npm - @blamejs/exceptd-skills - Versions diffs - 0.9.1 - Mend

@blamejs/exceptd-skills 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

package/AGENTS.md +232 -0
package/ARCHITECTURE.md +267 -0
package/CHANGELOG.md +616 -0
package/CONTEXT.md +203 -0
package/LICENSE +200 -0
package/NOTICE +82 -0
package/README.md +307 -0
package/SECURITY.md +73 -0
package/agents/README.md +81 -0
package/agents/report-generator.md +156 -0
package/agents/skill-updater.md +102 -0
package/agents/source-validator.md +119 -0
package/agents/threat-researcher.md +149 -0
package/bin/exceptd.js +183 -0
package/data/_indexes/_meta.json +88 -0
package/data/_indexes/activity-feed.json +362 -0
package/data/_indexes/catalog-summaries.json +229 -0
package/data/_indexes/chains.json +7135 -0
package/data/_indexes/currency.json +359 -0
package/data/_indexes/did-ladders.json +451 -0
package/data/_indexes/frequency.json +2072 -0
package/data/_indexes/handoff-dag.json +476 -0
package/data/_indexes/jurisdiction-clocks.json +967 -0
package/data/_indexes/jurisdiction-map.json +536 -0
package/data/_indexes/recipes.json +319 -0
package/data/_indexes/section-offsets.json +3656 -0
package/data/_indexes/stale-content.json +14 -0
package/data/_indexes/summary-cards.json +1736 -0
package/data/_indexes/theater-fingerprints.json +381 -0
package/data/_indexes/token-budget.json +2137 -0
package/data/_indexes/trigger-table.json +1374 -0
package/data/_indexes/xref.json +818 -0
package/data/atlas-ttps.json +282 -0
package/data/cve-catalog.json +496 -0
package/data/cwe-catalog.json +1017 -0
package/data/d3fend-catalog.json +738 -0
package/data/dlp-controls.json +1039 -0
package/data/exploit-availability.json +67 -0
package/data/framework-control-gaps.json +1255 -0
package/data/global-frameworks.json +2913 -0
package/data/rfc-references.json +324 -0
package/data/zeroday-lessons.json +377 -0
package/keys/public.pem +3 -0
package/lib/framework-gap.js +328 -0
package/lib/job-queue.js +195 -0
package/lib/lint-skills.js +536 -0
package/lib/prefetch.js +372 -0
package/lib/refresh-external.js +713 -0
package/lib/schemas/cve-catalog.schema.json +151 -0
package/lib/schemas/manifest.schema.json +106 -0
package/lib/schemas/skill-frontmatter.schema.json +113 -0
package/lib/scoring.js +149 -0
package/lib/sign.js +197 -0
package/lib/ttp-mapper.js +80 -0
package/lib/validate-catalog-meta.js +198 -0
package/lib/validate-cve-catalog.js +213 -0
package/lib/validate-indexes.js +83 -0
package/lib/validate-package.js +162 -0
package/lib/validate-vendor.js +85 -0
package/lib/verify.js +216 -0
package/lib/worker-pool.js +84 -0
package/manifest-snapshot.json +1833 -0
package/manifest.json +2108 -0
package/orchestrator/README.md +124 -0
package/orchestrator/dispatcher.js +140 -0
package/orchestrator/event-bus.js +146 -0
package/orchestrator/index.js +874 -0
package/orchestrator/pipeline.js +201 -0
package/orchestrator/scanner.js +327 -0
package/orchestrator/scheduler.js +137 -0
package/package.json +113 -0
package/sbom.cdx.json +158 -0
package/scripts/audit-cross-skill.js +261 -0
package/scripts/audit-perf.js +160 -0
package/scripts/bootstrap.js +205 -0
package/scripts/build-indexes.js +721 -0
package/scripts/builders/activity-feed.js +79 -0
package/scripts/builders/catalog-summaries.js +67 -0
package/scripts/builders/currency.js +109 -0
package/scripts/builders/cwe-chains.js +105 -0
package/scripts/builders/did-ladders.js +149 -0
package/scripts/builders/frequency.js +89 -0
package/scripts/builders/jurisdiction-clocks.js +126 -0
package/scripts/builders/recipes.js +159 -0
package/scripts/builders/section-offsets.js +162 -0
package/scripts/builders/stale-content.js +171 -0
package/scripts/builders/summary-cards.js +166 -0
package/scripts/builders/theater-fingerprints.js +198 -0
package/scripts/builders/token-budget.js +96 -0
package/scripts/check-manifest-snapshot.js +217 -0
package/scripts/predeploy.js +267 -0
package/scripts/refresh-manifest-snapshot.js +57 -0
package/scripts/refresh-sbom.js +222 -0
package/skills/age-gates-child-safety/skill.md +456 -0
package/skills/ai-attack-surface/skill.md +282 -0
package/skills/ai-c2-detection/skill.md +440 -0
package/skills/ai-risk-management/skill.md +311 -0
package/skills/api-security/skill.md +287 -0
package/skills/attack-surface-pentest/skill.md +381 -0
package/skills/cloud-security/skill.md +384 -0
package/skills/compliance-theater/skill.md +365 -0
package/skills/container-runtime-security/skill.md +379 -0
