@blamejs/exceptd-skills 0.16.28 → 0.16.29

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 0.16.29 — 2026-06-12
+
+A correctness pass across the refresh pipeline, scoring, attestation, the collectors, and offline mode.
+
+`refresh --apply` over the network no longer downgrades a curated CVSS 3.1 score and vector to NVD's legacy v2 metric on older CVEs — the offline cache path already guarded this in 0.16.27, and the live path now applies the same cross-version guard. New-RFC discovery now honors `--air-gap` (it previously queried IETF Datatracker live regardless), and an intrinsically air-gapped playbook — secrets, cred-stores, containers — refuses the `--upstream-check` npm-registry probe without the explicit flag. The `--from-cache` help no longer implies new-RFC discovery is offline; it stays live unless `--air-gap` is also passed.
+
+A CVE that a VEX statement marks fixed no longer inflates a finding's adjusted RWEP through its exploitation, KEV, and proof-of-concept multipliers, and a patched CVE's exploitation status no longer drives the notification draft. Jurisdiction coverage no longer attributes a skill to a jurisdiction from a bare two-letter ISO code that appears only in prose or inside a control identifier; coverage is driven by the regulation-name mapping. The skill-currency staleness check can now reach the warn and critical tiers it gates on — they were unreachable, so the scheduled currency workflow could never flag a skill past its review window; a genuinely abandoned skill now scores into them while a maintained one does not.
+
+`attest diff --against` now verifies the comparison attestation's Ed25519 signature, not only the local side, and refuses a tampered `--against` attestation (exit 6; `--force-replay` overrides). Both sides' verification is recorded in the output.
+
+The collectors no longer raise false findings from `#`-commented YAML — a commented `npm install`, `runs-on: self-hosted`, or `secrets.NPM_TOKEN` is no longer read as the real thing — and a commented `npm publish --provenance` no longer suppresses the missing-build-provenance finding. A documentation or redaction-pattern snippet of a service-account private key no longer registers as an embedded secret. A skill.md with CRLF line endings no longer produces a misleading frontmatter-parse error, and the `run --format` reference now lists `json`, which the runtime already accepts.
+
+The scheduled external-data refresh keeps the package description's entry counts in sync with the data it applies, so an auto-refresh that changes a count no longer fails the SBOM currency check on its pull request.
+
 ## 0.16.28 — 2026-06-10
 
 Refreshes the pinned MITRE threat-framework versions. MITRE ATLAS is now pinned to v2026.05: its content moved to a YYYY.MM calendar-versioning scheme, and the release adds platform tags (Predictive AI, Generative AI, Agentic AI, Enterprise) to every technique. MITRE ATT&CK is pinned to v19.1, a point release of typo and data corrections over v19.0. Both bumps were audited against every ATLAS and ATT&CK technique ID the catalog cites: none was removed, renamed, or revoked, so all existing references remain valid.

package/README.md

@@ -228,7 +228,7 @@ exceptd run [playbook]                Phases 4-7. Auto-detects cwd context when
   --evidence-dir <dir>                Per-playbook submission files (cron-friendly).
   --scope <type> | --all              Multi-playbook run.
   --vex <file>                        CycloneDX / OpenVEX filter (drop not_affected).
-  --format <fmt> ...                  csaf-2.0 | sarif | openvex | markdown | summary.
+  --format <fmt> ...                  csaf-2.0 | sarif | openvex | markdown | summary | json.
                                       Repeatable. CSAF is primary; extras go to
                                       close.evidence_package.bundles_by_format.
   --diff-from-latest                  Drift vs prior attestation for same playbook.

