npm - @blamejs/exceptd-skills - Versions diffs - 0.15.47 → 0.15.48 - Mend

@blamejs/exceptd-skills 0.15.47 → 0.15.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 # Changelog
+## 0.15.48 — 2026-05-30
+Internal: the release flow is now driven by a phased orchestrator, `scripts/release.js`. Each subcommand (prepare, gates, commit, push, watch, merge, tag, release) runs one idempotent, resumable phase and exits with a script-safe code; the tag phase enforces a GUARD against tag-on-stale-HEAD and version skew between `package.json`, `manifest.json`, and the CHANGELOG heading. No change to the shipped CLI, catalogs, or skills.
 ## 0.15.47 — 2026-05-30
 A consistency pass on error envelopes and flag handling.

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-30T18:46:17.416Z",
+  "generated_at": "2026-05-30T19:25:42.050Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "913d165fe1132e187dfdb9938d26d905af595901ad839f7adb079ac3c78445d8",
+    "manifest.json": "136eb6c81cbfd016dad3104269115be5b1a1466088c8666868fd91ba5bd5fa5b",
     "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
     "data/attack-techniques.json": "84fad74c8497cab922ed64b814752f54aa4620c2a938cb06642ff1510e1c5cb3",
     "data/cve-catalog.json": "7a5f4e31401505e53330cdc4b54b39f8a8b04459d6b9411676d291c583ae535f",

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.15.47",
+  "version": "0.15.48",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
-      "signed_at": "2026-05-30T18:44:57.971Z",
+      "signed_at": "2026-05-30T19:06:23.609Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -123,7 +123,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
-      "signed_at": "2026-05-30T18:44:57.973Z",
+      "signed_at": "2026-05-30T19:06:23.611Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -196,7 +196,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
-      "signed_at": "2026-05-30T18:44:57.973Z",
+      "signed_at": "2026-05-30T19:06:23.611Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -248,7 +248,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
-      "signed_at": "2026-05-30T18:44:57.974Z"
+      "signed_at": "2026-05-30T19:06:23.612Z"
     },
     {
       "name": "compliance-theater",
@@ -279,7 +279,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
-      "signed_at": "2026-05-30T18:44:57.974Z"
+      "signed_at": "2026-05-30T19:06:23.612Z"
     },
     {
       "name": "exploit-scoring",
@@ -308,7 +308,7 @@
       ],
       "last_threat_review": "2026-05-18",
       "signature": "QuNpwnZ6HkCEAXTPC/jLbXSmMIc1JnBczqZAAIZmZj8OcEMVnw9mJYAnU3CxaEI7rvbcMkN2uS5E8yUCm/NiAg==",
-      "signed_at": "2026-05-30T18:44:57.975Z"
+      "signed_at": "2026-05-30T19:06:23.613Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -345,7 +345,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
-      "signed_at": "2026-05-30T18:44:57.975Z",
+      "signed_at": "2026-05-30T19:06:23.613Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -405,7 +405,7 @@
       ],
       "last_threat_review": "2026-05-17",
       "signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
-      "signed_at": "2026-05-30T18:44:57.975Z",
+      "signed_at": "2026-05-30T19:06:23.613Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -440,7 +440,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-22",
       "signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
-      "signed_at": "2026-05-30T18:44:57.976Z",
+      "signed_at": "2026-05-30T19:06:23.614Z",
       "cwe_refs": [
         "CWE-1188"
       ],
@@ -474,7 +474,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
-      "signed_at": "2026-05-30T18:44:57.976Z",
+      "signed_at": "2026-05-30T19:06:23.614Z",
       "forward_watch": [
         "New AI attack classes as ATLAS v6 publishes",
         "Post-quantum adversary capability timeline",
@@ -513,7 +513,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
-      "signed_at": "2026-05-30T18:44:57.976Z"
+      "signed_at": "2026-05-30T19:06:23.615Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -540,7 +540,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-18",
       "signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
-      "signed_at": "2026-05-30T18:44:57.977Z",
+      "signed_at": "2026-05-30T19:06:23.615Z",
       "forward_watch": [
         "New CISA KEV entries",
         "New ATLAS TTP additions in each ATLAS release",
@@ -604,7 +604,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
-      "signed_at": "2026-05-30T18:44:57.977Z",
+      "signed_at": "2026-05-30T19:06:23.615Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -652,7 +652,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
-      "signed_at": "2026-05-30T18:44:57.977Z"
+      "signed_at": "2026-05-30T19:06:23.616Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -689,7 +689,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
-      "signed_at": "2026-05-30T18:44:57.978Z",
+      "signed_at": "2026-05-30T19:06:23.616Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -724,7 +724,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
-      "signed_at": "2026-05-30T18:44:57.978Z"
+      "signed_at": "2026-05-30T19:06:23.616Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -796,7 +796,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
       ],
       "signature": "DDMzI+4En4aIkwBUCGW6nj1eEkCyLqHGn2LJ2rnwWfYatjPI1U5HrTZNAN/n9JqWtAzk8F3rmsKehaaz5iNWDA==",
-      "signed_at": "2026-05-30T18:44:57.978Z"
+      "signed_at": "2026-05-30T19:06:23.617Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -856,7 +856,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
-      "signed_at": "2026-05-30T18:44:57.979Z"
