@blamejs/blamejs-shop 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1220) hide show
  1. package/CHANGELOG.md +87 -0
  2. package/LICENSE +17 -0
  3. package/README.md +117 -0
  4. package/SECURITY.md +139 -0
  5. package/lib/admin.js +952 -0
  6. package/lib/analytics.js +267 -0
  7. package/lib/cart.js +279 -0
  8. package/lib/catalog-import.js +344 -0
  9. package/lib/catalog.js +769 -0
  10. package/lib/checkout.js +320 -0
  11. package/lib/config.js +151 -0
  12. package/lib/customers.js +322 -0
  13. package/lib/email.js +242 -0
  14. package/lib/externaldb-d1.js +283 -0
  15. package/lib/index.js +57 -0
  16. package/lib/inventory-alerts.js +198 -0
  17. package/lib/newsletter.js +142 -0
  18. package/lib/order.js +380 -0
  19. package/lib/payment.js +318 -0
  20. package/lib/pricing.js +185 -0
  21. package/lib/r2-bridge.js +169 -0
  22. package/lib/shipping.js +185 -0
  23. package/lib/storefront.js +2160 -0
  24. package/lib/subscriptions.js +410 -0
  25. package/lib/tax.js +161 -0
  26. package/lib/theme.js +194 -0
  27. package/lib/vendor/MANIFEST.json +19 -0
  28. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +23 -0
  29. package/lib/vendor/blamejs/.clusterfuzzlite/build.sh +34 -0
  30. package/lib/vendor/blamejs/.clusterfuzzlite/project.yaml +16 -0
  31. package/lib/vendor/blamejs/.dockerignore +45 -0
  32. package/lib/vendor/blamejs/.gitattributes +42 -0
  33. package/lib/vendor/blamejs/.github/CODEOWNERS +4 -0
  34. package/lib/vendor/blamejs/.github/FUNDING.yml +2 -0
  35. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/bug_report.md +58 -0
  36. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/config.yml +8 -0
  37. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/feature_request.md +99 -0
  38. package/lib/vendor/blamejs/.github/PULL_REQUEST_TEMPLATE.md +77 -0
  39. package/lib/vendor/blamejs/.github/dependabot.yml +37 -0
  40. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +148 -0
  41. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +107 -0
  42. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +122 -0
  43. package/lib/vendor/blamejs/.github/workflows/ci.yml +511 -0
  44. package/lib/vendor/blamejs/.github/workflows/codeql.yml +50 -0
  45. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +655 -0
  46. package/lib/vendor/blamejs/.github/workflows/release-container.yml +406 -0
  47. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +101 -0
  48. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +134 -0
  49. package/lib/vendor/blamejs/.gitignore +102 -0
  50. package/lib/vendor/blamejs/.gitleaks.toml +166 -0
  51. package/lib/vendor/blamejs/.hadolint.yaml +18 -0
  52. package/lib/vendor/blamejs/.npmrc +5 -0
  53. package/lib/vendor/blamejs/.pinact.yaml +17 -0
  54. package/lib/vendor/blamejs/ARCHITECTURE.md +158 -0
  55. package/lib/vendor/blamejs/CHANGELOG.md +1351 -0
  56. package/lib/vendor/blamejs/CODE_OF_CONDUCT.md +86 -0
  57. package/lib/vendor/blamejs/CONTRIBUTING.md +156 -0
  58. package/lib/vendor/blamejs/GOVERNANCE.md +201 -0
  59. package/lib/vendor/blamejs/LICENSE +201 -0
  60. package/lib/vendor/blamejs/LTS-CALENDAR.md +29 -0
  61. package/lib/vendor/blamejs/MIGRATING.md +29 -0
  62. package/lib/vendor/blamejs/NOTICE +81 -0
  63. package/lib/vendor/blamejs/README.md +304 -0
  64. package/lib/vendor/blamejs/SECURITY.md +432 -0
  65. package/lib/vendor/blamejs/api-snapshot.json +48709 -0
  66. package/lib/vendor/blamejs/assets/BlameJS_Logo.png +0 -0
  67. package/lib/vendor/blamejs/assets/BlameJS_Logo.svg +129 -0
  68. package/lib/vendor/blamejs/bench/README.md +77 -0
  69. package/lib/vendor/blamejs/bench/_helpers.js +70 -0
  70. package/lib/vendor/blamejs/bench/baseline.json +183 -0
  71. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +19 -0
  72. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +28 -0
  73. package/lib/vendor/blamejs/bench/run.js +140 -0
  74. package/lib/vendor/blamejs/bench/safe-json.bench.js +31 -0
  75. package/lib/vendor/blamejs/bin/blamejs.js +13 -0
  76. package/lib/vendor/blamejs/docker/caddy/Caddyfile +46 -0
  77. package/lib/vendor/blamejs/docker/coredns/Corefile +37 -0
  78. package/lib/vendor/blamejs/docker/haproxy/haproxy.cfg +52 -0
  79. package/lib/vendor/blamejs/docker/init/generate-certs.sh +118 -0
  80. package/lib/vendor/blamejs/docker/keycloak/realm-blamejs-test.json +87 -0
  81. package/lib/vendor/blamejs/docker/mitmproxy/config.yaml +16 -0
  82. package/lib/vendor/blamejs/docker/mongo/init-tls.sh +17 -0
  83. package/lib/vendor/blamejs/docker/mysql/my.cnf +12 -0
  84. package/lib/vendor/blamejs/docker/nats/nats.conf +33 -0
  85. package/lib/vendor/blamejs/docker/postgres/init-tls.sh +17 -0
  86. package/lib/vendor/blamejs/docker/postgres/postgresql.conf +18 -0
  87. package/lib/vendor/blamejs/docker/rabbitmq/rabbitmq.conf +18 -0
  88. package/lib/vendor/blamejs/docker/redis/redis.conf +15 -0
  89. package/lib/vendor/blamejs/docker/squid/squid.conf +24 -0
  90. package/lib/vendor/blamejs/docker/syslog/syslog-ng.conf +34 -0
  91. package/lib/vendor/blamejs/docker-compose.test.yml +545 -0
  92. package/lib/vendor/blamejs/docs/cis-postgres-crosswalk.md +102 -0
  93. package/lib/vendor/blamejs/docs/cis-sqlite-equivalent.md +92 -0
  94. package/lib/vendor/blamejs/eslint.config.mjs +204 -0
  95. package/lib/vendor/blamejs/examples/wiki/Caddyfile +40 -0
  96. package/lib/vendor/blamejs/examples/wiki/DEPLOY.md +218 -0
  97. package/lib/vendor/blamejs/examples/wiki/Dockerfile +120 -0
  98. package/lib/vendor/blamejs/examples/wiki/README.md +157 -0
  99. package/lib/vendor/blamejs/examples/wiki/cli-snapshot.json +250 -0
  100. package/lib/vendor/blamejs/examples/wiki/docker-compose.prod.yml +231 -0
  101. package/lib/vendor/blamejs/examples/wiki/docker-compose.yml +166 -0
  102. package/lib/vendor/blamejs/examples/wiki/env-snapshot.json +217 -0
  103. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +139 -0
  104. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +555 -0
  105. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +507 -0
  106. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +435 -0
  107. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +282 -0
  108. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +321 -0
  109. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +15 -0
  110. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +75 -0
  111. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +508 -0
  112. package/lib/vendor/blamejs/examples/wiki/lib/section.js +276 -0
  113. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +587 -0
  114. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +318 -0
  115. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +122 -0
  116. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +74 -0
  117. package/lib/vendor/blamejs/examples/wiki/package.json +18 -0
  118. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.png +0 -0
  119. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.svg +129 -0
  120. package/lib/vendor/blamejs/examples/wiki/public/robots.txt +5 -0
  121. package/lib/vendor/blamejs/examples/wiki/public/vendor/MANIFEST.json +30 -0
  122. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.css +1 -0
  123. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.js +15 -0
  124. package/lib/vendor/blamejs/examples/wiki/public/wiki.css +1250 -0
  125. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +366 -0
  126. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +230 -0
  127. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +266 -0
  128. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +214 -0
  129. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +35 -0
  130. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +34 -0
  131. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +76 -0
  132. package/lib/vendor/blamejs/examples/wiki/server.js +129 -0
  133. package/lib/vendor/blamejs/examples/wiki/site.config.js +197 -0
  134. package/lib/vendor/blamejs/examples/wiki/snippets/README.md +38 -0
  135. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +15 -0
  136. package/lib/vendor/blamejs/examples/wiki/src/editor.js +103 -0
  137. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +349 -0
  138. package/lib/vendor/blamejs/examples/wiki/test/AUDIT.md +155 -0
  139. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +594 -0
  140. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +741 -0
  141. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +254 -0
  142. package/lib/vendor/blamejs/examples/wiki/test/integration.js +391 -0
  143. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +379 -0
  144. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +346 -0
  145. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +212 -0
  146. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +252 -0
  147. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +107 -0
  148. package/lib/vendor/blamejs/examples/wiki/views/_layout.html +115 -0
  149. package/lib/vendor/blamejs/examples/wiki/views/admin/api-keys.html +51 -0
  150. package/lib/vendor/blamejs/examples/wiki/views/admin/dashboard.html +22 -0
  151. package/lib/vendor/blamejs/examples/wiki/views/admin/edit.html +17 -0
  152. package/lib/vendor/blamejs/examples/wiki/views/home.html +85 -0
  153. package/lib/vendor/blamejs/examples/wiki/views/login.html +18 -0
  154. package/lib/vendor/blamejs/examples/wiki/views/page.html +5 -0
  155. package/lib/vendor/blamejs/examples/wiki/views/partials/nav.html +13 -0
  156. package/lib/vendor/blamejs/examples/wiki/views/search.html +19 -0
  157. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +15 -0
  158. package/lib/vendor/blamejs/fuzz/README.md +137 -0
  159. package/lib/vendor/blamejs/fuzz/_expected.js +35 -0
  160. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +22 -0
  161. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +16 -0
  162. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/01-basic.csv +3 -0
  163. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/02-formula.csv +1 -0
  164. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/03-hyperlink.csv +1 -0
  165. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +22 -0
  166. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +16 -0
  167. package/lib/vendor/blamejs/fuzz/guard-email_seed_corpus/01-basic.eml +5 -0
  168. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +24 -0
  169. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +24 -0
  170. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +20 -0
  171. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +16 -0
  172. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/01-basic.html +1 -0
  173. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/02-script.html +1 -0
  174. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/03-event.html +1 -0
  175. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/04-jsurl.html +1 -0
  176. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +20 -0
  177. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +35 -0
  178. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +41 -0
  179. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +16 -0
  180. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/01-basic.json +1 -0
  181. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/02-proto.json +1 -0
  182. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/03-dupkey.json +1 -0
  183. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/04-nan.json +1 -0
  184. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/05-bom.json +1 -0
  185. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +21 -0
  186. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +25 -0
  187. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +22 -0
  188. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +22 -0
  189. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +27 -0
  190. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +23 -0
  191. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +36 -0
  192. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +26 -0
  193. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +16 -0
  194. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/01-basic.md +2 -0
  195. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/02-jsurl.md +1 -0
  196. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/03-jsimg.md +1 -0
  197. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +26 -0
  198. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +23 -0
  199. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +22 -0
  200. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +32 -0
  201. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +27 -0
  202. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +22 -0
  203. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +22 -0
  204. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +16 -0
  205. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/01-basic.svg +1 -0
  206. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/02-script.svg +1 -0
  207. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +20 -0
  208. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +30 -0
  209. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +16 -0
  210. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/01-basic.xml +1 -0
  211. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/02-xxe.xml +1 -0
  212. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +16 -0
  213. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/01-basic.yaml +2 -0
  214. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/02-anchor.yaml +2 -0
  215. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/03-norway.yaml +1 -0
  216. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/04-multidoc.yaml +4 -0
  217. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +16 -0
  218. package/lib/vendor/blamejs/fuzz/parsers__safe-ini_seed_corpus/01-basic.ini +2 -0
  219. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +16 -0
  220. package/lib/vendor/blamejs/fuzz/parsers__safe-toml_seed_corpus/01-basic.toml +4 -0
  221. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +16 -0
  222. package/lib/vendor/blamejs/fuzz/parsers__safe-xml_seed_corpus/01-basic.xml +1 -0
  223. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +16 -0
  224. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml_seed_corpus/01-basic.yaml +4 -0
  225. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +49 -0
  226. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +29 -0
  227. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +16 -0
  228. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +42 -0
  229. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +25 -0
  230. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/01-object.txt +1 -0
  231. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/02-array.txt +1 -0
  232. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/03-string.txt +1 -0
  233. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/04-proto.txt +1 -0
  234. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/05-deep.txt +1 -0
  235. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +16 -0
  236. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/01-basic.txt +1 -0
  237. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/02-filter.txt +1 -0
  238. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/03-deepscan.txt +1 -0
  239. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/04-slice.txt +1 -0
  240. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +27 -0
  241. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +33 -0
  242. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +28 -0
  243. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +64 -0
  244. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +16 -0
  245. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/01-basic.txt +1 -0
  246. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/02-userinfo.txt +1 -0
  247. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/03-dangerous.txt +1 -0
  248. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/04-data.txt +1 -0
  249. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/05-ipv6.txt +1 -0
  250. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/06-idn.txt +1 -0
  251. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +16 -0
  252. package/lib/vendor/blamejs/index.js +678 -0
  253. package/lib/vendor/blamejs/keys/release-pqc-pub.json +7 -0
  254. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +67 -0
  255. package/lib/vendor/blamejs/lib/a2a-tasks.js +598 -0
  256. package/lib/vendor/blamejs/lib/a2a.js +407 -0
  257. package/lib/vendor/blamejs/lib/acme.js +1448 -0
  258. package/lib/vendor/blamejs/lib/agent-audit.js +45 -0
  259. package/lib/vendor/blamejs/lib/agent-event-bus.js +382 -0
  260. package/lib/vendor/blamejs/lib/agent-idempotency.js +497 -0
  261. package/lib/vendor/blamejs/lib/agent-orchestrator.js +717 -0
  262. package/lib/vendor/blamejs/lib/agent-posture-chain.js +366 -0
  263. package/lib/vendor/blamejs/lib/agent-saga.js +321 -0
  264. package/lib/vendor/blamejs/lib/agent-snapshot.js +676 -0
  265. package/lib/vendor/blamejs/lib/agent-stream.js +269 -0
  266. package/lib/vendor/blamejs/lib/agent-tenant.js +632 -0
  267. package/lib/vendor/blamejs/lib/agent-trace.js +281 -0
  268. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +184 -0
  269. package/lib/vendor/blamejs/lib/ai-content-detect.js +268 -0
  270. package/lib/vendor/blamejs/lib/ai-input.js +201 -0
  271. package/lib/vendor/blamejs/lib/ai-model-manifest.js +363 -0
  272. package/lib/vendor/blamejs/lib/ai-pref.js +340 -0
  273. package/lib/vendor/blamejs/lib/api-key.js +721 -0
  274. package/lib/vendor/blamejs/lib/api-snapshot.js +458 -0
  275. package/lib/vendor/blamejs/lib/app-shutdown.js +557 -0
  276. package/lib/vendor/blamejs/lib/app.js +365 -0
  277. package/lib/vendor/blamejs/lib/archive.js +547 -0
  278. package/lib/vendor/blamejs/lib/arg-parser.js +697 -0
  279. package/lib/vendor/blamejs/lib/argon2-builtin.js +173 -0
  280. package/lib/vendor/blamejs/lib/asn1-der.js +424 -0
  281. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +160 -0
  282. package/lib/vendor/blamejs/lib/asyncapi-traits.js +143 -0
  283. package/lib/vendor/blamejs/lib/asyncapi.js +575 -0
  284. package/lib/vendor/blamejs/lib/atomic-file.js +1023 -0
  285. package/lib/vendor/blamejs/lib/audit-chain.js +266 -0
  286. package/lib/vendor/blamejs/lib/audit-daily-review.js +389 -0
  287. package/lib/vendor/blamejs/lib/audit-sign.js +751 -0
  288. package/lib/vendor/blamejs/lib/audit-tools.js +1113 -0
  289. package/lib/vendor/blamejs/lib/audit.js +1671 -0
  290. package/lib/vendor/blamejs/lib/auth/aal.js +169 -0
  291. package/lib/vendor/blamejs/lib/auth/access-lock.js +220 -0
  292. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +265 -0
  293. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +112 -0
  294. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +111 -0
  295. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +573 -0
  296. package/lib/vendor/blamejs/lib/auth/ciba.js +637 -0
  297. package/lib/vendor/blamejs/lib/auth/dpop.js +516 -0
  298. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +306 -0
  299. package/lib/vendor/blamejs/lib/auth/fal.js +229 -0
  300. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +681 -0
  301. package/lib/vendor/blamejs/lib/auth/jwt-external.js +519 -0
  302. package/lib/vendor/blamejs/lib/auth/jwt.js +430 -0
  303. package/lib/vendor/blamejs/lib/auth/lockout.js +449 -0
  304. package/lib/vendor/blamejs/lib/auth/oauth.js +2141 -0
  305. package/lib/vendor/blamejs/lib/auth/oid4vci.js +657 -0
  306. package/lib/vendor/blamejs/lib/auth/oid4vp.js +531 -0
  307. package/lib/vendor/blamejs/lib/auth/openid-federation.js +600 -0
  308. package/lib/vendor/blamejs/lib/auth/passkey.js +676 -0
  309. package/lib/vendor/blamejs/lib/auth/password.js +693 -0
  310. package/lib/vendor/blamejs/lib/auth/saml.js +2109 -0
  311. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +95 -0
  312. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +225 -0
  313. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +197 -0
  314. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +728 -0
  315. package/lib/vendor/blamejs/lib/auth/status-list.js +272 -0
  316. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +335 -0
  317. package/lib/vendor/blamejs/lib/auth/step-up.js +454 -0
  318. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +505 -0
  319. package/lib/vendor/blamejs/lib/auth-header.js +148 -0
  320. package/lib/vendor/blamejs/lib/backup/bundle.js +265 -0
  321. package/lib/vendor/blamejs/lib/backup/crypto.js +176 -0
  322. package/lib/vendor/blamejs/lib/backup/index.js +1001 -0
  323. package/lib/vendor/blamejs/lib/backup/manifest.js +443 -0
