@blamejs/blamejs-shop 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1220) hide show
  1. package/CHANGELOG.md +87 -0
  2. package/LICENSE +17 -0
  3. package/README.md +117 -0
  4. package/SECURITY.md +139 -0
  5. package/lib/admin.js +952 -0
  6. package/lib/analytics.js +267 -0
  7. package/lib/cart.js +279 -0
  8. package/lib/catalog-import.js +344 -0
  9. package/lib/catalog.js +769 -0
  10. package/lib/checkout.js +320 -0
  11. package/lib/config.js +151 -0
  12. package/lib/customers.js +322 -0
  13. package/lib/email.js +242 -0
  14. package/lib/externaldb-d1.js +283 -0
  15. package/lib/index.js +57 -0
  16. package/lib/inventory-alerts.js +198 -0
  17. package/lib/newsletter.js +142 -0
  18. package/lib/order.js +380 -0
  19. package/lib/payment.js +318 -0
  20. package/lib/pricing.js +185 -0
  21. package/lib/r2-bridge.js +169 -0
  22. package/lib/shipping.js +185 -0
  23. package/lib/storefront.js +2160 -0
  24. package/lib/subscriptions.js +410 -0
  25. package/lib/tax.js +161 -0
  26. package/lib/theme.js +194 -0
  27. package/lib/vendor/MANIFEST.json +19 -0
  28. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +23 -0
  29. package/lib/vendor/blamejs/.clusterfuzzlite/build.sh +34 -0
  30. package/lib/vendor/blamejs/.clusterfuzzlite/project.yaml +16 -0
  31. package/lib/vendor/blamejs/.dockerignore +45 -0
  32. package/lib/vendor/blamejs/.gitattributes +42 -0
  33. package/lib/vendor/blamejs/.github/CODEOWNERS +4 -0
  34. package/lib/vendor/blamejs/.github/FUNDING.yml +2 -0
  35. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/bug_report.md +58 -0
  36. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/config.yml +8 -0
  37. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/feature_request.md +99 -0
  38. package/lib/vendor/blamejs/.github/PULL_REQUEST_TEMPLATE.md +77 -0
  39. package/lib/vendor/blamejs/.github/dependabot.yml +37 -0
  40. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +148 -0
  41. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +107 -0
  42. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +122 -0
  43. package/lib/vendor/blamejs/.github/workflows/ci.yml +511 -0
  44. package/lib/vendor/blamejs/.github/workflows/codeql.yml +50 -0
  45. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +655 -0
  46. package/lib/vendor/blamejs/.github/workflows/release-container.yml +406 -0
  47. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +101 -0
  48. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +134 -0
  49. package/lib/vendor/blamejs/.gitignore +102 -0
  50. package/lib/vendor/blamejs/.gitleaks.toml +166 -0
  51. package/lib/vendor/blamejs/.hadolint.yaml +18 -0
  52. package/lib/vendor/blamejs/.npmrc +5 -0
  53. package/lib/vendor/blamejs/.pinact.yaml +17 -0
  54. package/lib/vendor/blamejs/ARCHITECTURE.md +158 -0
  55. package/lib/vendor/blamejs/CHANGELOG.md +1351 -0
  56. package/lib/vendor/blamejs/CODE_OF_CONDUCT.md +86 -0
  57. package/lib/vendor/blamejs/CONTRIBUTING.md +156 -0
  58. package/lib/vendor/blamejs/GOVERNANCE.md +201 -0
  59. package/lib/vendor/blamejs/LICENSE +201 -0
  60. package/lib/vendor/blamejs/LTS-CALENDAR.md +29 -0
  61. package/lib/vendor/blamejs/MIGRATING.md +29 -0
  62. package/lib/vendor/blamejs/NOTICE +81 -0
  63. package/lib/vendor/blamejs/README.md +304 -0
  64. package/lib/vendor/blamejs/SECURITY.md +432 -0
  65. package/lib/vendor/blamejs/api-snapshot.json +48709 -0
  66. package/lib/vendor/blamejs/assets/BlameJS_Logo.png +0 -0
  67. package/lib/vendor/blamejs/assets/BlameJS_Logo.svg +129 -0
  68. package/lib/vendor/blamejs/bench/README.md +77 -0
  69. package/lib/vendor/blamejs/bench/_helpers.js +70 -0
  70. package/lib/vendor/blamejs/bench/baseline.json +183 -0
  71. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +19 -0
  72. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +28 -0
  73. package/lib/vendor/blamejs/bench/run.js +140 -0
  74. package/lib/vendor/blamejs/bench/safe-json.bench.js +31 -0
  75. package/lib/vendor/blamejs/bin/blamejs.js +13 -0
  76. package/lib/vendor/blamejs/docker/caddy/Caddyfile +46 -0
  77. package/lib/vendor/blamejs/docker/coredns/Corefile +37 -0
  78. package/lib/vendor/blamejs/docker/haproxy/haproxy.cfg +52 -0
  79. package/lib/vendor/blamejs/docker/init/generate-certs.sh +118 -0
  80. package/lib/vendor/blamejs/docker/keycloak/realm-blamejs-test.json +87 -0
  81. package/lib/vendor/blamejs/docker/mitmproxy/config.yaml +16 -0
  82. package/lib/vendor/blamejs/docker/mongo/init-tls.sh +17 -0
  83. package/lib/vendor/blamejs/docker/mysql/my.cnf +12 -0
  84. package/lib/vendor/blamejs/docker/nats/nats.conf +33 -0
  85. package/lib/vendor/blamejs/docker/postgres/init-tls.sh +17 -0
  86. package/lib/vendor/blamejs/docker/postgres/postgresql.conf +18 -0
  87. package/lib/vendor/blamejs/docker/rabbitmq/rabbitmq.conf +18 -0
  88. package/lib/vendor/blamejs/docker/redis/redis.conf +15 -0
  89. package/lib/vendor/blamejs/docker/squid/squid.conf +24 -0
  90. package/lib/vendor/blamejs/docker/syslog/syslog-ng.conf +34 -0
  91. package/lib/vendor/blamejs/docker-compose.test.yml +545 -0
  92. package/lib/vendor/blamejs/docs/cis-postgres-crosswalk.md +102 -0
  93. package/lib/vendor/blamejs/docs/cis-sqlite-equivalent.md +92 -0
  94. package/lib/vendor/blamejs/eslint.config.mjs +204 -0
  95. package/lib/vendor/blamejs/examples/wiki/Caddyfile +40 -0
  96. package/lib/vendor/blamejs/examples/wiki/DEPLOY.md +218 -0
  97. package/lib/vendor/blamejs/examples/wiki/Dockerfile +120 -0
  98. package/lib/vendor/blamejs/examples/wiki/README.md +157 -0
  99. package/lib/vendor/blamejs/examples/wiki/cli-snapshot.json +250 -0
  100. package/lib/vendor/blamejs/examples/wiki/docker-compose.prod.yml +231 -0
  101. package/lib/vendor/blamejs/examples/wiki/docker-compose.yml +166 -0
  102. package/lib/vendor/blamejs/examples/wiki/env-snapshot.json +217 -0
  103. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +139 -0
  104. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +555 -0
