sibling attestation with NO sidecar is suspicious (a sig was
+    // expected). Combined with hasPrivKey, this lets default `attest verify`
+    // treat a deleted sidecar as tamper — agreeing with `reattest`, which
+    // already refuses. The keyless case (no key, all-unsigned peers) stays
+    // benign so keyless CI is unaffected.
+    let anyPeerEd25519Signed = false;
+    try {
+      for (const sf of fs.readdirSync(dir)) {
+        if (!sf.endsWith(".sig")) continue;
+        try {
+          const sd = JSON.parse(fs.readFileSync(path.join(dir, sf), "utf8"));
+          if (sd && sd.algorithm === "Ed25519") { anyPeerEd25519Signed = true; break; }
+        } catch { /* skip unparseable sidecar */ }
+      }
+    } catch { /* dir unreadable — fall through */ }
     // Sidecar-verify helper shared by both the attestations[] and
     // replay-records[] partitions. Centralising the per-file verify
@@ -5800,7 +5847,16 @@ function cmdAttest(runner, args, runOpts, pretty) {
     // instead of two parallel branches.
     const verifySidecar = (f) => {
       const sigPath = path.join(dir, f + ".sig");
-      if (!fs.existsSync(sigPath)) return { file: f, signed: false, verified: false, reason: "no .sig sidecar" };
+      if (!fs.existsSync(sigPath)) {
+        // A missing sidecar is benign ONLY when none was ever expected (the
+        // attestation was written on a keyless host and no peer is signed).
+        // When a sig SHOULD exist, an absent one is a deletion-to-evade-tamper
+        // signal — flag it so default verify matches reattest's refusal.
+        if (hasPrivKey || anyPeerEd25519Signed) {
+          return { file: f, signed: false, verified: false, reason: "no .sig sidecar, but one was expected (signing key present or a signed peer attestation exists) — sidecar deletion suspected", tamper_class: "sidecar-missing" };
+        }
+        return { file: f, signed: false, verified: false, reason: "no .sig sidecar" };
+      }
       let sigDoc;
       try { sigDoc = JSON.parse(fs.readFileSync(sigPath, "utf8")); }
       catch (e) {
@@ -5876,7 +5932,8 @@ function cmdAttest(runner, args, runOpts, pretty) {
       (r.signed && !r.verified)
       || r.tamper_class === "sidecar-corrupt"
       || r.tamper_class === "unsigned-substitution"
-      || r.tamper_class === "algorithm-unsupported";
+      || r.tamper_class === "algorithm-unsupported"
+      || r.tamper_class === "sidecar-missing";
     const attTampered = attResults.some(tamperPredicate);
     const replayTampered = replayResults.some(tamperPredicate);

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-27T22:17:04.450Z",
+  "generated_at": "2026-05-28T00:02:12.970Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "a1f0cb852fd487d12bd1a304d36eb175f3ee36a26e37a1ca9cb25d9c576d2afc",
+    "manifest.json": "22b49842257d49e0386c45311639f8e81f671ead4a30b2ca8f14d316731e36bf",
     "data/atlas-ttps.json": "d24bc02859d40ccf1615db75cca68c077585904e41e0d8f6de448121e9b1abb0",
     "data/attack-techniques.json": "fa193f0d2d248176a8beddb641e9fe56ba4faa9e15dc253ff876dbf0c5d58a77",
     "data/cve-catalog.json": "3d451dda7ac0c7d57a4075ae4bafd3148c6184b35dc1bc59d8b81d1f2641e430",

package/lib/playbook-runner.js CHANGED Viewed

@@ -2059,10 +2059,15 @@ function sarifLocationsForIndicator(playbook, indicator) {
   if (ev && ev.length) {
     const locs = [];
     for (const e of ev) {
+      // SARIF artifactLocation.uri is a URI reference (RFC 3986) — the path
+      // separator must be `/`. Operator/agent-supplied evidence on Windows
+      // arrives with backslashes; normalize them so the emitted SARIF is
+      // valid (the collectors already normalize via buildEvidenceLocations,
+      // but submission-threaded locations bypass that path).
