@blamejs/exceptd-skills 0.15.48 → 0.15.50

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 0.15.50 — 2026-05-30
+
+Hardening: `--operator` validation and the operator-text sanitizer now classify and strip Unicode threat codepoints — Trojan-Source bidirectional overrides (CVE-2021-42574), zero-width/invisible marks, C0 controls, and null — through a shared vendored codepoint-threat table, and the `--operator` rejection now names the specific codepoint family (for example "bidirectional-override codepoint") instead of a generic message. Unicode General Category C remains the reject/strip backstop, so the broader control / private-use / unassigned set is still refused.
+
+Internal: a new codebase-pattern gate class, `bidi-codepoint-literal`, blocks raw bidi-override / zero-width / null codepoints embedded literally in source (invisible-in-review code reordering — the Trojan-Source class); source must escape them or route through the shared table.
+
+## 0.15.49 — 2026-05-30
+
+Internal: a new predeploy gate, `scripts/check-codebase-patterns.js`, enforces code-shape bug classes that recurred across releases. It blocks a library-callable function that writes to stdout and then calls `process.exit()` (which truncates buffered output when the stream is piped — the class the v0.15.47 validate-cves fix addressed) and a stale or reason-less `// allow:` suppression marker, and warns on dynamic `RegExp` construction. The flagged `process.exit` sites across the catalog, playbook, package, and vendor validators were converted to the flush-safe `safeExit` form, and the dynamic-`RegExp` sites carry inline justification markers. A companion advisory, wired into the release `prepare` step, flags when the upstream pattern catalog grows a class exceptd hasn't triaged. No change to the shipped CLI surface, catalogs, or skills.
+
 ## 0.15.48 — 2026-05-30
 
 Internal: the release flow is now driven by a phased orchestrator, `scripts/release.js`. Each subcommand (prepare, gates, commit, push, watch, merge, tag, release) runs one idempotent, resumable phase and exits with a script-safe code; the tag phase enforces a GUARD against tag-on-stale-HEAD and version skew between `package.json`, `manifest.json`, and the CHANGELOG heading. No change to the shipped CLI, catalogs, or skills.

package/bin/exceptd.js

@@ -63,6 +63,7 @@ const PKG_ROOT = path.resolve(__dirname, "..");
 const { EXIT_CODES, listExitCodes } = require(path.join(PKG_ROOT, "lib", "exit-codes.js"));
 const { validateIdComponent } = require(path.join(PKG_ROOT, "lib", "id-validation.js"));
 const { suggestFlag, flagsFor, VERB_FLAG_ALLOWLIST } = require(path.join(PKG_ROOT, "lib", "flag-suggest.js"));
+const codepointClass = require(path.join(PKG_ROOT, "vendor", "blamejs", "codepoint-class.js"));
 
 // Union of every flag known to ANY verb. A flag that is valid somewhere but
 // not on the active verb (e.g. `--csaf-status` on `brief`) is cross-verb
@@ -1524,6 +1525,7 @@ function dispatchPlaybook(cmd, argv) {
     // Cc / Cf / Co / Cn — bidi overrides (U+202E "RTL OVERRIDE"),
     // zero-width joiners (U+200B-D), invisible format chars, private-use
     // codepoints, unassigned codepoints. An operator string like
+    // allow:bidi-codepoint-literal — illustrative bidi-forgery example in the --operator reject-path doc comment
     // "alice‮evilbob" renders as "alicebobevila" in any UI that respects
     // bidi — a forgery surface where the attested name looks like Bob but the
     // bytes are Alice. Reject anything outside a positive allowlist of
@@ -1552,18 +1554,27 @@ function dispatchPlaybook(cmd, argv) {
       );
     }
     if (/\p{C}/u.test(normalized)) {
-      // Find the offending codepoint to surface a useful hint without
-      // round-tripping the raw bytes into the error body.
+      // \p{C} (Cc/Cf/Cs/Co/Cn) is the reject gate — it is strictly broader
+      // than the named family regexes (bidi / C0-control / zero-width / null),
+      // so it stays the backstop and catches the divergent remainder the
+      // family tables miss (U+007F, U+0080-009F, private-use, unassigned).
+      // The vendored codepoint tables only CLASSIFY the first offending
+      // codepoint into a human family name for the hint.
       let offending = "";
+      let family = "control / format / private-use / unassigned codepoint";
       for (const cp of normalized) {
         if (/\p{C}/u.test(cp)) {
           offending = "U+" + cp.codePointAt(0).toString(16).toUpperCase().padStart(4, "0");
+          if (codepointClass.BIDI_RE.test(cp)) family = "bidirectional-override codepoint";
+          else if (codepointClass.ZERO_WIDTH_RE.test(cp)) family = "zero-width / invisible codepoint";
+          else if (cp === codepointClass.NULL_BYTE) family = "null byte";
+          else if (codepointClass.C0_CTRL_RE.test(cp)) family = "C0 control character";
           break;
         }
       }
       return emitError(
-        `${cmd}: --operator contains a Unicode control / format / private-use / unassigned codepoint (${offending}). Bidi overrides (U+202E), zero-width joiners (U+200B–D), and format marks corrupt attestation rendering and enable name-forgery. Use printable identifiers only.`,
-        { verb: cmd, provided_length: args.operator.length, offending_codepoint: offending },
+        `${cmd}: --operator contains a Unicode ${family} (${offending}). Bidi overrides, zero-width joiners, and format marks corrupt attestation rendering and enable name-forgery. Use printable identifiers only.`,
+        { verb: cmd, provided_length: args.operator.length, offending_codepoint: offending, offending_family: family },
         pretty
       );
     }

