@blamejs/exceptd-skills 0.16.21 → 0.16.23

package/ARCHITECTURE.md

@@ -176,7 +176,7 @@ Tracks PoC status, weaponization stage, and AI-assist factor per CVE. Updated wh
 
 ### `data/cwe-catalog.json`
 
-173 CWE entries pinned to **CWE v4.20**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
+177 CWE entries pinned to **CWE v4.20**. Covers the Top 25 Most Dangerous Software Weaknesses (2024 release) plus AI- and supply-chain-relevant weakness classes (prompt-injection-as-trust-boundary failure, training data integrity, dependency confusion, untrusted artifact ingestion). Each entry records root-cause description, common consequences, mitigation patterns, and the CVEs in `cve-catalog.json` that instantiate the weakness. Skills cite CWE IDs in `cwe_refs` to anchor a finding to a stable weakness taxonomy rather than to a single CVE; the CWE provides the durable root-cause lens that survives across exploit generations.
 
 `_meta.cwe_version` pins the version; on a CWE release, audit IDs for renames or deprecations, bump `last_threat_review` on affected skills, and update `_meta`.
 
@@ -213,7 +213,7 @@ cisa_kev              +25  (binary)
 poc_available         +20  (binary)
 ai_assisted_weapon    +15  (binary)
 active_exploitation   +20  (binary)
-blast_radius          +15  (0–15 scaled)
+blast_radius          +30  (0–30 scaled)
 patch_available       -15  (binary)
 live_patch_available  -10  (binary: additional reduction if no reboot required)
 reboot_required       +5   (binary penalty: patch exists but requires reboot)

