@blamejs/exceptd-skills 0.9.1

package/lib/sign.js

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Skill signing utility — Ed25519 keypair management and skill signing.
+ *
+ * The private key never enters this repository. It is stored at .keys/private.pem
+ * which is gitignored. The public key at keys/public.pem is tracked and used
+ * by lib/verify.js for signature verification.
+ *
+ * Signing ceremony:
+ *   1. node lib/sign.js generate-keypair    — generate keypair (one time, per deployment)
+ *   2. node lib/sign.js sign-all            — sign all skills (after any content change)
+ *   3. node lib/verify.js                   — verify all signatures
+ *
+ * Key rotation:
+ *   1. node lib/sign.js generate-keypair --rotate    — generate new keypair, old sigs become invalid
+ *   2. node lib/sign.js sign-all                     — re-sign all skills with new key
+ *   3. Commit keys/public.pem update
+ *
+ * Usage:
+ *   node lib/sign.js generate-keypair [--rotate]   — generate Ed25519 keypair
+ *   node lib/sign.js sign-all                      — sign all skills in manifest
+ *   node lib/sign.js sign <skill-name>             — sign one skill
+ *   node lib/sign.js show-pubkey                   — print the public key
+ */
+
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+const ROOT = path.join(__dirname, '..');
+const MANIFEST_PATH = path.join(ROOT, 'manifest.json');
+const KEYS_DIR = path.join(ROOT, '.keys');
+const PUBLIC_KEYS_DIR = path.join(ROOT, 'keys');
+const PRIVATE_KEY_PATH = path.join(KEYS_DIR, 'private.pem');
+const PUBLIC_KEY_PATH = path.join(PUBLIC_KEYS_DIR, 'public.pem');
+
+// --- public API ---
+
+/**
+ * Generate an Ed25519 keypair.
+ * Private key → .keys/private.pem (gitignored)
+ * Public key → keys/public.pem (tracked)
+ *
+ * @param {{ rotate: boolean }} options
+ */
+function generateKeypair({ rotate = false } = {}) {
+  if (fs.existsSync(PRIVATE_KEY_PATH) && !rotate) {
+    console.error('[sign] Private key already exists at .keys/private.pem');
+    console.error('[sign] Use --rotate to generate a new keypair and invalidate existing signatures.');
+    process.exit(1);
+  }
+
+  fs.mkdirSync(KEYS_DIR, { recursive: true, mode: 0o700 });
+  fs.mkdirSync(PUBLIC_KEYS_DIR, { recursive: true });
+
+  const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519', {
+    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+    publicKeyEncoding: { type: 'spki', format: 'pem' }
+  });
+
+  fs.writeFileSync(PRIVATE_KEY_PATH, privateKey, { encoding: 'utf8', mode: 0o600 });
+  fs.writeFileSync(PUBLIC_KEY_PATH, publicKey, { encoding: 'utf8', mode: 0o644 });
+
+  if (rotate) {
+    console.log('[sign] Keypair rotated. All existing signatures are now invalid — run: node lib/sign.js sign-all');
+  } else {
+    console.log('[sign] Ed25519 keypair generated.');
+    console.log(`  Private key: .keys/private.pem (gitignored — do not commit)`);
+    console.log(`  Public key:  keys/public.pem (tracked — commit this)`);
+  }
+
+  console.log('\nNext steps:');
+  console.log('  1. node lib/sign.js sign-all    — sign all current skills');
+  console.log('  2. node lib/verify.js           — confirm all signatures');
+  console.log('  3. git add keys/public.pem && git commit -m "add signing public key"');
+}
+
+/**
+ * Sign all skills in manifest.json using the private key.
+ * Updates manifest.json with Ed25519 signatures.
+ */
+function signAll() {
+  const privateKey = loadPrivateKey();
+  const manifest = loadManifest();
+  let signed = 0;
+  let errors = 0;
+
+  for (const skill of manifest.skills) {
+    const skillPath = path.join(ROOT, skill.path);
+    if (!fs.existsSync(skillPath)) {
+      console.error(`[sign] SKIP ${skill.name}: file not found at ${skill.path}`);
+      errors++;
+      continue;
+    }
+    const content = fs.readFileSync(skillPath, 'utf8');
+    skill.signature = signContent(content, privateKey);
+    skill.signed_at = new Date().toISOString();
+    delete skill.sha256;
+    console.log(`[sign] Signed: ${skill.name}`);
+    signed++;
+  }
+
+  fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
+  console.log(`\n[sign] ${signed} skills signed. ${errors} errors.`);
+
+  if (errors > 0) process.exit(1);
+}
+
+/**
+ * Sign a single skill by name.
