@blamejs/exceptd-skills 0.16.8 → 0.16.10

package/sbom.cdx.json

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:edc59db6-7583-47af-89d4-a011644eb720",
+  "serialNumber": "urn:uuid:8bb2d8cc-10a2-40a8-a3e7-67aba4a5fe06",
   "version": 1,
   "metadata": {
-    "timestamp": "2152-05-30T17:32:38.000Z",
+    "timestamp": "2100-04-09T18:45:32.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.8"
+        "version": "0.16.10"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.8",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.10",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.8",
+      "version": "0.16.10",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.8",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.10",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4231721845cfad2bc3346fca7fc93ee4dd664c1bd9747952eafe9c993a420d98"
+          "content": "6645aae260375bdfd45fef3a154848cb7b71634e0cb8a5063beacce54ed78dc6"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.8"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.10"
         },
         {
           "type": "vcs",
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "963387543ca010697a5d14958a1845d2b30a405af7ea722dfa3ea110b262cbad"
+          "content": "00756e446fca3d66af2838dee91d30f591e5f8a179c97683eaebe4b3495a27d6"
         },
         {
           "alg": "SHA3-512",
-          "content": "5efad16b8e3becc1f955373d3f384d91dfc5c21fa9c57f6c924a9eacefb1db85bfb27cc38b90f185435053e5b5daec1ba87358be59edd95ff32ee3582d926286"
+          "content": "ebe3f08786809489c762ec4cc294b9f78124013d44ce82e77c2fb501cd49b0c1692c380881829e4e301a2c786fcbf2edf871d480fd006ef3dc72b0f1f3bfe66a"
         }
       ]
     },
@@ -296,11 +296,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251"
+          "content": "f66b456cf82a3c20575d8479de41f7b11b7ee5693eb1fcf64a67e162ae1b88a2"
         },
         {
           "alg": "SHA3-512",
-          "content": "d7e91c15d5fcfb02a9b69847255e1413e091defff35d28bb430a5203771256228bd4bd3abd0e596509ecd43dd727666fddd30dc22781b9c5825afae194f8d5df"
+          "content": "ac0a2fb2d7ecfd6dee341a59decaba6392c537c828ff03418f8b981dfbd5ed5e1d832ad1080c2b928444e8cb8d611de602064df278ab56a9bee235e4e180256e"
         }
       ]
     },
@@ -311,11 +311,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "318bf8e9c5aee1d0a4a1dc37c4b211f2fbc937bf332a401a22483cc7d0547252"
+          "content": "c39f28e3402ef13ad9b7076819f63fda67a22f97e3e375cfe01c4a4e0beff7c9"
         },
         {
           "alg": "SHA3-512",
-          "content": "d929874af7a8091416f2adc116fcfe98383325c83ece819a3e07320e29b4d8645b27256a662a6fff3267156ff70cfe2f53d7b0a82b5f249902c495f5d668b962"
+          "content": "3a28ad5f73ae2db91948756336ba523c2158b3c0000676c12db8309daca3d601103d4231e7e5ad4a3788c06c7d98257bc3b38c797a200ca7f88b5ff059d3a8d2"
         }
       ]
     },
@@ -326,11 +326,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1aac7e75eae24ece2ef09d1c63977bdd7a1f81a9f11609ebb966109be316426c"
+          "content": "8264da4534d39c9493cfcd18acf7e38ed47ce2a81be15afd5a3f4baf1d504929"
         },
         {
           "alg": "SHA3-512",