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## 0.16.23 — 2026-06-05
+
+A broad correctness and hardening pass across the runtime, the data-refresh pipeline, the catalogs, and the release tooling.
+
+### Bugs
+
+Escalation conditions written against the analyze result — `analyze.compliance_theater_check.verdict == 'theater'` and `finding.*` paths — now actually fire: the escalation evaluator previously resolved only the flat context keys, so a playbook's theater-verdict or finding-keyed escalation (for example cloud-iam-incident's notify_legal) could never trigger. The evaluation context now exposes the assembled analyze result and the derived finding shape — the same roots feeds_into conditions already resolve — and the playbook validator rejects any condition rooted at a phase result that can never resolve in its context.
+
+A declared regulatory clock can no longer drop out of a run's close-phase output. A govern obligation with a notification duty but no matching close notification action — fourteen playbooks carried at least one, such as cloud-iam-incident's AU Privacy Act NDB 720-hour window — now yields a synthesized, fully enriched record in `jurisdiction_notifications`, marked `synthesized_from_obligation` and carrying the computed deadline and the obligation's evidence checklist.
+
+`refresh --from-cache` is now actually offline: the GHSA and OSV sources, which have no cache layer, fell through to live network fetches; they now return a structured skip instead. The cache-consume signature gate additionally pins the publisher key fingerprint like every other verification site, auto-discovery verifies each cached payload's sha256 against the signed cache index before deriving draft fields from it, and a KEV de-listing now clears the stale `cisa_kev_date` alongside zeroing the factor.
+
+CLI failure paths emit the documented structured envelope instead of raw stack traces: `exceptd cve` and `exceptd rfc` against a corrupt catalog, curation apply-path write failures (disk full, read-only filesystem), the orchestrator's fatal handler, and framework-gap catalog-read failures under `--json`. `ci --max-rwep` with a missing value now errors instead of silently setting the gate cap to 1. `collect` failure bodies no longer advertise an exit code different from the one the process exits with. The watch daemon's lock-contention exit (75) is documented in `doctor --exit-codes`. Collector artifact summaries emit forward-slash paths on Windows, matching their SARIF evidence locations. Attestation diff and reattest regain their signal-side comparison fallback — it read a playbook path that never exists, so the fallback was dead. The typo-suggester's flag inventory for `run` now includes `--directive`, `--explain`, and `--signal-list`.
+
+The MCP-config scanner now redacts secret-shaped values recursively before anything is emitted or persisted; previously only top-level fields were redacted, so an API key nested inside a server's config object leaked into scan output verbatim.
+
+Four catalog entries carried RWEP factor values contradicting their own flags (CVE-2026-46333, CVE-2009-3459, CVE-2023-43472, and CVE-2026-31635 — the last with two compensating errors that cancelled in the aggregate tolerance). Their factors and scores are corrected, and the validator now checks every stored factor against the weight its source field implies, so compensating per-factor drift can no longer ship. The factor-shape detector also recognizes the catalog's canonical `ai_factor` and `reboot_required` keys, closing a gap where a mixed-shape factor block on exactly those keys passed undetected, and the required-field list the scorer validates against is loaded from the catalog schema itself (it had drifted: five schema-required fields unchecked, one optional field over-required).
+
+The documented RWEP formula understated its heaviest factor: blast radius contributes up to 30 points, not the 15 stated in the README, the architecture notes, and the exploit-scoring skill's formula text. The docs now match the scorer, which was always correct — its worked examples already used 30. The derived skill indexes are rebuilt from skill frontmatter rather than a stale manifest cache, restoring dropped UK CAF and AU ISM control mappings and D3FEND references to the chain and cross-reference surfaces, and the ai-c2-detection skill's CWE-918 link is restored to the manifest and every index built from it. The pinned CWE catalog version in `sources/index.json` was three minor versions behind the shipped catalog and is corrected, with the source-currency guard extended to cover the CWE and D3FEND rows the way it already covered ATT&CK and ATLAS.
+
+The release orchestrator could report a release complete while the publish was unconfirmed — a failed registry query short-circuited the final verification, and a non-success publish workflow only warned. Both now fail the phase: success requires the registry to positively report the just-published version.
+
+### Features
+
+The secret-scanning configuration no longer allowlists the entire playbooks directory by path — targeted patterns cover the legitimate example values instead, so a real credential committed into a playbook file is detectable again. Workflow version comments now match their pinned action SHAs, the publish workflow pins the same exact Node version the gates run on (held in lockstep by a three-way test against CI and the Docker harness), the ATLAS-currency workflow detects stale skills structurally instead of grepping a prose string, and the automated data-refresh PR body describes the structural gate it actually runs. The packaging gate pins every module the CLI requires at launch, the SBOM gate verifies the entry counts embedded in the published description against the live catalogs, skill frontmatter is validated against the shipped schema (previously decorative), and a new guard asserts that every byte-hashed shipped file type carries an LF-forcing `.gitattributes` rule. The catalog inventory in CONTEXT.md and the counts in the package description are pinned by tests so they fail loudly instead of rotting silently.
+
+When the automated external-data refresh applies a CISA KEV listing change to a catalog entry, it now updates the entry's RWEP factor and score in the same write, honouring whichever factor shape the entry stores. Previously only the flag flipped, leaving the stored score failing the factor-sum invariant the catalog enforces — the first real KEV listing the refresh applied surfaced this as a 25-point mismatch. A first listing also now carries its KEV date: the drift check emitted a date change only when the local entry already had one, so a newly listed CVE arrived dated null. The refresh workflow's post-apply gate now runs structural validation (catalog schema and RWEP coherence, cross-references, index freshness, skill lint) instead of the full test suite: the suite's curation-completeness checks assert guarantees that human curation supplies after import, so they gate the automated data PR's merge rather than its creation. The workflow also regenerates the SBOM over freshly applied data and consumes its own just-built prefetch cache on runners that have no signing key.
+
 ## 0.16.21 — 2026-06-04
 
 The deprecation pointer for `prefetch` — on the help screen and in the README alias table — named `refresh --no-network`, which is a report-only dry run: an operator following it got a list of what would be fetched instead of a populated cache. Both now point at `refresh --prefetch`, which runs the same cache population as `prefetch` itself. The two scheduled repository workflows (external-data refresh, ATLAS currency) are also repaired: an upstream action tag had been re-pointed so its pinned commit no longer existed, and the Node setup step requested npm caching in a repo that intentionally ships no lock file — both workflows now run again, and the refresh job installs with `--no-package-lock` so a generated lock file can never ride along in its automated data PRs.

