@blamejs/blamejs-shop 0.0.129 → 0.1.1

package/lib/storefront-forms.js

@@ -90,7 +90,7 @@ var MAX_LIST_LIMIT             = 200;
 var DEFAULT_LIST_LIMIT         = 50;
 var DEFAULT_THROTTLE_LIMIT     = 5;
 var MAX_THROTTLE_LIMIT         = 1000;
-var THROTTLE_WINDOW_MS         = 60 * 1000;
+var THROTTLE_WINDOW_MS         = _b().constants.TIME.minutes(1);
 
 var SESSION_NAMESPACE = "storefront-form-session";
 

package/lib/storefront.js

@@ -1510,9 +1510,9 @@ var CART_LINE =
   "      </span>\n" +
   "    </a>\n" +
   "  </td>\n" +
-  "  <td>{{qty}}</td>\n" +
-  "  <td class=\"price\">{{unit}}</td>\n" +
-  "  <td class=\"price\">{{total}}</td>\n" +
+  "  <td data-label=\"Qty\">{{qty}}</td>\n" +
+  "  <td class=\"price\" data-label=\"Unit\">{{unit}}</td>\n" +
+  "  <td class=\"price\" data-label=\"Total\">{{total}}</td>\n" +
   "</tr>\n";
 
 // Editable cart line — shown on the /cart page. Includes an inline
@@ -1536,14 +1536,14 @@ var CART_LINE_EDITABLE =
   "      </span>\n" +
   "    </a>\n" +
   "  </td>\n" +
-  "  <td class=\"cart-line__qty\">\n" +
+  "  <td class=\"cart-line__qty\" data-label=\"Qty\">\n" +
   "    <form method=\"post\" action=\"/cart/lines/{{line_id}}/update\" class=\"cart-line__update\">\n" +
-  "      <input type=\"number\" name=\"qty\" value=\"{{qty}}\" min=\"1\" max=\"99\" class=\"cart-line__qty-input\" aria-label=\"Quantity\">\n" +
-  "      <button type=\"submit\" class=\"cart-line__btn\">Update</button>\n" +
+  "      <input type=\"number\" name=\"qty\" value=\"{{qty}}\" min=\"1\" max=\"99999\" class=\"cart-line__qty-input\" aria-label=\"Quantity\">\n" +
+  "      <button type=\"submit\" class=\"cart-line__btn cart-line__btn--update\">Update</button>\n" +
   "    </form>\n" +
   "  </td>\n" +
-  "  <td class=\"price\">{{unit}}</td>\n" +
-  "  <td class=\"price\">{{total}}</td>\n" +
+  "  <td class=\"price\" data-label=\"Price\">{{unit}}</td>\n" +
+  "  <td class=\"price\" data-label=\"Total\">{{total}}</td>\n" +
   "  <td class=\"cart-line__remove-cell\">\n" +
   "    RAW_CART_LINE_SAVE" +
   "    <form method=\"post\" action=\"/cart/lines/{{line_id}}/remove\">\n" +
@@ -1691,7 +1691,7 @@ var ORDER_PAGE =
   "    <div class=\"order-page__items\">\n" +
   "      <h2 class=\"pdp__variants-title\">Items</h2>\n" +
   "      <div class=\"table-scroll\">\n" +
-  "        <table>\n" +
+  "        <table class=\"cart-table\">\n" +
   "          <thead><tr><th>Product</th><th>Qty</th><th>Unit</th><th>Total</th></tr></thead>\n" +
   "          <tbody>{{line_rows}}</tbody>\n" +
   "        </table>\n" +
@@ -2082,7 +2082,6 @@ function renderNotFound(opts) {
 // — it's a routing key, not an authentication token. The cart itself
 // transitions to `customer_id` on login via cart.setCustomer.
 var SESSION_COOKIE_NAME = "shop_sid";
-var SESSION_COOKIE_MAX  = 60 * 60 * 24 * 30;   // 30 days
 
 // Authenticated-customer cookie — carries an opaque sealed envelope
 // `{ customer_id, exp }`, AEAD-encrypted via b.vault.seal so the
@@ -2092,79 +2091,85 @@ var SESSION_COOKIE_MAX  = 60 * 60 * 24 * 30;   // 30 days
 // rotated vault invalidates every outstanding auth cookie (operator-
 // initiated logout-everywhere).
 var AUTH_COOKIE_NAME    = "shop_auth";
-var AUTH_COOKIE_MAX     = 60 * 60 * 24 * 14;       // 14 days
-var AUTH_TTL_MS         = 14 * 24 * 60 * 60 * 1000;
 
 // WebAuthn ceremony state cookie — short-lived envelope holding the
 // random challenge + the ceremony-scoped metadata so register-finish /
 // login-finish can verify the same challenge the browser was sent.
 // Path-scoped to /account so it never leaks to other routes.
 var CHALLENGE_COOKIE_NAME = "shop_auth_chal";
-var CHALLENGE_COOKIE_MAX  = 5 * 60;                // 5 minutes
 
-function _readSidCookie(req) {
-  var raw = (req.headers && (req.headers.cookie || req.headers.Cookie)) || "";
-  if (!raw) return null;
-  var parts = raw.split(";");
-  for (var i = 0; i < parts.length; i += 1) {
-    var p = parts[i].trim();
-    var eq = p.indexOf("=");
-    if (eq <= 0) continue;
-    if (p.slice(0, eq) === SESSION_COOKIE_NAME) {
-      var v = p.slice(eq + 1);
-      // Cookie values are URL-encoded.
-      try { return decodeURIComponent(v); } catch (_e) { return null; }
-    }
+// Short-lived cookie carrying the Stripe PaymentIntent client_secret
+// from POST /checkout to GET /pay/:order_id. Path-scoped to /pay/ +
+// SameSite=Strict so it's only ever sent to the pay route.
+var PAY_COOKIE_NAME = "shop_pay";
+
+// Shape of a valid session id — mirrors cart.js's SESSION_ID_RE.
+var SID_SHAPE_RE = /^[A-Za-z0-9_-]{16,64}$/;
+
+// All cookie transport composes the framework's cookie primitive
+// (`b.cookies`) — RFC 6265 parse/serialize, prefix invariants, and the
+// vault-sealed read/write helpers — rather than hand-built Set-Cookie
+// strings and manual header splitting. The jar is memoized; it only
+// captures the vault reference (seal/unseal run lazily per call), so
+// building it before vault.init() has completed is safe.
+var _jar = null;
+function _cookieJar() {
+  if (!_jar) {
+    _jar = _b().cookies.create({
+      vault:    _b().vault,
+      defaults: { httpOnly: true, secure: true, sameSite: "Lax", path: "/" },
+    });
   }
-  return null;
-}
-
-function _setSidCookie(res, sid) {
-  var attrs = "Max-Age=" + SESSION_COOKIE_MAX + "; Path=/; HttpOnly; Secure; SameSite=Lax";
-  var header = SESSION_COOKIE_NAME + "=" + encodeURIComponent(sid) + "; " + attrs;
-  if (typeof res.appendHeader === "function") res.appendHeader("Set-Cookie", header);
-  else if (typeof res.setHeader === "function") res.setHeader("Set-Cookie", header);
+  return _jar;
 }
 
