@blamejs/exceptd-skills 0.16.10 → 0.16.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/AGENTS.md +3 -1
  2. package/CHANGELOG.md +8 -0
  3. package/README.md +5 -5
  4. package/bin/exceptd.js +3 -0
  5. package/data/_indexes/_meta.json +18 -16
  6. package/data/_indexes/activity-feed.json +16 -2
  7. package/data/_indexes/chains.json +19835 -2535
  8. package/data/_indexes/currency.json +19 -1
  9. package/data/_indexes/frequency.json +168 -85
  10. package/data/_indexes/handoff-dag.json +9 -1
  11. package/data/_indexes/jurisdiction-map.json +7 -3
  12. package/data/_indexes/section-offsets.json +170 -0
  13. package/data/_indexes/stale-content.json +10 -3
  14. package/data/_indexes/summary-cards.json +80 -0
  15. package/data/_indexes/token-budget.json +103 -3
  16. package/data/_indexes/trigger-table.json +108 -0
  17. package/data/_indexes/xref.json +57 -9
  18. package/data/cwe-catalog.json +26 -6
  19. package/data/playbooks/cred-stores.json +24 -7
  20. package/data/playbooks/framework.json +18 -5
  21. package/data/playbooks/identity-sso-compromise.json +21 -4
  22. package/data/playbooks/mail-server-hardening.json +700 -0
  23. package/data/playbooks/secrets.json +19 -3
  24. package/data/playbooks/vc-wallet-trust.json +725 -0
  25. package/manifest-snapshot.json +112 -2
  26. package/manifest-snapshot.sha256 +1 -1
  27. package/manifest.json +162 -44
  28. package/package.json +2 -2
  29. package/sbom.cdx.json +94 -34
  30. package/skills/mail-server-hardening/skill.md +84 -0
  31. package/skills/vc-wallet-trust/skill.md +84 -0
package/data/cwe-catalog.json CHANGED
@@ -88,6 +88,7 @@
88
88
  "skills_referencing": [
89
89
  "api-security",
90
90
  "attack-surface-pentest",
91
+ "mail-server-hardening",
91
92
  "mcp-agent-trust",
92
93
  "webapp-security"
93
94
  ],
@@ -148,6 +149,7 @@
148
149
  ],
149
150
  "skills_referencing": [
150
151
  "api-security",
152
+ "mail-server-hardening",
151
153
  "mcp-agent-trust",
152
154
  "webapp-security"
153
155
  ],
@@ -533,6 +535,7 @@
533
535
  "cloud-security",
534
536
  "dlp-gap-analysis",
535
537
  "sector-healthcare",
538
+ "vc-wallet-trust",
536
539
  "webapp-security"
537
540
  ],
538
541
  "evidence_cves": [
@@ -1527,7 +1530,8 @@
1527
1530
  ],
1528
1531
  "related_attack_patterns_capec": [],
1529
1532
  "skills_referencing": [
1530
- "kernel-lpe-triage"
1533
+ "kernel-lpe-triage",
1534
+ "vc-wallet-trust"
1531
1535
  ],
1532
1536
  "evidence_cves": [
1533
1537
  "CVE-2026-46300",
@@ -1832,7 +1836,9 @@
1832
1836
  "cloud-iam-incident",
1833
1837
  "identity-assurance",
1834
1838
  "idp-incident-response",
1839
+ "mail-server-hardening",
1835
1840
  "sector-financial",
1841
+ "vc-wallet-trust",
1836
1842
  "webapp-security"
1837
1843
  ],
1838
1844
  "evidence_cves": [
@@ -2565,7 +2571,10 @@
2565
2571
  "CVE-2025-59718"
2566
2572
  ],
2567
2573
  "last_verified": "2026-05-18",
2568
- "notes": "Added v0.13.17 KEV bulk-import."
2574
+ "notes": "Added v0.13.17 KEV bulk-import.",
2575
+ "skills_referencing": [
2576
+ "vc-wallet-trust"
2577
+ ]
2569
2578
  },
2570
2579
  "CWE-476": {
2571
2580
  "id": "CWE-476",
@@ -2624,7 +2633,10 @@
2624
2633
  "CVE-2025-58360"
2625
2634
  ],
2626
2635
  "last_verified": "2026-05-18",
2627
- "notes": "Added v0.13.17 KEV bulk-import."
2636
+ "notes": "Added v0.13.17 KEV bulk-import.",
2637
+ "skills_referencing": [
2638
+ "mail-server-hardening"
2639
+ ]
2628
2640
  },
2629
2641
  "CWE-648": {
2630
2642
  "id": "CWE-648",
@@ -2922,7 +2934,10 @@
2922
2934
  "CVE-2024-54085"
2923
2935
  ],
2924
2936
  "last_verified": "2026-05-18",
2925
- "notes": "Added v0.13.17 KEV bulk-import round 2."
