@blamejs/exceptd-skills 0.9.1

package/README.md

@@ -0,0 +1,307 @@
+<div align="center">
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="public/img/logo/exceptd-logo-dark.svg">
+  <img src="public/img/logo/exceptd-logo-primary.svg" alt="exceptd" width="220" />
+</picture>
+
+# exceptd Security
+
+**AI security skills grounded in mid-2026 threat reality, not framework documentation from 2020.**
+
+[![release](https://img.shields.io/github/v/release/blamejs/exceptd-skills?include_prereleases&sort=semver&label=release)](https://github.com/blamejs/exceptd-skills/releases)
+[![npm](https://img.shields.io/npm/v/@blamejs/exceptd-skills.svg?label=npm)](https://www.npmjs.com/package/@blamejs/exceptd-skills)
+[![CI](https://img.shields.io/github/actions/workflow/status/blamejs/exceptd-skills/ci.yml?branch=main&label=CI)](https://github.com/blamejs/exceptd-skills/actions/workflows/ci.yml)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/blamejs/exceptd-skills/badge)](https://scorecard.dev/viewer/?uri=github.com/blamejs/exceptd-skills)
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
+[![Skills](https://img.shields.io/badge/skills-38-d946ef)](#skill-inventory)
+[![ATLAS](https://img.shields.io/badge/MITRE%20ATLAS-v5.1.0-d946ef)](https://atlas.mitre.org)
+[![ATT&CK](https://img.shields.io/badge/MITRE%20ATT%26CK-v17-d946ef)](https://attack.mitre.org)
+[![Ed25519-signed](https://img.shields.io/badge/skills-Ed25519--signed-2ea043)](AGENTS.md)
+[![Jurisdictions](https://img.shields.io/badge/jurisdictions-34-blue)](data/global-frameworks.json)
+
+</div>
+
+---
+
+**Core premise:** Every major security and compliance tool on the market is still operating on stale threat models. NIST 800-53, ISO 27001, SOC 2, and PCI-DSS were written for network-centric, on-prem or early-cloud environments. They have no controls for AI pipeline integrity, MCP/agent tool trust boundaries, LLM prompt injection as an access control failure, page-cache exploitation bypassing filesystem integrity checks, or ephemeral infrastructure where traditional asset inventory is architecturally impossible.
+
+This platform surfaces what is actually happening right now. Every skill explicitly flags where a compliance framework's control is insufficient for current attack patterns. The framework is often the problem, not the org.
+
+## Status
+
+Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases). 38 skills across kernel LPE, AI attack surface, MCP trust, RAG security, AI-API C2 detection, PQC migration, framework gap analysis, compliance theater, exploit scoring, threat-model currency, zero-day learning, global GRC, policy exception generation, security maturity tiers, skill update loop, attack-surface pen testing, fuzz testing, DLP gap analysis, supply-chain integrity, defensive-countermeasure mapping, identity assurance, OT/ICS security, coordinated vulnerability disclosure, threat-modeling methodology, child-safety age gates, plus sector packs (federal, financial, healthcare, energy) — and a `researcher` triage dispatcher. 10 data catalogs cover CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons. 34 jurisdictions tracked. AI-consumer ergonomics: `data/_indexes/` ships 17 pre-computed indexes (xref / chains / dispatch / DiD ladders / theater fingerprints / recipes / token budget / currency / activity feed) regenerated by `npm run build-indexes`. External-data refresh is automated nightly via `.github/workflows/refresh.yml` — KEV/EPSS/NVD/RFC drift opens an auto-PR; ATLAS/ATT&CK/CWE/D3FEND version bumps open an issue (audit required per AGENTS.md Hard Rule #12).
+
+---
+
+## Skill Inventory
+
+### Triage & Dispatch
+
+**[researcher](skills/researcher/skill.md)**
+Front-door triage skill for raw threat intel. Takes a CVE ID, ATLAS TTP, vendor advisory, framework control ID, or incident narrative; cross-joins it across `data/cve-catalog.json`, `data/atlas-ttps.json`, `data/framework-control-gaps.json`, `data/zeroday-lessons.json`, `data/exploit-availability.json`, and `data/global-frameworks.json`; produces a one-page RWEP-anchored dispatch report; routes the operator to the right specialized skill(s). Start here when the input is "here's a thing, tell me what to do with it".