  324. package/lib/vendor/blamejs/lib/boot-gates.js +174 -0
  325. package/lib/vendor/blamejs/lib/breach-deadline.js +272 -0
  326. package/lib/vendor/blamejs/lib/break-glass.js +1753 -0
  327. package/lib/vendor/blamejs/lib/budr.js +205 -0
  328. package/lib/vendor/blamejs/lib/bundler.js +461 -0
  329. package/lib/vendor/blamejs/lib/cache-redis.js +256 -0
  330. package/lib/vendor/blamejs/lib/cache-status.js +288 -0
  331. package/lib/vendor/blamejs/lib/cache.js +1331 -0
  332. package/lib/vendor/blamejs/lib/calendar.js +1240 -0
  333. package/lib/vendor/blamejs/lib/canonical-json.js +143 -0
  334. package/lib/vendor/blamejs/lib/cdn-cache-control.js +473 -0
  335. package/lib/vendor/blamejs/lib/cert.js +763 -0
  336. package/lib/vendor/blamejs/lib/chain-writer.js +259 -0
  337. package/lib/vendor/blamejs/lib/circuit-breaker.js +101 -0
  338. package/lib/vendor/blamejs/lib/cli-helpers.js +237 -0
  339. package/lib/vendor/blamejs/lib/cli.js +2328 -0
  340. package/lib/vendor/blamejs/lib/client-hints.js +318 -0
  341. package/lib/vendor/blamejs/lib/cloud-events.js +277 -0
  342. package/lib/vendor/blamejs/lib/cluster-provider-db.js +317 -0
  343. package/lib/vendor/blamejs/lib/cluster-storage.js +351 -0
  344. package/lib/vendor/blamejs/lib/cluster.js +1017 -0
  345. package/lib/vendor/blamejs/lib/cms-codec.js +826 -0
  346. package/lib/vendor/blamejs/lib/codepoint-class.js +262 -0
  347. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +190 -0
  348. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +205 -0
  349. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +189 -0
  350. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +200 -0
  351. package/lib/vendor/blamejs/lib/compliance-ai-act.js +821 -0
  352. package/lib/vendor/blamejs/lib/compliance-eaa.js +204 -0
  353. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +167 -0
  354. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +206 -0
  355. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +297 -0
  356. package/lib/vendor/blamejs/lib/compliance-sanctions.js +569 -0
  357. package/lib/vendor/blamejs/lib/compliance.js +1558 -0
  358. package/lib/vendor/blamejs/lib/config-drift.js +426 -0
  359. package/lib/vendor/blamejs/lib/config.js +446 -0
  360. package/lib/vendor/blamejs/lib/consent.js +369 -0
  361. package/lib/vendor/blamejs/lib/constants.js +209 -0
  362. package/lib/vendor/blamejs/lib/content-credentials.js +704 -0
  363. package/lib/vendor/blamejs/lib/cookies.js +560 -0
  364. package/lib/vendor/blamejs/lib/cra-report.js +299 -0
  365. package/lib/vendor/blamejs/lib/credential-hash.js +394 -0
  366. package/lib/vendor/blamejs/lib/crypto-field.js +1017 -0
  367. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +187 -0
  368. package/lib/vendor/blamejs/lib/crypto-hpke.js +256 -0
  369. package/lib/vendor/blamejs/lib/crypto.js +1908 -0
  370. package/lib/vendor/blamejs/lib/csp.js +271 -0
  371. package/lib/vendor/blamejs/lib/csv.js +418 -0
  372. package/lib/vendor/blamejs/lib/daemon.js +481 -0
  373. package/lib/vendor/blamejs/lib/dark-patterns.js +488 -0
  374. package/lib/vendor/blamejs/lib/data-act.js +328 -0
  375. package/lib/vendor/blamejs/lib/db-collection.js +587 -0
  376. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +267 -0
  377. package/lib/vendor/blamejs/lib/db-declare-view.js +420 -0
  378. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +333 -0
  379. package/lib/vendor/blamejs/lib/db-query.js +802 -0
  380. package/lib/vendor/blamejs/lib/db-role-context.js +50 -0
  381. package/lib/vendor/blamejs/lib/db-schema.js +322 -0
  382. package/lib/vendor/blamejs/lib/db.js +3111 -0
  383. package/lib/vendor/blamejs/lib/dbsc.js +299 -0
  384. package/lib/vendor/blamejs/lib/ddl-change-control.js +523 -0
  385. package/lib/vendor/blamejs/lib/deprecate.js +377 -0
  386. package/lib/vendor/blamejs/lib/dev.js +405 -0
  387. package/lib/vendor/blamejs/lib/dora.js +402 -0
  388. package/lib/vendor/blamejs/lib/dr-runbook.js +368 -0
  389. package/lib/vendor/blamejs/lib/dsr.js +1188 -0
  390. package/lib/vendor/blamejs/lib/dual-control.js +526 -0
  391. package/lib/vendor/blamejs/lib/early-hints.js +212 -0
  392. package/lib/vendor/blamejs/lib/error-page.js +420 -0
  393. package/lib/vendor/blamejs/lib/events.js +214 -0
  394. package/lib/vendor/blamejs/lib/external-db-migrate.js +659 -0
  395. package/lib/vendor/blamejs/lib/external-db.js +1877 -0
  396. package/lib/vendor/blamejs/lib/fapi2.js +394 -0
  397. package/lib/vendor/blamejs/lib/fda-21cfr11.js +395 -0
  398. package/lib/vendor/blamejs/lib/fdx.js +370 -0
  399. package/lib/vendor/blamejs/lib/fedcm.js +264 -0
  400. package/lib/vendor/blamejs/lib/file-type.js +360 -0
  401. package/lib/vendor/blamejs/lib/file-upload.js +1256 -0
  402. package/lib/vendor/blamejs/lib/flag-cache.js +136 -0
  403. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +135 -0
  404. package/lib/vendor/blamejs/lib/flag-providers.js +279 -0
  405. package/lib/vendor/blamejs/lib/flag-targeting.js +210 -0
  406. package/lib/vendor/blamejs/lib/flag.js +346 -0
  407. package/lib/vendor/blamejs/lib/forms.js +525 -0
  408. package/lib/vendor/blamejs/lib/framework-error.js +724 -0
  409. package/lib/vendor/blamejs/lib/framework-schema.js +845 -0
  410. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +34 -0
  411. package/lib/vendor/blamejs/lib/fsm.js +469 -0
  412. package/lib/vendor/blamejs/lib/gate-contract.js +1661 -0
  413. package/lib/vendor/blamejs/lib/gdpr-ropa.js +261 -0
  414. package/lib/vendor/blamejs/lib/graphql-federation.js +234 -0
  415. package/lib/vendor/blamejs/lib/guard-agent-registry.js +179 -0
  416. package/lib/vendor/blamejs/lib/guard-all.js +555 -0
  417. package/lib/vendor/blamejs/lib/guard-archive.js +901 -0
  418. package/lib/vendor/blamejs/lib/guard-auth.js +451 -0
  419. package/lib/vendor/blamejs/lib/guard-cidr.js +676 -0
  420. package/lib/vendor/blamejs/lib/guard-csv.js +1176 -0
  421. package/lib/vendor/blamejs/lib/guard-domain.js +814 -0
  422. package/lib/vendor/blamejs/lib/guard-dsn.js +382 -0
  423. package/lib/vendor/blamejs/lib/guard-email.js +951 -0
  424. package/lib/vendor/blamejs/lib/guard-envelope.js +294 -0
  425. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +217 -0
  426. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +150 -0
  427. package/lib/vendor/blamejs/lib/guard-filename.js +956 -0
  428. package/lib/vendor/blamejs/lib/guard-graphql.js +731 -0
  429. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +164 -0
  430. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +144 -0
  431. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +154 -0
  432. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +44 -0
  433. package/lib/vendor/blamejs/lib/guard-html-wcag.js +470 -0
  434. package/lib/vendor/blamejs/lib/guard-html.js +1209 -0
  435. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +151 -0
  436. package/lib/vendor/blamejs/lib/guard-image.js +584 -0
  437. package/lib/vendor/blamejs/lib/guard-imap-command.js +337 -0
  438. package/lib/vendor/blamejs/lib/guard-jmap.js +321 -0
  439. package/lib/vendor/blamejs/lib/guard-json.js +935 -0
  440. package/lib/vendor/blamejs/lib/guard-jsonpath.js +512 -0
  441. package/lib/vendor/blamejs/lib/guard-jwt.js +772 -0
  442. package/lib/vendor/blamejs/lib/guard-list-id.js +318 -0
  443. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +412 -0
  444. package/lib/vendor/blamejs/lib/guard-mail-compose.js +282 -0
  445. package/lib/vendor/blamejs/lib/guard-mail-move.js +202 -0
  446. package/lib/vendor/blamejs/lib/guard-mail-query.js +310 -0
  447. package/lib/vendor/blamejs/lib/guard-mail-reply.js +172 -0
  448. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +207 -0
  449. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +566 -0
  450. package/lib/vendor/blamejs/lib/guard-markdown.js +768 -0
  451. package/lib/vendor/blamejs/lib/guard-message-id.js +267 -0
  452. package/lib/vendor/blamejs/lib/guard-mime.js +609 -0
  453. package/lib/vendor/blamejs/lib/guard-oauth.js +650 -0
  454. package/lib/vendor/blamejs/lib/guard-pdf.js +569 -0
  455. package/lib/vendor/blamejs/lib/guard-pop3-command.js +317 -0
  456. package/lib/vendor/blamejs/lib/guard-posture-chain.js +201 -0
  457. package/lib/vendor/blamejs/lib/guard-regex.js +632 -0
  458. package/lib/vendor/blamejs/lib/guard-saga-config.js +157 -0
  459. package/lib/vendor/blamejs/lib/guard-shell.js +522 -0
  460. package/lib/vendor/blamejs/lib/guard-smtp-command.js +594 -0
  461. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +168 -0
  462. package/lib/vendor/blamejs/lib/guard-stream-args.js +166 -0
  463. package/lib/vendor/blamejs/lib/guard-svg.js +1163 -0
  464. package/lib/vendor/blamejs/lib/guard-template.js +490 -0
  465. package/lib/vendor/blamejs/lib/guard-tenant-id.js +138 -0
  466. package/lib/vendor/blamejs/lib/guard-time.js +586 -0
  467. package/lib/vendor/blamejs/lib/guard-trace-context.js +172 -0
  468. package/lib/vendor/blamejs/lib/guard-uuid.js +548 -0
  469. package/lib/vendor/blamejs/lib/guard-xml.js +666 -0
  470. package/lib/vendor/blamejs/lib/guard-yaml.js +726 -0
  471. package/lib/vendor/blamejs/lib/hal.js +125 -0
  472. package/lib/vendor/blamejs/lib/handlers.js +350 -0
  473. package/lib/vendor/blamejs/lib/honeytoken.js +168 -0
  474. package/lib/vendor/blamejs/lib/html-balance.js +347 -0
  475. package/lib/vendor/blamejs/lib/http-client-cache.js +923 -0
  476. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +519 -0
  477. package/lib/vendor/blamejs/lib/http-client.js +2152 -0
  478. package/lib/vendor/blamejs/lib/http-message-signature.js +589 -0
  479. package/lib/vendor/blamejs/lib/http2-teardown.js +34 -0
  480. package/lib/vendor/blamejs/lib/i18n-messageformat.js +398 -0
  481. package/lib/vendor/blamejs/lib/i18n.js +931 -0
  482. package/lib/vendor/blamejs/lib/iab-mspa.js +257 -0
  483. package/lib/vendor/blamejs/lib/iab-tcf.js +461 -0
  484. package/lib/vendor/blamejs/lib/importmap-integrity.js +90 -0
  485. package/lib/vendor/blamejs/lib/inbox.js +435 -0
  486. package/lib/vendor/blamejs/lib/incident-report.js +314 -0
  487. package/lib/vendor/blamejs/lib/ip-utils.js +102 -0
  488. package/lib/vendor/blamejs/lib/jobs.js +185 -0
  489. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +228 -0
  490. package/lib/vendor/blamejs/lib/jsonapi.js +230 -0
  491. package/lib/vendor/blamejs/lib/keychain.js +865 -0
  492. package/lib/vendor/blamejs/lib/lazy-require.js +48 -0
  493. package/lib/vendor/blamejs/lib/legal-hold.js +374 -0
  494. package/lib/vendor/blamejs/lib/local-db-thin.js +321 -0
  495. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +369 -0
  496. package/lib/vendor/blamejs/lib/log-stream-local.js +146 -0
  497. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +410 -0
  498. package/lib/vendor/blamejs/lib/log-stream-otlp.js +286 -0
  499. package/lib/vendor/blamejs/lib/log-stream-syslog.js +310 -0
  500. package/lib/vendor/blamejs/lib/log-stream-webhook.js +199 -0
  501. package/lib/vendor/blamejs/lib/log-stream.js +584 -0
  502. package/lib/vendor/blamejs/lib/log.js +625 -0
  503. package/lib/vendor/blamejs/lib/lro.js +200 -0
  504. package/lib/vendor/blamejs/lib/mail-agent.js +786 -0
  505. package/lib/vendor/blamejs/lib/mail-arc-sign.js +417 -0
  506. package/lib/vendor/blamejs/lib/mail-arf.js +343 -0
  507. package/lib/vendor/blamejs/lib/mail-auth.js +2144 -0
  508. package/lib/vendor/blamejs/lib/mail-bimi.js +1047 -0
  509. package/lib/vendor/blamejs/lib/mail-bounce.js +955 -0
  510. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +1286 -0
  511. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +789 -0
  512. package/lib/vendor/blamejs/lib/mail-crypto.js +108 -0
  513. package/lib/vendor/blamejs/lib/mail-dav.js +1224 -0
  514. package/lib/vendor/blamejs/lib/mail-deploy.js +1119 -0
  515. package/lib/vendor/blamejs/lib/mail-dkim.js +1250 -0
  516. package/lib/vendor/blamejs/lib/mail-greylist.js +448 -0
  517. package/lib/vendor/blamejs/lib/mail-helo.js +473 -0
  518. package/lib/vendor/blamejs/lib/mail-journal.js +435 -0
  519. package/lib/vendor/blamejs/lib/mail-mdn.js +424 -0
  520. package/lib/vendor/blamejs/lib/mail-rbl.js +392 -0
  521. package/lib/vendor/blamejs/lib/mail-require-tls.js +198 -0
  522. package/lib/vendor/blamejs/lib/mail-scan.js +502 -0
  523. package/lib/vendor/blamejs/lib/mail-send-deliver.js +629 -0
  524. package/lib/vendor/blamejs/lib/mail-server-imap.js +1858 -0
  525. package/lib/vendor/blamejs/lib/mail-server-jmap.js +1565 -0
  526. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +908 -0
  527. package/lib/vendor/blamejs/lib/mail-server-mx.js +969 -0
  528. package/lib/vendor/blamejs/lib/mail-server-pop3.js +915 -0
  529. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +315 -0
  530. package/lib/vendor/blamejs/lib/mail-server-registry.js +378 -0
  531. package/lib/vendor/blamejs/lib/mail-server-submission.js +1396 -0
  532. package/lib/vendor/blamejs/lib/mail-server-tls.js +445 -0
  533. package/lib/vendor/blamejs/lib/mail-sieve.js +557 -0
  534. package/lib/vendor/blamejs/lib/mail-spam-score.js +284 -0
  535. package/lib/vendor/blamejs/lib/mail-srs.js +248 -0
  536. package/lib/vendor/blamejs/lib/mail-store-fts.js +394 -0
  537. package/lib/vendor/blamejs/lib/mail-store.js +929 -0
  538. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +400 -0
  539. package/lib/vendor/blamejs/lib/mail.js +1971 -0
  540. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +473 -0
  541. package/lib/vendor/blamejs/lib/mcp.js +950 -0
  542. package/lib/vendor/blamejs/lib/metrics.js +1503 -0
  543. package/lib/vendor/blamejs/lib/middleware/age-gate.js +177 -0
  544. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +203 -0
  545. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +981 -0
  546. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +137 -0
  547. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +171 -0
  548. package/lib/vendor/blamejs/lib/middleware/attach-user.js +220 -0
  549. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +293 -0
  550. package/lib/vendor/blamejs/lib/middleware/body-parser.js +1519 -0
  551. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +183 -0
  552. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +217 -0
  553. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +122 -0
  554. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +355 -0
  555. package/lib/vendor/blamejs/lib/middleware/compression.js +489 -0
  556. package/lib/vendor/blamejs/lib/middleware/cookies.js +130 -0
  557. package/lib/vendor/blamejs/lib/middleware/cors.js +386 -0
  558. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +388 -0
  559. package/lib/vendor/blamejs/lib/middleware/csp-report.js +167 -0
  560. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +499 -0
  561. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +243 -0
  562. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +304 -0
  563. package/lib/vendor/blamejs/lib/middleware/dpop.js +402 -0
  564. package/lib/vendor/blamejs/lib/middleware/error-handler.js +69 -0
  565. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +168 -0
  566. package/lib/vendor/blamejs/lib/middleware/flag-context.js +110 -0
  567. package/lib/vendor/blamejs/lib/middleware/gpc.js +153 -0
  568. package/lib/vendor/blamejs/lib/middleware/headers.js +242 -0
  569. package/lib/vendor/blamejs/lib/middleware/health.js +438 -0
  570. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +189 -0
  571. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +964 -0
  572. package/lib/vendor/blamejs/lib/middleware/index.js +183 -0
  573. package/lib/vendor/blamejs/lib/middleware/nel.js +214 -0
  574. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +237 -0
  575. package/lib/vendor/blamejs/lib/middleware/no-cache.js +106 -0
  576. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +177 -0
  577. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +277 -0
  578. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +556 -0
  579. package/lib/vendor/blamejs/lib/middleware/request-id.js +79 -0
  580. package/lib/vendor/blamejs/lib/middleware/request-log.js +205 -0
  581. package/lib/vendor/blamejs/lib/middleware/require-aal.js +138 -0
  582. package/lib/vendor/blamejs/lib/middleware/require-auth.js +144 -0
  583. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +290 -0
  584. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +113 -0
  585. package/lib/vendor/blamejs/lib/middleware/require-methods.js +97 -0
  586. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +212 -0
  587. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +226 -0
  588. package/lib/vendor/blamejs/lib/middleware/scim-server.js +375 -0
  589. package/lib/vendor/blamejs/lib/middleware/security-headers.js +285 -0
  590. package/lib/vendor/blamejs/lib/middleware/security-txt.js +170 -0
  591. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +280 -0
  592. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +323 -0
  593. package/lib/vendor/blamejs/lib/middleware/sse.js +200 -0
  594. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +167 -0
  595. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +148 -0
  596. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +749 -0
  597. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +164 -0
  598. package/lib/vendor/blamejs/lib/migration-files.js +37 -0
  599. package/lib/vendor/blamejs/lib/migrations.js +385 -0
  600. package/lib/vendor/blamejs/lib/mime-parse.js +198 -0
  601. package/lib/vendor/blamejs/lib/money.js +699 -0
  602. package/lib/vendor/blamejs/lib/mtls-ca.js +572 -0
  603. package/lib/vendor/blamejs/lib/mtls-engine-default.js +501 -0
  604. package/lib/vendor/blamejs/lib/network-byte-quota.js +308 -0
  605. package/lib/vendor/blamejs/lib/network-dns-resolver.js +533 -0
  606. package/lib/vendor/blamejs/lib/network-dns.js +1930 -0
  607. package/lib/vendor/blamejs/lib/network-heartbeat.js +425 -0
  608. package/lib/vendor/blamejs/lib/network-nts.js +574 -0
  609. package/lib/vendor/blamejs/lib/network-proxy.js +265 -0
  610. package/lib/vendor/blamejs/lib/network-smtp-policy.js +836 -0
  611. package/lib/vendor/blamejs/lib/network-tls.js +3126 -0
  612. package/lib/vendor/blamejs/lib/network.js +346 -0
  613. package/lib/vendor/blamejs/lib/nis2-report.js +181 -0
  614. package/lib/vendor/blamejs/lib/nist-crosswalk.js +293 -0
  615. package/lib/vendor/blamejs/lib/nonce-store.js +177 -0
  616. package/lib/vendor/blamejs/lib/notify.js +683 -0
  617. package/lib/vendor/blamejs/lib/ntp-check.js +458 -0
  618. package/lib/vendor/blamejs/lib/numeric-bounds.js +111 -0
  619. package/lib/vendor/blamejs/lib/numeric-checks.js +40 -0
  620. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +349 -0
  621. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +488 -0
  622. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +351 -0
  623. package/lib/vendor/blamejs/lib/object-store/gcs.js +515 -0
  624. package/lib/vendor/blamejs/lib/object-store/http-put.js +153 -0
  625. package/lib/vendor/blamejs/lib/object-store/http-request.js +38 -0
  626. package/lib/vendor/blamejs/lib/object-store/index.js +197 -0
  627. package/lib/vendor/blamejs/lib/object-store/local.js +163 -0
  628. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +1133 -0
  629. package/lib/vendor/blamejs/lib/object-store/sigv4.js +957 -0
  630. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +420 -0
  631. package/lib/vendor/blamejs/lib/observability-tracer.js +395 -0
  632. package/lib/vendor/blamejs/lib/observability.js +720 -0
  633. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +248 -0
  634. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +192 -0
  635. package/lib/vendor/blamejs/lib/openapi-security.js +169 -0
  636. package/lib/vendor/blamejs/lib/openapi-yaml.js +154 -0
  637. package/lib/vendor/blamejs/lib/openapi.js +489 -0
  638. package/lib/vendor/blamejs/lib/otel-export.js +278 -0
  639. package/lib/vendor/blamejs/lib/outbox.js +547 -0
  640. package/lib/vendor/blamejs/lib/pagination.js +542 -0
  641. package/lib/vendor/blamejs/lib/parsers/index.js +91 -0
  642. package/lib/vendor/blamejs/lib/parsers/safe-env.js +642 -0
  643. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +293 -0
  644. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +784 -0
  645. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +390 -0
  646. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +1015 -0
  647. package/lib/vendor/blamejs/lib/permissions.js +793 -0
  648. package/lib/vendor/blamejs/lib/pick.js +105 -0
  649. package/lib/vendor/blamejs/lib/pqc-agent.js +351 -0
  650. package/lib/vendor/blamejs/lib/pqc-gate.js +279 -0
  651. package/lib/vendor/blamejs/lib/pqc-software.js +271 -0
  652. package/lib/vendor/blamejs/lib/problem-details.js +482 -0
  653. package/lib/vendor/blamejs/lib/process-spawn.js +196 -0
  654. package/lib/vendor/blamejs/lib/promise-pool.js +162 -0
  655. package/lib/vendor/blamejs/lib/protobuf-encoder.js +190 -0