package/data/_indexes/_meta.json

@@ -1,10 +1,10 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-30T19:25:42.050Z",
+  "generated_at": "2026-05-30T22:44:21.522Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "136eb6c81cbfd016dad3104269115be5b1a1466088c8666868fd91ba5bd5fa5b",
+    "manifest.json": "33da1072778152239ab47e8b4ef930f702678299bfa641e297a233dc9022dbfa",
     "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
     "data/attack-techniques.json": "84fad74c8497cab922ed64b814752f54aa4620c2a938cb06642ff1510e1c5cb3",
     "data/cve-catalog.json": "7a5f4e31401505e53330cdc4b54b39f8a8b04459d6b9411676d291c583ae535f",

package/lib/collectors/cicd-pipeline-compromise.js

@@ -73,16 +73,16 @@ function walkWorkflows(root) {
 //   - mapping:     `on:\n  push:\n  pull_request_target:`
 // Heuristic accepts all four.
 function workflowHasTrigger(content, name) {
-  if (new RegExp(`^\\s*on:\\s*['"]?${name}['"]?\\s*(?:#.*)?$`, "m").test(content)) return true;
+  if (new RegExp(`^\\s*on:\\s*['"]?${name}['"]?\\s*(?:#.*)?$`, "m").test(content)) return true; // allow:dynamic-regex — `name` is a hardcoded trigger literal (pull_request_target / issue_comment / pull_request), never operator/file input
   const listMatch = content.match(/^\s*on:\s*\[([^\]]*)\]/m);
-  if (listMatch && new RegExp(`(?:^|,)\\s*['"]?${name}['"]?\\s*(?:,|$)`).test(listMatch[1])) return true;
+  if (listMatch && new RegExp(`(?:^|,)\\s*['"]?${name}['"]?\\s*(?:,|$)`).test(listMatch[1])) return true; // allow:dynamic-regex — `name` is a hardcoded trigger literal, never operator/file input
   // block list AND mapping forms both follow `on:\n` with indented
   // continuation lines. Capture the block and inspect for either
   // `- <name>` (list) or `<name>:` (mapping) within it.
   const blockMatch = content.match(/^\s*on:\s*\n((?:[ \t]+[^\n]+\n?)+)/m);
   if (blockMatch) {
-    if (new RegExp(`^[ \\t]+-\\s+['"]?${name}['"]?\\s*(?:#.*)?\\s*$`, "m").test(blockMatch[1])) return true;
-    if (new RegExp(`^[ \\t]+${name}:`, "m").test(blockMatch[1])) return true;
+    if (new RegExp(`^[ \\t]+-\\s+['"]?${name}['"]?\\s*(?:#.*)?\\s*$`, "m").test(blockMatch[1])) return true; // allow:dynamic-regex — `name` is a hardcoded trigger literal, never operator/file input
+    if (new RegExp(`^[ \\t]+${name}:`, "m").test(blockMatch[1])) return true; // allow:dynamic-regex — `name` is a hardcoded trigger literal, never operator/file input
   }
   return false;
 }