package/bin/exceptd.js

@@ -3406,8 +3406,10 @@ function cmdRun(runner, args, runOpts, pretty) {
     // Audit 3 A.6: --air-gap must refuse the registry probe. The
     // upstream-check helper has no air-gap awareness of its own; the
     // central refusal lives here so any future caller of --upstream-check
-    // inherits it.
-    if (runOpts.airGap || process.env.EXCEPTD_AIR_GAP === "1") {
+    // inherits it. Mirror the line-3444 hoist: an intrinsically air-gapped
+    // playbook (_meta.air_gap_mode — secrets / cred-stores / containers) must
+    // refuse the egress too, even without the explicit --air-gap flag.
+    if (runOpts.airGap || process.env.EXCEPTD_AIR_GAP === "1" || pb._meta?.air_gap_mode) {
       upstreamCheck = {
         ok: false,
         source: "air-gap",
@@ -5641,24 +5643,26 @@ function cmdAttest(runner, args, runOpts, pretty) {
       //      attestation.json cannot shadow the real attestation in the
       //      diff.
       let other = null;
+      let otherPath = null;
       const otherAttestationPath = path.join(otherDir, "attestation.json");
       if (fs.existsSync(otherAttestationPath)) {
         try {
           const parsed = JSON.parse(fs.readFileSync(otherAttestationPath, "utf8"));
-          if (parsed && parsed.kind !== "replay") other = parsed;
+          if (parsed && parsed.kind !== "replay") { other = parsed; otherPath = otherAttestationPath; }
         } catch { /* fall through to scan */ }
       }
       if (!other) {
         const candidates = [];
         for (const f of otherFiles) {
           try {
-            const parsed = JSON.parse(fs.readFileSync(path.join(otherDir, f), "utf8"));
+            const fp = path.join(otherDir, f);
+            const parsed = JSON.parse(fs.readFileSync(fp, "utf8"));
             if (!parsed || parsed.kind === "replay") continue;
-            candidates.push(parsed);
+            candidates.push({ parsed, file: fp });
           } catch { /* skip malformed */ }
         }
-        candidates.sort((a, b) => (b.captured_at || "").localeCompare(a.captured_at || ""));
-        other = candidates[0] || null;
+        candidates.sort((a, b) => (b.parsed.captured_at || "").localeCompare(a.parsed.captured_at || ""));
+        if (candidates[0]) { other = candidates[0].parsed; otherPath = candidates[0].file; }
       }
       if (!other) {
         return emitError(`attest diff --against ${args.against}: no attestations under that session id.`, null, pretty);
@@ -5673,6 +5677,33 @@ function cmdAttest(runner, args, runOpts, pretty) {
           pretty
         );
       }
+      // Verify BOTH attestations' sidecars — the --against (B-side) drives the
+      // drift verdict as much as the A-side, so a forged comparison attestation
+      // must be refused too, not silently diffed under an A-only green sidecar
+      // line. Mirrors reattest's tamper-refusal contract (exit TAMPERED unless
+      // --force-replay); surfaces a_/b_sidecar_verify either way.
+      const aSidecarVerify = verifyAttestationSidecar(path.join(dir, "attestation.json"));
+      const bSidecarVerify = otherPath
+        ? verifyAttestationSidecar(otherPath)
+        : { file: null, signed: false, verified: false, reason: "no B-side attestation file resolved" };
+      const aTampered = isTamperedSidecarVerify(aSidecarVerify);
+      const bTampered = isTamperedSidecarVerify(bSidecarVerify);
+      if ((aTampered || bTampered) && !args["force-replay"]) {
+        const sides = [aTampered && "A-side", bTampered && "--against (B-side)"].filter(Boolean).join(" + ");
+        process.stderr.write(`[exceptd attest diff] TAMPERED: ${sides} attestation failed Ed25519 verification. Refusing to diff against forged input. Pass --force-replay to override (the output records a_sidecar_verify + b_sidecar_verify).\n`);
+        emit({
+          ok: false,
+          error: `attest diff: ${sides} attestation failed signature verification — refusing to diff`,
+          verb: "attest diff",
+          a_session: sessionId,
+          b_session: args.against,
+          a_sidecar_verify: aSidecarVerify,
+          b_sidecar_verify: bSidecarVerify,
+          hint: "If a sidecar was intentionally removed/rotated and you have inspected the attestation, pass --force-replay.",
+        }, pretty);
+        process.exitCode = EXIT_CODES.TAMPERED;
+        return;
+      }
       emit({
         verb: "attest diff",
         a_session: sessionId,
@@ -5683,7 +5714,9 @@ function cmdAttest(runner, args, runOpts, pretty) {
         a_evidence_hash: self.evidence_hash,
         b_evidence_hash: other.evidence_hash,
         status: self.evidence_hash === other.evidence_hash ? "unchanged" : "drifted",
-        sidecar_verify: verifyAttestationSidecar(path.join(dir, "attestation.json")),
+        sidecar_verify: aSidecarVerify,
+        a_sidecar_verify: aSidecarVerify,
+        b_sidecar_verify: bSidecarVerify,
         // v0.11.8 (#102): normalize submissions before diffing so flat-shape
         // (observations + verdict) submissions emit meaningful artifact_diff
         // counts. Pre-0.11.8 (self.submission||{}).artifacts was undefined