  656. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +161 -0
  657. package/lib/vendor/blamejs/lib/public-suffix.js +403 -0
  658. package/lib/vendor/blamejs/lib/pubsub-cluster.js +154 -0
  659. package/lib/vendor/blamejs/lib/pubsub-redis.js +167 -0
  660. package/lib/vendor/blamejs/lib/pubsub.js +463 -0
  661. package/lib/vendor/blamejs/lib/queue-local.js +476 -0
  662. package/lib/vendor/blamejs/lib/queue-redis.js +745 -0
  663. package/lib/vendor/blamejs/lib/queue-sqs.js +319 -0
  664. package/lib/vendor/blamejs/lib/queue.js +1016 -0
  665. package/lib/vendor/blamejs/lib/redact.js +1007 -0
  666. package/lib/vendor/blamejs/lib/redis-client.js +520 -0
  667. package/lib/vendor/blamejs/lib/render.js +285 -0
  668. package/lib/vendor/blamejs/lib/request-helpers.js +767 -0
  669. package/lib/vendor/blamejs/lib/resource-access-lock.js +116 -0
  670. package/lib/vendor/blamejs/lib/restore-bundle.js +340 -0
  671. package/lib/vendor/blamejs/lib/restore-rollback.js +365 -0
  672. package/lib/vendor/blamejs/lib/restore.js +409 -0
  673. package/lib/vendor/blamejs/lib/retention.js +640 -0
  674. package/lib/vendor/blamejs/lib/retry.js +523 -0
  675. package/lib/vendor/blamejs/lib/router.js +1289 -0
  676. package/lib/vendor/blamejs/lib/safe-async.js +1184 -0
  677. package/lib/vendor/blamejs/lib/safe-buffer.js +562 -0
  678. package/lib/vendor/blamejs/lib/safe-decompress.js +297 -0
  679. package/lib/vendor/blamejs/lib/safe-dns.js +665 -0
  680. package/lib/vendor/blamejs/lib/safe-ical.js +634 -0
  681. package/lib/vendor/blamejs/lib/safe-icap.js +502 -0
  682. package/lib/vendor/blamejs/lib/safe-json.js +946 -0
  683. package/lib/vendor/blamejs/lib/safe-jsonpath.js +285 -0
  684. package/lib/vendor/blamejs/lib/safe-mime.js +831 -0
  685. package/lib/vendor/blamejs/lib/safe-mount-info.js +306 -0
  686. package/lib/vendor/blamejs/lib/safe-path.js +254 -0
  687. package/lib/vendor/blamejs/lib/safe-redirect.js +106 -0
  688. package/lib/vendor/blamejs/lib/safe-schema.js +1810 -0
  689. package/lib/vendor/blamejs/lib/safe-sieve.js +684 -0
  690. package/lib/vendor/blamejs/lib/safe-smtp.js +185 -0
  691. package/lib/vendor/blamejs/lib/safe-sql.js +363 -0
  692. package/lib/vendor/blamejs/lib/safe-url.js +428 -0
  693. package/lib/vendor/blamejs/lib/safe-vcard.js +473 -0
  694. package/lib/vendor/blamejs/lib/sandbox-worker.js +135 -0
  695. package/lib/vendor/blamejs/lib/sandbox.js +358 -0
  696. package/lib/vendor/blamejs/lib/scheduler.js +827 -0
  697. package/lib/vendor/blamejs/lib/sd-notify.js +269 -0
  698. package/lib/vendor/blamejs/lib/sec-cyber.js +214 -0
  699. package/lib/vendor/blamejs/lib/security-assert.js +395 -0
  700. package/lib/vendor/blamejs/lib/seeders.js +620 -0
  701. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +309 -0
  702. package/lib/vendor/blamejs/lib/self-update.js +804 -0
  703. package/lib/vendor/blamejs/lib/server-timing.js +174 -0
  704. package/lib/vendor/blamejs/lib/session-device-binding.js +431 -0
  705. package/lib/vendor/blamejs/lib/session-stores.js +138 -0
  706. package/lib/vendor/blamejs/lib/session.js +1162 -0
  707. package/lib/vendor/blamejs/lib/slug.js +381 -0
  708. package/lib/vendor/blamejs/lib/sse.js +349 -0
  709. package/lib/vendor/blamejs/lib/ssrf-guard.js +792 -0
  710. package/lib/vendor/blamejs/lib/standard-webhooks.js +183 -0
  711. package/lib/vendor/blamejs/lib/static.js +1249 -0
  712. package/lib/vendor/blamejs/lib/storage.js +1272 -0
  713. package/lib/vendor/blamejs/lib/stream-throttle.js +235 -0
  714. package/lib/vendor/blamejs/lib/structured-fields.js +244 -0
  715. package/lib/vendor/blamejs/lib/subject.js +667 -0
  716. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +175 -0
  717. package/lib/vendor/blamejs/lib/template.js +931 -0
  718. package/lib/vendor/blamejs/lib/tenant-quota.js +545 -0
  719. package/lib/vendor/blamejs/lib/test-harness.js +275 -0
  720. package/lib/vendor/blamejs/lib/testing.js +1185 -0
  721. package/lib/vendor/blamejs/lib/time.js +578 -0
  722. package/lib/vendor/blamejs/lib/tls-exporter.js +239 -0
  723. package/lib/vendor/blamejs/lib/totp.js +318 -0
  724. package/lib/vendor/blamejs/lib/tracing.js +546 -0
  725. package/lib/vendor/blamejs/lib/uuid.js +207 -0
  726. package/lib/vendor/blamejs/lib/validate-opts.js +381 -0
  727. package/lib/vendor/blamejs/lib/vault/index.js +638 -0
  728. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +311 -0
  729. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +198 -0
  730. package/lib/vendor/blamejs/lib/vault/rotate.js +803 -0
  731. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +471 -0
  732. package/lib/vendor/blamejs/lib/vault/wrap.js +296 -0
  733. package/lib/vendor/blamejs/lib/vault-aad.js +259 -0
  734. package/lib/vendor/blamejs/lib/vendor/.vendor-data-pubkey +4 -0
  735. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +161 -0
  736. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.data.js +68 -0
  737. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.pem +33 -0
  738. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.data.js +1325 -0
  739. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.txt +10002 -0
  740. package/lib/vendor/blamejs/lib/vendor/noble-ciphers.cjs +9 -0
  741. package/lib/vendor/blamejs/lib/vendor/noble-post-quantum.cjs +18 -0
  742. package/lib/vendor/blamejs/lib/vendor/pki.cjs +181 -0
  743. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +16382 -0
  744. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +5881 -0
  745. package/lib/vendor/blamejs/lib/vendor/simplewebauthn-server.cjs +328 -0
  746. package/lib/vendor/blamejs/lib/vendor/vendor-data-pubkey.js +16 -0
  747. package/lib/vendor/blamejs/lib/vendor-data.js +520 -0
  748. package/lib/vendor/blamejs/lib/vex.js +630 -0
  749. package/lib/vendor/blamejs/lib/watcher.js +608 -0
  750. package/lib/vendor/blamejs/lib/web-push-vapid.js +322 -0
  751. package/lib/vendor/blamejs/lib/webhook.js +977 -0
  752. package/lib/vendor/blamejs/lib/websocket-channels.js +327 -0
  753. package/lib/vendor/blamejs/lib/websocket.js +1561 -0
  754. package/lib/vendor/blamejs/lib/wiki-concepts.js +338 -0
  755. package/lib/vendor/blamejs/lib/worker-pool.js +464 -0
  756. package/lib/vendor/blamejs/lib/ws-client.js +978 -0
  757. package/lib/vendor/blamejs/lib/xml-c14n.js +506 -0
  758. package/lib/vendor/blamejs/memory/specs/node-26-map-getorinsert-migration.md +164 -0
  759. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +19 -0
  760. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/README.md +88 -0
  761. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/build.sh +26 -0
  762. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/project.yaml +28 -0
  763. package/lib/vendor/blamejs/package.json +81 -0
  764. package/lib/vendor/blamejs/release-notes/v0.0.x.json +310 -0
  765. package/lib/vendor/blamejs/release-notes/v0.1.x.json +1798 -0
  766. package/lib/vendor/blamejs/release-notes/v0.10.x.json +1288 -0
  767. package/lib/vendor/blamejs/release-notes/v0.11.x.json +2551 -0
  768. package/lib/vendor/blamejs/release-notes/v0.12.0.json +64 -0
  769. package/lib/vendor/blamejs/release-notes/v0.12.1.json +32 -0
  770. package/lib/vendor/blamejs/release-notes/v0.12.2.json +45 -0
  771. package/lib/vendor/blamejs/release-notes/v0.2.x.json +706 -0
  772. package/lib/vendor/blamejs/release-notes/v0.3.x.json +786 -0
  773. package/lib/vendor/blamejs/release-notes/v0.4.x.json +588 -0
  774. package/lib/vendor/blamejs/release-notes/v0.5.x.json +390 -0
  775. package/lib/vendor/blamejs/release-notes/v0.6.x.json +1947 -0
  776. package/lib/vendor/blamejs/release-notes/v0.7.x.json +3811 -0
  777. package/lib/vendor/blamejs/release-notes/v0.8.x.json +3318 -0
  778. package/lib/vendor/blamejs/release-notes/v0.9.x.json +2257 -0
  779. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +325 -0
  780. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +62 -0
  781. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +108 -0
  782. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +83 -0
  783. package/lib/vendor/blamejs/scripts/check-services.js +483 -0
  784. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +349 -0
  785. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +216 -0
  786. package/lib/vendor/blamejs/scripts/gen-migrating.js +275 -0
  787. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +577 -0
  788. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +79 -0
  789. package/lib/vendor/blamejs/scripts/publish-dep-confusion-placeholder.sh +101 -0
  790. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +31 -0
  791. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +132 -0
  792. package/lib/vendor/blamejs/scripts/release.js +652 -0
  793. package/lib/vendor/blamejs/scripts/sha3-digest.js +62 -0
  794. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +92 -0
  795. package/lib/vendor/blamejs/scripts/test-integration.js +181 -0
  796. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +126 -0
  797. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +77 -0
  798. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +186 -0
  799. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +101 -0
  800. package/lib/vendor/blamejs/scripts/vendor-update.sh +278 -0
  801. package/lib/vendor/blamejs/test/00-primitives.js +19075 -0
  802. package/lib/vendor/blamejs/test/10-state.js +622 -0
  803. package/lib/vendor/blamejs/test/20-db.js +561 -0
  804. package/lib/vendor/blamejs/test/30-chain.js +2110 -0
  805. package/lib/vendor/blamejs/test/40-consumers.js +2453 -0
  806. package/lib/vendor/blamejs/test/50-integration.js +486 -0
  807. package/lib/vendor/blamejs/test/_helpers.js +10 -0
  808. package/lib/vendor/blamejs/test/_smoke-worker.js +69 -0
  809. package/lib/vendor/blamejs/test/fixtures/exploit-corpus/corpus.json +368 -0
  810. package/lib/vendor/blamejs/test/fixtures/http-client-stream-payload.txt +2 -0
  811. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +52 -0
  812. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +24 -0
  813. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +203 -0
  814. package/lib/vendor/blamejs/test/helpers/_shape-match.js +513 -0
  815. package/lib/vendor/blamejs/test/helpers/check.js +36 -0
  816. package/lib/vendor/blamejs/test/helpers/cluster.js +70 -0
  817. package/lib/vendor/blamejs/test/helpers/db.js +143 -0
  818. package/lib/vendor/blamejs/test/helpers/drivers.js +207 -0
  819. package/lib/vendor/blamejs/test/helpers/fs-watch.js +101 -0
  820. package/lib/vendor/blamejs/test/helpers/http.js +14 -0
  821. package/lib/vendor/blamejs/test/helpers/index.js +93 -0
  822. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +120 -0
  823. package/lib/vendor/blamejs/test/helpers/mocks.js +20 -0
  824. package/lib/vendor/blamejs/test/helpers/otel.js +13 -0
  825. package/lib/vendor/blamejs/test/helpers/services.js +380 -0
  826. package/lib/vendor/blamejs/test/helpers/wait.js +206 -0
  827. package/lib/vendor/blamejs/test/integration/cache.test.js +235 -0
  828. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +174 -0
  829. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +611 -0
  830. package/lib/vendor/blamejs/test/integration/http-client.test.js +129 -0
  831. package/lib/vendor/blamejs/test/integration/log-stream.test.js +219 -0
  832. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +181 -0
  833. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +152 -0
  834. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +161 -0
  835. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +289 -0
  836. package/lib/vendor/blamejs/test/integration/network-dns.test.js +123 -0
  837. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +101 -0
  838. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +89 -0
  839. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +403 -0
  840. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +271 -0
  841. package/lib/vendor/blamejs/test/integration/pubsub.test.js +137 -0
  842. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +352 -0
  843. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +96 -0
  844. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +98 -0
  845. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +261 -0
  846. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +230 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +211 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +59 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +136 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +219 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +69 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +266 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +262 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +390 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +174 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +279 -0
  857. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +322 -0
  858. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +227 -0
  859. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +302 -0
  860. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +150 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +44 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +150 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +50 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +96 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +76 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +1080 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +311 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +291 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +140 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +267 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +108 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +929 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +80 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +176 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +132 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +97 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +141 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +115 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +163 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +246 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +485 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +331 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +352 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +572 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +61 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +258 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +105 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +34 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +107 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +131 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +118 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +85 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +38 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +861 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +55 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +209 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +129 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +871 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +891 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +43 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +243 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +550 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +107 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +147 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +104 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +135 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +67 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +75 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +98 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +145 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +133 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +97 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +160 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +84 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +69 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +142 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +133 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +237 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +9600 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +575 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +89 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +36 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +712 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +278 -0
  925. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +97 -0
  926. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +424 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +94 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +357 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +31 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +226 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +86 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +85 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +193 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +98 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +132 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +155 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +129 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +72 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +96 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +401 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +34 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +180 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +210 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +153 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +66 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +74 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +226 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +136 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +165 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +150 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +191 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +228 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +55 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +89 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +184 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +203 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +303 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +163 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +39 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +165 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +59 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +55 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +786 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +105 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +147 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +105 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +243 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +181 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +190 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +531 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +118 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +89 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +156 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +79 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +216 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +434 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +432 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +81 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +887 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +51 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +375 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +321 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +41 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +32 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +87 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +328 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +339 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +694 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +296 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +234 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +192 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +89 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +71 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +386 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +859 