@blamejs/blamejs-shop 0.0.44

package/lib/vendor/blamejs/lib/codepoint-class.js

@@ -0,0 +1,262 @@
+"use strict";
+/**
+ * codepoint-class — shared codepoint-table threat catalog and regex
+ * compiler for the guard-* family.
+ *
+ * Threat detectors that need to match Unicode bidi overrides, C0
+ * control characters, zero-width / invisible chars, etc. compose
+ * regex character classes from numeric codepoint range tables here
+ * instead of embedding the attack characters directly in their
+ * source files. Centralizing the tables means:
+ *
+ *   - Source files in lib/guard-* stay pure ASCII (zero
+ *     irregular-whitespace lint findings, no eslint-disable comments
+ *     for this category).
+ *   - Adding / removing a codepoint from the catalog is a single
+ *     edit; every guard picks up the change.
+ *   - The detector composes the way an attacker would compose the
+ *     payload (programmatic codepoint emission, not literal typing).
+ *
+ * Surface:
+ *
+ *   hex4(cp)              -> "\\uXXXX" escape for a single codepoint
+ *   charClass(ranges)     -> regex character class body for a range
+ *                            table (e.g. [0x200E, [0x202A,0x202E]])
+ *   fromCp(cp)            -> String.fromCharCode shorthand
+ *   ranges()              -> { BIDI_RANGES, C0_CTRL_RANGES,
+ *                              ZERO_WIDTH_RANGES }
+ *   compiled()            -> { BIDI_RE, BIDI_RE_G, C0_CTRL_RE,
+ *                              C0_CTRL_RE_G, ZERO_WIDTH_RE, ZW_RE_G,
+ *                              NULL_RE_G, NULL_BYTE, BOM_CHAR }
+ *
+ * The compiled() exports are RegExp instances built from the
+ * codepoint tables at module load. Consumers grab them once at boot.
+ *
+ * Codepoint tables:
+ *
+ *   BIDI_RANGES — Unicode bidi-override family (CVE-2021-42574
+ *     Trojan Source). LRM U+200E / RLM U+200F / ALM U+061C / LRE
+ *     U+202A / RLE U+202B / PDF U+202C / LRO U+202D / RLO U+202E /
+ *     LRI U+2066 / RLI U+2067 / FSI U+2068 / PDI U+2069.
+ *
+ *   C0_CTRL_RANGES — C0 control characters minus tab (U+09) / lf
+ *     (U+0A) / cr (U+0D) — those are dialect-shaped chars that
+ *     parsers handle separately. Everything else (U+00, U+01-U+08,
+ *     U+0B-U+0C, U+0E-U+1F) flagged as control-byte injection.
+ *
+ *   ZERO_WIDTH_RANGES — invisible-formatting / zero-width chars
+ *     attackers use to hide payloads:
+ *     SHY  U+00AD  ZWSP U+200B  ZWNJ U+200C  ZWJ  U+200D
+ *     WJ   U+2060  BOM  U+FEFF
+ */
+
+var HEX_RADIX = 16;                                                 // allow:raw-byte-literal — base-16 radix, not byte size
+
+function hex4(cp) {
+  var s = cp.toString(HEX_RADIX).toUpperCase();
+  while (s.length < 4) s = "0" + s;
+  return "\\u" + s;
+}
+function charClass(rangeList) {
+  return rangeList.map(function (r) {
+    return Array.isArray(r) ? hex4(r[0]) + "-" + hex4(r[1]) : hex4(r);
+  }).join("");
+}
+function fromCp(cp) { return String.fromCharCode(cp); }
+
+var BIDI_RANGES       = [0x200E, 0x200F, 0x061C, [0x202A, 0x202E], [0x2066, 0x2069]];
+var C0_CTRL_RANGES    = [[0x0000, 0x0008], 0x000B, 0x000C, [0x000E, 0x001F]];
+var ZERO_WIDTH_RANGES = [0x00AD, [0x200B, 0x200D], 0x2060, 0xFEFF];
