@blamejs/exceptd-skills 0.16.13 → 0.16.15

package/sbom.cdx.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:99237bc9-4dbd-43d8-ac39-1814c14a92f2",
+  "serialNumber": "urn:uuid:ddba3c25-e008-44bd-8778-18d2b1d24f48",
   "version": 1,
   "metadata": {
-    "timestamp": "2107-06-02T13:38:17.000Z",
+    "timestamp": "2143-11-19T04:57:09.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.13"
+        "version": "0.16.15"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.13",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.15",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.13",
-      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 45 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+      "version": "0.16.15",
+      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 47 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
           "license": {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.13",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.15",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9b5f97cc70b127ed83de1386a5636c0cee439b858d106753854d2721bba97db7"
+          "content": "25697f2d58e577860cb8d7bbbbaab671c8e68f68919b2ea4f7a6d71cf964cf16"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.13"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.15"
         },
         {
           "type": "vcs",
@@ -54,7 +54,7 @@
       },
       {
         "name": "exceptd:skill:count",
-        "value": "45"
+        "value": "47"
       },
       {
         "name": "exceptd:integrity:method",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "73ea9257ed2799e6c6a69b89a7d7a44a0d6f5e7a647a538af4666ff68091684f"
+          "content": "73316ff6fed755b6eef4882a28c7af48e341a480f19df3f79f7dd56875e3c178"
         },
         {
           "alg": "SHA3-512",
-          "content": "43b7a008a7f91aa03c138c0ceb5caaf24d398c681f87cdcbd85fa8555c71ff905ef89555cd991171a156c6e706a2f39971d63a466874fb234bf03cf44a836140"
+          "content": "78a17ef72a8d11cdf881f78df473e8e0f0d238aee71870c19f2177b5c6dd5291948b7b51ec7df21d9af754fecc6087baba9875eacc67913971c0e67acde1d1be"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0cf3816a29019ecd7684c069258212741fdb5d0e512dd9be6a73a4360f993ab8"
+          "content": "f9aff10e9d135c2b3ddd3b71dfaaa4852c0f4ad8315b3cc64e45d436ae061004"
         },
         {
           "alg": "SHA3-512",
-          "content": "8660524b92d196733cfe77fde02c86497b148cde76ec8d905e927e27e303525aab05ceed51ce52f6ece9465bc2ce39129d41de9b89c7d7a930d11a76e7598faf"
+          "content": "fcf03767f972e9b13bd4ae04f7796e41570d563b69878274c1eba54e430e28b4c9254263c0d94615a90119a580c2f950d3f99d1f24ac52439c0e47b1bd6c00d5"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "854327a98921cc47b5c6f6ede0d8b2c5c234007bfd8f9cec0030d50b36b7ae6e"
+          "content": "4b7b2d204541a053fbdd94723196f6f368a67952e30d6c941ba5419bd3f0d9c1"
         },
         {
           "alg": "SHA3-512",
-          "content": "b3243ff29c9c0f087004f124cd757a5c52af87e0e60881995112f811257617912fa91cda47faed79b50ad14787fc930b8f925a048b5b98c8cc2c7c86b5ee6cb4"
+          "content": "fbdc8fdaf6b82992cf73d77c0678615d26618b4aa698bf71e2e69fb2f9413197ff13fcb2565041cc9b1510dbf156d3a81111b9e835ec56a555e3ac2b09899556"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8461d00161d7285947e6faf3433966b4d09dd5a9e26106b46ee4d07875bdf66c"
+          "content": "bb83dfb133c97b8aba15bde9bf7d04ac02a52b90d4471203aff487200e7bbde1"
         },
         {
           "alg": "SHA3-512",
