@blamejs/exceptd-skills 0.16.14 → 0.16.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/AGENTS.md +3 -1
  2. package/CHANGELOG.md +8 -0
  3. package/README.md +5 -5
  4. package/bin/exceptd.js +3 -1
  5. package/data/_indexes/_meta.json +17 -15
  6. package/data/_indexes/activity-feed.json +16 -2
  7. package/data/_indexes/chains.json +7429 -451
  8. package/data/_indexes/currency.json +19 -1
  9. package/data/_indexes/frequency.json +135 -64
  10. package/data/_indexes/handoff-dag.json +9 -1
  11. package/data/_indexes/jurisdiction-map.json +11 -4
  12. package/data/_indexes/section-offsets.json +170 -0
  13. package/data/_indexes/stale-content.json +1 -1
  14. package/data/_indexes/summary-cards.json +77 -0
  15. package/data/_indexes/token-budget.json +103 -3
  16. package/data/_indexes/trigger-table.json +98 -1
  17. package/data/_indexes/xref.json +45 -4
  18. package/data/cwe-catalog.json +21 -5
  19. package/data/playbooks/cloud-iam-incident.json +26 -5
  20. package/data/playbooks/framework.json +2 -0
  21. package/data/playbooks/multitenancy-isolation.json +660 -0
  22. package/data/playbooks/sbom.json +21 -6
  23. package/data/playbooks/self-update-integrity.json +636 -0
  24. package/manifest-snapshot.json +106 -2
  25. package/manifest-snapshot.sha256 +1 -1
  26. package/manifest.json +160 -48
  27. package/package.json +2 -2
  28. package/sbom.cdx.json +92 -32
  29. package/skills/multitenancy-isolation/skill.md +83 -0
  30. package/skills/self-update-integrity/skill.md +79 -0
package/data/playbooks/sbom.json CHANGED
@@ -115,6 +115,7 @@
115
115
  "library-author",
116
116
  "mcp",
117
117
  "post-quantum-migration",
118
+ "self-update-integrity",
118
119
  "supply-chain-recovery",
119
120
  "webhook-callback-abuse"
120
121
  ]
@@ -1261,7 +1262,11 @@
1261
1262
  "operator_authorized_for_package_upgrade == true"
1262
1263
  ],
1263
1264
  "priority": 1,
1264
- "for_signals": ["package-matches-catalogued-cve","kev-listed-match","windsurf-vulnerable-version"],
1265
+ "for_signals": [
1266
+ "package-matches-catalogued-cve",
1267
+ "kev-listed-match",
1268
+ "windsurf-vulnerable-version"
1269
+ ],
1265
1270
  "compensating_controls": [
1266
1271
  "restart_affected_services_post_upgrade",
1267
1272
  "regression_test_post_upgrade"
@@ -1275,7 +1280,9 @@
1275
1280
  "ci_pipeline_modifiable == true"
1276
1281
  ],
1277
1282
  "priority": 2,
1278
- "for_signals": ["lockfile-no-integrity"],
1283
+ "for_signals": [
1284
+ "lockfile-no-integrity"
1285
+ ],
1279
1286
  "compensating_controls": [
1280
1287
  "lockfile_review_in_pr_template"
1281
1288
  ],
@@ -1300,7 +1307,9 @@
1300
1307
  "sbom_tooling_supports_transitive == true"
1301
1308
  ],
1302
1309
  "priority": 4,
1303
- "for_signals": ["transitive-deps-incomplete-sbom"],
1310
+ "for_signals": [
1311
+ "transitive-deps-incomplete-sbom"
1312
+ ],
1304
1313
  "compensating_controls": [
1305
1314
  "sbom_completeness_gate_in_ci"
1306
1315
  ],
@@ -1313,7 +1322,9 @@
1313
1322
  "security_team_capacity_for_vex == true"
1314
1323
  ],
1315
1324
  "priority": 5,
1316
- "for_signals": ["matched-cve-without-vex"],
1325
+ "for_signals": [
1326
+ "matched-cve-without-vex"
1327
+ ],
1317
1328
  "compensating_controls": [
1318
1329
  "vex_template_in_security_playbook"
1319
1330
  ],
@@ -1327,7 +1338,9 @@
1327
1338
  "ci_or_pre-commit_modifiable == true"
1328
1339
  ],
1329
1340
  "priority": 6,
1330
- "for_signals": ["ai-code-no-provenance"],
1341
+ "for_signals": [
1342
+ "ai-code-no-provenance"
1343
+ ],
1331
1344
  "compensating_controls": [
1332
1345
  "pr_review_for_ai_emitted_code",
1333
1346
  "ai_code_review_checklist"
@@ -1341,7 +1354,9 @@
1341
1354
  "ml_loader_modifiable == true OR ml_inference_pipeline_owned == true"
1342
1355
  ],
1343
1356
  "priority": 7,
1344
- "for_signals": ["model-weight-unsigned-and-executable-format"],
1357
+ "for_signals": [
1358
+ "model-weight-unsigned-and-executable-format"
1359
+ ],
1345
1360
  "compensating_controls": [
1346
1361
  "model_inventory_review",
1347
1362
  "non-safetensors_models_quarantined"