@blamejs/exceptd-skills 0.16.15 → 0.16.17

package/sbom.cdx.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:ddba3c25-e008-44bd-8778-18d2b1d24f48",
+  "serialNumber": "urn:uuid:8d18b72c-cb47-426d-bcda-c48809ae85ac",
   "version": 1,
   "metadata": {
-    "timestamp": "2143-11-19T04:57:09.000Z",
+    "timestamp": "2101-01-06T05:33:32.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.15"
+        "version": "0.16.17"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.15",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.17",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.15",
-      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 47 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+      "version": "0.16.17",
+      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 49 skills, 11 catalogs (439 CVEs / 176 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
           "license": {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.15",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.17",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "25697f2d58e577860cb8d7bbbbaab671c8e68f68919b2ea4f7a6d71cf964cf16"
+          "content": "956430b4033bf0be36d88f0f0feb2f233fc1d9d58444f914edeac5ea45e1a81d"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.15"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.17"
         },
         {
           "type": "vcs",
@@ -54,7 +54,7 @@
       },
       {
         "name": "exceptd:skill:count",
-        "value": "47"
+        "value": "49"
       },
       {
         "name": "exceptd:integrity:method",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "73316ff6fed755b6eef4882a28c7af48e341a480f19df3f79f7dd56875e3c178"
+          "content": "a2c4712be394f75a51d707e4e9b6e1ad13812d90cc2e64d4fe7bdec172d7d5ee"
         },
         {
           "alg": "SHA3-512",
-          "content": "78a17ef72a8d11cdf881f78df473e8e0f0d238aee71870c19f2177b5c6dd5291948b7b51ec7df21d9af754fecc6087baba9875eacc67913971c0e67acde1d1be"
+          "content": "6f2a34e1f5a8d4a677605a29cb214b3b6bd6aaad1bb53cfdb81c7be8d7a94711769461becd0494b71c8ab9a6be946238104adf3cefe904e52088d7df5f42c2e9"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f9aff10e9d135c2b3ddd3b71dfaaa4852c0f4ad8315b3cc64e45d436ae061004"
+          "content": "a7bd7077b36d8e4e769ab756f6d66de3621bd4e6642fbe738d6734d7bbc0e8a9"
         },
         {
           "alg": "SHA3-512",
-          "content": "fcf03767f972e9b13bd4ae04f7796e41570d563b69878274c1eba54e430e28b4c9254263c0d94615a90119a580c2f950d3f99d1f24ac52439c0e47b1bd6c00d5"
+          "content": "21a9f1e1950d3e997adef582db4a36ca86b4a6d178f4a5104140345d2d0cb7a1e176e338424fa4873ad81e84ea7d4eecdb0047ff496a433c2283dd07ad89ee43"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4b7b2d204541a053fbdd94723196f6f368a67952e30d6c941ba5419bd3f0d9c1"
+          "content": "39f76631b7601dd9843f138ca9fc3acc2321520973a5a6949eb4c107d4a27630"
         },
         {
           "alg": "SHA3-512",
-          "content": "fbdc8fdaf6b82992cf73d77c0678615d26618b4aa698bf71e2e69fb2f9413197ff13fcb2565041cc9b1510dbf156d3a81111b9e835ec56a555e3ac2b09899556"
+          "content": "76bb403641849041b610088e1011ff53d408444d9ba1ea977569321d1181acdcbb32e2dbf9a406e607e30634c7bd937401ea592d6a7261a9caa59497fd876d90"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "bb83dfb133c97b8aba15bde9bf7d04ac02a52b90d4471203aff487200e7bbde1"
+          "content": "358cb7123fe73316f4f60dee36ffee1648306859f9663639f028a1db72ba8107"
         },
         {
           "alg": "SHA3-512",
-          "content": "bb316671de5bbd311aebc34c39cd000d177bde130712ff2878cae432237337cf79d92a4fffd022d59a370adaf8fdcccfd41b69308ee8e8483330c2cb0b404531"
+          "content": "37dcf16d413d740e37d7cfc29431da7cbc3baab08a86e3851746151e8b25e0d14e969e88cb6fe95a78559713d856d9edd31676ee49cb8f4d3ccfb1c50445e9d2"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eb30305b76deddf87b5a128ab416280b0bc908c15cd3ccecd74f3cf063a8dbca"
+          "content": "b786fc196243b7d4c3d1f035e0d5cfb55dad8db30c326649be3031facc7a3358"
         },
         {
           "alg": "SHA3-512",