-          "content": "886f8484598fb0927b3b897eb804b919a6a151ef4843ce572d8fa7f9974a0df6163a1ee5d42c1fbe29f1e413b0f352d8e3e81ac1845623ff2f5a19f746c208b7"
+          "content": "bb316671de5bbd311aebc34c39cd000d177bde130712ff2878cae432237337cf79d92a4fffd022d59a370adaf8fdcccfd41b69308ee8e8483330c2cb0b404531"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "91d29027802d04bfd20f0ffd41c13f529f8bc005af50847832d5960c5a11fbf6"
+          "content": "eb30305b76deddf87b5a128ab416280b0bc908c15cd3ccecd74f3cf063a8dbca"
         },
         {
           "alg": "SHA3-512",
-          "content": "f93348d5b0d59e135a047f7cae4edf5ed4bcb94b630c4225046ca7640a08f7b716b7ce4a45671e61870a68d3c3f8c5c8aadc0949eacf013b7a0247f0cb8110d7"
+          "content": "b8cb9999b60e7fae82ce025a2a891d13e2d289f9349c3b7aac50806ba171ac772870e97182c3514b82d86b910244137de9e48e0a004aacacca431efb70f56d0a"
         }
       ]
     },
@@ -454,6 +454,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/audit-log-integrity.json",
+      "type": "file",
+      "name": "data/playbooks/audit-log-integrity.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "0ed3f7e7eb38c7c6c21335de82fea68a7392de298d7d407fd2ce9f41cd94d87d"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "2199f512f25067b732318e1aa8bb4418b50800e5bd8c7cd230da991733ca7ebd388429e1ad15a84708ed0e1b958cb0257fe0c44624b90b136ce4ab73ad787949"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/cicd-pipeline-compromise.json",
       "type": "file",
@@ -521,11 +536,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ece18e05860fdd763645ca246d076ed2fe7e61d738412c6a69a2ce651cd6c1aa"
+          "content": "45d8392bdce3b384d3b88e02b196898ddb65fab44b975a34ab6b14eefdb5f858"
         },
         {
           "alg": "SHA3-512",
-          "content": "f0927574bfc2f0233a617fb93c4ad2cce5287d9a0876ae49f339f646782141f51fd1b452e7e4ec7fd4d6a7bd2d3f5b84012b4051d34a3cd76dea1016cec7886e"
+          "content": "60a616fb7c19a395558b14823b59d59b43ce318a33eca61111602caee349153de0a7a6dff0c3b220ea5e7adb519e9c3ee64c7ab0907d4c60cd112fcb84f3fa74"
         }
       ]
     },
@@ -566,11 +581,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5e6c511625e5f87f267eae4ac95999082cd83a962c8f9d7e028f18973501bce8"
+          "content": "90d4c641a4d301402ba6cb9c28ba99083b3c89a5eb03ba3f78dc1a154e6e6824"
         },
         {
           "alg": "SHA3-512",
-          "content": "15be64ac6bb7826f0976eb24bb3fbe12e1766b4f28200bfd375f6459d8d6598fab809a7a59ba1a4707de14f4f7affcdcd4c1467d399d584f4f7c8bbba74be9d7"
+          "content": "0c6e413a5a9184bc6579e85179d01c006b5f5adba28e471efb4d0c7976dccaba9a81ab942855db136820b55e9b33da38ae045db98c28bb1182feb691fb51626e"
         }
       ]
     },
@@ -671,11 +686,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7fe2cdf5257f84561a4e88553b3274eb6aab20543affa36d29686b7ba1ef2abb"
+          "content": "544af47dcaf49d0f1d3d5e97cfba7d3af4ff35943b8fab50b96e19463d3bc2f4"
         },
         {
           "alg": "SHA3-512",
-          "content": "e77daa000cb93d3a93604cfa14f6c5f5d0dfdff4f54f5985c74717424e476bb5b550c6a781a79f8847d17a1346e42aeb4ba44b53149889a53fa7d907168fb8f7"
+          "content": "a960542d708e486a45f76c1e38e1a2a8fc8d49cd7e41992f4b7a86432bc42648fb3e2d0d5cbf20b28548be6324b482188c848644425fefb9f9af2338087d055c"
         }
       ]
     },
@@ -701,11 +716,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "505f79dadc74157569171129ddf8e9fceb7313c80c07fa7ebc444cceb6c52375"
+          "content": "26d83f6139cf6e3c9b0dafac67058dbe9126986693b31b2d4a89baa9e8f7969a"
         },
         {
           "alg": "SHA3-512",
