@blamejs/exceptd-skills 0.16.23 → 0.16.25

package/data/_indexes/section-offsets.json

@@ -89,7 +89,7 @@
           "byte_start": 21020,
           "byte_end": 23408,
           "bytes": 2388,
-          "h3_count": 7
+          "h3_count": 0
         },
         {
           "name": "Detection Rules",
@@ -183,7 +183,7 @@
           "byte_start": 23183,
           "byte_end": 24873,
           "bytes": 1690,
-          "h3_count": 8
+          "h3_count": 0
         },
         {
           "name": "Defensive Countermeasure Mapping",
@@ -268,7 +268,7 @@
           "byte_start": 23413,
           "byte_end": 24950,
           "bytes": 1537,
-          "h3_count": 7
+          "h3_count": 0
         },
         {
           "name": "Hand-Off / Related Skills",
@@ -371,7 +371,7 @@
           "byte_start": 20951,
           "byte_end": 22669,
           "bytes": 1718,
-          "h3_count": 9
+          "h3_count": 4
         },
         {
           "name": "Universal Gaps (No Framework Covers These Adequately)",
@@ -389,7 +389,7 @@
           "byte_start": 23764,
           "byte_end": 25703,
           "bytes": 1939,
-          "h3_count": 6
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -492,7 +492,7 @@
           "byte_start": 29995,
           "byte_end": 31948,
           "bytes": 1953,
-          "h3_count": 4
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -613,7 +613,7 @@
           "byte_start": 22327,
           "byte_end": 23972,
           "bytes": 1645,
-          "h3_count": 4
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -743,7 +743,7 @@
           "byte_start": 23244,
           "byte_end": 24789,
           "bytes": 1545,
-          "h3_count": 5
+          "h3_count": 0
         },
         {
           "name": "Hand-Off / Related Skills",
@@ -882,7 +882,7 @@
           "byte_start": 35308,
           "byte_end": 36801,
           "bytes": 1493,
-          "h3_count": 5
+          "h3_count": 0
         },
         {
           "name": "Hand-Off / Related Skills",
@@ -1106,7 +1106,7 @@
           "byte_start": 26199,
           "byte_end": 28181,
           "bytes": 1982,
-          "h3_count": 4
+          "h3_count": 0
         },
         {
           "name": "Defensive Countermeasure Mapping",
@@ -1227,7 +1227,7 @@
           "byte_start": 39587,
           "byte_end": 41090,
           "bytes": 1503,
-          "h3_count": 6
+          "h3_count": 0
         }
       ]
     },
@@ -1321,7 +1321,7 @@
           "byte_start": 34986,
           "byte_end": 36548,
           "bytes": 1562,
-          "h3_count": 7
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -1469,7 +1469,7 @@
           "byte_start": 31973,
           "byte_end": 33464,
           "bytes": 1491,
-          "h3_count": 6
+          "h3_count": 0
         },
         {
           "name": "Defensive Countermeasure Mapping",
@@ -1581,7 +1581,7 @@
           "byte_start": 35586,
           "byte_end": 36640,
           "bytes": 1054,
-          "h3_count": 4
+          "h3_count": 0
         },
         {
           "name": "Framework Lag Declaration",
@@ -1711,7 +1711,7 @@
           "byte_start": 15155,
           "byte_end": 16753,
           "bytes": 1598,
-          "h3_count": 3
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -1926,7 +1926,7 @@
           "byte_start": 25273,
           "byte_end": 29270,
           "bytes": 3997,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2011,7 +2011,7 @@
           "byte_start": 21811,
           "byte_end": 25605,
           "bytes": 3794,
-          "h3_count": 10
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2096,7 +2096,7 @@
           "byte_start": 32852,
           "byte_end": 35950,
           "bytes": 3098,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2181,7 +2181,7 @@
           "byte_start": 34907,
           "byte_end": 37660,
           "bytes": 2753,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2360,7 +2360,7 @@
           "byte_start": 21674,
           "byte_end": 25090,
           "bytes": 3416,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2454,7 +2454,7 @@
           "byte_start": 23877,
           "byte_end": 26649,
           "bytes": 2772,
-          "h3_count": 11
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2660,7 +2660,7 @@
           "byte_start": 24615,
           "byte_end": 26923,
           "bytes": 2308,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2754,7 +2754,7 @@
           "byte_start": 20363,
           "byte_end": 24124,
           "bytes": 3761,
-          "h3_count": 6
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2857,7 +2857,7 @@
           "byte_start": 25454,
           "byte_end": 28983,
           "bytes": 3529,
-          "h3_count": 10
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -2951,7 +2951,7 @@
           "byte_start": 33880,
           "byte_end": 37432,
           "bytes": 3552,
-          "h3_count": 14
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3045,7 +3045,7 @@
           "byte_start": 35068,
           "byte_end": 38475,
           "bytes": 3407,
-          "h3_count": 15
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3139,7 +3139,7 @@
           "byte_start": 34560,
           "byte_end": 37765,
           "bytes": 3205,
-          "h3_count": 10
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3233,7 +3233,7 @@
           "byte_start": 38416,
           "byte_end": 41876,
           "bytes": 3460,
-          "h3_count": 13
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3421,7 +3421,7 @@
           "byte_start": 28125,
           "byte_end": 32523,
           "bytes": 4398,
-          "h3_count": 9
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3515,7 +3515,7 @@
           "byte_start": 40269,
           "byte_end": 43223,
           "bytes": 2954,
-          "h3_count": 13
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3609,7 +3609,7 @@
           "byte_start": 32702,
           "byte_end": 36368,
           "bytes": 3666,
-          "h3_count": 12
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -3703,7 +3703,7 @@
           "byte_start": 33207,
           "byte_end": 36629,
           "bytes": 3422,
-          "h3_count": 10
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -4079,7 +4079,7 @@
           "byte_start": 49575,
           "byte_end": 54909,
           "bytes": 5334,
-          "h3_count": 14
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -4173,7 +4173,7 @@
           "byte_start": 30423,
           "byte_end": 32621,
           "bytes": 2198,
-          "h3_count": 15
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",
@@ -4267,7 +4267,7 @@
           "byte_start": 30054,
           "byte_end": 33237,
           "bytes": 3183,
-          "h3_count": 16
+          "h3_count": 0
         },
         {
           "name": "Compliance Theater Check",