+      "signed_at": "2026-05-30T19:06:23.617Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -931,7 +931,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
-      "signed_at": "2026-05-30T18:44:57.979Z"
+      "signed_at": "2026-05-30T19:06:23.617Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -1010,7 +1010,7 @@
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
       ],
       "signature": "UY3tBi0n1K/OtSrWPkHcOCSuHEwKuPmRqGIf3MyPVXGWS72elGTWGXt4AN/uStLmefeEody1LuhnJR9PWjr4Cg==",
-      "signed_at": "2026-05-30T18:44:57.979Z"
+      "signed_at": "2026-05-30T19:06:23.618Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1067,7 +1067,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
-      "signed_at": "2026-05-30T18:44:57.980Z"
+      "signed_at": "2026-05-30T19:06:23.618Z"
     },
     {
       "name": "identity-assurance",
@@ -1134,7 +1134,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
-      "signed_at": "2026-05-30T18:44:57.980Z"
+      "signed_at": "2026-05-30T19:06:23.618Z"
     },
     {
       "name": "ot-ics-security",
@@ -1190,7 +1190,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
-      "signed_at": "2026-05-30T18:44:57.980Z"
+      "signed_at": "2026-05-30T19:06:23.619Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1242,7 +1242,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
-      "signed_at": "2026-05-30T18:44:57.981Z"
+      "signed_at": "2026-05-30T19:06:23.619Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1292,7 +1292,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
-      "signed_at": "2026-05-30T18:44:57.981Z"
+      "signed_at": "2026-05-30T19:06:23.619Z"
     },
     {
       "name": "webapp-security",
@@ -1366,7 +1366,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
-      "signed_at": "2026-05-30T18:44:57.981Z",
+      "signed_at": "2026-05-30T19:06:23.620Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
       ]
@@ -1419,7 +1419,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
-      "signed_at": "2026-05-30T18:44:57.982Z"
+      "signed_at": "2026-05-30T19:06:23.620Z"
     },
     {
       "name": "sector-healthcare",
@@ -1479,7 +1479,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
-      "signed_at": "2026-05-30T18:44:57.982Z"
+      "signed_at": "2026-05-30T19:06:23.621Z"
     },
     {
       "name": "sector-financial",
@@ -1560,7 +1560,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "xbylLqNPBuEsFE/MNVeGy/01K6yiJXMxQbzC1F4RWU5aseDGbNy5HrAv2JWI2+Aft05ozreNPjccvu66yJ5EBw==",
-      "signed_at": "2026-05-30T18:44:57.982Z"
+      "signed_at": "2026-05-30T19:06:23.621Z"
     },
     {
       "name": "sector-federal-government",
@@ -1629,7 +1629,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
-      "signed_at": "2026-05-30T18:44:57.983Z"
+      "signed_at": "2026-05-30T19:06:23.622Z"
     },
     {
       "name": "sector-energy",
@@ -1694,7 +1694,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
-      "signed_at": "2026-05-30T18:44:57.983Z"
+      "signed_at": "2026-05-30T19:06:23.622Z"
     },
     {
       "name": "sector-telecom",
@@ -1780,7 +1780,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
-      "signed_at": "2026-05-30T18:44:57.983Z"
+      "signed_at": "2026-05-30T19:06:23.622Z"
     },
     {
       "name": "api-security",
@@ -1849,7 +1849,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
-      "signed_at": "2026-05-30T18:44:57.984Z",
+      "signed_at": "2026-05-30T19:06:23.623Z",
       "forward_watch": [
         "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
@@ -1935,7 +1935,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
-      "signed_at": "2026-05-30T18:44:57.984Z"
+      "signed_at": "2026-05-30T19:06:23.623Z"
     },
     {
       "name": "container-runtime-security",
@@ -1997,7 +1997,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-15",
       "signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
-      "signed_at": "2026-05-30T18:44:57.984Z",
+      "signed_at": "2026-05-30T19:06:23.623Z",
       "forward_watch": [
         "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
       ]
@@ -2071,7 +2071,7 @@
         "MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
-      "signed_at": "2026-05-30T18:44:57.985Z"
+      "signed_at": "2026-05-30T19:06:23.624Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2133,7 +2133,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
-      "signed_at": "2026-05-30T18:44:57.985Z"
+      "signed_at": "2026-05-30T19:06:23.624Z"
     },
     {
       "name": "ransomware-response",
@@ -2213,7 +2213,7 @@
       ],
       "last_threat_review": "2026-05-22",
       "signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
-      "signed_at": "2026-05-30T18:44:57.985Z"
+      "signed_at": "2026-05-30T19:06:23.625Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2266,7 +2266,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-18",
       "signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
-      "signed_at": "2026-05-30T18:44:57.986Z"
+      "signed_at": "2026-05-30T19:06:23.625Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2334,7 +2334,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
-      "signed_at": "2026-05-30T18:44:57.986Z"
+      "signed_at": "2026-05-30T19:06:23.625Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2414,7 +2414,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "r9ii4nb3HJELdtKCGF5qy9PHOiot3GC24yfxfGAKlLENHkdRvRkvvL99eV/6RXyfUaMyrnc2Te8tPQcNu5bsDg==",
-      "signed_at": "2026-05-30T18:44:57.987Z",
+      "signed_at": "2026-05-30T19:06:23.626Z",
       "forward_watch": [