package/lib/collectors/scan-excludes.js

@@ -189,7 +189,7 @@ function buildEvidenceLocations(hits) {
     const uri = raw.replace(/\\/g, "/");
     const line = Number(h.line);
     const hasLine = Number.isInteger(line) && line > 0;
-    const key = hasLine ? `${uri}${line}` : uri;
+    const key = hasLine ? `${uri}\u0000${line}` : uri;
     if (seen.has(key)) continue;
     seen.add(key);
     out.push(hasLine ? { uri, startLine: line } : { uri });

package/lib/lint-skills.js

@@ -40,6 +40,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const process = require('node:process');
+const { safeExit } = require('./exit-codes');
 
 const REPO_ROOT = path.resolve(__dirname, '..');
 const MANIFEST_PATH = path.join(REPO_ROOT, 'manifest.json');
@@ -866,7 +867,8 @@ function main() {
   if (strictFail) {
     console.log(`[lint-skills] --strict: ${warned + (airGapWarnings ? airGapWarnings.length : 0)} warning(s) treated as failures.`);
   }
-  process.exit(failed === 0 && orphans.length === 0 && !strictFail ? 0 : 1);
+  safeExit(failed === 0 && orphans.length === 0 && !strictFail ? 0 : 1);
+  return;
 }
 
 // Export the minimal frontmatter parser for downstream consumers

package/lib/playbook-runner.js

@@ -48,6 +48,7 @@ const path = require('path');
 const os = require('os');
 const crypto = require('crypto');
 const scoring = require('./scoring');
+const codepointClass = require('../vendor/blamejs/codepoint-class.js');
 
 // cross-ref-api wraps catalog reads. If cve-catalog.json is corrupt
 // JSON, cross-ref-api's loadCatalog (post-v0.12.14) catches the parse
@@ -2184,9 +2185,20 @@ function sanitizeOperatorText(s) {
   let normalised;
   try { normalised = s.normalize('NFC'); }
   catch { return null; }
-  // Strip every Unicode codepoint matching General Category C
-  // (Cc, Cf, Cs, Co, Cn). \p{C} under the `u` flag matches all five.
-  const stripped = normalised.replace(/\p{C}/gu, '');
+  // Two-pass strip. First remove the named threat families (bidi-override /
+  // C0-control / zero-width / null) via the shared vendored codepoint tables,
+  // so the family vocabulary has a single source of truth. Then strip any
+  // remaining General Category C codepoint: \p{C} (Cc/Cf/Cs/Co/Cn) is the
+  // backstop — it is strictly broader than the family union (also catches
+  // U+007F, U+0080-009F, private-use, unassigned), so the family pass is a
+  // documented-intent superset removal and the result is identical to the
+  // single \p{C} strip.
+  const familyStripped = normalised
+    .replace(codepointClass.BIDI_RE_G, '')
+    .replace(codepointClass.C0_CTRL_RE_G, '')
+    .replace(codepointClass.ZW_RE_G, '')
+    .replace(codepointClass.NULL_RE_G, '');
+  const stripped = familyStripped.replace(/\p{C}/gu, '');
   const trimmed = stripped.trim();
   if (trimmed.length === 0) return null;
   // Cap at 256 codepoints (Array.from counts codepoints, not UTF-16 code
@@ -3632,7 +3644,7 @@ function evalCondition(expr, ctx, playbook) {
     // analyze() can surface analyze.runtime_errors[] without losing the
     // diagnostic.
     try {
-      return new RegExp(m[2], 'i').test(val);
+      return new RegExp(m[2], 'i').test(val); // allow:dynamic-regex — m[2] is the pattern from a signed-catalog playbook condition (/…/), and construction + .test() are already wrapped in this try/catch to neutralize a malformed/pathological pattern
     } catch (e) {
       const errorRec = { _regex_eval_error: { source: m[1], expr: m[2], message: e && e.message ? String(e.message) : String(e) } };
       // Two sites where ctx may carry an accumulator: runOpts._runErrors

package/lib/sign.js

@@ -77,6 +77,7 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { execFileSync } = require('child_process');
+const { safeExit } = require('./exit-codes');
 
 const ROOT = path.join(__dirname, '..');
 const MANIFEST_PATH = path.join(ROOT, 'manifest.json');
@@ -219,7 +220,7 @@ function signAll() {
   }
   printFingerprintBanner();
 
-  if (errors > 0) process.exit(1);
+  if (errors > 0) { safeExit(1); return; }
 }
 