-          "content": "24df35aa1e38b1d24d29957e06da86e71cce646d6b21a1e5b326e752803cca5441a0d618a763f5648a10cbda50728d8fc28e94dcee3e54eab4a081ee3ebdb156"
+          "content": "9cc4838794d659360d86b85f03ca8eebd7233c5a4f50ff83bccd6c962efedc3f9ca7c63cb7c35fef3e798cbca6d35d914da560bf02d63739c01007d0f56edb9a"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b0e4d8f90b655b2b35b1e91c682ee66f2aa51ae5d38efb14f0e1b77f75ec5f7b"
+          "content": "5def8d82bbe51382ec55fc7186722974077e1289194e4ea002df0e3c52c6a017"
         },
         {
           "alg": "SHA3-512",
-          "content": "ac9ca3b420093c62dd5a53b0349f1d5e9f10f90c958d0ab921654bd0bcf674d3aef478fc5bc3d359a224b03cd26b32578fe162f55ba2423c37c0061aaa80c862"
+          "content": "59c7a63a85811aa46842b2a7888998e61983752bc3975ac65b69cf54ebea5a16d4f553690b4c2bc8afadf995d32435cdcbe5b77dc9825de2f7fccf0bb4c02fe7"
         }
       ]
     },
@@ -401,11 +401,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "49cfbcaf0f27662db7e12340839c29f05d4ae31bc255dc9fa49ad1b4a45d0fa3"
+          "content": "3f9ad83198da40d920e70933e615ac14ade4add037e1c664586c2ee3524edec4"
         },
         {
           "alg": "SHA3-512",
-          "content": "677e753faee573812cfcb3b33e351b36430b38d36c409149a471b0561139ba1dccc23f1a15c9b836f0c5c7384abaa5dc7a56b3f0d8c747fc7d5f216f03911028"
+          "content": "f4dd727e8d0b14ffc17e60437cd4904158242938c00d6b1217a528925a2628bae4783bdfa912da4776102d8a42634857e3cdcd600bd7691e1cfeb9efcd24f60e"
         }
       ]
     },
@@ -806,11 +806,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c7419ef8265a8385ab29e37e3f3237f120dd2fa448692f9dc1aa2fd79339fc76"
+          "content": "b6403d31f06e8f081217c338d2d5c515f8352295fbf58395f3c571cd95a05de0"
         },
         {
           "alg": "SHA3-512",
-          "content": "7aea30cb368c94ff5e9fa3d1d6e60a71f81a1c36d5b358310b372b99d1e448ff5c19c34f2fb33316841906e3f988bc305a8c9c158d9fb33c62b91538a56fcde5"
+          "content": "20acd5641af244666e023470670fd6dede0c58a0d750ff013e0fcf9b003a19d85abaf9803a414509642d2f8f6d6eba7e229ac506e112165c9db4471c4d8fcaea"
         }
       ]
     },
@@ -1166,11 +1166,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3af0fa9ef45578fb8eb63f448c20ef5a6f347fbbee948e812de8e03960ef0efa"
+          "content": "069a323205aa0ee280661b9bd1b85bb4d35ea547f7f5dfdd24ea545d14ef492f"
         },
         {
           "alg": "SHA3-512",
-          "content": "51304eff2510afd251adbf0a16b6ef049d9df7d9e8670a6412443b083fb68559ed63666df8486a1e1c044c00ace4735237d227ab0c4a264fe6edcc1467462e44"
+          "content": "ff9b24c9197e80129933c1f2b89e820ebdbd401ef50b9e255723de04c959f81b0abef396bca24f0e8236b9048ff7fd516219a12f753d8297120d7ebe1af1c9de"
         }
       ]
     },
@@ -1226,11 +1226,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "601eedde3731699669bd3b99f53ea1c06bf50c43f09ce49f68da86339d1eaae3"
+          "content": "eb1a3820bba3203967c6057f12cd594e18f3044d966e1c7c1ba17757d902559f"
         },
         {
           "alg": "SHA3-512",
-          "content": "5e2ec6e21f88650c45a802486027091c95e4f4f9a1b8c43af15eaf2ac3b38fe632e7f9fcafde417705693c58587e17228fcec606459596792b168191fca2401a"