 function _readCookie(req, name) {
-  var raw = (req.headers && (req.headers.cookie || req.headers.Cookie)) || "";
-  if (!raw) return null;
-  var parts = raw.split(";");
-  for (var i = 0; i < parts.length; i += 1) {
-    var p = parts[i].trim();
-    var eq = p.indexOf("=");
-    if (eq <= 0) continue;
-    if (p.slice(0, eq) === name) {
-      try { return decodeURIComponent(p.slice(eq + 1)); }
-      catch (_e) { return null; }
-    }
-  }
-  return null;
+  return _cookieJar().read(req, name);
 }
 
-function _appendCookie(res, header) {
-  if (typeof res.appendHeader === "function") res.appendHeader("Set-Cookie", header);
-  else if (typeof res.setHeader === "function") res.setHeader("Set-Cookie", header);
+function _readSidCookie(req) {
+  // A cookie carrying anything but a well-shaped session id (a stale
+  // value from an old deploy, a tampered cookie, garbage) reads as "no
+  // session" rather than reaching cart.bySession — which throws on a
+  // malformed id and would turn every page that renders the cart count
+  // into a 500. The cookie grants zero authority, so dropping a
+  // malformed one silently is safe.
+  var v = _cookieJar().read(req, SESSION_COOKIE_NAME);
+  return v && SID_SHAPE_RE.test(v) ? v : null;
 }
 
-function _setAuthCookie(res, sealed) {
-  var attrs = "Max-Age=" + AUTH_COOKIE_MAX + "; Path=/; HttpOnly; Secure; SameSite=Lax";
-  _appendCookie(res, AUTH_COOKIE_NAME + "=" + encodeURIComponent(sealed) + "; " + attrs);
+function _setSidCookie(res, sid) {
+  var T = _b().constants.TIME;
+  _cookieJar().write(res, SESSION_COOKIE_NAME, sid, { expires: new Date(Date.now() + T.days(30)) });
 }
 
+// Auth + WebAuthn-challenge cookies carry a vault-sealed JSON envelope.
+// writeSealed/readSealed handle the seal + the on-wire prefix; the
+// caller works in plain objects.
+function _setAuthCookie(res, env) {
+  var T = _b().constants.TIME;
+  _cookieJar().writeSealed(res, AUTH_COOKIE_NAME, JSON.stringify(env), { expires: new Date(Date.now() + T.days(14)) });
+}
 function _clearAuthCookie(res) {
-  _appendCookie(res,
-    AUTH_COOKIE_NAME + "=; Max-Age=0; Path=/; HttpOnly; Secure; SameSite=Lax");
+  _cookieJar().clear(res, AUTH_COOKIE_NAME);
 }
-
-function _setChallengeCookie(res, sealed) {
-  var attrs = "Max-Age=" + CHALLENGE_COOKIE_MAX + "; Path=/account; HttpOnly; Secure; SameSite=Lax";
-  _appendCookie(res, CHALLENGE_COOKIE_NAME + "=" + encodeURIComponent(sealed) + "; " + attrs);
+function _readAuthEnv(req) {
+  var raw = _cookieJar().readSealed(req, AUTH_COOKIE_NAME);
+  if (raw === null) return null;
+  try { return JSON.parse(raw); } catch (_e) { return null; }
 }
 
+function _setChallengeCookie(res, env) {
+  var T = _b().constants.TIME;
+  _cookieJar().writeSealed(res, CHALLENGE_COOKIE_NAME, JSON.stringify(env), { expires: new Date(Date.now() + T.minutes(5)), path: "/account" });
+}
 function _clearChallengeCookie(res) {
-  _appendCookie(res,
-    CHALLENGE_COOKIE_NAME + "=; Max-Age=0; Path=/account; HttpOnly; Secure; SameSite=Lax");
+  _cookieJar().clear(res, CHALLENGE_COOKIE_NAME, { path: "/account" });
+}
+function _readChallengeEnv(req) {
+  var raw = _cookieJar().readSealed(req, CHALLENGE_COOKIE_NAME);
+  if (raw === null) return null;
+  try { return JSON.parse(raw); } catch (_e) { return null; }
 }
 