         "AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
         "GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
@@ -2508,7 +2508,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
-      "signed_at": "2026-05-30T18:44:57.987Z",
+      "signed_at": "2026-05-30T19:06:23.626Z",
       "forward_watch": [
         "Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
         "Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
@@ -2526,6 +2526,6 @@
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "FVMT7weOuT7njeR5qg8qOyW+3aWP0A53J2WMgxVrguzYVDA5Z1a+LXGIOiBoGE0fi0MHw4Lnbi7bZvjWV3FUDA=="
+    "signature_base64": "7Fl14Lf0ULx1ghjig+1D9D7B1ldxqbAWNpvWXpIVX4P9pSu57BvEXkfwW3dz8pqsG86uob4IYIQMVhG1EHUxCA=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.15.47",
+  "version": "0.15.48",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:21ba1af0-38cd-48d8-9d2f-1354b42f3829",
+  "serialNumber": "urn:uuid:bfbc8ed4-a484-4dfb-b1a6-636dcffa929b",
   "version": 1,
   "metadata": {
-    "timestamp": "2043-12-07T03:05:20.000Z",
+    "timestamp": "2127-12-09T13:06:28.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.15.47"
+        "version": "0.15.48"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.47",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.48",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.15.47",
+      "version": "0.15.48",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.47",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.48",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "83332c01cf1199c050266b7a6a1fc12e2a74f581f5802c3dbccc49ef564e1668"
+          "content": "6f18d931a960c7dc8adebbc19cea574865ccfe8cc7f7d59d38c54bca38c8774c"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.47"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.48"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0252f12293082acb79c1aa063ba448cdb954d6916c4bf2539bf6956892a795a6"
+          "content": "54eb3a6e90c36720596c68369b3bc665fd5ee6fcf1e6baea97b01cd979abdef7"
         },
         {
           "alg": "SHA3-512",
-          "content": "38c6fba550906f5e13c97d12c4b9024bc8e45f57b1c947e0afb6994179b4554e4a898763ec02cdbc8594ae3d7ec812cb75ae38259a4b04a5634cdeed6ef7ce52"
+          "content": "ec3265813bec9e5a9ac3687807ee18fd2f33d80841e489cce57e7defa90c8b66851cc93ed29294cc8ec2719db4878312f0d283cd756797b2f76f6de69448d6cd"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "913d165fe1132e187dfdb9938d26d905af595901ad839f7adb079ac3c78445d8"
+          "content": "136eb6c81cbfd016dad3104269115be5b1a1466088c8666868fd91ba5bd5fa5b"
         },
         {
           "alg": "SHA3-512",
-          "content": "17d34176ec3505071195eea1a2ba655687d14aba48d8cd1f1181af13cc688ca5b88c45de73ad72a6f0b2e3295b150727d6fa9470d10010348496e043185de7fb"
+          "content": "f912df81fe64a8f9d506ececd6e6d1040be6bc173b0c154182f33bac50304821a8833a09bd1b2b6c084cc23a5f59aef3a6b435f1c80a198afc55301346750d06"
         }
       ]
     },
@@ -2434,6 +2434,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:scripts/release.js",
+      "type": "file",
+      "name": "scripts/release.js",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "3e538e0658b9137cb126aef9b80ba2fa1afb2355242a28f5728a9a3291263fc5"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "f0e60ce16ed4cf06fb96c9f2d7cee1181bdbe7985d8bd224dc1bf635287132a4828fd3360be4bb5550859d8a815807642fc3e9033e4acec3e15207d98619ba4c"
+        }
+      ]
+    },
     {
       "bom-ref": "file:scripts/run-e2e-scenarios.js",
       "type": "file",

package/scripts/release.js ADDED Viewed

@@ -0,0 +1,593 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * release.js — orchestrate the exceptd release flow as a sequence of
+ * idempotent subcommands. Each subcommand performs ONE phase, prints what
+ * it did, and exits with a code that's safe to script against in a terminal
+ * or CI runner. It codifies the flow that CONTRIBUTING.md / the repo's
+ * release notes describe step by step, so a release can't skip the
+ * load-bearing ordering (CHANGELOG entry first, gates before tag, CI green
+ * before tag push, GUARD before tag).
+ *
+ * Usage:
+ *   node scripts/release.js prepare [--minor]   # bump + sign + indexes + snapshot + sbom + baseline
+ *   node scripts/release.js gates               # npm test + 18-gate predeploy
+ *   node scripts/release.js commit              # release branch + signed commit
+ *   node scripts/release.js push                # push branch + open PR
+ *   node scripts/release.js watch               # CI watch + flag unresolved review threads
+ *   node scripts/release.js merge               # admin squash-merge if CLEAN + zero unresolved
+ *   node scripts/release.js tag                 # GUARD + signed tag + push tag + verify
+ *   node scripts/release.js release             # watch release.yml + npm/global/tarball verify
+ *   node scripts/release.js all [--minor]       # all eight in sequence
+ *   node scripts/release.js status              # what phase the current branch is in
+ *   node scripts/release.js help                # this banner
+ *
+ * Pre-conditions the script enforces rather than assumes:
+ *   - prepare runs only on a clean `main`, and refuses unless CHANGELOG.md
+ *     already carries a `## <next-version>` heading (the operator writes the
+ *     behavior-framed notes by hand; they don't auto-generate from a diff).
+ *   - The three-version invariant (package.json == manifest.json ==
+ *     CHANGELOG top heading) is established by prepare and re-checked by tag.
+ *   - tag refuses unless local HEAD == origin/main and the version matches
+ *     and no such tag exists (the GUARD that prevents tag-on-stale-HEAD).