+          "content": "1a0acc79ebea7cb9d80cde43503c14f14342ccffda834752c2f29215aacfba46a9d120e78c544cd389e6023ccaa519b829dc82eb4f4de6ed1d4ca2ce2ee06e97"
         }
       ]
     },
@@ -1301,11 +1301,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "aa2c68cf9479becaaf9583f8a36c257f0d7550a49a8ecb9d1ddcdfede76d21af"
+          "content": "0ce41dee14acf7998866f5adb63502b614b5501acf8f88c37cd277c96b91a87c"
         },
         {
           "alg": "SHA3-512",
-          "content": "1f3c09e2469da54138c896a25807a3ee1ca74813670d0e14b7adb151466fc3e391227a535779379d59c681225747685081f3a38a9a9a64d021c8ac961d2d16d0"
+          "content": "58f6d75ff97f64633937bef489fdfefd6cf331115109cab30b2064cf3aebfaaddde6c973fa71b31bb44f06ecb485751ee9137e11f528a61b329b4699d53a4041"
         }
       ]
     },
@@ -1316,11 +1316,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "279c195af8a5c5304e4e3b99a06deb8c96b6de037b7df218f1426a3a3dd31328"
+          "content": "68bc62828f28047b5f09da9e5fa3c2cc3ed98d965c1a43dbf51b9fa7e45ec1a1"
         },
         {
           "alg": "SHA3-512",
-          "content": "62c93cead7f0749b9ec8462735a16ebef7ba85f8bd1a88e583e68a78486d96baa1372aabc1f958d5fb3237a9d82d05d05ba449ea94110c540f36fbee8c720a4e"
+          "content": "c05800e93846fb755ded51be74047d84d032eeff9f5a0b818b1abc16f76c7032181ded4d5cf054d0387c3d7f2d71095f55a7a42c7f4c2764ec0115300ce75c85"
         }
       ]
     },
@@ -1451,11 +1451,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "ed49d69da4ef5acb4fd827deaaaf280bd6317a5defa96f6fa5696dc96c2929b4"
+          "content": "70fda3a2033d461f3ef1ac7e4bf259c9fe78090f1a1f5c09eb72dbf927e59955"
         },
         {
           "alg": "SHA3-512",
-          "content": "cee40245e9bb979c399942241faf038e95adb38ad66b6f3e70ba6034b78f774241310369773bd9ab36ceb0af1fe92e8f8b7e9b9965b3f629ab2847152f892530"
+          "content": "8547b087e1881cf58a55fd0aab186441f508ad226be0ab4aa3efd13a0e864af776f29576e25df9b4324ec7a4712bb3476faac5ed63a226a6ff71d225c297c969"
         }
       ]
     },
@@ -1631,11 +1631,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b6a9cc3871cd272304fe55c7b979b8efe4d458217f7faadd750b3235a23cd986"
+          "content": "fe42cfd0758cb2709dc7dad91c4e47b495d6ebf984b00ace2422de34e744d35f"
         },
         {
           "alg": "SHA3-512",
-          "content": "a0e8c965e7cfbfa5d6db032579de719d0aec55536f9c9fa734c0deef5367298b67b89f809fe34d9049bf3dda03834212865d95df4c1aeda23c1653483d67046e"
+          "content": "a06a61b0f278a5973c0e4d6398d1688a574dec3442ca9823d0b4c5f37d1cb1cab47e8575580051b56e34829f8e22195ded1f4f57bdc3925ca32edae3e4c8839f"
         }
       ]
     },
@@ -1751,11 +1751,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0825ef3b994fdd539cd0ab3104e953ef4c176178b557d67ccf9e480d1eb246bb"
+          "content": "b2f7ad163ce22cedc2a990633761b25d3f436012c20dc162739959f92220161f"
         },
         {
           "alg": "SHA3-512",
-          "content": "757238fcd49b3e35868485d383b72c210c2608f2963c957ff4c9c758fbd7826240121dfe417a8a2f7f265bcd51d3fc27c1eb0ae03baad165cc8730303b77a539"
+          "content": "342cee9e227424456314cbbdf150ee9a4077ea00d2ae87d58e5301d80492af5cf7f38f1d0aa7f66751c77e7345ddefb40bb5f2ba58921d665985654dce7cfa0c"
         }
       ]
     },