package/data/_indexes/_meta.json

@@ -1,10 +1,11 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-06-10T16:38:38.784Z",
+  "generated_at": "2026-06-12T07:53:17.256Z",
   "generator": "scripts/build-indexes.js",
-  "source_count": 63,
+  "source_count": 64,
   "source_hashes": {
-    "manifest.json": "21f2f84671301efb38afbaad51f8d06fa46137747d078d94c439defa669c114b",
+    "manifest.json": "7cdbf86213bc03cc55f8cd1ec5516f7c492177f0968c27216beabf68fdd68ef1",
+    "README.md": "e7b854e7db9a364a1b368b5084b4f0c2a8282f0459ce39800ac1d1dabdc06074",
     "data/atlas-ttps.json": "29f3447ac5c45f42f50b3ed8a46010c2b8ecbcc8094bb19b5db57ba4707b396c",
     "data/attack-techniques.json": "6506db66fdd69bb3564e12aef8f727edddc55d0e6e99f60833a200a57e8ee65e",
     "data/cve-catalog.json": "51d8425a49e5cc0375d0a154a83a16816e99c3141a5bbafe6383607ca11be240",

package/data/_indexes/jurisdiction-map.json

@@ -35,7 +35,6 @@
       "policy-exception-gen",
       "pqc-first",
       "privacy-consent-ops",
-      "rag-pipeline-security",
       "ransomware-response",
       "researcher",
       "sector-energy",
@@ -54,7 +53,7 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 51
+    "skill_count": 50
   },
   "UK": {
     "skills": [
@@ -63,15 +62,11 @@
       "ai-c2-detection",
       "ai-risk-management",
       "api-security",
-      "attack-surface-pentest",
-      "cloud-iam-incident",
       "cloud-security",
       "compliance-theater",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
-      "decompression-dos",
       "defensive-countermeasure-mapping",
-      "dlp-gap-analysis",
       "email-security-anti-phishing",
       "exploit-scoring",
       "framework-gap-analysis",
@@ -80,36 +75,22 @@
       "identity-assurance",
       "idp-incident-response",
       "incident-response-playbook",
-      "kernel-lpe-triage",
-      "log-injection-telemetry",
       "mcp-agent-trust",
-      "mlops-security",
-      "multitenancy-isolation",
-      "network-trust",
-      "ot-ics-security",
       "policy-exception-gen",
       "pqc-first",
-      "privacy-consent-ops",
-      "rag-pipeline-security",
       "ransomware-response",
       "researcher",
       "sector-energy",
       "sector-federal-government",
-      "sector-financial",
-      "sector-healthcare",
       "sector-telecom",
-      "security-maturity-tiers",
-      "self-update-integrity",
       "skill-update-loop",
       "supply-chain-integrity",
       "threat-model-currency",
       "threat-modeling-methodology",
-      "vc-wallet-trust",
-      "webapp-security",
-      "zeroday-gap-learn"
+      "webapp-security"
     ],
     "example_excerpts": {},
-    "skill_count": 49
+    "skill_count": 31
   },
   "AU": {
     "skills": [
@@ -138,13 +119,11 @@
       "kernel-lpe-triage",
       "log-injection-telemetry",
       "mcp-agent-trust",
-      "mlops-security",
       "multitenancy-isolation",
       "ot-ics-security",
       "policy-exception-gen",
       "pqc-first",
       "privacy-consent-ops",
-      "rag-pipeline-security",
       "ransomware-response",
       "researcher",
       "sector-energy",
@@ -162,72 +141,51 @@
       "zeroday-gap-learn"
     ],
     "example_excerpts": {},
-    "skill_count": 47
+    "skill_count": 45
   },
   "SG": {
     "skills": [
-      "age-gates-child-safety",
-      "ai-attack-surface",
-      "api-security",
-      "cloud-iam-incident",
-      "cloud-security",
       "container-runtime-security",
-      "coordinated-vuln-disclosure",
-      "email-security-anti-phishing",
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