       if (typeof e === "string" && e.trim()) {
-        locs.push({ physicalLocation: { artifactLocation: { uri: e.trim() } } });
+        locs.push({ physicalLocation: { artifactLocation: { uri: e.trim().replace(/\\/g, "/") } } });
       } else if (e && typeof e === "object" && typeof e.uri === "string" && e.uri.trim()) {
-        const pl = { artifactLocation: { uri: e.uri.trim() } };
+        const pl = { artifactLocation: { uri: e.uri.trim().replace(/\\/g, "/") } };
         if (Number.isInteger(e.startLine) && e.startLine > 0) {
           pl.region = { startLine: e.startLine, ...(Number.isInteger(e.endLine) && e.endLine >= e.startLine ? { endLine: e.endLine } : {}) };
         }
@@ -2381,6 +2386,14 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
         }
       }] : [];
       const base = {
+        // CSAF Profile 4 (security_advisory) mandatory test 6.1.27.5 requires
+        // every /vulnerabilities[] item to carry `notes`. Without this the
+        // CVE-keyed entries failed strict validation (the indicator pseudo-CVE
+        // entries already carried notes; real-CVE entries did not).
+        notes: [{
+          category: 'description',
+          text: `${c.cve_id}: RWEP ${c.rwep}${c.active_exploitation ? `, active_exploitation=${c.active_exploitation}` : ''}${c.cisa_kev ? ', CISA KEV' : ''}.`,
+        }],
         scores,
         threats: c.active_exploitation === 'confirmed' ? [{ category: 'exploit_status', details: `Active exploitation confirmed${c.cisa_kev ? ' (CISA KEV)' : ''}.` }] : [],
         remediations,
@@ -2526,6 +2539,13 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
         publisher: publisherBlock,
         title: `exceptd finding: ${playbook.domain.name} (${analyze.matched_cves.length} CVE(s), ${indicatorHits.length} indicator hit(s), ${(analyze.framework_gap_mapping || []).length} framework gap(s))`,
         notes: [...namespaceFallbackNote, ...gapNotes],
+        // Profile 3 (csaf_informational_advisory) mandatory test 6.1.27.2
+        // requires /document/references with at least one `external` item. A
+        // security_advisory carries its references inside the vulnerabilities,
+        // so add this only for the informational (clean-run) profile.
+        ...(csafCategory === 'csaf_informational_advisory' ? {
+          references: [{ category: 'external', summary: `exceptd playbook: ${playbook._meta.id}`, url: `https://exceptd.com/playbooks/${playbook._meta.id}` }],
+        } : {}),
         ...(csafDistribution ? { distribution: csafDistribution } : {}),
         tracking: {
           // F2/F9: CSAF tracking.id binds to the run's session_id (threaded
@@ -2545,35 +2565,42 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
           },
           initial_release_date: now,
           current_release_date: now,
-          revision_history: [{ number: '1', date: now, summary: 'Initial finding emission' }]
+          // CSAF 6.1.30 requires homogeneous versioning (all version_t use the
+          // same scheme) and 6.1.16 requires tracking.version === the last
+          // revision_history number. tracking.version is the playbook semver,
+          // so the single revision entry must carry that same semver (not the
+          // integer "1", which mixed schemes AND mismatched the version).
+          revision_history: [{ number: playbook._meta.version, date: now, summary: 'Initial finding emission' }]
         }
       },
-      product_tree: (function () {
-        // Synthesize a 3-level branches tree (vendor → product → version)
-        // from catalog data. CSAF §3.1.5.1 makes branches[] strongly
-        // recommended for csaf_security_advisory documents because NVD /
-        // ENISA / Red Hat dashboards render the affected-product list off
-        // the branches tree, not full_product_names[]. The pre-fix tree
-        // emitted only the synthetic exceptd-target product and operators
-        // browsing the rendered advisory saw no real-world vendor surface.
-        const { branches } = buildCsafBranches(analyze.matched_cves || [], runOpts);
-        const tree = { full_product_names: fullProductNames };
-        if (branches.length > 0) tree.branches = branches;
-        return tree;
-      })(),
-      vulnerabilities: (function () {
-        // v0.12.27: deterministic mode sorts vulnerabilities[] by their
-        // primary identifier (cve_id for CVE entries, ids[0].text otherwise)
-        // ascending. Default mode preserves insertion order so existing
-        // operators see byte-identical output to pre-v0.12.27.