@@ -2201,11 +2201,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "7cb063cd9a7179fa0e279273766be15011ea977e9b6601dd3cd4ca696d27abe1"
+          "content": "7ef5ed5d9a6dd68b2d43419d7fa2d0408eb8b57b69588e51db136aa0f29e82a6"
         },
         {
           "alg": "SHA3-512",
-          "content": "d96a6d849df087061fde018299c2c1c96f3c92738a8f650c53bdef1148e10a92f77be29568a0145f4eaa522489843ac84a43d96bd48e4b66a5ab02d8d3c3c5f7"
+          "content": "b96dad01e1385bc17bb1fa54d2f0d86558063856c12401fca1d96a01869de984b87cf5c54ded025a5f93762c109385ef6aed5552abff36070e281810ae063db8"
         }
       ]
     },
@@ -2216,11 +2216,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "576480c2ad29550a06e5a3e48b7dae04aadc1b505d76e3a5b1db9179d61263c4"
+          "content": "bd449efbfde0263c17aa1d2cf4ff57f39f8221e78a7f8eb62392b522acc7f3b8"
         },
         {
           "alg": "SHA3-512",
-          "content": "e3370698400f8b807680cebda861e73acedbf1602c9a7c2a8372c2285b2f88650a9d6e2931ebdb2cb229ad23e7c592787dea15a91adea5b4a854c6fc6842d38a"
+          "content": "1a7ecda566d16f89d15d721ca491962344fe9f011c27126f48cde5fb887405d5be5a28dac1892add97fd7316ab2204aa69020ede2bc1c43db4d988b45c1f1dea"
         }
       ]
     },
@@ -2486,11 +2486,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "f199cc754f202fa994c1769af5e02a4ef995ee02e87221422b00f945b03e99db"
+          "content": "1e140b2a035043d72cfb1a46e57751bbb2d4b3d39ecc73b48c28625b260e17f3"
         },
         {
           "alg": "SHA3-512",
-          "content": "d504c65cda545acda811997487ca8b6fef3ee5b5447b537f502295d5f6f4266cb2ecb743389b04aa2b6118b021af6f2ce9c6f00e44cf60bd7c06b72456a500f8"
+          "content": "f027c768c24cd0c5a4aff871afe82482a7ee655a56a69ab0d95662609a95fb28a31a3b4aa1108f879bdbf59ce097a6536e931c128105a7d93436e6eed59bfd82"
         }
       ]
     },

package/scripts/check-codebase-patterns-currency.js

@@ -30,7 +30,7 @@ const ROOT = path.resolve(__dirname, "..");
 // Every key here was classified (adopted / already-owned / helper-dependent /
 // out-of-scope). A class appearing upstream but absent here is NEW and wants
 // triage. Refresh this list (and re-triage the delta) when this check fires.
-const UPSTREAM_TRIAGED = Object.freeze([
+const UPSTREAM_TRIAGED = Object.freeze([ // keep-sorted
   "ai-disclosure-on-request-without-requested-gate",
   "archive-gz-without-safedecompress",
   "archive-wrap-partial-recipient",
@@ -59,7 +59,6 @@ const UPSTREAM_TRIAGED = Object.freeze([
   "math-random-noncrypto",
   "nfinity",
   "no-number-money-arithmetic",
-  "numeric-opt-no-bounds-check",
   "primitive-unreachable",
   "process-exit",
   "raw-byte-literal",

package/scripts/check-codebase-patterns.js

@@ -19,6 +19,11 @@
  *       VALID_ALLOW_CLASSES, or is missing the `— <reason>` tail. A typo'd
  *       marker suppresses nothing, so the underlying violation would ship
  *       unflagged — this meta-guard keeps the marker mechanism trustworthy.
+ *   - unsorted-marked-array : a flat string array tagged `// keep-sorted` that
+ *       drifted out of alphabetical order. Opt-in — only marked arrays are
+ *       checked, so a one-time allowlist sort becomes a standing guarantee.