 /**

package/lib/upstream-check-cli.js

@@ -23,6 +23,7 @@
 
 const path = require("path");
 const fs = require("fs");
+const { safeExit } = require("./exit-codes");
 
 const ROOT = path.resolve(__dirname, "..");
 const { fetchLatestPublished, buildFreshnessReport } = require("./upstream-check.js");
@@ -65,7 +66,8 @@ function readManifest() {
       reason: "registry probe disabled in air-gap mode",
       source: "upstream-check",
     }) + "\n");
-    process.exit(0);
+    safeExit(0);
+    return;
   }
   const registry = await fetchLatestPublished({ timeoutMs: opts.timeoutMs });
   if (opts.raw) {

package/lib/validate-catalog-meta.js

@@ -31,6 +31,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const process = require('node:process');
+const { safeExit } = require('./exit-codes');
 
 const REPO_ROOT = path.resolve(__dirname, '..');
 const DATA_DIR = path.join(REPO_ROOT, 'data');
@@ -64,10 +65,12 @@ function parseArgs(argv) {
           '  --quiet   Suppress per-catalog PASS output; show failures only.\n' +
           '  --strict  Promote freshness warnings to errors (used by the predeploy gate).\n',
       );
-      process.exit(0);
+      safeExit(0);
+      return null;
     } else {
       console.error(`Unknown argument: ${a}`);
-      process.exit(2);
+      safeExit(2);
+      return null;
     }
   }
   return opts;
@@ -208,6 +211,7 @@ function validateMeta(catalogPath, opts) {
 
 function main() {
   const opts = parseArgs(process.argv);
+  if (opts === null) return; // parseArgs handled --help / bad-arg and set the exit code
   const files = fs
     .readdirSync(DATA_DIR)
     .filter((f) => f.endsWith('.json'))

package/lib/validate-cve-catalog.js

@@ -26,6 +26,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const process = require('node:process');
+const { safeExit } = require('./exit-codes');
 
 const REPO_ROOT = path.resolve(__dirname, '..');
 const SCHEMA_PATH = path.join(REPO_ROOT, 'lib', 'schemas', 'cve-catalog.schema.json');
@@ -82,10 +83,12 @@ function parseArgs(argv) {
           '  --quiet   Suppress per-CVE PASS output; show failures only.\n' +
           '  --strict  Promote advisory warnings to errors (used by the predeploy gate). Off by default.\n',
       );
-      process.exit(0);
+      safeExit(0);
+      return null;
     } else {
       console.error(`Unknown argument: ${a}`);
-      process.exit(2);
+      safeExit(2);
+      return null;
     }
   }
   return opts;
@@ -138,7 +141,7 @@ function validate(value, schema, schemaName, pathStr) {
       errors.push(`${here}: string shorter than minLength ${schema.minLength}`);
     }
     if (schema.pattern !== undefined) {
-      const re = new RegExp(schema.pattern);
+      const re = new RegExp(schema.pattern); // allow:dynamic-regex — bundled schema.pattern, not operator input
       if (!re.test(value)) {
         errors.push(`${here}: string ${JSON.stringify(value)} does not match pattern /${schema.pattern}/`);
       }
@@ -312,6 +315,7 @@ function additionalChecks(key, entry, ctx) {
 
 function main() {
   const opts = parseArgs(process.argv);
+  if (opts === null) return; // parseArgs handled --help / bad-arg and set the exit code
   const schema = readJson(SCHEMA_PATH);
   const catalog = readJson(CATALOG_PATH);
   const lessons = readJson(LESSONS_PATH);

package/lib/validate-package.js

@@ -19,6 +19,7 @@
 const fs = require("fs");
 const path = require("path");
 const { spawnSync } = require("child_process");
+const { safeExit } = require("./exit-codes");
 
 const ROOT = path.join(__dirname, "..");
 const ABS = (p) => path.join(ROOT, p);
@@ -154,12 +155,14 @@ function main() {
       `${packInfo.files.length} files, ` +
       `${sizeMB} MB packed / ${unpackedMB} MB unpacked.\n`
     );
-    process.exit(0);
+    safeExit(0);
+    return;
   }
 
   process.stderr.write(`[validate-package] FAILED — ${issues.length} issue(s):\n`);
   for (const i of issues) process.stderr.write(`  • ${i}\n`);
-  process.exit(1);
+  safeExit(1);
+  return;
 }
 