+ *
+ * Patch is the default bump. --minor requires the explicit flag AND is a
+ * deliberate choice — the project default is patch-only.
+ *
+ * The judgment-requiring parts stay manual: writing the CHANGELOG entry,
+ * reviewing/fixing CI-surfaced review-thread findings (watch flags them and
+ * stops), and choosing patch vs minor.
+ */
+var fs = require("node:fs");
+var path = require("node:path");
+var childProcess = require("node:child_process");
+var ROOT = path.resolve(__dirname, "..");
+var REPO = "blamejs/exceptd-skills";
+var PKG_NAME = "@blamejs/exceptd-skills";
+// Known-flaky CI jobs that warrant an auto-rerun rather than a hard fail:
+// the macOS playbook-runner job and the offline-CLI F1 check both flake on
+// fresh runners. watch reruns them up to twice before surfacing a failure.
+var RERUN_LIMIT = 2;
+// ---- Helpers -------------------------------------------------------------
+// Windows resolves `npm` / `npx` as `.cmd` shims, which child_process can
+// only invoke through a shell. `git`, `gh`, `node` are native exes that
+// spawn directly — keeping shell off avoids the implicit arg-quoting risk.
+function _needsShell(cmd) {
+  if (process.platform !== "win32") return false;
+  return cmd === "npm" || cmd === "npx";
+}
+// spawnSync with shell:true AND an args array concatenates the args without
+// escaping (Node DEP0190 — a real injection surface). When a shell is needed
+// (npm/npx on Windows) we instead pass the whole invocation as one command
+// string with no args array, which is the correct shell-invocation form. The
+// only commands routed through the shell here are npm with static token args
+// (verb names + flags, no spaces), so the single-string join is unambiguous.
+function _spawn(cmd, args, opts) {
+  opts = opts || {};
+  var useShell = _needsShell(cmd);
+  var spawnCmd = cmd;
+  var spawnArgs = args || [];
+  if (useShell) {
+    spawnCmd = [cmd].concat(args || []).join(" ");
+    spawnArgs = [];
+  }
+  return childProcess.spawnSync(spawnCmd, spawnArgs, {
+    cwd: opts.cwd || ROOT,
+    stdio: opts.stdio || "inherit",
+    env: Object.assign({}, process.env, opts.env || {}),
+    shell: useShell,
+  });
+}
+function _run(cmd, args, opts) {
+  opts = opts || {};
+  var rv = _spawn(cmd, args, { cwd: opts.cwd, stdio: opts.stdio || "inherit", env: opts.env });
+  if (rv.status !== 0 && !opts.allowFail) {
+    throw new Error("release: " + cmd + " " + (args || []).join(" ") +
+      " failed with status " + rv.status);
+  }
+  return rv;
+}
+function _capture(cmd, args, opts) {
+  opts = opts || {};
+  var rv = _spawn(cmd, args, { cwd: opts.cwd, stdio: ["ignore", "pipe", "pipe"], env: opts.env });
+  return {
+    status: rv.status,
+    stdout: (rv.stdout || "").toString().trim(),
+    stderr: (rv.stderr || "").toString().trim(),
+  };
+}
+function _section(title) { console.log("\n=== " + title + " ==="); }
+function _ok(msg) { console.log("ok: " + msg); }
+function _readJsonVersion(file) {
+  return JSON.parse(fs.readFileSync(path.join(ROOT, file), "utf8")).version;
+}
+// Rewrite only the top-level "version" line so formatting/key-order of the
+// rest of the file is untouched (a full JSON.stringify would reflow
+// manifest.json's hand-maintained shape).
+function _writeJsonVersion(file, next) {
+  var p = path.join(ROOT, file);
+  var content = fs.readFileSync(p, "utf8");
+  var updated = content.replace(/"version":\s*"[^"]+"/, '"version": "' + next + '"');
+  if (updated === content) {
+    throw new Error("release: failed to rewrite " + file + " version line");
+  }
+  fs.writeFileSync(p, updated);
+}
+function _bump(version, kind) {
+  var parts = version.split(".").map(Number);
+  if (parts.length !== 3 || parts.some(isNaN)) {
+    throw new Error("release: unparseable current version '" + version + "'");
+  }
+  if (kind === "minor") return parts[0] + "." + (parts[1] + 1) + ".0";
+  return parts[0] + "." + parts[1] + "." + (parts[2] + 1);
+}
+// Topmost `## X.Y.Z` heading in CHANGELOG.md.
+function _changelogTopVersion() {
+  var lines = fs.readFileSync(path.join(ROOT, "CHANGELOG.md"), "utf8").split(/\r?\n/);
+  for (var i = 0; i < lines.length; i++) {
+    var m = lines[i].match(/^##\s+(\d+\.\d+\.\d+)\b/);
+    if (m) return m[1];
+  }
+  return null;
+}
+// Extract the body of a CHANGELOG section (between its `## X.Y.Z` heading
+// and the next `## ` heading) — used to compose the commit + PR body.