2937
+ "notes": "Added v0.13.17 KEV bulk-import round 2.",
2938
+ "skills_referencing": [
2939
+ "vc-wallet-trust"
2940
+ ]
2926
2941
  },
2927
2942
  "CWE-399": {
2928
2943
  "id": "CWE-399",
@@ -3041,7 +3056,10 @@
3041
3056
  "last_verified": "2026-05-19",
3042
3057
  "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
3043
3058
  "_auto_imported": true,
3044
- "_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
3059
+ "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
3060
+ "skills_referencing": [
3061
+ "mail-server-hardening"
3062
+ ]
3045
3063
  },
3046
3064
  "CWE-285": {
3047
3065
  "id": "CWE-285",
@@ -4502,7 +4520,9 @@
4502
4520
  "related_attack_patterns_capec": [
4503
4521
  "CAPEC-34"
4504
4522
  ],
4505
- "skills_referencing": [],
4523
+ "skills_referencing": [
4524
+ "mail-server-hardening"
4525
+ ],
4506
4526
  "evidence_cves": [
4507
4527
  "CVE-2023-51764",
4508
4528
  "CVE-2023-51765",
package/data/playbooks/cred-stores.json CHANGED
@@ -48,6 +48,7 @@
48
48
  "runtime",
49
49
  "secrets",
50
50
  "supply-chain-recovery",
51
+ "vc-wallet-trust",
51
52
  "webhook-callback-abuse"
52
53
  ]
53
54
  },
@@ -739,7 +740,9 @@
739
740
  "user_enrolled_in_sso == true"
740
741
  ],
741
742
  "priority": 1,
742
- "for_signals": ["aws-static-key-present"],
743
+ "for_signals": [
744
+ "aws-static-key-present"
745
+ ],
743
746
  "compensating_controls": [
744
747
  "iam-key-deactivated",
745
748
  "cloudtrail-monitor-on-old-key-for-residual-use"
@@ -753,7 +756,9 @@
753
756
  "org_has_workforce_identity_pool == true OR user_has_authorized_user_credentials == true"
754
757
  ],
755
758
  "priority": 1,
756
- "for_signals": ["gcp-service-account-json-adc"],
759
+ "for_signals": [
760
+ "gcp-service-account-json-adc"
761
+ ],
757
762
  "compensating_controls": [
758
763
  "gcp-key-deleted",
759
764
  "gcp-audit-log-monitor-on-old-key"
@@ -767,7 +772,9 @@
767
772
  "cluster_supports_oidc == true OR cluster_is_managed_cloud_k8s == true"
768
773
  ],
769
774
  "priority": 1,
770
- "for_signals": ["kube-static-token"],
775
+ "for_signals": [
776
+ "kube-static-token"
777
+ ],
771
778
  "compensating_controls": [
772
779
  "kube-token-revoked",
773
780
  "k8s-audit-log-monitor-on-old-token"
@@ -781,7 +788,9 @@
781
788
  "target_registry_supports_cred_helper == true"
782
789
  ],
783
790
  "priority": 1,
784
- "for_signals": ["docker-cleartext-auth"],
791
+ "for_signals": [
792
+ "docker-cleartext-auth"
793
+ ],
785
794
  "compensating_controls": [
786
795
  "docker-token-rotated"
787
796
  ],
@@ -794,7 +803,10 @@
794
803
  "org_authority_to_rotate == true"
795
804
  ],
796
805
  "priority": 2,
797
- "for_signals": ["npm-pat-present","pypi-token-present"],
806
+ "for_signals": [
807
+ "npm-pat-present",
808
+ "pypi-token-present"
809
+ ],
798
810
  "compensating_controls": [
799
811
  "token-scope-tightened",
800
812
  "publish-mfa-required"
@@ -808,7 +820,9 @@
808
820
  "file_owner_is_current_user"
809
821
  ],
810
822
  "priority": 2,
811
- "for_signals": ["credentials-file-bad-perms"],
823
+ "for_signals": [
824
+ "credentials-file-bad-perms"
825
+ ],
812
826
  "compensating_controls": [],
813
827
  "estimated_time_hours": 0.25
814
828
  },
@@ -819,7 +833,10 @@
819
833
  "all_authorized_hosts_known == true"
820
834
  ],
821
835
  "priority": 2,
822
- "for_signals": ["ssh-key-rsa-short-bits","ssh-key-old"],
836
+ "for_signals": [
837
+ "ssh-key-rsa-short-bits",
838
+ "ssh-key-old"
839
+ ],
823
840
  "compensating_controls": [
824
841
  "ssh-key-inventory-updated"
825
842
  ],
package/data/playbooks/framework.json CHANGED
@@ -58,11 +58,13 @@
58
58
  "kernel",
59
59
  "library-author",
60
60
  "llm-tool-use-exfil",
61
+ "mail-server-hardening",
61
62
  "mcp",
62
63
  "post-quantum-migration",
63
64
  "ransomware",
64
65
  "sbom",
65
66
  "supply-chain-recovery",
67
+ "vc-wallet-trust",
66
68
  "webhook-callback-abuse"
67
69
  ]
68
70
  },
@@ -723,7 +725,10 @@
723
725