-        const all = [...cveVulns, ...indicatorVulns];
-        if (runOpts && runOpts.bundleDeterministic === true) {
-          const keyOf = (v) => (typeof v.cve === 'string' && v.cve)
-            || (Array.isArray(v.ids) && v.ids[0] && typeof v.ids[0].text === 'string' ? v.ids[0].text : '');
-          return all.slice().sort((a, b) => keyOf(a).localeCompare(keyOf(b)));
-        }
-        return all;
-      })(),
+      // CSAF Profile 3 (informational_advisory) forbids /vulnerabilities
+      // (mandatory test 6.1.27.3) and an informational advisory carrying a
+      // /product_tree is misleading (§4.3 — a reader must assume every named
+      // product is affected). Emit both ONLY for the security_advisory profile;
+      // a clean run's informational advisory carries neither.
+      ...(csafCategory === 'csaf_security_advisory' ? {
+        product_tree: (function () {
+          // Synthesize a 3-level branches tree (vendor → product → version)
+          // from catalog data. CSAF §3.1.5.1 makes branches[] strongly
+          // recommended because NVD / ENISA / Red Hat dashboards render the
+          // affected-product list off the branches tree, not full_product_names[].
+          const { branches } = buildCsafBranches(analyze.matched_cves || [], runOpts);
+          const tree = { full_product_names: fullProductNames };
+          if (branches.length > 0) tree.branches = branches;
+          return tree;
+        })(),
+        vulnerabilities: (function () {
+          // v0.12.27: deterministic mode sorts vulnerabilities[] by their
+          // primary identifier ascending; default mode preserves insertion order.
+          const all = [...cveVulns, ...indicatorVulns];
+          if (runOpts && runOpts.bundleDeterministic === true) {
+            const keyOf = (v) => (typeof v.cve === 'string' && v.cve)
+              || (Array.isArray(v.ids) && v.ids[0] && typeof v.ids[0].text === 'string' ? v.ids[0].text : '');
+            return all.slice().sort((a, b) => keyOf(a).localeCompare(keyOf(b)));
+          }
+          return all;
+        })(),
+      } : {}),
       exceptd_extension: {
         classification: analyze._detect_classification,
         rwep: analyze.rwep,
@@ -2652,9 +2679,12 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
     const gapResults = (analyze.framework_gap_mapping || []).map((g, idx) => ({
       ruleId: `${rulePrefix}framework-gap-${idx}`,
       // Framework gaps are control-design observations, not vulnerabilities —
-      // SARIF §3.27.9 `kind: informational` routes them appropriately.
+      // SARIF §3.27.9 `kind: informational` routes them appropriately. That
+      // same clause requires: when kind !== 'fail', a present `level` SHALL be
+      // 'none'. Pairing 'informational' with 'note' is a schema violation that
+      // strict validators / GitHub code-scanning reject — use 'none'.
       kind: 'informational',
-      level: 'note',
+      level: 'none',
       message: { text: `${g.framework}: ${g.claimed_control} — ${g.actual_gap}${g.required_control ? '. Required: ' + g.required_control : ''}` },
       properties: stripNulls({ kind: 'framework_gap', framework: g.framework, control: g.claimed_control }),
     }));
@@ -3185,10 +3215,38 @@ function run(playbookId, directiveId, agentSubmission = {}, runOpts = {}) {
     };
   }
+  // Cross-process mutex lock for this run. Use the diagnostic variant so a
+  // CONFIRMED live foreign holder BLOCKS the run. The bare acquireLock returned
+  // null on a lost race (the TOCTOU window between preflight's check and the
+  // acquire) and the run then proceeded UNLOCKED, defeating the mutex. Block
+  // only on `held_by_live_pid` — same-PID reentrancy and FS quirks still
+  // proceed best-effort (lockPath null), so no legitimate nested/edge case
+  // regresses. Released in the finally block.
+  const lockResult = acquireLockDiagnostic(playbookId);
+  // Block ONLY on a confirmed live foreign holder with a real numeric pid.