+
+### Kernel & Privilege Escalation
+
+**[kernel-lpe-triage](skills/kernel-lpe-triage/skill.md)**
+Assess Linux kernel local privilege escalation exposure. Covers Copy Fail (CVE-2026-31431, CISA KEV, 732-byte deterministic root, all Linux since 2017), Dirty Frag (CVE-2026-43284/CVE-2026-43500, page-cache chain via ESP/IPsec and RxRPC). Outputs: exposure score, live-patch vs. reboot remediation path, compensating controls, framework gap declaration.
+
+### AI-Specific Attack Surface
+
+**[ai-attack-surface](skills/ai-attack-surface/skill.md)**
+Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.1.0 with explicit gap flags. Covers prompt injection as enterprise RCE (CVE-2025-53773 CVSS 9.6, 85%+ bypass rate against SOTA defenses), MCP supply chain RCE (CVE-2026-30615, zero user interaction, 150M+ downloads), RAG exfiltration, model poisoning, AI-assisted exploit development (41% of 2025 zero-days), credential theft acceleration (160% increase).
+
+**[mcp-agent-trust](skills/mcp-agent-trust/skill.md)**
+Enumerate MCP (Model Context Protocol) trust boundary failures. Covers tool allowlisting gaps, unsigned server manifests, prompt injection via tool responses, supply chain compromise. CVE-2026-30615 (Windsurf, zero-interaction RCE). Generates: tool allowlist policy, server signing requirements, bearer auth config, output sanitization requirements.
+
+**[rag-pipeline-security](skills/rag-pipeline-security/skill.md)**
+RAG-specific threat model with no current framework coverage. Embedding manipulation for data exfiltration, vector store poisoning, chunking attacks, retrieval filter bypass, indirect prompt injection via retrieved documents. ATLAS-mapped. Generates: retrieval audit controls, anomaly detection requirements, output monitoring policy.
+
+**[ai-c2-detection](skills/ai-c2-detection/skill.md)**
+Detect adversary use of AI APIs as covert command-and-control (SesameOp case study, ATLAS AML.T0096). PROMPTFLUX/PROMPTSTEAL malware families that query LLMs during execution for real-time evasion. Outputs: behavioral baseline model, detection signatures, network monitoring rules, incident response playbook.
+
+### Framework & Compliance
+
+**[framework-gap-analysis](skills/framework-gap-analysis/skill.md)**
+Feed a compliance framework control ID and a threat scenario — receive: what the control was designed for, why it is insufficient against current TTPs, which attacker technique exploits the gap, what a real control would require. Built-in gap mappings for NIST 800-53, ISO 27001:2022, SOC 2, PCI-DSS 4.0, NIS2, DORA, CIS v8.
+
+**[compliance-theater](skills/compliance-theater/skill.md)**
+Identify where an organization passes an audit but remains exposed. Seven documented compliance theater patterns with specific detection tests. Outputs: theater score per control domain, exposure summary, auditor-facing remediation language, evidence gap list.
+
+**[global-grc](skills/global-grc/skill.md)**
+Multi-jurisdiction GRC mapping. Covers EU (GDPR Art. 32, NIS2, DORA, EU AI Act, EU CRA), UK (Cyber Essentials Plus, NCSC CAF), Australia (ISM, ASD Essential 8, APRA CPS 234), Singapore (MAS TRM, CSA CCoP), Japan (METI, NISC), India (CERT-In, SEBI), Canada (OSFI B-10), and global (ISO 27001:2022, CSA CCM v4, CIS Controls v8). Identifies universal gaps that no jurisdiction's framework covers.
+
+**[policy-exception-gen](skills/policy-exception-gen/skill.md)**
+Generate defensible policy exceptions for architectural realities frameworks don't accommodate. Templates for: ephemeral/serverless infrastructure (no traditional asset inventory), AI pipelines (continuous opaque model updates), zero trust architecture (no network perimeter), live-system no-reboot patching. Each exception includes compensating controls, risk acceptance language, and auditor-ready justification.
+
+### Risk Intelligence
+
+**[exploit-scoring](skills/exploit-scoring/skill.md)**
+Real-World Exploit Priority (RWEP) scoring beyond CVSS. Factors: CISA KEV status (0.25), public PoC (0.20), AI-assisted weaponization (0.15), active exploitation (0.20), patch availability (-0.15), live-patch availability (-0.10), blast radius (0.15). Pre-calculated RWEP scores for all CVEs in `data/cve-catalog.json`. Outputs RWEP alongside CVSS with plain-language priority guidance.