-          "content": "b8cb9999b60e7fae82ce025a2a891d13e2d289f9349c3b7aac50806ba171ac772870e97182c3514b82d86b910244137de9e48e0a004aacacca431efb70f56d0a"
+          "content": "eb57a22b882770d40b12b28d3902f580742024c6434212281711434e70b1c5ec86b84afcf4a77548342015f118c4cca40a3603a916f6ab746e110ed837faa620"
         }
       ]
     },
@@ -506,11 +506,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0c85b2967726a513e1c25940c39705702252f505bfc958e560f554171370c527"
+          "content": "8d5945f5aff2d349b852572c84ff76ab8b14fab7b38aaa0b968ca56c5496b2fe"
         },
         {
           "alg": "SHA3-512",
-          "content": "f45572b2976dc3c7c897eb506d418de28f7b0e8ce58a4c07fa2ac833bb6ab9334187d07d6d4507b38e151b953decf6eb555b4900fb57654259e735bc5a59d3e9"
+          "content": "78c1767f798485e2143283c00edf50bf3402d8bdd3fe085533d6beb004d870a226159bc6ba45e2adb18bde241d30d0ebc5bc87f1ba4820fe6dd05da567d6e265"
         }
       ]
     },
@@ -551,11 +551,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "042966f4865e4c661f2fb026500e2be880222e6af9183bac89d538e4b05161a0"
+          "content": "d89790d5c22f8c07fa5179431ff843ccffba1a4fc41a1b4f9d6e1b4beb9b3c0d"
         },
         {
           "alg": "SHA3-512",
-          "content": "15ec0e91efdb75874da1e10096c1cb6b0a975ad3a1c9f22dfc82168e9930d44bcca1aae944b3442bcbaf80130d8a8497c0fabf29b7be5e2e98fbb24490f9329e"
+          "content": "0ead245a65ac5305fd611a6d5aeee12a3e0435254c76d5bbe2a62db9128c44c76337774d41ceeaa5c3b619eadfc86dc645ee33a7255515e24feecbf349c48a59"
         }
       ]
     },
@@ -574,6 +574,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/decompression-dos.json",
+      "type": "file",
+      "name": "data/playbooks/decompression-dos.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "8ddb14a525bed58fcbacd10c0ccfab096fd11772d77078dadfd4e43f6055dda7"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "068092f64dcd34576b0fb7ec3ebc1cedae8f98c991bb1190fea5fc1fa34c1de3d7e230b016a509fce30c4e53dda34c798cfd2b4f511a1a6d484e1ab29f1e3ebf"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/framework.json",
       "type": "file",
@@ -581,11 +596,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "90d4c641a4d301402ba6cb9c28ba99083b3c89a5eb03ba3f78dc1a154e6e6824"
+          "content": "ffefadc9227587d5ac2ca864c75e817e0b701a631616a5173321cce3065b480a"
         },
         {
           "alg": "SHA3-512",
-          "content": "0c6e413a5a9184bc6579e85179d01c006b5f5adba28e471efb4d0c7976dccaba9a81ab942855db136820b55e9b33da38ae045db98c28bb1182feb691fb51626e"
+          "content": "824f9bfa20b9e70577f6755d56685803eebb40b9683b192d0a539198468f76b6847e8e47194452a64410e430b3e418e4fabf039f56a6213e2a8eebdef9bc1668"
         }
       ]
     },
@@ -709,6 +724,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/multitenancy-isolation.json",
+      "type": "file",
+      "name": "data/playbooks/multitenancy-isolation.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "3ca080c89326dc369736dadb12431379bd039cf3776ee9633992b0fef42130fc"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "9e085d55f4ae506cde7d06285a0efe9f13df12b9b0042a84b6d48bddc4e7dff628dc7e8a6ae92aa35a0047521428338c822b2252775da1d32817634d482d65fd"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/network-trust.json",
       "type": "file",
@@ -1796,11 +1826,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ec619d5899698562c284593dd8a13d9c5045f0700caa175a0278349a3c96a3da"
+          "content": "af6f9c0b8f1276ef1cd33ce3eebef3154e945505b287d896c703dfa2c1af6396"
         },
         {
           "alg": "SHA3-512",
-          "content": "efb7e3e045cd5c88a59164c8a7c8cdde01b375893d784ce09be7f3651af20417cb13473a7b5c5dea3a08ce8b64f099c221407a9d3e8c6326a0da2fc73f09ad87"
+          "content": "88d7e454148cbd61a9821d863f073a783978aec18fd93c49e3405802b9dcda30d877bc3cdc9e20f36866801b643cee58d97a209327176982b9e8434211b59c55"
         }
       ]
     },
@@ -1811,11 +1841,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "991feef6541fb4430b787a8426967e7df688a3941b57e2305de780d1d1c2807e"
+          "content": "4d7d636ad87d5da56f95f06c0925de1d8adc11ad1b9ccd6d5d7f81fc46a5ceb9"