+  // acquireLockDiagnostic also returns reason:'held_by_live_pid' with
+  // holder_pid:null for a MALFORMED/truncated lockfile (it can't parse a pid to
+  // probe). Blocking on that would let one corrupted lockfile left by a crash
+  // deny every future run forever. A null-pid (malformed) lock instead falls
+  // through to proceed best-effort (lockPath null) — matching how the preflight
+  // mutex check treats unparsable lockfiles as stale.
+  if (!lockResult.ok && lockResult.reason === 'held_by_live_pid'
+      && Number.isInteger(lockResult.holder_pid) && lockResult.holder_pid > 0) {
+    return {
+      ok: false,
+      playbook_id: playbookId,
+      directive_id: directiveId,
+      verdict: 'blocked',
+      summary_line: `${playbookId}: blocked — a concurrent run holds the mutex (pid ${lockResult.holder_pid})`.slice(0, 240),
+      phase: 'preflight',
+      blocked_by: 'mutex',
+      reason: `A concurrent run of "${playbookId}" holds the run lock (live pid ${lockResult.holder_pid}). Retry after it completes.`,
+      remediation: 'Wait for the in-flight run to finish, then retry.',
+      evidence_completeness: 'not-evaluated'
+    };
+  }
+  const lockPath = lockResult.ok ? lockResult.path : null;
   _activeRuns.add(playbookId);
-  // Cross-process mutex lock for this run. preflight verified no other lock
-  // exists; we acquire ours and release in the finally block.
-  const lockPath = acquireLock(playbookId);
   // Parse the playbook once at run() entry and thread the parsed object
   // through each phase via runOpts._playbookCache. Each phase otherwise
   // calls loadPlaybook() independently; for a single run that's seven

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.14.13",
+  "version": "0.14.15",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-27T22:15:41.262Z",
+      "signed_at": "2026-05-28T00:00:43.112Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -123,7 +123,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "ztSKk/zFMFbT12qRcEeBKpydBn7fTT86KxMmor0DTCoKQWk5fJ0fSInfP1XMSB6rFk4/SuSjKVxQRMKVJ5a+Cg==",
-      "signed_at": "2026-05-27T22:15:41.263Z",
+      "signed_at": "2026-05-28T00:00:43.114Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -196,7 +196,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "K6QdPHNK5c4K5QFjrW0QsUhjp71D7SOisSoulwPNSvKRdi2rY+yg0kdckijBMkLMsVPyUvcC9giu93mKJ1OZDg==",
-      "signed_at": "2026-05-27T22:15:41.264Z",
+      "signed_at": "2026-05-28T00:00:43.115Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -248,7 +248,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "Qd3SBWmUAaaT++e1Ry2wBIz/dCBmNBMl0+4Rb0etvJLES0fIBEAkU1mTbgNZnT5XOg9J5twdUpymWtmKnDDQCQ==",
-      "signed_at": "2026-05-27T22:15:41.264Z"
+      "signed_at": "2026-05-28T00:00:43.115Z"
     },
     {
       "name": "compliance-theater",
@@ -279,7 +279,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "F2Shxae0ua0gPtvwzTRVzzHaIgJcFDRT3/akLUAZ4aaMQhkleKkcTaTpkjp+pTVEdPfLeLGNCeAOMs+whVYOBg==",
-      "signed_at": "2026-05-27T22:15:41.265Z"
+      "signed_at": "2026-05-28T00:00:43.115Z"
     },
     {
       "name": "exploit-scoring",
@@ -308,7 +308,7 @@
       ],
       "last_threat_review": "2026-05-18",
       "signature": "NA1hoQycvQhSUoG5rwlXX0mOVmGxoXRVezkELGEA2nZOdGis4gXkHT3O6Sfw7zxE4JuMrsCb65TEeOWk9WEPDg==",
-      "signed_at": "2026-05-27T22:15:41.265Z"
+      "signed_at": "2026-05-28T00:00:43.116Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -345,7 +345,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "W3pS8lnaCP96TQzsJpG5d5yv5IwgaQyS4Z2Ctcz5BOJf6LbajSIgeDgTZ4f4Bhr5m4E7KsgWGjZS4x7Fwd33BQ==",