 // ---- account-page renderers --------------------------------------------
@@ -2303,10 +2308,10 @@ var ACCOUNT_DASH_PAGE =
 
 var ACCOUNT_DASH_ORDER_ROW =
   "<tr>\n" +
-  "  <td><a href=\"/orders/{{order_id}}\" class=\"account-order__id\"><code>{{order_id_short}}</code></a></td>\n" +
-  "  <td class=\"account-order__items\">RAW_ACCOUNT_ORDER_THUMBS</td>\n" +
-  "  <td><span class=\"pdp__badge {{status_class}}\">{{status}}</span></td>\n" +
-  "  <td class=\"price\">{{total}}</td>\n" +
+  "  <td data-label=\"Order\"><a href=\"/orders/{{order_id}}\" class=\"account-order__id\"><code>{{order_id_short}}</code></a></td>\n" +
+  "  <td class=\"account-order__items\" data-label=\"Items\">RAW_ACCOUNT_ORDER_THUMBS</td>\n" +
+  "  <td data-label=\"Status\"><span class=\"pdp__badge {{status_class}}\">{{status}}</span></td>\n" +
+  "  <td class=\"price\" data-label=\"Total\">{{total}}</td>\n" +
   "</tr>\n";
 
 function renderAccount(opts) {
@@ -2407,7 +2412,7 @@ function mount(router, deps) {
   // so the /admin landing + the onNotFound 404 handler (mounted
   // outside the `if (deps.customers)` block below) can reach it.
   async function _cartCountForReq(req) {
-    var sid = _readCookie(req, SESSION_COOKIE_NAME);
+    var sid = _readSidCookie(req);
     if (!sid) return 0;
     var c = await deps.cart.bySession(sid);
     if (!c) return 0;
@@ -2421,10 +2426,7 @@ function mount(router, deps) {
   // reader rather than a copy per call site. A missing / malformed /
   // expired cookie returns null — never throws.
   function _currentCustomerEnv(req) {
-    var raw = _readCookie(req, AUTH_COOKIE_NAME);
-    if (!raw) return null;
-    var env;
-    try { env = JSON.parse(_b().vault.unseal(raw)); } catch (_e) { return null; }
+    var env = _readAuthEnv(req);
     if (!env || !env.customer_id || !env.exp || env.exp < Date.now()) return null;
     return env;
   }
@@ -2775,11 +2777,11 @@ function mount(router, deps) {
           idempotency_key:      "checkout:" + c.id + ":" + _b().uuid.v7(),
         });
         // Set a short-lived pay cookie so /pay/:order_id can serve the
-        // client_secret without re-running confirm.
-        var payCookie = "shop_pay=" + encodeURIComponent(result.payment_intent.client_secret) +
-          "; Max-Age=900; Path=/pay/; HttpOnly; Secure; SameSite=Strict";
-        if (res.appendHeader)      res.appendHeader("Set-Cookie", payCookie);
-        else if (res.setHeader)    res.setHeader("Set-Cookie", payCookie);
+        // client_secret without re-running confirm. Scoped to /pay/ +
+        // SameSite=Strict so it's only ever sent to the pay route.
+        _cookieJar().write(res, PAY_COOKIE_NAME, result.payment_intent.client_secret, {
+          expires: new Date(Date.now() + _b().constants.TIME.minutes(15)), path: "/pay/", sameSite: "Strict",
+        });
         res.status(303);
         res.setHeader && res.setHeader("location", "/pay/" + result.order.id);
         return res.end ? res.end() : res.send("");
@@ -2798,14 +2800,7 @@ function mount(router, deps) {
       // Read the client_secret from the shop_pay cookie set on POST
       // /checkout. The cookie is scoped Path=/pay/ + SameSite=Strict
       // so it's only sent to the pay route and never cross-origin.
-      var rawCookies = (req.headers && (req.headers.cookie || req.headers.Cookie)) || "";
-      var clientSecret = null;
-      rawCookies.split(";").forEach(function (p) {
-        var t = p.trim();
-        if (t.indexOf("shop_pay=") === 0) {
-          try { clientSecret = decodeURIComponent(t.slice("shop_pay=".length)); } catch (_e) { /* drop */ }
-        }
-      });
+      var clientSecret = _readCookie(req, PAY_COOKIE_NAME);
       if (!clientSecret) {
         res.status(303); res.setHeader && res.setHeader("location", "/cart");
         return res.end ? res.end() : res.send("");
@@ -2871,16 +2866,6 @@ function mount(router, deps) {
       return _b().crypto.toBase64Url(buf);
     }
 
-    function _sealEnvelope(obj) {
-      return _b().vault.seal(JSON.stringify(obj));
-    }
-    function _unsealEnvelope(s) {
-      try {
-        var raw = _b().vault.unseal(s);
-        return JSON.parse(raw);
-      } catch (_e) { return null; }
-    }
-
     function _currentCustomer(req) {
       return _currentCustomerEnv(req);
     }
@@ -2940,13 +2925,12 @@ function mount(router, deps) {
         // Seal the ceremony state (challenge + customer_id) into the
         // shop_auth_chal cookie so register-finish verifies against
         // the same challenge without server-side state.
-        var sealed = _sealEnvelope({
+        _setChallengeCookie(res, {
           kind:           "register",
           customer_id:    customer.id,
           challenge:      startOpts.challenge,
           created_at:     Date.now(),
         });
-        _setChallengeCookie(res, sealed);
         res.status(200);
         res.setHeader && res.setHeader("content-type", "application/json");
         return res.end ? res.end(JSON.stringify(startOpts)) : res.send(JSON.stringify(startOpts));
@@ -2959,10 +2943,9 @@ function mount(router, deps) {
 
     router.post("/account/passkey/register-finish", async function (req, res) {
       try {
-        var rawCookie = _readCookie(req, CHALLENGE_COOKIE_NAME);
-        if (!rawCookie) { res.status(400); return res.end ? res.end("missing challenge") : res.send("missing challenge"); }
-        var env = _unsealEnvelope(rawCookie);
-        if (!env || env.kind !== "register") {
+        var env = _readChallengeEnv(req);
+        if (!env) { res.status(400); return res.end ? res.end("missing challenge") : res.send("missing challenge"); }
+        if (env.kind !== "register") {
           res.status(400); return res.end ? res.end("bad challenge") : res.send("bad challenge");
         }
         var att = _readJsonBody(req);
@@ -2991,10 +2974,10 @@ function mount(router, deps) {
           transports:    transports,
         });
         _clearChallengeCookie(res);
-        _setAuthCookie(res, _sealEnvelope({
+        _setAuthCookie(res, {
           customer_id: env.customer_id,
-          exp:         Date.now() + AUTH_TTL_MS,
-        }));
+          exp:         Date.now() + _b().constants.TIME.days(14),
+        });
         res.status(200);
         return res.end ? res.end("ok") : res.send("ok");
       } catch (e) {
@@ -3029,13 +3012,12 @@ function mount(router, deps) {
           allowCredentials:     allow,
           userVerification:     "preferred",
         });
-        var sealed = _sealEnvelope({
+        _setChallengeCookie(res, {
           kind:        "login",
           email_hash:  hash,
           challenge:   startOpts.challenge,
           created_at:  Date.now(),
         });
-        _setChallengeCookie(res, sealed);
         res.status(200);
         res.setHeader && res.setHeader("content-type", "application/json");
         return res.end ? res.end(JSON.stringify(startOpts)) : res.send(JSON.stringify(startOpts));
@@ -3048,10 +3030,9 @@ function mount(router, deps) {
 