+ * @param {string} skillName
+ */
+function signOne(skillName) {
+  const privateKey = loadPrivateKey();
+  const manifest = loadManifest();
+  const skill = manifest.skills.find(s => s.name === skillName);
+  if (!skill) { console.error(`Skill not found: ${skillName}`); process.exit(1); }
+
+  const skillPath = path.join(ROOT, skill.path);
+  const content = fs.readFileSync(skillPath, 'utf8');
+  skill.signature = signContent(content, privateKey);
+  skill.signed_at = new Date().toISOString();
+  delete skill.sha256;
+
+  fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
+  console.log(`[sign] Signed: ${skillName}`);
+}
+
+// --- helpers ---
+
+function signContent(content, privateKey) {
+  const signature = crypto.sign(null, Buffer.from(content, 'utf8'), {
+    key: privateKey,
+    dsaEncoding: 'ieee-p1363'
+  });
+  return signature.toString('base64');
+}
+
+function loadPrivateKey() {
+  if (!fs.existsSync(PRIVATE_KEY_PATH)) {
+    console.error('[sign] No private key at .keys/private.pem');
+    console.error('[sign] Run: node lib/sign.js generate-keypair');
+    process.exit(1);
+  }
+  return fs.readFileSync(PRIVATE_KEY_PATH, 'utf8');
+}
+
+function loadManifest() {
+  return JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf8'));
+}
+
+// --- CLI ---
+
+if (require.main === module) {
+  const cmd = process.argv[2];
+  const arg = process.argv[3];
+
+  switch (cmd) {
+    case 'generate-keypair':
+      generateKeypair({ rotate: process.argv.includes('--rotate') });
+      break;
+    case 'sign-all':
+      signAll();
+      break;
+    case 'sign':
+      if (!arg) { console.error('Usage: node lib/sign.js sign <skill-name>'); process.exit(1); }
+      signOne(arg);
+      break;
+    case 'show-pubkey':
+      if (!fs.existsSync(PUBLIC_KEY_PATH)) {
+        console.error('[sign] No public key found. Run: node lib/sign.js generate-keypair');
+        process.exit(1);
+      }
+      process.stdout.write(fs.readFileSync(PUBLIC_KEY_PATH, 'utf8'));
+      break;
+    default:
+      console.log(`
+exceptd Skill Signing Utility
+
+Commands:
+  generate-keypair [--rotate]   Generate Ed25519 keypair (.keys/ is gitignored)
+  sign-all                      Sign all skills in manifest.json
+  sign <skill-name>             Sign one skill
+  show-pubkey                   Print the public key
+
+Signing ceremony (first time):
+  1. node lib/sign.js generate-keypair
+  2. node lib/sign.js sign-all
+  3. node lib/verify.js
+  4. git add keys/public.pem
+`);
+  }
+}
+
+module.exports = { generateKeypair, signAll, signOne };

package/lib/ttp-mapper.js

@@ -0,0 +1,80 @@
+'use strict';
+
+/**
+ * TTP Mapper — maps compliance framework control IDs to ATLAS/ATT&CK TTPs
+ * and surfaces gaps where controls fail to cover attacker techniques.