+
+// allow:dynamic-regex — codepoints from BIDI_RANGES literal table
+var BIDI_RE       = new RegExp("[" + charClass(BIDI_RANGES) + "]");
+// allow:dynamic-regex — codepoints from BIDI_RANGES literal table
+var BIDI_RE_G     = new RegExp("[" + charClass(BIDI_RANGES) + "]", "g");
+// allow:dynamic-regex — codepoints from C0_CTRL_RANGES literal table
+var C0_CTRL_RE    = new RegExp("[" + charClass(C0_CTRL_RANGES) + "]");
+// allow:dynamic-regex — codepoints from C0_CTRL_RANGES literal table
+var C0_CTRL_RE_G  = new RegExp("[" + charClass(C0_CTRL_RANGES) + "]", "g");
+// allow:dynamic-regex — codepoints from ZERO_WIDTH_RANGES literal table
+var ZERO_WIDTH_RE = new RegExp("[" + charClass(ZERO_WIDTH_RANGES) + "]");
+// allow:dynamic-regex — codepoints from ZERO_WIDTH_RANGES literal table
+var ZW_RE_G       = new RegExp("[" + charClass(ZERO_WIDTH_RANGES) + "]", "g");
+// allow:dynamic-regex — single literal codepoint U+0000
+var NULL_RE_G     = new RegExp(hex4(0x0000), "g");
+
+var NULL_BYTE = fromCp(0x0000);
+var BOM_CHAR  = fromCp(0xFEFF);
+
+// Unicode script-range catalog for IDN-homograph / mixed-script
+// confusable detection (UTS #39). Used by guard-domain, guard-email,
+// safe-url IDN host-label classification, and any future caller that
+// needs "is this label entirely one writing system?". Centralizing the
+// table keeps the codepoint definitions in one place — adding a script
+// is a single edit.
+var SCRIPT_RANGES = {
+  latin:    [[0x0041, 0x005A], [0x0061, 0x007A],
+             [0x00C0, 0x024F], [0x1E00, 0x1EFF]],                                 // allow:raw-byte-literal — Unicode script ranges
+  cyrillic: [[0x0400, 0x04FF], [0x0500, 0x052F]],                                 // allow:raw-byte-literal — Unicode Cyrillic + Cyrillic Supplement
+  greek:    [[0x0370, 0x03FF], [0x1F00, 0x1FFF]],                                 // allow:raw-byte-literal — Unicode Greek + Greek Extended
+  armenian: [[0x0530, 0x058F]],                                                   // allow:raw-byte-literal — Unicode Armenian
+  cherokee: [[0x13A0, 0x13FF], [0xAB70, 0xABBF]],                                 // allow:raw-byte-literal — Unicode Cherokee + Cherokee Supplement
+  han:      [[0x4E00, 0x9FFF]],                                                   // allow:raw-byte-literal — CJK Unified Ideographs
+  hiragana: [[0x3040, 0x309F]],                                                   // allow:raw-byte-literal — Hiragana
+  katakana: [[0x30A0, 0x30FF]],                                                   // allow:raw-byte-literal — Katakana
+  hangul:   [[0xAC00, 0xD7AF]],                                                   // allow:raw-byte-literal — Hangul Syllables
+  arabic:   [[0x0600, 0x06FF]],                                                   // allow:raw-byte-literal — Arabic
+  hebrew:   [[0x0590, 0x05FF]],                                                   // allow:raw-byte-literal — Hebrew
+};
+
+// scriptFor(cp) — returns the script-name string for a codepoint, or
+// null when the codepoint is in a script not in the catalog (digits,
+// punctuation, symbols, etc. are not script-classifying).