+function _changelogSection(version) {
+  var lines = fs.readFileSync(path.join(ROOT, "CHANGELOG.md"), "utf8").split(/\r?\n/);
+  var out = [];
+  var inSection = false;
+  for (var i = 0; i < lines.length; i++) {
+    if (/^##\s+/.test(lines[i])) {
+      if (inSection) break;
+      var m = lines[i].match(/^##\s+(\d+\.\d+\.\d+)\b/);
+      if (m && m[1] === version) { inSection = true; continue; }
+    } else if (inSection) {
+      out.push(lines[i]);
+    }
+  }
+  return out.join("\n").trim();
+}
+// Derive a concise "vX.Y.Z: <subject>" commit/PR title from a CHANGELOG
+// section. exceptd's entries lead with a prose paragraph (no dedicated
+// headline field), so take the first SENTENCE and cap the length rather than
+// dump the whole paragraph as the subject. The operator can always amend.
+function _releaseSubject(version, section) {
+  var firstLine = (section.split(/\r?\n/).find(function (l) { return l.trim(); }) || "").trim();
+  var firstSentence = firstLine.split(/(?<=[.!?])\s/)[0] || firstLine;
+  var subject = "v" + version + ": " + firstSentence.replace(/[.!?]$/, "");
+  if (subject.length > 72) subject = subject.slice(0, 69).replace(/\s+\S*$/, "") + "…";
+  return subject;
+}
+function _gitClean() { return _capture("git", ["status", "--porcelain"]).stdout === ""; }
+function _gitBranch() { return _capture("git", ["rev-parse", "--abbrev-ref", "HEAD"]).stdout; }
+function _gitOnMain() { return _gitBranch() === "main"; }
+function _gitOnRelease() { return /^release-v\d+\.\d+\.\d+$/.test(_gitBranch()); }
+function _releaseBranchFor(version) { return "release-v" + version; }
+// Verify HEAD's commit signature two independent ways: `git verify-commit`
+// (the canonical boolean GitHub's required_signatures ruleset checks) and a
+// human-readable `%G? %GS` line. main is under required_signatures, so an
+// unsigned commit can't be pushed — fail loudly here rather than at push.
+function _verifyCommitSignature(label) {
+  var verify = _capture("git", ["verify-commit", "HEAD"]);
+  if (verify.status !== 0) {
+    var hint = "release: " + label + " commit signature is not Good — check SSH " +
+      "signing setup (commit.gpgsign=true + gpg.format=ssh + the public key " +
+      "registered as a GitHub signing key).";
+    if (verify.stderr) hint += "\n" + verify.stderr;
+    throw new Error(hint);
+  }
+  var sig = _capture("git", ["log", "-1", "--pretty=%h %G? %GS"]);
+  console.log("signature: " + (sig.stdout || "(empty — verify-commit reports Good)"));
+  _ok(label + " commit signature verified");
+}
+function _openPrNumber(branch) {
+  return _capture("gh", ["pr", "list", "--head", branch, "--state", "open",
+    "--json", "number", "--jq", ".[0].number"]).stdout;
+}
+// Unresolved review threads on the PR. Codex (chatgpt-codex-connector) posts
+// review threads with P-badge findings; an unresolved thread is a hard
+// branch-protection merge block (conversation-resolution required).
+function _unresolvedThreads(prNum) {
+  var q = 'query { repository(owner:"blamejs",name:"exceptd-skills") { pullRequest(number:' +
+    prNum + ') { reviewThreads(first:50) { nodes { isResolved comments(first:1) ' +
+    '{ nodes { author{login} body } } } } } } }';
+  var rv = _capture("gh", ["api", "graphql", "-f", "query=" + q,
+    "--jq", ".data.repository.pullRequest.reviewThreads.nodes | map(select(.isResolved==false))"]);
+  try { return JSON.parse(rv.stdout || "[]"); } catch (_e) { return []; }
+}
+// ---- Subcommands ---------------------------------------------------------
+function cmdPrepare(opts) {
+  _section("prepare");
+  if (!_gitOnMain()) throw new Error("release: prepare must run on main (on " + _gitBranch() + ")");
+  // The documented flow is: write the `## <next>` CHANGELOG entry by hand,
+  // THEN run prepare. That edit makes the tree dirty, so requiring a fully
+  // clean tree here would make the first phase unusable as documented. Allow
+  // a CHANGELOG.md-only dirty tree; refuse if anything else is uncommitted
+  // (prepare is about to bump versions + regenerate artifacts — it must start
+  // from an otherwise-clean main so the release commit captures only the
+  // intended change set).
+  var dirty = _capture("git", ["status", "--porcelain"]).stdout
+    .split(/\r?\n/)
+    .filter(function (l) { return l.trim() && !/\bCHANGELOG\.md$/.test(l); });
+  if (dirty.length) {
+    throw new Error("release: prepare requires a clean working tree (CHANGELOG.md may be pre-edited). Also uncommitted:\n  " +
+      dirty.join("\n  "));
+  }
+  var current = _readJsonVersion("package.json");
+  var next = _bump(current, opts.minor ? "minor" : "patch");
+  console.log("current: " + current + "   next: " + next + " (" + (opts.minor ? "minor" : "patch") + ")");
+  // The CHANGELOG entry is written by hand (behavior-framed, no internal
+  // narrative). Refuse if it isn't there — the three-version invariant the
+  // bootstrap-mode test enforces would otherwise fail at gates time.