+ */
+
+function map(controlId, gapCatalog) {
+  const entry = gapCatalog[controlId];
+  if (!entry) return { control_id: controlId, found: false, message: 'Control not in gap catalog' };
+  return {
+    found: true,
+    control_id: controlId,
+    framework: entry.framework,
+    control_name: entry.control_name,
+    designed_for: entry.designed_for,
+    misses: entry.misses,
+    real_requirement: entry.real_requirement,
+    status: entry.status,
+    evidence_cves: entry.evidence_cves
+  };
+}
+
+function gapsFor(attackPattern, gapCatalog, atlasCatalog) {
+  const results = [];
+  for (const [controlId, entry] of Object.entries(gapCatalog)) {
+    if (controlId.startsWith('_')) continue;
+    if (entry.misses && entry.misses.some(m => m.toLowerCase().includes(attackPattern.toLowerCase()))) {
+      results.push({ control_id: controlId, framework: entry.framework, control_name: entry.control_name, gap: entry.misses });
+    }
+  }
+  if (results.length === 0) {
+    return { attack_pattern: attackPattern, found_gaps: false, message: 'No documented gaps for this pattern — verify manually' };
+  }
+  return { attack_pattern: attackPattern, found_gaps: true, controls_with_gap: results };
+}
+
+function coverage(frameworkId, ttpId, gapCatalog, atlasCatalog) {
+  const ttp = atlasCatalog[ttpId];
+  if (!ttp) return { ttp_id: ttpId, found: false };
+
+  // atlas-ttps.json uses controls_that_partially_help / controls_that_dont_help / framework_gap_detail
+  const partialControls = ttp.controls_that_partially_help || [];
+  const noHelpControls = ttp.controls_that_dont_help || [];
+  const gapDetail = ttp.framework_gap_detail || '';
+  const hasFrameworkGap = ttp.framework_gap === true;
+
+  // Check if the requested framework has any coverage in the partially-helpful controls
+  const frameworkPrefix = frameworkId.split('-')[0].toLowerCase();
+  const partial = partialControls.find(c => c.toLowerCase().includes(frameworkPrefix));
+  const noHelp = noHelpControls.find(c => c.toLowerCase().includes(frameworkPrefix));
+
+  return {
+    ttp_id: ttpId,
+    ttp_name: ttp.name,
+    framework: frameworkId,
+    has_gap: hasFrameworkGap,
+    partially_covered_by: partial || null,
+    not_covered_by: noHelp || null,
+    gap_detail: gapDetail,
+    detection: ttp.detection || null
+  };
+}
+
+function universalGaps() {
+  return [
+    { gap: 'AI pipeline integrity', no_framework_coverage: true },
+    { gap: 'MCP/agent tool trust boundaries', no_framework_coverage: true },
+    { gap: 'LLM prompt injection as access control failure', no_framework_coverage: true },
+    { gap: 'AI-as-C2 detection and response', no_framework_coverage: true },
+    { gap: 'Live kernel patching as required capability', no_framework_coverage: true, closest: 'ASD ISM-1623 (48h)' },
+    { gap: 'Ephemeral infrastructure asset inventory alternatives', no_framework_coverage: true },
+    { gap: 'AI-accelerated exploit weaponization in patch SLAs', no_framework_coverage: true },
+    { gap: 'RAG pipeline integrity and retrieval security', no_framework_coverage: true },
+    { gap: 'AI-generated phishing detection update requirement', no_framework_coverage: true },
+    { gap: 'Post-quantum cryptography migration mandate (non-NSS)', no_framework_coverage: true, closest: 'NSA CNSA 2.0 (NSS only)' }
+  ];
+}
+
+module.exports = { map, gapsFor, coverage, universalGaps };

package/lib/validate-catalog-meta.js

@@ -0,0 +1,198 @@
+#!/usr/bin/env node
+/*
+ * lib/validate-catalog-meta.js — assert every data/*.json carries the
+ * source-trust + freshness fields required by the audit follow-up:
+ *
+ *   _meta.tlp                 — Traffic Light Protocol marking
+ *   _meta.source_confidence   — Admiralty scheme (A-F + 1-6), with
+ *                                default rating and per-entry override note
+ *   _meta.freshness_policy    — review cadence + decay thresholds
+ *
+ * Per AGENTS.md rule #10 (no placeholder language), this validator
+ * rejects empty strings and the usual placeholder tokens. Rule #12
+ * (external data version pinning) is enforced informally — every catalog
+ * still needs its existing schema_version / last_updated fields, but
+ * those are validated by the existing per-catalog validators.
+ *
+ * Usage:
+ *   node lib/validate-catalog-meta.js
+ *   node lib/validate-catalog-meta.js --quiet
+ *
+ * Exit code:
+ *   0  all catalogs have the required _meta fields
+ *   1  one or more catalogs missing a required field
+ *   2  argv error
+ *
+ * No external dependencies. Node 24 stdlib only.