package/CONTEXT.md

@@ -113,18 +113,18 @@ Skills and playbooks read from `data/`. Authoritative catalog inventory:
 
 | File | Entries | Purpose |
 |------|---------|---------|
-| `cve-catalog.json` | 10 | CVEs with CVSS, RWEP score, EPSS estimates, CISA KEV flags, PoC and live-patch availability |
-| `atlas-ttps.json` | 15 | MITRE ATLAS v5.6.0 (May 2026) techniques with framework gap flags |
-| `attack-techniques.json` | 79 | MITRE ATT&CK techniques with framework coverage mappings |
-| `framework-control-gaps.json` | 62 | Framework control gap entries: designed-for vs. what each control misses |
-| `exploit-availability.json` | 10 | Per-CVE PoC locations, weaponization stage, AI-acceleration factor, live-patch status |
+| `cve-catalog.json` | 439 | CVEs with CVSS, RWEP score, EPSS estimates, CISA KEV flags, PoC and live-patch availability |
+| `atlas-ttps.json` | 170 | MITRE ATLAS v5.6.0 (May 2026) techniques with framework gap flags |
+| `attack-techniques.json` | 805 | MITRE ATT&CK techniques with framework coverage mappings |
+| `framework-control-gaps.json` | 194 | Framework control gap entries: designed-for vs. what each control misses |
+| `exploit-availability.json` | 28 | Per-CVE PoC locations, weaponization stage, AI-acceleration factor, live-patch status |
 | `global-frameworks.json` | 35 jurisdictions | Patch SLAs and notification windows across global regulatory regimes |
-| `zeroday-lessons.json` | 10 | Learning-loop entries: zero-day → attack vector → control gap → framework gap → new control |
-| `cwe-catalog.json` | 171 | CWE v4.20 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
+| `zeroday-lessons.json` | 439 | Learning-loop entries: zero-day → attack vector → control gap → framework gap → new control |
+| `cwe-catalog.json` | 177 | CWE v4.20 entries (Top 25 2024 plus AI- and supply-chain-relevant weaknesses) |
 | `d3fend-catalog.json` | 468 | MITRE D3FEND v1.3.0 defensive techniques for offensive → defensive mapping |
-| `rfc-references.json` | 31 | IETF RFC / Internet-Draft references with status, errata count, replaces / replaced-by, `last_verified` dates |
+| `rfc-references.json` | 8888 | IETF RFC / Internet-Draft references with status, errata count, replaces / replaced-by, `last_verified` dates |
 | `dlp-controls.json` | 22 | DLP control entries indexed by channel, classifier, surface, enforcement mode, evidence type |
-| `playbooks/` | 13 | Playbook specifications (see above) |
+| `playbooks/` | 33 | Playbook specifications (see above) |
 | `_indexes/` | 17 derived files | Pre-computed indexes built by `npm run build-indexes` |
 
 ---

package/README.md

@@ -1,8 +1,8 @@
 <div align="center">
 
 <picture>
-  <source media="(prefers-color-scheme: dark)" srcset="public/img/logo/exceptd-logo-dark.svg">
-  <img src="public/img/logo/exceptd-logo-primary.svg" alt="exceptd" width="220" />
+  <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/blamejs/exceptd-skills/main/public/img/logo/exceptd-logo-dark.svg">
+  <img src="https://raw.githubusercontent.com/blamejs/exceptd-skills/main/public/img/logo/exceptd-logo-primary.svg" alt="exceptd" width="220" />
 </picture>
 
 # exceptd Security
@@ -77,7 +77,7 @@ Generate defensible policy exceptions for architectural realities frameworks don
 ### Risk Intelligence
 
 **[exploit-scoring](skills/exploit-scoring/skill.md)**
-Real-World Exploit Priority (RWEP) scoring beyond CVSS. Factors: CISA KEV status (0.25), public PoC (0.20), AI-assisted weaponization (0.15), active exploitation (0.20), patch availability (-0.15), live-patch availability (-0.10), blast radius (0.15). Pre-calculated RWEP scores for all CVEs in `data/cve-catalog.json`. Outputs RWEP alongside CVSS with plain-language priority guidance.
+Real-World Exploit Priority (RWEP) scoring beyond CVSS. Factors: CISA KEV status (0.25), public PoC (0.20), AI-assisted weaponization (0.15), active exploitation (0.20), patch availability (-0.15), live-patch availability (-0.10), blast radius (0.30). Pre-calculated RWEP scores for all CVEs in `data/cve-catalog.json`. Outputs RWEP alongside CVSS with plain-language priority guidance.
 