     router.post("/account/passkey/login-finish", async function (req, res) {
       try {
-        var rawCookie = _readCookie(req, CHALLENGE_COOKIE_NAME);
-        if (!rawCookie) { res.status(400); return res.end ? res.end("missing challenge") : res.send("missing challenge"); }
-        var env = _unsealEnvelope(rawCookie);
-        if (!env || env.kind !== "login") { res.status(400); return res.end ? res.end("bad challenge") : res.send("bad challenge"); }
+        var env = _readChallengeEnv(req);
+        if (!env) { res.status(400); return res.end ? res.end("missing challenge") : res.send("missing challenge"); }
+        if (env.kind !== "login") { res.status(400); return res.end ? res.end("bad challenge") : res.send("bad challenge"); }
         var assertion = _readJsonBody(req);
         var credentialId = assertion.id || assertion.rawId;
         if (!credentialId) { res.status(400); return res.end ? res.end("missing credential id") : res.send("missing credential id"); }
@@ -3090,7 +3071,7 @@ function mount(router, deps) {
         }
         // Merge the anonymous cart into a customer-owned cart so
         // the shopper doesn't lose items on sign-in.
-        var sid = _readCookie(req, SESSION_COOKIE_NAME);
+        var sid = _readSidCookie(req);
         if (sid) {
           try {
             var anonCart = await deps.cart.bySession(sid);
@@ -3098,10 +3079,10 @@ function mount(router, deps) {
           } catch (_e) { /* best-effort merge; sign-in itself succeeds */ }
         }
         _clearChallengeCookie(res);
-        _setAuthCookie(res, _sealEnvelope({
+        _setAuthCookie(res, {
           customer_id: customer.id,
-          exp:         Date.now() + AUTH_TTL_MS,
-        }));
+          exp:         Date.now() + _b().constants.TIME.days(14),
+        });
         res.status(200);
         return res.end ? res.end("ok") : res.send("ok");
       } catch (e) {

package/lib/subscription-analytics.js

@@ -162,10 +162,15 @@
 
 // ---- constants ----------------------------------------------------------
 
+// `_b()` is a hoisted function declaration (defined below); resolving the
+// framework constants here at module-eval is safe — the index entry point
+// exposes `framework` before the require cascade.
+var C = _b().constants;
+
 var CACHE_NAMESPACE = "subscription-analytics-cache";
 
-var DEFAULT_TTL_MS  = 5 * 60 * 1000;            // 5 minutes
-var ONE_DAY_MS      = 24 * 60 * 60 * 1000;
+var DEFAULT_TTL_MS  = C.TIME.minutes(5);        // 5 minutes
+var ONE_DAY_MS      = C.TIME.days(1);
 var ONE_YEAR_MS     = 365 * ONE_DAY_MS;
 var DEFAULT_LTV_WINDOW_MS = 90 * ONE_DAY_MS;
 

package/lib/subscription-controls.js

@@ -55,6 +55,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -89,12 +90,12 @@ var FREQUENCIES = [
 // step skipNext / changeFrequency surface; a calendar-accurate
 // scheduler is out of scope for v1.
 var PERIOD_MS = Object.freeze({
-  weekly:      7  * 24 * 60 * 60 * 1000,
-  biweekly:    14 * 24 * 60 * 60 * 1000,
-  monthly:     30 * 24 * 60 * 60 * 1000,
-  quarterly:   90 * 24 * 60 * 60 * 1000,
-  semiannual:  182 * 24 * 60 * 60 * 1000,
-  annual:      365 * 24 * 60 * 60 * 1000,
+  weekly:      C.TIME.days(7),
+  biweekly:    C.TIME.days(14),
+  monthly:     C.TIME.days(30),
+  quarterly:   C.TIME.days(90),
+  semiannual:  C.TIME.days(182),
+  annual:      C.TIME.days(365),
 });
 
 // Plan-interval → frequency fallback. When the row has no `frequency`
@@ -115,7 +116,7 @@ function _frequencyFromPlan(plan) {
   return "monthly";
 }
 
-var REACTIVATE_GRACE_MS  = 90 * 24 * 60 * 60 * 1000;
+var REACTIVATE_GRACE_MS  = C.TIME.days(90);
 var MAX_REASON_LEN       = 280;
 var MAX_SKIP_COUNT       = 12;
 var MAX_QUANTITY         = 1000000;
@@ -599,7 +600,7 @@ function create(opts) {
       if (now - row.cancelled_at > REACTIVATE_GRACE_MS) {
         var gErr = new Error(
           "subscriptionControls.reactivate: refused — cancellation is older than the " +
-          (REACTIVATE_GRACE_MS / (24 * 60 * 60 * 1000)) + "-day grace window"
+          (REACTIVATE_GRACE_MS / C.TIME.days(1)) + "-day grace window"
         );
         gErr.code = "SUBSCRIPTION_REACTIVATE_GRACE_EXPIRED";
         throw gErr;

package/lib/subscription-gifts.js

@@ -72,6 +72,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -94,7 +95,7 @@ var MAX_LIST_LIMIT     = 200;
 var DEFAULT_LIST_LIMIT = 50;
 // Default redemption window: 365 days. Operators wanting a different
 // horizon pass `expires_at_ms` (absolute) at purchase time.
-var DEFAULT_EXPIRY_MS  = 365 * 86400 * 1000;
+var DEFAULT_EXPIRY_MS  = C.TIME.days(365);
 