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +357 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +92 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +174 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +317 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +199 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +214 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +111 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +110 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +112 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +86 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +92 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +301 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +265 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +161 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +100 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +79 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +269 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +89 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +78 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +288 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +69 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +102 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +202 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +203 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +51 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +50 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +37 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +692 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +280 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +225 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +203 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +991 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +63 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +73 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +612 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +56 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +166 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +29 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +121 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +58 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +110 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +159 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +118 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +150 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +489 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +207 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +283 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +65 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +417 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +208 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +910 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +502 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +680 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +128 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +149 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +323 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +297 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +514 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +369 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +199 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +627 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +56 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +217 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +283 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +217 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +334 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +271 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +128 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +215 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +336 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +732 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +840 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +130 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +285 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +74 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +112 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +229 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +394 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +147 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +151 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +204 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +152 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +279 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +323 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +165 -0
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +439 -0
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +202 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +155 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +112 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +224 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +278 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +376 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +89 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +200 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +106 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +133 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +372 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +635 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +128 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +130 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +179 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +447 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +369 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +21 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +42 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +98 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +707 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +142 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +72 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +597 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +190 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +877 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +257 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +522 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +216 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +324 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +546 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +153 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +94 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +195 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +62 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +93 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +68 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +138 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +174 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +197 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +232 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +178 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +322 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +266 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +300 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +338 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +75 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +246 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +130 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +335 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +170 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +93 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +34 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +52 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +67 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +535 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +128 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +163 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +170 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +248 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +451 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +289 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +206 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +104 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +339 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +180 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +78 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +123 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +95 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +77 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +257 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +249 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +228 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +238 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +92 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +700 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +67 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +85 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +107 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +175 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +816 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +168 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +302 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +93 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +247 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +295 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +142 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +952 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +441 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +330 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +233 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +105 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +319 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +148 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +283 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +67 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +266 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +487 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +773 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +173 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +180 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +66 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +89 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +571 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +190 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +119 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +522 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +151 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +168 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +275 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +105 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +35 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +81 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +280 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +93 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +277 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +252 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +149 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +92 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +661 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +308 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +144 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +674 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +360 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +302 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +349 -0
  1214. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +717 -0
  1215. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +444 -0
  1216. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +597 -0
  1217. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +308 -0
  1218. package/lib/vendor/blamejs/test/smoke.js +431 -0
  1219. package/lib/webhooks.js +305 -0
  1220. package/package.json +43 -0
package/lib/vendor/blamejs/lib/mail-server-submission.js ADDED
@@ -0,0 +1,1396 @@
1
+ "use strict";
2
+ /**
3
+ * @module b.mail.server.submission
4
+ * @nav Mail
5
+ * @title Mail Submission Server
6
+ * @order 542
7
+ *
8
+ * @intro
9
+ * Outbound SMTP submission listener per RFC 6409 (port 587) and
10
+ * RFC 8314 implicit-TLS submissions (port 465). Where the MX
11
+ * listener (`b.mail.server.mx`) accepts inbound mail from the
12
+ * internet to local mailboxes, the submission listener accepts
13
+ * outbound mail from authenticated MUAs / app-side mail-senders
14
+ * and routes it to upstream MXs via `b.mail.send`.
15
+ *
16
+ * Differences from the MX listener:
17
+ *
18
+ * - **AUTH required** — operator-supplied authenticator validates
19
+ * SASL credentials (PLAIN / LOGIN / SCRAM-SHA-256 / EXTERNAL /
20
+ * XOAUTH2). MAIL FROM is refused until AUTH succeeds.
21
+ *
22
+ * - **Identity binding** — under strict profile, `MAIL FROM:<x@y>`
23
+ * MUST match the authenticated actor's mailbox set; refused with
24
+ * 553 5.7.1 Sender address rejected. Permissive logs the
25
+ * mismatch but allows.
26
+ *
27
+ * - **TLS required for AUTH** (RFC 4954 §4) — pre-STARTTLS AUTH
28
+ * refused with 538 5.7.11 Encryption required for AUTH
29
+ * mechanism. Permissive profile allows plaintext AUTH for
30
+ * legacy operator-acknowledged downgrade.
31
+ *
32
+ * - **Implicit-TLS mode** — `implicitTls: true` wraps every
33
+ * connection in TLS from the SYN (port 465 per RFC 8314); no
34
+ * STARTTLS advertised because the connection is already secure.
35
+ *
36
+ * - **Outbound routing** — successful DATA hands off to the
37
+ * operator-supplied `agent.handoff({ ... })` for relay through
38
+ * `b.mail.send` to upstream MXs. The listener doesn't perform
39
+ * MX lookup or outbound delivery itself.
40
+ *
41
+ * ## Wire-protocol defenses (inherited from MX listener pattern)
42
+ *
43
+ * - SMTP smuggling (CVE-2023-51764 / -51765 / -51766 / 2024-32178 /
44
+ * RFC 5321 §2.3.8): every wire line through
45
+ * `b.guardSmtpCommand.validate`; DATA-body terminator scan
46
+ * through `b.safeSmtp.findDotTerminator` (strict-CRLF);
47
+ * smuggling shape detected via
48
+ * `b.guardSmtpCommand.detectBodySmuggling`.
49
+ *
50
+ * - STARTTLS-injection (CVE-2021-38371 Exim, CVE-2021-33515
51
+ * Dovecot): command buffer cleared at upgrade time.
52
+ *
53
+ * - Resource exhaustion: per-command line cap (1 KiB), DATA body
54
+ * cap (50 MiB per RFC 5321 §4.5.3.1.7), per-message recipient
55
+ * cap (100 per RFC 5321 §4.5.3.1.8), idle timeout (5 minutes
56
+ * per RFC 5321 §4.5.3.2.7).
57
+ *
58
+ * ## SMTP AUTH (RFC 4954)
59
+ *
60
+ * - Mechanisms negotiated per RFC 4422 (SASL) — the operator
61
+ * opts the list `auth.mechanisms` into the EHLO advertisement.
62
+ * - Initial-response variant `AUTH MECH <base64>` (RFC 4954 §4)
63
+ * supported.
64
+ * - Failed AUTH emits `mail.server.submission.auth_failed` with
65
+ * mechanism + reason; operator's rate-limit wired via
66
+ * `auth.rateLimit` (composes `b.middleware.rateLimit`) trips
67
+ * 421 4.7.0 Too many failed AUTH after the operator-configured
68
+ * budget.
69
+ *
70
+ * ## Audit lifecycle (in addition to the MX listener's)
71
+ *
72
+ * - `mail.server.submission.auth_attempt` — mechanism, actor-hash, remote
73
+ * - `mail.server.submission.auth_success` — mechanism, tenantId, scopes
74
+ * - `mail.server.submission.auth_failed` — mechanism, reason
75
+ * - `mail.server.submission.identity_mismatch` — auth identity vs MAIL FROM
76
+ * - `mail.server.submission.outbound_routed` — delivery agent ack
77
+ *
78
+ * ## What v1 does NOT ship
79
+ *
80
+ * - **DKIM signing pre-relay** — operator wires `b.mail.dkim.sign`
81
+ * in their outbound agent.
82
+ * - **CHUNKING (BDAT) extension** — RFC 3030 BDAT not yet
83
+ * supported on submission; clients use DATA instead.
84
+ * - **Per-actor outbound quota** — operator implements via
85
+ * `b.dailyByteQuota` against the authenticated actor.
86
+ *
87
+ * ## Composition contract
88
+ *
89
+ * Every gate is a primitive that already exists. Submission listener
90
+ * composes `b.guardSmtpCommand` (wire-protocol gate + smuggling
91
+ * defense), `b.safeSmtp` (wire-protocol parser), the operator's
92
+ * authenticator (SASL verify), `b.mail.send` (outbound MX routing),
93
+ * and the framework's TLS posture via `b.network.tls.context`.
94
+ *
95
+ * @card
96
+ * Outbound SMTP submission listener (RFC 6409 / RFC 8314). AUTH-
97
+ * required before MAIL FROM; identity-binding under strict profile;
98
+ * TLS-required-for-AUTH (RFC 4954 §4); implicit-TLS mode for
99
+ * port 465. Composes b.guardSmtpCommand + b.safeSmtp + operator
100
+ * SASL authenticator + b.mail.send for outbound routing.
101
+ */
102
+
103
+ var net = require("node:net");
104
+ var nodeTls = require("node:tls");
105
+ var lazyRequire = require("./lazy-require");
106
+ var C = require("./constants");
107
+ var bCrypto = require("./crypto");
108
+ var numericBounds = require("./numeric-bounds");
109
+ var safeAsync = require("./safe-async");
110
+ var safeBuffer = require("./safe-buffer");
111
+ var safeSmtp = require("./safe-smtp");
112
+ var validateOpts = require("./validate-opts");
113
+ var guardSmtpCommand = require("./guard-smtp-command");
114
+ var guardDomain = require("./guard-domain");
115
+ var mailServerRateLimit = require("./mail-server-rate-limit");
116
+ var mailServerTls = require("./mail-server-tls");
117
+ var { defineClass } = require("./framework-error");
118
+
119
+ var audit = lazyRequire(function () { return require("./audit"); });
120
+
121
+ var MailServerSubmissionError = defineClass("MailServerSubmissionError", { alwaysPermanent: true });
122
+
123
+ var DEFAULT_MAX_LINE_BYTES = C.BYTES.kib(1);
124
+ var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
125
+ var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // allow:raw-byte-literal — RFC 5321 §4.5.3.1.8 recipient cap
126
+ var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
127
+ var DEFAULT_GREETING = "blamejs Submission";
128
+ var DEFAULT_AUTH_MECHANISMS = Object.freeze(["PLAIN", "LOGIN"]);
129
+
130
+ var REPLY_220_READY = "220";
131
+ var REPLY_221_BYE = "221";
132
+ var REPLY_235_AUTH_OK = "235"; // allow:raw-byte-literal — SMTP AUTH success code
133
+ var REPLY_250_OK = "250";
134
+ var REPLY_334_AUTH_CHALLENGE = "334"; // allow:raw-byte-literal — SMTP AUTH challenge code
135
+ var REPLY_354_START_INPUT = "354";
136
+ var REPLY_421_SERVICE_NOT_AVAIL = "421"; // allow:raw-byte-literal — SMTP transient code
137
+ var REPLY_451_LOCAL_ERROR = "451"; // allow:raw-byte-literal — SMTP transient code
138
+ var REPLY_452_INSUFFICIENT_STG = "452"; // allow:raw-byte-literal — SMTP transient code
139
+ var REPLY_500_SYNTAX = "500"; // allow:raw-byte-literal — SMTP permanent code
140
+ var REPLY_501_BAD_ARGS = "501"; // allow:raw-byte-literal — SMTP permanent code
141
+ var REPLY_502_NOT_IMPLEMENTED = "502"; // allow:raw-byte-literal — SMTP permanent code
142
+ var REPLY_503_BAD_SEQUENCE = "503"; // allow:raw-byte-literal — SMTP permanent code
143
+ var REPLY_530_AUTH_REQUIRED = "530"; // allow:raw-byte-literal — SMTP permanent code
144
+ var REPLY_535_AUTH_FAILED = "535"; // allow:raw-byte-literal — RFC 4954 §6 AUTH refusal
145
+ var REPLY_538_AUTH_NEEDS_TLS = "538"; // allow:raw-byte-literal — RFC 4954 §4 AUTH-needs-TLS
146
+ var REPLY_550_MAILBOX_UNAVAIL = "550"; // allow:raw-byte-literal — SMTP permanent code (recipient-policy refusal shape)
147
+ var REPLY_552_SIZE_EXCEEDED = "552"; // allow:raw-byte-literal — SMTP permanent code
148
+ var REPLY_553_SENDER_REJECTED = "553"; // allow:raw-byte-literal — identity-binding mismatch
149
+ var REPLY_554_TRANSACTION_FAILED = "554"; // allow:raw-byte-literal — SMTP permanent code
150
+
151
+ var RE_MAIL_FROM = /^MAIL\s+FROM:\s*<([^>]*)>(?:\s+(.*))?$/i;
152
+ var RE_RCPT_TO = /^RCPT\s+TO:\s*<([^>]+)>(?:\s+.*)?$/i;
153
+ var RE_SIZE = /SIZE=(\d+)/i;
154
+ var RE_AUTH = /^AUTH\s+([A-Za-z0-9_-]{1,32})(?:\s+(.*))?$/i;
155
+
156
+ // Header/body boundary scanner. RFC 5322 §2.1 — header section ends
157
+ // at the first empty line (CRLF CRLF). `Buffer#indexOf` runs a
158
+ // SIMD-accelerated needle scan over the haystack without an
159
+ // interpreter-level char-by-char walk, and the 4-byte literal
160
+ // `_CRLF_CRLF` is a module-level singleton so the JIT folds it.
