@blamejs/exceptd-skills 0.15.50 → 0.15.52

package/sbom.cdx.json

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:ede2338f-0db3-4a5c-859d-567abe4a25ef",
+  "serialNumber": "urn:uuid:7ed2b616-e18e-40a0-bf4e-b08af006675e",
   "version": 1,
   "metadata": {
-    "timestamp": "2152-06-21T09:55:27.000Z",
+    "timestamp": "2093-06-04T14:26:30.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.15.50"
+        "version": "0.15.52"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.50",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.52",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.15.50",
+      "version": "0.15.52",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.50",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.52",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "332e8187d86819842a9abb646bcd8645e87c14dcaf6596cc28ca6dbb18af82c5"
+          "content": "926aefd5a4e9417e02388bf3fba187507cb15c4d562d1b73383978b440923626"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.50"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.52"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "127bec3e5780f53bf98eaa33157c004423edda4c0c9931018bc8d67bd690d2d7"
+          "content": "efc1b8a8b88115b6f3c39a68fd41633df8bc7992f72ec4683e3c1760323df012"
         },
         {
           "alg": "SHA3-512",
-          "content": "aebfca6cb624dfddaee726ba8760cd3318347278a107629bd10c3266d2bb2ef132bf916b3a8d38f83f5a712b647bd770adc98d0635d9348a6f0cf940baeea75b"
+          "content": "8191b5774e3f765a359738f31c9f1dae30e1fae21e9d65c6dd2abc4531823c08761b037bb808ab6cd57815145b15057aeefef9a103e9222e19502315e13bcf7b"
         }
       ]
     },
@@ -161,11 +161,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "68a43ab8f9495c0af7a10b4f1c7f8fc729aeee2ab5fe523f932bdd62eb971d83"
+          "content": "34dd0f6eab14ad5b2c974b81e7016c841c7849f862b58fcc94fd499a5ed2b8a9"
         },
         {
           "alg": "SHA3-512",
-          "content": "dbf4c6f0414142a42f37a4f977f07d0d5167abe2e899f6775b29039aff8270b094986747a9c875f362945b0fe8a4173260232a51a57af61ec4553ec598039e18"
+          "content": "7f16c6f48c03f0fa2858edeab6388a9c2b6a952e7d40186bac5748e2ca90d4b3b085422416640eff8c02ead3dd8e19071c696c8cf9f8f2dcc13e8b9d725fc36c"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cf9b74140298bdee14d4826d11ed9f7d6b1266db8a782d8dce48425e76ec9af5"
+          "content": "d0ca92931278d72229edb9f2526157f2832df1d97cd7e8440a0a841f8b1c664d"
         },
         {
           "alg": "SHA3-512",
-          "content": "0528bbd4277fe3b8f4cb99eeaf35d5e9f310cfd48a0164fa4e4edb03154f1c7302af7d44617d7b6f1d6ab52e301a7772042e4c609693c49b8ce6eb64991419b9"
+          "content": "93377a5256af65b898ffda3586e081e64f6bb3d820305b6995dd37f022857a66e929bec0c167fed5aed5c5b18a8dec7e7e4214b3d5cfacea32e93dc8065f01c0"
         }
       ]
     },
@@ -311,11 +311,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "84fad74c8497cab922ed64b814752f54aa4620c2a938cb06642ff1510e1c5cb3"
+          "content": "318bf8e9c5aee1d0a4a1dc37c4b211f2fbc937bf332a401a22483cc7d0547252"
         },
         {
           "alg": "SHA3-512",
-          "content": "bcb5bbab48f5374c4714cc324c10a65b5005e8a8ac6882f356427e2e3ad43d7e9a5320b156539d2dc14b1b4ee17c4e44a97d9109db9162718533202fd268af34"
+          "content": "d929874af7a8091416f2adc116fcfe98383325c83ece819a3e07320e29b4d8645b27256a662a6fff3267156ff70cfe2f53d7b0a82b5f249902c495f5d668b962"
         }
       ]
     },
@@ -326,11 +326,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7a5f4e31401505e53330cdc4b54b39f8a8b04459d6b9411676d291c583ae535f"
+          "content": "cb5e305b5488a2a02e177f10e913d22f602d6016109f152903093e9614e0b470"
         },
         {
           "alg": "SHA3-512",
-          "content": "b4f57d7819e255a3754d0fc758198df5f1ac4f69c6d9bdee8696987bb6ab15ffe03a461c509e832f706e46e50b4755d5d1f1b06e0442d50ff55d8439bacadfa7"
+          "content": "a7abc804efd7dfd46056a857ee13e19b8d99cdd46db7390845f4036b1e4b97bce0e00ec3f677322716f6c74b071340561fdf8cfda9b2f5ff3b502353eaf4d135"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3"