  "upstream_findings_actionable == true"
724
726
  ],
725
727
  "priority": 1,
726
- "for_signals": ["audit-clean-with-active-finding","compound-theater"],
728
+ "for_signals": [
729
+ "audit-clean-with-active-finding",
730
+ "compound-theater"
731
+ ],
727
732
  "compensating_controls": [],
728
733
  "estimated_time_hours": 16
729
734
  },
@@ -734,7 +739,9 @@
734
739
  "compensating_control_design_feasible == true"
735
740
  ],
736
741
  "priority": 2,
737
- "for_signals": ["framework-lag-no-compensating-control"],
742
+ "for_signals": [
743
+ "framework-lag-no-compensating-control"
744
+ ],
738
745
  "compensating_controls": [
739
746
  "test_cadence_recorded_in_change_management"
740
747
  ],
@@ -747,7 +754,9 @@
747
754
  "exception_register_exists == true"
748
755
  ],
749
756
  "priority": 3,
750
- "for_signals": ["exception-missing-expiry-or-owner"],
757
+ "for_signals": [
758
+ "exception-missing-expiry-or-owner"
759
+ ],
751
760
  "compensating_controls": [
752
761
  "exception_review_cadence_documented"
753
762
  ],
@@ -760,7 +769,9 @@
760
769
  "jurisdictional_footprint_documented == true"
761
770
  ],
762
771
  "priority": 4,
763
- "for_signals": ["jurisdiction-without-framework"],
772
+ "for_signals": [
773
+ "jurisdiction-without-framework"
774
+ ],
764
775
  "compensating_controls": [
765
776
  "mapping_review_cadence_documented"
766
777
  ],
@@ -773,7 +784,9 @@
773
784
  "ai_in_production == true"
774
785
  ],
775
786
  "priority": 5,
776
- "for_signals": ["ai-use-without-ai-controls"],
787
+ "for_signals": [
788
+ "ai-use-without-ai-controls"
789
+ ],
777
790
  "compensating_controls": [],
778
791
  "estimated_time_hours": 80
779
792
  },
package/data/playbooks/identity-sso-compromise.json CHANGED
@@ -60,6 +60,9 @@
60
60
  "playbook_id": "framework",
61
61
  "condition": "analyze.compliance_theater_check.verdict == 'theater'"
62
62
  }
63
+ ],
64
+ "fed_by": [
65
+ "vc-wallet-trust"
63
66
  ]
64
67
  },
65
68
  "domain": {
@@ -672,7 +675,15 @@
672
675
  "rule_authoring_capacity_within_72h == true"
673
676
  ],
674
677
  "priority": 1,
675
- "for_signals": ["out-of-window-global-admin-grant","high-impact-oauth-consent-grant","conditional-access-exclusion-membership-change","federation-signing-cert-added","refresh-token-hoarding-by-sp","prt-claim-anomaly","okta-class-support-session"],
678
+ "for_signals": [
679
+ "out-of-window-global-admin-grant",
680
+ "high-impact-oauth-consent-grant",
681
+ "conditional-access-exclusion-membership-change",
682
+ "federation-signing-cert-added",
683
+ "refresh-token-hoarding-by-sp",
684
+ "prt-claim-anomaly",
685
+ "okta-class-support-session"
686
+ ],
676
687
  "compensating_controls": [
677
688
  "rule_set_recorded_in_iac",
678
689
  "rule_test_suite_in_ci"
@@ -687,7 +698,9 @@
687
698
  "break_glass_inventory_complete == true"
688
699
  ],
689
700
  "priority": 2,
690
- "for_signals": ["conditional-access-exclusion-membership-change"],
701
+ "for_signals": [
702
+ "conditional-access-exclusion-membership-change"
703
+ ],
691
704
  "compensating_controls": [
692
705
  "exclusion_group_membership_alert_active",
693
706
  "quarterly_attestation_recorded"
@@ -702,7 +715,9 @@
702
715
  "business_owner_engagement_secured == true"
703
716
  ],
704
717
  "priority": 2,
705
- "for_signals": ["high-impact-oauth-consent-grant"],
718
+ "for_signals": [
719
+ "high-impact-oauth-consent-grant"
720
+ ],
706
721
  "compensating_controls": [
707
722
  "consent_revocation_recorded",
708
723
  "re_grant_requires_documented_justification"
@@ -717,7 +732,9 @@
717
732
  "downstream_dependent_apps_can_tolerate_rotation_window == true"
718
733
  ],
719
734
  "priority": 1,
720
- "for_signals": ["federation-signing-cert-added"],
735
+ "for_signals": [
736
+ "federation-signing-cert-added"
737
+ ],
721
738
  "compensating_controls": [
722
739
  "rotation_recorded_in_change_management",
723
740
  "old_cert_signed_assertions_quarantined_for_review"