+
+**[threat-model-currency](skills/threat-model-currency/skill.md)**
+Score how current an organization's threat model is against 2026 threat reality. Checklist of 14 current threat classes against documented model coverage. Outputs: currency percentage, specific missing threat classes, recommended additions with ATLAS/ATT&CK references, prioritized update roadmap.
+
+**[zeroday-gap-learn](skills/zeroday-gap-learn/skill.md)**
+Run the zero-day learning loop: zero-day description → attack vector extraction → control gap identification → framework coverage assessment → new control requirement generation → exposure scoring. Encodes lessons from Copy Fail, Dirty Frag, CVE-2025-53773, CVE-2026-30615, SesameOp. Feeds back into framework-gap-analysis and threat-model-currency.
+
+### Identity, OT, Disclosure & Threat Modeling
+
+**[identity-assurance](skills/identity-assurance/skill.md)**
+Identity assurance for mid-2026. NIST 800-63 AAL/IAL/FAL levels, FIDO2/WebAuthn passkey deployment, OIDC/SAML/SCIM federation, agent-as-principal identity for autonomous AI workloads, short-lived workload token issuance, OAuth 2.0 + RFC 9700 (OAuth 2.0 Security BCP) hardening. Outputs: assurance-level gap map, passkey rollout plan, agent identity policy, token-lifetime targets.
+
+**[ot-ics-security](skills/ot-ics-security/skill.md)**
+OT / ICS security for mid-2026. NIST 800-82r3, IEC 62443-3-3, NERC CIP, IT/OT convergence risks (flat networks, shared AD, jump-host weaknesses), AI-augmented HMI threats, and ATT&CK for ICS mappings. Outputs: zone/conduit gap map, safety-instrumented-system isolation review, OT-specific patching exception templates.
+
+**[coordinated-vuln-disclosure](skills/coordinated-vuln-disclosure/skill.md)**
+Coordinated Vulnerability Disclosure for mid-2026. ISO 29147 (disclosure) + ISO 30111 (handling), VDP and bug bounty design, CSAF 2.0 machine-readable advisories, security.txt (RFC 9116), EU CRA / NIS2 regulator-mandated disclosure timelines, AI-specific vulnerability classes (prompt injection, training data poisoning, model exfiltration). Outputs: VDP policy, advisory template, regulator notification calendar.
+
+**[threat-modeling-methodology](skills/threat-modeling-methodology/skill.md)**
+Methodology selection and execution across STRIDE, PASTA, LINDDUN (privacy), Cyber Kill Chain, Diamond Model, MITRE Unified Kill Chain, AI-system threat modeling, and agent-based threat modeling. Outputs: methodology choice with justification, scoped DFD or attack tree, threat-to-control crosswalk against ATLAS / ATT&CK / D3FEND.
+
+---
+
+## Install
+
+Three audience paths. Pick the one that matches how you'll use this.
+
+### 1. AI consumer (read-only — most users)
+
+You want an AI assistant to load the skills + catalogs against a question of yours. Easiest path:
+
+```bash
+npx @blamejs/exceptd-skills path
+```
+
+That prints the absolute path of the installed package. Point your AI assistant at:
+
+- `<path>/AGENTS.md` — canonical project rules + ground truth for every skill
+- `<path>/data/_indexes/summary-cards.json` — 100-word abstract per skill (12 KB)
+- `<path>/data/_indexes/recipes.json` — curated multi-skill chains for common use cases
+
+No clone, no signing keys, no Node 24 required for assistants that read directly from disk. If your assistant needs a local copy as a regular checkout, use `npx degit blamejs/exceptd-skills my-skills` instead.
+
+### 2. Operator (run commands locally)
+
+You want to refresh CVE/RFC data, run currency checks, or generate reports. Install + invoke via `npx` (no global install needed):
+
+```bash
+npx @blamejs/exceptd-skills prefetch          # warm local cache of upstream data
+npx @blamejs/exceptd-skills refresh --from-cache --swarm
+npx @blamejs/exceptd-skills validate-cves --from-cache --no-fail
+npx @blamejs/exceptd-skills currency
+npx @blamejs/exceptd-skills report executive
+```
+
+For frequent use, install globally to skip the `npx` resolution every time:
+
+```bash
+npm install -g @blamejs/exceptd-skills
+exceptd help
+```
+
+Air-gapped operation: run `exceptd prefetch` on a connected host, copy the resulting `.cache/upstream/` to the airgap, run `exceptd refresh --from-cache <path> --apply` over there. The vendored upstream snapshots replace every network call.