 // ---- validators ---------------------------------------------------------
 

package/lib/subscriptions.js

@@ -214,7 +214,9 @@ function _extractFromStripeObject(obj) {
   // Stripe nests current_period_start/_end at the top level when the
   // event is `customer.subscription.*`. Both are unix seconds; we
   // store epoch ms.
+  // allow:raw-time-literal — Stripe sends unix SECONDS; the * 1000 converts a runtime field to epoch ms, not a fixed duration
   var periodStart = obj && obj.current_period_start != null ? obj.current_period_start * 1000 : null;
+  // allow:raw-time-literal — Stripe sends unix SECONDS; the * 1000 converts a runtime field to epoch ms, not a fixed duration
   var periodEnd   = obj && obj.current_period_end   != null ? obj.current_period_end   * 1000 : null;
   return {
     stripe_subscription_id: obj && obj.id,

package/lib/support-tickets.js

@@ -75,10 +75,10 @@ var ALLOWED_STATUSES   = [
 // ticket is considered breached. Closed / resolved tickets never
 // breach. Drives `slaCheck()` for the scheduler.
 var SLA_MS = {
-  urgent: 1   * 3600 * 1000,
-  high:   4   * 3600 * 1000,
-  normal: 24  * 3600 * 1000,
-  low:    72  * 3600 * 1000,
+  urgent: _b().constants.TIME.hours(1),
+  high:   _b().constants.TIME.hours(4),
+  normal: _b().constants.TIME.hours(24),
+  low:    _b().constants.TIME.hours(72),
 };
 
 // FSM. Encoded as an explicit allow-list keyed by from-state. Every

package/lib/tax-cert-renewals.js

@@ -71,6 +71,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var JURISDICTION_RE = /^[A-Z]{2}(-[A-Z0-9]{1,3})?$/;
 var SLUG_RE         = /^[a-z0-9](?:[a-z0-9._-]{0,126}[a-z0-9])?$/;
@@ -81,7 +82,7 @@ var MAX_ESCALATE_DAYS     = 365;
 var MAX_ESCALATED_TO_LEN  = 256;
 var DEFAULT_CHANNELS      = Object.freeze(["email"]);
 
-var DAY_MS = 86400000;
+var DAY_MS = C.TIME.days(1);
 
 var STATUSES = Object.freeze(["queued", "sent", "escalated", "renewed", "expired"]);
 

package/lib/tax-remittance.js

@@ -90,6 +90,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -107,7 +108,7 @@ var MAX_PENALTY_REASON_LEN  = 1000;
 
 var DEFAULT_DAYS_LATE_MIN   = 1;
 var MAX_DAYS_LATE_MIN       = 3650;            // ~10 years
-var MS_PER_DAY              = 24 * 60 * 60 * 1000;
+var MS_PER_DAY              = C.TIME.days(1);
 
 var CONTROL_BYTE_RE         = /[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/;
 

package/lib/theme-assets.js

@@ -137,7 +137,7 @@ var ZERO_WIDTH_RE = new RegExp(
   "[\\u200B-\\u200F\\u202A-\\u202E\\u2060-\\u2064\\u2066-\\u2069\\uFEFF\\u061C]"
 );
 
-var MS_PER_DAY = 86400000;
+var MS_PER_DAY = _b().constants.TIME.days(1);
 
 var bShop;
 function _b() {

package/lib/vendor/MANIFEST.json

@@ -3,8 +3,8 @@
   "_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
   "packages": {
     "blamejs": {
-      "version": "0.12.40",
-      "tag": "v0.12.40",
+      "version": "0.12.48",
+      "tag": "v0.12.48",
       "license": "Apache-2.0",
       "author": "blamejs contributors",
       "source": "https://github.com/blamejs/blamejs",

package/lib/vendor/blamejs/CHANGELOG.md

@@ -8,6 +8,22 @@ upgrading across more than a few patches at a time.
 