  105. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +507 -0
  106. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +435 -0
  107. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +282 -0
  108. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +321 -0
  109. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +15 -0
  110. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +75 -0
  111. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +508 -0
  112. package/lib/vendor/blamejs/examples/wiki/lib/section.js +276 -0
  113. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +587 -0
  114. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +318 -0
  115. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +122 -0
  116. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +74 -0
  117. package/lib/vendor/blamejs/examples/wiki/package.json +18 -0
  118. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.png +0 -0
  119. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.svg +129 -0
  120. package/lib/vendor/blamejs/examples/wiki/public/robots.txt +5 -0
  121. package/lib/vendor/blamejs/examples/wiki/public/vendor/MANIFEST.json +30 -0
  122. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.css +1 -0
  123. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.js +15 -0
  124. package/lib/vendor/blamejs/examples/wiki/public/wiki.css +1250 -0
  125. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +366 -0
  126. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +230 -0
  127. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +266 -0
  128. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +214 -0
  129. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +35 -0
  130. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +34 -0
  131. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +76 -0
  132. package/lib/vendor/blamejs/examples/wiki/server.js +129 -0
  133. package/lib/vendor/blamejs/examples/wiki/site.config.js +197 -0
  134. package/lib/vendor/blamejs/examples/wiki/snippets/README.md +38 -0
  135. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +15 -0
  136. package/lib/vendor/blamejs/examples/wiki/src/editor.js +103 -0
  137. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +349 -0
  138. package/lib/vendor/blamejs/examples/wiki/test/AUDIT.md +155 -0
  139. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +594 -0
  140. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +741 -0
  141. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +254 -0
  142. package/lib/vendor/blamejs/examples/wiki/test/integration.js +391 -0
  143. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +379 -0
  144. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +346 -0
  145. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +212 -0
  146. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +252 -0
  147. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +107 -0
  148. package/lib/vendor/blamejs/examples/wiki/views/_layout.html +115 -0
  149. package/lib/vendor/blamejs/examples/wiki/views/admin/api-keys.html +51 -0
  150. package/lib/vendor/blamejs/examples/wiki/views/admin/dashboard.html +22 -0
  151. package/lib/vendor/blamejs/examples/wiki/views/admin/edit.html +17 -0
  152. package/lib/vendor/blamejs/examples/wiki/views/home.html +85 -0
  153. package/lib/vendor/blamejs/examples/wiki/views/login.html +18 -0
  154. package/lib/vendor/blamejs/examples/wiki/views/page.html +5 -0
  155. package/lib/vendor/blamejs/examples/wiki/views/partials/nav.html +13 -0
  156. package/lib/vendor/blamejs/examples/wiki/views/search.html +19 -0
  157. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +15 -0
  158. package/lib/vendor/blamejs/fuzz/README.md +137 -0
  159. package/lib/vendor/blamejs/fuzz/_expected.js +35 -0
  160. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +22 -0
  161. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +16 -0
  162. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/01-basic.csv +3 -0
  163. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/02-formula.csv +1 -0
  164. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/03-hyperlink.csv +1 -0
  165. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +22 -0
  166. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +16 -0
  167. package/lib/vendor/blamejs/fuzz/guard-email_seed_corpus/01-basic.eml +5 -0
  168. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +24 -0
  169. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +24 -0
  170. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +20 -0
  171. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +16 -0
  172. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/01-basic.html +1 -0
  173. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/02-script.html +1 -0
  174. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/03-event.html +1 -0
  175. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/04-jsurl.html +1 -0
  176. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +20 -0
  177. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +35 -0
  178. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +41 -0
  179. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +16 -0
  180. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/01-basic.json +1 -0
  181. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/02-proto.json +1 -0
  182. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/03-dupkey.json +1 -0
  183. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/04-nan.json +1 -0
  184. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/05-bom.json +1 -0
  185. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +21 -0
  186. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +25 -0
  187. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +22 -0
  188. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +22 -0
  189. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +27 -0