+          "content": "b0e4d8f90b655b2b35b1e91c682ee66f2aa51ae5d38efb14f0e1b77f75ec5f7b"
         },
         {
           "alg": "SHA3-512",
-          "content": "f6ca0b0e10d8b5d9d45ed43fd3b80d95ecd6ecb99a0241daa7e08695de2c02c7532d720cd4e61b6c3e9a138dfb9306ccefab43715d2a1c2b16cc34784e6d34ce"
+          "content": "ac9ca3b420093c62dd5a53b0349f1d5e9f10f90c958d0ab921654bd0bcf674d3aef478fc5bc3d359a224b03cd26b32578fe162f55ba2423c37c0061aaa80c862"
         }
       ]
     },
@@ -401,11 +401,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78"
+          "content": "49cfbcaf0f27662db7e12340839c29f05d4ae31bc255dc9fa49ad1b4a45d0fa3"
         },
         {
           "alg": "SHA3-512",
-          "content": "db18692914f44c8cbc9a853fe43865a5547058b5b0dc656e45e83da322072a323fa08b40479ecb8dbb2d1aac1997dccff05be3c26351098806b41a750248c43e"
+          "content": "677e753faee573812cfcb3b33e351b36430b38d36c409149a471b0561139ba1dccc23f1a15c9b836f0c5c7384abaa5dc7a56b3f0d8c747fc7d5f216f03911028"
         }
       ]
     },
@@ -731,11 +731,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d9dd7f88dca3f91bc143cb3abdb5e90ae6109b7c4b6fc8253802b9776bc9102e"
+          "content": "1e2f307a7207a260f8c9ab23f95e8eebb4950349d79eceb2af5b8c4df2b37dc4"
         },
         {
           "alg": "SHA3-512",
-          "content": "117d523bb04163dceba8f2ca1ba6b487244c15d5e1b206721687411dab4c3c5265b91c224c513dafc9971087d49aed96b171dac74e15bd49030e2e8375a24f20"
+          "content": "9298e037ccac473c5ac994e5ef4804d93a7abfbb3fa14c836a97c4503de2e9d10b1ad8a2f371115bf17c1f63851fd252214cb183c8655f1f4150b0e3a2dc9248"
         }
       ]
     },
@@ -806,11 +806,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "acf9b2b001844dd2cacf1d29c7175d60db49b103847c9fddd242d2a98087541d"
+          "content": "c7419ef8265a8385ab29e37e3f3237f120dd2fa448692f9dc1aa2fd79339fc76"
         },
         {
           "alg": "SHA3-512",
-          "content": "ea633dba87756ee5346ca8cbdc75d2f5d773c421cbe483792804266eea94fa9cd7e952955b43b43a93da76663c65236e36ab1a76c8bce09e9c3bb7da86df8c24"
+          "content": "7aea30cb368c94ff5e9fa3d1d6e60a71f81a1c36d5b358310b372b99d1e448ff5c19c34f2fb33316841906e3f988bc305a8c9c158d9fb33c62b91538a56fcde5"
         }
       ]
     },
@@ -1331,11 +1331,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fc9d13e98934b99981965e61affae0b03bffd8d8a0ee8f6fbb6cb8f33f2cadb5"
+          "content": "bd757082645bbe88e0d03e5d533ee7c5c8e2ea922e31e13e28a336f69cd3a756"
         },
         {
           "alg": "SHA3-512",
-          "content": "4053e54232a55090a53ff765f43bd7c389bdd8ff7d9458c123e1e297ee613f8ed007805588c3e1b6e3857db088d344077ba4d8889efb2129797708ef5f5b58f2"
+          "content": "85c3844a6562a1df8b6b71e54c6fc4788ad62ad918856ceb441c443625032f547c30e39618631f397c49c02708af4e1420bf2ee78885c23248f9c7f8885cef2f"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "33da1072778152239ab47e8b4ef930f702678299bfa641e297a233dc9022dbfa"
+          "content": "e5f2d2a803f6972ef1759593ddbec1e3badc297b8f83e667fedeaf4b68fd9819"
         },
         {
           "alg": "SHA3-512",
-          "content": "3125320c4384560007a8ee89bd9bc426445f80b5db11526ec5f7c666c92ee0f6ceac1e578a09c916e6b3fc0e3e3cea364ec968223e5827e66088fdda217edbc4"
+          "content": "3388f49da3b6e08d553623d467dc0114c41c3ff39cc780751867908fcc0ba503f8236f1e740700befc5b862e471196a20ebe9590c2200c81e62db12bebe63dfd"
         }
       ]
     },
@@ -2179,6 +2179,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:scripts/check-changelog-extract.js",
+      "type": "file",
+      "name": "scripts/check-changelog-extract.js",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "eeee0adf320e7aefee1ebcfa2283c021ca43c80938aafe1873abcf21b927686d"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "710b6d5b6d1a60c1934a2bd42c7a64aab24150a14d74368d2f5eea27bd568708ae0daa2ca3c7fdee286faec577a926e5cfbaa1b6740ad3886fc5bf3f7ed026c9"
+        }
+      ]
+    },
     {
       "bom-ref": "file:scripts/check-codebase-patterns-currency.js",
       "type": "file",
@@ -2261,11 +2276,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "467d2ae2c73a803edc61ee31f04a7a584da6aaa729940de799a482a37b2be6c3"
