npm - @blamejs/exceptd-skills - Versions diffs - 0.16.21 → 0.16.23 - Mend

@blamejs/exceptd-skills 0.16.21 → 0.16.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/ARCHITECTURE.md +2 -2
package/CHANGELOG.md +28 -0
package/CONTEXT.md +9 -9
package/README.md +3 -3
package/agents/skill-updater.md +1 -1
package/agents/source-validator.md +3 -4
package/agents/threat-researcher.md +1 -1
package/bin/exceptd.js +19 -7
package/data/_indexes/_meta.json +10 -10
package/data/_indexes/activity-feed.json +12 -12
package/data/_indexes/chains.json +70084 -3852
package/data/_indexes/frequency.json +492 -163
package/data/_indexes/section-offsets.json +16 -16
package/data/_indexes/summary-cards.json +272 -106
package/data/_indexes/token-budget.json +10 -10
package/data/_indexes/trigger-table.json +15 -6
package/data/_indexes/xref.json +218 -26
package/data/cve-catalog.json +10 -10
package/data/cwe-catalog.json +1 -0
package/lib/auto-discovery.js +39 -1
package/lib/collectors/scan-excludes.js +4 -1
package/lib/cve-cli.js +9 -1
package/lib/cve-curation.js +8 -1
package/lib/exit-codes.js +2 -0
package/lib/flag-suggest.js +1 -1
package/lib/lint-skills.js +70 -0
package/lib/playbook-runner.js +59 -11
package/lib/prefetch.js +24 -1
package/lib/refresh-external.js +56 -5
package/lib/rfc-cli.js +8 -1
package/lib/scoring.js +36 -8
package/lib/validate-cve-catalog.js +36 -14
package/lib/validate-package.js +8 -0
package/lib/validate-playbooks.js +42 -0
package/lib/verify.js +4 -3
package/manifest-snapshot.json +4 -2
package/manifest-snapshot.sha256 +1 -1
package/manifest.json +57 -54
package/orchestrator/index.js +48 -4
package/orchestrator/scanner.js +53 -5
package/package.json +1 -1
package/sbom.cdx.json +80 -80
package/scripts/build-indexes.js +42 -8
package/scripts/check-sbom-currency.js +72 -0
package/scripts/release.js +22 -15
package/skills/exploit-scoring/skill.md +8 -8
package/sources/validators/cve-validator.js +6 -1

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:6c747218-6d92-4605-8694-da1a4ee376d3",
+  "serialNumber": "urn:uuid:14e75496-5212-46a1-a643-4fe20a9cc336",
   "version": 1,
   "metadata": {
-    "timestamp": "2083-08-29T20:18:32.000Z",
+    "timestamp": "2037-02-11T01:59:50.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.21"
+        "version": "0.16.23"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.21",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.23",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.21",
+      "version": "0.16.23",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.21",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.23",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "56230aecf93d9d0318eee1950b8be7996871f600fe060ccbff88e5fd7e9bcde2"
+          "content": "48dc8fd171d88671dc7a8341de642d552731acc908f911f0f79ae011d0260549"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.21"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.23"
         },
         {
           "type": "vcs",
@@ -101,11 +101,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0ec6914dd27c3c015bbd1a6c6e534853f5aaef25ac7299b6e40f309553e7546c"
+          "content": "674279dd37162e6d10ef2be6022ecd86cde248b954def993be8b993ec29660b8"
         },
         {
           "alg": "SHA3-512",
-          "content": "2b00b049ab8261131963e476fcc40486d684b4e95a0dcbdc20affd978dc073e8b151af6b75c9cfe2d292b9b8cda65aed1b27b36588ca40f7299538f09b093a40"
+          "content": "c4ebbfc044463be4c843c6bc01e0533d16fa52a540478b0acc344afc63606a4f23f934a3e9a97ea8673550e48e0d5b70346458b68c3d48c63dd7b893e9c34718"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "855308169d1ed6d55420965265796651afa71448a3461522701ff6c8fe685fdd"