  190. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +23 -0
  191. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +36 -0
  192. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +26 -0
  193. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +16 -0
  194. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/01-basic.md +2 -0
  195. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/02-jsurl.md +1 -0
  196. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/03-jsimg.md +1 -0
  197. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +26 -0
  198. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +23 -0
  199. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +22 -0
  200. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +32 -0
  201. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +27 -0
  202. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +22 -0
  203. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +22 -0
  204. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +16 -0
  205. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/01-basic.svg +1 -0
  206. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/02-script.svg +1 -0
  207. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +20 -0
  208. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +30 -0
  209. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +16 -0
  210. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/01-basic.xml +1 -0
  211. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/02-xxe.xml +1 -0
  212. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +16 -0
  213. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/01-basic.yaml +2 -0
  214. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/02-anchor.yaml +2 -0
  215. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/03-norway.yaml +1 -0
  216. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/04-multidoc.yaml +4 -0
  217. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +16 -0
  218. package/lib/vendor/blamejs/fuzz/parsers__safe-ini_seed_corpus/01-basic.ini +2 -0
  219. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +16 -0
  220. package/lib/vendor/blamejs/fuzz/parsers__safe-toml_seed_corpus/01-basic.toml +4 -0
  221. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +16 -0
  222. package/lib/vendor/blamejs/fuzz/parsers__safe-xml_seed_corpus/01-basic.xml +1 -0
  223. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +16 -0
  224. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml_seed_corpus/01-basic.yaml +4 -0
  225. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +49 -0
  226. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +29 -0
  227. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +16 -0
  228. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +42 -0
  229. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +25 -0
  230. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/01-object.txt +1 -0
  231. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/02-array.txt +1 -0
  232. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/03-string.txt +1 -0
  233. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/04-proto.txt +1 -0
  234. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/05-deep.txt +1 -0
  235. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +16 -0
  236. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/01-basic.txt +1 -0
  237. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/02-filter.txt +1 -0
  238. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/03-deepscan.txt +1 -0
  239. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/04-slice.txt +1 -0
  240. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +27 -0
  241. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +33 -0
  242. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +28 -0
  243. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +64 -0
  244. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +16 -0
  245. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/01-basic.txt +1 -0
  246. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/02-userinfo.txt +1 -0
  247. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/03-dangerous.txt +1 -0
  248. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/04-data.txt +1 -0
  249. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/05-ipv6.txt +1 -0
  250. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/06-idn.txt +1 -0
  251. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +16 -0
  252. package/lib/vendor/blamejs/index.js +678 -0
  253. package/lib/vendor/blamejs/keys/release-pqc-pub.json +7 -0
  254. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +67 -0
  255. package/lib/vendor/blamejs/lib/a2a-tasks.js +598 -0
  256. package/lib/vendor/blamejs/lib/a2a.js +407 -0
  257. package/lib/vendor/blamejs/lib/acme.js +1448 -0
  258. package/lib/vendor/blamejs/lib/agent-audit.js +45 -0
  259. package/lib/vendor/blamejs/lib/agent-event-bus.js +382 -0
  260. package/lib/vendor/blamejs/lib/agent-idempotency.js +497 -0
  261. package/lib/vendor/blamejs/lib/agent-orchestrator.js +717 -0
  262. package/lib/vendor/blamejs/lib/agent-posture-chain.js +366 -0
  263. package/lib/vendor/blamejs/lib/agent-saga.js +321 -0
  264. package/lib/vendor/blamejs/lib/agent-snapshot.js +676 -0
  265. package/lib/vendor/blamejs/lib/agent-stream.js +269 -0
  266. package/lib/vendor/blamejs/lib/agent-tenant.js +632 -0
  267. package/lib/vendor/blamejs/lib/agent-trace.js +281 -0
  268. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +184 -0
  269. package/lib/vendor/blamejs/lib/ai-content-detect.js +268 -0
  270. package/lib/vendor/blamejs/lib/ai-input.js +201 -0
  271. package/lib/vendor/blamejs/lib/ai-model-manifest.js +363 -0
  272. package/lib/vendor/blamejs/lib/ai-pref.js +340 -0
  273. package/lib/vendor/blamejs/lib/api-key.js +721 -0
  274. package/lib/vendor/blamejs/lib/api-snapshot.js +458 -0
  275. package/lib/vendor/blamejs/lib/app-shutdown.js +557 -0