-      "incident-response-playbook",
-      "mcp-agent-trust",
-      "mlops-security",
       "researcher",
-      "sector-federal-government",
       "sector-financial",
-      "sector-healthcare",
-      "sector-telecom",
       "threat-modeling-methodology",
       "webapp-security"
     ],
     "example_excerpts": {},
-    "skill_count": 21
+    "skill_count": 8
   },
   "JP": {
     "skills": [
       "age-gates-child-safety",
-      "ai-risk-management",
       "api-security",
       "cloud-iam-incident",
-      "cloud-security",
       "container-runtime-security",
-      "coordinated-vuln-disclosure",
       "dlp-gap-analysis",
       "email-security-anti-phishing",
       "framework-gap-analysis",
       "global-grc",
       "identity-assurance",
       "incident-response-playbook",
-      "mlops-security",
       "ot-ics-security",
       "pqc-first",
-      "ransomware-response",
       "sector-energy",
       "sector-federal-government",
       "sector-financial",
       "sector-healthcare",
-      "sector-telecom",
       "supply-chain-integrity",
       "threat-modeling-methodology",
       "webapp-security"
     ],
     "example_excerpts": {},
-    "skill_count": 25
+    "skill_count": 19
   },
   "IN": {
     "skills": [
       "age-gates-child-safety",
       "ai-risk-management",
-      "api-security",
-      "cloud-security",
       "dlp-gap-analysis",
       "email-security-anti-phishing",
       "framework-gap-analysis",
@@ -242,51 +200,36 @@
       "threat-modeling-methodology"
     ],
     "example_excerpts": {},
-    "skill_count": 16
+    "skill_count": 14
   },
   "CA": {
     "skills": [
       "age-gates-child-safety",
-      "ai-c2-detection",
-      "cloud-iam-incident",
-      "cloud-security",
-      "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
       "framework-gap-analysis",
       "global-grc",
-      "identity-assurance",
       "idp-incident-response",
-      "network-trust",
-      "sector-energy",
-      "sector-federal-government",
-      "sector-financial",
-      "sector-healthcare",
-      "sector-telecom",
-      "self-update-integrity",
-      "skill-update-loop",
-      "zeroday-gap-learn"
+      "sector-financial"
     ],
     "example_excerpts": {},
-    "skill_count": 19
+    "skill_count": 6
   },
   "BR": {
     "skills": [
       "age-gates-child-safety",
       "ai-risk-management",
-      "api-security",
       "cloud-security",
       "dlp-gap-analysis",
       "framework-gap-analysis",
       "global-grc",
       "incident-response-playbook",
       "pqc-first",
-      "sector-financial",
       "sector-healthcare",
       "supply-chain-integrity",
       "threat-modeling-methodology"
     ],
     "example_excerpts": {},
-    "skill_count": 13
+    "skill_count": 11
   },
   "CN": {
     "skills": [
@@ -315,53 +258,33 @@
     "skill_count": 1
   },
   "AE": {
-    "skills": [
-      "incident-response-playbook",
-      "sector-financial"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 2
+    "skill_count": 0
   },
   "SA": {
     "skills": [
       "age-gates-child-safety",
-      "compliance-theater",
-      "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
-      "framework-gap-analysis",
-      "fuzz-testing-strategy",
-      "global-grc",
-      "mcp-agent-trust",
-      "mlops-security",
-      "pqc-first",
-      "sector-energy",
-      "sector-federal-government",
-      "sector-financial",
-      "sector-healthcare",
-      "supply-chain-integrity",
-      "zeroday-gap-learn"
+      "sector-financial"
     ],
     "example_excerpts": {},