+          "content": "d43e59b96a252c1228ca709e3753582fc02d4c32d2766b247a69ee78c0a18e28"
         },
         {
           "alg": "SHA3-512",
-          "content": "4c3638049e850410bebd27ed06f2497fab89be9c5b1917561b9e5ce3a961351c7f3a7076a58b642fb6e72e5aa2597838d77351a13d9eafe725a9e32fba3adfe1"
+          "content": "994eea61e1d84f9f8c9ab77085f855d167b772e31f07ad49f5b4094d7c939f7854595f37902c4a0f360c2ce3ec7754e9db58eee0d7c865dfa2ea20d0e33885e3"
         }
       ]
     },
@@ -2276,11 +2291,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1d3b7bd15af17a88afb82dada50494433299455e76206b23a895f1ff9ca8a696"
+          "content": "906735e02f452962cc221e129a9d7d08cb645f0b79b48168fea62038c35f6b71"
         },
         {
           "alg": "SHA3-512",
-          "content": "d4c3a7dc1af799ed3d8f28ba47b87a3ef4781cb28f688e76322d15404772e5199cc292bcee979eaefb19d0bb519635353a328412c59fd5baa412548282637ec8"
+          "content": "09590d90712ecec967caf198f33f0ea62b24152dcfda51b1bd0422e64add9cf2f97a5873310d11d654846b83dd92c9c82ca014973ca51888d14607e2b3092e0f"
         }
       ]
     },
@@ -2291,11 +2306,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ab58a0d6a5f43e94f63161af45b4e436fe50f898e9a44588bdc15103dbc31aa8"
+          "content": "2306d6560552040baf57e9a552c14f2344967338babdc1a4fff8e3b4fc0d4d9b"
         },
         {
           "alg": "SHA3-512",
-          "content": "36a39edf675786de2e7417e6097cd18f03f499ef994b8d728f93f1ca7b657e5c577f2b6ad7360a3470e7fba6287cbc65ae1eb98578c0d4ce689bd9e0f533c398"
+          "content": "12d2a7a167fa40712453f60e5e1f8f57d35a2396e77b40afc38986ddf866984157ed5c312fe6eddb9803df4025e52628d7d636ee123118b64f9eef5b5644cf23"
         }
       ]
     },
@@ -2321,11 +2336,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4622fd121015535bb0a1b47a7bf57abe3a195b02e42a0be99dfadc9d67a72160"
+          "content": "3e37c0d93dfc1ff3c6fd5e90bb65417f3ebcabd8435925c4292b4ca86bdd11c2"
         },
         {
           "alg": "SHA3-512",
-          "content": "85f755a9228afe24b704d39d58ee11436c8dd663df47e8c7c84da9454c5bad1cf9f166c833a9648517f9c2689730103617b41bec0739c637d91fafb041f7db63"
+          "content": "8c1be019521e12c483cb5e71ee94e6601497c514b09080c2560ca942bb2979f0b08928866213b13fc882105f6aa6e33901fb7edb8cc7dad9a1f03d8bd8a45ce6"
         }
       ]
     },
@@ -2471,11 +2486,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a5a43d931bcc09f0e5866e5860efd373943e5ce797ff368dc009ea4161d03cd6"
+          "content": "f199cc754f202fa994c1769af5e02a4ef995ee02e87221422b00f945b03e99db"
         },
         {
           "alg": "SHA3-512",
-          "content": "dff963f00485e37546f605542d94d5e8730be9b888d98dd9bc9d256f38b4820d3c3346b1bfdbacedefc4b47d7b07afffdd1b3d7a77ba4cf71593efdd5530b9af"
+          "content": "d504c65cda545acda811997487ca8b6fef3ee5b5447b537f502295d5f6f4266cb2ecb743389b04aa2b6118b021af6f2ce9c6f00e44cf60bd7c06b72456a500f8"
         }
       ]
     },
@@ -2531,11 +2546,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "59a341868f7f362d4138d61cbbf480fa5e293e06399b58b57ea6ff27e4e66d03"
+          "content": "fd04f3e4122b4f3ca7e9a266c763dd4e954710d496da8072f5c2e500a4dbe32c"
         },
         {
           "alg": "SHA3-512",
-          "content": "415dec1034ba285597cf8dcde916b8cb3e9f526a1b7df3cf871c55843de659dcc0dc0cb970e25dbdb646b5da40a7383b8f2cea51d76c8ec1a924fe1913123ff2"
+          "content": "9b606b4d5afcc79a7a39650c3f425af0a8abb21f484e70e5469431a0be26b27969108bd51f167cab23b41d6e0ec7d14b8e6d82d597ca6166942605e15fc016c0"
         }
       ]
     },
@@ -3101,11 +3116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7c568ee9805f4c822c16c266348e35fa6f2d7a3c76135fa34b0cfa77f003a878"
+          "content": "23d15c234afedec011d9c3e588334132373a22d09ef33cd2d943e479c88fcb43"
         },
         {
           "alg": "SHA3-512",
-          "content": "135e7723a95b7e3cc929e6074bf572d10e31100e3362730784a94273d7db0a85aa06bb6946207e56a3ee45adf3431a8d8cffadad9571fec3a4a98f6e2ca879e7"
+          "content": "d4da986f67c1b537431731f28ac048bdca8bba2269896fe674aecc91d5da99d4963624e62309c60ec4c8a2422e0ed3899290a1f951db0eaf0fe46b43a90ebc74"
         }
       ]
     },

