@blamejs/exceptd-skills 0.16.25 → 0.16.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +5 -5
- package/ARCHITECTURE.md +3 -3
- package/CHANGELOG.md +28 -0
- package/CONTEXT.md +2 -2
- package/README.md +6 -6
- package/agents/threat-researcher.md +2 -2
- package/bin/exceptd.js +41 -8
- package/data/_indexes/_meta.json +41 -40
- package/data/_indexes/activity-feed.json +240 -240
- package/data/_indexes/catalog-summaries.json +3 -3
- package/data/_indexes/currency.json +64 -64
- package/data/_indexes/jurisdiction-map.json +31 -158
- package/data/_indexes/recipes.json +1 -1
- package/data/_indexes/section-offsets.json +510 -510
- package/data/_indexes/summary-cards.json +33 -33
- package/data/_indexes/token-budget.json +200 -200
- package/data/atlas-ttps.json +7 -7
- package/data/attack-techniques.json +5 -5
- package/data/framework-control-gaps.json +3 -3
- package/lib/auto-discovery.js +15 -9
- package/lib/collectors/library-author.js +26 -9
- package/lib/collectors/secrets.js +8 -1
- package/lib/cvss.js +108 -0
- package/lib/lint-skills.js +6 -1
- package/lib/playbook-runner.js +17 -4
- package/lib/prefetch.js +97 -5
- package/lib/refresh-external.js +25 -13
- package/lib/schemas/manifest.schema.json +1 -1
- package/lib/schemas/skill-frontmatter.schema.json +1 -1
- package/lib/validate-indexes.js +5 -0
- package/lib/version-pins.js +3 -3
- package/manifest-snapshot.json +2 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +124 -124
- package/orchestrator/pipeline.js +16 -4
- package/package.json +1 -1
- package/sbom.cdx.json +170 -140
- package/scripts/build-indexes.js +12 -1
- package/scripts/builders/catalog-summaries.js +1 -1
- package/scripts/builders/recipes.js +1 -1
- package/scripts/check-sbom-currency.js +76 -14
- package/scripts/refresh-sbom.js +1 -1
- package/scripts/run-e2e-scenarios.js +48 -17
- package/scripts/sync-package-description.js +74 -0
- package/scripts/verify-shipped-tarball.js +18 -7
- package/skills/age-gates-child-safety/skill.md +3 -3
- package/skills/ai-attack-surface/skill.md +4 -4
- package/skills/ai-c2-detection/skill.md +5 -5
- package/skills/api-security/skill.md +2 -2
- package/skills/attack-surface-pentest/skill.md +4 -4
- package/skills/cloud-security/skill.md +3 -3
- package/skills/compliance-theater/skill.md +3 -3
- package/skills/container-runtime-security/skill.md +3 -3
- package/skills/coordinated-vuln-disclosure/skill.md +2 -2
- package/skills/defensive-countermeasure-mapping/skill.md +3 -3
- package/skills/dlp-gap-analysis/skill.md +5 -5
- package/skills/exploit-scoring/skill.md +2 -2
- package/skills/framework-gap-analysis/skill.md +4 -4
- package/skills/fuzz-testing-strategy/skill.md +2 -2
- package/skills/incident-response-playbook/skill.md +3 -3
- package/skills/mcp-agent-trust/skill.md +2 -2
- package/skills/mlops-security/skill.md +3 -3
- package/skills/ot-ics-security/skill.md +3 -3
- package/skills/policy-exception-gen/skill.md +3 -3
- package/skills/pqc-first/skill.md +2 -2
- package/skills/rag-pipeline-security/skill.md +4 -4
- package/skills/ransomware-response/skill.md +2 -2
- package/skills/sector-energy/skill.md +2 -2
- package/skills/sector-federal-government/skill.md +2 -2
- package/skills/sector-financial/skill.md +4 -4
- package/skills/sector-healthcare/skill.md +3 -3
- package/skills/security-maturity-tiers/skill.md +1 -1
- package/skills/skill-update-loop/skill.md +6 -6