-          "content": "25f6c2c90ada920bf7586e496c728b11c3a48dbaa805f37a3d678508e551160ea2e19044e3e7bfc50062aad6523ab68fe5305b78f3f24889f2e0f3de780a8902"
+          "content": "c0a3b4f00fc802d7f2a6b4020febce29b0c1ce4838cbb8f871f5750340619b9238c86eec19ee96e2570ea8b634b3978f55f68a54d1faefd8bf479014a55c2917"
         }
       ]
     },
@@ -761,11 +776,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "70c41c19432393de44c5e61b37aaaee2761c9fb572487fe3b7e38426a5e591b9"
+          "content": "30b2bcf9d032d29e4da0d2fbb372441f9a510b325818485e9135c668748ecbd9"
         },
         {
           "alg": "SHA3-512",
-          "content": "478faa79463795e9adfc625d4b57436bf50aa7417b394598880851a90dae7c8297e5406c1f76e8f5f6cf6765946450511ad060ba93334b94bdb29f56fd9e8d98"
+          "content": "42f28be0b807304e39f86d3ddf75129dacf68b6dc0d341e6119c09692f4e0ede17c7d025351337deb900657ee36ced0e951981f4b81d4ea793ff79d19d2b0594"
         }
       ]
     },
@@ -784,6 +799,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/self-update-integrity.json",
+      "type": "file",
+      "name": "data/playbooks/self-update-integrity.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "f069f73dfcfa8148d585ad5976829518c1f0ca37b3a95a7011b7494f78825731"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "70ff865b8e93cad5424a0c50bf487e717c2fdeb469de7775e8f203913b32fec8c3f8ad95d07e30d27989c94db1e328d1271167531fd898e2a84c66b8ca585df2"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/supply-chain-recovery.json",
       "type": "file",
@@ -806,11 +836,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "67663610d7fe7fd711dc6dc3a5f6963654263b5f979009faf44e5c60e1135431"
+          "content": "66a1bd01c4cb71d2d71576879afa097000cfe50042bdacb91ec4df235f5a03a1"
         },
         {
           "alg": "SHA3-512",
-          "content": "af609c3248471f5a75cb70f79ffc14042ab8456d78aba70dea4fab7e2ac7a17f42a9997f309db796a372a0fb70a2b6cd6798a13c6c51ced89c5f182c4f1fd0d7"
+          "content": "5dcc55ff361134da75ef806154c2a2f4a93d94bde59895053541ebc2f11ffdf91c8ab324b10b8fcb1fe940b1acbe59e152c571ddf55064d75827347a1366fc9e"
         }
       ]
     },
@@ -1766,11 +1796,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "01d04f338bc17fbb0ed099faf0da62eefc9022888f2474171b587e614eab3255"
+          "content": "ec619d5899698562c284593dd8a13d9c5045f0700caa175a0278349a3c96a3da"
         },
         {
           "alg": "SHA3-512",
-          "content": "bc5f3606a4398b42c41b527f5137360a08dc760658c85dee9866bb2c6ac3585a53fed8002194d15ed2c22feb3adf575a807abf22a0c5546ec1a51521a8e7fffb"
+          "content": "efb7e3e045cd5c88a59164c8a7c8cdde01b375893d784ce09be7f3651af20417cb13473a7b5c5dea3a08ce8b64f099c221407a9d3e8c6326a0da2fc73f09ad87"
         }
       ]
     },
@@ -1781,11 +1811,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c3408c1564ddaf9815fdb31956e1821ece71ce2d6d903c8bacf272021b45bdbc"
+          "content": "991feef6541fb4430b787a8426967e7df688a3941b57e2305de780d1d1c2807e"
         },
         {
           "alg": "SHA3-512",
-          "content": "e70da6249208be2a670131b731e610e9b6497e26e56b00d7fa58d3c0535a0b749842551dfb6e9e62ac0a4fa7eed02979b0009b38ff7447f7c761b766aa4c0aa2"
+          "content": "d8258fd4821dcf21706cc2ace47597e5a3f52976fbbbebc6c20e5a00716a255ef2bcafc9ec7c68ae67cd61d935c51fcb5a320ca601c72229d62ae6623d99de79"
         }
       ]
     },
@@ -1796,11 +1826,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1aa03bd9897ddbaefef7593f21f0683e5cfb97b3d45e4d062880c7f1f9bed36d"