+function scriptFor(cp) {
+  var keys = Object.keys(SCRIPT_RANGES);
+  for (var i = 0; i < keys.length; i += 1) {
+    var ranges = SCRIPT_RANGES[keys[i]];
+    for (var j = 0; j < ranges.length; j += 1) {
+      if (cp >= ranges[j][0] && cp <= ranges[j][1]) return keys[i];
+    }
+  }
+  return null;
+}
+
+// detectMixedScripts(label, allowedScripts?) — returns null when the
+// label is single-script (or every script appears in the optional
+// allowedScripts allowlist), or an array of the detected script names
+// when the label mixes scripts (homograph attack shape — Cyrillic 'а'
+// inside an otherwise-Latin label, etc.). The result is the FULL set
+// of scripts seen; callers decide refuse / audit / strip.
+//
+// allowedScripts: an array of script names the caller treats as
+// acceptable; when supplied, a label whose every script is on the list
+// returns null even if multiple scripts appear (legitimate mixed-
+// script content like an English word inside a Japanese label).
+function detectMixedScripts(label, allowedScripts) {
+  if (typeof label !== "string" || label.length === 0) return null;
+  var seen = {};
+  for (var i = 0; i < label.length; i += 1) {
+    var script = scriptFor(label.charCodeAt(i));
+    if (script === null) continue;
+    seen[script] = true;
+  }
+  var scripts = Object.keys(seen);
+  if (scripts.length <= 1) return null;
+  if (!allowedScripts) return scripts;
+  for (var k = 0; k < scripts.length; k += 1) {
+    if (allowedScripts.indexOf(scripts[k]) === -1) return scripts;
+  }
+  return null;
+}
+
+// detectCharThreats — returns an array of issue objects for character-
+// class threats (bidi / null / C0-control) per the opts policy. Emits
+// at most one issue per class. Used by guard-* primitives' detection
+// pass instead of repeating the per-class match-and-push block.
+//
+// Issue shape mirrors guard-* convention:
+//   { kind, severity, ruleId, location, snippet }
+//
+//   issues.push.apply(issues,
+//     codepointClass.detectCharThreats(text, opts, "html"));
+function detectCharThreats(text, opts, codePrefix) {
+  var issues = [];
+  if (typeof text !== "string") return issues;
+  if (opts && opts.bidiPolicy !== "allow") {
+    var bidiMatch = text.match(BIDI_RE);
+    if (bidiMatch) {
+      issues.push({
+        kind: "bidi-override", severity: "critical",
+        ruleId: codePrefix + ".bidi",
+        location: bidiMatch.index,
+        snippet: "Unicode bidi override (CVE-2021-42574 Trojan Source)",
+      });
+    }
+  }
+  if (opts && opts.nullBytePolicy !== "allow") {
+    var nullIdx = text.indexOf(NULL_BYTE);
+    if (nullIdx >= 0) {
+      issues.push({
+        kind: "null-byte", severity: "critical",
+        ruleId: codePrefix + ".null-byte",
+        location: nullIdx,
+        snippet: "null byte at byte " + nullIdx,
+      });
+    }
+  }
+  if (opts && opts.controlPolicy !== "allow") {
+    var ctrlMatch = text.match(C0_CTRL_RE);
+    if (ctrlMatch) {
+      issues.push({
+        kind: "control-char", severity: "high",
+        ruleId: codePrefix + ".control",
+        location: ctrlMatch.index,
+        snippet: "C0 control char U+" + ctrlMatch[0].charCodeAt(0).toString(HEX_RADIX),
+      });
+    }
+  }
+  return issues;
+}
+
+// assertNoCharThreats — throws an instance of errorFactory(code, msg)
+// when the text contains a class that's set to "reject" in opts.
+// Opt-name vocabulary: bidiPolicy / nullBytePolicy / controlPolicy
+// (the standard guard-* family naming; older guard-csv uses different
+// names and keeps its inline checks).
