docs(shell): strip remaining [DRAFT — verify] markers from registry notes

BEHAVE-SHELL/behave_shell/spec/primitives.py

@@ -504,27 +504,25 @@ PRIMITIVE_REGISTRY: dict[str, ValueTypeSpec] = {
               "EllipticCurves, EllipticCurvePointFormats (Salesforce, 2017). Fingerprints "
               "the client TLS stack — curl, OpenSSL, Metasploit, Cobalt Strike, and most "
               "offensive tools each produce a distinct hash. Searchable against public "
-              "databases (e.g. ja3er.com). [DRAFT — verify]",
+              "databases (e.g. ja3er.com).",
     ),
     "toolchain.tls.ja3s_server": _hash(
         notes="MD5 hash of TLS ServerHello parameters: SSLVersion, Cipher, Extensions. "
               "Fingerprints the server TLS stack. Useful for identifying C2 servers by "
               "their TLS response even when IP addresses rotate — the server library "
-              "version (e.g. OpenSSL vs. WolfSSL) is often stable. [DRAFT — verify]",
+              "version (e.g. OpenSSL vs. WolfSSL) is often stable.",
     ),
     "toolchain.tls.ja4_client": _hash(
         notes="JA4 fingerprint (FoxIO, 2023): replaces JA3 with a sortable, "
               "human-readable format (e.g. t13d1516h2_8daaf6152771_e5627efa2ab1) that "
               "is more robust to TLS extension order randomization. Encodes TLS version, "
               "cipher count, extension count, ALPN, cipher hash, and extension hash in "
-              "three underscore-separated fields. Preferred over JA3 for new sensors. "
-              "[DRAFT — verify]",
+              "three underscore-separated fields.",
     ),
     "toolchain.tls.ja4s_server": _hash(
         notes="JA4 server-side fingerprint: encodes the chosen cipher, extension list, "
               "and ALPN from the ServerHello. More stable than JA3S when the server "
               "randomizes cipher ordering — JA4S hashes the sorted cipher list. "
-              "[DRAFT — verify]",
     ),
     "toolchain.tls.jarm_server": _hash(
         notes="62-char JARM hash (Salesforce, 2020). Actively probes the server by "
@@ -581,7 +579,6 @@ PRIMITIVE_REGISTRY: dict[str, ValueTypeSpec] = {
               "(e.g. ['curve25519-sha256', 'ecdh-sha2-nistp256', 'diffie-hellman-group14-sha256']). "
               "Different clients (OpenSSH, PuTTY, Paramiko, Impacket's smbexec) advertise "
               "distinct KEX orderings, providing a secondary fingerprint beyond HASSH. "
-              "[DRAFT — verify]",
     ),
 
     # ── toolchain.http.* ───────────────────────────────────────────────────
@@ -674,7 +671,7 @@ PRIMITIVE_REGISTRY: dict[str, ValueTypeSpec] = {
               "list. Clients that offer RC4-HMAC (etype 23) alongside modern etypes are "
               "candidates for AS-REP roasting or Kerberoasting tooling (Rubeus, Impacket "
               "GetUserSPNs). The hash captures the exact etype combination without "
-              "storing the cleartext list. status: planned [DRAFT — verify]",
+              "storing the cleartext list.",
     ),
     "toolchain.protocol_abuse.ldap_bind_pattern": _cat(
         "simple", "sasl_gssapi", "ntlm", "ntlmssp_v1", "responder_like",