-      "signed_at": "2026-05-27T22:15:41.265Z",
+      "signed_at": "2026-05-28T00:00:43.117Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -405,7 +405,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "/WDGygh1Ck4yWlBWDGtEUVCqKB8d+UaJXoAoBXujtt+GAl8JbMNpaN1TvI0WkEltQ9dTxaAzSn20/eVDqv8iDQ==",
-      "signed_at": "2026-05-27T22:15:41.266Z",
+      "signed_at": "2026-05-28T00:00:43.117Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -440,7 +440,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "za1NKBpy9LC91F/ESO/qhUfmvVr8GNItQOjR5OJLeHm+2dQ9HHiFWQK2eo53V/n/0uhubuggURA3yS6kJuWwBg==",
-      "signed_at": "2026-05-27T22:15:41.266Z",
+      "signed_at": "2026-05-28T00:00:43.117Z",
       "cwe_refs": [
         "CWE-1188"
       ],
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "xiHAhhdufm9hCKU8PLiPE0MX65ej2F4OZwtlWLGLCiie9/km+Kiqbt192LcMvr94v83C98pb9wIaqFsFWft6AQ==",
-      "signed_at": "2026-05-27T22:15:41.266Z",
+      "signed_at": "2026-05-28T00:00:43.118Z",
       "forward_watch": [
         "New AI attack classes as ATLAS v6 publishes",
         "Post-quantum adversary capability timeline",
@@ -513,7 +513,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-27T22:15:41.267Z"
+      "signed_at": "2026-05-28T00:00:43.118Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -540,7 +540,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "igRqYyU1unRFH40BsPyAR62SPrk8QZv8dPGb8S9O9EvLCNOZAzm3t+HdT/NKqzWHwrpomOzkkkyLfYI/0qTUDA==",
-      "signed_at": "2026-05-27T22:15:41.267Z",
+      "signed_at": "2026-05-28T00:00:43.119Z",
       "forward_watch": [
         "New CISA KEV entries",
         "New ATLAS TTP additions in each ATLAS release",
@@ -604,7 +604,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "i/17u4kJiSpcZAz7LnTyRePFugQOstQ1P4kVoe0oGf4E2/j8oIN9U9DccjUn/YHZhKWIJ2AILG/DMhvMrr3bBg==",
-      "signed_at": "2026-05-27T22:15:41.267Z",
+      "signed_at": "2026-05-28T00:00:43.119Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -652,7 +652,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "QuOVaQ4E2Sl39TClbhZ7HA9XrYAyRrDL44HY3RTE7aWLue0hV2cxaBt40ALGmHS++631QGFDlZTLZI77Tr6nAA==",
-      "signed_at": "2026-05-27T22:15:41.268Z"
+      "signed_at": "2026-05-28T00:00:43.119Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -689,7 +689,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8Px1s2lDj10/Q6erwEQlXgUHM1+OTruUR8qAHPX7Oo3k/l69N6P9sm0PsafS9wDFtj9l5C/OiLiFgzMlMt6vBw==",
-      "signed_at": "2026-05-27T22:15:41.268Z",
+      "signed_at": "2026-05-28T00:00:43.120Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -724,7 +724,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "urRcataVWg6/utyEkSiOWoNxTL8sABRjPR7ShyDfZGnAozFph/yDktSoaPVxQDXwu9EfJE+qhUW5OYR/yJECBQ==",
-      "signed_at": "2026-05-27T22:15:41.269Z"
+      "signed_at": "2026-05-28T00:00:43.120Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -796,7 +796,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
       ],
       "signature": "C7lv65/Ecm8JJgSKxrX5lxx0YFzKWtrIQSKp+vy50I5e8945s1JmifGUUrnQwRQhq/Pkv7EmfiH5XSO8h75bDg==",
-      "signed_at": "2026-05-27T22:15:41.269Z"
+      "signed_at": "2026-05-28T00:00:43.120Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -856,7 +856,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "Z7ypCUnXx8JpLtgxxB6RHNi39w74AmrGY1N4ofAGCXhkuM2EaFVm1AU0dvl9UQ1bVLfHKEDGqMO/TwlIY7RABg==",
-      "signed_at": "2026-05-27T22:15:41.269Z"
