@blamejs/exceptd-skills 0.16.11 → 0.16.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -1
- package/data/_indexes/_meta.json +17 -15
- package/data/_indexes/activity-feed.json +16 -2
- package/data/_indexes/chains.json +22041 -1957
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +137 -68
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -4
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +78 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +105 -0
- package/data/_indexes/xref.json +46 -4
- package/data/cwe-catalog.json +19 -4
- package/data/playbooks/crypto.json +18 -5
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/mail-server-hardening.json +700 -0
- package/data/playbooks/network-trust.json +646 -0
- package/data/playbooks/secrets.json +19 -3
- package/manifest-snapshot.json +109 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +160 -45
- package/package.json +2 -2
- package/sbom.cdx.json +92 -32
- package/skills/mail-server-hardening/skill.md +84 -0
- package/skills/network-trust/skill.md +81 -0
package/data/cwe-catalog.json
CHANGED
|
@@ -88,6 +88,7 @@
|
|
|
88
88
|
"skills_referencing": [
|
|
89
89
|
"api-security",
|
|
90
90
|
"attack-surface-pentest",
|
|
91
|
+
"mail-server-hardening",
|
|
91
92
|
"mcp-agent-trust",
|
|
92
93
|
"webapp-security"
|
|
93
94
|
],
|
|
@@ -148,6 +149,7 @@
|
|
|
148
149
|
],
|
|
149
150
|
"skills_referencing": [
|
|
150
151
|
"api-security",
|
|
152
|
+
"mail-server-hardening",
|
|
151
153
|
"mcp-agent-trust",
|
|
152
154
|
"webapp-security"
|
|
153
155
|
],
|
|
@@ -1068,7 +1070,8 @@
|
|
|
1068
1070
|
],
|
|
1069
1071
|
"skills_referencing": [
|
|
1070
1072
|
"idp-incident-response",
|
|
1071
|
-
"mcp-agent-trust"
|
|
1073
|
+
"mcp-agent-trust",
|
|
1074
|
+
"network-trust"
|
|
1072
1075
|
],
|
|
1073
1076
|
"evidence_cves": [
|
|
1074
1077
|
"CVE-2023-51764",
|
|
@@ -1834,6 +1837,7 @@
|
|
|
1834
1837
|
"cloud-iam-incident",
|
|
1835
1838
|
"identity-assurance",
|
|
1836
1839
|
"idp-incident-response",
|
|
1840
|
+
"mail-server-hardening",
|
|
1837
1841
|
"sector-financial",
|
|
1838
1842
|
"vc-wallet-trust",
|
|
1839
1843
|
"webapp-security"
|
|
@@ -1901,6 +1905,7 @@
|
|
|
1901
1905
|
"api-security",
|
|
1902
1906
|
"attack-surface-pentest",
|
|
1903
1907
|
"mcp-agent-trust",
|
|
1908
|
+
"network-trust",
|
|
1904
1909
|
"sector-telecom",
|
|
1905
1910
|
"webapp-security"
|
|
1906
1911
|
],
|
|
@@ -2570,6 +2575,7 @@
|
|
|
2570
2575
|
"last_verified": "2026-05-18",
|
|
2571
2576
|
"notes": "Added v0.13.17 KEV bulk-import.",
|
|
2572
2577
|
"skills_referencing": [
|
|
2578
|
+
"network-trust",
|
|
2573
2579
|
"vc-wallet-trust"
|
|
2574
2580
|
]
|
|
2575
2581
|
},
|
|
@@ -2630,7 +2636,10 @@
|
|
|
2630
2636
|
"CVE-2025-58360"
|
|
2631
2637
|
],
|
|
2632
2638
|
"last_verified": "2026-05-18",
|
|
2633
|
-
"notes": "Added v0.13.17 KEV bulk-import."