+          "content": "64d379ea8b621732ebdc9322ec31c739495d837b100d0ff81e9566c0d9e1b3b4"
         },
         {
           "alg": "SHA3-512",
-          "content": "975d25f43b145be354e52310902281da8d2bb6964513b48f72f8d745defd1669a1755a4458076b1ffcc6f5a61e9e807d5eb2a889675e2978276148aa04fc5af3"
+          "content": "1fbe1b7ce74d758248c760775643c41787945ecc439a81be99aeeb24ea7cd312f3b06bbf3f1aea6ba81cc570c3804f78675b89c196d866fd268d3b872ef52faa"
         }
       ]
     },
@@ -131,11 +131,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2ac160a3a720881eb86cc3e26f2caa76ee96058ccc7a046c263c2efa8156c117"
+          "content": "c65fbe5e378e3c00aa4204bc91ba1f9b55f6fdd3ed9dceff8fd1976f18bbf214"
         },
         {
           "alg": "SHA3-512",
-          "content": "c86fa7ad3f8b5166374ed37b4c4ee97a842fa137d0cba9b21e064380a8dc33480e6384737f8e3b530aa5a85ccd4dbbb40f07924743e43bc520037a46694eb3d3"
+          "content": "06ab6d47d304f62db2a8ea33e4e09cc1758f1ca2d3312a197d93d6af87fddcc42d850084d4749fd766eb88c7f78307e911acd5781f4a000ba0c2476da6bba36c"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "6e6a604ad389643aa456c1fc4ef799ec68ecd4a565918630b194d7873182d128"
+          "content": "9eddfe30961abf6262a026c2d447561e6b51b57a81785a6bf045d035672dd544"
         },
         {
           "alg": "SHA3-512",
-          "content": "e46a828d192fa0aba4ec6f8589d8d6aa4dc03f7d238bb1ac418d3f9076350a164e81bbe8de0d01e21a28f231954d65a57770715c6f64ae001466cdea315b9e81"
+          "content": "52d4d172392febeed44bcdb639d7fe47c59c9d6fa7427154d14eb5d33201e8e9825f3ad87469961fe2fca999a81632950768733741e2108c0b0bd5235d039b74"
         }
       ]
     },
@@ -236,11 +236,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f7c2a09130db6d60904d3a730389a64acab59c46ce5720906831931a5a3be4ed"
+          "content": "5abe59107bb7ec2d3cd7ca39a71190ed95c5045609dfa755caac3305f087d6e1"
         },
         {
           "alg": "SHA3-512",
-          "content": "bcee623be835c3329993b9eea10949184c05e718fadf5ccac1467a171adb8adf8d822e6a782809cf584ebc6354ad9f2946cd5da091905f69a937c49df7f06fda"
+          "content": "10ed25dfc75cabebf34c9e0f661389ed47fc32270c4333415cd3ecb14126857180be12b23142fc23baf398d142585a60555ca9a2fb17616e5c98788da3b1c186"
         }
       ]
     },
@@ -251,11 +251,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "e311ded9db93a7ced1dd1e01b2917fca6553af5cf0948d368c1aa2629e768089"
+          "content": "69bb42525e8f5bb8b913b9406d3d263277663a1e5f59f79b13dc603ddaf90652"
         },
         {
           "alg": "SHA3-512",
-          "content": "8a9034460134434a3d84afb611ee6c54aa0be45eab71ea1842694df595dcdd5e067a14b4b4ac4e72c9a71fb4d5ea26d79e89fcd3e9a7a146c1566b60466e5867"
+          "content": "232addf35c1df6f3c3bcd7574c764991f8f649ff860fe035b831972cc37f84426766bc828337bc12564f12f1b038cdc89b62744c5b3210f457006d0b7ab91617"
         }
       ]
     },
@@ -266,11 +266,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8b5b8b4afee1c3fa726922520265254707c6e935aead90977261aca7f746aee0"
+          "content": "d8cbcf17f175a6be248c57a02d3be3492c4aa348b88a6f3b4f8bec6e2dc751b7"
         },
         {
           "alg": "SHA3-512",
-          "content": "c5f4b58d40f513d8c7214994547bfeaa2f1ffd7e0d23fa63d649d98542225678ec5d17ba04b67df67e94864c9361029e82ad68866f26c3a54e7f9fb01aa3d79c"
+          "content": "60ade875c8e16503e4d28b302fde3019247290ddb01a79a876d111d80607d18f7de7b96963258df0f6baf45ceebab5dd3dc9897a396b2999ca42bedbd7a78621"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "76c366c043c6c66fa91601bfd2187163a92b1aef069d41fd7a86bb42f7391683"