  276. package/lib/vendor/blamejs/lib/app.js +365 -0
  277. package/lib/vendor/blamejs/lib/archive.js +547 -0
  278. package/lib/vendor/blamejs/lib/arg-parser.js +697 -0
  279. package/lib/vendor/blamejs/lib/argon2-builtin.js +173 -0
  280. package/lib/vendor/blamejs/lib/asn1-der.js +424 -0
  281. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +160 -0
  282. package/lib/vendor/blamejs/lib/asyncapi-traits.js +143 -0
  283. package/lib/vendor/blamejs/lib/asyncapi.js +575 -0
  284. package/lib/vendor/blamejs/lib/atomic-file.js +1023 -0
  285. package/lib/vendor/blamejs/lib/audit-chain.js +266 -0
  286. package/lib/vendor/blamejs/lib/audit-daily-review.js +389 -0
  287. package/lib/vendor/blamejs/lib/audit-sign.js +751 -0
  288. package/lib/vendor/blamejs/lib/audit-tools.js +1113 -0
  289. package/lib/vendor/blamejs/lib/audit.js +1671 -0
  290. package/lib/vendor/blamejs/lib/auth/aal.js +169 -0
  291. package/lib/vendor/blamejs/lib/auth/access-lock.js +220 -0
  292. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +265 -0
  293. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +112 -0
  294. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +111 -0
  295. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +573 -0
  296. package/lib/vendor/blamejs/lib/auth/ciba.js +637 -0
  297. package/lib/vendor/blamejs/lib/auth/dpop.js +516 -0
  298. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +306 -0
  299. package/lib/vendor/blamejs/lib/auth/fal.js +229 -0
  300. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +681 -0
  301. package/lib/vendor/blamejs/lib/auth/jwt-external.js +519 -0
  302. package/lib/vendor/blamejs/lib/auth/jwt.js +430 -0
  303. package/lib/vendor/blamejs/lib/auth/lockout.js +449 -0
  304. package/lib/vendor/blamejs/lib/auth/oauth.js +2141 -0
  305. package/lib/vendor/blamejs/lib/auth/oid4vci.js +657 -0
  306. package/lib/vendor/blamejs/lib/auth/oid4vp.js +531 -0
  307. package/lib/vendor/blamejs/lib/auth/openid-federation.js +600 -0
  308. package/lib/vendor/blamejs/lib/auth/passkey.js +676 -0
  309. package/lib/vendor/blamejs/lib/auth/password.js +693 -0
  310. package/lib/vendor/blamejs/lib/auth/saml.js +2109 -0
  311. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +95 -0
  312. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +225 -0
  313. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +197 -0
  314. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +728 -0
  315. package/lib/vendor/blamejs/lib/auth/status-list.js +272 -0
  316. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +335 -0
  317. package/lib/vendor/blamejs/lib/auth/step-up.js +454 -0
  318. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +505 -0
  319. package/lib/vendor/blamejs/lib/auth-header.js +148 -0
  320. package/lib/vendor/blamejs/lib/backup/bundle.js +265 -0
  321. package/lib/vendor/blamejs/lib/backup/crypto.js +176 -0
  322. package/lib/vendor/blamejs/lib/backup/index.js +1001 -0
  323. package/lib/vendor/blamejs/lib/backup/manifest.js +443 -0
  324. package/lib/vendor/blamejs/lib/boot-gates.js +174 -0
  325. package/lib/vendor/blamejs/lib/breach-deadline.js +272 -0
  326. package/lib/vendor/blamejs/lib/break-glass.js +1753 -0
  327. package/lib/vendor/blamejs/lib/budr.js +205 -0
  328. package/lib/vendor/blamejs/lib/bundler.js +461 -0
  329. package/lib/vendor/blamejs/lib/cache-redis.js +256 -0
  330. package/lib/vendor/blamejs/lib/cache-status.js +288 -0
  331. package/lib/vendor/blamejs/lib/cache.js +1331 -0
  332. package/lib/vendor/blamejs/lib/calendar.js +1240 -0
  333. package/lib/vendor/blamejs/lib/canonical-json.js +143 -0
  334. package/lib/vendor/blamejs/lib/cdn-cache-control.js +473 -0
  335. package/lib/vendor/blamejs/lib/cert.js +763 -0
  336. package/lib/vendor/blamejs/lib/chain-writer.js +259 -0
  337. package/lib/vendor/blamejs/lib/circuit-breaker.js +101 -0
  338. package/lib/vendor/blamejs/lib/cli-helpers.js +237 -0
  339. package/lib/vendor/blamejs/lib/cli.js +2328 -0
  340. package/lib/vendor/blamejs/lib/client-hints.js +318 -0
  341. package/lib/vendor/blamejs/lib/cloud-events.js +277 -0
  342. package/lib/vendor/blamejs/lib/cluster-provider-db.js +317 -0
  343. package/lib/vendor/blamejs/lib/cluster-storage.js +351 -0
  344. package/lib/vendor/blamejs/lib/cluster.js +1017 -0
  345. package/lib/vendor/blamejs/lib/cms-codec.js +826 -0
  346. package/lib/vendor/blamejs/lib/codepoint-class.js +262 -0
  347. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +190 -0
  348. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +205 -0
  349. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +189 -0
  350. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +200 -0
  351. package/lib/vendor/blamejs/lib/compliance-ai-act.js +821 -0
  352. package/lib/vendor/blamejs/lib/compliance-eaa.js +204 -0
  353. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +167 -0
  354. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +206 -0
  355. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +297 -0
  356. package/lib/vendor/blamejs/lib/compliance-sanctions.js +569 -0
  357. package/lib/vendor/blamejs/lib/compliance.js +1558 -0
  358. package/lib/vendor/blamejs/lib/config-drift.js +426 -0
  359. package/lib/vendor/blamejs/lib/config.js +446 -0
  360. package/lib/vendor/blamejs/lib/consent.js +369 -0
  361. package/lib/vendor/blamejs/lib/constants.js +209 -0
  362. package/lib/vendor/blamejs/lib/content-credentials.js +704 -0
  363. package/lib/vendor/blamejs/lib/cookies.js +560 -0
  364. package/lib/vendor/blamejs/lib/cra-report.js +299 -0
  365. package/lib/vendor/blamejs/lib/credential-hash.js +394 -0
  366. package/lib/vendor/blamejs/lib/crypto-field.js +1017 -0
  367. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +187 -0
  368. package/lib/vendor/blamejs/lib/crypto-hpke.js +256 -0
  369. package/lib/vendor/blamejs/lib/crypto.js +1908 -0
  370. package/lib/vendor/blamejs/lib/csp.js +271 -0
  371. package/lib/vendor/blamejs/lib/csv.js +418 -0