package/scripts/check-changelog-extract.js

@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Release-notes extraction + quality gate.
+ *
+ * The release workflow (.github/workflows/release.yml) publishes the GitHub
+ * Release body by awk-extracting the `## <version> ...` CHANGELOG section
+ * between the version heading and the next `## ` heading, falling back to a
+ * generic "Release of v<version>." line if the extract is empty. This gate
+ * runs that SAME extraction locally before tag-push, and additionally lints
+ * the extracted notes for operator-facing quality, so a malformed or
+ * internal-narrative-laced section fails here rather than shipping as the
+ * public release body.
+ *
+ * Two layers:
+ *   1. EXTRACT  — the `## <version> — <date>` section exists, is non-empty
+ *                 (won't trigger the workflow's "Release of v…" fallback),
+ *                 the heading version matches package.json, and the heading
+ *                 carries an ISO date.
+ *   2. LINT     — the extracted body is operator-facing-clean: no internal
+ *                 phase/pass/slice/sweep narrative, no agent-dispatch /
+ *                 conversation residue, no tautological "all tests pass"
+ *                 noise. (Mirrors the operator-facing discipline; the release
+ *                 body is the most public surface there is.)
+ *
+ * Exit: process.exitCode 0 on pass, 1 on any failure. Functions are exported
+ * for fixture-based testing (no subprocess needed).
+ *
+ * Usage:
+ *   node scripts/check-changelog-extract.js             # uses package.json version
+ *   node scripts/check-changelog-extract.js <version>   # explicit MAJOR.MINOR.PATCH
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const ROOT = path.resolve(__dirname, '..');
+const CHANGELOG = path.join(ROOT, 'CHANGELOG.md');
+const PACKAGE_JSON = path.join(ROOT, 'package.json');
+
+// Replicates the release.yml awk: capture lines AFTER the `## <version> `
+// heading up to (not including) the next `## ` heading. The trailing space in
+// the heading match mirrors the workflow's `"^## " v " "` so a shorter version
+// heading can't accidentally match a longer one that shares its prefix.
+function extractSection(text, version) {
+  const lines = text.split(/\r?\n/);
+  const out = [];
+  let capturing = false;
+  const startRe = new RegExp('^## ' + version.replace(/\./g, '\\.') + ' ');
+  for (const ln of lines) {
+    if (capturing) {
+      if (/^## /.test(ln)) break;
+      out.push(ln);
+      continue;
+    }
+    if (startRe.test(ln)) capturing = true;
+  }
+  // Trim leading/trailing blank lines (awk keeps them; the body is the same
+  // either way, but trimming makes the non-empty test honest).
+  while (out.length && out[0].trim() === '') out.shift();
+  while (out.length && out[out.length - 1].trim() === '') out.pop();
+  return out;
+}
+
+// Returns the `## <version> — <date>` heading line for the version, or null.
+function headingLine(text, version) {
+  const re = new RegExp('^## ' + version.replace(/\./g, '\\.') + ' ');
+  return text.split(/\r?\n/).find((l) => re.test(l)) || null;
+}
+
+// Operator-facing forbidden patterns. Tight, high-confidence internal-narrative
+// markers only — must not false-positive on legitimate operator prose (e.g. a
+// bare "phase" in "multi-phase attack" is fine; "Phase 9" is the tell). Each
+// entry: { id, re, why }.
+const FORBIDDEN = [
+  { id: 'phase-number', re: /\bphase\s+\d/i, why: 'internal phase number (operators have no roadmap)' },
+  { id: 'pass-number', re: /\b(?:audit|curation|drift|fix|bug)?[- ]?pass\s+\d/i, why: 'internal pass/batch number' },
+  { id: 'slice-number', re: /\bslice\s+\d/i, why: 'internal slice number' },