 ## v0.12.x
 
+- v0.12.48 (2026-05-25) — **`b.network.dns.dnssec` — local DNSSEC signature verification (RFC 4035).** Verify a DNS answer's RRSIG signature yourself instead of trusting the upstream resolver's AD bit. b.network.dns.dnssec.verifyRrset reconstructs the RFC 4034 §3.1.8.1 signed data — the RRSIG RDATA without the signature, followed by the RRset in canonical form (owner names lowercased, RRs ordered by canonical RDATA, the RRSIG's Original TTL) — and checks the signature against the DNSKEY, enforcing the inception / expiration window. Supports RSA/SHA-256 (alg 8), ECDSA P-256/SHA-256 (13), ECDSA P-384/SHA-384 (14), and Ed25519 (15) — the modern deployed set. verifyDs checks a delegation-signer digest against a DNSKEY (SHA-256 / SHA-384) and keyTag computes the RFC 4034 Appendix B key tag. The verification core is what a chain-walker composes; it defends against a compromised or on-path resolver that lies about authentication. **Added:** *`b.network.dns.dnssec.verifyRrset(opts)`* — Verifies an RRSIG over a canonicalised RRset against a DNSKEY. `opts` carries the owner `name`, the RR `type`, the wire-format `rdatas`, the parsed `rrsig` (algorithm / labels / originalTtl / inception / expiration / keyTag / signerName / signature), and the `dnskey` (algorithm + raw public key). The signed data is rebuilt per RFC 4034 §3.1.8.1: the RRSIG prefix (type covered | algorithm | labels | original TTL | expiration | inception | key tag | canonical signer name) followed by each RR in canonical form (lowercased owner | type | class | original TTL | rdlen | rdata), sorted by `Buffer.compare` on the RDATA. The validity window is enforced against `opts.at` (defaults to now; an invalid Date is refused, not treated as now). An RRSIG whose algorithm disagrees with the DNSKEY is refused before any key is built. RR types that embed domain names in their RDATA (NS, CNAME, SOA, MX, SRV, …) need RDATA-internal name-lowercasing this version does not perform, so they are refused with `dnssec/uncanonicalizable-type` rather than mis-validated; the security-critical DNSKEY / DS and the name-free address / text types (A, AAAA, TXT, CAA, TLSA, …) are fully supported. · *`b.network.dns.dnssec.verifyDs(opts)` / `b.network.dns.dnssec.keyTag(dnskeyRdata)`* — `verifyDs` confirms a delegation-signer record matches a DNSKEY: it checks the key tag, then compares the DS digest (SHA-256 type 2 / SHA-384 type 4) against the digest computed over the canonical owner name and the DNSKEY RDATA, constant-time. `keyTag` computes the RFC 4034 Appendix B 16-bit key tag from a DNSKEY's full RDATA — the identifier an RRSIG or DS uses to select the signing key. Together with `verifyRrset` these are the per-RRset building blocks a recursive chain-walk (root → TLD → zone) composes; the chain-walk itself, NSEC / NSEC3 denial-of-existence, and the bundled IANA root trust anchor are not part of this core.
+
+- v0.12.47 (2026-05-25) — **`b.cose.mac0` / `b.cose.macVerify0` — COSE_Mac0 (RFC 9052 §6.2).** Completes the COSE message-type set (COSE_Sign1 / COSE_Encrypt0 / COSE_Mac0) with single shared-key MACs. b.cose.mac0 produces a tagged COSE_Mac0 over a payload using HMAC-SHA-256/384/512 (the COSE-standard MAC algorithms; HMAC is symmetric, so its post-quantum strength is preserved). b.cose.macVerify0 recomputes the tag over the MAC_structure and compares it in constant time, with a mandatory algorithm allowlist. Use when both parties hold a shared key — e.g. an ECDH-derived key — and a non-repudiable signature is not wanted; detached payloads are supported (the proximity mdoc device-MAC variant and MACed CWTs are the consumers). Composes b.cbor + the framework's constant-time compare; no new runtime dependency. **Added:** *`b.cose.mac0(payload, opts)` / `b.cose.macVerify0(coseMac0, opts)`* — `mac0` emits a tagged COSE_Mac0 (tag 17) with `alg` (`HMAC-256/256` | `HMAC-384/384` | `HMAC-512/512`) in the protected header and the HMAC tag computed over the MAC_structure `["MAC0", protected, external_aad, payload]`; `detached: true` emits a nil payload. `macVerify0` reads the algorithm from the protected header (must be in the required `opts.algorithms` allowlist), recomputes the tag, and compares it constant-time — a wrong key, tampered tag, or `external_aad` mismatch is refused with `cose/bad-tag`; a detached payload is supplied via `opts.externalPayload`. `external_aad` binds context into the tag.
+
+- v0.12.46 (2026-05-25) — **`b.mdoc.verifyDeviceAuth` — ISO 18013-5 mdoc device authentication.** Completes mdoc verification with the holder-binding half (ISO 18013-5 §9.1.3, signature variant). verifyIssuerSigned proves the data is issuer-signed; verifyDeviceAuth proves the presenter controls the device key the issuer bound into the MSO, so a captured issuer-signed document cannot be replayed by anyone else. The device's COSE_Sign1 (deviceSigned.deviceAuth.deviceSignature) is verified over the detached DeviceAuthentication structure ["DeviceAuthentication", SessionTranscript, DocType, DeviceNameSpacesBytes] using the device key from verifyIssuerSigned().deviceKey (now surfaced) and the operator-supplied SessionTranscript that binds the proof to this exact exchange (the presentation protocol — e.g. OpenID4VP — defines the transcript). Composes the v0.12.45 b.cose detached-payload verify + importKey. The MAC variant (deviceMac / COSE_Mac0, used in proximity flows with a reader ephemeral key) is deferred and refused with mdoc/device-mac-unsupported. No new runtime dependency. **Added:** *`b.mdoc.verifyDeviceAuth(opts)` + `deviceKey` on the verifyIssuerSigned result* — `verifyDeviceAuth({ deviceKey, deviceSigned, docType, sessionTranscript, algorithms })` imports the device key (a COSE_Key via `b.cose.importKey`, or a KeyObject), reconstructs the detached `DeviceAuthentication` payload, and verifies the `deviceSignature` COSE_Sign1 against the mandatory algorithm allowlist — a mismatched `sessionTranscript` or `docType` fails the signature. `verifyIssuerSigned` now returns `deviceKey` (the MSO `deviceKeyInfo.deviceKey`) so the two checks chain. The MAC variant (`deviceMac`) is refused with `mdoc/device-mac-unsupported` pending COSE_Mac0 + reader-key support.
+
+- v0.12.45 (2026-05-25) — **`b.cose` adds detached-payload sign/verify + `b.cose.importKey` (COSE_Key).** Two RFC 9052 / 9053 completions to the COSE substrate, both useable today and the prerequisites for mdoc device authentication and C2PA claim verification. Detached payloads (RFC 9052 §4.1): b.cose.sign with detached:true emits a COSE_Sign1 whose payload slot is nil — the signature still covers the payload, and the caller transmits it out of band; b.cose.verify takes the payload back as opts.externalPayload and binds it into the Sig_structure. A detached token verified without externalPayload is refused, and supplying externalPayload for an attached token is refused as ambiguous. COSE_Key import (RFC 9052 §7): b.cose.importKey turns a COSE_Key CBOR map into a node:crypto public KeyObject for b.cose.verify, accepting EC2 (P-256 / P-384 / P-521) and OKP (Ed25519) with the curve allowlisted so an unexpected key type is refused. No new runtime dependency. **Added:** *Detached COSE_Sign1 payloads + `b.cose.importKey(coseKey)`* — `b.cose.sign(payload, { detached: true })` emits a nil-payload COSE_Sign1 (the signature covers the payload regardless); `b.cose.verify(coseSign1, { externalPayload })` reconstructs the Sig_structure from the supplied payload, refusing a detached token with no `externalPayload` (`cose/detached-no-payload`) and refusing `externalPayload` on an attached token (`cose/payload-ambiguous`). `b.cose.importKey(coseKey)` maps a COSE_Key map (`kty` 2/EC2 with `crv` P-256/384/521, or `kty` 1/OKP with Ed25519) to a public KeyObject, allowlisting `kty`/`crv` and refusing anything else with `cose/unsupported-key` — the verification key embedded in an mdoc MSO or COSE_Key header is consumed this way.
+
+- v0.12.44 (2026-05-25) — **`b.did` adds the did:jwk method.** Completes b.did's method set with did:jwk alongside did:key and did:web. did:jwk encodes a public key as a base64url-encoded JWK directly in the identifier, so resolution is deterministic and offline — the same self-contained shape as did:key but in JWK form, which is what OpenID4VCI and the EU Digital Identity Wallet ecosystem commonly use. b.did.resolve("did:jwk:…") returns the verification key as a node:crypto KeyObject (kty/crv allowlisted — Ed25519 / P-256 / P-384 / secp256k1 — so an unexpected key type is refused, not blindly imported), and b.did.keyToDid(publicKey, { method: "jwk" }) produces a did:jwk from a key (the private member is stripped). No new runtime dependency. **Added:** *did:jwk in `b.did.resolve` / `b.did.keyToDid`* — `resolve` decodes the base64url JWK (bounded via `b.safeJson`), allowlists its `kty`/`crv`, and returns `{ didDocument, verificationMethods: [{ publicKey, … }] }` with the key as a KeyObject ready for `b.vc` / `b.mdoc` / `b.scitt`; `keyToDid(publicKey, { method: "jwk" })` encodes a public key as `did:jwk:<base64url-JWK>` (default remains `did:key`). Malformed base64url-JSON is refused with `did/bad-jwk` and an unsupported key type with `did/unsupported-key`.