package/lib/collectors/ai-api.js

@@ -49,6 +49,16 @@ const AI_KEY_PATTERNS = [
   { id: "cohere",       re: /(?:^|\n)\s*(?:export\s+|set\s+-gx\s+)?COHERE_API_KEY\s*[= ]\s*['"]?[A-Za-z0-9-]{30,}/m },
 ];
 
+// Capture the exported value so the false_positive_checks_required entries
+// (placeholder demotion, entropy floor) can be evaluated. The export
+// patterns above end at the prefix; widen to grab the trailing token.
+const AI_KEY_VALUE_RE = {
+  openai: /OPENAI_API_KEY\s*[= ]\s*['"]?(sk-[A-Za-z0-9_-]+)/,
+  anthropic: /ANTHROPIC_API_KEY\s*[= ]\s*['"]?(sk-ant-[A-Za-z0-9_-]+)/,
+  huggingface: /(?:HUGGINGFACE_TOKEN|HF_TOKEN)\s*[= ]\s*['"]?(hf_[A-Za-z0-9]+)/,
+};
+const PLACEHOLDER_RE = /placeholder|example|redacted|dummy|x{4,}|0{6,}|test-/i;
+
 function scanShellRc(content) {
   if (!content) return [];
   const hits = [];
@@ -58,6 +68,31 @@ function scanShellRc(content) {
   return hits;
 }
 
