@blamejs/exceptd-skills 0.16.14 → 0.16.16

package/sbom.cdx.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:5622cfff-eb09-40f3-8323-05cc99470312",
+  "serialNumber": "urn:uuid:04e89773-5ab6-4db8-9c18-bb4abb56fd87",
   "version": 1,
   "metadata": {
-    "timestamp": "2071-10-17T22:47:27.000Z",
+    "timestamp": "2028-08-11T03:33:07.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.14"
+        "version": "0.16.16"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.14",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.16",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.14",
-      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 46 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+      "version": "0.16.16",
+      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 48 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
           "license": {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.14",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.16",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "75b997d78deb37213ca92f35a1789ecf2853e472e83cfe16ecb9fba5429ec976"
+          "content": "19fd1d02fb02bcc9ce834018a04cb4499913fc116b9c3d1afe8e0553161e9b91"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.14"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.16"
         },
         {
           "type": "vcs",
@@ -54,7 +54,7 @@
       },
       {
         "name": "exceptd:skill:count",
-        "value": "46"
+        "value": "48"
       },
       {
         "name": "exceptd:integrity:method",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3977cc99729354d5b7c5cb4e12efe2ed876ad90c0de481b607d861fcb0500c8a"
+          "content": "c33b531131baa65065c83571c6b8e24509ebf8c996f3d4201c1455748a38504a"
         },
         {
           "alg": "SHA3-512",
-          "content": "b266c8daa35183e6c7688a39b5ef89dea5d4eb7a0392d5ab8a9c92a3e30c226a19b5c1b92250079ce6a70dae8e71911ea889be5f057833abbe4267800b86affe"
+          "content": "654f61a4cd4a95467903a2f2c5b1d1d5d14c16d4b098993fce89d35b51c0f9f3192e8789a5ad887eac75cd90044096b6c3a9341665f663306186bad4edfbe0fc"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "e8cad4a626166ff00bf36ab3a30c8fcb64d6e376528596da7618cf16d59bd304"
+          "content": "3049953c76658c14f8e4b6f6cfc4eaa717d1ea872b90b46e0d32a0b7b6fab3b5"
         },
         {
           "alg": "SHA3-512",
-          "content": "ca41dd995ddc421e252dde2493ea9d5f842af93858519b8b78dda57c3cb1643eebb67a52f2d98976c3ea036a135cf1e5f211d51856e6ce7220ad82ada1c8c2a0"
+          "content": "3e0978a7d16170cf31e425b9e945b48a8c8146aad38f246847a2d2deeff41013cc38193ff09afe849eda8b4cfb3bf889522f68b0115d5a5e2676f75d21912aac"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ae7d674b0aa95ee1fc5fc278cf16861801103e814862db686ea8eb332a9d7021"
+          "content": "d60ea592639a1c721162bdb8f72b5b12d624cefc90f36b606b7f116353e36b08"
         },
         {
           "alg": "SHA3-512",
-          "content": "e9a36b0d3f778cef44ae2b6e86d70e0bb822cb70a4dc228220bc9f6cc9f670e133938ddcbaf86ac00fdda74538734eedad2888f7c871706eda9c89b5d4f477db"
+          "content": "18a5b34d22cc5b4e43da00c891f30ecb1cc535876dc9de3983b5886bbd9492c3731c3f41688e0d2f6a5d1017331fef97fcfd780f7ef6d5b2a04ce8d61029970c"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "401459f17ec5ac70b3cf00423159108a81706fbf2e1fe710f6c03bd1672170ea"
+          "content": "d3715b8a3a5fa54d7b5b0176bc6adac8f2ee0113f40b6b9ea96ca63d673b202f"
         },
         {
           "alg": "SHA3-512",
-          "content": "ec5e2c793f3ccea0653a63233f4cb1bee81b185f9eef97e69b81ceb18d11f0485091bd872c80b68bc31c76003adf6407167e8a7360a3d33e58dd46f8a6af54fd"
+          "content": "bf130a643490db459df0adb4cca9b03e116c1524f2940746b13a916ba1d22b90342b5963b0650627669dd07ed12518a149c758afa02ffb7f7fe7962ce87fdb12"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4762ef6f4d1cfe6eb9abff5f4539037294f18ded6feb3176161a4bb35fe85d32"
+          "content": "11e035b62bf760eb7ea5e408b7364f737f3b3510612d6a65948c8d8ab1085587"
         },
         {
           "alg": "SHA3-512",