+function assertNoCharThreats(text, opts, errorFactory, codePrefix) {
+  if (typeof text !== "string") return;
+  if (opts && opts.bidiPolicy === "reject" && BIDI_RE.test(text)) {           // allow:regex-no-length-cap — caller bounds length before invoking
+    throw errorFactory(codePrefix + ".bidi",
+      "input contains Unicode bidi override (CVE-2021-42574)");
+  }
+  if (opts && opts.nullBytePolicy === "reject" && text.indexOf(NULL_BYTE) !== -1) {
+    throw errorFactory(codePrefix + ".null-byte",
+      "input contains null byte");
+  }
+  if (opts && opts.controlPolicy === "reject" && C0_CTRL_RE.test(text)) {     // allow:regex-no-length-cap — caller bounds length before invoking
+    throw errorFactory(codePrefix + ".control",
+      "input contains C0 control character");
+  }
+}
+
+// applyCharStripPolicies — given a text and a policy object, apply
+// strip-mode replacements for each character-class threat. Reads:
+//   opts.bidiPolicy === "strip"      -> strip BIDI overrides
+//   opts.controlPolicy === "strip"   -> strip C0 controls
+//   opts.nullBytePolicy === "strip"  -> strip null bytes
+//   opts.zeroWidthPolicy === "strip" -> strip zero-widths
+// Returns the cleaned string. Used by every guard's sanitize path so
+// each one doesn't reinvent the same sequence of replace() calls.
+function applyCharStripPolicies(text, opts) {
+  if (typeof text !== "string") return text;
+  var out = text;
+  if (opts && opts.bidiPolicy === "strip")      out = out.replace(BIDI_RE_G, "");
+  if (opts && opts.controlPolicy === "strip")   out = out.replace(C0_CTRL_RE_G, "");
+  if (opts && opts.nullBytePolicy === "strip")  out = out.replace(NULL_RE_G, "");
+  if (opts && opts.zeroWidthPolicy === "strip") out = out.replace(ZW_RE_G, "");
+  return out;
+}
+
+module.exports = {
+  hex4:              hex4,
+  charClass:         charClass,
+  fromCp:            fromCp,
+  BIDI_RANGES:       BIDI_RANGES,
+  C0_CTRL_RANGES:    C0_CTRL_RANGES,
+  ZERO_WIDTH_RANGES: ZERO_WIDTH_RANGES,
+  BIDI_RE:           BIDI_RE,
+  BIDI_RE_G:         BIDI_RE_G,
+  C0_CTRL_RE:        C0_CTRL_RE,
+  C0_CTRL_RE_G:      C0_CTRL_RE_G,
+  ZERO_WIDTH_RE:     ZERO_WIDTH_RE,
+  ZW_RE_G:           ZW_RE_G,
+  NULL_RE_G:         NULL_RE_G,
+  NULL_BYTE:         NULL_BYTE,
+  BOM_CHAR:          BOM_CHAR,
+  applyCharStripPolicies: applyCharStripPolicies,
+  assertNoCharThreats:    assertNoCharThreats,
+  detectCharThreats:      detectCharThreats,
+  SCRIPT_RANGES:          SCRIPT_RANGES,
+  scriptFor:              scriptFor,
+  detectMixedScripts:     detectMixedScripts,
+};

package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js

@@ -0,0 +1,190 @@
+"use strict";
+/**
+ * EU AI Act Article 12 — automatic logging requirements for high-risk
+ * AI systems.
+ *
+ * Per Regulation (EU) 2024/1689 Art. 12, providers of high-risk AI
+ * systems MUST design the system to automatically record events
+ * ("logs") over its lifetime, sufficient to:
+ *
+ *   (a) identify situations that may result in the AI system
+ *       presenting a risk under Art. 79(1) (post-market monitoring);
+ *   (b) facilitate post-market monitoring per Art. 72;
+ *   (c) monitor the operation of the high-risk AI systems referred
+ *       to in Art. 26(5) (deployer obligations).