 **[threat-model-currency](skills/threat-model-currency/skill.md)**
 Score how current an organization's threat model is against 2026 threat reality. Checklist of 14 current threat classes against documented model coverage. Outputs: currency percentage, specific missing threat classes, recommended additions with ATLAS/ATT&CK references, prioritized update roadmap.

package/agents/skill-updater.md

@@ -96,7 +96,7 @@ For each affected skill:
 ## Quality Rules
 
 - Never write to data files without a source-validator approval
-- Never modify the interpretation of a framework control without a framework-analyst package
+- Never modify the interpretation of a framework control without a threat-researcher handoff package containing the framework gap update, verified by source-validator
 - Never delete entries from zeroday-lessons.json or framework-control-gaps.json — mark as superseded, not deleted
 - Always update `last_threat_review` in skill frontmatter after changes
 - If a RWEP score changes by more than 15 points: flag for review rather than auto-applying

package/agents/source-validator.md

@@ -2,14 +2,13 @@
 
 ## Role
 
-Cross-check all claims in a threat-researcher or framework-analyst handoff package against primary sources. Flag unverifiable claims. Produce a verification report that the skill-updater uses to decide what to accept.
+Cross-check all claims in a threat-researcher handoff package against primary sources. Flag unverifiable claims. Produce a verification report that the skill-updater uses to decide what to accept.
 
 This agent is the quality gate. It prevents bad data from entering the skill catalog.
 
 ## When to spawn
 
-- After threat-researcher produces an intelligence package
-- After framework-analyst produces a gap update
+- After threat-researcher produces an intelligence package (including a framework gap update)
 - On-demand audit of existing data/cve-catalog.json entries
 - Before any new skill that contains specific CVE or TTP claims is merged
 
@@ -53,7 +52,7 @@ This agent is the quality gate. It prevents bad data from entering the skill cat
   "agent": "source-validator",
   "run_id": "[matches threat-researcher run_id]",
   "timestamp": "[ISO 8601]",
-  "input_from": "threat-researcher | framework-analyst",
+  "input_from": "threat-researcher",
   "verification_results": {
     "passed": [
       {

package/agents/threat-researcher.md

@@ -145,5 +145,5 @@ Research and validate new threat intelligence — CVEs, attack campaigns, new AT
 
 - Does not write directly to data files — that is the skill-updater's job after source-validator approval
 - Does not include direct exploit links in output
-- Does not make compliance recommendations — that is the framework-analyst's job
+- Does not apply framework gap updates itself — gap findings ship as part of the handoff package; the skill-updater applies them after source-validator approval
 - Does not score risk — RWEP calculation is in lib/scoring.js

package/bin/exceptd.js

@@ -1776,8 +1776,9 @@ function dispatchPlaybook(cmd, argv) {
   } catch (e) {
     // v0.11.14 (#131): when the operator typed a skill name (kernel-lpe-triage)
     // and got "Playbook not found," surface the playbooks that load that skill.
-    // 13 playbooks vs 38 skills with many-to-many: operators routinely confuse
-    // the two because the website (and AGENTS.md) describe both as runnable.
+    // Playbooks and skills are a many-to-many mapping: operators routinely
+    // confuse the two because the website (and AGENTS.md) describe both as
+    // runnable.
     const m = e && e.message && e.message.match(/^Playbook not found: ([^\s(]+)/);
     if (m) {
       const wanted = m[1];
@@ -2448,10 +2449,10 @@ async function cmdCollect(runner, args, runOpts, pretty) {
   let mod;
   try { mod = require(collectorPath); }
   catch (e) {
-    return emitError(`collect: failed to load collector ${path.relative(PKG_ROOT, collectorPath)}: ${e.message}`, { verb: "collect", playbook_id: playbookId, exit_code: 2 }, pretty);
+    return emitError(`collect: failed to load collector ${path.relative(PKG_ROOT, collectorPath)}: ${e.message}`, { verb: "collect", playbook_id: playbookId }, pretty);
   }
   if (typeof mod.collect !== "function") {
-    return emitError(`collect: collector at ${path.relative(PKG_ROOT, collectorPath)} does not export a collect() function`, { verb: "collect", playbook_id: playbookId, exit_code: 2 }, pretty);
+    return emitError(`collect: collector at ${path.relative(PKG_ROOT, collectorPath)} does not export a collect() function`, { verb: "collect", playbook_id: playbookId }, pretty);
   }
 