-          "content": "3b5aa183722335cdb5204d1188413fbaab879ec1f4855981610cafd40127e631ae07437abc6008268a3788d591d39fba83690f1423ca3347a7f2b846692d5be4"
+          "content": "ecf8f495282ad4302cf058f4a8846afeddfc2cc04ea879b883e995a3b5c9555e292b59dbc8e0679e40678c5212bf9b4c3737c0d8b1c5528fc7fa08c12d63a7b8"
         }
       ]
     },
@@ -506,11 +506,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0c85b2967726a513e1c25940c39705702252f505bfc958e560f554171370c527"
+          "content": "8d5945f5aff2d349b852572c84ff76ab8b14fab7b38aaa0b968ca56c5496b2fe"
         },
         {
           "alg": "SHA3-512",
-          "content": "f45572b2976dc3c7c897eb506d418de28f7b0e8ce58a4c07fa2ac833bb6ab9334187d07d6d4507b38e151b953decf6eb555b4900fb57654259e735bc5a59d3e9"
+          "content": "78c1767f798485e2143283c00edf50bf3402d8bdd3fe085533d6beb004d870a226159bc6ba45e2adb18bde241d30d0ebc5bc87f1ba4820fe6dd05da567d6e265"
         }
       ]
     },
@@ -581,11 +581,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c464fbc4c2b8b49b7279b6c4190c33046cdc659f7c84a5513b4716376bc31134"
+          "content": "81dcd98aca801cccdeb81063af985cc2e87015cc750a42f3f557b35968d7730d"
         },
         {
           "alg": "SHA3-512",
-          "content": "4eb15b793d85e8b835c0960ccdefc79766bd28efe9ad836b67d31c804f85e80ea1751a5d701a9b07742648ccfa920afea23bb72059b00c5218d755631217cbec"
+          "content": "c27c06699191eb8b08d39a6a2fe02b547f7bb95dca79d07d9e5b02b8a5ccfc5396f20c0d89cc45be3404829baceb505794dc20efda2a3787e52d3a51f036fe30"
         }
       ]
     },
@@ -709,6 +709,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/multitenancy-isolation.json",
+      "type": "file",
+      "name": "data/playbooks/multitenancy-isolation.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "3ca080c89326dc369736dadb12431379bd039cf3776ee9633992b0fef42130fc"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "9e085d55f4ae506cde7d06285a0efe9f13df12b9b0042a84b6d48bddc4e7dff628dc7e8a6ae92aa35a0047521428338c822b2252775da1d32817634d482d65fd"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/network-trust.json",
       "type": "file",
@@ -776,11 +791,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "70c41c19432393de44c5e61b37aaaee2761c9fb572487fe3b7e38426a5e591b9"
+          "content": "30b2bcf9d032d29e4da0d2fbb372441f9a510b325818485e9135c668748ecbd9"
         },
         {
           "alg": "SHA3-512",
-          "content": "478faa79463795e9adfc625d4b57436bf50aa7417b394598880851a90dae7c8297e5406c1f76e8f5f6cf6765946450511ad060ba93334b94bdb29f56fd9e8d98"
+          "content": "42f28be0b807304e39f86d3ddf75129dacf68b6dc0d341e6119c09692f4e0ede17c7d025351337deb900657ee36ced0e951981f4b81d4ea793ff79d19d2b0594"
         }
       ]
     },
@@ -799,6 +814,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/self-update-integrity.json",
+      "type": "file",
+      "name": "data/playbooks/self-update-integrity.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "f069f73dfcfa8148d585ad5976829518c1f0ca37b3a95a7011b7494f78825731"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "70ff865b8e93cad5424a0c50bf487e717c2fdeb469de7775e8f203913b32fec8c3f8ad95d07e30d27989c94db1e328d1271167531fd898e2a84c66b8ca585df2"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/supply-chain-recovery.json",
       "type": "file",
@@ -1781,11 +1811,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "09db01b477338ca265cbb0aabc3627179078221ca1f9ea39581ca343d85d69bf"
+          "content": "58d5adcb2f75841236338793c49b71adbd5662743fbd444b16c349dd26edbd21"
         },
         {
           "alg": "SHA3-512",
-          "content": "05c3f35c2a18c73ac6fdac2a321f14a8732008b9ec99baf17f63bf5ac8f6eb116de1143708d98234f5d7de8bc19dc56f8d3640038f230d4cf97991436ff956cb"
+          "content": "bfbca81d382983435fd8994cb4bed554d56d01008dd5ae6f581c61d00d88a2791087e56cd405ad1e9e7e0255a1ee454562ba6c6276446077a53f97df606e52c8"
         }
       ]
     },
@@ -1796,11 +1826,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "07db9ab37e6e4c5396d7aab836f16660efb5ae38da2ded3cb57b00f6f5be0a05"
+          "content": "643d612268e8a98f27a0d53e2f749bc81d217ae3c37b47d90075c81d676db09f"
         },
         {