+          "content": "c09d3eafa28abe02063d8281796edcc59cbc6f9e682b815d4a26dca09c5bdaa5"
         },
         {
           "alg": "SHA3-512",
-          "content": "a87357eaaea985def5ec8a41af76b9dc4a142a7042f382177e02f7158a63f4d9f2f745921c0c2c5e2ccb6b89b6f36258ccdd6d923183b51ee7d730c20e9ddadc"
+          "content": "92a91075eac9b73177ebb0a2ff7d314083a1728de17eab9de339970d274a012b7e8c7eed92842e983bd0563258881d8e805814903b751fb6a1a402f4acf1e854"
         }
       ]
     },
@@ -326,11 +326,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "8264da4534d39c9493cfcd18acf7e38ed47ce2a81be15afd5a3f4baf1d504929"
+          "content": "51d8425a49e5cc0375d0a154a83a16816e99c3141a5bbafe6383607ca11be240"
         },
         {
           "alg": "SHA3-512",
-          "content": "9cc4838794d659360d86b85f03ca8eebd7233c5a4f50ff83bccd6c962efedc3f9ca7c63cb7c35fef3e798cbca6d35d914da560bf02d63739c01007d0f56edb9a"
+          "content": "d72f81bda45d041179f54044811d65afaab3ac7050aa6b8625fc03a3f0d1666b7bb8a129dddfa9fef503701c0affc6228f23ea75ca8ab14c228bd349706a906f"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "feadd8497221c097d8237fb93d9557c4dbdd70434097da8debd6f5e50ede1b24"
+          "content": "b398003b68b0d9539d13a5536e933005149fd05f3d33978297c870987542cd86"
         },
         {
           "alg": "SHA3-512",
-          "content": "97119842846c95f910bb1b9ef9ba9b36ebe5d9abe4461c22f9d2ccfda676082d606e2348535416da6e14841ffe4173a0b7399f64adbae9829a2e00eed32ec3c2"
+          "content": "4aa248dade3ef67261aa1df9ad71ad526269693058c2adaa421e8e6d9a3356a5faa98e9f6975095633e2fe2f4993f5b49e9e649e67dffc73e69fd211ebddbe1c"
         }
       ]
     },
@@ -986,11 +986,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "99df5dda100a035e2cfd6e11f6c6e18c33d750fac2d14dcabbb46af8fba6b7f9"
+          "content": "d575b76128fa4a54802b3fa08145036d24dff1300812c054cf39957b3c597f48"
         },
         {
           "alg": "SHA3-512",
-          "content": "4dab4ca98bd6faca082d70b16a4c7e30339301bba54b86f07ee63c92a3b47fbf0284b6d65dcc053482c73149bbf80b64dc0d075341386933d95899019d3fd15f"
+          "content": "d2b274e3b7d0d055e20ab6d8af01499df0971ca4e895a6f397237d02e1c88c45de3ed386716b93d3f7c1a499df131ab6bda4d4e2f4e29f1611f512d27828080d"
         }
       ]
     },
@@ -1241,11 +1241,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "17c8544a8043fd8a24aa22c1b5c061806983bc896a51b120f1976dea1c770a3d"
+          "content": "f8eeaf27ccd0b96bbf47ed9777e8ae695a32f8e24ae84daee9f2e3006a620daf"
         },
         {
           "alg": "SHA3-512",
-          "content": "fdca23d1585d169fa2dad9be3f840de556b2673fefc6406c4ad0fb6cdf4e85a98103afc125f725c2fb3146fead224e444f963c17e031d6c64581a8552da96eca"
+          "content": "dd0d6a0d5314212787100d05aab34c7412f9d2f5a49375bef10c47b8032eaed3043cd4b3ed80c9f3967ee5db4dcc1b2ac72658392e87c0f1c044401e2f83d676"
         }
       ]
     },
@@ -1286,11 +1286,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1a3246aab91e2c51e24007f3ffa6cafba5edf366444b190a4d3160656555713e"
+          "content": "931082e1797c58ed40932cafad60b1299a98c068df53f46f55ec1750f31f5c45"
         },
         {
           "alg": "SHA3-512",
-          "content": "e1cf6956135578f1391ddd1e4776008af4dc11cfc431a7224599e058363ac0d7b4cc7d0ede816d144e38fedc5ebdd3bc39e46ff2e9e164b1a06f86cc496cbc83"
+          "content": "2e69823f5db625c99cdf3b8d982e56b2fa509a3ec0c4eeecf3643368ae8d73f9f564b36456ac1359fa744a59fd010ee909f1d39d5186e5e6a269016672c71082"
         }
       ]
     },