+ *
+ * For Annex III §1(a) (remote biometric identification systems), the
+ * minimum required logged fields are explicitly enumerated in
+ * Art. 12(3):
+ *
+ *   - period of each use (start time, end time)
+ *   - reference database against which input data was checked
+ *   - input data for which the search led to a match
+ *   - identification of natural persons involved in result verification
+ *
+ * The framework provides a typed event-builder that produces records
+ * conforming to these requirements, plus a serialiser that funnels the
+ * records into the framework's audit-chain (b.audit) so they ride the
+ * tamper-evident PQC-signed chain.
+ *
+ * Logs are operator-retained per Art. 19 (provider must keep them at
+ * least 6 months unless local law requires longer; for high-risk
+ * systems used in financial services + employment + law enforcement
+ * the retention floor is 1 year). The retention floor cross-walks
+ * into b.retention.complianceFloor.
+ */
+
+var validateOpts        = require("./validate-opts");
+var lazyRequire         = require("./lazy-require");
+var C                   = require("./constants");
+var { ComplianceError }  = require("./framework-error");
+
+var audit               = lazyRequire(function () { return require("./audit"); });
+
+// Retention floors per Art. 19. Operator's b.retention.complianceFloor
+// applies the more-stringent of: AI Act floor, sectoral law, internal
+// retention policy.
+var RETENTION_FLOORS = Object.freeze({
+  default:                    C.TIME.days(180),
+  "high-risk-financial":      C.TIME.days(365),
+  "high-risk-employment":     C.TIME.days(365),
+  "high-risk-law-enforcement": C.TIME.days(365),
+});
+
+var MIN_BIOMETRIC_FIELDS = Object.freeze([
+  "periodStart", "periodEnd", "referenceDatabase",
+  "matchedInputRef", "verifiers",
+]);
+
+function buildEvent(opts) {
+  opts = opts || {};
+  validateOpts(opts, [
+    "systemId", "kind", "actor", "timestamp",
+    "periodStart", "periodEnd", "referenceDatabase",
+    "matchedInputRef", "verifiers",
+    "outcome", "metadata", "annexIII",
+  ], "compliance.aiAct.logging.buildEvent");
+
+  validateOpts.requireNonEmptyString(opts.systemId,
+    "buildEvent: systemId", ComplianceError, "compliance-ai-act/bad-event");
+  validateOpts.requireNonEmptyString(opts.kind,
+    "buildEvent: kind", ComplianceError, "compliance-ai-act/bad-event");
+
+  var nowMs = (typeof opts.timestamp === "number" && isFinite(opts.timestamp))
+    ? opts.timestamp : Date.now();
+
+  var record = {
+    aiActArticle:    "Art. 12",
+    systemId:        opts.systemId,
+    kind:            opts.kind,
+    timestamp:       new Date(nowMs).toISOString(),
+    actor:           opts.actor || null,
+    annexIII:        opts.annexIII || null,
+    outcome:         opts.outcome || "ok",
+  };
+
+  // Annex III §1(a) biometric-id systems require specific fields.
+  if (opts.annexIII === "biometric-id-categorisation") {
+    var missing = [];
+    for (var i = 0; i < MIN_BIOMETRIC_FIELDS.length; i += 1) {
+      var field = MIN_BIOMETRIC_FIELDS[i];
+      if (opts[field] == null) missing.push(field);
+    }
+    if (missing.length > 0) {
+      throw new ComplianceError("compliance-ai-act/missing-biometric-fields",
+        "buildEvent: biometric-id event missing required fields per Art. 12(3): " +
+        missing.join(", "));
+    }
+    record.periodStart       = _toIsoString(opts.periodStart);
+    record.periodEnd         = _toIsoString(opts.periodEnd);
+    record.referenceDatabase = opts.referenceDatabase;
+    record.matchedInputRef   = opts.matchedInputRef;
+    record.verifiers         = Array.isArray(opts.verifiers)
+      ? opts.verifiers.slice() : [opts.verifiers];
+  }
+
+  if (opts.metadata && typeof opts.metadata === "object") {
+    record.metadata = opts.metadata;
+  }
+  return record;
+}
+
+function _toIsoString(value) {
+  if (value == null) return null;
+  if (typeof value === "string") return value;
+  if (typeof value === "number" && isFinite(value)) {
+    return new Date(value).toISOString();
+  }
+  if (value instanceof Date) return value.toISOString();
+  return null;
+}
+
+function emit(event) {
+  if (!event || typeof event !== "object") {
+    throw new ComplianceError("compliance-ai-act/bad-event",
+      "compliance.aiAct.logging.emit: event must be an object");
+  }
+  // Funnel into the framework audit chain so the record rides the
+  // tamper-evident PQC-signed chain. The operator-facing kind vocabulary
+  // (from RFC-style slug identifiers in the AI-Act-Notice header — e.g.