           "alg": "SHA3-512",
-          "content": "040fc8917e87dbe79e2786608a64583eaf5bec954acb0928d4259afc9e13139f899d17d4015ee740a0ed3a5070daa09490908c3d94d0ba5f84e980dbca539142"
+          "content": "273e5881d3832a17c574cf1f933219f7f1209593cd5c6cf9e821899594af3f55bf6f4168f1217b8beca2f11483516cfbba46d8d292d10df19761fa512a14201f"
         }
       ]
     },
@@ -1811,11 +1841,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ea32d11918b9e9429c3ced5e07f667a755a2ad50aee090b71d3aa0196af3accb"
+          "content": "9156c60052b185a8d265bbb53d586ed6be9b1387b2aa2cdb77186bed997d5fbd"
         },
         {
           "alg": "SHA3-512",
-          "content": "32bf0b27aa27c60d8b87394c0169d606e0fb7a6941dd63fb47a17a576e39afa48912a3c56225dc33c44b8e1dd83e230360c74ef81fa48ce1ef6d1e940d150985"
+          "content": "3f1fefe1ff7236635e00a4e92886980f747fe546827fa134ac122cf276cf09420778d051b6f736ced0c5d9592300a41c7aeced7ddf584ec6f1f47c662307cff5"
         }
       ]
     },
@@ -3004,6 +3034,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/multitenancy-isolation/skill.md",
+      "type": "file",
+      "name": "skills/multitenancy-isolation/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "60d7db9cbac49b307c7062a3b27a3cef8aab8cc774176c428075981fbc18758f"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "702591a3b7a299e2d204dc48c24cc4123379de1aa9912597149b9c1be3f42cd490c0c4cb7afba9dba310283237a4d4f01a2f2842650daa6820f3af4e0eeaa0cf"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/network-trust/skill.md",
       "type": "file",
@@ -3199,6 +3244,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/self-update-integrity/skill.md",
+      "type": "file",
+      "name": "skills/self-update-integrity/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "305d4841d7434e18812be4b8646eb7a4f7f4416e3646aad3b6e7152d16f0c8af"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "59dfe4b515245a41fb56d4420e42999ebdf53c7e5f80d491637e0ef71c23bbc1c3eda25d0e6a4e44785940446473a3784e909196d7575d636594ecd9c554e213"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/skill-update-loop/skill.md",
       "type": "file",

package/skills/multitenancy-isolation/skill.md

@@ -0,0 +1,83 @@
+---
+name: multitenancy-isolation
+version: "1.0.0"
+description: Application multitenancy isolation and availability/DoS resilience for mid-2026 — principal-bound tenant identity, data-layer row-level-security under a non-bypass role, cross-tenant cache/queue namespacing, per-tenant rate/byte quotas, HTTP/2 Rapid Reset caps, bounded allocation, distributed-lock fencing, and circuit breakers
+triggers:
+  - multitenancy isolation
+  - multi tenant
+  - cross tenant
+  - tenant isolation
+  - row level security
+  - rls
+  - bola
+  - broken object level authorization
+  - idor
+  - noisy neighbour
+  - rapid reset
+  - rate limit
+  - per tenant quota
+  - circuit breaker
+  - distributed lock fencing
+  - resource exhaustion
+  - denial of service
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1078
+  - T1499
+  - T1499.001
+  - T1530
+framework_gaps:
+  - NIST-800-53-AC-3
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-639
+  - CWE-770
+  - CWE-863
+  - CWE-668
+  - CWE-400
+last_threat_review: "2026-06-02"
+---
+
+# Application Multitenancy Isolation + Availability/DoS Resilience
+
+## Threat Context (mid-2026)
+
+Shared multitenant infrastructure has two linked failure classes. Isolation: if the tenant identifier is trusted from a client-controlled header/parameter/claim, or the tenant filter lives in per-query application discipline rather than the data layer, a single authenticated user of one tenant reads or writes another tenant's data — broken object-level authorization (CWE-639), the most common and highest-impact SaaS vulnerability class. Cache, pub/sub, and queue keys leak the same way when not tenant-namespaced. Availability: asymmetric denial of service — HTTP/2 Rapid Reset (CVE-2023-44487), unbounded per-request allocation — and the noisy-neighbour pattern (no per-tenant quota) deny service to all tenants; autoscaling pays the attacker's bill without stopping the attack.