+// Deterministic false_positive_checks_required evaluation for
+// cleartext-api-key-in-dotfile. Returns the satisfiable indices for the
+// exports found across the canonical dotfiles (intersection — an index is
+// only attested if every export satisfies it). Canonical home rc / dotfile
+// paths are never under examples/tests/fixtures, so the path check [1] is
+// always satisfied here.
+function cleartextFpIndices(content) {
+  const sat = new Set(["0", "1", "2"]);
+  let sawAny = false;
+  for (const [vendor, re] of Object.entries(AI_KEY_VALUE_RE)) {
+    const m = content.match(re);
+    if (!m) continue;
+    sawAny = true;
+    const value = m[1];
+    // [0] not a documented placeholder / sk-test- fixture
+    if (PLACEHOLDER_RE.test(value)) sat.delete("0");
+    // [2] entropy floor: OpenAI sk-* >= 48 post-prefix, Anthropic sk-ant-* >= 40,
+    //     HuggingFace hf_* >= 30.
+    const floor = vendor === "openai" ? 48 : vendor === "anthropic" ? 40 : 30;
+    const body = value.replace(/^sk-ant-(?:api03|admin01)-|^sk-(?:proj-|svcacct-|admin-)?|^hf_/, "");
+    if (body.length < floor) sat.delete("2");
+  }
+  return sawAny ? sat : new Set();
+}
+
 function parseAwsCredentials(content) {
   if (!content) return { staticProfiles: [] };
   const lines = content.split(/\r?\n/);
@@ -74,30 +109,43 @@ function parseAwsCredentials(content) {
     profiles[current][kv[1].trim().toLowerCase()] = kv[2].trim();
   }
   const staticProfiles = [];
+  const accessKeyIds = [];
   for (const [name, kv] of Object.entries(profiles)) {
     // long-lived-aws-keys: aws_access_key_id present AND no
     // aws_session_token sibling (STS temporary creds carry the
     // session token; IAM-user long-lived keys do not).
     if (kv["aws_access_key_id"] && !kv["aws_session_token"]) {
       staticProfiles.push(name);
+      accessKeyIds.push(kv["aws_access_key_id"]);
     }
   }
-  return { staticProfiles };
+  return { staticProfiles, accessKeyIds };
 }
 
+// AWS-published sample credential pair — long-lived-aws-keys FP[0] demotes it.
+const AWS_EXAMPLE_KEY_PARTS = new Set([
+  "AKIAIOSFODNN7EXAMPLE",
+  "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+]);
+
 function parseGcloudAdc(content) {
   if (!content) return { hasServiceAccount: false };
   try {
     const j = JSON.parse(content);
-    return { hasServiceAccount: j?.type === "service_account" };
+    const hasServiceAccount = j?.type === "service_account";
+    return {
+      hasServiceAccount,
+      privateKey: typeof j?.private_key === "string" ? j.private_key : "",
+      clientEmail: typeof j?.client_email === "string" ? j.client_email : "",
+    };
   } catch { return { hasServiceAccount: false }; }
 }
 
 function parseKubeStaticToken(content) {
-  if (!content) return false;
+  if (!content) return { found: false };
   // Same shape as cred-stores: token under user:, not auth-provider.
   const userKvRe = /^(\s+)(token|token-data)\s*:\s*(\S[^\n]*)/gm;
-  let staticFound = false;
+  let tokenValue = null;
   for (const m of content.matchAll(userKvRe)) {
     const upto = content.slice(0, m.index);
     const lastUserAt = upto.lastIndexOf("\n  user:");
@@ -105,12 +153,17 @@ function parseKubeStaticToken(content) {
     if (lastAuthProviderAt > lastUserAt) continue;
     const value = m[3];
     if (!value || value.startsWith("null")) continue;
-    staticFound = true;
+    tokenValue = value.trim();
     break;
   }
-  return staticFound;
+  // Cluster server URL — FP[0] demotes local-only clusters.
+  const serverM = content.match(/^\s*server:\s*(\S+)/m);
+  return { found: tokenValue !== null, tokenValue, serverUrl: serverM ? serverM[1] : "" };
 }
 
+const LOCAL_CLUSTER_RE = /https?:\/\/(?:127\.0\.0\.1|localhost|\[::1\])[:/]|\.kind\b|minikube|k3d|docker-for-desktop|docker-desktop/i;
+const CI_RUNNER_PATH_RE = /(?:^|[\\/])(?:home[\\/]runner|github[\\/]workspace|builds|workspace)[\\/]/i;
+
 function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
   const errors = [];
   const startTime = Date.now();
@@ -140,6 +193,7 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
 
   const allKeyCarriers = [...shellRcs, ...dotfileKeys];
   const cleartextHitsByFile = {};
+  let cleartextFp = null;
   for (const p of allKeyCarriers) {
     if (!fileExists(p)) continue;
     const c = readSafe(p);
@@ -147,6 +201,11 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
     const hits = scanShellRc(c);
     if (hits.length > 0) {
       cleartextHitsByFile[path.relative(home, p)] = hits;
+      const fp = cleartextFpIndices(c);
+      if (fp.size) {
+        if (cleartextFp === null) cleartextFp = new Set(fp);
+        else for (const idx of [...cleartextFp]) if (!fp.has(idx)) cleartextFp.delete(idx);
+      }
     }
   }
   const cleartextAnyHit = Object.keys(cleartextHitsByFile).length > 0;
@@ -163,7 +222,8 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
 