@@ -1301,11 +1301,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "532c88389281d4d5ab7f0e640b9c368b3f61bdf2ce607541c2aaa1c6dbc0e2a5"
+          "content": "53a1f31532b4bc988e38e362d9048a5fef790f2ee479899d84059eaa3656785e"
         },
         {
           "alg": "SHA3-512",
-          "content": "c06a034d871683f858dc821a74518a51d1a6fec33900b725ff9813bc4b648b87a62d43f34ce38432299c35a64f4d0a28bfbcf53b17a1739716684aa19ccd2910"
+          "content": "229f115d814a473fe69661ab8840307ff3e06dce72c628b821cdced5a8412d89220c4ca9168f2b15be418501747f33accb0a86857b2018a95e1eb8018f09de39"
         }
       ]
     },
@@ -1346,11 +1346,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "85bcec49adac23837218f8cd09b7e725718316e90187de9f3cf764e7b5be7cd4"
+          "content": "d5df82af4dbd6ae940dbba7cc8263ca483e05bc962f0ca548b569e3f601207a5"
         },
         {
           "alg": "SHA3-512",
-          "content": "55d65891e6dffa0259251f61bc34db4c3e389651dfaba3a395593f9145826831bdd576e118643f653614851daa90050e9ace59e1ffa5891c1d3585d184002159"
+          "content": "098bbd2dfa16d60bc33bf164ca5aa482486029a8dde7c200ff4bf5b0d8a8cd699c8c10bfe5bfa6ce10cda97139f95614aee8f0e969181dc587ce6b6ae237bc9f"
         }
       ]
     },
@@ -1361,11 +1361,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eb1a3820bba3203967c6057f12cd594e18f3044d966e1c7c1ba17757d902559f"
+          "content": "20355d2bb703aa27bccc58aa64c7a1bf0156ee1e6741f065ad06d232d04e40ad"
         },
         {
           "alg": "SHA3-512",
-          "content": "1a0acc79ebea7cb9d80cde43503c14f14342ccffda834752c2f29215aacfba46a9d120e78c544cd389e6023ccaa519b829dc82eb4f4de6ed1d4ca2ce2ee06e97"
+          "content": "b9527fcb91677473717098496613f00941d3cf6996d3e41908c89c3bfc1f19009c85695c063b36d977debac929b4cc4c46cd1df115c20d743c40bd460dfedc82"
         }
       ]
     },
@@ -1436,11 +1436,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0ce41dee14acf7998866f5adb63502b614b5501acf8f88c37cd277c96b91a87c"
+          "content": "b6b3ac05cb9b5d0c86a1966656e4e0ea5b7d2b187c12f73853c2fedba1d61185"
         },
         {
           "alg": "SHA3-512",
-          "content": "58f6d75ff97f64633937bef489fdfefd6cf331115109cab30b2064cf3aebfaaddde6c973fa71b31bb44f06ecb485751ee9137e11f528a61b329b4699d53a4041"
+          "content": "256ca28b696c261766f47c57328088dc87c89d56998064d10072ee6f1ffe597d8f4ff565e6599ca947d0ede47020a272e7ce5f565fa5ded54f1e95b11a5b4022"
         }
       ]
     },
@@ -1451,11 +1451,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c4d081a381f82dc32421bcfbb616548b07e3b5c2bcc0cc5be20461fb641f8f10"
+          "content": "073d49a5fab93952d448296415dc1fd8657d1503734c95b1db4bf5dc63c495e7"
         },
         {
           "alg": "SHA3-512",
-          "content": "a8ac7ac0f5d36fcc79e6e475c2cd6685eb52da09816503dd5fa9668633551ff604ad5e7512647c9d300dcc4552ca7a820d38ee1016a133b23c065ed1dba772c6"
+          "content": "3dd95056b99b1a00eb4f317686af138f9574f363cb90bcd5f914478da7e3d3c2b6b42b1e4406cf9521e95140c2edf3b57ab9245da44c381aaae96c609e87cb1a"
         }
       ]
     },
@@ -1466,11 +1466,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "bd757082645bbe88e0d03e5d533ee7c5c8e2ea922e31e13e28a336f69cd3a756"
+          "content": "e3e678c7dcdfab46c02fa81ebc8714daf151cd26ac02612cab7e387677638f85"
         },
         {
           "alg": "SHA3-512",
-          "content": "85c3844a6562a1df8b6b71e54c6fc4788ad62ad918856ceb441c443625032f547c30e39618631f397c49c02708af4e1420bf2ee78885c23248f9c7f8885cef2f"
+          "content": "0fa092d5b83583ef17787bd72bc7155a262e521f3274789a577190feaf5158a4d829f1677a8b2c1bf13b276f9dd39549aac296f844ee1af352dbc88ea864daa5"