         },
         {
           "alg": "SHA3-512",
-          "content": "d8258fd4821dcf21706cc2ace47597e5a3f52976fbbbebc6c20e5a00716a255ef2bcafc9ec7c68ae67cd61d935c51fcb5a320ca601c72229d62ae6623d99de79"
+          "content": "ba35418839bcd69af47c0956e8b053be2dbb2b70ec7b0897fbe8dc2062d9ce09f7ec876f8da1c53734a9d8e86a1e511a9146dbf4a8b0d93e5a8f880b0c988f9c"
         }
       ]
     },
@@ -1826,11 +1856,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "35fe3df80c4f8717e4eb397f4358a97522cd01bc375df3d1d31710ba43df603b"
+          "content": "1bf6dd331b3a42de063b0045ac65ca50ca34609a829050b6754a95490221f310"
         },
         {
           "alg": "SHA3-512",
-          "content": "b940529b951f34286b9256ee20d888cc79a026cf942f2cdd57443029c926037df48bd8e839ca04cddd6701b1106b32c75e7c2f8203e4e7a18bf30fbc75c3e5ab"
+          "content": "6cd43e1f08f91c8a58aaeac75622a084ebc3b0e371fc1f4e2b5e35cf109146984197704db0800405247bac5a4ce41c5f4dcd2f2e6fd4f842a610cf045e99d6cb"
         }
       ]
     },
@@ -2809,6 +2839,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/decompression-dos/skill.md",
+      "type": "file",
+      "name": "skills/decompression-dos/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "53fd0a90ccc0e7ac6056e9c9fd40f3ab3342d30739399079b5e644eef6405d88"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "f8f1a70fc4ee809300c1b5da98548463d732f7a27b0e49d0776f197f4aefaf7d6106da411259c5bdea6a17d76c6b52579b58677bad05b312c622e7e83cf7b6ab"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/defensive-countermeasure-mapping/skill.md",
       "type": "file",
@@ -3019,6 +3064,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/multitenancy-isolation/skill.md",
+      "type": "file",
+      "name": "skills/multitenancy-isolation/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "60d7db9cbac49b307c7062a3b27a3cef8aab8cc774176c428075981fbc18758f"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "702591a3b7a299e2d204dc48c24cc4123379de1aa9912597149b9c1be3f42cd490c0c4cb7afba9dba310283237a4d4f01a2f2842650daa6820f3af4e0eeaa0cf"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/network-trust/skill.md",
       "type": "file",

package/skills/decompression-dos/skill.md

@@ -0,0 +1,83 @@
+---
+name: decompression-dos
+version: "1.0.0"
+description: Decompression-bomb, parser-DoS, and ReDoS resistance for mid-2026 — decompression size/ratio caps, Zip Slip path confinement, XML entity-expansion disabling, linear-time regex on untrusted input, parse-depth limits, and length-field allocation bounds against single-input amplification denial of service
+triggers:
+  - decompression bomb
+  - zip bomb
+  - zip slip
+  - redos
+  - regular expression denial of service
+  - catastrophic backtracking
+  - billion laughs
+  - xml entity expansion
+  - xxe
+  - parser dos
+  - resource exhaustion
+  - amplification attack
+  - nested archive
+  - recursion depth
+  - length field allocation
+  - input amplification
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1499
+  - T1499.001
+  - T1059
+framework_gaps:
+  - NIST-800-53-SI-2
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-409
+  - CWE-1333
+  - CWE-400
+  - CWE-776
+  - CWE-22
+  - CWE-834
+  - CWE-770
+last_threat_review: "2026-06-02"
+---
+
+# Decompression-Bomb / Parser-DoS / ReDoS Resistance
+
+## Threat Context (mid-2026)
+
+Amplification denial of service turns a tiny, structurally-valid input into ruinous server work. A 42 KB zip bomb expands to petabytes; a few lines of nested XML entities expand to gigabytes (the billion-laughs attack); a crafted string pins a CPU core for seconds-to-minutes on a backtracking regular expression (ReDoS); a binary parser that reads a declared 2 GB length field allocates a 2 GB buffer from a 10-byte message. A Zip Slip archive entry named `../../x` escapes the extraction directory to overwrite a binary on the execution path. Input-format validation passes all of these because each input is valid — the amplification lives in how it is processed, not in its shape. The defence is a resource bound at the parser, not validation or autoscaling.