|
|
2639
|
+
"notes": "Added v0.13.17 KEV bulk-import.",
|
|
2640
|
+
"skills_referencing": [
|
|
2641
|
+
"mail-server-hardening"
|
|
2642
|
+
]
|
|
2634
2643
|
},
|
|
2635
2644
|
"CWE-648": {
|
|
2636
2645
|
"id": "CWE-648",
|
|
@@ -2930,6 +2939,7 @@
|
|
|
2930
2939
|
"last_verified": "2026-05-18",
|
|
2931
2940
|
"notes": "Added v0.13.17 KEV bulk-import round 2.",
|
|
2932
2941
|
"skills_referencing": [
|
|
2942
|
+
"network-trust",
|
|
2933
2943
|
"vc-wallet-trust"
|
|
2934
2944
|
]
|
|
2935
2945
|
},
|
|
@@ -3050,7 +3060,10 @@
|
|
|
3050
3060
|
"last_verified": "2026-05-19",
|
|
3051
3061
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3052
3062
|
"_auto_imported": true,
|
|
3053
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3063
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3064
|
+
"skills_referencing": [
|
|
3065
|
+
"mail-server-hardening"
|
|
3066
|
+
]
|
|
3054
3067
|
},
|
|
3055
3068
|
"CWE-285": {
|
|
3056
3069
|
"id": "CWE-285",
|
|
@@ -4511,7 +4524,9 @@
|
|
|
4511
4524
|
"related_attack_patterns_capec": [
|
|
4512
4525
|
"CAPEC-34"
|
|
4513
4526
|
],
|
|
4514
|
-
"skills_referencing": [
|
|
4527
|
+
"skills_referencing": [
|
|
4528
|
+
"mail-server-hardening"
|
|
4529
|
+
],
|
|
4515
4530
|
"evidence_cves": [
|
|
4516
4531
|
"CVE-2023-51764",
|
|
4517
4532
|
"CVE-2023-51765",
|
|
@@ -50,6 +50,7 @@
|
|
|
50
50
|
}
|
|
51
51
|
],
|
|
52
52
|
"fed_by": [
|
|
53
|
+
"network-trust",
|
|
53
54
|
"post-quantum-migration"
|
|
54
55
|
]
|
|
55
56
|
},
|
|
@@ -716,7 +717,11 @@
|
|
|
716
717
|
"system_libssl_upgrade_safe == true"
|
|
717
718
|
],
|
|
718
719
|
"priority": 1,
|
|
719
|
-
"for_signals": [
|
|
720
|
+
"for_signals": [
|
|
721
|
+
"ml-kem-absent",
|
|
722
|
+
"ml-dsa-slh-dsa-absent",
|
|
723
|
+
"openssl-pre-3-5"
|
|
724
|
+
],
|
|
720
725
|
"compensating_controls": [
|
|
721
726
|
"pin classical-only group fallback for legacy peers via per-service override"
|
|
722
727
|
],
|
|
@@ -730,7 +735,9 @@
|
|
|
730
735
|
"ops_authorization_for_service_restart == true"
|
|
731
736
|
],
|
|
732
737
|
"priority": 2,
|
|
733
|
-
"for_signals": [
|
|
738
|
+
"for_signals": [
|
|
739
|
+
"tls-no-hybrid-group"
|
|
740
|
+
],
|
|
734
741
|
"compensating_controls": [
|
|
735
742
|
"client_compat_canary_for_each_service",
|
|
736
743
|
"monitoring_for_negotiation_failures"
|
|
@@ -745,7 +752,9 @@
|
|
|
745
752
|
"operator_authorized_for_sshd_change == true"
|
|
746
753
|
],
|
|
747
754
|
"priority": 3,
|
|
748
|
-
"for_signals": [
|
|
755
|
+
"for_signals": [
|
|
756
|
+
"sshd-no-pqc-kex"
|
|
757
|
+
],
|
|
749
758
|
"compensating_controls": [
|
|
750
759
|
"bastion_session_recording_for_legacy_kex_fallback",
|
|
751
760
|
"monitoring_for_kex_negotiation_downgrades"
|
|
@@ -759,7 +768,9 @@
|
|
|
759
768
|
"ca_supports_hybrid_signatures == true OR internal_ca_can_be_extended == true"
|
|
760
769
|
],
|
|
761
770
|
"priority": 4,
|
|
762
|
-
"for_signals": [
|
|
771
|
+
"for_signals": [
|
|
772
|
+
"rsa-2048-cert-long-life"
|
|
773
|
+
],
|
|
763
774
|
"compensating_controls": [
|
|
764
775
|
"legacy_chain_for_pre-PQC_client_compat",
|
|
765
776
|
"transparency_log_entries_for_hybrid_certs"
|
|
@@ -773,7 +784,9 @@
|
|
|
773
784
|
"asset_inventory_baseline_exists == true"
|
|
774
785
|
],
|
|
775
786
|
"priority": 5,
|
|
776
|
-
"for_signals": [
|
|
787
|
+
"for_signals": [
|
|
788
|
+
"no-crypto-inventory"
|
|
789
|
+
],
|
|
777
790
|
"compensating_controls": [],
|
|
778
791
|
"estimated_time_hours": 40
|
|
779
792
|
},
|