  372. package/lib/vendor/blamejs/lib/daemon.js +481 -0
  373. package/lib/vendor/blamejs/lib/dark-patterns.js +488 -0
  374. package/lib/vendor/blamejs/lib/data-act.js +328 -0
  375. package/lib/vendor/blamejs/lib/db-collection.js +587 -0
  376. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +267 -0
  377. package/lib/vendor/blamejs/lib/db-declare-view.js +420 -0
  378. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +333 -0
  379. package/lib/vendor/blamejs/lib/db-query.js +802 -0
  380. package/lib/vendor/blamejs/lib/db-role-context.js +50 -0
  381. package/lib/vendor/blamejs/lib/db-schema.js +322 -0
  382. package/lib/vendor/blamejs/lib/db.js +3111 -0
  383. package/lib/vendor/blamejs/lib/dbsc.js +299 -0
  384. package/lib/vendor/blamejs/lib/ddl-change-control.js +523 -0
  385. package/lib/vendor/blamejs/lib/deprecate.js +377 -0
  386. package/lib/vendor/blamejs/lib/dev.js +405 -0
  387. package/lib/vendor/blamejs/lib/dora.js +402 -0
  388. package/lib/vendor/blamejs/lib/dr-runbook.js +368 -0
  389. package/lib/vendor/blamejs/lib/dsr.js +1188 -0
  390. package/lib/vendor/blamejs/lib/dual-control.js +526 -0
  391. package/lib/vendor/blamejs/lib/early-hints.js +212 -0
  392. package/lib/vendor/blamejs/lib/error-page.js +420 -0
  393. package/lib/vendor/blamejs/lib/events.js +214 -0
  394. package/lib/vendor/blamejs/lib/external-db-migrate.js +659 -0
  395. package/lib/vendor/blamejs/lib/external-db.js +1877 -0
  396. package/lib/vendor/blamejs/lib/fapi2.js +394 -0
  397. package/lib/vendor/blamejs/lib/fda-21cfr11.js +395 -0
  398. package/lib/vendor/blamejs/lib/fdx.js +370 -0
  399. package/lib/vendor/blamejs/lib/fedcm.js +264 -0
  400. package/lib/vendor/blamejs/lib/file-type.js +360 -0
  401. package/lib/vendor/blamejs/lib/file-upload.js +1256 -0
  402. package/lib/vendor/blamejs/lib/flag-cache.js +136 -0
  403. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +135 -0
  404. package/lib/vendor/blamejs/lib/flag-providers.js +279 -0
  405. package/lib/vendor/blamejs/lib/flag-targeting.js +210 -0
  406. package/lib/vendor/blamejs/lib/flag.js +346 -0
  407. package/lib/vendor/blamejs/lib/forms.js +525 -0
  408. package/lib/vendor/blamejs/lib/framework-error.js +724 -0
  409. package/lib/vendor/blamejs/lib/framework-schema.js +845 -0
  410. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +34 -0
  411. package/lib/vendor/blamejs/lib/fsm.js +469 -0
  412. package/lib/vendor/blamejs/lib/gate-contract.js +1661 -0
  413. package/lib/vendor/blamejs/lib/gdpr-ropa.js +261 -0
  414. package/lib/vendor/blamejs/lib/graphql-federation.js +234 -0
  415. package/lib/vendor/blamejs/lib/guard-agent-registry.js +179 -0
  416. package/lib/vendor/blamejs/lib/guard-all.js +555 -0
  417. package/lib/vendor/blamejs/lib/guard-archive.js +901 -0
  418. package/lib/vendor/blamejs/lib/guard-auth.js +451 -0
  419. package/lib/vendor/blamejs/lib/guard-cidr.js +676 -0
  420. package/lib/vendor/blamejs/lib/guard-csv.js +1176 -0
  421. package/lib/vendor/blamejs/lib/guard-domain.js +814 -0
  422. package/lib/vendor/blamejs/lib/guard-dsn.js +382 -0
  423. package/lib/vendor/blamejs/lib/guard-email.js +951 -0
  424. package/lib/vendor/blamejs/lib/guard-envelope.js +294 -0
  425. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +217 -0
  426. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +150 -0
  427. package/lib/vendor/blamejs/lib/guard-filename.js +956 -0
  428. package/lib/vendor/blamejs/lib/guard-graphql.js +731 -0
  429. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +164 -0
  430. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +144 -0
  431. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +154 -0
  432. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +44 -0
  433. package/lib/vendor/blamejs/lib/guard-html-wcag.js +470 -0
  434. package/lib/vendor/blamejs/lib/guard-html.js +1209 -0
  435. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +151 -0
  436. package/lib/vendor/blamejs/lib/guard-image.js +584 -0
  437. package/lib/vendor/blamejs/lib/guard-imap-command.js +337 -0
  438. package/lib/vendor/blamejs/lib/guard-jmap.js +321 -0
  439. package/lib/vendor/blamejs/lib/guard-json.js +935 -0
  440. package/lib/vendor/blamejs/lib/guard-jsonpath.js +512 -0
  441. package/lib/vendor/blamejs/lib/guard-jwt.js +772 -0
  442. package/lib/vendor/blamejs/lib/guard-list-id.js +318 -0
  443. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +412 -0
  444. package/lib/vendor/blamejs/lib/guard-mail-compose.js +282 -0
  445. package/lib/vendor/blamejs/lib/guard-mail-move.js +202 -0
  446. package/lib/vendor/blamejs/lib/guard-mail-query.js +310 -0
  447. package/lib/vendor/blamejs/lib/guard-mail-reply.js +172 -0
  448. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +207 -0
  449. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +566 -0
  450. package/lib/vendor/blamejs/lib/guard-markdown.js +768 -0
  451. package/lib/vendor/blamejs/lib/guard-message-id.js +267 -0
  452. package/lib/vendor/blamejs/lib/guard-mime.js +609 -0
  453. package/lib/vendor/blamejs/lib/guard-oauth.js +650 -0
  454. package/lib/vendor/blamejs/lib/guard-pdf.js +569 -0
  455. package/lib/vendor/blamejs/lib/guard-pop3-command.js +317 -0
  456. package/lib/vendor/blamejs/lib/guard-posture-chain.js +201 -0
  457. package/lib/vendor/blamejs/lib/guard-regex.js +632 -0
  458. package/lib/vendor/blamejs/lib/guard-saga-config.js +157 -0
  459. package/lib/vendor/blamejs/lib/guard-shell.js +522 -0
  460. package/lib/vendor/blamejs/lib/guard-smtp-command.js +594 -0
  461. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +168 -0
  462. package/lib/vendor/blamejs/lib/guard-stream-args.js +166 -0
  463. package/lib/vendor/blamejs/lib/guard-svg.js +1163 -0
  464. package/lib/vendor/blamejs/lib/guard-template.js +490 -0
  465. package/lib/vendor/blamejs/lib/guard-tenant-id.js +138 -0
  466. package/lib/vendor/blamejs/lib/guard-time.js +586 -0
  467. package/lib/vendor/blamejs/lib/guard-trace-context.js +172 -0