-    "skill_count": 16
+    "skill_count": 3
   },
   "NZ": {
-    "skills": [
-      "sector-financial",
-      "sector-telecom"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 2
+    "skill_count": 0
   },
   "KR": {
     "skills": [
       "age-gates-child-safety",
       "dlp-gap-analysis",
       "framework-gap-analysis",
-      "global-grc",
-      "supply-chain-integrity"
+      "global-grc"
     ],
     "example_excerpts": {},
-    "skill_count": 5
+    "skill_count": 4
   },
   "CL": {
     "skills": [],
@@ -371,8 +294,6 @@
   "IL": {
     "skills": [
       "ai-risk-management",
-      "api-security",
-      "cloud-iam-incident",
       "cloud-security",
       "container-runtime-security",
       "coordinated-vuln-disclosure",
@@ -394,7 +315,7 @@
       "webapp-security"
     ],
     "example_excerpts": {},
-    "skill_count": 22
+    "skill_count": 20
   },
   "CH": {
     "skills": [
@@ -423,74 +344,33 @@
   },
   "TW": {
     "skills": [
-      "cloud-security",
       "container-runtime-security",
-      "dlp-gap-analysis",
-      "framework-gap-analysis",
       "global-grc",
       "ot-ics-security",
       "pqc-first",
       "supply-chain-integrity"
     ],
     "example_excerpts": {},
-    "skill_count": 8
+    "skill_count": 5
   },
   "ID": {
     "skills": [
-      "age-gates-child-safety",
-      "ai-attack-surface",
-      "ai-c2-detection",
       "ai-risk-management",
-      "api-security",
-      "attack-surface-pentest",
-      "cloud-iam-incident",
-      "cloud-security",
-      "compliance-theater",
-      "container-runtime-security",
-      "coordinated-vuln-disclosure",
-      "defensive-countermeasure-mapping",
       "dlp-gap-analysis",
-      "email-security-anti-phishing",
-      "exploit-scoring",
       "framework-gap-analysis",
-      "fuzz-testing-strategy",
       "global-grc",
       "identity-assurance",
-      "idp-incident-response",
-      "incident-response-playbook",
-      "kernel-lpe-triage",
-      "mcp-agent-trust",
-      "mlops-security",
       "ot-ics-security",
-      "policy-exception-gen",
       "pqc-first",
-      "rag-pipeline-security",
-      "ransomware-response",
-      "researcher",
-      "sector-energy",
-      "sector-federal-government",
-      "sector-financial",
-      "sector-healthcare",
-      "sector-telecom",
-      "skill-update-loop",
-      "supply-chain-integrity",
-      "threat-model-currency",
-      "threat-modeling-methodology",
-      "webapp-security",
-      "zeroday-gap-learn"
+      "supply-chain-integrity"
     ],
     "example_excerpts": {},
-    "skill_count": 41
+    "skill_count": 8
   },
   "VN": {
-    "skills": [
-      "dlp-gap-analysis",
-      "framework-gap-analysis",
-      "global-grc",
-      "supply-chain-integrity"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 4
+    "skill_count": 0
   },
   "US_NYDFS": {
     "skills": [
@@ -520,33 +400,26 @@
   },
   "NO": {
     "skills": [
-      "mail-server-hardening",
       "sector-energy",
       "skill-update-loop"
     ],
     "example_excerpts": {},
-    "skill_count": 3
+    "skill_count": 2
   },
   "MX": {
-    "skills": [
-      "sector-financial"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 1
+    "skill_count": 0
   },
   "AR": {
-    "skills": [
-      "age-gates-child-safety"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 1
+    "skill_count": 0
   },
   "TR": {
-    "skills": [
-      "sector-telecom"
-    ],
+    "skills": [],
     "example_excerpts": {},
-    "skill_count": 1
+    "skill_count": 0
   },
   "TH": {
     "skills": [],