+  { id: 'sweep-number', re: /\bsweep\s+\d/i, why: 'internal sweep number' },
+  { id: 'tier-letter', re: /\bTier-[ABC]\b/, why: 'internal tier label' },
+  { id: 'agent-dispatch', re: /\b(?:sub-?agent|parallel agent|agent dispatch|fan(?:ned)?[ -]out|multi-agent)\b/i, why: 'implementation detail (agent/parallelization)' },
+  { id: 'conversation-residue', re: /\b(?:as discussed|per your|operator-confirmed|as you (?:noted|requested)|per the conversation|PR feedback:)\b/i, why: 'conversation residue (invisible to the reader)' },
+  { id: 'process-narrative', re: /\b(?:audit-derived|post-phase-\d|as part of the \d|the \d+-gap closure)\b/i, why: 'internal-process narrative' },
+  { id: 'tautological-green', re: /\b(?:all tests (?:pass|passing|green)|CI green|smoke \+ e2e (?:clean|pass)|tests? (?:are )?passing)\b/i, why: 'tautological pass/green claim (noise — the release exists)' },
+];
+
+function lintOperatorClean(sectionLines) {
+  const findings = [];
+  sectionLines.forEach((ln, i) => {
+    for (const rule of FORBIDDEN) {
+      const m = ln.match(rule.re);
+      if (m) findings.push({ rule: rule.id, why: rule.why, line: i + 1, match: m[0], text: ln.trim().slice(0, 100) });
+    }
+  });
+  return findings;
+}
+
+function readPackageVersion() {
+  return JSON.parse(fs.readFileSync(PACKAGE_JSON, 'utf8')).version;
+}
+
+function main() {
+  const version = process.argv[2] || readPackageVersion();
+  if (!/^\d+\.\d+\.\d+$/.test(version)) {
+    console.error('[check-changelog-extract] FAIL: bad version ' + JSON.stringify(version) + ' (expected MAJOR.MINOR.PATCH)');
+    process.exitCode = 1;
+    return;
+  }
+
+  let text;
+  try { text = fs.readFileSync(CHANGELOG, 'utf8'); }
+  catch (e) {
+    console.error('[check-changelog-extract] FAIL: cannot read CHANGELOG.md: ' + (e && e.message || e));
+    process.exitCode = 1;
+    return;
+  }
+
+  const heading = headingLine(text, version);
+  if (!heading) {
+    console.error('[check-changelog-extract] FAIL: no `## ' + version + ' …` heading in CHANGELOG.md — the release workflow extract would be empty and fall back to "Release of v' + version + '."');
+    process.exitCode = 1;
+    return;
+  }
+  // Heading must carry an ISO date: `## <version> — YYYY-MM-DD`.
+  if (!new RegExp('^## ' + version.replace(/\./g, '\\.') + ' [—-] \\d{4}-\\d{2}-\\d{2}\\s*$').test(heading)) {
+    console.error('[check-changelog-extract] FAIL: heading does not match `## ' + version + ' — YYYY-MM-DD`:');
+    console.error('[check-changelog-extract]   got: ' + JSON.stringify(heading));
+    process.exitCode = 1;
+    return;
+  }
+
+  const section = extractSection(text, version);
+  if (section.length === 0) {
+    console.error('[check-changelog-extract] FAIL: v' + version + ' section is empty — the release body would fall back to the generic "Release of v' + version + '." line.');
+    process.exitCode = 1;
+    return;
+  }
+
+  const findings = lintOperatorClean(section);
+  if (findings.length > 0) {
+    console.error('[check-changelog-extract] FAIL: v' + version + ' release notes carry ' + findings.length + ' operator-facing violation(s):');
+    for (const f of findings) {
+      console.error('  • [' + f.rule + '] "' + f.match + '" — ' + f.why);
+      console.error('      ' + f.text);
+    }
+    console.error('[check-changelog-extract] The CHANGELOG section IS the public GitHub Release body. Describe the change, not how you arrived at it.');
+    process.exitCode = 1;
+    return;
+  }
+
+  console.log('[check-changelog-extract] OK — v' + version + ' release notes extract cleanly (' + section.length + ' line(s)) and pass the operator-facing lint.');
+  process.exitCode = 0;
+}
+
+module.exports = { extractSection, headingLine, lintOperatorClean, FORBIDDEN };
+
+if (require.main === module) main();