+
+- v0.12.43 (2026-05-25) — **`b.crypto.selfTest` — FIPS 140-3-style power-on self-test for the crypto stack.** A power-on self-test over the framework's cryptographic primitives — the integrity check a FIPS 140-3-validated module runs at start-up. The hash / XOF checks are known-answer tests against NIST FIPS 202 published vectors (SHA3-256 / SHA3-512 / SHAKE256), so they confirm the framework's hashing matches the standard rather than merely itself; the AEAD check round-trips XChaCha20-Poly1305 and confirms a tampered ciphertext is rejected; and the post-quantum checks run a pairwise-consistency + negative test for ML-KEM-1024, ML-DSA-87, and SLH-DSA-SHAKE-256f (a fresh keypair must encaps/decaps and sign/verify consistently and reject a tampered signature — FIPS 140-3 §10.3 pairwise consistency, since the runtime exposes no seed-injection API for a fixed-seed KAT). selfTest returns a structured report and, by default, throws on any failure so a broken crypto stack fails closed at boot rather than silently producing bad output. Operators in regulated deployments can run it at start-up as a self-integrity gate. **Added:** *`b.crypto.selfTest(opts?)`* — Runs eight checks — SHA3-512 / SHA3-256 / SHAKE256 known-answer tests (NIST FIPS 202), HMAC-SHA3-512 determinism, XChaCha20-Poly1305 round-trip + tamper-detect, and ML-KEM-1024 / ML-DSA-87 / SLH-DSA-SHAKE-256f pairwise-consistency + negative tests — and returns `{ ok, results: [{ name, ok, detail? }], failures, ranAt }`. Throws `crypto/self-test-failed` (with the report attached) on any failure unless `opts.throwOnFailure` is `false`. Exercises the framework's real primitive paths so a self-test failure means the shipped crypto is broken.
+
+- v0.12.42 (2026-05-24) — **`b.vc.present` / `b.vc.verifyPresentation` — W3C Verifiable Presentations.** Completes b.vc with the holder side: a Verifiable Presentation is a holder-signed envelope wrapping one or more credentials, proving the presenter controls the key the credentials were issued to. b.vc.present builds and signs a VerifiablePresentation (each credential enveloped per VC-JOSE-COSE) as a compact JWS (vp+jwt) or COSE_Sign1 (application/vp+cose), matching b.vc.issue's algorithms; an optional nonce / audience is embedded in the signed presentation for holder-binding and replay protection. b.vc.verifyPresentation verifies the holder signature (auto-detected jose/cose, mandatory algorithm allowlist, JOSE none refused), the VCDM structure, and the embedded nonce / audience / expectedHolder when given, and — with verifyCredentials: true — verifies each enveloped credential through b.vc.verify and returns them. The holder is typically a DID, resolved to a key via b.did. Composes b.cose; no new runtime dependency. **Added:** *`b.vc.present(opts)` / `b.vc.verifyPresentation(secured, opts)`* — `present` wraps `opts.credentials` (secured VCs — compact-JWS strings or COSE_Sign1 bytes, each enveloped as an `EnvelopedVerifiableCredential` data: URI) in a `VerifiablePresentation` signed by the holder, with optional `nonce` / `audience` embedded for binding. `verifyPresentation` verifies the holder signature against the mandatory `opts.algorithms` allowlist (JOSE `none` always refused), re-checks the VCDM structure, enforces `expectedHolder` / `nonce` / `audience` when supplied, and with `verifyCredentials: true` verifies each enveloped credential through `b.vc.verify` (using `opts.credentialOpts`), returning `{ presentation, holder, credentials, securing, alg }`. The enveloped-credential count is bounded. A `vp+jwt` presentation is refused by `b.vc.verify` and a `vc+jwt` credential is refused by `verifyPresentation` — the media-type binding keeps the two surfaces distinct.
+
+- v0.12.41 (2026-05-24) — **`b.did` — W3C DID resolution (did:key + did:web) feeding the credential verifiers.** Resolve W3C Decentralized Identifiers (DID Core 1.0) to verification keys — the link that lets a credential's issuer be named by a DID rather than a raw key. Resolve the issuer DID of a b.vc / b.mdoc / b.scitt credential to a node:crypto KeyObject and hand it to the verifier. did:key encodes the public key in the identifier (multicodec + base58btc), so resolution is deterministic and offline — Ed25519, P-256, P-384, and secp256k1 round-trip; did:web places the DID document at an HTTPS URL derived from the identifier, with the network fetch left to the operator (the framework parses the operator-fetched document and extracts its verification methods, as publicKeyMultibase or publicKeyJwk). b.did.keyToDid encodes a KeyObject as a did:key (an issuer naming itself), b.did.parse splits the identifier (and returns the did:web URL to fetch), and b.did.resolve returns the document and verification keys. DID Core 1.0 is a W3C Recommendation; the method specs (did:key W3C CCG report, did:web DID method registry — EUDI-mandated) are deployed-stable. Composes node:crypto; no new runtime dependency. **Added:** *`b.did.resolve(did, opts?)` / `b.did.keyToDid(publicKey)` / `b.did.parse(did)`* — `resolve` returns `{ didDocument, verificationMethods: [{ id, controller, type, publicKey }] }` with each `publicKey` a `node:crypto` KeyObject ready for `b.vc.verify` / `b.mdoc.verifyIssuerSigned` / `b.scitt.verifyStatement`. did:key resolves deterministically and offline (base58btc + multicodec → Ed25519 raw key or EC compressed point, rebuilt via SPKI); did:web requires the operator to pass the fetched DID document as `opts.document` (the URL to GET is on `b.did.parse(did).url`) and the document `id` must match the requested DID. A publicKeyJwk in a DID document is imported only after its `kty`/`crv` is allowlisted (Ed25519 / P-256 / P-384 / secp256k1) — an unexpected key type from an untrusted document is refused, not blindly imported. `keyToDid` encodes an Ed25519 / P-256 / P-384 / secp256k1 KeyObject as a did:key; `parse` derives the did:web HTTPS URL (`host[:port][:path]` → `https://host/path/did.json`, or `/.well-known/did.json`). Unknown methods, malformed base58, unsupported multicodec codes, and unsupported key types are each refused.
+
 - v0.12.40 (2026-05-24) — **`b.mdoc` — ISO 18013-5 mdoc / mDL issuer-data verification.** Verify the issuer-signed data of an ISO/IEC 18013-5 mdoc — the credential format behind mobile driving licences (mDL) and the ISO track of the EU Digital Identity Wallet. This is the relying-party side: confirm that the data elements a holder presents were signed by the issuer and have not been altered. An mdoc's IssuerSigned carries the disclosed data elements and an issuerAuth that is a COSE_Sign1 (b.cose) over a Mobile Security Object (MSO) holding a per-element digest. b.mdoc.verifyIssuerSigned verifies the COSE signature with the issuer certificate from the COSE x5chain header, parses the MSO, enforces its validityInfo window, and recomputes each disclosed element's digest (the full Tag-24 IssuerSignedItemBytes) to match it against the MSO constant-time — the integrity check that makes selective disclosure trustworthy. An absent or mismatched digest is refused. Signing algorithms follow b.cose verification (the classical ES256/384/512 + EdDSA that real mDL issuers use; the caller names the allowlist); opts.trustAnchorsPem additionally verifies the issuer certificate chain. This completes the credential trio alongside W3C VCDM (b.vc) and IETF SD-JWT VC (b.auth.sdJwtVc). Composes b.cose + b.cbor; no new runtime dependency. **Added:** *`b.mdoc.verifyIssuerSigned(issuerSigned, opts)`* — Takes the CBOR `IssuerSigned` map (the operator extracts it from the device response / QR) and returns `{ docType, version, digestAlgorithm, validityInfo, namespaces, signerCert, alg }`. Verifies the COSE_Sign1 `issuerAuth` against the mandatory `opts.algorithms` allowlist using the issuer certificate from its `x5chain` (label 33) header; parses the Tag-24 Mobile Security Object; enforces the MSO `validityInfo` window against `opts.at` (default now; must be a valid Date; malformed dates fail closed); and recomputes the digest of every disclosed `IssuerSignedItem` (over the full Tag-24 bytes, with the MSO `digestAlgorithm` — SHA-256/384/512) to match the MSO `valueDigests` constant-time — an absent or mismatched digest is refused with `mdoc/digest-mismatch`. `opts.expectedDocType` pins the document type; `opts.trustAnchorsPem` (a PEM string or array) additionally verifies the issuer certificate chain and validity at the asserted time. A malformed `x5chain` certificate is refused with a clean `mdoc/bad-cert`. The mdoc device-authentication half (the SessionTranscript-bound holder-binding proof) is a presentation-protocol concern and is not part of issuer-data verification.
 