  468. package/lib/vendor/blamejs/lib/guard-uuid.js +548 -0
  469. package/lib/vendor/blamejs/lib/guard-xml.js +666 -0
  470. package/lib/vendor/blamejs/lib/guard-yaml.js +726 -0
  471. package/lib/vendor/blamejs/lib/hal.js +125 -0
  472. package/lib/vendor/blamejs/lib/handlers.js +350 -0
  473. package/lib/vendor/blamejs/lib/honeytoken.js +168 -0
  474. package/lib/vendor/blamejs/lib/html-balance.js +347 -0
  475. package/lib/vendor/blamejs/lib/http-client-cache.js +923 -0
  476. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +519 -0
  477. package/lib/vendor/blamejs/lib/http-client.js +2152 -0
  478. package/lib/vendor/blamejs/lib/http-message-signature.js +589 -0
  479. package/lib/vendor/blamejs/lib/http2-teardown.js +34 -0
  480. package/lib/vendor/blamejs/lib/i18n-messageformat.js +398 -0
  481. package/lib/vendor/blamejs/lib/i18n.js +931 -0
  482. package/lib/vendor/blamejs/lib/iab-mspa.js +257 -0
  483. package/lib/vendor/blamejs/lib/iab-tcf.js +461 -0
  484. package/lib/vendor/blamejs/lib/importmap-integrity.js +90 -0
  485. package/lib/vendor/blamejs/lib/inbox.js +435 -0
  486. package/lib/vendor/blamejs/lib/incident-report.js +314 -0
  487. package/lib/vendor/blamejs/lib/ip-utils.js +102 -0
  488. package/lib/vendor/blamejs/lib/jobs.js +185 -0
  489. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +228 -0
  490. package/lib/vendor/blamejs/lib/jsonapi.js +230 -0
  491. package/lib/vendor/blamejs/lib/keychain.js +865 -0
  492. package/lib/vendor/blamejs/lib/lazy-require.js +48 -0
  493. package/lib/vendor/blamejs/lib/legal-hold.js +374 -0
  494. package/lib/vendor/blamejs/lib/local-db-thin.js +321 -0
  495. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +369 -0
  496. package/lib/vendor/blamejs/lib/log-stream-local.js +146 -0
  497. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +410 -0
  498. package/lib/vendor/blamejs/lib/log-stream-otlp.js +286 -0
  499. package/lib/vendor/blamejs/lib/log-stream-syslog.js +310 -0
  500. package/lib/vendor/blamejs/lib/log-stream-webhook.js +199 -0
  501. package/lib/vendor/blamejs/lib/log-stream.js +584 -0
  502. package/lib/vendor/blamejs/lib/log.js +625 -0
  503. package/lib/vendor/blamejs/lib/lro.js +200 -0
  504. package/lib/vendor/blamejs/lib/mail-agent.js +786 -0
  505. package/lib/vendor/blamejs/lib/mail-arc-sign.js +417 -0
  506. package/lib/vendor/blamejs/lib/mail-arf.js +343 -0
  507. package/lib/vendor/blamejs/lib/mail-auth.js +2144 -0
  508. package/lib/vendor/blamejs/lib/mail-bimi.js +1047 -0
  509. package/lib/vendor/blamejs/lib/mail-bounce.js +955 -0
  510. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +1286 -0
  511. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +789 -0
  512. package/lib/vendor/blamejs/lib/mail-crypto.js +108 -0
  513. package/lib/vendor/blamejs/lib/mail-dav.js +1224 -0
  514. package/lib/vendor/blamejs/lib/mail-deploy.js +1119 -0
  515. package/lib/vendor/blamejs/lib/mail-dkim.js +1250 -0
  516. package/lib/vendor/blamejs/lib/mail-greylist.js +448 -0
  517. package/lib/vendor/blamejs/lib/mail-helo.js +473 -0
  518. package/lib/vendor/blamejs/lib/mail-journal.js +435 -0
  519. package/lib/vendor/blamejs/lib/mail-mdn.js +424 -0
  520. package/lib/vendor/blamejs/lib/mail-rbl.js +392 -0
  521. package/lib/vendor/blamejs/lib/mail-require-tls.js +198 -0
  522. package/lib/vendor/blamejs/lib/mail-scan.js +502 -0
  523. package/lib/vendor/blamejs/lib/mail-send-deliver.js +629 -0
  524. package/lib/vendor/blamejs/lib/mail-server-imap.js +1858 -0
  525. package/lib/vendor/blamejs/lib/mail-server-jmap.js +1565 -0
  526. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +908 -0
  527. package/lib/vendor/blamejs/lib/mail-server-mx.js +969 -0
  528. package/lib/vendor/blamejs/lib/mail-server-pop3.js +915 -0
  529. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +315 -0
  530. package/lib/vendor/blamejs/lib/mail-server-registry.js +378 -0
  531. package/lib/vendor/blamejs/lib/mail-server-submission.js +1396 -0
  532. package/lib/vendor/blamejs/lib/mail-server-tls.js +445 -0
  533. package/lib/vendor/blamejs/lib/mail-sieve.js +557 -0
  534. package/lib/vendor/blamejs/lib/mail-spam-score.js +284 -0
  535. package/lib/vendor/blamejs/lib/mail-srs.js +248 -0
  536. package/lib/vendor/blamejs/lib/mail-store-fts.js +394 -0
  537. package/lib/vendor/blamejs/lib/mail-store.js +929 -0
  538. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +400 -0
  539. package/lib/vendor/blamejs/lib/mail.js +1971 -0
  540. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +473 -0
  541. package/lib/vendor/blamejs/lib/mcp.js +950 -0
  542. package/lib/vendor/blamejs/lib/metrics.js +1503 -0
  543. package/lib/vendor/blamejs/lib/middleware/age-gate.js +177 -0
  544. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +203 -0
  545. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +981 -0
  546. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +137 -0
  547. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +171 -0
  548. package/lib/vendor/blamejs/lib/middleware/attach-user.js +220 -0
  549. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +293 -0
  550. package/lib/vendor/blamejs/lib/middleware/body-parser.js +1519 -0
  551. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +183 -0
  552. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +217 -0
  553. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +122 -0
  554. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +355 -0
  555. package/lib/vendor/blamejs/lib/middleware/compression.js +489 -0
  556. package/lib/vendor/blamejs/lib/middleware/cookies.js +130 -0
  557. package/lib/vendor/blamejs/lib/middleware/cors.js +386 -0
  558. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +388 -0
  559. package/lib/vendor/blamejs/lib/middleware/csp-report.js +167 -0
  560. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +499 -0
  561. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +243 -0
  562. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +304 -0