+
+## Framework Lag Declaration
+
+Organisational controls treat "we have an authorization layer" as tenant isolation and "the cloud autoscales" as DoS resilience. NIST 800-53 AC-3 (access enforcement) is satisfied by an authorization layer existing and does not require tenant scoping be structurally enforced at the data layer rather than per-query discipline. SC-6 (resource availability) is named but rarely operationalised as per-tenant quotas, Rapid Reset caps, or circuit breakers. SOC 2 CC6 logical access is met with an auth layer. A clean "we have authorization and the cloud autoscales" audit is therefore NON-EVIDENCE for multitenancy isolation or DoS resilience; it confirms an auth layer and elastic infra, not data-layer RLS under a non-bypass role, cross-tenant namespacing, per-tenant quotas, or breakers.
+
+## TTP Mapping
+
+The multitenancy failures map to MITRE ATT&CK: **T1078 (Valid Accounts)** for cross-tenant access from a legitimate account via a client-trusted tenant id, an unscoped query, or an RLS-bypassing request role; **T1530 (Data from Cloud Storage / shared store)** for cross-tenant leakage through un-namespaced cache/queue keys; **T1499 (Endpoint DoS)** for the noisy-neighbour, distributed-lock, and circuit-breaker gaps; and **T1499.001 (OS Exhaustion Flood)** for HTTP/2 Rapid Reset and unbounded per-request allocation. The weakness classes are CWE-639 (authorization bypass through user-controlled key), CWE-863 (incorrect authorization), CWE-668 (exposure to wrong control sphere — shared keys), CWE-770 (allocation without limits), and CWE-400 (uncontrolled resource consumption).
+
+## Exploit Availability Matrix
+
+These are application-posture gaps exploited from a single authenticated account or client, so the exploit is the absent control. Cross-tenant access via a client-trusted tenant id requires only changing a header — trivially scriptable and the staple of SaaS bug-bounty reports. HTTP/2 Rapid Reset has public tooling and the CVE-2023-44487 catalog entry; it produced record-breaking DDoS. Unbounded allocation and the noisy-neighbour DoS require only a crafted or high-volume request. The real-world priority is set by whether one authenticated user can reach all tenants' data, or one client can deny service to all tenants — both maximum-blast-radius outcomes on shared infrastructure.
+
+## Analysis Procedure
+
+1. Determine the effective tenant id derivation and confirm it binds to the authenticated principal, not a client-supplied field. 2. Confirm tenant scoping is enforced at the data layer (row-level security) and that the request connection runs under a role SUBJECT to RLS (not a BYPASSRLS/owner role). 3. Confirm cache/pub-sub/queue keys include the tenant id. 4. Confirm HTTP/2 client-initiated stream resets are capped per connection (Rapid Reset). 5. Confirm per-tenant/per-IP rate + byte quotas and bounded per-request allocation (result-set, body, connections, fan-out). 6. Confirm distributed locks carry a TTL + fencing token and critical dependencies have circuit breakers. Run the `multitenancy-isolation` playbook to execute these as detect indicators with false-positive checks, then score by whether one account reaches all data or one client denies all service.