+ *   - misaligned-marked-run : a `// keep-aligned` const/weight table whose
+ *       `=`/`:` assignment columns are not all equal. Opt-in, same shape.
  *
  * Exceptions live at the violation site, not in this file:
  *   - file-level, in the first 50 lines:  // codebase-patterns:allow-file <class> — <reason>
@@ -42,6 +47,8 @@ const VALID_ALLOW_CLASSES = Object.freeze({
   "process-exit-after-stdout-write": true,
   "dynamic-regex": true,
   "bidi-codepoint-literal": true,
+  "unsorted-marked-array": true,
+  "misaligned-marked-run": true,
 });
 
 const EXCLUDE_DIRS = new Set([
@@ -272,6 +279,91 @@ function detectOrphanAllowClass(files) {
   return hits;
 }
 
+// ---- opt-in readability detectors (preventative) -------------------------
+// These fire ONLY on sites that explicitly opt in via a marker, so unmarked
+// code is never flagged. They turn a one-time cleanup (sorting an allowlist,
+// aligning a const table) into a standing guarantee: mark the cleaned site and
+// the gate keeps it clean.
+
+// `// keep-sorted` marks a flat string-literal array that must stay
+// alphabetically sorted (e.g. an allowlist). Only arrays whose opening line
+// carries the marker are checked; arrays containing object/nested elements are
+// skipped (not a flat string list).
+function scanUnsortedMarkedArray(rel, lines) {
+  const hits = [];
+  for (let i = 0; i < lines.length; i++) {
+    if (!/\/\/\s*keep-sorted\b/.test(lines[i])) continue;
+    const openIdx = lines[i].indexOf("[");
+    if (openIdx === -1) continue;
+    let depth = 0, started = false, body = "";
+    for (let j = i; j < lines.length; j++) {
+      const seg = (j === i) ? lines[j].slice(openIdx) : lines[j];
+      for (const ch of seg) {
+        if (ch === "[") { depth++; started = true; }
+        else if (ch === "]") { depth--; }
+      }
+      body += " " + seg;
+      if (started && depth <= 0) break;
+    }
+    if (/[{]/.test(body)) continue; // object/nested elements — not a flat string array
+    const strs = [];
+    const re = /(['"])((?:\\.|(?!\1).)*)\1/g;
+    let m;
+    while ((m = re.exec(body)) !== null) strs.push(m[2]);
+    if (strs.length < 2) continue;
+    const sorted = [...strs].sort((a, b) => (a < b ? -1 : a > b ? 1 : 0));
+    if (strs.join("") !== sorted.join("")) {
+      const k = strs.findIndex((s, idx) => idx > 0 && strs[idx - 1] > s);
+      hits.push({ file: rel, line: i + 1, content: lines[i].trim(), why: `marked // keep-sorted but "${strs[k]}" is out of alphabetical order` });
+    }
+  }
+  return hits;
+}
+function detectUnsortedMarkedArray(files) {
+  const hits = [];
+  for (const rel of (files || filesUnder(["bin/exceptd.js", "lib", "orchestrator", "scripts"]))) {
+    if (rel === "scripts/check-codebase-patterns.js") continue; // holds the detector + its own marker prose
+    hits.push(...scanUnsortedMarkedArray(rel, readLines(rel)));
+  }
+  return hits;
+}
+
+// `// keep-aligned` marks a contiguous run of `IDENT = value` / `IDENT: value`
+// lines (a const/weight table) whose assignment columns must all line up. The
+// run is the lines immediately after the marker, until a blank or non-assignment
+// line. Opt-in, so only deliberately-aligned tables are enforced.