   // --cwd <path> overrides process.cwd(). Validated as an existing
@@ -2476,7 +2477,7 @@ async function cmdCollect(runner, args, runOpts, pretty) {
   } catch (e) {
     return emitError(
       `collect: collector for "${playbookId}" threw an unhandled exception: ${e.message}. File a bug — collectors must catch their own errors and surface them via collector_errors[].`,
-      { verb: "collect", playbook_id: playbookId, stack: e.stack || null, exit_code: 2 },
+      { verb: "collect", playbook_id: playbookId, stack: e.stack || null },
       pretty,
     );
   }
@@ -2538,7 +2539,7 @@ async function cmdCollect(runner, args, runOpts, pretty) {
     } catch (e) {
       return emitError(
         `collect: --resolve failed for "${playbookId}": ${e.message}`,
-        { verb: "collect", playbook_id: playbookId, exit_code: 2 },
+        { verb: "collect", playbook_id: playbookId },
         pretty,
       );
     }
@@ -6045,7 +6046,7 @@ function _playbookSignalCatalog(runner, playbookId) {
   try {
     const pb = runner.loadPlaybook ? runner.loadPlaybook(playbookId) : null;
     if (!pb) return null;
-    const inds = (pb.phases?.look?.indicators || []).filter(i => i && i.id);
+    const inds = (pb.phases?.detect?.indicators || []).filter(i => i && i.id);
     if (inds.length === 0) return null;
     return Object.fromEntries(inds.map(i => [i.id, 'inconclusive']));
   } catch { return null; }
@@ -8369,6 +8370,17 @@ function cmdAsk(runner, args, runOpts, pretty) {
  */
 function cmdCi(runner, args, runOpts, pretty) {
   const scope = args.scope;
+  // A value-less `--max-rwep` parses as boolean true and would coerce to
+  // Number(true) === 1 — a finite, non-negative cap that slips past the
+  // numeric guard below and silently sets an extraordinarily strict gate.
+  // Treat the forgotten value as a usage error, same as a non-numeric one.
+  if (args["max-rwep"] === true) {
+    return emitError(
+      "ci: --max-rwep requires a non-negative number.",
+      { verb: "ci", flag: "max-rwep" },
+      pretty,
+    );
+  }
   const maxRwep = args["max-rwep"] !== undefined ? Number(args["max-rwep"]) : null;
   // Reject a non-numeric / negative cap rather than silently coercing it.
   // `--max-rwep abc` previously became Number→NaN→0, degenerating the gate to

package/data/_indexes/_meta.json

@@ -1,14 +1,14 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-06-05T03:32:01.591Z",
+  "generated_at": "2026-06-05T18:16:18.337Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 63,
   "source_hashes": {
-    "manifest.json": "3ecf9941848a70bd19fb32d06bc6a41233afede9501324c19358ac18cf5a80de",
+    "manifest.json": "21596a8c5ccaf4893d6762e847de34652724f8a34503722e44642c3a613eb9e7",
     "data/atlas-ttps.json": "f66b456cf82a3c20575d8479de41f7b11b7ee5693eb1fcf64a67e162ae1b88a2",
     "data/attack-techniques.json": "c39f28e3402ef13ad9b7076819f63fda67a22f97e3e375cfe01c4a4e0beff7c9",
-    "data/cve-catalog.json": "8264da4534d39c9493cfcd18acf7e38ed47ce2a81be15afd5a3f4baf1d504929",
-    "data/cwe-catalog.json": "feadd8497221c097d8237fb93d9557c4dbdd70434097da8debd6f5e50ede1b24",
+    "data/cve-catalog.json": "51d8425a49e5cc0375d0a154a83a16816e99c3141a5bbafe6383607ca11be240",
+    "data/cwe-catalog.json": "b398003b68b0d9539d13a5536e933005149fd05f3d33978297c870987542cd86",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
@@ -21,7 +21,7 @@
     "skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
     "skills/framework-gap-analysis/skill.md": "c2da8cc184ac4277309896bf4fe6afe23c419575b297734a8fc168f42d1805e9",
     "skills/compliance-theater/skill.md": "02b51b932ded4b9b74844ecf842ee3f4d6b09699ebe9cdba457e2c9b7da10ebd",
-    "skills/exploit-scoring/skill.md": "2bb77e1f667bc47c6ab1c7715071d9fe8da2697f9bbbf7914c7e9fd231ad67f1",
+    "skills/exploit-scoring/skill.md": "628f4853e8d6b6ac2ad8ad159f1c9d74c392727f4ebf9bc1d7d8e43074b08a3a",
     "skills/rag-pipeline-security/skill.md": "49b1910e996f01df1382714f9307ead98028fb5b6911bb9022cb8e5c0edf0723",
     "skills/ai-c2-detection/skill.md": "08fee5607e4972a3c0e1e31d58d4ddfeffeae1302df22416f3e24c20229fb782",
     "skills/policy-exception-gen/skill.md": "c549f48c2e44759a74c2c6306f0eb34ea26152fb2a3b0e7e96505d5b174f1bd4",
@@ -73,21 +73,21 @@
   "index_stats": {
     "xref_entries": {
       "cwe_refs": 53,
-      "d3fend_refs": 21,
-      "framework_gaps": 87,
+      "d3fend_refs": 22,
+      "framework_gaps": 96,
       "atlas_refs": 10,
       "attack_refs": 51,
-      "rfc_refs": 23,
+      "rfc_refs": 35,
       "dlp_refs": 0
     },
-    "trigger_table_entries": 685,
+    "trigger_table_entries": 688,
     "chains_cve_entries": 426,
     "chains_cwe_entries": 177,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 51,
     "summary_cards": 51,
     "section_offsets_skills": 51,
-    "token_budget_total_approx": 435954,
+    "token_budget_total_approx": 435955,
     "recipes": 8,
     "jurisdiction_clocks": 29,
     "did_ladders": 8,