+
+## Output Format
+
+Report per surface, marking each isolation and availability control enforced / missing / inconclusive (visibility gap). For every missing control, state whether a single authenticated user could read another tenant's data or a single client could deny service to all tenants. Distinguish a control enforced at a lower layer (data-layer RLS, CDN/WAF quotas) from an absent one, and a dedicated single-tenant deployment (cross-tenant indicators not applicable) from a shared one. Provide the prioritised remediation (bind tenant to principal + data-layer RLS under a non-bypass role, namespace shared keys, cap Rapid Reset + per-tenant quotas, bound allocation, fence locks + circuit-break) and the negative validation tests (cross-tenant read blocked, unscoped query blocked, Rapid Reset capped) plus a functional test that two tenants get fair, isolated service.
+
+## Compliance Theater Check
+
+The recurring theater is "we have an authorization layer, so tenants are isolated," "row-level security is enabled," and "the cloud autoscales, so we are DoS-resilient." An auth layer is not data-layer isolation; RLS is bypassed by a superuser/owner/BYPASSRLS request connection; autoscaling pays the attacker's bill without stopping an asymmetric DoS. The distinguishing test: probe whether a query can run without a tenant predicate, whether the request connection bypasses RLS, whether the tenant id is client-trusted, and whether Rapid Reset / unbounded allocation is capped. If a cross-tenant read or an asymmetric DoS succeeds, the auth layer and autoscaling did not isolate or protect, and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: principal-bound tenant id + data-layer RLS under a non-bypass role realise Authorization Event Thresholding and Mandatory Access Control (countering T1078 cross-tenant access); tenant-namespaced shared keys realise Resource Access Pattern isolation (countering T1530 leakage); per-tenant quotas + HTTP/2 Rapid Reset caps + bounded allocation realise Resource Consumption Limiting (countering T1499/T1499.001); distributed-lock fencing and circuit breakers realise System Availability and Failure-Domain isolation. Pair data-layer RLS with an automated test asserting no query runs without a tenant filter. The residual risk after these controls is compromise of a legitimately-scoped tenant account, an identity-control concern, accepted at the CISO level.

package/skills/self-update-integrity/skill.md

@@ -0,0 +1,79 @@
+---
+name: self-update-integrity
+version: "1.0.0"
+description: Consumer-side self-update and artifact integrity for mid-2026 — signature-verification-before-apply, out-of-band key pinning, anti-rollback/downgrade protection, channel pinning, Subresource Integrity on browser modules, and C2PA / SCITT-TSA transparency verification on received artifacts
+triggers:
+  - self update
+  - auto update
+  - update integrity
+  - anti rollback
+  - downgrade attack
+  - code signing verification
+  - key pinning
+  - subresource integrity
+  - sri
+  - import map integrity
+  - c2pa
+  - content credentials
+  - scitt
+  - transparency log
+  - software supply chain consumer
+  - update channel
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1195.002
+  - T1574
+framework_gaps:
+  - NIST-800-53-SR-11
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-494
+  - CWE-829
+  - CWE-353
+  - CWE-347
+last_threat_review: "2026-06-02"
+---
+
+# Consumer-Side Self-Update & Artifact Integrity
+
+## Threat Context (mid-2026)
+
+The self-update loop is the highest-privilege code path most products ship: it fetches code and runs it as the application. Publisher-side posture — code signing, SBOM, SLSA attestations — is necessary but useless if the receiving client does not enforce it. The consumer-side failures are an update applied without verifying a signature, a signature verified against a key the update channel itself supplied, a signed-but-older version accepted (downgrade / no anti-rollback) that re-opens a patched CVE, an update fetched over an unauthenticated channel as the sole control, browser modules served without Subresource Integrity, and an apply step that does not gate on the verifier result. A channel compromise (poisoned CDN, mirror, MITM) then yields arbitrary code execution across the installed base.
+
+## Framework Lag Declaration
+
+Organisational supply-chain controls focus on the publisher: signing, SBOM generation, SLSA build levels. NIST 800-53 SR-11 (component authenticity) covers the supplier side and does not require the consumer's update path to verify signatures against a pinned key before applying or to refuse downgrades. The EU Cyber Resilience Act mandates secure updates for products with digital elements, but conformance is commonly attested by "we ship signed updates" without verifying the receiving client enforces signature + anti-rollback + key-pin. A clean "updates are signed / SLSA-attested / SBOM-published" audit is therefore NON-EVIDENCE for consumer-side update integrity; it confirms publisher posture, not signature-before-apply, key pinning, anti-rollback, or verifier-gating on the receiving client.