 - v0.12.39 (2026-05-24) — **`b.vc` — W3C Verifiable Credentials 2.0 (issue / verify, JOSE + COSE securing).** Issue and verify W3C Verifiable Credentials (VC Data Model 2.0, a W3C Recommendation) secured per Securing Verifiable Credentials using JOSE and COSE (VC-JOSE-COSE, also a W3C Recommendation, May 2025). A verifiable credential is a tamper-evident, signed set of claims an issuer makes about a subject — a diploma, a membership, a license, an age assertion. Two securing mechanisms are supported, both signing the credential itself (no JWT/CWT claims wrapper): JOSE produces a compact JWS with the vc+jwt media type, signed with ES256/384/512 or EdDSA; COSE produces a COSE_Sign1 (application/vc+cose) over b.cose, which also accepts ML-DSA-87 for PQC-forward deployments. b.vc.verify auto-detects the form from the input, requires an algorithm allowlist, always refuses the JOSE none algorithm, re-checks the VCDM 2.0 structural rules, and enforces the validFrom / validUntil window. This is the W3C credential model, distinct from the IETF SD-JWT VC already at b.auth.sdJwtVc. Composes b.cose; no new runtime dependency. **Added:** *`b.vc.issue(credential, opts)` / `b.vc.verify(secured, opts)`* — `issue` validates the credential against the VCDM 2.0 structural rules (the `credentials/v2` context first, a `VerifiableCredential` type, an issuer, a credential subject) and signs it: `securing: "jose"` returns a compact JWS string (`typ` header `vc+jwt`), `securing: "cose"` returns COSE_Sign1 bytes (`typ` header `application/vc+cose`, content type `application/vc`) via `b.cose`. The credential is the exact signed payload — no JWT/CWT claims are injected. `verify` auto-detects the securing form from the input (compact-JWS string vs. COSE_Sign1 bytes), verifies the signature against the mandatory `opts.algorithms` allowlist (the JOSE `none` algorithm is always refused), re-checks the structural rules, enforces the `validFrom` / `validUntil` window against `opts.at` (default now; must be a valid Date), and optionally matches `opts.expectedIssuer` against the credential issuer id. Returns `{ credential, securing, alg, issuer }`.