+
+Optional env vars for higher rate budgets:
+
+| Variable | Purpose |
+|---|---|
+| `NVD_API_KEY` | Lifts NVD 2.0 from 5 → 50 requests per 30s window. Free key at <https://nvd.nist.gov/developers/request-an-api-key>. |
+| `GITHUB_TOKEN` | Lifts GitHub Releases (used for ATLAS / ATT&CK / D3FEND / CWE pin checks) from 60 → 5000 requests per hour. |
+
+### 3. Maintainer (extend / sign / publish)
+
+You're adding a skill, updating a catalog, or cutting a release. Clone + bootstrap the full toolchain:
+
+```bash
+git clone https://github.com/blamejs/exceptd-skills
+cd exceptd-skills
+npm run bootstrap          # auto-detects: verify-only / re-sign / first-init
+npm run predeploy          # full 13-gate CI sequence locally
+```
+
+`bootstrap` auto-detects the right mode based on which keys exist on disk:
+
+- **Verify-only** (default on a fresh clone): `keys/public.pem` ships in the repo, no `.keys/private.pem` locally. Checks that every skill verifies against the shipped signature, exits.
+- **Re-sign**: `.keys/private.pem` exists locally. Re-signs every skill against current content, verifies.
+- **First-init**: no `keys/public.pem` shipped or `--init` passed. Generates a new Ed25519 keypair, signs everything.
+
+Direct invocations also available: `npm run verify`, `node lib/sign.js sign-all`.
+
+## CLI command reference
+
+Every command works the same via `npx @blamejs/exceptd-skills`, a global install (`exceptd`), or a local `node bin/exceptd.js`.
+
+```
+exceptd path                          Print absolute path to the installed package.
+
+exceptd prefetch [args]               Warm local cache of upstream artifacts.
+  --max-age 24h                       Skip entries fresher than this.
+  --source kev,nvd                    Comma-separated source filter.
+  --force                             Ignore freshness; refetch everything.
+  --no-network                        Dry-run plan; do not actually fetch.
+
+exceptd refresh [args]                Refresh upstream data; optionally apply upserts.
+  --apply                             Write diffs back to data/*.json and rebuild indexes.
+  --from-cache [<dir>]                Read from prefetch cache instead of upstream.
+  --swarm                             Fan-out across worker threads.
+  --source kev,epss,nvd,rfc,pins      Scope by source.
+  --from-fixture <dir>                Test mode — read frozen fixtures.
+  --report-out <path>                 Redirect refresh-report.json output.
+
+exceptd build-indexes [args]          Rebuild data/_indexes/*.json (17 outputs).
+  --only <names>                      Comma-separated subset (auto-pulls in dependencies).
+  --changed                           Rebuild only outputs whose deps changed.
+  --parallel                          Run independent outputs concurrently.
+
+exceptd verify                        Verify Ed25519 signature on every skill.
+exceptd scan                          Scan environment for findings.
+exceptd dispatch                      Scan then route findings to skills.
+exceptd skill <name>                  Show context for a specific skill.
+exceptd currency                      Skill currency report.
+exceptd report [executive|technical|compliance]   Generate report.
+exceptd validate-cves [args]          Cross-check CVE catalog vs NVD/KEV/EPSS.
+  --offline                           Local view only; no network.
+  --from-cache [<dir>]                Cache-first lookups with live fallback.
+  --no-fail                           Report drift without failing exit code.
+exceptd validate-rfcs [args]          Cross-check RFC catalog vs IETF Datatracker.
+  --offline                           Local view only; no network.
+  --from-cache [<dir>]                Cache-first lookups with live fallback.
+  --no-fail                           Report drift without failing exit code.
+exceptd watchlist [--by-skill]        Forward-watch aggregator across skills.
+
+exceptd version                       Package version.
+exceptd help                          This help.
+```
+
+## Invoking a skill from your AI assistant
+
+Once your assistant has loaded `AGENTS.md`, type a trigger phrase or skill name:
+
+```
+kernel-lpe-triage
+ai-attack-surface
+framework-gap-analysis NIST-800-53-SI-2 CVE-2026-31431
+compliance-theater
+global-grc NIS2
+exploit-scoring CVE-2026-31431
+zeroday-gap-learn CVE-2026-30615
+security-maturity-tiers
+pqc-first
+```
+
+## AI assistant configuration
+
+The canonical agent-agnostic project rules live in `AGENTS.md` — the **only** project-rules file in this repo. The project does not ship per-vendor mirrors; each tool is configured to load `AGENTS.md` directly.