 if (require.main === module) main();

package/lib/validate-playbooks.js

@@ -70,6 +70,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const process = require('node:process');
+const { safeExit } = require('./exit-codes');
 
 const REPO_ROOT = path.resolve(__dirname, '..');
 const SCHEMA_PATH = path.join(REPO_ROOT, 'lib', 'schemas', 'playbook.schema.json');
@@ -94,10 +95,12 @@ function parseArgs(argv) {
           '  --quiet   Suppress per-playbook PASS output; show failures only.\n' +
           '  --strict  Treat warnings as errors (used by the predeploy gate).\n',
       );
-      process.exit(0);
+      safeExit(0);
+      return null;
     } else {
       console.error(`Unknown argument: ${a}`);
-      process.exit(2);
+      safeExit(2);
+      return null;
     }
   }
   return opts;
@@ -161,7 +164,7 @@ function validate(value, schema, schemaName, pathStr) {
       err(`${here}: string shorter than minLength ${schema.minLength}`);
     }
     if (schema.pattern !== undefined) {
-      const re = new RegExp(schema.pattern);
+      const re = new RegExp(schema.pattern); // allow:dynamic-regex — bundled schema.pattern, not operator input
       if (!re.test(value)) {
         err(`${here}: string ${JSON.stringify(value)} does not match pattern /${schema.pattern}/`);
       }
@@ -559,6 +562,7 @@ function checkMutexReciprocity(playbooks) {
 
 function main() {
   const opts = parseArgs(process.argv);
+  if (opts === null) return; // parseArgs handled --help / bad-arg and set the exit code
   const schema = readJson(SCHEMA_PATH);
   const ctx = loadContext();
   const playbooks = loadPlaybooks();
@@ -617,7 +621,8 @@ function main() {
       (warned ? `, ${warned} with warnings` : '') +
       (errored ? `, ${errored} failed` : '') + '.',
   );
-  process.exit(errored === 0 ? 0 : 1);
+  safeExit(errored === 0 ? 0 : 1);
+  return;
 }
 
 module.exports = {

package/lib/validate-vendor.js

@@ -20,6 +20,7 @@
 const fs = require("fs");
 const path = require("path");
 const crypto = require("crypto");
+const { safeExit } = require("./exit-codes");
 
 const ROOT = path.join(__dirname, "..");
 const PROV = path.join(ROOT, "vendor", "blamejs", "_PROVENANCE.json");
@@ -71,13 +72,15 @@ function main() {
   if (issues.length === 0) {
     const fileCount = Object.keys(prov.files || {}).length;
     console.log(`[validate-vendor] vendor tree current — ${fileCount} file(s) validated against pin ${prov.pinned_commit?.slice(0, 12) || "?"}.`);
-    process.exit(0);
+    safeExit(0);
+    return;
   }
 
   console.error("[validate-vendor] vendor tree DRIFT:");
   for (const i of issues) console.error("  • " + i);
   console.error("[validate-vendor] re-vendor instructions: vendor/blamejs/README.md");
-  process.exit(1);
+  safeExit(1);
+  return;
 }
 
 if (require.main === module) main();

package/lib/verify.js

@@ -520,7 +520,7 @@ function validateAgainstSchema(value, schema, here, root) {
       errors.push(`${here}: string shorter than minLength ${effectiveSchema.minLength}`);
     }
     if (effectiveSchema.pattern !== undefined) {
-      const re = new RegExp(effectiveSchema.pattern);
+      const re = new RegExp(effectiveSchema.pattern); // allow:dynamic-regex — bundled schema.pattern, not operator input
       if (!re.test(value)) {
         errors.push(`${here}: string ${JSON.stringify(value)} does not match pattern /${effectiveSchema.pattern}/`);
       }
@@ -648,6 +648,7 @@ function checkExpectedFingerprint(liveFp, pinPath) {
   // Route through the shared loader so a BOM-prefixed pin file
   // (Notepad with files.encoding=utf8bom) is tolerated identically across
   // every verify site. Pre-fix the verbatim split-trim-find produced a
+  // allow:bidi-codepoint-literal — illustrative BOM-prefixed first-line in the pin-loader doc comment
   // first-line of "SHA256:..." (with leading BOM) that would never equal
   // a live fingerprint.
   const firstLine = loadExpectedFingerprintFirstLine(p) || '';