package/skills/coordinated-vuln-disclosure/skill.md +473 -0
package/skills/defensive-countermeasure-mapping/skill.md +300 -0
package/skills/dlp-gap-analysis/skill.md +337 -0
package/skills/email-security-anti-phishing/skill.md +206 -0
package/skills/exploit-scoring/skill.md +331 -0
package/skills/framework-gap-analysis/skill.md +374 -0
package/skills/fuzz-testing-strategy/skill.md +313 -0
package/skills/global-grc/skill.md +564 -0
package/skills/identity-assurance/skill.md +272 -0
package/skills/incident-response-playbook/skill.md +546 -0
package/skills/kernel-lpe-triage/skill.md +303 -0
package/skills/mcp-agent-trust/skill.md +326 -0
package/skills/mlops-security/skill.md +325 -0
package/skills/ot-ics-security/skill.md +340 -0
package/skills/policy-exception-gen/skill.md +437 -0
package/skills/pqc-first/skill.md +546 -0
package/skills/rag-pipeline-security/skill.md +294 -0
package/skills/researcher/skill.md +310 -0
package/skills/sector-energy/skill.md +409 -0
package/skills/sector-federal-government/skill.md +302 -0
package/skills/sector-financial/skill.md +398 -0
package/skills/sector-healthcare/skill.md +373 -0
package/skills/security-maturity-tiers/skill.md +464 -0
package/skills/skill-update-loop/skill.md +463 -0
package/skills/supply-chain-integrity/skill.md +318 -0
package/skills/threat-model-currency/skill.md +404 -0
package/skills/threat-modeling-methodology/skill.md +312 -0
package/skills/webapp-security/skill.md +281 -0
package/skills/zeroday-gap-learn/skill.md +350 -0
package/vendor/blamejs/LICENSE +201 -0
package/vendor/blamejs/README.md +54 -0
package/vendor/blamejs/_PROVENANCE.json +54 -0
package/vendor/blamejs/retry.js +335 -0
package/vendor/blamejs/worker-pool.js +418 -0

package/data/_indexes/handoff-dag.json ADDED Viewed

@@ -0,0 +1,476 @@
+{
+  "nodes": [
+    "age-gates-child-safety",
+    "ai-attack-surface",
+    "ai-c2-detection",
+    "ai-risk-management",
+    "api-security",
+    "attack-surface-pentest",
+    "cloud-security",
+    "compliance-theater",
+    "container-runtime-security",
+    "coordinated-vuln-disclosure",
+    "defensive-countermeasure-mapping",
+    "dlp-gap-analysis",
+    "email-security-anti-phishing",
+    "exploit-scoring",
+    "framework-gap-analysis",
+    "fuzz-testing-strategy",
+    "global-grc",
+    "identity-assurance",
+    "incident-response-playbook",
+    "kernel-lpe-triage",
+    "mcp-agent-trust",
+    "mlops-security",
+    "ot-ics-security",
+    "policy-exception-gen",
+    "pqc-first",
+    "rag-pipeline-security",
+    "researcher",
+    "sector-energy",
+    "sector-federal-government",
+    "sector-financial",
+    "sector-healthcare",
+    "security-maturity-tiers",
+    "skill-update-loop",
+    "supply-chain-integrity",
+    "threat-model-currency",
+    "threat-modeling-methodology",
+    "webapp-security",
+    "zeroday-gap-learn"
+  ],
+  "edges": {
+    "kernel-lpe-triage": [
+      "attack-surface-pentest",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "exploit-scoring",
+      "policy-exception-gen"
+    ],
+    "ai-attack-surface": [],
+    "mcp-agent-trust": [
+      "attack-surface-pentest",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "framework-gap-analysis",
+      "supply-chain-integrity"
+    ],
+    "framework-gap-analysis": [],
+    "compliance-theater": [],
+    "exploit-scoring": [
+      "ai-attack-surface",
+      "kernel-lpe-triage",
+      "mcp-agent-trust"
+    ],
+    "rag-pipeline-security": [
+      "ai-attack-surface",
+      "attack-surface-pentest",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "supply-chain-integrity"
+    ],
+    "ai-c2-detection": [
+      "attack-surface-pentest",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "mcp-agent-trust"
+    ],
+    "policy-exception-gen": [],
+    "threat-model-currency": [],
+    "global-grc": [],
+    "zeroday-gap-learn": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "kernel-lpe-triage",
+      "mcp-agent-trust"
+    ],
+    "pqc-first": [],
+    "skill-update-loop": [
+      "ai-c2-detection",
+      "ai-risk-management",
+      "api-security",
+      "cloud-security",
+      "container-runtime-security",
+      "coordinated-vuln-disclosure",
+      "defensive-countermeasure-mapping",
+      "email-security-anti-phishing",
+      "identity-assurance",
+      "incident-response-playbook",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "mlops-security",
+      "pqc-first",