+
+| Assistant | How it picks up the rules |
+|-----------|---------------------------|
+| OpenAI Codex CLI, Sourcegraph amp, Aider, Continue, Cline, Roo Code, Q Developer, and any tool that follows the cross-vendor `AGENTS.md` convention | Auto-loads `AGENTS.md` from the project root. |
+| Cursor | Auto-loads `.cursorrules` (a short stub pointing at `AGENTS.md`). |
+| GitHub Copilot | Auto-loads `.github/copilot-instructions.md` (stub pointing at `AGENTS.md`). |
+| Windsurf | Auto-loads `.windsurfrules` (stub pointing at `AGENTS.md`). |
+| Anthropic Claude Code | Doesn't auto-load `AGENTS.md`. Load it manually with `@AGENTS.md` on the first turn, or add your own per-machine `~/.claude/CLAUDE.md` that references it. The project intentionally does not ship a `CLAUDE.md` mirror. |
+| Google Gemini CLI, JetBrains AI, Replit Agent, anything else | Point the tool at `AGENTS.md` via its config, or load `CONTEXT.md` manually for a shorter orientation. |
+
+If your tool has a conventional auto-load filename not listed here and you'd like first-class support, open an issue — we'll add a pointer stub.
+
+## Pre-computed indexes
+
+`data/_indexes/` ships 17 derived files so AI consumers can answer cross-reference questions without scanning every skill + catalog. Highlights:
+
+- **`summary-cards.json`** — 100-word abstract per skill; what to load when planning a multi-skill workflow.
+- **`recipes.json`** — 8 curated skill sequences for common use cases (AI red team prep, PCI audit defense, federal IR, DORA TLPT, K-12 EdTech review, ransomware tabletop, new-CVE triage, OSS dep triage).
+- **`chains.json`** — pre-hydrated cross-walks per CVE and per CWE: which skills cite this, which framework gaps it surfaces, which D3FEND countermeasures back it.
+- **`token-budget.json`** — approximate token cost per skill + per section for context budgeting.
+- **`jurisdiction-clocks.json`** — normalized jurisdiction × obligation × hours matrix (breach notification, patch SLA) across 29 jurisdictions.
+- **`did-ladders.json`** — canonical defense-in-depth ladders per attack class (prompt injection, kernel LPE, AI-as-C2, ransomware, supply chain, BOLA, model exfiltration, BEC).
+- **`theater-fingerprints.json`** — structured records for the 7 compliance theater patterns: claim, audit evidence, reality, fast detection test, controls implicated.
+- **`_meta.json`** — sha256 of every source file. The `validate-indexes` predeploy gate fails if any source changed after the last build; `build-indexes --changed` reads this to know what to rebuild.
+
+Regenerate with `exceptd build-indexes` (full) or `exceptd build-indexes --changed --parallel` (incremental).
+
+## Data catalogs
+
+All skills pull from `data/`. Cross-validated against canonical upstream sources via `exceptd refresh` / `exceptd validate-cves` / `exceptd validate-rfcs`.
+
+- `cve-catalog.json` — CVE metadata with RWEP scores, CISA KEV status, PoC availability, live-patch info
+- `atlas-ttps.json` — MITRE ATLAS v5.1.0 TTPs with gap flags and exploitation examples
+- `framework-control-gaps.json` — Per-framework, per-control: what it was designed for vs. what it misses
+- `exploit-availability.json` — PoC locations, weaponization status, AI-assist factor
+- `global-frameworks.json` — All major global compliance frameworks (34 jurisdictions) with control inventories and lag scores
+- `zeroday-lessons.json` — Zero-day → control gap → framework gap → new control requirement mappings
+- `cwe-catalog.json` — CWE entries pinned to CWE v4.17 (Top 25 + AI- / supply-chain-relevant additions)
+- `d3fend-catalog.json` — MITRE D3FEND defensive technique entries pinned to D3FEND v1.0.0
+- `rfc-references.json` — IETF RFC / Internet-Draft references with status, errata, replaces / replaced-by, `last_verified`
+- `dlp-controls.json` — DLP control entries indexed by channel / classifier / surface / enforcement / evidence
+
+---
+
+## Philosophy
+
+**Compliance is not security.** A SOC 2 Type II report confirms that controls existed and operated effectively during the audit period. It says nothing about whether those controls are adequate for current attack patterns. When NIST 800-53 SI-2 says "apply security patches in a timely manner" and Copy Fail is a 732-byte deterministic root with a public PoC and no race condition, "timely" is the wrong frame entirely.