161
+ var _CRLF_CRLF = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a]); // allow:raw-byte-literal — RFC 5322 §2.1 header/body separator
162
+ function _findHeaderEnd(buf) {
163
+ return buf.indexOf(_CRLF_CRLF);
164
+ }
165
+
166
+ // Walk a header block and return every unfolded `DKIM-Signature:`
167
+ // value. RFC 5322 §2.2.3 / RFC 6376 §3.5 — DKIM signatures are
168
+ // permitted to fold and a message MAY carry multiple signatures.
169
+ function _extractDkimSignatures(headerBlock) {
170
+ var lines = headerBlock.replace(/\r\n/g, "\n").split("\n"); // allow:regex-no-length-cap — headerBlock length bounded by maxMessageBytes
171
+ var result = [];
172
+ var current = null;
173
+ for (var i = 0; i < lines.length; i += 1) {
174
+ var line = lines[i];
175
+ if (line.length === 0) break; // end of header block
176
+ if (line.charAt(0) === " " || line.charAt(0) === "\t") {
177
+ if (current !== null) current += " " + line.replace(/^[ \t]+/, ""); // allow:regex-no-length-cap — line length bounded by maxLineBytes // allow:duplicate-regex — RFC 5322 header continuation trim
178
+ continue;
179
+ }
180
+ if (current !== null) {
181
+ result.push(current);
182
+ current = null;
183
+ }
184
+ if (/^DKIM-Signature\s*:/i.test(line)) { // allow:regex-no-length-cap — line length bounded by maxLineBytes
185
+ current = line.slice(line.indexOf(":") + 1).replace(/^\s+/, ""); // allow:regex-no-length-cap — line length bounded by maxLineBytes // allow:duplicate-regex — leading-WS trim
186
+ }
187
+ }
188
+ if (current !== null) result.push(current);
189
+ return result;
190
+ }
191
+
192
+ // Pull the `d=` (signing domain) tag out of a DKIM-Signature value.
193
+ // RFC 6376 §3.5 — tag-list `tag=value` separated by `;`. Returns
194
+ // null if not present.
195
+ function _extractDkimDTag(sigValue) {
196
+ var tags = sigValue.split(";");
197
+ for (var i = 0; i < tags.length; i += 1) {
198
+ var t = tags[i].replace(/^\s+|\s+$/g, ""); // allow:regex-no-length-cap — tag length bounded by header line cap // allow:duplicate-regex — trim shape
199
+ if (t.length > 2 && t.charAt(0) === "d" && t.charAt(1) === "=") {
200
+ return t.slice(2).replace(/\s+/g, ""); // allow:regex-no-length-cap — value length bounded by tag length // allow:duplicate-regex — internal-WS strip
201
+ }
202
+ }
203
+ return null;
204
+ }
205
+
206
+ // Domain part of the authenticated identity, falling back to the
207
+ // envelope-sender domain when the actor doesn't carry one.
208
+ function _actorDomain(actor, mailFrom) {
209
+ if (actor && typeof actor.domain === "string" && actor.domain.length > 0) return actor.domain;
210
+ if (actor && typeof actor.id === "string" && actor.id.indexOf("@") !== -1) {
211
+ return actor.id.slice(actor.id.lastIndexOf("@") + 1);
212
+ }
213
+ if (typeof mailFrom === "string" && mailFrom.indexOf("@") !== -1) {
214
+ return mailFrom.slice(mailFrom.lastIndexOf("@") + 1);
215
+ }
216
+ return null;
217
+ }
218
+
219
+ /**
220
+ * @primitive b.mail.server.submission.create
221
+ * @signature b.mail.server.submission.create(opts)
222
+ * @since 0.9.47
223
+ * @status stable
224
+ * @related b.mail.server.mx.create, b.guardSmtpCommand.detectBodySmuggling, b.safeSmtp.findDotTerminator
225
+ *
226
+ * Build the submission listener. Returns
227
+ * `{ listen({ port?, address? }), close({ timeoutMs? }),
228
+ * connectionCount(), _portForTest() }`.
229
+ *
230
+ * @opts
231
+ * tlsContext: TlsContext, // required — b.network.tls.context() output
232
+ * implicitTls: boolean, // wrap connection in TLS from the SYN (port 465); default false
233
+ * greeting: string, // EHLO/220 banner; default "blamejs Submission"
234
+ * auth: object, // SASL config (required unless permissive profile)
235
+ * mechanisms: string[], // SASL mechs to advertise; default ["PLAIN","LOGIN"]
236
+ * verify: function, // async (mechanism, credentials) => { ok, actor }
237
+ * rateLimit: object, // optional b.middleware.rateLimit instance for failure budget
238
+ * agent: object, // outbound delivery handoff (handoff({ ... }) → ack)
239
+ * identityBinding: "strict" | "permissive", // MAIL FROM must match auth identity (default strict)
240
+ * maxLineBytes: number, // default 1 KiB
241
+ * maxMessageBytes: number, // default 50 MiB
242
+ * maxRcptsPerMessage: number, // default 100
243
+ * idleTimeoutMs: number, // default 5 minutes
244
+ * profile: string, // "strict" | "balanced" | "permissive"; default "strict"
245
+ *
246
+ * @example
247
+ * var tls = b.network.tls.context({ cert: certPem, key: keyPem });
248
+ * var server = b.mail.server.submission.create({
249
+ * tlsContext: tls,
250
+ * greeting: "smtp.example.com Submission blamejs",
251
+ * auth: {
252
+ * mechanisms: ["PLAIN", "SCRAM-SHA-256"],
253
+ * verify: async function (mech, creds) {
254
+ * var actor = await myAuthService.verify(mech, creds);
255
+ * return actor ? { ok: true, actor: actor } : { ok: false };
256
+ * },
257
+ * },
258
+ * agent: b.mail.agent.create({ outboundSend: b.mail.send }),
259
+ * });
260
+ * await server.listen({ port: 587 });
261
+ */
262
+ function create(opts) {
263
+ validateOpts.requireObject(opts, "mail.server.submission.create",
264
+ MailServerSubmissionError, "mail-server-submission/bad-opts");
265
+ if (!opts.tlsContext) {
266
+ throw new MailServerSubmissionError("mail-server-submission/no-tls-context",
267
+ "mail.server.submission.create: tlsContext is required");
268
+ }
269
+ // b.agent.tenant shape validation at create() time — a malformed
270
+ // scope object would refuse every auth as cross-tenant, masking the
271
+ // configuration error as an auth outage.
272
+ if (opts.tenantScope && typeof opts.tenantScope.check !== "function") {
273
+ throw new MailServerSubmissionError("mail-server-submission/bad-tenant-scope",
274
+ "create: opts.tenantScope must be a b.agent.tenant.create() instance " +
275
+ "(missing .check); a malformed scope would refuse every auth as cross-tenant");
276
+ }
277
+ if (opts.tenantScope && !opts.agentTenantId) {
278
+ throw new MailServerSubmissionError("mail-server-submission/no-agent-tenant-id",
279
+ "create: opts.tenantScope requires opts.agentTenantId");
280
+ }
281
+ numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
282
+ ["maxLineBytes", "maxMessageBytes", "maxRcptsPerMessage", "idleTimeoutMs"],
283
+ "mail.server.submission.", MailServerSubmissionError, "mail-server-submission/bad-bound");
284
+
285
+ var profile = opts.profile || "strict";
286
+ // SMTPUTF8 (RFC 6531) — single switch threaded end-to-end into
287
+ // `guardSmtpCommand.validate`. Defaults `false`; submission
288
+ // operators that accept EAI envelopes flip this `true`.
289
+ var allowSmtpUtf8 = opts.allowSmtpUtf8 === true;
290
+
291
+ // Outbound DKIM-required gate (Yahoo / Google 2024 bulk-sender
292
+ // alignment + RFC 6376 §1). Under `strict` profile the listener
293
+ // refuses outbound DATA that doesn't carry at least one
294
+ // `DKIM-Signature:` header; `dkimRequireMode` chooses whether the
295
+ // signer must match the authenticated identity's domain (`self`)
296
+ // or just be present (`any`). Operators that act as a smarthost
297
+ // relay for downstream MTAs that DKIM-sign themselves want `any`;
298
+ // primary senders want `self`. Default-off outside strict so
299
+ // unauthenticated `permissive` profiles don't break.
300
+ var requireDkim = opts.requireDkim === undefined
301
+ ? (profile === "strict")
302
+ : opts.requireDkim === true;
303
+ var dkimRequireMode = opts.dkimRequireMode || "any";
304
+ if (dkimRequireMode !== "self" && dkimRequireMode !== "any" && dkimRequireMode !== "off") {
305
+ throw new MailServerSubmissionError("mail-server-submission/bad-dkim-require-mode",
306
+ "mail.server.submission.create: dkimRequireMode must be 'self', 'any', or 'off' (got '" +
307
+ dkimRequireMode + "')");
308
+ }
309
+ if (dkimRequireMode === "off") requireDkim = false;
310
+
311
+ if (profile !== "permissive" && !opts.auth) {
312
+ throw new MailServerSubmissionError("mail-server-submission/no-auth",
313
+ "mail.server.submission.create: opts.auth required under strict / balanced profiles " +
314
+ "(submission listener is authenticated by design; opt down to 'permissive' for legacy plaintext)");
315
+ }
316
+ if (opts.auth) {
317
+ if (typeof opts.auth.verify !== "function") {
318
+ throw new MailServerSubmissionError("mail-server-submission/bad-auth",
319
+ "mail.server.submission.create: opts.auth.verify must be an async function (mechanism, credentials) => { ok, actor }");
320
+ }
321
+ if (opts.auth.mechanisms !== undefined &&
322
+ (!Array.isArray(opts.auth.mechanisms) || opts.auth.mechanisms.length === 0)) {
323
+ throw new MailServerSubmissionError("mail-server-submission/bad-auth",
324
+ "mail.server.submission.create: opts.auth.mechanisms must be a non-empty array if provided");
325
+ }
326
+ }
327
+
328
+ var greeting = opts.greeting || DEFAULT_GREETING;
329
+ var maxLineBytes = opts.maxLineBytes || DEFAULT_MAX_LINE_BYTES;
330
+ var maxMessageBytes = opts.maxMessageBytes || DEFAULT_MAX_MESSAGE_BYTES;
331
+ var maxRcptsPerMsg = opts.maxRcptsPerMessage || DEFAULT_MAX_RCPTS_PER_MESSAGE;
332
+ var idleTimeoutMs = opts.idleTimeoutMs || DEFAULT_IDLE_TIMEOUT_MS;
333
+ var authConfig = opts.auth || null;
334
+ var authMechanisms = authConfig && authConfig.mechanisms
335
+ ? authConfig.mechanisms.map(function (m) { return String(m).toUpperCase(); })
336
+ : DEFAULT_AUTH_MECHANISMS.slice();
337
+ var identityBinding = opts.identityBinding || "strict";
338
+ var implicitTls = opts.implicitTls === true;
339
+
340
+ // Default-on per-IP rate limit (see lib/mail-server-rate-limit.js).
341
+ // Operators pass `rateLimit: false` to disable, a rate-limit handle
342
+ // to share across listeners, or an opts object to override defaults.
343
+ var rateLimit;
344
+ if (opts.rateLimit === false) {
345
+ rateLimit = mailServerRateLimit.create({ disabled: true });
346
+ } else if (opts.rateLimit && typeof opts.rateLimit.admitConnection === "function") {
347
+ rateLimit = opts.rateLimit;
348
+ } else {
349
+ rateLimit = mailServerRateLimit.create(opts.rateLimit || {});
350
+ }
351
+
352
+ // Default-on guardDomain hardening for HELO / MAIL FROM / RCPT TO.
353
+ // Same posture as mail-server-mx — IDN homograph (CVE-2017-5469
354
+ // class), special-use-domain refusal (RFC 6761), label-length cap
355
+ // (RFC 1035 §2.3.4), bare-IP-as-domain refusal (CVE-2021-22931
356
+ // class). Operators with a closed-network deployment pass
357
+ // `guardDomain: false` to skip; the default keeps protection on.
358
+ var guardDomainProfile;
359
+ if (opts.guardDomain === false) {
360
+ guardDomainProfile = null;
361
+ } else {
362
+ guardDomainProfile = guardDomain.buildProfile({
363
+ profile: opts.guardDomain && typeof opts.guardDomain === "object"
364
+ ? (opts.guardDomain.profile || profile)
365
+ : profile,
366
+ });
367
+ }
368
+ function _validateDomainHardened(d, label) {
369
+ if (!guardDomainProfile) return { ok: true };
370
+ var verdict = guardDomain.validate(d, guardDomainProfile);
371
+ if (!verdict.ok) {
372
+ _emit("mail.server.submission.domain_refused", {
373
+ reason: verdict.issues && verdict.issues[0] && verdict.issues[0].kind,
374
+ domain: d,
375
+ label: label,
376
+ }, "denied");
377
+ }
378
+ return verdict;
379
+ }
380
+
381
+ var tcpServer = null;
382
+ var listening = false;
383
+ var connections = new Set();
384
+
385
+ function _emit(action, metadata, outcome) {
386
+ try {
387
+ audit().safeEmit({
388
+ action: action,
389
+ outcome: outcome || "success",
390
+ metadata: metadata || {},
391
+ });
392
+ } catch (_e) { /* drop-silent */ }
393
+ }
394
+
395
+ function _handleConnection(rawSocket) {
396
+ var remoteAddress = rawSocket.remoteAddress || "0.0.0.0";
397
+ var admit = rateLimit.admitConnection(remoteAddress);
398
+ if (!admit.ok) {
399
+ // 421 4.7.0 — transient; sender retries elsewhere.
400
+ _emit("mail.server.submission.rate_limit_refused",
401
+ { remoteAddress: remoteAddress, reason: admit.reason }, "denied");
402
+ try {
403
+ rawSocket.write("421 4.7.0 Too many connections from your IP\r\n");
404
+ } catch (_e) { /* socket may already be torn down */ }
405
+ try { rawSocket.destroy(); } catch (_e2) { /* idempotent */ }
406
+ return;
407
+ }
408
+ rawSocket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
409
+
410
+ var connectionId = "submitconn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
411
+ var socket = implicitTls
412
+ ? new nodeTls.TLSSocket(rawSocket, { isServer: true, secureContext: opts.tlsContext })
413
+ : rawSocket;
414
+ connections.add(socket);
415
+
416
+ var state = {
417
+ id: connectionId,
418
+ remoteAddress: remoteAddress,
419
+ remotePort: rawSocket.remotePort || null,
420
+ tls: implicitTls,
421
+ stage: "connect",
422
+ helo: null,
423
+ authenticated: false,
424
+ actor: null,
425
+ mailFrom: null,
426
+ rcpts: [],
427
+ // Pending AUTH state (multi-step mechanisms).
428
+ authPending: null,
429
+ };
430
+
431
+ // RAW byte buffer — NOT a string. The BDAT-CHUNKING path (RFC 3030)
432
+ // requires lossless byte preservation when the BDAT command line +
433
+ // payload arrive in the same TCP segment, and DATA-body 8BITMIME
434
+ // payloads can contain bytes that are invalid UTF-8. Decoding the
435
+ // socket-bytes through a string layer replaces invalid sequences
436
+ // with U+FFFD and corrupts the body. Keep the raw bytes; decode to
437
+ // string only for the per-command parse.