package/data/_indexes/activity-feed.json

@@ -112,35 +112,35 @@
       "type": "skill_review",
       "artifact": "compliance-theater",
       "path": "skills/compliance-theater/skill.md",
-      "note": "Detect where an organization passes an audit but remains exposed — seven documented compliance theater patterns"
+      "note": "Detect where an organization passes an audit but remains exposed — seven documented compliance theater patterns with specific detection tests"
     },
     {
       "date": "2026-05-22",
       "type": "skill_review",
       "artifact": "rag-pipeline-security",
       "path": "skills/rag-pipeline-security/skill.md",
-      "note": "RAG-specific threat model — embedding manipulation, vector store poisoning, retrieval filter bypass, indirect prompt injection"
+      "note": "RAG-specific threat model — embedding manipulation, vector store poisoning, retrieval filter bypass, indirect prompt injection — no current framework coverage"
     },
     {
       "date": "2026-05-22",
       "type": "skill_review",
       "artifact": "policy-exception-gen",
       "path": "skills/policy-exception-gen/skill.md",
-      "note": "Generate defensible policy exceptions for architectural realities — ephemeral infra, AI pipelines, ZTA, no-reboot patching"
+      "note": "Generate defensible policy exceptions for architectural realities — ephemeral infra, AI pipelines, ZTA, no-reboot patching, with compensating controls and auditor-ready justification"
     },
     {
       "date": "2026-05-22",
       "type": "skill_review",
       "artifact": "pqc-first",
       "path": "skills/pqc-first/skill.md",
-      "note": "Post-quantum cryptography first mentality — hard version gates (OpenSSL 3.5+), algorithm sunset tracking, HNDL assessment, loopback learning for NIST/IETF evolution"
+      "note": "Post-quantum cryptography first mentality — hard version gates, algorithm sunset tracking, loopback learning for NIST/IETF standards evolution"
     },
     {
       "date": "2026-05-22",
       "type": "skill_review",
       "artifact": "skill-update-loop",
       "path": "skills/skill-update-loop/skill.md",
-      "note": "Meta-skill for keeping all exceptd skills current — CISA KEV triggers, ATLAS version updates, framework amendments, forward_watch resolution, currency scoring"
+      "note": "Meta-skill for keeping all exceptd skills current — fires on new CVEs, ATLAS updates, framework changes, and forward_watch triggers"
     },
     {
       "date": "2026-05-22",
@@ -161,7 +161,7 @@
       "type": "skill_review",
       "artifact": "ransomware-response",
       "path": "skills/ransomware-response/skill.md",
-      "note": "Ransomware-specific incident response — OFAC SDN sanctions screening as payment-posture blocker, EU Reg 2014/833 + UK OFSI + AU DFAT + JP MOF cross-jurisdiction sanctions lookups, decryptor availability via No More Ransom + vendor-specific catalogs, cyber-insurance carrier 24h notification, negotiator-engagement legal posture, immutable-backup viability test, PHI exfil-before-encrypt as distinct breach class, parallel jurisdiction clocks"
+      "note": "Ransomware-specific incident response — OFAC sanctions screening as payment-posture blocker, EU Reg 2014/833 + UK OFSI + AU DFAT + JP MOF cross-jurisdiction sanctions lookups, decryptor availability via No More Ransom + vendor-specific catalogs, cyber-insurance carrier 24h notification, negotiator-engagement legal posture, immutable-backup viability test, PHI exfil-before-encrypt as distinct breach class, parallel jurisdiction clocks (NIS2 24h / DORA 4h / GDPR 72h / SEC 8-K 96h / HIPAA 60d / CIRCIA 72h / NYDFS 500.17 24h ransom-payment)"