         }
       ]
     },
@@ -1481,11 +1481,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4d50b95ac5732a5236e208f6ad1b1deb2654cc38aa0c29ca62a659874694c04d"
+          "content": "218780f3bd9ebfa07ae5dae99f28f98f7d80462bbc4826dfae3456e5737fd3da"
         },
         {
           "alg": "SHA3-512",
-          "content": "953e338a5a20fb65c6e93e78225c292eecfeb8a4a7cfe76d5c6c6b9ed5f13c9fd074dfb1d30d0c75dc8940fa118dfee652a1125af68c2bacfa597c64cefaf4e1"
+          "content": "a89c45de464e1310f05d5ad6247aa78c0a85d8454461185e137c0925f151da1f5c1e50b7e914e092ae56f51a28c8d6b37594d6631a96352042d0d5627c5eb0b0"
         }
       ]
     },
@@ -1511,11 +1511,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "e3a047373857e9da01b0f6558e57ae23a51fe28b6eabff4e8b7e1deb308a55d9"
+          "content": "4516ffb68586635ff74d65bf73bd5eb9f0dec7cd07799a8117e5d1a70cf19b96"
         },
         {
           "alg": "SHA3-512",
-          "content": "d5d3270cfc1f46b6b01e052c051faa83b573958f3a79338bce87938e47c14c953c3b8da5549f2b92a6cf8acca43414800581da17dde0dedbbd82c6e2479a1f4a"
+          "content": "7dae96c95b073f04e33fdfc834f910fb242ea187a02f87aba805c2f09fc83ed8b64eff02ea4b53560291e96ac2a842af933fd154e7ec5b597a2f8e9c756b1188"
         }
       ]
     },
@@ -1586,11 +1586,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "70fda3a2033d461f3ef1ac7e4bf259c9fe78090f1a1f5c09eb72dbf927e59955"
+          "content": "a8060a33a09bf90b1b9b8b212df217f7918f5edb7984e08071997e39b548716a"
         },
         {
           "alg": "SHA3-512",
-          "content": "8547b087e1881cf58a55fd0aab186441f508ad226be0ab4aa3efd13a0e864af776f29576e25df9b4324ec7a4712bb3476faac5ed63a226a6ff71d225c297c969"
+          "content": "068c678005d8e020f09c36ca7f3207889e911b479ffd8d4f2115bb1dd910def25f6bbfd81d7f299853581096414625e3cdbb47260eff4f4ab50ba715ee891994"
         }
       ]
     },
@@ -1721,11 +1721,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b198ec974c510d79902781a31c2beebde77e93c23549410e4bc5de96a161b151"
+          "content": "bc25508f8e773b64dd7ad575c7a7075cb25e5eae198605f228dbd8a40c7a0cd2"
         },
         {
           "alg": "SHA3-512",
-          "content": "f37dfa2eb23fff855311b9126277c4dbeb02dc2d8648dec99407c5746ce732099cb5cd5ac1e81a97d30e113aeec2ed6c21dd85584eeba244015e4261e320c203"
+          "content": "5e7d78ab311e4f4de57793ace6065bfa9699d0aa3a35d70a0d1d629a96ab51bed4460e86e391eddf198151cdcd6c02491c64ad5a89ea3cbb905092e43a0782a1"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "5892fd5dcad9b769cbaa927e959efa1ae9921c13baf96a0bff2e41b53a5876b9"
+          "content": "51953bfa4da6f34f27d1739b0ad4f3f948090f3a43a823eaf19d1f340018a9d9"
         },
         {
           "alg": "SHA3-512",
-          "content": "173abd0c4af412f72071321c180b06871a01b90868d7a7f7749fcc3fb347acfade7a95830243850f47b10acf6f2a14d27caf8a870b3e765fc7c7437103219a31"
+          "content": "39d4d803a5a448010785efbf3df0a1c454ccdfce1150c35d4a31d50da0948b14223c2f34ef97f31d385cd02a83af58d296c866dfaca432e1598e5173cb650d8e"
         }
       ]
     },
@@ -1766,11 +1766,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fe42cfd0758cb2709dc7dad91c4e47b495d6ebf984b00ace2422de34e744d35f"
+          "content": "9e034e2169c9d10a5fd46d7c0870a5df6982a07a674bd20442bd9b14e2dd4d0c"
         },
         {
           "alg": "SHA3-512",
-          "content": "a06a61b0f278a5973c0e4d6398d1688a574dec3442ca9823d0b4c5f37d1cb1cab47e8575580051b56e34829f8e22195ded1f4f57bdc3925ca32edae3e4c8839f"
+          "content": "05e672ddfb4e0d21ac8d175fd9830a9e2dbd29d2b63c13da1c6db99a3b7fd2684c3deb2daabb7ca91023d8c4b7bf7aa755dbac6e8adc067577b185be453777fa"