438
+ var lineBuffer = Buffer.alloc(0);
439
+ var bodyCollector = null;
440
+ var inDataBody = false;
441
+ // RFC 3030 CHUNKING — state for the BDAT command. `bdatCollector`
442
+ // accumulates the message body across multiple BDAT chunks; it lives
443
+ // for the lifetime of the SMTP transaction (i.e., between MAIL FROM
444
+ // and the BDAT ... LAST that finalises). `bdatRemaining` counts down
445
+ // bytes still owed by the current BDAT chunk; `bdatIsLast` flags
446
+ // whether the current chunk is the terminator.
447
+ var inBdatChunk = false;
448
+ var bdatRemaining = 0;
449
+ var bdatIsLast = false;
450
+ var bdatCollector = null;
451
+ var bdatTotalBytes = 0;
452
+
453
+ socket.setTimeout(idleTimeoutMs);
454
+ socket.on("timeout", function () {
455
+ _writeReply(socket, REPLY_421_SERVICE_NOT_AVAIL, "4.4.2 Idle timeout");
456
+ _closeConnection(socket);
457
+ });
458
+ socket.on("error", function (err) {
459
+ _emit("mail.server.submission.socket_error",
460
+ { connectionId: state.id, code: (err && err.code) || "unknown" }, "warning");
461
+ _closeConnection(socket);
462
+ });
463
+ socket.on("close", function () { connections.delete(socket); });
464
+
465
+ _emit("mail.server.submission.connect", {
466
+ connectionId: state.id,
467
+ remoteAddress: state.remoteAddress,
468
+ remotePort: state.remotePort,
469
+ tls: state.tls,
470
+ });
471
+
472
+ _writeReply(socket, REPLY_220_READY, greeting + " ready");
473
+
474
+ socket.on("data", function (chunk) {
475
+ try { _ingestBytes(state, socket, chunk); }
476
+ catch (err) {
477
+ _emit("mail.server.submission.handler_threw",
478
+ { connectionId: state.id, error: (err && err.message) || String(err) }, "failure");
479
+ try { _writeReply(socket, REPLY_421_SERVICE_NOT_AVAIL, "4.3.0 Server error"); }
480
+ catch (_e) { /* socket already gone */ }
481
+ _closeConnection(socket);
482
+ }
483
+ });
484
+
485
+ function _ingestBytes(state, socket, chunk) {
486
+ // RFC 3030 — when a BDAT chunk is in progress we consume exactly
487
+ // `bdatRemaining` bytes off the wire, no dot-stuffing, no end-of-
488
+ // data marker. Any excess bytes in the chunk after the BDAT
489
+ // payload completes get fed back through the command line buffer
490
+ // (typical when a pipelined `BDAT N LAST\r\n<payload>\r\nNOOP\r\n`
491
+ // arrives in a single TCP segment).
492
+ if (inBdatChunk) {
493
+ var consumeN = Math.min(chunk.length, bdatRemaining);
494
+ var consumed = chunk.subarray(0, consumeN);
495
+ try { bdatCollector.push(consumed); }
496
+ catch (_e) {
497
+ _emit("mail.server.submission.bdat_refused",
498
+ { connectionId: state.id, reason: "body-too-large", maxBytes: maxMessageBytes },
499
+ "denied");
500
+ _writeReply(socket, REPLY_552_SIZE_EXCEEDED,
501
+ "5.3.4 BDAT body exceeds maxMessageBytes (" + maxMessageBytes + " bytes)");
502
+ _resetTransaction(state);
503
+ inBdatChunk = false; bdatCollector = null; bdatRemaining = 0; bdatTotalBytes = 0;
504
+ return;
505
+ }
506
+ bdatRemaining -= consumeN;
507
+ bdatTotalBytes += consumeN;
508
+ if (bdatRemaining === 0) {
509
+ var wasLast = bdatIsLast;
510
+ inBdatChunk = false;
511
+ if (wasLast) {
512
+ // RFC 3030 §2.2 — ONE reply per BDAT command. When LAST,
513
+ // the single reply is the "message queued" finalize reply
514
+ // (emitted from _finalizeAcceptedBody), not the per-chunk
515
+ // "<N> octets received" reply. Emitting both would
516
+ // desynchronise the client (the second 250 would be
517
+ // consumed as the response to the next command).
518
+ // No dot-unstuff for BDAT — RFC 3030 §3 explicitly defines
519
+ // BDAT payloads as opaque byte streams.
520
+ var bdatBody = bdatCollector.result();
521
+ bdatCollector = null;
522
+ bdatTotalBytes = 0;
523
+ _finalizeAcceptedBody(state, socket, bdatBody, "BDAT");
524
+ } else {
525
+ // Non-final chunk — per-chunk acknowledgement only.
526
+ _writeReply(socket, REPLY_250_OK,
527
+ "2.0.0 " + bdatTotalBytes + " octets received");
528
+ }
529
+ // Any tail bytes after this BDAT chunk get re-fed as commands.
530
+ if (consumeN < chunk.length) {
531
+ var tail = chunk.subarray(consumeN);
532
+ _ingestBytes(state, socket, tail);
533
+ }
534
+ }
535
+ return;
536
+ }
537
+ if (inDataBody) {
538
+ try { bodyCollector.push(chunk); }
539
+ catch (_e) {
540
+ _emit("mail.server.submission.data_refused",
541
+ { connectionId: state.id, reason: "body-too-large", maxBytes: maxMessageBytes },
542
+ "denied");
543
+ _writeReply(socket, REPLY_552_SIZE_EXCEEDED,
544
+ "5.3.4 Message size exceeds fixed maximum (" + maxMessageBytes + " bytes)");
545
+ _resetTransaction(state);
546
+ inDataBody = false; bodyCollector = null;
547
+ return;
548
+ }
549
+ var collected = bodyCollector.result();
550
+ if (guardSmtpCommand.detectBodySmuggling(collected)) {
551
+ _emit("mail.server.submission.smtp_smuggling_detected",
552
+ { connectionId: state.id, mailFrom: state.mailFrom, rcptCount: state.rcpts.length },
553
+ "denied");
554
+ _writeReply(socket, REPLY_554_TRANSACTION_FAILED,
555
+ "5.7.0 Bare-LF in DATA body refused (RFC 5321 §2.3.8; CVE-2023-51764 SMTP smuggling)");
556
+ _resetTransaction(state);
557
+ inDataBody = false; bodyCollector = null;
558
+ return;
559
+ }
560
+ var endIdx = safeSmtp.findDotTerminator(collected);
561
+ if (endIdx !== -1) {
562
+ var body = collected.subarray(0, endIdx);
563
+ // DATA path dot-unstuffs here; BDAT path skips this step.
564
+ var dedotted = safeSmtp.dotUnstuff(body);
565
+ _finalizeAcceptedBody(state, socket, dedotted, "DATA");
566
+ inDataBody = false; bodyCollector = null;
567
+ }
568
+ return;
569
+ }
570
+
571
+ lineBuffer = lineBuffer.length === 0 ? chunk : Buffer.concat([lineBuffer, chunk]);
572
+ if (lineBuffer.length > maxLineBytes * 4) {
573
+ _writeReply(socket, REPLY_500_SYNTAX,
574
+ "5.5.6 Line too long (>" + maxLineBytes + " bytes)");
575
+ _closeConnection(socket);
576
+ return;
577
+ }
578
+ var crlf;
579
+ var crlfNeedle = Buffer.from("\r\n", "ascii");
580
+ while ((crlf = lineBuffer.indexOf(crlfNeedle)) !== -1) {
581
+ // Decode just the per-command line to a string — keeps the
582
+ // wire-protocol parser working in UTF-8 while leaving the
583
+ // RAW lineBuffer intact for any binary payload that follows.
584
+ var line = lineBuffer.subarray(0, crlf).toString("utf8");
585
+ lineBuffer = lineBuffer.subarray(crlf + 2);
586
+ _handleCommand(state, socket, line);
587
+ if (inDataBody) return;
588
+ if (inBdatChunk) {
589
+ // RFC 3030 — `BDAT <N> [LAST]\r\n` is immediately followed by
590
+ // exactly <N> raw bytes (no dot-stuffing, no terminator). When
591
+ // those bytes arrived in the SAME TCP segment as the BDAT
592
+ // command, drain them straight from the raw byte buffer
593
+ // (NOT through a UTF-8 string round-trip — would corrupt
594
+ // 8-bit / binary payloads).
595
+ if (lineBuffer.length > 0) {
596
+ var pendingBytes = lineBuffer;
597
+ lineBuffer = Buffer.alloc(0);
598
+ _ingestBytes(state, socket, pendingBytes);
599
+ }
600
+ return;
601
+ }
602
+ }
603
+ }
604
+
605
+ function _handleCommand(state, socket, line) {
606
+ // Pending multi-step AUTH challenge — operator-supplied
607
+ // mechanism may need additional roundtrips. We delegate to
608
+ // authConfig.verify with the new client response.
609
+ if (state.authPending) {
610
+ return _continueAuthExchange(state, socket, line);
611
+ }
612
+
613
+ // guardSmtpCommand check (smuggling + shape).
614
+ try {
615
+ guardSmtpCommand.validate(line, {
616
+ profile: profile,
617
+ maxLineBytes: maxLineBytes,
618
+ allowSmtpUtf8: allowSmtpUtf8,
619
+ });
620
+ } catch (err) {
621
+ if (err.code === "guard-smtp-command/bare-lf" ||
622
+ err.code === "guard-smtp-command/bare-cr" ||
623
+ err.code === "guard-smtp-command/nul-byte") {
624
+ _emit("mail.server.submission.smtp_smuggling_detected",
625
+ { connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // allow:raw-byte-literal — audit-log line truncation
626
+ "denied");
627
+ }
628
+ _writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Syntax error (" + (err.code || "bad-line") + ")");
629
+ return;
630
+ }
631
+
632
+ var verb = line.split(/\s+/)[0].toUpperCase();
633
+ switch (verb) {
634
+ case "EHLO":
635
+ case "HELO":
636
+ return _handleEhlo(state, socket, line, verb);
637
+ case "STARTTLS":
638
+ return _handleStartTls(state, socket);
639
+ case "AUTH":
640
+ return _handleAuth(state, socket, line);
641
+ case "MAIL":
642
+ return _handleMailFrom(state, socket, line);
643
+ case "RCPT":
644
+ return _handleRcptTo(state, socket, line);
645
+ case "DATA":
646
+ return _handleData(state, socket);
647
+ case "BDAT":
648
+ return _handleBdat(state, socket, line);
649
+ case "NOOP":
650
+ return _writeReply(socket, REPLY_250_OK, "2.0.0 OK");
651
+ case "RSET":
652
+ _resetTransaction(state);
653
+ return _writeReply(socket, REPLY_250_OK, "2.0.0 Reset");
654
+ case "QUIT":
655
+ _writeReply(socket, REPLY_221_BYE, "2.0.0 Bye");
656
+ return _closeConnection(socket);
657
+ case "VRFY":
658
+ case "EXPN":
659
+ return _writeReply(socket, REPLY_502_NOT_IMPLEMENTED, "5.5.1 Command not implemented");
660
+ default:
661
+ _writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Unknown command");
662
+ }
663
+ }
664
+
665
+ function _handleEhlo(state, socket, line, verb) {
666
+ var helo = line.slice(verb.length).trim();
667
+ if (!helo) {
668
+ _writeReply(socket, REPLY_501_BAD_ARGS, "5.5.4 " + verb + " requires a domain argument");
669
+ return;
670
+ }
671
+ // Skip guardDomain on address literals (RFC 5321 §4.1.3 valid
672
+ // bracket-form; already constrained by b.guardSmtpCommand).
673
+ // Bare-IP refused — CVE-2021-22931 class.
674
+ if (helo[0] !== "[" && guardDomainProfile) {
675
+ var __heloVerdict = _validateDomainHardened(helo, "helo");
676
+ if (!__heloVerdict.ok) {
677
+ _writeReply(socket, REPLY_501_BAD_ARGS,
678
+ "5.5.4 " + verb + " domain refused (" +
679
+ (__heloVerdict.issues && __heloVerdict.issues[0] && __heloVerdict.issues[0].kind) + ")");
680
+ return;
681
+ }
682
+ }
683
+ state.helo = helo;
684
+ state.stage = "ehlo";
685
+ if (verb === "EHLO") {
686
+ var caps = ["PIPELINING", "SIZE " + maxMessageBytes, "8BITMIME", "ENHANCEDSTATUSCODES", "CHUNKING"];
687
+ // STARTTLS advertised only on explicit-STARTTLS port (587),
688
+ // not on implicit-TLS (465 already wrapped). RFC 8314 §3.3.
689
+ if (!state.tls && !implicitTls) caps.unshift("STARTTLS");
690
+ // AUTH advertised only when authConfig wired AND we're on a
691
+ // TLS-protected connection (or operator opted to permissive).
692
+ if (authConfig && (state.tls || profile === "permissive")) {
693
+ caps.push("AUTH " + authMechanisms.join(" "));
694
+ }
695
+ var lines = [greeting + " greets " + helo];
696
+ for (var i = 0; i < caps.length; i += 1) lines.push(caps[i]);
697
+ _writeMultiline(socket, REPLY_250_OK, lines);
698
+ } else {
699
+ _writeReply(socket, REPLY_250_OK, greeting + " greets " + helo);
700
+ }
701
+ _emit("mail.server.submission.helo",
702
+ { connectionId: state.id, verb: verb, helo: helo, tls: state.tls });
703
+ }
704
+
705
+ function _handleStartTls(state, socket) {
706
+ if (state.tls) {
707
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 TLS already active");
708
+ return;
709
+ }
710
+ if (implicitTls) {
711
+ _writeReply(socket, REPLY_502_NOT_IMPLEMENTED,
712
+ "5.5.1 STARTTLS not available on implicit-TLS port (RFC 8314)");
713
+ return;
714
+ }
715
+ _writeReply(socket, REPLY_220_READY, "2.0.0 Ready to start TLS");
716
+ // CVE-2021-38371 (Exim) / CVE-2021-33515 (Dovecot) STARTTLS-
717
+ // injection defense: clear the pre-handshake command buffer +
718
+ // body collector AND strip the plain-socket "data" listener
719
+ // before wrapping in TLSSocket so bytes the peer pipelined
720
+ // pre-handshake cannot reach the post-TLS state machine.
721
+ lineBuffer = Buffer.alloc(0); bodyCollector = null; inDataBody = false;
722
+ // BDAT-side state cleared on STARTTLS upgrade too — same threat
723
+ // model as CVE-2021-38371 (Exim) / CVE-2021-33515 (Dovecot):
724
+ // pre-handshake bytes the peer pipelined MUST NOT reach the
725
+ // post-TLS state machine via the BDAT collector either.
726
+ inBdatChunk = false; bdatRemaining = 0; bdatCollector = null; bdatTotalBytes = 0;
727
+ mailServerTls.upgradeSocket({
728
+ plainSocket: socket,
729
+ secureContext: opts.tlsContext,
730
+ idleTimeoutMs: idleTimeoutMs,
731
+ onSecure: function (_tlsSocket) {
732
+ state.tls = true; state.stage = "ehlo"; state.helo = null;
733
+ // Authenticated state SURVIVES STARTTLS upgrade — credentials
734
+ // verified pre-STARTTLS under permissive remain valid post-
735
+ // STARTTLS. Operator opts down to permissive only with this
736
+ // tradeoff acknowledged.
737
+ },
738
+ onData: function (tlsSocket, chunk) {
739
+ try { _ingestBytes(state, tlsSocket, chunk); }
740
+ catch (err) {
741
+ _emit("mail.server.submission.handler_threw",
742
+ { connectionId: state.id, error: (err && err.message) || String(err) }, "failure");
743
+ _closeConnection(tlsSocket);
744
+ }
745
+ },
746
+ onError: function (err) {
747
+ _emit("mail.server.submission.tls_handshake_failed",
748
+ { connectionId: state.id, code: (err && err.code) || "unknown" }, "failure");
749
+ _closeConnection(socket);
750
+ },
751
+ onTimeout: function (tlsSocket) {
752
+ _writeReply(tlsSocket, REPLY_421_SERVICE_NOT_AVAIL, "4.4.2 Idle timeout");
753
+ _closeConnection(tlsSocket);
754
+ },
755
+ });
756
+ }
757
+
758
+ function _handleAuth(state, socket, line) {
759
+ if (!authConfig) {
760
+ _writeReply(socket, REPLY_502_NOT_IMPLEMENTED, "5.5.1 AUTH not configured on this listener");
761
+ return;
762
+ }
763
+ if (!state.tls && profile !== "permissive") {
764
+ // RFC 4954 §4 — AUTH MUST NOT be advertised or accepted on
765
+ // unencrypted connections (strict + balanced enforce; permissive
766
+ // opts down).