+      "sector-energy",
+      "sector-federal-government",
+      "sector-financial",
+      "sector-healthcare",
+      "threat-model-currency",
+      "threat-modeling-methodology",
+      "webapp-security"
+    ],
+    "security-maturity-tiers": [],
+    "researcher": [
+      "age-gates-child-safety",
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "ai-risk-management",
+      "api-security",
+      "attack-surface-pentest",
+      "cloud-security",
+      "compliance-theater",
+      "container-runtime-security",
+      "coordinated-vuln-disclosure",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "email-security-anti-phishing",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "fuzz-testing-strategy",
+      "global-grc",
+      "identity-assurance",
+      "incident-response-playbook",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "mlops-security",
+      "ot-ics-security",
+      "policy-exception-gen",
+      "pqc-first",
+      "rag-pipeline-security",
+      "sector-energy",
+      "sector-federal-government",
+      "sector-financial",
+      "sector-healthcare",
+      "security-maturity-tiers",
+      "skill-update-loop",
+      "supply-chain-integrity",
+      "threat-model-currency",
+      "threat-modeling-methodology",
+      "webapp-security",
+      "zeroday-gap-learn"
+    ],
+    "attack-surface-pentest": [
+      "kernel-lpe-triage"
+    ],
+    "fuzz-testing-strategy": [],
+    "dlp-gap-analysis": [
+      "ai-c2-detection"
+    ],
+    "supply-chain-integrity": [
+      "mcp-agent-trust",
+      "pqc-first"
+    ],
+    "defensive-countermeasure-mapping": [
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "kernel-lpe-triage",
+      "policy-exception-gen",
+      "threat-model-currency",
+      "zeroday-gap-learn"
+    ],
+    "identity-assurance": [
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "mcp-agent-trust",
+      "pqc-first",
+      "supply-chain-integrity"
+    ],
+    "ot-ics-security": [
+      "ai-attack-surface",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "policy-exception-gen",
+      "supply-chain-integrity"
+    ],
+    "coordinated-vuln-disclosure": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "fuzz-testing-strategy",
+      "global-grc",
+      "rag-pipeline-security",
+      "supply-chain-integrity",
+      "zeroday-gap-learn"
+    ],
+    "threat-modeling-methodology": [
+      "ai-attack-surface",
+      "defensive-countermeasure-mapping",
+      "framework-gap-analysis",
+      "mcp-agent-trust",
+      "rag-pipeline-security",
+      "researcher",
+      "threat-model-currency",
+      "zeroday-gap-learn"
+    ],
+    "webapp-security": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "attack-surface-pentest",
+      "defensive-countermeasure-mapping",
+      "fuzz-testing-strategy",
+      "identity-assurance",
+      "supply-chain-integrity",
+      "threat-modeling-methodology"
+    ],
+    "ai-risk-management": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "mcp-agent-trust",
+      "rag-pipeline-security",
+      "threat-modeling-methodology",
+      "zeroday-gap-learn"
+    ],
+    "sector-healthcare": [
+      "ai-attack-surface",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "dlp-gap-analysis",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "mcp-agent-trust",
+      "ot-ics-security",
+      "policy-exception-gen",
+      "supply-chain-integrity"
+    ],
+    "sector-financial": [
+      "ai-attack-surface",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "dlp-gap-analysis",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "mcp-agent-trust",
+      "policy-exception-gen",
+      "supply-chain-integrity"
+    ],
+    "sector-federal-government": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "pqc-first",
+      "supply-chain-integrity"
+    ],
+    "sector-energy": [
+      "ai-attack-surface",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "ot-ics-security",
+      "policy-exception-gen",
+      "rag-pipeline-security",
+      "supply-chain-integrity"
+    ],
+    "api-security": [
+      "ai-c2-detection",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "identity-assurance",
+      "mcp-agent-trust",
+      "webapp-security"
+    ],
+    "cloud-security": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "api-security",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "ot-ics-security",
+      "policy-exception-gen",