  563. package/lib/vendor/blamejs/lib/middleware/dpop.js +402 -0
  564. package/lib/vendor/blamejs/lib/middleware/error-handler.js +69 -0
  565. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +168 -0
  566. package/lib/vendor/blamejs/lib/middleware/flag-context.js +110 -0
  567. package/lib/vendor/blamejs/lib/middleware/gpc.js +153 -0
  568. package/lib/vendor/blamejs/lib/middleware/headers.js +242 -0
  569. package/lib/vendor/blamejs/lib/middleware/health.js +438 -0
  570. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +189 -0
  571. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +964 -0
  572. package/lib/vendor/blamejs/lib/middleware/index.js +183 -0
  573. package/lib/vendor/blamejs/lib/middleware/nel.js +214 -0
  574. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +237 -0
  575. package/lib/vendor/blamejs/lib/middleware/no-cache.js +106 -0
  576. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +177 -0
  577. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +277 -0
  578. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +556 -0
  579. package/lib/vendor/blamejs/lib/middleware/request-id.js +79 -0
  580. package/lib/vendor/blamejs/lib/middleware/request-log.js +205 -0
  581. package/lib/vendor/blamejs/lib/middleware/require-aal.js +138 -0
  582. package/lib/vendor/blamejs/lib/middleware/require-auth.js +144 -0
  583. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +290 -0
  584. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +113 -0
  585. package/lib/vendor/blamejs/lib/middleware/require-methods.js +97 -0
  586. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +212 -0
  587. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +226 -0
  588. package/lib/vendor/blamejs/lib/middleware/scim-server.js +375 -0
  589. package/lib/vendor/blamejs/lib/middleware/security-headers.js +285 -0
  590. package/lib/vendor/blamejs/lib/middleware/security-txt.js +170 -0
  591. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +280 -0
  592. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +323 -0
  593. package/lib/vendor/blamejs/lib/middleware/sse.js +200 -0
  594. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +167 -0
  595. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +148 -0
  596. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +749 -0
  597. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +164 -0
  598. package/lib/vendor/blamejs/lib/migration-files.js +37 -0
  599. package/lib/vendor/blamejs/lib/migrations.js +385 -0
  600. package/lib/vendor/blamejs/lib/mime-parse.js +198 -0
  601. package/lib/vendor/blamejs/lib/money.js +699 -0
  602. package/lib/vendor/blamejs/lib/mtls-ca.js +572 -0
  603. package/lib/vendor/blamejs/lib/mtls-engine-default.js +501 -0
  604. package/lib/vendor/blamejs/lib/network-byte-quota.js +308 -0
  605. package/lib/vendor/blamejs/lib/network-dns-resolver.js +533 -0
  606. package/lib/vendor/blamejs/lib/network-dns.js +1930 -0
  607. package/lib/vendor/blamejs/lib/network-heartbeat.js +425 -0
  608. package/lib/vendor/blamejs/lib/network-nts.js +574 -0
  609. package/lib/vendor/blamejs/lib/network-proxy.js +265 -0
  610. package/lib/vendor/blamejs/lib/network-smtp-policy.js +836 -0
  611. package/lib/vendor/blamejs/lib/network-tls.js +3126 -0
  612. package/lib/vendor/blamejs/lib/network.js +346 -0
  613. package/lib/vendor/blamejs/lib/nis2-report.js +181 -0
  614. package/lib/vendor/blamejs/lib/nist-crosswalk.js +293 -0
  615. package/lib/vendor/blamejs/lib/nonce-store.js +177 -0
  616. package/lib/vendor/blamejs/lib/notify.js +683 -0
  617. package/lib/vendor/blamejs/lib/ntp-check.js +458 -0
  618. package/lib/vendor/blamejs/lib/numeric-bounds.js +111 -0
  619. package/lib/vendor/blamejs/lib/numeric-checks.js +40 -0
  620. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +349 -0
  621. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +488 -0
  622. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +351 -0
  623. package/lib/vendor/blamejs/lib/object-store/gcs.js +515 -0
  624. package/lib/vendor/blamejs/lib/object-store/http-put.js +153 -0
  625. package/lib/vendor/blamejs/lib/object-store/http-request.js +38 -0
  626. package/lib/vendor/blamejs/lib/object-store/index.js +197 -0
  627. package/lib/vendor/blamejs/lib/object-store/local.js +163 -0
  628. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +1133 -0
  629. package/lib/vendor/blamejs/lib/object-store/sigv4.js +957 -0
  630. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +420 -0
  631. package/lib/vendor/blamejs/lib/observability-tracer.js +395 -0
  632. package/lib/vendor/blamejs/lib/observability.js +720 -0
  633. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +248 -0
  634. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +192 -0
  635. package/lib/vendor/blamejs/lib/openapi-security.js +169 -0
  636. package/lib/vendor/blamejs/lib/openapi-yaml.js +154 -0
  637. package/lib/vendor/blamejs/lib/openapi.js +489 -0
  638. package/lib/vendor/blamejs/lib/otel-export.js +278 -0
  639. package/lib/vendor/blamejs/lib/outbox.js +547 -0
  640. package/lib/vendor/blamejs/lib/pagination.js +542 -0
  641. package/lib/vendor/blamejs/lib/parsers/index.js +91 -0
  642. package/lib/vendor/blamejs/lib/parsers/safe-env.js +642 -0
  643. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +293 -0
  644. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +784 -0
  645. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +390 -0
  646. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +1015 -0
  647. package/lib/vendor/blamejs/lib/permissions.js +793 -0
  648. package/lib/vendor/blamejs/lib/pick.js +105 -0
  649. package/lib/vendor/blamejs/lib/pqc-agent.js +351 -0
  650. package/lib/vendor/blamejs/lib/pqc-gate.js +279 -0
  651. package/lib/vendor/blamejs/lib/pqc-software.js +271 -0
  652. package/lib/vendor/blamejs/lib/problem-details.js +482 -0
  653. package/lib/vendor/blamejs/lib/process-spawn.js +196 -0
  654. package/lib/vendor/blamejs/lib/promise-pool.js +162 -0