+          "content": "35fe3df80c4f8717e4eb397f4358a97522cd01bc375df3d1d31710ba43df603b"
         },
         {
           "alg": "SHA3-512",
-          "content": "3936d8b66e2a7a0b854d2739ebb7bff2a0f1dac1455008d8afaa4d5cc644e72fa67298fe00abedbb4d8a9bb40a691c389ff3cc2e4b55ecabe1da27ee6ed5b25a"
+          "content": "b940529b951f34286b9256ee20d888cc79a026cf942f2cdd57443029c926037df48bd8e839ca04cddd6701b1106b32c75e7c2f8203e4e7a18bf30fbc75c3e5ab"
         }
       ]
     },
@@ -2689,6 +2719,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/audit-log-integrity/skill.md",
+      "type": "file",
+      "name": "skills/audit-log-integrity/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "72485e8df55dea8df80b675f04f32de2d32b8ee17d5e0aa96e61cd9bcb831193"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "0acacd972f7e798d3501a4a2149c09031db97c5873e80d26d8eb7b37b9b6be33d102d544f697d01ca2ad88adc29ecebc0b9a3d64b15cde7c25aa562b8bc923fd"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/cloud-iam-incident/skill.md",
       "type": "file",
@@ -3169,6 +3214,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/self-update-integrity/skill.md",
+      "type": "file",
+      "name": "skills/self-update-integrity/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "305d4841d7434e18812be4b8646eb7a4f7f4416e3646aad3b6e7152d16f0c8af"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "59dfe4b515245a41fb56d4420e42999ebdf53c7e5f80d491637e0ef71c23bbc1c3eda25d0e6a4e44785940446473a3784e909196d7575d636594ecd9c554e213"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/skill-update-loop/skill.md",
       "type": "file",

package/skills/audit-log-integrity/skill.md

@@ -0,0 +1,80 @@
+---
+name: audit-log-integrity
+version: "1.0.0"
+description: Audit-log integrity for mid-2026 — tamper-evident hash-chaining, off-host signing, compliance-mode WORM immutability, legal-hold-vs-retention enforcement, writer/custodian separation, and deception (honeytoken) coverage that resist the privileged attacker most likely to tamper with the trail
+triggers:
+  - audit log integrity
+  - tamper evident logging
+  - hash chain
+  - worm
+  - object lock
+  - immutable storage
+  - legal hold
+  - retention
+  - honeytoken
+  - canary token
+  - break glass
+  - dual control
+  - anti forensics
+  - log deletion
+  - separation of duties
+  - audit trail
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1070
+  - T1565.001
+  - T1562.008
+framework_gaps:
+  - NIST-800-53-SI-2
+  - ISO-27001-2022-A.8.15
+  - NIS2-Art21-network-security
+  - SOC2-CC7-anomaly-detection
+cwe_refs:
+  - CWE-345
+  - CWE-347
+  - CWE-284
+  - CWE-778
+last_threat_review: "2026-06-02"
+---
+
+# Audit-Log Integrity (Tamper-Evidence, WORM, Deception)
+
+## Threat Context (mid-2026)
+
+An audit trail is a security control only if it survives the attacker who wants it gone. Anti-forensic tampering (T1070 indicator removal) and stored-data manipulation (T1565.001) target precisely the log that would expose an intrusion, and the most capable adversary is a compromised privileged or insider identity. Logging volume is not integrity: a complete log that a sufficiently privileged credential can rewrite, re-chain, or delete is not a trail. The integrity properties that resist this are a hash chain actually verified on read, entries signed with a key held off the log-writing host, compliance-mode (not governance/override) WORM, legal holds that block the retention purge, separation of the log writer from its custodian, and honeytokens that catch the foraging access in the first place.