+      "signed_at": "2026-05-28T00:00:43.121Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -931,7 +931,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "IgEnpHOhCftAyfUNdKsjbrd169T9pJkk/rRM2ZEna+H18y7p5x48+1kME2sJMZjJuyAdQFBJi8PJXZFwLGI+DQ==",
-      "signed_at": "2026-05-27T22:15:41.270Z"
+      "signed_at": "2026-05-28T00:00:43.121Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -1010,7 +1010,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
       ],
       "signature": "pcLrM98A3vUSZRjwNAk0aZ9umvOwB41XCLLsCOy/IebB2F/06oIrGUKkMHtHwm4pTVPShMMcKdZQQ3jz30FnCg==",
-      "signed_at": "2026-05-27T22:15:41.270Z"
+      "signed_at": "2026-05-28T00:00:43.121Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1067,7 +1067,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "G5q5elh7Q7eu2xcwTVQJGDTGfvZR0OGQaLSLJPb2wjzCHFF8PWuZfCHZdjjqisiRzRWPyLlzgfHeMJqOdy7cBw==",
-      "signed_at": "2026-05-27T22:15:41.270Z"
+      "signed_at": "2026-05-28T00:00:43.122Z"
     },
     {
       "name": "identity-assurance",
@@ -1134,7 +1134,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-27T22:15:41.271Z"
+      "signed_at": "2026-05-28T00:00:43.122Z"
     },
     {
       "name": "ot-ics-security",
@@ -1190,7 +1190,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "8t5qKHd3yWi57dvG36YQkLN/X9bQWqtEiYjay4IfSmqhJpM/xXPaQVKNGz3wscrO8OLKUZ0OaX7Mj5kzpgBKBQ==",
-      "signed_at": "2026-05-27T22:15:41.271Z"
+      "signed_at": "2026-05-28T00:00:43.122Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1242,7 +1242,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "GDGt4UPqBa04PjlpSmpyihGzd3OgfBN7jaAK5tfwp+LRSs3ygKOdbeivUCCHNagTY1hE6hG2Ou40ADfBFuXeAg==",
-      "signed_at": "2026-05-27T22:15:41.271Z"
+      "signed_at": "2026-05-28T00:00:43.123Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1292,7 +1292,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "rFBpOQEJUPpl+v88Lw/WqVJRhTl80vy0VbPAbzQj3Q0suJRRrJg368I9uKu5LXIBKFDvKxnGIcIzbGg9NUtaCA==",
-      "signed_at": "2026-05-27T22:15:41.272Z"
+      "signed_at": "2026-05-28T00:00:43.123Z"
     },
     {
       "name": "webapp-security",
@@ -1366,7 +1366,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "ux85YI4t2mVHOyt744Yin1HHy+z11JIFygjKfFfQOBBl5QVV3A267jeIy7utix85irMcpZm/T3yx/ooqiK2tBA==",
-      "signed_at": "2026-05-27T22:15:41.272Z",
+      "signed_at": "2026-05-28T00:00:43.123Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
       ]
@@ -1419,7 +1419,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-27T22:15:41.272Z"
+      "signed_at": "2026-05-28T00:00:43.123Z"
     },
     {
       "name": "sector-healthcare",
@@ -1479,7 +1479,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "AhF9KF8ZBlDteciV+F8IBSmFVYCvQOn44GmD4rZjgLoPxfIv/QE1/vSkK32zyqDKtHWkLSXExbkkPkxA/V6dDw==",
-      "signed_at": "2026-05-27T22:15:41.273Z"
+      "signed_at": "2026-05-28T00:00:43.124Z"
     },
     {
       "name": "sector-financial",
@@ -1560,7 +1560,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "HQgZvb4ReziEz5rNFr8i/O8/rJEZR+iHRROT7m/D2QUqhrcNISPkYXENsUZlG8xapzy/Ik92ehkseyj4hdmhCQ==",
-      "signed_at": "2026-05-27T22:15:41.273Z"
+      "signed_at": "2026-05-28T00:00:43.124Z"
     },
     {
       "name": "sector-federal-government",
@@ -1629,7 +1629,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "linxmsXZiOYtcs71sSWgGCrvb8xQfmxmtTY5PRvZJ0/8FgJulo0tQtejzexYG775s7XhjAmGsDP238BQTQ8ADA==",
-      "signed_at": "2026-05-27T22:15:41.274Z"
+      "signed_at": "2026-05-28T00:00:43.125Z"
     },
     {
       "name": "sector-energy",
@@ -1694,7 +1694,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "JjBfc0ovta560Clk0x3QGRM5osFJDwcvpy3rT7QEGdCIL827jzE8QCow1C8deXq+4JhY2sA/d7/8IsxikdlkCg==",