   const kubeCfgPath = (env && env.KUBECONFIG) || path.join(home, ".kube", "config");
   const kubeContent = fileExists(kubeCfgPath) ? readSafe(kubeCfgPath) : null;
-  const kubeStaticToken = parseKubeStaticToken(kubeContent);
+  const kubeParsed = parseKubeStaticToken(kubeContent);
+  const kubeStaticToken = kubeParsed.found;
 
   const signal_overrides = {
     "cleartext-api-key-in-dotfile": cleartextAnyHit ? "hit" : "miss",
@@ -172,6 +232,51 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
     "kubeconfig-with-static-token": kubeStaticToken ? "hit" : "miss",
   };
 
+  // Per-indicator __fp_checks attestation. Each canonical-path credential
+  // store the collector reads is never under an examples/tests/fixtures path,
+  // so the path-based FP checks are satisfied; value-based checks (placeholder,
+  // entropy, sample-credential, cluster-locality) are evaluated deterministically.
+  // Network / sts-validity checks are left unattested so the runner still
+  // downgrades those. Without this, a real cleartext key or static token
+  // surfaced by `collect` is downgraded to inconclusive after `run`.
+  if (cleartextAnyHit && cleartextFp && cleartextFp.size) {
+    const att = {};
+    for (const idx of cleartextFp) att[idx] = true;
+    signal_overrides["cleartext-api-key-in-dotfile__fp_checks"] = att;
+  }
+  if (longLivedAws) {
+    const att = {};
+    // [0] none of the access-key ids are the AWS-published sample pair
+    if (!(awsParsed.accessKeyIds || []).some((k) => AWS_EXAMPLE_KEY_PARTS.has(k))) att["0"] = true;
+    // [1] ~/.aws/credentials is a canonical home path, not an examples/test path
+    att["1"] = true;
+    // [2] sts get-caller-identity needs network — left unattested.
+    if (Object.keys(att).length) signal_overrides["long-lived-aws-keys__fp_checks"] = att;
+  }
+  if (gcloudParsed.hasServiceAccount) {
+    const att = {};
+    // [0] private_key is a real PEM body (>= 1000 chars), not PLACEHOLDER/REDACTED
+    const pk = gcloudParsed.privateKey || "";
+    if (pk.length >= 1000 && !/PLACEHOLDER|REDACTED/i.test(pk)) att["0"] = true;
+    // [1] client_email is a real *@*.gserviceaccount.com (not example/test)
+    const ce = gcloudParsed.clientEmail || "";
+    if (/@[^@\s]+\.gserviceaccount\.com$/i.test(ce) && !/@example\.com$|@test\./i.test(ce)) att["1"] = true;
+    // [2] canonical ADC path (not under examples/) AND no GOOGLE_APPLICATION_CREDENTIALS
+    //     redirecting away from it
+    if (!(env && env.GOOGLE_APPLICATION_CREDENTIALS)) att["2"] = true;
+    if (Object.keys(att).length) signal_overrides["gcp-service-account-json__fp_checks"] = att;
+  }
+  if (kubeStaticToken) {
+    const att = {};
+    // [0] cluster server URL is not a local-only dev cluster
+    if (kubeParsed.serverUrl && !LOCAL_CLUSTER_RE.test(kubeParsed.serverUrl)) att["0"] = true;
+    // [1] token is not a short kind/minikube bootstrap-token shape
+    if (kubeParsed.tokenValue && kubeParsed.tokenValue.length >= 40 && !/^[a-z0-9]{6}\.[a-z0-9]{16}$/.test(kubeParsed.tokenValue)) att["1"] = true;
+    // [2] kubeconfig is not inside a CI runner workspace
+    if (!CI_RUNNER_PATH_RE.test(kubeCfgPath)) att["2"] = true;
+    if (Object.keys(att).length) signal_overrides["kubeconfig-with-static-token__fp_checks"] = att;
+  }
+
   const artifacts = {
     "shell-rc-files": {
       value: cleartextAnyHit

package/lib/collectors/citation-hygiene.js

@@ -421,6 +421,33 @@ function collect({ cwd = process.cwd() } = {}) {
     signal_overrides["cve-citation-needs-external-verification"] = "inconclusive";
   }
 