+
+## Framework Lag Declaration
+
+Organisational logging controls require that events are recorded, protected, and monitored — and stop there. ISO 27001 A.8.15 (logging) is commonly attested by "we log and protect logs" without verifying hash-chain continuity, independent signing, or immutability against a privileged attacker. SOC 2 CC7 monitoring is satisfied by the presence of logs and alerts. NIS2 Art.21 names monitoring for essential services but not the integrity model. None require the audit trail be immutable to the very identity most likely to tamper with it. A clean "we log and monitor" audit is therefore NON-EVIDENCE for audit-log integrity; it confirms log presence and alerting, not verified-chain continuity, off-host signing, compliance-WORM, or writer/custodian separation.
+
+## TTP Mapping
+
+The audit-log integrity failures map to MITRE ATT&CK: **T1070 (Indicator Removal)** for deleting/rotating/truncating the trail, defeated by compliance-WORM + writer/custodian separation + honeytokens; **T1565.001 (Stored Data Manipulation)** for rewriting entries, defeated by verified hash-chaining + off-host signing; and **T1562.008 (Disable or Modify Cloud Logs / abuse of privileged access)** for break-glass misuse, defeated by dual control + independent alerting. The weakness classes are CWE-345 (insufficient verification of data authenticity — unverified chain), CWE-347 (improper signature verification — co-located/absent signing), CWE-284 (improper access control — governance-WORM, writer-can-delete), and CWE-778 (insufficient logging/detection — absent or untriaged honeytokens).
+
+## Exploit Availability Matrix
+
+These are posture gaps exploited from a privileged or insider position, so the "exploit" is the absent control, not a published CVE. Rewriting a hash chain that is never verified, or recomputing it after editing history, requires only write access. Deleting from governance-mode WORM requires the admin credential the mode explicitly trusts. Purging records under an advisory-only legal hold requires nothing beyond the normal lifecycle job. The real-world priority is set by whether a single compromised identity can rewrite or delete the system-of-record trail without detection, and whether any external anchor or honeytoken would surface the tampering after the fact.
+
+## Analysis Procedure
+
+1. Identify the system-of-record audit trail (not just ephemeral operational logs). 2. Confirm the hash chain is VERIFIED on read/replay/export and fails closed on a break. 3. Confirm entries/checkpoints are signed with a key held off the log-writing host (separate identity / KMS / HSM). 4. Confirm the store is compliance-mode immutable (no role, including root, can delete before expiry) and that legal holds gate the retention purge. 5. Confirm the writing identity is append-only and a separate custodian holds delete rights. 6. Confirm honeytokens are seeded on high-value surfaces and a trip is alerted + triaged, and that break-glass requires dual control + audit. Run the `audit-log-integrity` playbook to execute these as detect indicators with false-positive checks, then score by whether one compromised identity can erase the trail undetected.
+
+## Output Format
+
+Report per integrity property (chain verification, signing, WORM mode, legal-hold gate, writer/custodian separation, deception), marking each enforced / missing / inconclusive (visibility gap). For every missing property, state whether a single compromised privileged or application identity could rewrite or delete the system-of-record trail undetected, and whether any external anchor or honeytoken would catch it. Distinguish a control enforced externally (external WORM/notary, KMS-held key) from an absent one. Provide the prioritised remediation (verify chain + sign off-host, compliance-WORM + hold gate, separate writer from custodian, deploy + triage honeytokens, dual-control break-glass) and the negative validation tests that prove each fix (chain-break detected, privileged delete refused, hold blocks purge) plus a functional test that legitimate writes still chain, sign, and verify.