+      "supply-chain-integrity"
+    ],
+    "container-runtime-security": [
+      "ai-attack-surface",
+      "ai-risk-management",
+      "attack-surface-pentest",
+      "cloud-security",
+      "compliance-theater",
+      "defensive-countermeasure-mapping",
+      "exploit-scoring",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "kernel-lpe-triage",
+      "mcp-agent-trust",
+      "mlops-security",
+      "policy-exception-gen",
+      "rag-pipeline-security",
+      "sector-federal-government",
+      "sector-financial",
+      "supply-chain-integrity"
+    ],
+    "mlops-security": [
+      "ai-attack-surface",
+      "ai-risk-management",
+      "cloud-security",
+      "container-runtime-security",
+      "coordinated-vuln-disclosure",
+      "mcp-agent-trust",
+      "pqc-first",
+      "rag-pipeline-security",
+      "supply-chain-integrity"
+    ],
+    "incident-response-playbook": [
+      "ai-attack-surface",
+      "ai-c2-detection",
+      "attack-surface-pentest",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "defensive-countermeasure-mapping",
+      "dlp-gap-analysis",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "mcp-agent-trust",
+      "rag-pipeline-security",
+      "sector-energy",
+      "sector-federal-government",
+      "sector-financial",
+      "sector-healthcare",
+      "skill-update-loop",
+      "supply-chain-integrity",
+      "threat-model-currency",
+      "zeroday-gap-learn"
+    ],
+    "email-security-anti-phishing": [
+      "ai-attack-surface",
+      "compliance-theater",
+      "dlp-gap-analysis",
+      "identity-assurance",
+      "incident-response-playbook",
+      "sector-financial"
+    ],
+    "age-gates-child-safety": [
+      "ai-attack-surface",
+      "ai-risk-management",
+      "compliance-theater",
+      "coordinated-vuln-disclosure",
+      "dlp-gap-analysis",
+      "framework-gap-analysis",
+      "global-grc",
+      "identity-assurance",
+      "incident-response-playbook",
+      "sector-healthcare"
+    ]
+  },
+  "in_degree": {
+    "age-gates-child-safety": 1,
+    "ai-attack-surface": 19,
+    "ai-c2-detection": 11,
+    "ai-risk-management": 5,
+    "api-security": 3,
+    "attack-surface-pentest": 13,
+    "cloud-security": 4,
+    "compliance-theater": 16,
+    "container-runtime-security": 3,
+    "coordinated-vuln-disclosure": 9,
+    "defensive-countermeasure-mapping": 16,
+    "dlp-gap-analysis": 13,
+    "email-security-anti-phishing": 2,
+    "exploit-scoring": 10,
+    "framework-gap-analysis": 15,
+    "fuzz-testing-strategy": 3,
+    "global-grc": 12,
+    "identity-assurance": 15,
+    "incident-response-playbook": 4,
+    "kernel-lpe-triage": 10,
+    "mcp-agent-trust": 18,
+    "mlops-security": 3,
+    "ot-ics-security": 4,
+    "policy-exception-gen": 9,
+    "pqc-first": 6,
+    "rag-pipeline-security": 8,
+    "researcher": 1,
+    "sector-energy": 3,
+    "sector-federal-government": 4,
+    "sector-financial": 5,
+    "sector-healthcare": 4,
+    "security-maturity-tiers": 1,
+    "skill-update-loop": 2,
+    "supply-chain-integrity": 15,
+    "threat-model-currency": 5,
+    "threat-modeling-methodology": 4,
+    "webapp-security": 3,
+    "zeroday-gap-learn": 6
+  },
+  "out_degree": {
+    "age-gates-child-safety": 10,
+    "ai-attack-surface": 0,
+    "ai-c2-detection": 5,
+    "ai-risk-management": 13,
+    "api-security": 6,
+    "attack-surface-pentest": 1,
+    "cloud-security": 15,
+    "compliance-theater": 0,
+    "container-runtime-security": 18,
+    "coordinated-vuln-disclosure": 12,
+    "defensive-countermeasure-mapping": 6,
+    "dlp-gap-analysis": 1,
+    "email-security-anti-phishing": 6,
+    "exploit-scoring": 3,
+    "framework-gap-analysis": 0,
+    "fuzz-testing-strategy": 0,
+    "global-grc": 0,
+    "identity-assurance": 6,
+    "incident-response-playbook": 20,
+    "kernel-lpe-triage": 5,
+    "mcp-agent-trust": 5,
+    "mlops-security": 9,
+    "ot-ics-security": 12,
+    "policy-exception-gen": 0,
+    "pqc-first": 0,
+    "rag-pipeline-security": 5,
+    "researcher": 37,
+    "sector-energy": 14,
+    "sector-federal-government": 9,
+    "sector-financial": 12,
+    "sector-healthcare": 12,
+    "security-maturity-tiers": 0,
+    "skill-update-loop": 21,
+    "supply-chain-integrity": 2,
+    "threat-model-currency": 0,
+    "threat-modeling-methodology": 8,
+    "webapp-security": 8,
+    "zeroday-gap-learn": 4
+  }
+}