+
+## Framework Lag Declaration
+
+Organisational controls treat "we validate all input" and "the cloud autoscales" as denial-of-service protection. NIST 800-53 SI-10 (information input validation) is satisfied by validating format and does not require bounding decompression ratio, entity expansion, or regex complexity. SC-5 (denial-of-service protection) is framed at the network tier and is not operationalised for single-request, asymmetric application-layer DoS. A clean "we validate input / have a WAF / autoscale" audit is therefore NON-EVIDENCE for amplification-DoS resistance; it confirms format validation and elastic infra, not the decompression caps, entity disabling, regex-complexity bounds, parse-depth limits, and length-field allocation bounds that actually stop a single crafted input from exhausting the instance.
+
+## TTP Mapping
+
+The amplification-DoS failures map to MITRE ATT&CK: **T1499 (Endpoint Denial of Service)** for ReDoS and circuit-style resource exhaustion; **T1499.001 (OS Exhaustion Flood)** for decompression bombs, billion-laughs entity expansion, deep-recursion parsing, and length-field over-allocation that exhaust memory/CPU from a single input; and **T1059 (Command/Execution)** for Zip Slip path traversal that overwrites an executable or config to gain code execution. The weakness classes are CWE-409 (improper handling of highly compressed data), CWE-1333 (inefficient regular expression complexity / ReDoS), CWE-776 (XML entity expansion), CWE-834 (excessive iteration / unbounded recursion), CWE-22 (path traversal — Zip Slip), CWE-400 (uncontrolled resource consumption), and CWE-770 (allocation without limits).
+
+## Exploit Availability Matrix
+
+These are processing-bound gaps exploited by a single small input, so the exploit is the absent bound, not a published CVE. Zip bombs (42.zip), billion-laughs XML, and ReDoS strings are public, well-documented, and trivially reproduced; Zip Slip has public proof-of-concept archives. None require a network position beyond an endpoint that accepts an upload or a string. The real-world priority is set by whether the ingest is internet-facing and whether a single crafted input can exhaust the whole instance (one-shot DoS) or, for Zip Slip, write outside the extraction target — the latter escalating from DoS to arbitrary file write and code execution.
+
+## Analysis Procedure
+
+1. Enumerate every code path that decompresses an archive, parses XML/JSON/CBOR/protobuf/ASN.1/MIME, or applies a regex to attacker-suppliable input. 2. Confirm decompression caps total output size and per-entry ratio, and caps cumulative output + recursion depth for nested archives. 3. Confirm archive extraction normalises and confines each entry path within the target (Zip Slip). 4. Confirm the XML parser disables DTDs and external/general entities. 5. Confirm regexes on untrusted input are linear-time (RE2) or length-capped with no catastrophic-backtracking patterns. 6. Confirm structured parsers enforce a maximum nesting depth and validate declared length/count fields against remaining input before allocating. Run the `decompression-dos` playbook to execute these as detect indicators with false-positive checks, then score by internet-reachability and one-shot-exhaustion potential.
+
+## Output Format
+
+Report per parser/decompression path, marking each resource bound enforced / missing / inconclusive (visibility gap). For every missing bound, state whether the ingest is internet-facing and whether a single crafted input could exhaust the instance (or, for Zip Slip, write outside the target). Distinguish a bound enforced at a lower layer (streaming runtime, RE2 engine, size-limited proxy) from an absent one, and a path that ingests only trusted fixed-size input from one that ingests attacker input. Provide the prioritised remediation (cap decompression size/ratio/nesting, confine extraction paths, disable XML entities, bound regex complexity, limit parse depth + length-field allocation) and the negative validation tests (zip bomb rejected, Zip Slip rejected, billion-laughs rejected, ReDoS bounded) plus a functional test that legitimate inputs still parse.