         }
       ]
     },
@@ -1796,11 +1796,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "484c2c4747699b7a32658126ade2fb498656cde204a8a30efde0730c04305a48"
+          "content": "daea15b9bc962fad92105fc99c2885c99e07e2de0bb6316e976316c3a2928fb2"
         },
         {
           "alg": "SHA3-512",
-          "content": "b9162623770ee4a9879f501417f123fe02d819cfac322ca9fde4ca86c0319a4785a6a2bd719a2b9248e531cd8eac0a79c98b5f627c69b4dfb0d5e62f69f600d5"
+          "content": "a333b3208019e58a4397f9b0bed14609c0702fc52ec099e2c8f50753df335d27f274b247836e55e9b427d21017cc85705e4605b3fe3e3d93829ca90855d51a36"
         }
       ]
     },
@@ -1856,11 +1856,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "faa01f939b1473c436cd81d614612593e92034e1119518e4e44f61e37b35de8b"
+          "content": "507b7d47541c9a338602aee3fcedac2233ca1c0046bd41735adbf5b87cd0f50b"
         },
         {
           "alg": "SHA3-512",
-          "content": "5b84120225b544abcbfd2e87555b71293105c843fe2595c7b0fc4f92c78e3a39291e6a92600d1bbf0fd3ce09de9968799686a8a23555ceb63d17dd56d0162f58"
+          "content": "e5510e81a61c968eb882d7b04cf8abeabe81e5ee094db4c442708de6d5fc57717e6e5bb733f05a5f17f3d474d22c0854b5f0cc3f0f93f0ad2a83bd33bb53ac7a"
         }
       ]
     },
@@ -1871,11 +1871,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "99279ed5a5a7ddb3f00e639b956a83bb2df492288db176f4c3d55dc498949c17"
+          "content": "1e9b7b0ea9e29f4b678957a284a9b1988e3debfe9296b86f3c489a2b0f47818b"
         },
         {
           "alg": "SHA3-512",
-          "content": "3bb717a033303c961161784e1fd4da815da62106baaf62863c3f6e950b600cd36fb3faba663e49add7853f13137789ccad7884034a7638d11a15706548ec03a5"
+          "content": "b916d03299c82027b01cbb14757629130f5e7ab1c6b4bc2e056090bc56e531991b12386d0559afd8891801c69895b203498f2f4ebde190b49c7b3ba556afbd63"
         }
       ]
     },
@@ -1886,11 +1886,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3ecf9941848a70bd19fb32d06bc6a41233afede9501324c19358ac18cf5a80de"
+          "content": "21596a8c5ccaf4893d6762e847de34652724f8a34503722e44642c3a613eb9e7"
         },
         {
           "alg": "SHA3-512",
-          "content": "a29059d3958c37c176d4f18f5cdbdfd0f53f0ac2a85740c1af7bd6033fe87486519646f3504d449172f0aa5f732ff1490703f4fb983c44711408cccbc7a47047"
+          "content": "1e524ec44efb2b47ec7a8e4bf080b819904c87a19daa4fd47207671c150b7c36d1edc0c929390075846db36f8f0b0ebdb2a5164dc725d08e05eb1d1c13925f40"
         }
       ]
     },
@@ -1946,11 +1946,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0b4d3ec4c8d03957a08d851c55a8fba9be11fc755fecec69119068e7e6949353"
+          "content": "87b5529a2399de365ff9c6e155f18eda81514fcb4e01a31ccc0a88e468a5b9f1"
         },
         {
           "alg": "SHA3-512",
-          "content": "251a278f13b539e022c1cc94ec6139217181c118415aca567c0ec7a32c92fc5f80ad5ee8e51f9d61d2840b8757778ba64938fad8f7de914ed6e643547106a2f8"
+          "content": "7f884669649d4de5dee578a9c35af8af676a76725f53a107d04abf4978274575cf87dc8315dc18d9f90bfb2cd1b38d547e4892b1e54b0e1cf3b267b476f66409"
         }
       ]
     },
@@ -1976,11 +1976,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "96f7c1b43cdaaa7c96faeb33fec29b9a2e7d1a677c9979ec60de6b53942afdc0"
+          "content": "0c2d66b550582c6cc999e8f51577daec4f5159f213f0c662a9eb2a3207bcca06"
         },
         {
           "alg": "SHA3-512",
-          "content": "6fbb01ee40ce8a9f5988118491d7c4b219ecbc5ab6b77240b040070042a20a9ea478b81d31397382c1c364edc16454cccafa164180db8ae1da5e35be4a5cff40"