-      "signed_at": "2026-05-27T22:15:41.274Z"
+      "signed_at": "2026-05-28T00:00:43.125Z"
     },
     {
       "name": "sector-telecom",
@@ -1780,7 +1780,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-27T22:15:41.274Z"
+      "signed_at": "2026-05-28T00:00:43.126Z"
     },
     {
       "name": "api-security",
@@ -1849,7 +1849,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "BmCRCestWqr55+fCynEhtAl5NWLT+xLTkpwS0Icp3SaoZOw/ce3Y6TtqjHRSKn4CBJq7YDiLRWxmhO3MStvOAA==",
-      "signed_at": "2026-05-27T22:15:41.275Z",
+      "signed_at": "2026-05-28T00:00:43.126Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
@@ -1935,7 +1935,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "/DV3pmZwrRySrk1OCbyI+0BQESacjupJfUX3eC2NGtXuYOBro0vndIP+z27heFxumnjU3a9sfla7/U9X+pqnDw==",
-      "signed_at": "2026-05-27T22:15:41.275Z"
+      "signed_at": "2026-05-28T00:00:43.126Z"
     },
     {
       "name": "container-runtime-security",
@@ -1997,7 +1997,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "E2UGSf9ATyYgzBr8uM/0ubOUmDqo1jVA7f9mVxv6LHfWGCNuQNXDyuNou9VAmUCeeXEeUYIi3AFjXkJqpOkxDA==",
-      "signed_at": "2026-05-27T22:15:41.275Z",
+      "signed_at": "2026-05-28T00:00:43.127Z",
       "forward_watch": [
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
       ]
@@ -2071,7 +2071,7 @@
         "MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "IL+DlRCDJN/p08iiJCFkasKcoyjcB0uWrJ6ORLjQcS1HrUa5Xt62QxVjYPHzaevlm5y36ZdmfESqsZJmzK3lCg==",
-      "signed_at": "2026-05-27T22:15:41.276Z"
+      "signed_at": "2026-05-28T00:00:43.127Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2133,7 +2133,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "MmjLjlmOMLjhJJ4ZfR8MYlHam+ZB+eSqfh6Nv+DecaG4O5zeo9DBP/iL3cbyDVZxmhnhivgJild2ccYeWTeZAg==",
-      "signed_at": "2026-05-27T22:15:41.276Z"
+      "signed_at": "2026-05-28T00:00:43.127Z"
     },
     {
       "name": "ransomware-response",
@@ -2213,7 +2213,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "ssueL03g9fWlhXpTe+IiY5l7RqQkunN4DTN5QETKE+VOX+qggdjAR8PONxk77ol4xWYmHrM/VcH8CNtXUEvgBA==",
-      "signed_at": "2026-05-27T22:15:41.276Z"
+      "signed_at": "2026-05-28T00:00:43.128Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2266,7 +2266,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-27T22:15:41.277Z"
+      "signed_at": "2026-05-28T00:00:43.128Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2334,7 +2334,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "Rgho5TOFUL1txOzcVR0kASCNdovSU4yt99JlGilJlJRyg0A+BdeeQYrZrhPF6Vx2reUAVG0BeHfcZtSbi+cwCg==",
-      "signed_at": "2026-05-27T22:15:41.277Z"
+      "signed_at": "2026-05-28T00:00:43.129Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2414,7 +2414,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-27T22:15:41.278Z",
+      "signed_at": "2026-05-28T00:00:43.129Z",
       "forward_watch": [
         "AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
         "GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
@@ -2508,7 +2508,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-27T22:15:41.278Z",
+      "signed_at": "2026-05-28T00:00:43.129Z",
       "forward_watch": [
         "Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
         "Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
@@ -2526,6 +2526,6 @@
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "XvNerZTXJt8fW7G+X8lLqi22bKAf0AU1rg63L2yy/I2smf8dA+nnbhicXsnfheVfWYVWfYmkL+9Dhznpb3hSBA=="
+    "signature_base64": "TYYZN6U1HmGknYT6D0XjoASN/5582uJRHLWt9w5Kp3FNZ+PR9spGiwKVVcu2g1ca68DjjuEWmjxM2069/VNcBA=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.14.13",
