npm - @blamejs/exceptd-skills - Versions diffs - 0.16.15 → 0.16.16 - Mend

@blamejs/exceptd-skills 0.16.15 → 0.16.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/AGENTS.md +2 -1
package/CHANGELOG.md +4 -0
package/README.md +5 -5
package/bin/exceptd.js +2 -1
package/data/_indexes/_meta.json +16 -15
package/data/_indexes/activity-feed.json +9 -2
package/data/_indexes/chains.json +4216 -629
package/data/_indexes/currency.json +10 -1
package/data/_indexes/frequency.json +100 -52
package/data/_indexes/handoff-dag.json +5 -1
package/data/_indexes/jurisdiction-map.json +6 -3
package/data/_indexes/section-offsets.json +85 -0
package/data/_indexes/stale-content.json +1 -1
package/data/_indexes/summary-cards.json +40 -0
package/data/_indexes/token-budget.json +53 -3
package/data/_indexes/trigger-table.json +50 -1
package/data/_indexes/xref.json +26 -1
package/data/cwe-catalog.json +15 -4
package/data/playbooks/cloud-iam-incident.json +26 -5
package/data/playbooks/framework.json +1 -0
package/data/playbooks/multitenancy-isolation.json +660 -0
package/manifest-snapshot.json +56 -2
package/manifest-snapshot.sha256 +1 -1
package/manifest.json +107 -49
package/package.json +2 -2
package/sbom.cdx.json +60 -30
package/skills/multitenancy-isolation/skill.md +83 -0

package/data/_indexes/trigger-table.json CHANGED Viewed

@@ -1119,7 +1119,8 @@
     "api-security"
   ],
   "bola": [
-    "api-security"
+    "api-security",
+    "multitenancy-isolation"
   ],
   "bfla": [
     "api-security"
@@ -1881,5 +1882,53 @@
   ],
   "update channel": [
     "self-update-integrity"
+  ],
+  "multitenancy isolation": [
+    "multitenancy-isolation"
+  ],
+  "multi tenant": [
+    "multitenancy-isolation"
+  ],
+  "cross tenant": [
+    "multitenancy-isolation"
+  ],
+  "tenant isolation": [
+    "multitenancy-isolation"
+  ],
+  "row level security": [
+    "multitenancy-isolation"
+  ],
+  "rls": [
+    "multitenancy-isolation"
+  ],
+  "broken object level authorization": [
+    "multitenancy-isolation"
+  ],
+  "idor": [
+    "multitenancy-isolation"
+  ],
+  "noisy neighbour": [
+    "multitenancy-isolation"
+  ],
+  "rapid reset": [
+    "multitenancy-isolation"
+  ],
+  "rate limit": [
+    "multitenancy-isolation"
+  ],
+  "per tenant quota": [
+    "multitenancy-isolation"
+  ],
+  "circuit breaker": [
+    "multitenancy-isolation"
+  ],
+  "distributed lock fencing": [
+    "multitenancy-isolation"
+  ],
+  "resource exhaustion": [
+    "multitenancy-isolation"
+  ],
+  "denial of service": [
+    "multitenancy-isolation"
   ]
 }

package/data/_indexes/xref.json CHANGED Viewed

@@ -204,6 +204,7 @@
       "identity-assurance",
       "idp-incident-response",
       "mail-server-hardening",
+      "multitenancy-isolation",
       "sector-financial",
       "vc-wallet-trust",
       "webapp-security"
@@ -237,13 +238,23 @@
       "mail-server-hardening"
     ],
     "CWE-400": [
-      "mail-server-hardening"
+      "mail-server-hardening",
+      "multitenancy-isolation"
     ],
     "CWE-778": [
       "audit-log-integrity"
     ],
     "CWE-353": [
       "self-update-integrity"
+    ],
+    "CWE-639": [
+      "multitenancy-isolation"
+    ],
+    "CWE-770": [
+      "multitenancy-isolation"
+    ],
+    "CWE-668": [
+      "multitenancy-isolation"
     ]
   },
   "d3fend_refs": {
@@ -612,6 +623,7 @@
       "sector-telecom"
     ],
     "AU-ISM-1556": [
+      "multitenancy-isolation",
       "sector-telecom",
       "self-update-integrity"
     ],
@@ -699,6 +711,7 @@
     "NIS2-Art21-network-security": [
       "audit-log-integrity",
       "mail-server-hardening",
+      "multitenancy-isolation",
       "network-trust",
       "self-update-integrity"
     ],
@@ -706,6 +719,7 @@
       "network-trust"
     ],
     "UK-CAF-B4": [
+      "multitenancy-isolation",
       "network-trust",
       "self-update-integrity"
     ],
@@ -714,6 +728,9 @@
     ],
     "NIST-800-53-SR-11": [
       "self-update-integrity"
+    ],
+    "NIST-800-53-AC-3": [
+      "multitenancy-isolation"
     ]
   },
   "atlas_refs": {
@@ -857,6 +874,7 @@
       "email-security-anti-phishing",
       "identity-assurance",
       "incident-response-playbook",
+      "multitenancy-isolation",
       "ransomware-response",
       "sector-energy",
       "sector-financial",
@@ -875,6 +893,7 @@
     "T1530": [
       "cloud-security",
       "dlp-gap-analysis",
+      "multitenancy-isolation",
       "sector-healthcare"
     ],
     "T1213": [
@@ -992,6 +1011,12 @@
     ],
     "T1574": [
       "self-update-integrity"
+    ],
+    "T1499": [
+      "multitenancy-isolation"
+    ],
+    "T1499.001": [
+      "multitenancy-isolation"
     ]
   },
   "rfc_refs": {