+
+## TTP Mapping
+
+The consumer-side update failures map to MITRE ATT&CK: **T1195.002 (Supply Chain Compromise: Software Supply Chain)** for an update applied without signature verification, against an in-band key, over an unauthenticated channel, or as an unverified browser module / artifact; and **T1574 (Hijack Execution Flow)** for an apply step that swaps the new code into the execution path without gating on the verifier. The weakness classes are CWE-494 (Download of Code Without Integrity Check), CWE-829 (Inclusion of Functionality from an Untrusted Control Sphere), CWE-353 (Missing Support for Integrity Check — e.g. absent SRI), and CWE-347 (Improper Verification of Cryptographic Signature — in-band or unpinned key).
+
+## Exploit Availability Matrix
+
+These are consumer-side validation gaps exploited from a channel-influencing position, so the exploit is the absent check, not a published CVE. Serving a tampered update to a client that applies without signature verification requires only control of a mirror or an on-path position. A downgrade requires merely a genuinely-signed older release. Substituting a key when trust is in-band requires control of the same endpoint as the update. The real-world priority is driven by the breadth of the installed base reachable through the update channel and whether a single channel compromise yields mass arbitrary-code execution — historically the highest-impact supply-chain outcome.
+
+## Analysis Procedure
+
+1. Identify every self-updating client/agent and every consumer of externally-sourced executable artifacts (modules, models, signed bundles). 2. Confirm the update path verifies a signature over the artifact BEFORE applying (not a server-provided hash) and fails closed. 3. Confirm the verifying root key is pinned out-of-band (in the binary / OS trust store), not fetched alongside the update. 4. Confirm anti-rollback: the updater refuses a version lower than installed. 5. Confirm the channel is TLS-pinned (defence-in-depth behind the signature). 6. Confirm browser-served modules carry SRI and the import map is integrity-protected. 7. Confirm C2PA content credentials and SCITT/TSA receipts on received artifacts are verified where relied upon, and that the apply gates on the verifier. Run the `self-update-integrity` playbook to execute these as detect indicators with false-positive checks, then score by installed-base breadth.
+
+## Output Format
+
+Report per update path, marking each consumer-side control enforced / missing / inconclusive (visibility gap). For every missing control, state whether a channel compromise would yield arbitrary-code execution and across how much of the installed base. Distinguish a control delegated to a verifying mechanism (OS package manager, gated verifier) from an absent one. Provide the prioritised remediation (verify signature against a pinned key before apply, enforce anti-rollback, pin the channel, enforce SRI on modules, verify provenance/transparency) and the negative validation tests that prove each fix (tampered update rejected, downgrade rejected, verifier-failure blocks apply) plus a functional test that a legitimate newer update still verifies and applies.
+
+## Compliance Theater Check
+
+The recurring theater is "our updates are signed, so the channel is secure," "updates come over HTTPS, so they cannot be tampered," and "we have an update verifier." Signing is the publisher side; HTTPS authenticates a CA bundle and falls to a mis-issued cert; a verifier whose output does not gate the apply is decorative. The distinguishing test: verify the client checks the signature against an out-of-band-pinned key before applying, refuses older versions, and blocks the apply on verifier failure. If a swapped artifact, an attacker-supplied key, or an older signed version would be applied, the signing did not protect the consumer and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: signature-before-apply with an out-of-band-pinned key realises Executable Allowlisting and Cryptographic Verification (countering T1195.002); anti-rollback realises Software Version Pinning (countering downgrade reintroduction); channel pinning realises Certificate Pinning; Subresource Integrity realises Resource Integrity Checking on browser modules; verifier-gating realises Execution Flow Integrity (countering T1574). Pair the signature check with provenance (C2PA) and transparency (SCITT/TSA) verification for non-repudiation. The residual risk after consumer-side enforcement is compromise of the publisher's signing key or build pipeline itself, which yields a validly-signed malicious update — addressed publisher-side (supply-chain-integrity) and accepted at the CISO level with key-management oversight.