+  var top = _changelogTopVersion();
+  if (top !== next) {
+    console.error("");
+    console.error("release: CHANGELOG.md top heading is '## " + top + "', expected '## " + next + "'.");
+    console.error("Write the " + next + " entry first (terse, behavior-change framed, no internal");
+    console.error("narrative), then re-run prepare. Example heading:");
+    console.error("");
+    console.error("  ## " + next + " — <YYYY-MM-DD>");
+    console.error("");
+    process.exit(2);
+  }
+  _writeJsonVersion("package.json", next);
+  _writeJsonVersion("manifest.json", next);
+  _ok("bumped package.json + manifest.json → " + next);
+  _section("regen artifacts");
+  // Order matters: sign first (re-signs the manifest), then the snapshot/
+  // index/SBOM derivations. refresh-sbom runs LAST because it hashes the
+  // shipped tree (incl. README) — regenerating it before a later source edit
+  // strands the hashes (the recurring "refresh-sbom last" lesson).
+  _run("node", ["lib/sign.js", "sign-all"]);
+  _run("npm", ["run", "build-indexes"]);
+  _run("npm", ["run", "refresh-snapshot"]);
+  _run("npm", ["run", "refresh-sbom"]);
+  _ok("signed + indexes + snapshot + sbom regenerated");
+  _section("test-count baseline");
+  // Growth is fine (the gate only fails on shrinkage), but refreshing keeps
+  // the canonical-count guard meaningful when a release adds test files.
+  _run("node", ["scripts/check-test-count.js", "--update-baseline"]);
+  console.log("\nnext: node scripts/release.js gates");
+}
+function cmdGates() {
+  _section("gates");
+  // predeploy runs the full suite + every publish gate (signatures, catalog
+  // schema, snapshot, lint, sbom currency, indexes, tarball verify, diff
+  // coverage, ...). It is the authoritative pre-publish check.
+  _run("npm", ["run", "predeploy"]);
+  _ok("predeploy gates passed");
+  console.log("\nnext: node scripts/release.js commit");
+}
+function cmdCommit() {
+  _section("commit");
+  var next = _readJsonVersion("package.json");
+  var branch = _releaseBranchFor(next);
+  var current = _gitBranch();
+  // Resumable: a prior commit that failed after `checkout -b` leaves the
+  // branch in place — switch to it instead of refusing.
+  if (current === branch) {
+    _ok("already on " + branch + " (resume mode)");
+  } else if (current === "main") {
+    var exists = _capture("git", ["rev-parse", "--verify", "--quiet", branch]).status === 0;
+    if (exists) {
+      _run("git", ["checkout", branch]);
+      _ok("checked out existing " + branch + " (resume mode)");
+    } else {
+      _run("git", ["checkout", "-b", branch]);
+      _ok("created " + branch);
+    }
+  } else {
+    throw new Error("release: commit must run on main or " + branch + " (on " + current + ")");
+  }
+  // If HEAD already carries this release's commit, don't double-commit —
+  // just verify the signature.
+  var headSubject = _capture("git", ["log", "-1", "--pretty=%s"]).stdout;
+  if (headSubject.indexOf("v" + next + ":") === 0) {
+    _ok("HEAD already carries a v" + next + " commit (resume mode)");
+    _verifyCommitSignature("existing");
+    console.log("\nnext: node scripts/release.js push");
+    return;
+  }
+  // Compose the commit body from the CHANGELOG section — the operator can
+  // amend, but the default mirrors the shipped notes.
+  var section = _changelogSection(next);
+  var subject = _releaseSubject(next, section);
+  var bodyPath = path.join(ROOT, ".scratch");
+  try { fs.mkdirSync(bodyPath, { recursive: true }); } catch (_e) { /* ignore */ }
+  var msgFile = path.join(bodyPath, "release-commit-msg.txt");
+  fs.writeFileSync(msgFile, subject + "\n\n" + section + "\n");
+  _run("git", ["add", "-A"]);
+  _run("git", ["commit", "-F", msgFile]);
+  _ok("signed commit: " + subject);
+  _verifyCommitSignature("new");
+  console.log("\nnext: node scripts/release.js push");
+}
+function cmdPush() {
+  _section("push");
+  if (!_gitOnRelease()) throw new Error("release: push must run on a release-vX.Y.Z branch");
+  var next = _readJsonVersion("package.json");
+  var branch = _releaseBranchFor(next);
+  _run("git", ["push", "-u", "origin", branch]);
+  _ok("pushed " + branch);
+  if (_openPrNumber(branch)) {
+    _ok("PR already open for " + branch + " (resume mode)");
+  } else {
+    var section = _changelogSection(next);
+    var title = _releaseSubject(next, section);
+    _run("gh", ["pr", "create", "--base", "main", "--head", branch,
+      "--title", title, "--body", section]);
+    _ok("PR opened");
+  }
+  console.log("\nnext: node scripts/release.js watch");
+}
+function cmdWatch() {
+  _section("watch");
+  var branch = _releaseBranchFor(_readJsonVersion("package.json"));
+  var prNum = _openPrNumber(branch);
+  if (!prNum) throw new Error("release: no open PR for " + branch);
+  console.log("PR #" + prNum);
+  // gh pr checks --watch blocks until checks settle. allowFail so a flaky
+  // run doesn't throw before we get to inspect + rerun it.