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const process = require('node:process');
+
+const REPO_ROOT = path.resolve(__dirname, '..');
+const DATA_DIR = path.join(REPO_ROOT, 'data');
+
+const REQUIRED_TLP_VALUES = new Set([
+  'CLEAR',
+  'GREEN',
+  'AMBER',
+  'AMBER+STRICT',
+  'RED',
+]);
+
+const PLACEHOLDER_TOKENS = [
+  /\btodo\b/i,
+  /\btbd\b/i,
+  /\bcoming soon\b/i,
+  /\bplaceholder\b/i,
+  /\bto be determined\b/i,
+];
+
+function parseArgs(argv) {
+  const opts = { quiet: false };
+  for (let i = 2; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === '--quiet' || a === '-q') opts.quiet = true;
+    else if (a === '--help' || a === '-h') {
+      console.log(
+        'Usage: node lib/validate-catalog-meta.js [--quiet]\n' +
+          '\n' +
+          '  --quiet   Suppress per-catalog PASS output; show failures only.\n',
+      );
+      process.exit(0);
+    } else {
+      console.error(`Unknown argument: ${a}`);
+      process.exit(2);
+    }
+  }
+  return opts;
+}
+
+function readJson(p) {
+  return JSON.parse(fs.readFileSync(p, 'utf8'));
+}
+
+function containsPlaceholder(s) {
+  if (typeof s !== 'string') return false;
+  return PLACEHOLDER_TOKENS.some((re) => re.test(s));
+}
+
+function validateMeta(catalogPath) {
+  const errors = [];
+  const data = readJson(catalogPath);
+  const meta = data._meta;
+
+  if (!meta || typeof meta !== 'object') {
+    return ['missing _meta block'];
+  }
+
+  /* tlp */
+  if (typeof meta.tlp !== 'string') {
+    errors.push('_meta.tlp is missing or not a string');
+  } else if (!REQUIRED_TLP_VALUES.has(meta.tlp)) {
+    errors.push(
+      `_meta.tlp "${meta.tlp}" not one of CLEAR/GREEN/AMBER/AMBER+STRICT/RED`,
+    );
+  }
+
+  /* source_confidence */
+  const sc = meta.source_confidence;
+  if (!sc || typeof sc !== 'object') {
+    errors.push('_meta.source_confidence is missing or not an object');
+  } else {
+    for (const field of ['scheme', 'default', 'note']) {
+      if (typeof sc[field] !== 'string' || sc[field].length === 0) {
+        errors.push(`_meta.source_confidence.${field} missing or empty`);
+      } else if (containsPlaceholder(sc[field])) {
+        errors.push(
+          `_meta.source_confidence.${field} contains placeholder language`,
+        );
+      }
+    }
+    if (typeof sc.default === 'string' && !/^[A-F][1-6]$/.test(sc.default)) {
+      errors.push(
+        `_meta.source_confidence.default "${sc.default}" is not Admiralty form ([A-F][1-6])`,
+      );
+    }
+  }
+
+  /* freshness_policy */
+  const fp = meta.freshness_policy;
+  if (!fp || typeof fp !== 'object') {
+    errors.push('_meta.freshness_policy is missing or not an object');
+  } else {
+    for (const field of [
+      'default_review_cadence_days',
+      'stale_after_days',
+      'rebuild_after_days',
+    ]) {
+      const v = fp[field];
+      if (typeof v !== 'number' || !Number.isInteger(v) || v <= 0) {
+        errors.push(
+          `_meta.freshness_policy.${field} must be a positive integer`,
+        );
+      }
+    }
+    if (typeof fp.note !== 'string' || fp.note.length === 0) {
+      errors.push('_meta.freshness_policy.note missing or empty');
+    } else if (containsPlaceholder(fp.note)) {
+      errors.push('_meta.freshness_policy.note contains placeholder language');
+    }
+    /* Soft check: cadence < stale < rebuild. Catches an obvious copy-paste
+     * mistake without being a hard schema constraint. */
+    if (
+      typeof fp.default_review_cadence_days === 'number' &&
+      typeof fp.stale_after_days === 'number' &&
+      typeof fp.rebuild_after_days === 'number'
+    ) {
+      if (
+        !(
+          fp.default_review_cadence_days <= fp.stale_after_days &&
+          fp.stale_after_days <= fp.rebuild_after_days
+        )
+      ) {
+        errors.push(
+          '_meta.freshness_policy: expected default_review_cadence_days <= stale_after_days <= rebuild_after_days',
+        );
+      }
+    }
+  }
+
+  return errors;
+}
+
+function main() {
+  const opts = parseArgs(process.argv);
+  const files = fs
+    .readdirSync(DATA_DIR)
+    .filter((f) => f.endsWith('.json'))
+    .sort();
+
+  let failed = 0;
+  for (const f of files) {
+    const errors = validateMeta(path.join(DATA_DIR, f));
+    if (errors.length === 0) {
+      if (!opts.quiet) console.log(`PASS  ${f}`);
+    } else {
+      failed++;
+      console.log(`FAIL  ${f}`);
+      for (const e of errors) console.log(`        - ${e}`);
+    }
+  }
+
+  const total = files.length;
+  const passed = total - failed;
+  console.log(
+    `\n${passed}/${total} catalogs validated${failed ? `, ${failed} failed` : ''}.`,
+  );
+  process.exit(failed === 0 ? 0 : 1);
+}
+
+if (require.main === module) {
+  main();
+}
+
+module.exports = { validateMeta };

package/lib/validate-cve-catalog.js

@@ -0,0 +1,213 @@
+#!/usr/bin/env node
+/*
+ * lib/validate-cve-catalog.js — exceptd CVE catalog validator.