+  "version": "0.14.15",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (406 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:b3078c68-9af8-416e-8f22-f5b3e4ced341",
+  "serialNumber": "urn:uuid:392e0013-1220-48fb-95ea-20eeaddf5a1d",
   "version": 1,
   "metadata": {
-    "timestamp": "2121-03-08T01:52:40.000Z",
+    "timestamp": "2056-05-26T04:39:47.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.14.13"
+        "version": "0.14.15"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.14.13",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.14.15",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.14.13",
+      "version": "0.14.15",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (406 CVEs / 171 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.14.13",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.14.15",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1a85b5379311c8bf13781c09de6514abf2313891a9f12616c4790996aff541f2"
+          "content": "25ca72f69f91acc60ea8818a4b2de880302049897b9a3491738185e659e0b0fa"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.14.13"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.14.15"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "db93e367948634b7fe245b7527559864577b5000abf6fce8f3e8274ca6df506f"
+          "content": "e0f8b6434a4e651ef54c776e8a5f4922e825f186b15ded49b95cd31b87c48593"
         },
         {
           "alg": "SHA3-512",
-          "content": "1c823697ecab14f0b338390854ace4eb6059d46bd94c35591c11ffeb568aeaa358cb5c0587d08e449a3be4cc0771fb68004e8262b288dcdf47209c79e2b644a4"
+          "content": "7fe6a6a104278c5ef793837d1051448d077d5ff4c0da20582c32417c75dc3bb754262b3c60b0eeb4c66f168e8ab14b2bbe4657ac8cf6f7ab23cfd2e8ab8ad3d2"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d86676c1ab40a796ff0c08498431d9c2bcd86e0f9d5f14acc9a1b543d208f25d"
+          "content": "447e6ba93e05120de060cca6636c8419c465034744d93606bbe6c7175be1a844"
         },
         {
           "alg": "SHA3-512",
-          "content": "2d4bcb3c99183bbeca53a671726dbfaf2354213abc9f9a1469a4cbd1dcb43689cc0181e9c9b1a0bd9618265acf48fbda5708efc597b11c7fd66160e4a1785589"
+          "content": "23f28a5eefab97d5ad447033826279f34424a728123a2a2c6e551fea601504f06fd9b2860b718e515a7e31bfa1a9cb349bffb926a91c63682753c0c979826db6"
         }
       ]
     },
@@ -1316,11 +1316,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a53c28d4574bda9c3e4dfbb73e96be48f203257dfe16f7235506c07f0128464d"
+          "content": "05afc567fa7500cfd3aa6b8c67a060fc421c8d3f37d68470ffe674a7d7f4e210"
         },
         {
           "alg": "SHA3-512",
-          "content": "c3fe772f15a10c575057fc931d98389773a9dbb1169fd2a1debcb1e07be65dbebb4b42c4ca632c78560991c3c383eb1081d93b07a96c184b7a2868a296a9d9c5"
+          "content": "5c6245e69b1e85a72247fb195cc6f071d7af9b92ba0243c57b5221a3e576dba4f62741604e595d2e00fcbc15f4319495ca470567437b869a868b736f0e6243a0"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a1f0cb852fd487d12bd1a304d36eb175f3ee36a26e37a1ca9cb25d9c576d2afc"
+          "content": "22b49842257d49e0386c45311639f8e81f671ead4a30b2ca8f14d316731e36bf"
         },
         {
           "alg": "SHA3-512",
-          "content": "f29f2c4acd42b83c85d1352c875a8a00a13f5216f7ac9e451b250f79197cce6f7bc82151cb938c133922a14a9d8bbe5883df20aac8b6db17576a6499e80c4651"
+          "content": "4b391ca37058a11ee9ba1d1e88fae252f54a8a20c9a458d6d9fb1345f11827e33d556b4934fbad23082f9296021922330c7c8da89435f4fc5585f12cf8a534f9"
         }
       ]
     },