+  // "biometric-id-categorisation") carries hyphens; the audit action
+  // namespace uses underscores, so the kind is rewritten before emit.
+  try {
+    var kindCanonical = String(event.kind || "log").replace(/-/g, "_");
+    audit().safeEmit({
+      action:   "compliance.aiact." + kindCanonical,
+      outcome:  event.outcome || "success",
+      actor:    event.actor || null,
+      metadata: event,
+    });
+  } catch (_e) { /* drop-silent */ }
+  return event;
+}
+
+function logEvent(opts) {
+  var record = buildEvent(opts);
+  return emit(record);
+}
+
+function retentionFloorMs(opts) {
+  opts = opts || {};
+  validateOpts(opts, ["domain"], "compliance.aiAct.logging.retentionFloorMs");
+  var key = opts.domain || "default";
+  if (Object.prototype.hasOwnProperty.call(RETENTION_FLOORS, key)) {
+    return RETENTION_FLOORS[key];
+  }
+  return RETENTION_FLOORS.default;
+}
+
+// Build a request-attached logger pre-bound to a system context. The
+// returned function accepts a partial event and merges it with the
+// preset (systemId, annexIII, deployer).
+function loggerFor(systemContext) {
+  if (!systemContext || typeof systemContext !== "object") {
+    throw new ComplianceError("compliance-ai-act/bad-system-context",
+      "loggerFor: systemContext must be an object");
+  }
+  validateOpts.requireNonEmptyString(systemContext.systemId,
+    "loggerFor: systemContext.systemId", ComplianceError, "compliance-ai-act/bad-system-context");
+  return function (eventPartial) {
+    var merged = Object.assign({}, eventPartial || {});
+    merged.systemId = systemContext.systemId;
+    if (systemContext.annexIII && !merged.annexIII) {
+      merged.annexIII = systemContext.annexIII;
+    }
+    if (systemContext.deployer && !merged.actor) {
+      merged.actor = { deployer: systemContext.deployer };
+    }
+    return logEvent(merged);
+  };
+}
+
+module.exports = {
+  buildEvent:        buildEvent,
+  emit:              emit,
+  logEvent:          logEvent,
+  retentionFloorMs:  retentionFloorMs,
+  loggerFor:         loggerFor,
+  RETENTION_FLOORS:  RETENTION_FLOORS,
+  MIN_BIOMETRIC_FIELDS: MIN_BIOMETRIC_FIELDS,
+};

package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js

@@ -0,0 +1,205 @@
+"use strict";
+/**
+ * EU AI Act Article 5 — prohibited AI practices.
+ *
+ * Per Regulation (EU) 2024/1689 Art. 5, certain AI practices are
+ * unconditionally prohibited in the EU market. The practices fall
+ * into eight categories listed below; each entry carries:
+ *
+ *   - id          — short canonical identifier (used by classify())
+ *   - article     — the sub-article of Art. 5 (a-h)
+ *   - title       — operator-readable title
+ *   - description — paraphrase of the prohibited practice
+ *   - examples    — non-exhaustive list of system shapes that fall in
+ *
+ * The catalog is operator-readable but NOT operator-extensible — Art. 5
+ * is set by EU regulation; operators don't add private "prohibited
+ * practices". For private "we don't allow this" rules see
+ * b.compliance.aiAct.local-policy (separate primitive).