+ *
+ * Enforces AGENTS.md rule #6 (zero-day learning is live): every CVE in
+ * data/cve-catalog.json must have a matching entry in data/zeroday-lessons.json
+ * by the same CVE key. The learning loop runs completely, not partially.
+ *
+ * Also enforces rule #10 (no placeholder data) by validating each CVE entry
+ * against the structural rules expressed in
+ * lib/schemas/cve-catalog.schema.json — required fields, types, enums,
+ * patterns, range constraints. Implemented as an inline validator (no AJV /
+ * external deps; Node 24 stdlib only) covering the schema features that
+ * file actually uses.
+ *
+ * Usage:
+ *   node lib/validate-cve-catalog.js          validate the full catalog
+ *   node lib/validate-cve-catalog.js --quiet  only print failures + summary
+ *
+ * Exit code: 0 if every CVE validates and has a matching zeroday lesson,
+ *            1 otherwise, 2 on argv error.
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const process = require('node:process');
+
+const REPO_ROOT = path.resolve(__dirname, '..');
+const SCHEMA_PATH = path.join(REPO_ROOT, 'lib', 'schemas', 'cve-catalog.schema.json');
+const CATALOG_PATH = path.join(REPO_ROOT, 'data', 'cve-catalog.json');
+const LESSONS_PATH = path.join(REPO_ROOT, 'data', 'zeroday-lessons.json');
+
+function parseArgs(argv) {
+  const opts = { quiet: false };
+  for (let i = 2; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === '--quiet' || a === '-q') opts.quiet = true;
+    else if (a === '--help' || a === '-h') {
+      console.log(
+        'Usage: node lib/validate-cve-catalog.js [--quiet]\n' +
+          '\n' +
+          '  --quiet   Suppress per-CVE PASS output; show failures only.\n',
+      );
+      process.exit(0);
+    } else {
+      console.error(`Unknown argument: ${a}`);
+      process.exit(2);
+    }
+  }
+  return opts;
+}
+
+function readJson(p) {
+  return JSON.parse(fs.readFileSync(p, 'utf8'));
+}
+
+function typeOf(value) {
+  if (value === null) return 'null';
+  if (Array.isArray(value)) return 'array';
+  return typeof value;
+}
+
+function typeMatches(value, expected) {
+  if (Array.isArray(expected)) return expected.some((t) => typeMatches(value, t));
+  const actual = typeOf(value);
+  if (expected === 'integer') return actual === 'number' && Number.isInteger(value);
+  return actual === expected;
+}
+
+/* Validate a value against a (subset of) JSON Schema. The subset we need is
+ * what lib/schemas/cve-catalog.schema.json uses: type, required, properties,
+ * additionalProperties, items, pattern, minLength, minimum, maximum, minItems,
+ * minProperties, enum, format=uri (loose check). */
+function validate(value, schema, schemaName, pathStr) {
+  const errors = [];
+  const here = pathStr || schemaName;
+
+  if (schema.type !== undefined) {
+    if (!typeMatches(value, schema.type)) {
+      errors.push(
+        `${here}: expected type ${JSON.stringify(schema.type)}, got ${typeOf(value)}`,
+      );
+      return errors;
+    }
+  }
+
+  if (schema.enum !== undefined) {
+    if (!schema.enum.includes(value)) {
+      errors.push(`${here}: value ${JSON.stringify(value)} not in enum ${JSON.stringify(schema.enum)}`);
+    }
+  }
+
+  const t = typeOf(value);
+
+  if (t === 'string') {
+    if (schema.minLength !== undefined && value.length < schema.minLength) {
+      errors.push(`${here}: string shorter than minLength ${schema.minLength}`);
+    }
+    if (schema.pattern !== undefined) {
+      const re = new RegExp(schema.pattern);
+      if (!re.test(value)) {
+        errors.push(`${here}: string ${JSON.stringify(value)} does not match pattern /${schema.pattern}/`);