+
+**Framework lag is measured in months.** MITRE ATLAS v5.1.0 (November 2025) is the most current AI threat framework available. It still lags real exploitation by 3-6 months. NIST AI RMF lags by years. ISO 27001:2022 has no AI-specific controls. These skills explicitly flag every place where framework coverage ends and real attacker capability begins.
+
+**AI changed the exploit development timeline.** Copy Fail was discovered by an AI system in approximately one hour. 41% of 2025 zero-days involved AI-assisted reverse engineering on the attacker side. The time between vulnerability introduction and reliable exploitation is compressing faster than patch management processes can adapt. Risk scoring must reflect this.
+
+**Every org has a compliance theater problem.** The question is not whether paper controls map to audit requirements. The question is whether those controls would actually detect or prevent an attack. These skills answer the second question.
+
+---
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). Key rules:
+
+- No new CVE reference without a complete `data/cve-catalog.json` entry
+- No new framework gap claim without a `data/framework-control-gaps.json` entry
+- No skill uses CVSS as the sole risk metric
+- Every new zero-day triggers a `data/zeroday-lessons.json` entry
+
+---
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE).
+
+Community at [exceptd.com](https://exceptd.com).

package/SECURITY.md

@@ -0,0 +1,73 @@
+# Security Policy
+
+## Scope
+
+This security policy covers the exceptd Security skills repository itself — the skill files, data catalogs, and library code. It does not cover downstream applications that use these skills.
+
+## Reporting a Vulnerability
+
+Email: security@exceptd.com
+
+Include:
+- Description of the issue
+- Steps to reproduce
+- Impact assessment
+- Whether you believe this is being actively exploited
+
+**Do not file public GitHub issues for security vulnerabilities.**
+
+## Response SLAs
+
+| Severity | First Response | Triage | Fix |
+|---|---|---|---|
+| Critical (data integrity attack on CVE catalog, RWEP score manipulation) | 24h | 72h | 7d |
+| High (skill instruction that produces incorrect remediation for CISA KEV) | 72h | 7d | 14d |
+| Medium (incorrect framework gap mapping, wrong control ID) | 7d | 14d | 30d |
+| Low (missing data, incomplete entries) | 14d | 30d | next minor |
+
+## Threat Model
+
+### What This Repo Defends
+
+**Data integrity of the CVE catalog and RWEP scores.** Tampered scores could cause security teams to deprioritize genuinely critical vulnerabilities. Every RWEP calculation is reproducible from `data/cve-catalog.json` inputs and the formula in `lib/scoring.js`. Auditors should verify scores independently for high-stakes decisions.
+
+**Accuracy of framework gap declarations.** If a gap is incorrectly declared as "closed" when it remains open, organizations may believe they are protected when they are not. Gap status changes require evidence (framework update reference + control text analysis) not assertions.
+
+**Freshness of exploit availability data.** Stale PoC status (marking an exploit as not-public when it is) causes teams to use incorrect RWEP scores. `data/exploit-availability.json` is versioned and dated. Every entry has a `last_verified` field.
+
+**Skill instruction correctness.** A skill that produces incorrect remediation guidance (e.g., recommending a patch that doesn't exist for a kernel version, citing a wrong ATLAS TTP ID) creates direct harm. Skills are pinned to `last_threat_review` dates and reviewed when referenced CVEs or TTPs change.
+
+### What This Repo Does Not Defend
+
+- Runtime security of applications that use these skills (that's blamejs's scope)
+- Upstream framework accuracy (NIST, ISO, MITRE ATLAS) — we track lag, we don't control it
+- Physical access to systems this runs on
+
+## Data Integrity
+
+CVE catalog entries and RWEP scores are not authoritative sources — they are analytical summaries for operational use. Always cross-reference:
+
+- CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
+- NVD: https://nvd.nist.gov/
+- MITRE ATLAS: https://atlas.mitre.org/
+- MITRE ATT&CK: https://attack.mitre.org/
+
+For critical security decisions, verify CISA KEV status directly. RWEP scores are a prioritization heuristic, not a compliance instrument.
+
+## Supported Versions
+
+Pre-1.0: Latest patch on the most recent minor receives data updates (CVE catalog, framework gap updates, new ATLAS TTPs). All versions receive critical accuracy corrections.
+
+Once 1.0: 18-month data update support after each major version.
+
+## Supply Chain
+
+This repository has no npm runtime dependencies. The library code in `lib/` is self-contained. Skills and data files are plain text/JSON.