+ *
+ * Effective date: 2026-02-02 per Art. 113(a). Operators with EU users
+ * MUST classify each AI system against this catalog before deployment.
+ */
+
+var PROHIBITED_PRACTICES = Object.freeze([
+  Object.freeze({
+    id:          "subliminal-manipulation",
+    article:     "Art. 5(1)(a)",
+    title:       "Subliminal techniques beyond a person's consciousness",
+    description: "AI systems that deploy subliminal, purposefully manipulative, or deceptive techniques with the objective or effect of materially distorting a person's behaviour by appreciably impairing their ability to make an informed decision, thereby causing or likely to cause significant harm.",
+    examples:    Object.freeze([
+      "Hidden audio cues in marketing audio that bypass conscious perception",
+      "UX patterns engineered with eye-tracking to push specific decisions",
+      "Generative content that subliminally embeds product imagery",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "exploit-vulnerabilities",
+    article:     "Art. 5(1)(b)",
+    title:       "Exploiting vulnerabilities of specific groups",
+    description: "AI systems that exploit vulnerabilities of a specific group of persons (due to age, disability, or specific social or economic situation) with the objective or effect of materially distorting their behaviour, thereby causing or likely to cause significant harm.",
+    examples:    Object.freeze([
+      "Recommender systems targeting children with addictive content patterns",
+      "Predatory lending offers tuned to financial-distress signals",
+      "Manipulative chatbots aimed at elderly users with dementia signals",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "social-scoring",
+    article:     "Art. 5(1)(c)",
+    title:       "Social scoring by public authorities",
+    description: "AI systems for the evaluation or classification of natural persons over a certain period of time based on their social behaviour or known, inferred or predicted personal or personality characteristics, leading to detrimental or unfavourable treatment that is unjustified or disproportionate.",
+    examples:    Object.freeze([
+      "General-purpose social-credit ranking by a state agency",
+      "Cross-context behavior scoring used to deny unrelated services",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "predictive-policing-individual",
+    article:     "Art. 5(1)(d)",
+    title:       "Predictive policing solely on profiling",
+    description: "AI systems for making risk assessments of natural persons in order to assess or predict the risk of a natural person committing a criminal offence, based solely on the profiling of a natural person or on assessing their personality traits and characteristics.",
+    examples:    Object.freeze([
+      "Recidivism scoring using only demographic + arrest-history features",
+      "Heatmap-driven 'pre-crime' targeting of named individuals",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "untargeted-facial-scraping",
+    article:     "Art. 5(1)(e)",
+    title:       "Untargeted scraping for facial-recognition databases",
+    description: "AI systems that create or expand facial-recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.",
+    examples:    Object.freeze([
+      "Bulk-collecting public profile photos to populate a face-search index",
+      "CCTV-derived enrolment of unconsenting bystanders",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "emotion-inference-workplace-edu",
+    article:     "Art. 5(1)(f)",
+    title:       "Emotion inference in workplace and education",
+    description: "AI systems to infer emotions of a natural person in the areas of workplace and education institutions, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons.",
+    examples:    Object.freeze([
+      "Camera-based 'engagement' scoring of students during remote class",
+      "Sentiment analysis of employee video calls for performance review",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "biometric-categorisation-sensitive",
+    article:     "Art. 5(1)(g)",
+    title:       "Biometric categorisation by sensitive attributes",
+    description: "AI systems of biometric categorisation that categorise individually natural persons based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation.",
+    examples:    Object.freeze([
+      "Face-derived political-opinion or religion classifiers",
+      "Voice-derived sexual-orientation inference",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+  Object.freeze({
+    id:          "real-time-remote-biometric-id",
+    article:     "Art. 5(1)(h)",
+    title:       "Real-time remote biometric identification in public",
+    description: "AI systems for real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes — except for narrowly-defined exceptions (search for missing persons, prevention of imminent threat, suspect of serious crime listed in Annex II).",
+    examples:    Object.freeze([
+      "Mass facial-recognition gates at festivals or stations",
+      "Real-time crowd-scanning ID systems without imminent-threat trigger",
+    ]),
+    effectiveDate: "2026-02-02",
+  }),
+]);
+
+function listPractices() {
+  return PROHIBITED_PRACTICES.slice();
+}
+
+function getPractice(id) {
+  for (var i = 0; i < PROHIBITED_PRACTICES.length; i += 1) {
+    if (PROHIBITED_PRACTICES[i].id === id) return PROHIBITED_PRACTICES[i];
+  }
+  return null;
+}
+
+function listIds() {
+  return PROHIBITED_PRACTICES.map(function (p) { return p.id; });
+}
+
+// Classify a system description against the catalog. Returns the array
+// of practice IDs it appears to fall under, based on operator-supplied
+// signals. The classifier is intentionally conservative — it errs on
+// the side of flagging a system as potentially-prohibited; legal
+// review is required before deployment regardless of the result.