package/scripts/check-test-coverage.README.md

@@ -44,7 +44,7 @@ exports). Missing references become findings.
 Changes in these locations are accepted without a covering test:
 
 - `*.md` outside `data/`, `.gitignore`, `.npmrc`, `.editorconfig`
-- `CHANGELOG.md` / `README.md` / `CONTRIBUTING.md` / `SECURITY.md` / `LICENSE` / `NOTICE` / `CODE_OF_CONDUCT.md` / `AGENTS.md` / `CLAUDE.md`
+- `CHANGELOG.md` / `README.md` / `CONTRIBUTING.md` / `SECURITY.md` / `LICENSE` / `NOTICE` / `CODE_OF_CONDUCT.md` / `AGENTS.md`
 - Whitespace-only diffs (detected via `git diff --ignore-all-space --ignore-blank-lines`)
 - Any file under `tests/` (no test-of-tests recursion)
 - `skills/<name>/skill.md` (signature gate already covers content integrity)

package/scripts/check-test-coverage.js

@@ -198,7 +198,7 @@ function readMaybe(p) {
 // / .editorconfig are tooling). Edits here never need a regression test.
 const DOCS_ALWAYS_GREEN = new Set([
   "CONTRIBUTING.md", "LICENSE", "NOTICE", "CODE_OF_CONDUCT.md",
-  "CLAUDE.md", "SUPPORT.md", ".gitignore", ".npmrc", ".editorconfig",
+  "SUPPORT.md", ".gitignore", ".npmrc", ".editorconfig",
 ]);
 
 // Operator-facing docs (release notes, install instructions, security
@@ -497,7 +497,7 @@ function coversCveIoc(corpus, cveId) {
 
 // --- Class-level lint: ban coincidence-passing notEqual(r.status, 0) --------
 //
-// CLAUDE.md anti-coincidence rule: every exit-code assertion must pin the
+// Anti-coincidence rule: every exit-code assertion must pin the
 // EXACT code. `assert.notEqual(r.status, 0)` silently passes when an
 // unrelated failure produces ANY non-zero exit, hiding the regression the
 // test was meant to catch. This lint walks tests/*.test.js and rejects the
@@ -635,7 +635,7 @@ function analyze(opts) {
       file: f.file,
       kind: "coincidence-assert",
       surface: f.snippet,
-      change: `line ${f.line}: pin to exact exit code; see CLAUDE.md anti-coincidence rule. Opt out only with \`// allow-notEqual: <reason>\` on the same line for genuine refusal-pins.`,
+      change: `line ${f.line}: pin to exact exit code (anti-coincidence rule). Opt out only with \`// allow-notEqual: <reason>\` on the same line for genuine refusal-pins.`,
     });
   }
 