+
+When using these skills via an AI assistant, the skills are loaded as instruction text. No code from this repository executes in your environment beyond what your AI assistant chooses to implement.
+
+## Accuracy Disclaimer
+
+Security threat intelligence has a short shelf life. CVE data, PoC availability status, and framework coverage assessments in this repository reflect the state of knowledge at the `last_threat_review` date in each skill's frontmatter. Verify current status with primary sources before making production security decisions.
+
+RWEP scores are analytical tools, not authoritative risk assessments. They are designed to surface prioritization signal beyond CVSS, not to replace professional security judgment.

package/agents/README.md

@@ -0,0 +1,81 @@
+# Agents
+
+Multi-agent coordination for exceptd Security. Each agent file defines a specialized agent role: what it does, what tools it uses, what it produces, and how it hands off to other agents.
+
+---
+
+## Agent Roster
+
+| Agent | Role | Triggers |
+|---|---|---|
+| [threat-researcher](threat-researcher.md) | Research and validate new CVEs, threat campaigns, and ATLAS TTPs | New CVE published, ATLAS update, CISA KEV addition |
+| [framework-analyst](framework-analyst.md) | Analyze framework updates and gap changes | Framework amendment published |
+| [skill-updater](skill-updater.md) | Apply validated intelligence to update skill files | Threat researcher or framework analyst output |
+| [source-validator](source-validator.md) | Cross-check data against primary sources | Before any data enters cve-catalog.json or atlas-ttps.json |
+| [report-generator](report-generator.md) | Generate structured reports from skill outputs | User invokes a reporting workflow |
+
+---
+
+## Multi-Agent Workflow Overview
+
+```
+External trigger (new CVE, ATLAS update, framework change)
+          ↓
+[threat-researcher] or [framework-analyst]
+   — researches the trigger
+   — identifies affected skills
+   — produces a validated intelligence package
+          ↓
+[source-validator]
+   — cross-checks all claims against primary sources (sources/index.json)
+   — flags any unverified claims
+   — produces a verification report
+          ↓
+[skill-updater]
+   — applies validated intelligence to skill files
+   — updates data files
+   — runs the zeroday learning loop if applicable
+   — updates manifest.json last_threat_review
+          ↓
+[report-generator] (optional)
+   — generates structured output for the user
+```
+
+---
+
+## Parallelization Model
+
+These agents can run in parallel when their inputs are independent:
+
+**Parallel-safe:**
+- Multiple threat-researcher instances on different CVEs
+- framework-analyst + threat-researcher on unrelated topics
+- Multiple source-validator instances on different data items
+
+**Must be sequential:**
+- source-validator must complete before skill-updater writes to data files
+- skill-updater must complete before report-generator reads skill state
+
+---
+
+## Agent Coordination Protocol
+
+Each agent produces a structured handoff package:
+
+```json
+{
+  "agent": "threat-researcher",
+  "run_id": "2026-05-01-CVE-2026-31431",
+  "timestamp": "2026-05-01T12:00:00Z",
+  "input": {"cve_id": "CVE-2026-31431"},
+  "output": {
+    "cve_data": {...},
+    "affected_skills": ["kernel-lpe-triage", "exploit-scoring"],
+    "proposed_changes": {...}
+  },
+  "verification_required": true,
+  "next_agent": "source-validator"
+}
+```
+
+The handoff package is the audit trail. Every change to skill files or data files must trace to a handoff package.

package/agents/report-generator.md

@@ -0,0 +1,156 @@
+# Agent: Report Generator
+
+## Role
+
+Generate structured, audience-appropriate reports from skill outputs. Translates technical security intelligence into actionable documents for different audiences: executives, auditors, security engineers, and developers.
+
+## When to spawn
+
+- User requests a report after running one or more skills
+- A periodic assessment (weekly threat review, quarterly GRC report, annual threat model review)
+- A compliance report is needed for audit evidence
+- An incident post-mortem requires a structured analysis
+
+## Report Types
+
+### 1. Executive Risk Summary
+
+**Audience:** CISO, CTO, Board-level  
+**Template:** `reports/templates/executive-summary.md`  
+**Content:**
+- Top 3 risks requiring immediate action (by RWEP)
+- Business impact language (not technical CVE IDs)
+- Compliance posture vs. actual security posture
+- Resource asks required for remediation
+- Theater score (how many controls are theater)
+
+**Length:** 1–2 pages max. Executives don't read longer.