+
+## Compliance Theater Check
+
+The recurring theater is "we log everything, so we have an audit trail," "our storage is immutable/WORM," and "records under legal hold are preserved." Logging volume is not integrity; "immutable" without naming the mode hides governance-mode reversibility; a hold flag that does not gate the purge preserves nothing. The distinguishing test: verify the chain is checked on read, the signing key is off-host, the WORM mode is compliance (root/admin cannot delete before expiry), and the purge job honors the hold. If a single privileged identity can rewrite or delete the trail undetected, the logging is not an audit trail and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: verified hash-chaining and off-host signing realise Message Authentication and Log Integrity (countering T1565.001); compliance-mode WORM and writer/custodian separation realise File Access Pattern Analysis and Access Modeling against deletion (countering T1070); dual-control + alerting on break-glass realises Administrative Account Monitoring (countering T1562.008); honeytokens realise Decoy Object / Connected Honeynet detection (high-fidelity evidence of the foraging access). Pair an external WORM/notary anchor with the on-host chain so even host compromise cannot rewrite history unobserved. The residual risk after these controls is multi-party collusion or compromise of the signing key / WORM authority itself, accepted at the CISO level with key-management oversight.

package/skills/self-update-integrity/skill.md

@@ -0,0 +1,79 @@
+---
+name: self-update-integrity
+version: "1.0.0"
+description: Consumer-side self-update and artifact integrity for mid-2026 — signature-verification-before-apply, out-of-band key pinning, anti-rollback/downgrade protection, channel pinning, Subresource Integrity on browser modules, and C2PA / SCITT-TSA transparency verification on received artifacts
+triggers:
+  - self update
+  - auto update
+  - update integrity
+  - anti rollback
+  - downgrade attack
+  - code signing verification
+  - key pinning
+  - subresource integrity
+  - sri
+  - import map integrity
+  - c2pa
+  - content credentials
+  - scitt
+  - transparency log
+  - software supply chain consumer
+  - update channel
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1195.002
+  - T1574
+framework_gaps:
+  - NIST-800-53-SR-11
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-494
+  - CWE-829
+  - CWE-353
+  - CWE-347
+last_threat_review: "2026-06-02"
+---
+
+# Consumer-Side Self-Update & Artifact Integrity
+
+## Threat Context (mid-2026)
+
+The self-update loop is the highest-privilege code path most products ship: it fetches code and runs it as the application. Publisher-side posture — code signing, SBOM, SLSA attestations — is necessary but useless if the receiving client does not enforce it. The consumer-side failures are an update applied without verifying a signature, a signature verified against a key the update channel itself supplied, a signed-but-older version accepted (downgrade / no anti-rollback) that re-opens a patched CVE, an update fetched over an unauthenticated channel as the sole control, browser modules served without Subresource Integrity, and an apply step that does not gate on the verifier result. A channel compromise (poisoned CDN, mirror, MITM) then yields arbitrary code execution across the installed base.
+
+## Framework Lag Declaration
+
+Organisational supply-chain controls focus on the publisher: signing, SBOM generation, SLSA build levels. NIST 800-53 SR-11 (component authenticity) covers the supplier side and does not require the consumer's update path to verify signatures against a pinned key before applying or to refuse downgrades. The EU Cyber Resilience Act mandates secure updates for products with digital elements, but conformance is commonly attested by "we ship signed updates" without verifying the receiving client enforces signature + anti-rollback + key-pin. A clean "updates are signed / SLSA-attested / SBOM-published" audit is therefore NON-EVIDENCE for consumer-side update integrity; it confirms publisher posture, not signature-before-apply, key pinning, anti-rollback, or verifier-gating on the receiving client.