package/lib/auto-discovery.js

@@ -557,6 +557,14 @@ function extractAcronymFromGroupUri(uri) {
  * @param {object} opts  { cap?: number, sinceDays?: number }
  */
 async function discoverNewRfcs(ctx, opts = {}) {
+  // Air-gap: new-RFC discovery queries IETF Datatracker live (~one call per
+  // project working group). Refuse the egress under --air-gap so a fully
+  // offline run makes no network calls — the other discovery paths guard the
+  // same way. --from-cache alone (network-available host, e.g. the scheduled
+  // refresh) still discovers live; add --air-gap for a truly offline run.
+  if ((ctx && ctx.airGap === true) || process.env.EXCEPTD_AIR_GAP === "1") {
+    return { diffs: [], errors: 0, spilled: 0, summary: "RFC discovery: skipped under air-gap (no live Datatracker query)" };
+  }
   const cap = opts.cap ?? DEFAULT_CAP;
   const sinceDays = opts.sinceDays ?? 180;
   const cutoff = new Date(Date.now() - sinceDays * 86_400_000).toISOString().slice(0, 10);

package/lib/collectors/library-author.js

@@ -88,7 +88,7 @@ function looksLikePublishWorkflow(name, content) {
   // filename-prefix checks above are unaffected. A `#` inside a quoted string
   // is rare in workflow YAML and not load-bearing for these command probes
   // (stripping can only REMOVE comment text, never create a false match).
-  const code = content.replace(/#.*$/gm, '');
+  const code = stripYamlComments(content);
 
   // Explicit publish-shape commands — these are commitments to push
   // artifacts, not setup / scaffolding.
@@ -133,7 +133,22 @@ function hasIdTokenWriteAnyScope(content) {
   return /\bid-token:\s*write\b/.test(content);
 }
 