+  // __fp_checks attestation for the FP-gated indicators the collector decides
+  // deterministically. Each hit already excludes illustrative (template /
+  // fixture / doc-snippet) paths and is keyed off the shipped catalogs, so the
+  // path / catalog-cross-reference / same-citation checks the collector ran
+  // are attested; surrounding-text-acknowledgement remains operator judgement.
+  // Without this the runner downgrades a real bad citation to inconclusive.
+  if (signal_overrides["fabricated-cve-id"] === "hit") {
+    // [0] not under a fixture / regex-example / doc-snippet path (illustrative
+    //     paths are excluded before the hit). [1] placeholder forms (CVE-TBD /
+    //     pending) never match the numeric citation regex, so a fired hit is
+    //     not a placeholder.
+    signal_overrides["fabricated-cve-id__fp_checks"] = { "0": true, "1": true };
+  }
+  if (signal_overrides["rejected-or-disputed-cve"] === "hit") {
+    // [1] the catalog note marks THIS exact identifier rejected/disputed.
+    // [2] the identifier is present in the catalog (absence does not fire).
+    // [0] inline dispute-acknowledgement in surrounding prose is operator
+    //     judgement — left unattested.
+    signal_overrides["rejected-or-disputed-cve__fp_checks"] = { "1": true, "2": true };
+  }
+  if (signal_overrides["rfc-number-title-mismatch"] === "hit") {
+    // [0] a paraphrase / nickname (no title claim) does not fire. [1] numbers
+    // absent from the shipped RFC index do not fire. [2] the stated title is
+    // extracted from the SAME citation line.
+    signal_overrides["rfc-number-title-mismatch__fp_checks"] = { "0": true, "1": true, "2": true };
+  }
+
   const summarize = (list) => {
     if (list.length === 0) return "0 hits";
     const head = list.slice(0, 5).map((h) => {

package/lib/collectors/crypto-codebase.js

@@ -405,6 +405,31 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
   if (noMlKemImpl !== undefined) signal_overrides["no-ml-kem-implementation"] = noMlKemImpl;
   if (fipsTheater !== undefined) signal_overrides["fips-claim-without-runtime-activation"] = fipsTheater;
 
+  // Per-indicator __fp_checks attestation for the FP-gated call-site
+  // indicators. Every surviving hit is in a non-test source file (isTest is
+  // excluded before the scan) and, for weak-hash, flows into a security sink
+  // (scanWeakHash). The remaining false_positive_checks_required entries are
+  // legacy-protocol-shim / feature-flag / later-override judgements the
+  // collector does not make, so they stay unattested and the runner keeps
+  // those indicators inconclusive. Without attesting what it DID check, the
+  // collector's real call-site hits are downgraded to inconclusive after run.
+  if (signal_overrides["weak-hash-import"] === "hit") {
+    // [0] not under test + non-security-file demotion; [2] hash flows to an
+    // authn/integrity sink. [1] legacy-protocol shim is operator judgement.
+    signal_overrides["weak-hash-import__fp_checks"] = { "0": true, "2": true };
+  }
+  if (signal_overrides["weak-cipher-mode"] === "hit") {
+    // [0] not under test/KAT-vector path; [2] construction is in a scanned
+    // (production) source file. [1] legacy-protocol-parser scope is operator.
+    signal_overrides["weak-cipher-mode__fp_checks"] = { "0": true, "2": true };
+  }
+  if (signal_overrides["tls-old-protocol"] === "hit") {
+    // [0] the hit is in non-test production code, not a test asserting the
+    // library REJECTS the legacy protocol. [1] feature-flag-default-off and
+    // [2] later-override are not inspected by the collector.
+    signal_overrides["tls-old-protocol__fp_checks"] = { "0": true };
+  }
+
   const summarize = (id) => {
     const list = hits[id];
     if (list.length === 0) return "0 hits";

package/lib/collectors/kernel.js

@@ -109,6 +109,18 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
     }
   }
 