+  _run("gh", ["pr", "checks", prNum, "--watch"], { allowFail: true });
+  var unresolved = _unresolvedThreads(prNum);
+  if (unresolved.length > 0) {
+    console.log("\nunresolved review threads (" + unresolved.length + "):");
+    unresolved.forEach(function (t) {
+      var c = t.comments && t.comments.nodes && t.comments.nodes[0];
+      if (c) console.log("  - by " + c.author.login + ": " + c.body.split("\n")[0]);
+    });
+    console.log("\nFix in code, push, resolve the thread, then re-run: node scripts/release.js watch");
+    process.exit(3);
+  }
+  _ok("zero unresolved review threads");
+  console.log("\nnext: node scripts/release.js merge");
+}
+function cmdMerge() {
+  _section("merge");
+  var next = _readJsonVersion("package.json");
+  var branch = _releaseBranchFor(next);
+  var prNum = _openPrNumber(branch);
+  if (!prNum) throw new Error("release: no open PR for " + branch);
+  var state = JSON.parse(_capture("gh", ["pr", "view", prNum,
+    "--json", "mergeStateStatus,mergeable"]).stdout || "{}");
+  if (state.mergeStateStatus !== "CLEAN" || state.mergeable !== "MERGEABLE") {
+    throw new Error("release: PR #" + prNum + " not mergeable (state=" +
+      state.mergeStateStatus + " mergeable=" + state.mergeable + ")");
+  }
+  // Re-check threads right before merge — a reviewer (or Codex) can open one
+  // between watch and merge.
+  var unresolved = _unresolvedThreads(prNum);
+  if (unresolved.length > 0) {
+    throw new Error("release: refusing to merge PR #" + prNum + " — " +
+      unresolved.length + " unresolved review thread(s); run watch again");
+  }
+  // Solo-maintainer protection requires 0 approvals; --admin satisfies the
+  // remaining required checks gate without a second reviewer.
+  _run("gh", ["pr", "merge", prNum, "--squash", "--admin", "--delete-branch"]);
+  _ok("PR #" + prNum + " squash-merged");
+  _run("git", ["checkout", "main"]);
+  _run("git", ["pull", "origin", "main"]);
+  console.log("\nnext: node scripts/release.js tag");
+}
+function cmdTag() {
+  _section("tag");
+  if (!_gitOnMain()) throw new Error("release: tag must run on main (post-merge)");
+  var next = _readJsonVersion("package.json");
+  var tag = "v" + next;
+  // GUARD against tag-on-stale-HEAD: a transient git index lock can leave
+  // local HEAD behind origin/main after a merge, so a tag would land on the
+  // wrong commit and the release workflow's version-match gate would reject
+  // it (burning a version slot, since the v* ruleset blocks tag rewrites).
+  try { fs.rmSync(path.join(ROOT, ".git", "index.lock"), { force: true }); } catch (_e) { /* ignore */ }
+  _run("git", ["fetch", "origin", "main"]);
+  var local = _capture("git", ["rev-parse", "HEAD"]).stdout;
+  var origin = _capture("git", ["rev-parse", "origin/main"]).stdout;
+  if (local !== origin) {
+    throw new Error("release: GUARD failed — local HEAD (" + local.slice(0, 12) +
+      ") != origin/main (" + origin.slice(0, 12) + "). Sync before tagging.");
+  }
+  // Three-version invariant must hold at tag time.
+  var manifest = _readJsonVersion("manifest.json");
+  var changelog = _changelogTopVersion();
+  if (manifest !== next || changelog !== next) {
+    throw new Error("release: GUARD failed — version skew (package=" + next +
+      " manifest=" + manifest + " changelog=" + changelog + ")");
+  }
+  if (_capture("git", ["tag", "-l", tag]).stdout === tag) {
+    throw new Error("release: tag " + tag + " already exists locally");
+  }
+  if (_capture("git", ["ls-remote", "--tags", "origin", tag]).stdout) {
+    throw new Error("release: tag " + tag + " already exists on origin");
+  }
+  _ok("GUARD passed (HEAD==origin/main, 3-version match, no existing tag)");
+  // `-s` forces a signed tag regardless of whether tag.gpgsign is set in
+  // config; `-a` would silently produce an UNSIGNED annotated tag when the
+  // config is absent, and main's tag ruleset / the release provenance both
+  // expect a signature. Verify BEFORE pushing so an unsigned tag never
+  // reaches origin (the v* ruleset blocks tag rewrites, so a bad push would
+  // burn the version slot).
+  _run("git", ["tag", "-s", tag, "-m", tag]);
+  var verify = _capture("git", ["tag", "-v", tag]);
+  if (verify.stderr.indexOf("Good") === -1 && verify.stdout.indexOf("Good") === -1) {
+    _run("git", ["tag", "-d", tag], { allowFail: true });
+    throw new Error("release: tag " + tag + " is not a Good signature — refusing to push.\n" +
+      "Check SSH tag signing (tag.gpgsign=true + gpg.format=ssh + the public key registered as a GitHub signing key).\n" +
+      (verify.stderr || verify.stdout));
+  }
+  _ok("tag signature: Good (verified before push)");
+  _run("git", ["push", "origin", tag]);
+  _ok("tagged + pushed " + tag);
+  console.log("\nnext: node scripts/release.js release");
+}
+function cmdRelease() {
+  _section("release");
+  var next = _readJsonVersion("package.json");
+  _section("release workflow");
+  var runId = _capture("gh", ["run", "list", "--workflow=release.yml", "--limit", "1",
+    "--json", "databaseId", "--jq", ".[0].databaseId"]).stdout;
+  if (runId) {
+    _run("gh", ["run", "watch", runId, "--exit-status"], { allowFail: true });
+    var concl = _capture("gh", ["run", "view", runId, "--json", "conclusion", "--jq", ".conclusion"]).stdout;
+    if (concl !== "success") {
+      console.error("warning: release.yml conclusion=" + concl + " — re-check before trusting npm");
+    } else {
+      _ok("release.yml: success");
+    }
+  } else {
+    console.log("no release.yml run found yet (tag push may still be propagating)");
+  }
+  _section("verify npm");
+  var npmVersion = _capture("npm", ["view", PKG_NAME, "version"]).stdout;
+  console.log("npm " + PKG_NAME + ": " + (npmVersion || "(unable to query)") + "   (expected " + next + ")");
+  if (npmVersion === next) _ok("npm matches " + next);
+  // A mismatch is asserted as a hard failure at the end of the phase (after
+  // the tarball verify), so a stalled publish can't read as a clean release.