767
+ _writeReply(socket, REPLY_538_AUTH_NEEDS_TLS,
768
+ "5.7.11 Encryption required for AUTH (RFC 4954 §4)");
769
+ return;
770
+ }
771
+ if (!state.tls && profile === "permissive") {
772
+ // Permissive profile accepts cleartext AUTH for legacy
773
+ // operator-acknowledged downgrade per RFC 4954 §4 commentary,
774
+ // but the operator MUST see the event in the audit trail so
775
+ // a downgraded posture is visible without sniffing the wire.
776
+ // Emits before the verify call so a credential exposure on the
777
+ // cleartext channel is still attributed in the audit timeline.
778
+ _emit("mail.server.submission.auth_cleartext_accepted",
779
+ { connectionId: state.id, remoteAddress: state.remoteAddress,
780
+ profile: profile }, "warning");
781
+ }
782
+ if (state.authenticated) {
783
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 Already authenticated");
784
+ return;
785
+ }
786
+ // Per-IP AUTH-failure budget — credential-stuffing class
787
+ // defense. Refuse new AUTH attempts when the rolling 15-min
788
+ // failure count for this IP has tripped the cap. 421 4.7.0 is
789
+ // transient; the sender either backs off or retries from a
790
+ // different IP (the desired behavior on a stuffing attack —
791
+ // shifts the attacker workload onto IP rotation).
792
+ var authAdmit = rateLimit.checkAuthAdmit(state.remoteAddress);
793
+ if (!authAdmit.ok) {
794
+ _emit("mail.server.submission.auth_rate_limit_refused",
795
+ { connectionId: state.id, remoteAddress: state.remoteAddress,
796
+ reason: authAdmit.reason }, "denied");
797
+ _writeReply(socket, REPLY_421_SERVICE_NOT_AVAIL,
798
+ "4.7.0 Too many AUTH failures from your IP");
799
+ _closeConnection(socket);
800
+ return;
801
+ }
802
+ var match = line.match(RE_AUTH);
803
+ if (!match) {
804
+ _writeReply(socket, REPLY_501_BAD_ARGS,
805
+ "5.5.4 Syntax: AUTH <SASL-mechanism> [<initial-response>] (RFC 4954)");
806
+ return;
807
+ }
808
+ var mech = match[1].toUpperCase();
809
+ var initial = match[2] || null;
810
+ if (authMechanisms.indexOf(mech) === -1) {
811
+ _writeReply(socket, REPLY_535_AUTH_FAILED,
812
+ "5.7.8 Mechanism '" + mech + "' not advertised");
813
+ return;
814
+ }
815
+ _emit("mail.server.submission.auth_attempt",
816
+ { connectionId: state.id, mechanism: mech, remoteAddress: state.remoteAddress });
817
+
818
+ // For PLAIN / LOGIN / EXTERNAL the verify call is single-step.
819
+ // SCRAM-SHA-256 / GS2-* family use multi-step challenges; the
820
+ // operator's verify returns { ok, actor, challenge, pending }
821
+ // — when `pending: true` we send 334 + the challenge and wait
822
+ // for the client response.
823
+ state.authPending = { mechanism: mech, step: 0 };
824
+ _runAuthStep(state, socket, initial);
825
+ }
826
+
827
+ function _continueAuthExchange(state, socket, line) {
828
+ _runAuthStep(state, socket, line.trim());
829
+ }
830
+
831
+ function _runAuthStep(state, socket, clientResponse) {
832
+ Promise.resolve()
833
+ .then(function () {
834
+ return authConfig.verify(state.authPending.mechanism, {
835
+ step: state.authPending.step,
836
+ clientResponse: clientResponse,
837
+ tls: state.tls,
838
+ remoteAddress: state.remoteAddress,
839
+ });
840
+ })
841
+ .then(function (result) {
842
+ state.authPending.step += 1;
843
+ if (result && result.pending && typeof result.challenge === "string") {
844
+ _writeReply(socket, REPLY_334_AUTH_CHALLENGE, result.challenge);
845
+ return;
846
+ }
847
+ if (result && result.ok === true && result.actor) {
848
+ // Capture the mechanism BEFORE nulling authPending — the
849
+ // audit event reports the mechanism that produced the
850
+ // successful verify, not whatever state.authPending happens
851
+ // to be at the post-null read (which is always null).
852
+ var successfulMechanism = state.authPending && state.authPending.mechanism;
853
+ // b.agent.tenant gate (v0.10.12). When the listener is
854
+ // wired with `opts.tenantScope` + `opts.agentTenantId`,
855
+ // every authenticated actor must belong to the listener's
856
+ // tenant. Cross-tenant authentication surfaces here as a
857
+ // `535 5.7.0` refusal — the actor never reaches authenticated
858
+ // state, mail submission never begins under the wrong tenant.
859
+ if (opts.tenantScope && opts.agentTenantId) {
860
+ try { opts.tenantScope.check(result.actor, opts.agentTenantId); }
861
+ catch (tenantErr) {
862
+ state.authPending = null;
863
+ _emit("mail.server.submission.cross_tenant_refused",
864
+ { connectionId: state.id,
865
+ actorTenant: (result.actor && result.actor.tenantId) || null,
866
+ agentTenant: opts.agentTenantId,
867
+ code: (tenantErr && tenantErr.code) || null },
868
+ "denied");
869
+ _writeReply(socket, REPLY_535_AUTH_FAILED,
870
+ "5.7.0 Authentication rejected (cross-tenant)");
871
+ return;
872
+ }
873
+ }
874
+ state.authenticated = true;
875
+ state.actor = result.actor;
876
+ state.authPending = null;
877
+ _emit("mail.server.submission.auth_success", {
878
+ connectionId: state.id,
879
+ mechanism: successfulMechanism,
880
+ tenantId: result.actor.tenantId || null,
881
+ scopes: Array.isArray(result.actor.scopes) ? result.actor.scopes : [],
882
+ });
883
+ _writeReply(socket, REPLY_235_AUTH_OK, "2.7.0 Authentication successful");
884
+ return;
885
+ }
886
+ state.authPending = null;
887
+ rateLimit.noteAuthFailure(state.remoteAddress);
888
+ _emit("mail.server.submission.auth_failed", {
889
+ connectionId: state.id, reason: (result && result.reason) || "verify-returned-fail",
890
+ }, "denied");
891
+ _writeReply(socket, REPLY_535_AUTH_FAILED, "5.7.8 Authentication credentials invalid");
892
+ })
893
+ .catch(function (err) {
894
+ state.authPending = null;
895
+ rateLimit.noteAuthFailure(state.remoteAddress);
896
+ _emit("mail.server.submission.auth_failed", {
897
+ connectionId: state.id, reason: (err && err.message) || String(err),
898
+ }, "failure");
899
+ _writeReply(socket, REPLY_535_AUTH_FAILED, "5.7.8 Authentication failed");
900
+ });
901
+ }
902
+
903
+ function _handleMailFrom(state, socket, line) {
904
+ if (!state.tls && profile !== "permissive") {
905
+ _writeReply(socket, REPLY_530_AUTH_REQUIRED, "5.7.0 Must issue a STARTTLS command first");
906
+ return;
907
+ }
908
+ if (!state.authenticated && profile !== "permissive") {
909
+ _writeReply(socket, REPLY_530_AUTH_REQUIRED,
910
+ "5.7.0 Authentication required (submission listener requires AUTH per RFC 6409)");
911
+ return;
912
+ }
913
+ if (state.stage !== "ehlo" && state.stage !== "mail") {
914
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 EHLO/HELO first");
915
+ return;
916
+ }
917
+ var match = line.match(RE_MAIL_FROM);
918
+ if (!match) {
919
+ _writeReply(socket, REPLY_501_BAD_ARGS,
920
+ "5.5.4 Syntax: MAIL FROM:<address> [SIZE=n]");
921
+ return;
922
+ }
923
+ var mailFrom = match[1].toLowerCase();
924
+ // Domain hardening on MAIL FROM. Skip address-literal + empty
925
+ // reverse-path (RFC 5321 §4.5.5).
926
+ var __mfAt = mailFrom.lastIndexOf("@");
927
+ var mailFromDomain = __mfAt === -1 ? "" : mailFrom.slice(__mfAt + 1);
928
+ if (mailFromDomain && mailFromDomain[0] !== "[" && guardDomainProfile) {
929
+ var __mfVerdict = _validateDomainHardened(mailFromDomain, "mail_from");
930
+ if (!__mfVerdict.ok) {
931
+ _writeReply(socket, REPLY_501_BAD_ARGS,
932
+ "5.5.4 MAIL FROM domain refused (" +
933
+ (__mfVerdict.issues && __mfVerdict.issues[0] && __mfVerdict.issues[0].kind) + ")");
934
+ return;
935
+ }
936
+ }
937
+ var paramStr = match[2] || "";
938
+ var sizeMatch = paramStr.match(RE_SIZE);
939
+ if (sizeMatch) {
940
+ var declaredSize = parseInt(sizeMatch[1], 10);
941
+ if (declaredSize > maxMessageBytes) {
942
+ _writeReply(socket, REPLY_552_SIZE_EXCEEDED,
943
+ "5.3.4 Message size exceeds fixed maximum (" + maxMessageBytes + " bytes)");
944
+ return;
945
+ }
946
+ }
947
+
948
+ // Identity binding — under strict profile, MAIL FROM MUST match
949
+ // an entry in the authenticated actor's mailbox set. An actor
950
+ // whose mailbox set is empty MUST also be refused: an empty
951
+ // allowlist is "no mailboxes" (account has no send-as identity
952
+ // assigned), NOT "all mailboxes." The earlier shape allowed any
953
+ // MAIL FROM when allowed.length === 0, turning a missing-config
954
+ // case (operator hasn't assigned mailboxes to the actor) into
955
+ // an open relay binding.
956
+ if (state.authenticated && identityBinding === "strict") {
957
+ var allowed = _actorMailboxes(state.actor);
958
+ if (allowed.length === 0 || allowed.indexOf(mailFrom) === -1) {
959
+ _emit("mail.server.submission.identity_mismatch", {
960
+ connectionId: state.id, authIdentity: state.actor.id || null,
961
+ mailFrom: mailFrom, allowed: allowed,
962
+ reason: allowed.length === 0 ? "actor-has-no-mailboxes" : "mail-from-not-in-actor-set",
963
+ }, "denied");
964
+ _writeReply(socket, REPLY_553_SENDER_REJECTED,
965
+ allowed.length === 0
966
+ ? "5.7.1 Sender address rejected: authenticated identity has no assigned mailboxes"
967
+ : "5.7.1 Sender address rejected: not owned by authenticated identity");
968
+ return;
969
+ }
970
+ }
971
+
972
+ state.mailFrom = mailFrom;
973
+ state.stage = "rcpt";
974
+ state.rcpts = [];
975
+ // Track in-flight async recipientPolicy verdicts so the cap-check
976
+ // counts BOTH committed + in-flight against `maxRcptsPerMsg`. Under
977
+ // SMTP PIPELINING (RFC 2920) a client can send many RCPT TO commands
978
+ // back-to-back; without this counter each one sees `state.rcpts.length`
979
+ // == 0 because the prior pushes haven't landed inside the .then() yet,
980
+ // so the cap-check passes for every command and `state.rcpts` grows
981
+ // past the limit once the verdicts resolve.
982
+ state.rcptsPending = 0;
983
+ _emit("mail.server.submission.mail_from",
984
+ { connectionId: state.id, mailFrom: mailFrom,
985
+ actor: state.actor && state.actor.id });
986
+ _writeReply(socket, REPLY_250_OK, "2.1.0 Sender OK");
987
+ }
988
+
989
+ function _handleRcptTo(state, socket, line) {
990
+ if (state.stage !== "rcpt") {
991
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 MAIL FROM first");
992
+ return;
993
+ }
994
+ // Cap-check counts BOTH committed (state.rcpts.length) AND in-flight
995
+ // (state.rcptsPending) — under PIPELINING (RFC 2920) the prior
996
+ // commands haven't pushed yet by the time the next cap-check runs.
997
+ if ((state.rcpts.length + (state.rcptsPending || 0)) >= maxRcptsPerMsg) {
998
+ _writeReply(socket, REPLY_452_INSUFFICIENT_STG,
999
+ "4.5.3 Too many recipients (limit " + maxRcptsPerMsg + ")");
1000
+ return;
1001
+ }
1002
+ var match = line.match(RE_RCPT_TO);
1003
+ if (!match) {
1004
+ _writeReply(socket, REPLY_501_BAD_ARGS, "5.5.4 Syntax: RCPT TO:<address>");
1005
+ return;
1006
+ }
1007
+ var rcpt = match[1].toLowerCase();
1008
+
1009
+ // Domain hardening on RCPT TO. Skip address-literal form.
1010
+ var __rcptAt = rcpt.lastIndexOf("@");
1011
+ var __rcptDomain = __rcptAt === -1 ? "" : rcpt.slice(__rcptAt + 1);
1012
+ if (__rcptDomain && __rcptDomain[0] !== "[" && guardDomainProfile) {
1013
+ var __rcptVerdict = _validateDomainHardened(__rcptDomain, "rcpt_to");
1014
+ if (!__rcptVerdict.ok) {
1015
+ _writeReply(socket, REPLY_501_BAD_ARGS,
1016
+ "5.5.4 RCPT TO domain refused (" +
1017
+ (__rcptVerdict.issues && __rcptVerdict.issues[0] && __rcptVerdict.issues[0].kind) + ")");
1018
+ return;
1019
+ }
1020
+ }
1021
+
1022
+ // Operator-supplied recipient policy — async predicate that
1023
+ // decides whether the authenticated actor may send to this
1024
+ // destination. Wires policy decisions like "block *.gov from
1025
+ // this tenant" / "this actor's outbound budget is exhausted" /
1026
+ // "destination is in the operator's deny list". Returns
1027
+ // `{ ok: true }` on accept OR `{ ok: false, reason }` on refuse.
1028
+ // When not wired, every syntactically-valid RCPT TO is accepted
1029
+ // — the agent.handoff is the operator's last chance to reject.
1030
+ if (typeof opts.recipientPolicy === "function") {
1031
+ state.rcptsPending = (state.rcptsPending || 0) + 1;
1032
+ Promise.resolve()
1033
+ .then(function () {
1034
+ return opts.recipientPolicy({
1035
+ actor: state.actor,
1036
+ mailFrom: state.mailFrom,
1037
+ rcptTo: rcpt,
1038
+ connectionId: state.id,
1039
+ remoteAddress: state.remoteAddress,
1040
+ tls: state.tls,
1041
+ });
1042
+ })
1043
+ .then(function (verdict) {
1044
+ state.rcptsPending -= 1;
1045
+ if (verdict && verdict.ok === true) {
1046
+ // Re-check the cap before commit — under PIPELINING the
1047
+ // verdict may resolve after other in-flight RCPT TO have
1048
+ // pushed, so the previously-reserved slot could already
1049
+ // be over-committed. Defense-in-depth on top of the
1050
+ // in-flight-aware cap-check above.
1051
+ if (state.rcpts.length >= maxRcptsPerMsg) {
1052
+ _emit("mail.server.submission.recipient_refused", {
1053
+ connectionId: state.id, rcptTo: rcpt,
1054
+ reason: "cap-exceeded-post-policy",
1055
+ actor: state.actor && state.actor.id,
1056
+ }, "denied");
1057
+ _writeReply(socket, REPLY_452_INSUFFICIENT_STG,
1058
+ "4.5.3 Too many recipients (limit " + maxRcptsPerMsg + ")");
1059
+ return;
1060
+ }
1061
+ state.rcpts.push(rcpt);
1062
+ _emit("mail.server.submission.rcpt_to",
1063
+ { connectionId: state.id, rcptTo: rcpt, rcptCount: state.rcpts.length });
1064
+ _writeReply(socket, REPLY_250_OK, "2.1.5 Recipient OK");
1065
+ return;
1066
+ }
1067
+ _emit("mail.server.submission.recipient_refused", {
1068
+ connectionId: state.id, rcptTo: rcpt,
1069
+ reason: (verdict && verdict.reason) || "policy-refused",
1070
+ actor: state.actor && state.actor.id,
1071
+ }, "denied");
1072
+ _writeReply(socket, REPLY_550_MAILBOX_UNAVAIL,
1073
+ "5.7.1 " + ((verdict && verdict.reason) || "Recipient policy refused"));
1074
+ })
1075
+ .catch(function (err) {
1076
+ state.rcptsPending -= 1;
1077
+ _emit("mail.server.submission.recipient_policy_threw", {
1078
+ connectionId: state.id, rcptTo: rcpt,
1079
+ error: (err && err.message) || String(err),
1080
+ }, "failure");
1081
+ // Recipient-policy hook failure is treated as transient
1082
+ // (the operator's policy engine may be temporarily
1083
+ // unavailable); 451 4.7.1 lets the sender retry.