+          "content": "59b42b9a5da8a54ed01d6afb5c241fca09ff7a3b8bde91b4f4a98f7c3fe7f2dc697b666b587676032ce7f8edc88b549e1759d14fd68eae51e25e0be35c9693d1"
         }
       ]
     },
@@ -2081,11 +2081,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "266ff15f7df12f7eac6c322a8fec41ce4e14d389df5b7380d7f138e6e122c080"
+          "content": "6e2b39f275866812938a5e9b7105eb7dfb201a45c2cb6ea64ba60e5ad37600e6"
         },
         {
           "alg": "SHA3-512",
-          "content": "aa8f9ff63e61567a18ef12406262c3a27f2d236793da7b538ee69ca35ced2b2dfb1086a64cc275376ee3643fc8ffdb55655a52808381089bfecf7114d3f310ec"
+          "content": "4eaee5df87cc6565d8b4e708bd0219135a901f570f34bc8e15f37e9f42d7270a464ffee895743a05b9b4fd446b4147a6f8fd36de546342e5724e7dbed0536e8f"
         }
       ]
     },
@@ -2381,11 +2381,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "fe9312d545c6dc77921fddc2bd635023b011e588815adbd1d61ace91f0edf88f"
+          "content": "0dfd0589ba86278f1b04d1deb98429b64f5714e3a9d51c35b1bff1eca2e11ac5"
         },
         {
           "alg": "SHA3-512",
-          "content": "3c15fca3e889c235a5c9c1ca3a66e4c45ac45c70637ee6cef7a6b467a7bfad3070005d7b7979a0785a2a0a61277949daa09d561a43a15ca74a957b2888e15497"
+          "content": "ee4b3a028a1b98c3a5d8071f25ff254cbe12c21d46292f3de42f2ac92b5e70ae2da1062a94cdf45ac0fd68d01e6641e824e6175aa5423d1f5957cdf9b83ec296"
         }
       ]
     },
@@ -2621,11 +2621,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1e140b2a035043d72cfb1a46e57751bbb2d4b3d39ecc73b48c28625b260e17f3"
+          "content": "b83bc09879538531d0707a2debb3a7540604898df2949033c84dc8b1498c631f"
         },
         {
           "alg": "SHA3-512",
-          "content": "f027c768c24cd0c5a4aff871afe82482a7ee655a56a69ab0d95662609a95fb28a31a3b4aa1108f879bdbf59ce097a6536e931c128105a7d93436e6eed59bfd82"
+          "content": "b631e5ce6525b28c298f186870d0f540a1f9b0828ce68387c917f755252560c0cb8ad84a4d5b3a43d7e3736a370df798a7b894f7f5c15fcf236342ddfff29fc8"
         }
       ]
     },
@@ -2936,11 +2936,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "2bb77e1f667bc47c6ab1c7715071d9fe8da2697f9bbbf7914c7e9fd231ad67f1"
+          "content": "628f4853e8d6b6ac2ad8ad159f1c9d74c392727f4ebf9bc1d7d8e43074b08a3a"
         },
         {
           "alg": "SHA3-512",
-          "content": "d3bb5fe5401da5534979f83dc5f1d14b2f7873c3e0c1ed0aeff556e0608d612811114dfae4b5f5a80c12d8e730854c7520a765b7aa3934b937b60b3a602583da"
+          "content": "7c9a97074a3bb8f1a367a253ad46cc90dfe398e7d764f3abc5693430d44fd9f208b43765f970459a30e7f296ee1e8fbc1a895958a346769c67dfdec8dc64709a"
         }
       ]
     },
@@ -3476,11 +3476,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "eadeff28bc343c7f7c270a6bc1a7593449cd1d238e49e4e3f74817d07b91de9a"
+          "content": "c96c23ae03353ed1c7ebf3a31be2cc3fe9caaa7c35762ae5b1f3a371744b4eaa"
         },
         {
           "alg": "SHA3-512",
-          "content": "920540ecd16f41814cf345ebfe505093efb1501c58aa81cd3dfb58237ac2d25264b6c33331d0989d22944df2edbcfa1d656bb177ab5af98d928f3838e954a5ae"
+          "content": "b95a1b4b43a94a8f20e9d0e5454d5da290cd0b66be60e3ffb9f9c8d80af51bd081b44fd974f49171d3a02279a4560c4c675190b2aea1d6c3a26d5fda14877523"
         }
       ]
     },

package/scripts/build-indexes.js CHANGED Viewed

@@ -3,7 +3,7 @@
  * scripts/build-indexes.js
  *
  * Produces pre-computed indexes under `data/_indexes/` so AI consumers
- * and downstream tooling don't have to scan all 38 skills + 10 catalogs
+ * and downstream tooling don't have to scan every skill + catalog
  * to answer routine cross-reference questions.