package/data/cwe-catalog.json CHANGED Viewed

@@ -1844,6 +1844,7 @@
       "identity-assurance",
       "idp-incident-response",
       "mail-server-hardening",
+      "multitenancy-isolation",
       "sector-financial",
       "vc-wallet-trust",
       "webapp-security"
@@ -3070,7 +3071,8 @@
     "_auto_imported": true,
     "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
     "skills_referencing": [
-      "mail-server-hardening"
+      "mail-server-hardening",
+      "multitenancy-isolation"
     ]
   },
   "CWE-285": {
@@ -3577,7 +3579,10 @@
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,
-    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
+    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
+    "skills_referencing": [
+      "multitenancy-isolation"
+    ]
   },
   "CWE-640": {
     "id": "CWE-640",
@@ -3773,7 +3778,10 @@
     "last_verified": "2026-05-19",
     "notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
     "_auto_imported": true,
-    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
+    "_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
+    "skills_referencing": [
+      "multitenancy-isolation"
+    ]
   },
   "CWE-772": {
     "id": "CWE-772",
@@ -4462,7 +4470,10 @@
       "CVE-2024-21626"
     ],
     "last_verified": "2026-05-19",
-    "notes": "Added v0.13.19 to back the runc /proc/self/fd container-escape (CVE-2024-21626) cwe_refs entry."
+    "notes": "Added v0.13.19 to back the runc /proc/self/fd container-escape (CVE-2024-21626) cwe_refs entry.",
+    "skills_referencing": [
+      "multitenancy-isolation"
+    ]
   },
   "CWE-340": {
     "id": "CWE-340",

package/data/playbooks/cloud-iam-incident.json CHANGED Viewed

@@ -60,7 +60,8 @@
       }
     ],
     "fed_by": [
-      "identity-sso-compromise"
+      "identity-sso-compromise",
+      "multitenancy-isolation"
     ]
   },
   "domain": {
@@ -976,7 +977,15 @@
             "rotation_ownership_identified == true"
           ],
           "priority": 1,
-          "for_signals": ["root_login_from_new_asn","iam_access_key_created_no_iac_ticket","mass_iam_user_creation_outside_iac","cross_account_assume_role_anomaly","kms_key_policy_self_grant","s3_bucket_policy_public_grant","cloudtrail_logging_disabled_event"],
+          "for_signals": [
+            "root_login_from_new_asn",
+            "iam_access_key_created_no_iac_ticket",
+            "mass_iam_user_creation_outside_iac",
+            "cross_account_assume_role_anomaly",
+            "kms_key_policy_self_grant",
+            "s3_bucket_policy_public_grant",
+            "cloudtrail_logging_disabled_event"
+          ],
           "compensating_controls": [
             "session-revocation",
             "audit-log-review-for-misuse-window",
@@ -992,7 +1001,15 @@
             "iam_read_only_across_org == true"
           ],
           "priority": 2,
-          "for_signals": ["cross_account_assume_role_anomaly","mass_iam_user_creation_outside_iac","iam_access_key_created_no_iac_ticket","kms_key_policy_self_grant","s3_bucket_policy_public_grant","gpu_instance_creation_spike","unused_region_resource_creation"],
+          "for_signals": [
+            "cross_account_assume_role_anomaly",
+            "mass_iam_user_creation_outside_iac",
+            "iam_access_key_created_no_iac_ticket",
+            "kms_key_policy_self_grant",
+            "s3_bucket_policy_public_grant",
+            "gpu_instance_creation_spike",
+            "unused_region_resource_creation"
+          ],
           "compensating_controls": [
             "iam-event-review-completed",
             "scp-tightened",
@@ -1007,7 +1024,9 @@
             "imdsv2_migration_blocker_inventory_complete == true"
           ],
           "priority": 2,
-          "for_signals": ["imds_v1_legacy_access"],
+          "for_signals": [
+            "imds_v1_legacy_access"
+          ],
           "compensating_controls": [
             "imdsv2-enforced-org-wide",
             "scp-deny-imdsv1-launch"
@@ -1021,7 +1040,9 @@
             "federated_trust_inventory_complete == true"
           ],
           "priority": 2,
-          "for_signals": ["cross_account_assume_role_anomaly"],
+          "for_signals": [
+            "cross_account_assume_role_anomaly"
+          ],
           "compensating_controls": [
             "federated-trust-tightened",
             "conditional-access-mfa-required-on-admin"

package/data/playbooks/framework.json CHANGED Viewed

@@ -61,6 +61,7 @@
       "llm-tool-use-exfil",
       "mail-server-hardening",
       "mcp",
+      "multitenancy-isolation",
       "network-trust",
       "post-quantum-migration",
       "ransomware",