+// Strip YAML line-comments so a `#`-commented MENTION of a publish-shape
+// token / command / runner is not read as the real thing. The classifier
+// (looksLikePublishWorkflow) already does this; the indicator probes — and the
+// provenance / SBOM-capability probes in collect() — must use the same view,
+// or a comment produces a false (often deterministic) hit, and in the
+// provenance direction a commented `--provenance` would suppress a real gap
+// (a false negative on a security-relevant posture check).
+function stripYamlComments(content) {
+  return content.replace(/#.*$/gm, "");
+}
+
 function scanPublishWorkflow(content, rel) {
+  // Whole-content probes below run against a comment-stripped view. The
+  // `uses:` line scan stays on the raw lines — its anchored regex already
+  // rejects `#`-prefixed lines, so a commented `uses:` cannot match.
+  const code = stripYamlComments(content);
   const hits = {
     "publish-workflow-uses-static-token": [],
     "publish-workflow-no-id-token-write": [],
@@ -148,11 +163,13 @@ function scanPublishWorkflow(content, rel) {
   // NPM_TOKEN / PYPI_TOKEN / CARGO_TOKEN / RUBYGEMS_API_KEY /
   // GEM_HOST_API_KEY; expand to cover the common variants for each
   // ecosystem.
-  const usesStaticToken = /\bsecrets\.(NPM_TOKEN|PYPI_TOKEN|PYPI_API_TOKEN|CARGO_TOKEN|CARGO_REGISTRY_TOKEN|RUBYGEMS_API_KEY|GEM_HOST_API_KEY|MAVEN_TOKEN|MAVEN_CENTRAL_TOKEN|GH_TOKEN)\b/.test(content);
+  const usesStaticToken = /\bsecrets\.(NPM_TOKEN|PYPI_TOKEN|PYPI_API_TOKEN|CARGO_TOKEN|CARGO_REGISTRY_TOKEN|RUBYGEMS_API_KEY|GEM_HOST_API_KEY|MAVEN_TOKEN|MAVEN_CENTRAL_TOKEN|GH_TOKEN)\b/.test(code);
   // OIDC is available when THIS publish file declares `id-token: write` at
   // any scope (workflow or job). Scoped to the file by design — a sibling
-  // workflow's OIDC does not authenticate this publish job.
-  const hasIdTokenWrite = hasIdTokenWriteAnyScope(content);
+  // workflow's OIDC does not authenticate this publish job. Read from the
+  // comment-stripped view so a commented `id-token: write` cannot falsely
+  // satisfy the capability (which would suppress the static-token finding).
+  const hasIdTokenWrite = hasIdTokenWriteAnyScope(code);
   if (usesStaticToken && !hasIdTokenWrite) {
     hits["publish-workflow-uses-static-token"].push({ file: rel, line: 0, snippet: "publish workflow uses a static long-lived token (NPM_TOKEN / PYPI / Cargo / Maven) without id-token: write for OIDC" });
   }
@@ -186,15 +203,15 @@ function scanPublishWorkflow(content, rel) {
   // non-frozen-install: workflow uses `npm install` instead of `npm ci`,
   // or `pip install <pkg>` without `--require-hashes`, or `cargo
   // install` without `--locked`.
-  if (/\bnpm\s+install\b/.test(content) && !/\bnpm\s+ci\b/.test(content)) {
+  if (/\bnpm\s+install\b/.test(code) && !/\bnpm\s+ci\b/.test(code)) {
     hits["release-workflow-non-frozen-install"].push({ file: rel, line: 0, snippet: "publish workflow uses `npm install` rather than `npm ci` — lockfile is not enforced" });
   }
-  if (/\bcargo\s+(?:build|install)\b/.test(content) && !/--locked\b/.test(content) && !/--frozen\b/.test(content)) {
+  if (/\bcargo\s+(?:build|install)\b/.test(code) && !/--locked\b/.test(code) && !/--frozen\b/.test(code)) {
     hits["release-workflow-non-frozen-install"].push({ file: rel, line: 0, snippet: "cargo build/install without --locked / --frozen" });
   }
 
   // runs-on-self-hosted: any `runs-on: self-hosted` line.
-  if (/runs-on:\s*['"]?(?:self-hosted|\[?\s*self-hosted)/i.test(content)) {
+  if (/runs-on:\s*['"]?(?:self-hosted|\[?\s*self-hosted)/i.test(code)) {
     hits["publish-workflow-runs-on-self-hosted"].push({ file: rel, line: 0, snippet: "publish workflow runs on a self-hosted runner — non-ephemeral execution context" });
   }
 
@@ -265,7 +282,7 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
     try {
       const j = JSON.parse(pkgManifest.content);
       const manifestOptIn = j?.publishConfig?.provenance === true;
-      const workflowOptIn = publishWorkflows.some(w => /npm\s+publish[^\n]*--provenance\b/.test(w.content));
+      const workflowOptIn = publishWorkflows.some(w => /npm\s+publish[^\n]*--provenance\b/.test(stripYamlComments(w.content)));
       provenanceMissing = (manifestOptIn || workflowOptIn) ? "miss" : "hit";
     } catch (e) {
       errors.push({ artifact_id: "package-manifest", kind: "parse_failed", reason: `package.json: ${e.message}` });
@@ -414,7 +431,7 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
   // signed-attestation capability exists at release and the indicator
   // should not fire on the absence of a committed artifact.
   const releaseSbomCapable = publishWorkflows.some(w => {
-    const c = w.content;
+    const c = stripYamlComments(w.content);
     return (
       // SBOM-generation tooling invoked in the workflow.
       /cyclonedx/i.test(c) ||