package/scripts/check-version-tags.js

@@ -34,6 +34,7 @@
 
 const fs = require("node:fs");
 const path = require("node:path");
+const { execFileSync } = require("node:child_process");
 
 const ROOT = path.join(__dirname, "..");
 const BASELINE_PATH = path.join(ROOT, "tests", ".version-tag-baseline.json");
@@ -64,10 +65,33 @@ const COMMENT_EXEMPT = new Set([
   "CHANGELOG.md",
   "lib/version-pins.js",
   "scripts/check-version-tags.js",
-  // Gitignored local-only contributor docs — never shipped.
-  "CLAUDE.md",
+  // The release-notes-extract gate test asserts version-based CHANGELOG
+  // extraction + the shorter-vs-longer prefix-collision guard, so its fixtures
+  // MUST embed real `## X.Y.Z` headings (e.g. 0.15.5 vs 0.15.50) — load-bearing
+  // test data, not sprinkled release tags.
+  "tests/check-changelog-extract.test.js",
 ]);
 
+// Git-ignored files (a contributor's local-only working docs, scratch) are
+// never scanned — the gate enforces on the would-be-shipped surface, with no
+// need to name individual local-only files. Untracked-but-NOT-ignored files
+// ARE still scanned: a new file a contributor is about to commit is exactly
+// what the gate must catch. Computed via `git check-ignore` over the walked set.
+function gitIgnoredSet(relPaths) {
+  if (!relPaths.length) return new Set();
+  try {
+    const out = execFileSync("git", ["check-ignore", "--stdin"], {
+      cwd: ROOT, input: relPaths.join("\n"), encoding: "utf8", maxBuffer: 64 * 1024 * 1024,
+    });
+    return new Set(out.split(/\r?\n/).filter(Boolean));
+  } catch (e) {
+    // `git check-ignore --stdin` exits 1 when NO path is ignored (not an
+    // error); any paths it did match are on stdout. Absent that, none ignored.
+    const out = e && e.stdout ? String(e.stdout) : "";
+    return new Set(out.split(/\r?\n/).filter(Boolean));
+  }
+}
+
 // Pattern: project version like `v0.13.22` or bare `0.13.22`. Matches
 // our pre-1.0 release range. External package versions like ATLAS
 // `v5.6.0` or CycloneDX `1.6` don't match because the major is 0.
@@ -119,9 +143,14 @@ function countCommentViolations(rel) {
 
 function scanCurrent() {
   const files = walk(ROOT);
+  const ignored = gitIgnoredSet(files);
   const byFile = {};
   const filenameViolations = [];
   for (const rel of files) {
+    // Skip git-ignored, local-only files (a contributor's private working notes
+    // that `git clone` never ships). Untracked-but-not-ignored files are still
+    // scanned — a new file about to be committed is what the gate guards.
+    if (ignored.has(rel)) continue;
     if (FILENAME_VERSION_RE.test(rel)) filenameViolations.push(rel);
     const n = countCommentViolations(rel);
     if (n > 0) byFile[rel] = n;

package/scripts/predeploy.js

@@ -249,6 +249,19 @@ const GATES = [
     args: [path.join(ROOT, "scripts", "check-codebase-patterns.js")],
     ciJobName: "Data integrity (catalog + manifest snapshot)",
   },
+  {
+    // Release-notes extract + quality gate. Runs the same `## <version>`
+    // CHANGELOG extraction the release workflow publishes as the GitHub
+    // Release body, and lints it for operator-facing quality (no internal
+    // phase/pass/slice narrative, no agent-dispatch / conversation residue,
+    // no tautological green claims). A malformed or internal-narrative section
+    // fails here rather than shipping as the public release body / falling
+    // back to the generic "Release of v<version>." line.
+    name: "Release-notes extract + operator-facing lint (CHANGELOG section)",
+    command: process.execPath,
+    args: [path.join(ROOT, "scripts", "check-changelog-extract.js")],
+    ciJobName: "Data integrity (catalog + manifest snapshot)",
+  },
 ];
 