+function scanMisalignedMarkedRun(rel, lines) {
+  const hits = [];
+  for (let i = 0; i < lines.length; i++) {
+    if (!/\/\/\s*keep-aligned\b/.test(lines[i])) continue;
+    const run = [];
+    for (let j = i + 1; j < lines.length; j++) {
+      if (/^\s*$/.test(lines[j])) break;
+      const code = stripLineComment(lines[j]).replace(/\s+$/, "");
+      const m = code.match(/^(\s*[A-Za-z_$][\w$.'"-]*\s*)([:=])\s/);
+      if (!m) break;
+      run.push({ lineNo: j + 1, col: m[1].length, op: m[2], content: lines[j].trim() });
+    }
+    if (run.length < 2) continue;
+    const op = run[0].op;
+    const cols = run.filter((r) => r.op === op).map((r) => r.col);
+    const target = Math.max(...cols);
+    const bad = run.find((r) => r.op === op && r.col !== target);
+    if (bad) {
+      hits.push({ file: rel, line: bad.lineNo, content: bad.content, why: `marked // keep-aligned but the '${op}' columns are not all equal` });
+    }
+  }
+  return hits;
+}
+function detectMisalignedMarkedRun(files) {
+  const hits = [];
+  for (const rel of (files || filesUnder(["bin/exceptd.js", "lib", "orchestrator", "scripts"]))) {
+    if (rel === "scripts/check-codebase-patterns.js") continue;
+    hits.push(...scanMisalignedMarkedRun(rel, readLines(rel)));
+  }
+  return hits;
+}
+
 const CLASSES = [
   {
     id: "process-exit-after-stdout-write",
@@ -282,9 +374,21 @@ const CLASSES = [
   {
     id: "dynamic-regex",
     run: detectDynamicRegex,
-    warnOnly: true, // flip to false next release once the known sites carry markers
+    warnOnly: false,
     hint: "RegExp from operator input is a ReDoS sink — anchor + length-cap, or `// allow:dynamic-regex — <reason>` when the pattern is a trusted bundled schema",
   },
+  {
+    id: "unsorted-marked-array",
+    run: detectUnsortedMarkedArray,
+    warnOnly: false,
+    hint: "a flat string array tagged `// keep-sorted` drifted out of alphabetical order — re-sort it, or drop the marker if the order is intentional",
+  },
+  {
+    id: "misaligned-marked-run",
+    run: detectMisalignedMarkedRun,
+    warnOnly: false,
+    hint: "a `// keep-aligned` const/weight table has uneven assignment columns — realign the `=`/`:` columns, or drop the marker",
+  },
   {
     id: "bidi-codepoint-literal",
     run: detectBidiCodepointLiteral,
@@ -331,6 +435,10 @@ module.exports = {
   detectDynamicRegex,
   detectBidiCodepointLiteral,
   detectOrphanAllowClass,
+  detectUnsortedMarkedArray,
+  detectMisalignedMarkedRun,
+  scanUnsortedMarkedArray,
+  scanMisalignedMarkedRun,
   filesUnder,
 };
 

package/scripts/release.js

@@ -11,7 +11,7 @@
  *
  * Usage:
  *   node scripts/release.js prepare [--minor]   # bump + sign + indexes + snapshot + sbom + baseline
- *   node scripts/release.js gates               # npm test + 18-gate predeploy
+ *   node scripts/release.js gates               # npm test + 20-gate predeploy
  *   node scripts/release.js commit              # release branch + signed commit
  *   node scripts/release.js push                # push branch + open PR
  *   node scripts/release.js watch               # CI watch + flag unresolved review threads
@@ -576,7 +576,7 @@ function cmdHelp() {
   console.log("");
   console.log("Usage:");
   console.log("  node scripts/release.js prepare [--minor]   # bump + sign + indexes + snapshot + sbom + baseline");
-  console.log("  node scripts/release.js gates               # npm test + 18-gate predeploy");
+  console.log("  node scripts/release.js gates               # npm test + 20-gate predeploy");
   console.log("  node scripts/release.js commit              # release branch + signed commit");
   console.log("  node scripts/release.js push                # push branch + open PR");
   console.log("  node scripts/release.js watch               # CI watch + flag unresolved review threads");