+
+**Format rules:**
+- No CVE IDs in the headline — translate to business risk
+- RWEP scores translated to: "active exploitation ongoing / 72-hour response required / standard priority"
+- Framework gaps stated as: "Our [framework] compliance does not protect against [threat]"
+
+---
+
+### 2. Technical Assessment Report
+
+**Audience:** Security engineers, DevOps, Platform teams  
+**Template:** `reports/templates/technical-assessment.md`  
+**Content:**
+- Full CVE inventory with CVSS + RWEP
+- Specific remediation commands and configurations
+- Detection rule recommendations
+- Framework gap technical analysis
+- Policy exception templates where needed
+
+**Format rules:**
+- Include specific version numbers, kernel versions, distro variants
+- Include copy-pasteable remediation commands
+- Include detection rule code (auditd, sigma, eBPF)
+- Reference data files by path for audit trail
+
+---
+
+### 3. Compliance Gap Report
+
+**Audience:** Auditors, Compliance managers, GRC teams  
+**Template:** `reports/templates/compliance-gap-report.md`  
+**Content:**
+- Per-framework: passing controls, gap controls, theater controls
+- Specific evidence gaps (what evidence is missing for each theater pattern)
+- Policy exception documentation for architectural gaps
+- Remediation roadmap with compliance milestone dates
+- Global jurisdiction matrix if multi-jurisdiction in scope
+
+**Format rules:**
+- Control IDs must be exact (auditors cite them)
+- Gap analysis must quote the control text being analyzed
+- Theater findings must include specific test results (not just assertions)
+- Exception documents must follow templates in policy-exception-gen
+
+---
+
+### 4. Threat Model Update Report
+
+**Audience:** Security architects, threat modeling teams  
+**Template:** `reports/templates/threat-model-update.md`  
+**Content:**
+- Currency score before and after update
+- Specific threat classes added
+- ATLAS/ATT&CK mapping changes
+- New controls recommended
+- Deprecated assumptions removed
+
+---
+
+### 5. Zero-Day Response Report
+
+**Audience:** Incident response team, CISO, affected system owners  
+**Template:** `reports/templates/zero-day-response.md`  
+**Content:**
+- CVE description and RWEP score
+- Affected systems inventory
+- Immediate action timeline (4h / 24h / 72h as applicable)
+- Compensating controls if patch not immediately available
+- Detection rules to deploy now
+- Compliance theater check for affected controls
+
+---
+
+## Report Generation Protocol
+
+### Step 1: Identify report type and audience
+
+Ask: Who reads this? What decision do they need to make?
+
+### Step 2: Collect skill outputs
+
+Pull the relevant skill outputs:
+- For executive summary: exploit-scoring + compliance-theater + threat-model-currency
+- For technical assessment: specific skill outputs + data file excerpts
+- For compliance gap: framework-gap-analysis + compliance-theater + global-grc
+- For threat model update: threat-model-currency output
+- For zero-day response: zeroday-gap-learn + exploit-scoring + kernel-lpe-triage or relevant skill
+
+### Step 3: Apply audience translation
+
+**Technical → Executive:**
+- "RWEP 96 CISA KEV CVE-2026-31431" → "A critical Linux vulnerability with active confirmed exploitation requires patching within 4 hours or isolation"
+- "SOC 2 CC6 theater for AI agents" → "Our access controls do not detect or prevent attacks through AI tools that 82% of our developers use daily"
+
+**Technical → Auditor:**
+- Keep control IDs exact
+- Cite specific evidence gaps
+- Quote control text
+- Use "insufficient" not "broken" — auditors respond to precision
+
+### Step 4: Apply report template
+
+See `reports/templates/` for the exact structure of each report type.
+
+### Step 5: Quality check
+
+Before delivering the report:
+- All CVE IDs match catalog entries
+- All RWEP scores match current catalog values
+- No unverified claims (check source-validator trail)
+- Audience translation is accurate (technical details not lost, jargon not carried into executive output)
+- Action items are SMART: Specific, Measurable, Assignable, Realistic, Time-bound
+
+---
+
+## Report Output Format
+
+Reports are Markdown documents with this header:
+
+```markdown
+---
+report_type: executive-summary | technical-assessment | compliance-gap | threat-model-update | zero-day-response
+date: YYYY-MM-DD
+audience: [audience]
+skills_used: [list of skills that produced the underlying analysis]
+data_version: [manifest.json threat_review_date]
+classification: [Internal / Confidential / Restricted — set by the org]
+---
+```