+
+function classify(systemDescription) {
+  if (!systemDescription || typeof systemDescription !== "object") {
+    return [];
+  }
+  var hits = [];
+  // (a) subliminal manipulation
+  if (systemDescription.usesSubliminalCues === true ||
+      systemDescription.intent === "subliminal-influence") {
+    hits.push("subliminal-manipulation");
+  }
+  // (b) exploit vulnerabilities
+  if (systemDescription.targetsVulnerableGroup === true) {
+    hits.push("exploit-vulnerabilities");
+  }
+  // (c) social scoring
+  if (systemDescription.purpose === "social-scoring" &&
+      systemDescription.deployerType === "public-authority") {
+    hits.push("social-scoring");
+  }
+  // (d) predictive policing on profiling alone
+  if (systemDescription.purpose === "predictive-policing" &&
+      systemDescription.usesProfileOnly === true) {
+    hits.push("predictive-policing-individual");
+  }
+  // (e) untargeted facial-recognition database build
+  if (systemDescription.builds === "facial-recognition-db" &&
+      systemDescription.scrapesUntargeted === true) {
+    hits.push("untargeted-facial-scraping");
+  }
+  // (f) emotion inference in workplace / education
+  if (systemDescription.infersEmotion === true &&
+      (systemDescription.deployContext === "workplace" ||
+       systemDescription.deployContext === "education")) {
+    if (systemDescription.purpose !== "medical" &&
+        systemDescription.purpose !== "safety") {
+      hits.push("emotion-inference-workplace-edu");
+    }
+  }
+  // (g) biometric categorisation of sensitive attributes
+  if (systemDescription.biometricCategorisation === true &&
+      Array.isArray(systemDescription.inferredAttributes)) {
+    var sensitive = ["race", "political-opinion", "trade-union",
+                     "religion", "philosophy", "sex-life", "sexual-orientation"];
+    for (var i = 0; i < systemDescription.inferredAttributes.length; i += 1) {
+      if (sensitive.indexOf(systemDescription.inferredAttributes[i]) !== -1) {
+        hits.push("biometric-categorisation-sensitive");
+        break;
+      }
+    }
+  }
+  // (h) real-time remote biometric ID for law enforcement
+  if (systemDescription.remoteBiometricId === "real-time" &&
+      systemDescription.deployContext === "law-enforcement-public-space" &&
+      systemDescription.exemption !== "missing-person" &&
+      systemDescription.exemption !== "imminent-threat" &&
+      systemDescription.exemption !== "annex-ii-suspect") {
+    hits.push("real-time-remote-biometric-id");
+  }
+  return hits;
+}
+
+module.exports = {
+  PROHIBITED_PRACTICES: PROHIBITED_PRACTICES,
+  listPractices:        listPractices,
+  listIds:              listIds,
+  getPractice:          getPractice,
+  classify:             classify,
+};