+
+## Compliance Theater Check
+
+The recurring theater is "we validate all input, so malformed data is handled," "our WAF blocks malicious uploads," and "the service autoscales, so resource exhaustion is handled." Format validation does not bound amplification; a zip bomb and a ReDoS string are structurally valid and small, so a WAF rarely catches them; autoscaling pays for the amplification without stopping it. The distinguishing test: feed a zip bomb, a billion-laughs XML, and a ReDoS string. If any expands unbounded, pins a CPU, or allocates from a declared length, validation, the WAF, and autoscaling did not bound the amplification, and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: decompression size/ratio caps and length-field bounds realise Resource Consumption Limiting and Input-Size Restriction (countering T1499.001); XML entity disabling realises Document Parser Hardening (countering billion-laughs / XXE); linear-time regex realises Algorithmic-Complexity Limiting (countering ReDoS / T1499); extraction path confinement realises Path-Traversal Prevention (countering Zip Slip / T1059); parse-depth limits realise Recursion Bounding. Pair the static bounds with continuous coverage-guided fuzzing (the fuzz-testing-strategy skill) as the regression control for novel amplification inputs. The residual risk after bounding the known classes is an unforeseen pathological input, caught by the fuzzer rather than the caps, accepted at the CISO level.

package/skills/multitenancy-isolation/skill.md

@@ -0,0 +1,83 @@
+---
+name: multitenancy-isolation
+version: "1.0.0"
+description: Application multitenancy isolation and availability/DoS resilience for mid-2026 — principal-bound tenant identity, data-layer row-level-security under a non-bypass role, cross-tenant cache/queue namespacing, per-tenant rate/byte quotas, HTTP/2 Rapid Reset caps, bounded allocation, distributed-lock fencing, and circuit breakers
+triggers:
+  - multitenancy isolation
+  - multi tenant
+  - cross tenant
+  - tenant isolation
+  - row level security
+  - rls
+  - bola
+  - broken object level authorization
+  - idor
+  - noisy neighbour
+  - rapid reset
+  - rate limit
+  - per tenant quota
+  - circuit breaker
+  - distributed lock fencing
+  - resource exhaustion
+  - denial of service
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1078
+  - T1499
+  - T1499.001
+  - T1530
+framework_gaps:
+  - NIST-800-53-AC-3
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-639
+  - CWE-770
+  - CWE-863
+  - CWE-668
+  - CWE-400
+last_threat_review: "2026-06-02"
+---
+
+# Application Multitenancy Isolation + Availability/DoS Resilience
+
+## Threat Context (mid-2026)
+
+Shared multitenant infrastructure has two linked failure classes. Isolation: if the tenant identifier is trusted from a client-controlled header/parameter/claim, or the tenant filter lives in per-query application discipline rather than the data layer, a single authenticated user of one tenant reads or writes another tenant's data — broken object-level authorization (CWE-639), the most common and highest-impact SaaS vulnerability class. Cache, pub/sub, and queue keys leak the same way when not tenant-namespaced. Availability: asymmetric denial of service — HTTP/2 Rapid Reset (CVE-2023-44487), unbounded per-request allocation — and the noisy-neighbour pattern (no per-tenant quota) deny service to all tenants; autoscaling pays the attacker's bill without stopping the attack.
+
+## Framework Lag Declaration
+
+Organisational controls treat "we have an authorization layer" as tenant isolation and "the cloud autoscales" as DoS resilience. NIST 800-53 AC-3 (access enforcement) is satisfied by an authorization layer existing and does not require tenant scoping be structurally enforced at the data layer rather than per-query discipline. SC-6 (resource availability) is named but rarely operationalised as per-tenant quotas, Rapid Reset caps, or circuit breakers. SOC 2 CC6 logical access is met with an auth layer. A clean "we have authorization and the cloud autoscales" audit is therefore NON-EVIDENCE for multitenancy isolation or DoS resilience; it confirms an auth layer and elastic infra, not data-layer RLS under a non-bypass role, cross-tenant namespacing, per-tenant quotas, or breakers.