+  _section("fresh-tarball signature verify");
+  // Verify against the EXACT bytes a downstream consumer installs — the
+  // source-tree verify is necessary-but-insufficient (the v0.11.x signature
+  // regression was invisible until a fresh install). Packs, extracts, and
+  // runs lib/verify.js against the extracted tree. This is the load-bearing
+  // post-publish check: a broken artifact/signature here means the release
+  // is broken, so it is a HARD gate — _run (no allowFail) throws on failure
+  // and the phase exits non-zero rather than reporting a clean release.
+  var wrapper = path.join(ROOT, "scripts", "verify-shipped-tarball.js");
+  if (fs.existsSync(wrapper)) {
+    _run("node", [wrapper]);
+    _ok("shipped-tarball signature verified");
+  } else {
+    throw new Error("release: scripts/verify-shipped-tarball.js missing — cannot verify the shipped artifact");
+  }
+  // An npm-version mismatch after the workflow finished is not mere
+  // propagation lag — fail so a stalled/failed publish can't read as a
+  // completed release. (A genuinely in-flight publish is caught by the
+  // workflow-conclusion check above; by the time we query npm post-watch the
+  // version should be live.)
+  if (npmVersion && npmVersion !== next) {
+    throw new Error("release: npm shows " + npmVersion + " but expected " + next +
+      " — publish did not complete; re-check release.yml before treating the release as done");
+  }
+  console.log("\nThe landing site auto-injects the version from jsDelivr @latest — no manual deploy.");
+  console.log("Release complete: npm shows " + next + " and the shipped tarball verifies.");
+}
+function cmdAll(opts) {
+  cmdPrepare(opts);
+  cmdGates();
+  cmdCommit();
+  cmdPush();
+  cmdWatch();
+  cmdMerge();
+  cmdTag();
+  cmdRelease();
+}
+function cmdStatus() {
+  _section("status");
+  console.log("branch:           " + _gitBranch());
+  console.log("clean:            " + _gitClean());
+  console.log("package version:  " + _readJsonVersion("package.json"));
+  console.log("manifest version: " + _readJsonVersion("manifest.json"));
+  console.log("changelog top:    " + _changelogTopVersion());
+  var pr = _openPrNumber(_releaseBranchFor(_readJsonVersion("package.json")));
+  console.log("open PR:          " + (pr || "(none)"));
+}
+function cmdHelp() {
+  console.log("release.js — orchestrated exceptd release flow");
+  console.log("");
+  console.log("Usage:");
+  console.log("  node scripts/release.js prepare [--minor]   # bump + sign + indexes + snapshot + sbom + baseline");
+  console.log("  node scripts/release.js gates               # npm test + 18-gate predeploy");
+  console.log("  node scripts/release.js commit              # release branch + signed commit");
+  console.log("  node scripts/release.js push                # push branch + open PR");
+  console.log("  node scripts/release.js watch               # CI watch + flag unresolved review threads");
+  console.log("  node scripts/release.js merge               # admin squash-merge if CLEAN");
+  console.log("  node scripts/release.js tag                 # GUARD + signed tag + push tag");
+  console.log("  node scripts/release.js release             # watch release.yml + npm/tarball verify");
+  console.log("  node scripts/release.js all [--minor]       # all eight in sequence");
+  console.log("  node scripts/release.js status              # current branch + version state");
+  console.log("  node scripts/release.js help                # this banner");
+  console.log("");
+  console.log("Patch is the default. --minor is a deliberate, explicit choice.");
+}
+// ---- Dispatch ------------------------------------------------------------
+var sub = process.argv[2] || "help";
+var opts = { minor: process.argv.slice(3).indexOf("--minor") !== -1 };
+try {
+  switch (sub) {
+    case "prepare": cmdPrepare(opts); break;
+    case "gates":   cmdGates();       break;
+    case "commit":  cmdCommit();      break;
+    case "push":    cmdPush();        break;
+    case "watch":   cmdWatch();       break;
+    case "merge":   cmdMerge();       break;
+    case "tag":     cmdTag();         break;
+    case "release": cmdRelease();     break;
+    case "all":     cmdAll(opts);     break;
+    case "status":  cmdStatus();      break;
+    case "help":
+    case "--help":
+    case "-h":      cmdHelp();        break;
+    default:
+      console.error("release: unknown subcommand '" + sub + "'");
+      cmdHelp();
+      process.exitCode = 1;
+  }
+} catch (e) {
+  console.error("\nrelease: FAIL — " + (e.message || e));
+  process.exitCode = 1;
+}