1084
+ _writeReply(socket, REPLY_451_LOCAL_ERROR,
1085
+ "4.7.1 Recipient policy temporarily unavailable");
1086
+ });
1087
+ return;
1088
+ }
1089
+
1090
+ state.rcpts.push(rcpt);
1091
+ _emit("mail.server.submission.rcpt_to",
1092
+ { connectionId: state.id, rcptTo: rcpt, rcptCount: state.rcpts.length });
1093
+ _writeReply(socket, REPLY_250_OK, "2.1.5 Recipient OK");
1094
+ }
1095
+
1096
+ function _handleData(state, socket) {
1097
+ if (state.stage !== "rcpt" || state.rcpts.length === 0) {
1098
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 No valid recipients");
1099
+ return;
1100
+ }
1101
+ // RFC 2920 PIPELINING race: a client may emit RCPT TO + DATA
1102
+ // in the same TCP segment. The recipientPolicy callback is
1103
+ // async; without this gate, `state.rcptsPending` > 0 means at
1104
+ // least one recipient verdict has not yet returned, and DATA
1105
+ // proceeding here would commit the message to a partially-
1106
+ // resolved recipient set (refuse outcomes that arrive after
1107
+ // the dot-terminator would be silently dropped because the
1108
+ // transaction has already moved past the `rcpt` stage). 451
1109
+ // 4.5.0 is transient — the sender retries; PIPELINING-aware
1110
+ // clients receive the pipelined replies and reissue DATA
1111
+ // cleanly.
1112
+ if ((state.rcptsPending || 0) > 0) {
1113
+ _emit("mail.server.submission.pipelining_data_race", {
1114
+ connectionId: state.id, rcptsPending: state.rcptsPending,
1115
+ rcptsCommitted: state.rcpts.length,
1116
+ }, "denied");
1117
+ _writeReply(socket, REPLY_451_LOCAL_ERROR,
1118
+ "4.5.0 RCPT TO verdicts pending; reissue DATA after recipient replies");
1119
+ return;
1120
+ }
1121
+ _writeReply(socket, REPLY_354_START_INPUT, "End data with <CR><LF>.<CR><LF>");
1122
+ state.stage = "data-body";
1123
+ inDataBody = true;
1124
+ bodyCollector = safeBuffer.boundedChunkCollector({
1125
+ maxBytes: maxMessageBytes,
1126
+ errorClass: MailServerSubmissionError,
1127
+ sizeCode: "mail-server-submission/body-too-large",
1128
+ sizeMessage: "DATA body exceeded maxMessageBytes (" + maxMessageBytes + ")",
1129
+ });
1130
+ }
1131
+
1132
+ function _finalizeAcceptedBody(state, socket, dedotted, source) {
1133
+
1134
+ // Outbound DKIM-required gate. Scan the header block for a
1135
+ // `DKIM-Signature:` line; under `self` mode also require at
1136
+ // least one signature whose `d=` tag matches the authenticated
1137
+ // identity's domain part.
1138
+ if (requireDkim) {
1139
+ var headerEnd = _findHeaderEnd(dedotted);
1140
+ var headerBlock = headerEnd === -1
1141
+ ? dedotted.toString("utf8")
1142
+ : dedotted.subarray(0, headerEnd).toString("utf8");
1143
+ var dkimSigs = _extractDkimSignatures(headerBlock);
1144
+ var dkimOk = false;
1145
+ if (dkimSigs.length > 0) {
1146
+ if (dkimRequireMode === "any") {
1147
+ dkimOk = true;
1148
+ } else if (dkimRequireMode === "self") {
1149
+ var actorDomain = _actorDomain(state.actor, state.mailFrom);
1150
+ for (var i = 0; i < dkimSigs.length; i += 1) {
1151
+ var d = _extractDkimDTag(dkimSigs[i]);
1152
+ if (d && actorDomain && d.toLowerCase() === actorDomain.toLowerCase()) {
1153
+ dkimOk = true;
1154
+ break;
1155
+ }
1156
+ }
1157
+ }
1158
+ }
1159
+ if (!dkimOk) {
1160
+ _emit("mail.server.submission.data_refused", {
1161
+ connectionId: state.id,
1162
+ reason: "dkim-required",
1163
+ dkimRequireMode: dkimRequireMode,
1164
+ mailFrom: state.mailFrom,
1165
+ sigCount: dkimSigs.length,
1166
+ actor: state.actor && state.actor.id,
1167
+ }, "denied");
1168
+ _writeReply(socket, REPLY_550_MAILBOX_UNAVAIL,
1169
+ "5.7.20 DKIM-Signature required on outbound submission " +
1170
+ "(dkimRequireMode='" + dkimRequireMode + "'; RFC 6376; bulk-sender 2024)");
1171
+ _resetTransaction(state);
1172
+ return;
1173
+ }
1174
+ }
1175
+
1176
+ if (opts.agent && typeof opts.agent.handoff === "function") {
1177
+ opts.agent.handoff({
1178
+ mailFrom: state.mailFrom,
1179
+ rcpts: state.rcpts.slice(),
1180
+ body: dedotted,
1181
+ actor: state.actor,
1182
+ remote: { address: state.remoteAddress, port: state.remotePort },
1183
+ tls: state.tls,
1184
+ helo: state.helo,
1185
+ connectionId: state.id,
1186
+ direction: "outbound",
1187
+ }).then(function (ack) {
1188
+ _emit("mail.server.submission.outbound_routed", {
1189
+ connectionId: state.id, messageId: ack && ack.messageId,
1190
+ sizeBytes: dedotted.length, actor: state.actor && state.actor.id,
1191
+ });
1192
+ _writeReply(socket, REPLY_250_OK,
1193
+ "2.6.0 Message accepted" + (ack && ack.messageId ? " <" + ack.messageId + ">" : ""));
1194
+ _resetTransaction(state);
1195
+ }).catch(function (err) {
1196
+ _emit("mail.server.submission.data_refused",
1197
+ { connectionId: state.id, reason: "agent-handoff-failed",
1198
+ error: (err && err.message) || String(err) }, "failure");
1199
+ _writeReply(socket, REPLY_451_LOCAL_ERROR, "4.3.0 Local delivery error");
1200
+ _resetTransaction(state);
1201
+ });
1202
+ return;
1203
+ }
1204
+ _emit("mail.server.submission.data_accepted",
1205
+ { connectionId: state.id, mailFrom: state.mailFrom,
1206
+ rcptCount: state.rcpts.length, sizeBytes: dedotted.length, source: source || "DATA" });
1207
+ _writeReply(socket, REPLY_250_OK, "2.6.0 Message queued (audit-only)");
1208
+ _resetTransaction(state);
1209
+ }
1210
+
1211
+ // RFC 3030 §2 — BDAT <chunk-size> [LAST]. Reads exactly chunk-size
1212
+ // bytes off the wire (no dot-stuffing, no end-of-data marker). The
1213
+ // size is a non-negative integer; LAST keyword (case-insensitive)
1214
+ // terminates the message body. Mixing DATA + BDAT within the same
1215
+ // transaction is forbidden — the server returns 503 once the first
1216
+ // BDAT lands and forces the client to RSET.
1217
+ function _handleBdat(state, socket, line) {
1218
+ if (state.stage !== "rcpt" && state.stage !== "bdat") {
1219
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 BDAT requires MAIL FROM + RCPT TO");
1220
+ return;
1221
+ }
1222
+ if (state.rcpts.length === 0) {
1223
+ _writeReply(socket, REPLY_503_BAD_SEQUENCE, "5.5.1 No valid recipients");
1224
+ return;
1225
+ }
1226
+ // Pipelining race — same gate as DATA.
1227
+ if ((state.rcptsPending || 0) > 0) {
1228
+ _emit("mail.server.submission.pipelining_bdat_race", {
1229
+ connectionId: state.id, rcptsPending: state.rcptsPending,
1230
+ rcptsCommitted: state.rcpts.length,
1231
+ }, "denied");
1232
+ _writeReply(socket, REPLY_451_LOCAL_ERROR,
1233
+ "4.5.0 RCPT TO verdicts pending; reissue BDAT after recipient replies");
1234
+ return;
1235
+ }
1236
+ // Parse `BDAT <size>[ LAST]`.
1237
+ var parts = line.split(/\s+/);
1238
+ if (parts.length < 2 || parts.length > 3) {
1239
+ _writeReply(socket, REPLY_501_BAD_ARGS, "5.5.4 BDAT requires <chunk-size> [LAST]");
1240
+ return;
1241
+ }
1242
+ var sizeStr = parts[1];
1243
+ var sizeN = parseInt(sizeStr, 10);
1244
+ if (!/^\d+$/.test(sizeStr) || !isFinite(sizeN) || sizeN < 0) {
1245
+ _writeReply(socket, REPLY_501_BAD_ARGS, "5.5.4 BDAT chunk-size must be a non-negative integer");
1246
+ return;
1247
+ }
1248
+ var isLast = parts.length === 3 && parts[2].toUpperCase() === "LAST";
1249
+ if (parts.length === 3 && !isLast) {
1250
+ _writeReply(socket, REPLY_501_BAD_ARGS, "5.5.4 BDAT third arg must be 'LAST' (RFC 3030 §2)");
1251
+ return;
1252
+ }
1253
+ // Cumulative-size cap. The collector is bounded too, but checking
1254
+ // up-front lets us refuse the chunk before reading bytes off the
1255
+ // socket — important when sizeN >> maxMessageBytes.
1256
+ if (bdatTotalBytes + sizeN > maxMessageBytes) {
1257
+ _emit("mail.server.submission.bdat_refused",
1258
+ { connectionId: state.id, reason: "body-too-large",
1259
+ requestedTotal: bdatTotalBytes + sizeN, maxBytes: maxMessageBytes }, "denied");
1260
+ _writeReply(socket, REPLY_552_SIZE_EXCEEDED,
1261
+ "5.3.4 BDAT cumulative size " + (bdatTotalBytes + sizeN) +
1262
+ " exceeds maxMessageBytes (" + maxMessageBytes + ")");
1263
+ _resetTransaction(state);
1264
+ bdatCollector = null; bdatTotalBytes = 0;
1265
+ return;
1266
+ }
1267
+ if (!bdatCollector) {
1268
+ bdatCollector = safeBuffer.boundedChunkCollector({
1269
+ maxBytes: maxMessageBytes,
1270
+ errorClass: MailServerSubmissionError,
1271
+ sizeCode: "mail-server-submission/body-too-large",
1272
+ sizeMessage: "BDAT body exceeded maxMessageBytes (" + maxMessageBytes + ")",
1273
+ });
1274
+ }
1275
+ state.stage = "bdat";
1276
+ bdatRemaining = sizeN;
1277
+ bdatIsLast = isLast;
1278
+ // size=0 + LAST is a valid sequence — finalises the message
1279
+ // body (the LAST chunk may carry zero bytes when the prior chunk
1280
+ // was the final payload). RFC 3030 §2.2 — ONE reply per command:
1281
+ // emit the "0 octets" ack for size=0 NOT-LAST, but defer to
1282
+ // _finalizeAcceptedBody for size=0 LAST.
1283
+ if (sizeN === 0) {
1284
+ if (isLast) {
1285
+ var emptyBody = bdatCollector ? bdatCollector.result() : Buffer.alloc(0);
1286
+ bdatCollector = null; bdatTotalBytes = 0;
1287
+ _finalizeAcceptedBody(state, socket, emptyBody, "BDAT");
1288
+ } else {
1289
+ _writeReply(socket, REPLY_250_OK, "2.0.0 0 octets received");
1290
+ }
1291
+ return;
1292
+ }
1293
+ inBdatChunk = true;
1294
+ }
1295
+
1296
+ function _resetTransaction(state) {
1297
+ state.mailFrom = null;
1298
+ state.rcpts = [];
1299
+ state.rcptsPending = 0;
1300
+ state.stage = "ehlo";
1301
+ // BDAT-side state lives at the connection level, not on `state`.
1302
+ // Reset it here so a RSET / failed BDAT can't leak collected
1303
+ // bytes into the next transaction.
1304
+ inBdatChunk = false;
1305
+ bdatRemaining = 0;
1306
+ bdatIsLast = false;
1307
+ bdatCollector = null;
1308
+ bdatTotalBytes = 0;
1309
+ }
1310
+ }
1311
+
1312
+ async function listen(listenOpts) {
1313
+ listenOpts = listenOpts || {};
1314
+ if (listening) {
1315
+ throw new MailServerSubmissionError("mail-server-submission/already-listening",
1316
+ "listen: already listening");
1317
+ }
1318
+ // Port 0 (ephemeral, test mode) must NOT fall back to the protocol
1319
+ // default — the `|| <default>` short-circuit was a footgun on the
1320
+ // test path.
1321
+ var defaultPort = implicitTls ? 465 : 587; // allow:raw-byte-literal — RFC 8314 implicit-TLS / RFC 6409 submission ports
1322
+ var port = listenOpts.port === undefined ? defaultPort : listenOpts.port;
1323
+ var address = listenOpts.address || "0.0.0.0";
1324
+ tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
1325
+ return new Promise(function (resolve, reject) {
1326
+ tcpServer.once("error", reject);
1327
+ tcpServer.listen(port, address, function () {
1328
+ listening = true;
1329
+ tcpServer.removeListener("error", reject);
1330
+ _emit("mail.server.submission.listening",
1331
+ { port: port, address: address, implicitTls: implicitTls });
1332
+ resolve({ port: tcpServer.address().port, address: address });
1333
+ });
1334
+ });
1335
+ }
1336
+
1337
+ async function close(closeOpts) {
1338
+ closeOpts = closeOpts || {};
1339
+ if (!listening) return;
1340
+ var timeoutMs = closeOpts.timeoutMs || C.TIME.seconds(30);
1341
+ listening = false;
1342
+ tcpServer.close();
1343
+ connections.forEach(function (sock) {
1344
+ try { _writeReply(sock, REPLY_421_SERVICE_NOT_AVAIL, "4.3.0 Server shutting down"); }
1345
+ catch (_e) { /* socket already gone */ }
1346
+ });
1347
+ var deadline = Date.now() + timeoutMs;
1348
+ while (connections.size > 0 && Date.now() < deadline) {
1349
+ await safeAsync.sleep(100); // allow:raw-time-literal — sub-second drain poll
1350
+ }
1351
+ connections.forEach(function (sock) {
1352
+ try { sock.destroy(); } catch (_e) { /* best-effort */ }
1353
+ });
1354
+ connections.clear();
1355
+ _emit("mail.server.submission.closed", {});
1356
+ }
1357
+
1358
+ function connectionCount() { return connections.size; }
1359
+
1360
+ return {
1361
+ listen: listen,
1362
+ close: close,
1363
+ connectionCount: connectionCount,
1364
+ _portForTest: function () { return tcpServer ? tcpServer.address().port : null; },
1365
+ };
1366
+ }
1367
+
1368
+ function _actorMailboxes(actor) {
1369
+ if (!actor) return [];
1370
+ if (Array.isArray(actor.mailboxes)) return actor.mailboxes.map(function (m) { return String(m).toLowerCase(); });
1371
+ if (typeof actor.mailbox === "string") return [actor.mailbox.toLowerCase()];
1372
+ return [];
1373
+ }
1374
+
1375
+ function _writeReply(socket, code, text) {
1376
+ try { socket.write(code + " " + text + "\r\n"); }
1377
+ catch (_e) { /* socket already closed */ }
1378
+ }
1379
+
1380
+ function _writeMultiline(socket, code, lines) {
1381
+ for (var i = 0; i < lines.length; i += 1) {
1382
+ var sep = i === lines.length - 1 ? " " : "-";
1383
+ try { socket.write(code + sep + lines[i] + "\r\n"); }
1384
+ catch (_e) { /* socket already closed */ }
1385
+ }
1386
+ }
1387
+
1388
+ function _closeConnection(socket) {
1389
+ try { socket.end(); } catch (_e) { /* best-effort */ }
1390
+ try { socket.destroy(); } catch (_e) { /* best-effort */ }
1391
+ }
1392
+
1393
+ module.exports = {
1394
+ create: create,
1395
+ MailServerSubmissionError: MailServerSubmissionError,
1396
+ };