+
+## TTP Mapping
+
+The consumer-side update failures map to MITRE ATT&CK: **T1195.002 (Supply Chain Compromise: Software Supply Chain)** for an update applied without signature verification, against an in-band key, over an unauthenticated channel, or as an unverified browser module / artifact; and **T1574 (Hijack Execution Flow)** for an apply step that swaps the new code into the execution path without gating on the verifier. The weakness classes are CWE-494 (Download of Code Without Integrity Check), CWE-829 (Inclusion of Functionality from an Untrusted Control Sphere), CWE-353 (Missing Support for Integrity Check — e.g. absent SRI), and CWE-347 (Improper Verification of Cryptographic Signature — in-band or unpinned key).
+
+## Exploit Availability Matrix
+
+These are consumer-side validation gaps exploited from a channel-influencing position, so the exploit is the absent check, not a published CVE. Serving a tampered update to a client that applies without signature verification requires only control of a mirror or an on-path position. A downgrade requires merely a genuinely-signed older release. Substituting a key when trust is in-band requires control of the same endpoint as the update. The real-world priority is driven by the breadth of the installed base reachable through the update channel and whether a single channel compromise yields mass arbitrary-code execution — historically the highest-impact supply-chain outcome.
+
+## Analysis Procedure
+
+1. Identify every self-updating client/agent and every consumer of externally-sourced executable artifacts (modules, models, signed bundles). 2. Confirm the update path verifies a signature over the artifact BEFORE applying (not a server-provided hash) and fails closed. 3. Confirm the verifying root key is pinned out-of-band (in the binary / OS trust store), not fetched alongside the update. 4. Confirm anti-rollback: the updater refuses a version lower than installed. 5. Confirm the channel is TLS-pinned (defence-in-depth behind the signature). 6. Confirm browser-served modules carry SRI and the import map is integrity-protected. 7. Confirm C2PA content credentials and SCITT/TSA receipts on received artifacts are verified where relied upon, and that the apply gates on the verifier. Run the `self-update-integrity` playbook to execute these as detect indicators with false-positive checks, then score by installed-base breadth.
+
+## Output Format
+
+Report per update path, marking each consumer-side control enforced / missing / inconclusive (visibility gap). For every missing control, state whether a channel compromise would yield arbitrary-code execution and across how much of the installed base. Distinguish a control delegated to a verifying mechanism (OS package manager, gated verifier) from an absent one. Provide the prioritised remediation (verify signature against a pinned key before apply, enforce anti-rollback, pin the channel, enforce SRI on modules, verify provenance/transparency) and the negative validation tests that prove each fix (tampered update rejected, downgrade rejected, verifier-failure blocks apply) plus a functional test that a legitimate newer update still verifies and applies.
+
+## Compliance Theater Check
+
+The recurring theater is "our updates are signed, so the channel is secure," "updates come over HTTPS, so they cannot be tampered," and "we have an update verifier." Signing is the publisher side; HTTPS authenticates a CA bundle and falls to a mis-issued cert; a verifier whose output does not gate the apply is decorative. The distinguishing test: verify the client checks the signature against an out-of-band-pinned key before applying, refuses older versions, and blocks the apply on verifier failure. If a swapped artifact, an attacker-supplied key, or an older signed version would be applied, the signing did not protect the consumer and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: signature-before-apply with an out-of-band-pinned key realises Executable Allowlisting and Cryptographic Verification (countering T1195.002); anti-rollback realises Software Version Pinning (countering downgrade reintroduction); channel pinning realises Certificate Pinning; Subresource Integrity realises Resource Integrity Checking on browser modules; verifier-gating realises Execution Flow Integrity (countering T1574). Pair the signature check with provenance (C2PA) and transparency (SCITT/TSA) verification for non-repudiation. The residual risk after consumer-side enforcement is compromise of the publisher's signing key or build pipeline itself, which yields a validly-signed malicious update — addressed publisher-side (supply-chain-integrity) and accepted at the CISO level with key-management oversight.