+
+## TTP Mapping
+
+The multitenancy failures map to MITRE ATT&CK: **T1078 (Valid Accounts)** for cross-tenant access from a legitimate account via a client-trusted tenant id, an unscoped query, or an RLS-bypassing request role; **T1530 (Data from Cloud Storage / shared store)** for cross-tenant leakage through un-namespaced cache/queue keys; **T1499 (Endpoint DoS)** for the noisy-neighbour, distributed-lock, and circuit-breaker gaps; and **T1499.001 (OS Exhaustion Flood)** for HTTP/2 Rapid Reset and unbounded per-request allocation. The weakness classes are CWE-639 (authorization bypass through user-controlled key), CWE-863 (incorrect authorization), CWE-668 (exposure to wrong control sphere — shared keys), CWE-770 (allocation without limits), and CWE-400 (uncontrolled resource consumption).
+
+## Exploit Availability Matrix
+
+These are application-posture gaps exploited from a single authenticated account or client, so the exploit is the absent control. Cross-tenant access via a client-trusted tenant id requires only changing a header — trivially scriptable and the staple of SaaS bug-bounty reports. HTTP/2 Rapid Reset has public tooling and the CVE-2023-44487 catalog entry; it produced record-breaking DDoS. Unbounded allocation and the noisy-neighbour DoS require only a crafted or high-volume request. The real-world priority is set by whether one authenticated user can reach all tenants' data, or one client can deny service to all tenants — both maximum-blast-radius outcomes on shared infrastructure.
+
+## Analysis Procedure
+
+1. Determine the effective tenant id derivation and confirm it binds to the authenticated principal, not a client-supplied field. 2. Confirm tenant scoping is enforced at the data layer (row-level security) and that the request connection runs under a role SUBJECT to RLS (not a BYPASSRLS/owner role). 3. Confirm cache/pub-sub/queue keys include the tenant id. 4. Confirm HTTP/2 client-initiated stream resets are capped per connection (Rapid Reset). 5. Confirm per-tenant/per-IP rate + byte quotas and bounded per-request allocation (result-set, body, connections, fan-out). 6. Confirm distributed locks carry a TTL + fencing token and critical dependencies have circuit breakers. Run the `multitenancy-isolation` playbook to execute these as detect indicators with false-positive checks, then score by whether one account reaches all data or one client denies all service.
+
+## Output Format
+
+Report per surface, marking each isolation and availability control enforced / missing / inconclusive (visibility gap). For every missing control, state whether a single authenticated user could read another tenant's data or a single client could deny service to all tenants. Distinguish a control enforced at a lower layer (data-layer RLS, CDN/WAF quotas) from an absent one, and a dedicated single-tenant deployment (cross-tenant indicators not applicable) from a shared one. Provide the prioritised remediation (bind tenant to principal + data-layer RLS under a non-bypass role, namespace shared keys, cap Rapid Reset + per-tenant quotas, bound allocation, fence locks + circuit-break) and the negative validation tests (cross-tenant read blocked, unscoped query blocked, Rapid Reset capped) plus a functional test that two tenants get fair, isolated service.
+
+## Compliance Theater Check
+
+The recurring theater is "we have an authorization layer, so tenants are isolated," "row-level security is enabled," and "the cloud autoscales, so we are DoS-resilient." An auth layer is not data-layer isolation; RLS is bypassed by a superuser/owner/BYPASSRLS request connection; autoscaling pays the attacker's bill without stopping an asymmetric DoS. The distinguishing test: probe whether a query can run without a tenant predicate, whether the request connection bypasses RLS, whether the tenant id is client-trusted, and whether Rapid Reset / unbounded allocation is capped. If a cross-tenant read or an asymmetric DoS succeeds, the auth layer and autoscaling did not isolate or protect, and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: principal-bound tenant id + data-layer RLS under a non-bypass role realise Authorization Event Thresholding and Mandatory Access Control (countering T1078 cross-tenant access); tenant-namespaced shared keys realise Resource Access Pattern isolation (countering T1530 leakage); per-tenant quotas + HTTP/2 Rapid Reset caps + bounded allocation realise Resource Consumption Limiting (countering T1499/T1499.001); distributed-lock fencing and circuit breakers realise System Availability and Failure-Domain isolation. Pair data-layer RLS with an automated test asserting no query runs without a tenant filter. The residual risk after these controls is compromise of a legitimately-scoped tenant account, an identity-control concern, accepted at the CISO level.