 function runGate(gate) {

package/scripts/release.js

@@ -254,6 +254,11 @@ function cmdPrepare(opts) {
     process.exit(2);
   }
 
+  // The `## <next>` heading exists; confirm the section extracts cleanly and
+  // passes the operator-facing lint (the release workflow publishes it verbatim
+  // as the GitHub Release body). Fail fast here rather than at the gates phase.
+  _run("node", ["scripts/check-changelog-extract.js", next]);
+
   _writeJsonVersion("package.json", next);
   _writeJsonVersion("manifest.json", next);
   _ok("bumped package.json + manifest.json → " + next);

package/scripts/verify-shipped-tarball.js

@@ -344,7 +344,7 @@ try {
     // itself report 0/38 on any tree where line-ending normalization
     // touched the source between sign and pack — a Windows contributor
     // with `core.autocrlf=true`, or a tool like Prettier between sign and
-    // pack. CLAUDE.md flags this as the recurring CRLF-bypass class.
+    // pack. This is the recurring CRLF/line-ending-bypass class.
     const rawContent = fs.readFileSync(skillPath);
     const normalizedContent = normalizeSkillBytes(rawContent);
     const ok = crypto.verify(null, normalizedContent, pubKey, Buffer.from(s.signature, "base64"));

package/skills/supply-chain-integrity/skill.md

@@ -85,6 +85,8 @@ The defining incidents driving this expansion:
 - **Typosquat campaigns target the MCP, Hugging Face, npm `@modelcontextprotocol/*`, and PyPI ML namespaces.** The MITRE ATLAS technique AML.T0010 (ML Supply Chain Compromise) is the umbrella class; AML.T0018 (compromised model weight) is the specific artifact.
 - **The XZ Utils backdoor (2024, CVE-2024-3094)** remains the canonical example of a maintainer-position long-game supply-chain compromise that no SBOM-only program detects. The defense is in-toto attestation chain plus reproducible builds plus maintainer-key transparency — none of which are mandated by current compliance frameworks.
 
+**Capability surface is a CVE-independent screening lens.** Beyond matching dependencies against catalogued CVEs, classify every package by the capabilities it actually exercises — network egress, filesystem write, shell/process spawn, environment and credential access, dynamic `eval`, install-lifecycle scripts, telemetry, and native-binary builds. A package with zero catalogued CVEs can still carry the supply-chain delivery primitive: an install-script that spawns a shell, opens the network, and reads environment variables is the credential-harvesting shape shared by the node-ipc protestware wiper (CVE-2022-23812), the TrapDoor cross-ecosystem stealer, the MOIKA dependency-confusion campaign, and the XZ backdoor — independent of whether any of them is yet in a vulnerability feed. Two deltas matter most: a capability surface disproportionate to a package's stated function (a date-formatting utility that opens the network and reads env), and a capability *gained across a version bump* the dependent never opted into when it first selected the package — the in-the-wild signature of a maintainer-account takeover or protestware injection before any CVE is assigned. Build-tooling and native-addon packages (node-gyp, esbuild, sharp, prebuild-install) legitimately carry install-script and native-binary capability, so treat the lens as a high-recall screen that routes to adjudication against publisher provenance and changelog evidence — not an auto-verdict.
+
 Mid-2026 baseline expectations have shifted to: SLSA Build L3 minimum on every release pipeline; in-toto attestations for every step in the build graph; Sigstore keyless signing (cosign + Fulcio + Rekor) for container images, packages, and model weights; CycloneDX 1.6 or SPDX 3.0 SBOM at build time and re-verification at deploy time; CSAF 2.0 VEX statements published by vendors and consumed by operators to filter false-positive vulnerability noise. Adoption is uneven — security-mature orgs and open-source foundations (Kubernetes, Sigstore, Linux Foundation projects) are at or near this baseline; most enterprise pipelines are between SLSA L1 and L2 with no attestation chain and no VEX consumption.
 
 This project itself uses Ed25519 (RFC 8032) signing for skill integrity (`lib/sign.js`, `lib/verify.js`, public key at `keys/public.pem`). That is the smallest-scale living example of the broader pattern this skill defines: artifacts are signed by an identified key, signatures are verified before load, tampered artifacts are rejected, and the signing key is operationally separated from the artifact registry. The same pattern scales to every layer of the build pipeline — exceptd is just the scoped-to-one-repo version.