+      }
+    }
+    if (schema.format === 'uri') {
+      try {
+        new URL(value);
+      } catch {
+        errors.push(`${here}: value ${JSON.stringify(value)} is not a valid URI`);
+      }
+    }
+  }
+
+  if (t === 'number') {
+    if (schema.minimum !== undefined && value < schema.minimum) {
+      errors.push(`${here}: value ${value} < minimum ${schema.minimum}`);
+    }
+    if (schema.maximum !== undefined && value > schema.maximum) {
+      errors.push(`${here}: value ${value} > maximum ${schema.maximum}`);
+    }
+  }
+
+  if (t === 'array') {
+    if (schema.minItems !== undefined && value.length < schema.minItems) {
+      errors.push(`${here}: array shorter than minItems ${schema.minItems}`);
+    }
+    if (schema.items !== undefined) {
+      value.forEach((item, idx) => {
+        errors.push(...validate(item, schema.items, schemaName, `${here}[${idx}]`));
+      });
+    }
+  }
+
+  if (t === 'object') {
+    if (schema.required) {
+      for (const req of schema.required) {
+        if (!(req in value)) {
+          errors.push(`${here}: missing required field "${req}"`);
+        }
+      }
+    }
+    if (schema.minProperties !== undefined && Object.keys(value).length < schema.minProperties) {
+      errors.push(`${here}: object has fewer than ${schema.minProperties} properties`);
+    }
+    const props = schema.properties || {};
+    const allowAdditional = schema.additionalProperties !== false;
+    const addlSchema =
+      typeof schema.additionalProperties === 'object' ? schema.additionalProperties : null;
+    for (const [k, v] of Object.entries(value)) {
+      if (k in props) {
+        errors.push(...validate(v, props[k], schemaName, `${here}.${k}`));
+      } else if (addlSchema) {
+        errors.push(...validate(v, addlSchema, schemaName, `${here}.${k}`));
+      } else if (!allowAdditional) {
+        errors.push(`${here}: unexpected property "${k}"`);
+      }
+    }
+  }
+
+  return errors;
+}
+
+function main() {
+  const opts = parseArgs(process.argv);
+  const schema = readJson(SCHEMA_PATH);
+  const catalog = readJson(CATALOG_PATH);
+  const lessons = readJson(LESSONS_PATH);
+
+  const cveKeys = Object.keys(catalog).filter((k) => !k.startsWith('_'));
+  const lessonKeys = new Set(Object.keys(lessons).filter((k) => !k.startsWith('_')));
+
+  let failed = 0;
+  for (const key of cveKeys) {
+    const entry = catalog[key];
+    const errors = validate(entry, schema, 'cve', key);
+    if (!lessonKeys.has(key)) {
+      errors.push(
+        `${key}: missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live)`,
+      );
+    }
+    if (errors.length === 0) {
+      if (!opts.quiet) console.log(`PASS  ${key}`);
+    } else {
+      failed++;
+      console.log(`FAIL  ${key}`);
+      for (const e of errors) console.log(`        - ${e}`);
+    }
+  }
+
+  /* Reverse check: every zeroday lesson should map to a real CVE. Not strictly
+   * required by AGENTS.md but a stale lesson with no catalog entry is exactly
+   * the placeholder propagation rule #6 wants to catch. */
+  for (const lessonKey of lessonKeys) {
+    if (!cveKeys.includes(lessonKey)) {
+      failed++;
+      console.log(`FAIL  ${lessonKey}`);
+      console.log(
+        `        - zeroday-lessons.json entry has no matching CVE in cve-catalog.json`,
+      );
+    }
+  }
+
+  const total = cveKeys.length;
+  const passed = total - failed;
+  console.log(
+    `\n${passed}/${total} CVE entries validated${failed ? `, ${failed} failed` : ''}.`,
+  );
+  process.exit(failed === 0 ? 0 : 1);
+}
+
+main();