+  // Running-kernel build config (/boot/config-$(uname -r)) backs the
+  // CONFIG_* false_positive_checks_required entries: a sysctl is moot if the
+  // feature is compiled out of the kernel. Best-effort — unreadable on many
+  // hardened hosts.
+  let kernelConfig = null;
+  if (linuxPlatform && unameR.ok) {
+    try {
+      const fs = require("node:fs");
+      kernelConfig = fs.readFileSync(`/boot/config-${unameR.value}`, "utf8");
+    } catch { /* config not readable — CONFIG_* checks stay unattested */ }
+  }
+
   // Signal overrides: we can't decide kver-in-affected-range without
   // the CVE-affected-version catalog (the runner does that
   // correlation). But we CAN flip the deterministic indicators that
@@ -127,13 +139,31 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
       // unpriv-userns-enabled: clone == 1 means enabled (risky).
       if (parsed.unprivileged_userns_clone != null) {
         const v = parseInt(parsed.unprivileged_userns_clone, 10);
-        signal_overrides["unpriv-userns-enabled"] = (v === 1) ? "hit" : "miss";
+        const hit = v === 1;
+        signal_overrides["unpriv-userns-enabled"] = hit ? "hit" : "miss";
+        // FP[1]: CONFIG_USER_NS=y — the sysctl is live only when userns is
+        // compiled in. Attested when /boot/config confirms it. FP[0]
+        // (rootless-runtime exception + LSM enforcement) is operator
+        // judgement and stays unattested.
+        if (hit && kernelConfig && /^CONFIG_USER_NS=y$/m.test(kernelConfig)) {
+          signal_overrides["unpriv-userns-enabled__fp_checks"] = { "1": true };
+        }
       }
       // unpriv-bpf-allowed: bpf_disabled == 0 means unprivileged BPF
       // is allowed (risky).
       if (parsed.unprivileged_bpf_disabled != null) {
         const v = parseInt(parsed.unprivileged_bpf_disabled, 10);
-        signal_overrides["unpriv-bpf-allowed"] = (v === 0) ? "hit" : "miss";
+        const hit = v === 0;
+        signal_overrides["unpriv-bpf-allowed"] = hit ? "hit" : "miss";
+        // FP[0]: CONFIG_BPF_SYSCALL=y AND CONFIG_BPF_JIT=y — the sysctl is
+        // moot if BPF is compiled out. Attested when /boot/config confirms
+        // both. FP[1] (enforcing LSM bpf() restriction) is operator
+        // judgement and stays unattested.
+        if (hit && kernelConfig &&
+            /^CONFIG_BPF_SYSCALL=y$/m.test(kernelConfig) &&
+            /^CONFIG_BPF_JIT=y$/m.test(kernelConfig)) {
+          signal_overrides["unpriv-bpf-allowed__fp_checks"] = { "0": true };
+        }
       }
     }
   }

package/lib/collectors/library-author.js

@@ -496,6 +496,36 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
     signal_overrides["lockfile-missing-integrity"] = lockfileMissingIntegrity;
   }
 
+  // __fp_checks attestation for publish-workflow-action-refs-mutable. Both
+  // false_positive_checks_required entries are deterministic from the repo:
+  //   [0] Dependabot configured for github-actions on a weekly+ schedule
+  //       demotes the finding — attest survival when no such config exists.
+  //   [1] every mutable ref pointing to a github-owned action is lower risk —
+  //       attest survival when at least one mutable ref is third-party.
+  if (signal_overrides["publish-workflow-action-refs-mutable"] === "hit") {
+    let dependabotActions = false;
+    try {
+      const dbContent =
+        readSafe(path.join(root, ".github", "dependabot.yml")) ||
+        readSafe(path.join(root, ".github", "dependabot.yaml")) || "";
+      dependabotActions = /package-ecosystem:\s*['"]?github-actions/i.test(dbContent) &&
+        /\binterval:\s*['"]?(?:daily|weekly)/i.test(dbContent);
+    } catch { /* no dependabot config */ }
+    const mutableRefSnippets = (workflowHits["publish-workflow-action-refs-mutable"] || []).map(h => h.snippet || "");
+    const refOf = (s) => {
+      const m = s.match(/uses:\s*['"]?([^'"\s]+)/);
+      return m ? m[1] : "";
+    };
+    const anyThirdParty = mutableRefSnippets.some(s => {
+      const r = refOf(s);
+      return r && !/^(?:actions|github)\//i.test(r);
+    });
+    const att = {};
+    if (!dependabotActions) att["0"] = true;
+    if (anyThirdParty) att["1"] = true;
+    if (Object.keys(att).length) signal_overrides["publish-workflow-action-refs-mutable__fp_checks"] = att;
+  }
+
   // Per-indicator file locations for the publish-workflow indicators
   // flipped to "hit", so a SARIF result points at the workflow file (and,
   // for mutable action refs, the offending `uses:` line). The other