- package/skills/supply-chain-integrity/skill.md +2 -2
- package/skills/threat-model-currency/skill.md +8 -8
- package/skills/threat-modeling-methodology/skill.md +2 -2
- package/skills/webapp-security/skill.md +2 -2
- package/skills/zeroday-gap-learn/skill.md +3 -3
- package/sources/validators/cve-validator.js +27 -18
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"description": { "type": "string", "minLength": 1 },
|
|
20
20
|
"homepage": { "type": "string", "format": "uri" },
|
|
21
21
|
"license": { "type": "string", "minLength": 1 },
|
|
22
|
-
"atlas_version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]
|
|
22
|
+
"atlas_version": { "type": "string", "pattern": "^([0-9]{4}\\.[0-9]{2}(\\.[0-9]+)?|[0-9]+\\.[0-9]+\\.[0-9]+)$", "description": "ATLAS pin: CalVer YYYY.MM[.N] (current upstream scheme since v2026.05) or legacy 3-part semver." },
|
|
23
23
|
"threat_review_date": { "type": "string", "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" },
|
|
24
24
|
"sources_dir": { "type": "string" },
|
|
25
25
|
"agents_dir": { "type": "string" },
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
"type": "string",
|
|
53
53
|
"pattern": "^AML\\.T[0-9]{4}(\\.[0-9]{3})?$"
|
|
54
54
|
},
|
|
55
|
-
"description": "MITRE ATLAS TTP IDs at the pinned version (currently
|
|
55
|
+
"description": "MITRE ATLAS TTP IDs at the pinned version (currently v2026.05)."
|
|
56
56
|
},
|
|
57
57
|
"attack_refs": {
|
|
58
58
|
"type": "array",
|
package/lib/validate-indexes.js
CHANGED
|
@@ -67,6 +67,11 @@ function main() {
|
|
|
67
67
|
const manifest = JSON.parse(fs.readFileSync(ABS("manifest.json"), "utf8"));
|
|
68
68
|
const liveSources = new Set();
|
|
69
69
|
liveSources.add("manifest.json");
|
|
70
|
+
// README.md is consumed by the stale-content index builder (badge-count
|
|
71
|
+
// drift), so build-indexes hashes it as a source. Keep this validator's
|
|
72
|
+
// source set in sync — otherwise the hashed README looks like a removed
|
|
73
|
+
// file here. (Mirrors liveSourceSet() in scripts/build-indexes.js.)
|
|
74
|
+
if (fs.existsSync(ABS("README.md"))) liveSources.add("README.md");
|
|
70
75
|
// use lstat to detect symlinks. A symlinked .json under data/
|
|
71
76
|
// would be hashed via the followed target, allowing a malicious checkout
|
|
72
77
|
// (or a misconfigured filesystem) to swap data origin without tripping the
|
package/lib/version-pins.js
CHANGED
|
@@ -30,9 +30,9 @@
|
|
|
30
30
|
* operator must read.
|
|
31
31
|
*
|
|
32
32
|
* API:
|
|
33
|
-
* getAtlasVersion() → "
|
|
34
|
-
* getAttackVersion() → "19.
|
|
35
|
-
* getAtlasReleaseDate() → "2026-05-
|
|
33
|
+
* getAtlasVersion() → "2026.05"
|
|
34
|
+
* getAttackVersion() → "19.1"
|
|
35
|
+
* getAtlasReleaseDate() → "2026-05-27"
|
|
36
36
|
* getAllPins() → { atlas_version, atlas_release_date, attack_version, ... }
|
|
37
37
|
*/
|
|
38
38
|
|
package/manifest-snapshot.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
|
|
3
|
-
"_generated_at": "2026-06-
|
|
4
|
-
"atlas_version": "
|
|
3
|
+
"_generated_at": "2026-06-10T15:20:38.137Z",
|
|
4
|
+
"atlas_version": "2026.05",
|
|
5
5
|
"skill_count": 51,
|
|
6
6
|
"skills": [
|
|
7
7
|
{
|
package/manifest-snapshot.sha256
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
b4e322034ba1ebafa3e706772a9cada8131a52adc42197ecda1705bb13d2b131 manifest-snapshot.json
|