     },
     {
       "date": "2026-05-19",
@@ -235,7 +235,7 @@
       "type": "skill_review",
       "artifact": "ai-attack-surface",
       "path": "skills/ai-attack-surface/skill.md",
-      "note": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.6.0 with gap flags"
+      "note": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.6.0 with explicit framework gap flags"
     },
     {
       "date": "2026-05-17",
@@ -249,14 +249,14 @@
       "type": "skill_review",
       "artifact": "ai-c2-detection",
       "path": "skills/ai-c2-detection/skill.md",
-      "note": "Detect adversary use of AI APIs as covert C2 — SesameOp pattern, PROMPTFLUX/PROMPTSTEAL behavioral signatures"
+      "note": "Detect adversary use of AI APIs as covert C2 — SesameOp pattern, PROMPTFLUX/PROMPTSTEAL behavioral signatures, response playbook"
     },
     {
       "date": "2026-05-15",
       "type": "skill_review",
       "artifact": "kernel-lpe-triage",
       "path": "skills/kernel-lpe-triage/skill.md",
-      "note": "Assess Linux kernel LPE exposure — Copy Fail, Dirty Frag, live-patch vs. reboot remediation"
+      "note": "Assess Linux kernel LPE exposure — Copy Fail, Dirty Frag, Fragnesia, live-patch vs. reboot remediation paths, framework gap declarations"
     },
     {
       "date": "2026-05-15",
@@ -291,7 +291,7 @@
       "type": "skill_review",
       "artifact": "sector-telecom",
       "path": "skills/sector-telecom/skill.md",
-      "note": "Telecom and 5G security for mid-2026 — Salt Typhoon, Volt Typhoon, CALEA / IPA-LI gateway compromise, signaling-protocol abuse (SS7 / Diameter / GTP), 5G N6 / N9 isolation, gNB / DU / CU integrity, OEM-equipment supply-chain compromise, AI-RAN / O-RAN security"
+      "note": "Telecom and 5G security for mid-2026 — Salt Typhoon, Volt Typhoon, CALEA / IPA-LI gateway compromise, signaling-protocol abuse (SS7 / Diameter / GTP), 5G N6 / N9 isolation, gNB / DU / CU integrity, OEM-equipment supply-chain compromise, AI-RAN / O-RAN security; FCC CPNI + 4-business-day notification, NIS2 Annex I telecom essential entities, UK TSA 2021 + Ofcom, AU SOCI / TSSR, GSMA NESAS, 3GPP TR 33.926 + TS 33.501, ITU-T X.805."
     },
     {
       "date": "2026-05-15",
@@ -305,7 +305,7 @@
       "type": "skill_review",
       "artifact": "cloud-iam-incident",
       "path": "skills/cloud-iam-incident/skill.md",
-      "note": "Cloud-IAM incident response for AWS / GCP / Azure — account takeover, IAM role assumption abuse, access-key compromise, cross-account assume-role chains, federated-trust attacks, IMDS metadata exfiltration, and Snowflake-AA24-class IdP-to-cloud credential reuse"
+      "note": "Cloud-IAM incident response for AWS / GCP / Azure — account takeover, IAM role assumption abuse, access-key compromise, cross-account assume-role chains, federated-trust attacks (IAM Identity Center / Workload Identity Federation / Azure managed identity), IMDS metadata exfiltration, and Snowflake-AA24-class IdP-to-cloud credential reuse"
     },
     {
       "date": "2026-05-15",
@@ -455,7 +455,7 @@
       "type": "skill_review",
       "artifact": "security-maturity-tiers",
       "path": "skills/security-maturity-tiers/skill.md",
-      "note": "Three-tier implementation roadmap — MVP (ship this week), Practical (scalable today), Overkill (defense-in-depth)"
+      "note": "Three-tier implementation roadmap — MVP you can ship today, practical best practices useable now, overkill gold standard for defense-in-depth"
     }
   ]
 }