  *
  * Outputs (17 total):
@@ -56,6 +56,7 @@
 const fs = require("fs");
 const path = require("path");
 const crypto = require("crypto");
+const lint = require("../lib/lint-skills.js");
 const ROOT = path.join(__dirname, "..");
 const ABS = (p) => path.join(ROOT, p);
@@ -109,15 +110,47 @@ Examples:
 // --- Source loading (shared in-memory snapshot) -------------------------
+// Cross-reference fields the derived indexes key on. The manifest carries a
+// cache of these, but the skill frontmatter is the authoritative source — the
+// linter and staleness gate read frontmatter. Overlaying the parsed
+// frontmatter onto each skill record here means the indexes reflect the skill
+// bodies even when the manifest cache has drifted (e.g. dropping UK-CAF / AU
+// control mappings from framework_gaps). Array fields are overlaid only when
+// present in frontmatter; description is a scalar.
+const FRONTMATTER_ARRAY_FIELDS = [
+  "framework_gaps", "d3fend_refs", "cwe_refs", "atlas_refs",
+  "attack_refs", "rfc_refs", "triggers", "data_deps",
+];
+const FRONTMATTER_SCALAR_FIELDS = ["description"];
+function authoritativeSkill(entry, body) {
+  const { frontmatter } = lint.extractFrontmatterBlock(body);
+  const fm = lint.parseFrontmatter(frontmatter);
+  const merged = { ...entry };
+  for (const field of FRONTMATTER_ARRAY_FIELDS) {
+    if (Array.isArray(fm[field])) merged[field] = fm[field];
+  }
+  for (const field of FRONTMATTER_SCALAR_FIELDS) {
+    if (typeof fm[field] === "string") merged[field] = fm[field];
+  }
+  return merged;
+}
 function loadSources() {
   const manifest = readJson(ABS("manifest.json"));
-  const skills = manifest.skills;
-  const skillNames = new Set(skills.map((s) => s.name));
   const catalogFiles = fs.readdirSync(ABS("data")).filter((f) => f.endsWith(".json")).map((f) => "data/" + f);
   // Per-skill body cache so multiple builders don't re-read the same file.
   const skillBodies = {};
-  for (const s of skills) skillBodies[s.name] = fs.readFileSync(ABS(s.path), "utf8");
+  for (const s of manifest.skills) skillBodies[s.name] = fs.readFileSync(ABS(s.path), "utf8");
+  // Build the skill records from the authoritative frontmatter, falling back
+  // to the manifest cache for fields frontmatter doesn't carry (signatures,
+  // dlp_refs, etc.). Downstream builders read cross-reference arrays from
+  // these records, so this is the single point that keeps the indexes aligned
+  // with the skill bodies.
+  const skills = manifest.skills.map((s) => authoritativeSkill(s, skillBodies[s.name]));
+  const skillNames = new Set(skills.map((s) => s.name));
   const ctx = {
     root: ROOT,
@@ -157,7 +190,7 @@ const OUTPUTS = [
   {
     name: "xref",
     file: "xref.json",
-    deps: [isManifest],
+    deps: [isManifest, isAnySkillBody],
     build: (ctx) => {
       const xref = {
         cwe_refs: {}, d3fend_refs: {}, framework_gaps: {},
@@ -181,7 +214,7 @@ const OUTPUTS = [
   {
     name: "trigger-table",
     file: "trigger-table.json",
-    deps: [isManifest],
+    deps: [isManifest, isAnySkillBody],
     build: (ctx) => {
       const t = {};
       for (const s of ctx.skills) {
@@ -279,6 +312,7 @@ const OUTPUTS = [
     file: "chains.json",
     deps: [
       isManifest,
+      isAnySkillBody,
       isCatalog("cve-catalog"),
       isCatalog("cwe-catalog"),
       isCatalog("framework-control-gaps"),
@@ -429,7 +463,7 @@ const OUTPUTS = [
   {
     name: "frequency",
     file: "frequency.json",
-    deps: [isManifest, isAnyCatalog],
+    deps: [isManifest, isAnySkillBody, isAnyCatalog],
     build: (ctx) => {
       const { buildFrequency } = require("./builders/frequency");
       return buildFrequency({
@@ -445,7 +479,7 @@ const OUTPUTS = [
   {
     name: "activity-feed",
     file: "activity-feed.json",
-    deps: [isManifest, isAnyCatalog],
+    deps: [isManifest, isAnySkillBody, isAnyCatalog],
     build: (ctx) => {
       const { buildActivityFeed } = require("./builders/activity-feed");
       return buildActivityFeed({ root: ctx.root, manifest: ctx.manifest, skills: ctx.skills, catalogFiles: ctx.catalogFiles });