  655. package/lib/vendor/blamejs/lib/protobuf-encoder.js +190 -0
  656. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +161 -0
  657. package/lib/vendor/blamejs/lib/public-suffix.js +403 -0
  658. package/lib/vendor/blamejs/lib/pubsub-cluster.js +154 -0
  659. package/lib/vendor/blamejs/lib/pubsub-redis.js +167 -0
  660. package/lib/vendor/blamejs/lib/pubsub.js +463 -0
  661. package/lib/vendor/blamejs/lib/queue-local.js +476 -0
  662. package/lib/vendor/blamejs/lib/queue-redis.js +745 -0
  663. package/lib/vendor/blamejs/lib/queue-sqs.js +319 -0
  664. package/lib/vendor/blamejs/lib/queue.js +1016 -0
  665. package/lib/vendor/blamejs/lib/redact.js +1007 -0
  666. package/lib/vendor/blamejs/lib/redis-client.js +520 -0
  667. package/lib/vendor/blamejs/lib/render.js +285 -0
  668. package/lib/vendor/blamejs/lib/request-helpers.js +767 -0
  669. package/lib/vendor/blamejs/lib/resource-access-lock.js +116 -0
  670. package/lib/vendor/blamejs/lib/restore-bundle.js +340 -0
  671. package/lib/vendor/blamejs/lib/restore-rollback.js +365 -0
  672. package/lib/vendor/blamejs/lib/restore.js +409 -0
  673. package/lib/vendor/blamejs/lib/retention.js +640 -0
  674. package/lib/vendor/blamejs/lib/retry.js +523 -0
  675. package/lib/vendor/blamejs/lib/router.js +1289 -0
  676. package/lib/vendor/blamejs/lib/safe-async.js +1184 -0
  677. package/lib/vendor/blamejs/lib/safe-buffer.js +562 -0
  678. package/lib/vendor/blamejs/lib/safe-decompress.js +297 -0
  679. package/lib/vendor/blamejs/lib/safe-dns.js +665 -0
  680. package/lib/vendor/blamejs/lib/safe-ical.js +634 -0
  681. package/lib/vendor/blamejs/lib/safe-icap.js +502 -0
  682. package/lib/vendor/blamejs/lib/safe-json.js +946 -0
  683. package/lib/vendor/blamejs/lib/safe-jsonpath.js +285 -0
  684. package/lib/vendor/blamejs/lib/safe-mime.js +831 -0
  685. package/lib/vendor/blamejs/lib/safe-mount-info.js +306 -0
  686. package/lib/vendor/blamejs/lib/safe-path.js +254 -0
  687. package/lib/vendor/blamejs/lib/safe-redirect.js +106 -0
  688. package/lib/vendor/blamejs/lib/safe-schema.js +1810 -0
  689. package/lib/vendor/blamejs/lib/safe-sieve.js +684 -0
  690. package/lib/vendor/blamejs/lib/safe-smtp.js +185 -0
  691. package/lib/vendor/blamejs/lib/safe-sql.js +363 -0
  692. package/lib/vendor/blamejs/lib/safe-url.js +428 -0
  693. package/lib/vendor/blamejs/lib/safe-vcard.js +473 -0
  694. package/lib/vendor/blamejs/lib/sandbox-worker.js +135 -0
  695. package/lib/vendor/blamejs/lib/sandbox.js +358 -0
  696. package/lib/vendor/blamejs/lib/scheduler.js +827 -0
  697. package/lib/vendor/blamejs/lib/sd-notify.js +269 -0
  698. package/lib/vendor/blamejs/lib/sec-cyber.js +214 -0
  699. package/lib/vendor/blamejs/lib/security-assert.js +395 -0
  700. package/lib/vendor/blamejs/lib/seeders.js +620 -0
  701. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +309 -0
  702. package/lib/vendor/blamejs/lib/self-update.js +804 -0
  703. package/lib/vendor/blamejs/lib/server-timing.js +174 -0
  704. package/lib/vendor/blamejs/lib/session-device-binding.js +431 -0
  705. package/lib/vendor/blamejs/lib/session-stores.js +138 -0
  706. package/lib/vendor/blamejs/lib/session.js +1162 -0
  707. package/lib/vendor/blamejs/lib/slug.js +381 -0
  708. package/lib/vendor/blamejs/lib/sse.js +349 -0
  709. package/lib/vendor/blamejs/lib/ssrf-guard.js +792 -0
  710. package/lib/vendor/blamejs/lib/standard-webhooks.js +183 -0
  711. package/lib/vendor/blamejs/lib/static.js +1249 -0
  712. package/lib/vendor/blamejs/lib/storage.js +1272 -0
  713. package/lib/vendor/blamejs/lib/stream-throttle.js +235 -0
  714. package/lib/vendor/blamejs/lib/structured-fields.js +244 -0
  715. package/lib/vendor/blamejs/lib/subject.js +667 -0
  716. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +175 -0
  717. package/lib/vendor/blamejs/lib/template.js +931 -0
  718. package/lib/vendor/blamejs/lib/tenant-quota.js +545 -0
  719. package/lib/vendor/blamejs/lib/test-harness.js +275 -0
  720. package/lib/vendor/blamejs/lib/testing.js +1185 -0
  721. package/lib/vendor/blamejs/lib/time.js +578 -0
  722. package/lib/vendor/blamejs/lib/tls-exporter.js +239 -0
  723. package/lib/vendor/blamejs/lib/totp.js +318 -0
  724. package/lib/vendor/blamejs/lib/tracing.js +546 -0
  725. package/lib/vendor/blamejs/lib/uuid.js +207 -0
  726. package/lib/vendor/blamejs/lib/validate-opts.js +381 -0
  727. package/lib/vendor/blamejs/lib/vault/index.js +638 -0
  728. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +311 -0
  729. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +198 -0
  730. package/lib/vendor/blamejs/lib/vault/rotate.js +803 -0
  731. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +471 -0
  732. package/lib/vendor/blamejs/lib/vault/wrap.js +296 -0
  733. package/lib/vendor/blamejs/lib/vault-aad.js +259 -0
  734. package/lib/vendor/blamejs/lib/vendor/.vendor-data-pubkey +4 -0
  735. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +161 -0
  736. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.data.js +68 -0
  737. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.pem +33 -0
  738. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.data.js +1325 -0
  739. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.txt +10002 -0
  740. package/lib/vendor/blamejs/lib/vendor/noble-ciphers.cjs +9 -0
  741. package/lib/vendor/blamejs/lib/vendor/noble-post-quantum.cjs +18 -0
  742. package/lib/vendor/blamejs/lib/vendor/pki.cjs +181 -0
  743. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +16382 -0
  744. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +5881 -0
  745. package/lib/vendor/blamejs/lib/vendor/simplewebauthn-server.cjs +328 -0
  746. package/lib/vendor/blamejs/lib/vendor/vendor-data-pubkey.js +16 -0
  747. package/lib/vendor/blamejs/lib/vendor-data.js +520 -0
  748. package/lib/vendor/blamejs/lib/vex.js +630 -0
  749. package/lib/vendor/blamejs/lib/watcher.js +608 -0
  750. package/lib/vendor/blamejs/lib/web-push-vapid.js +322 -0
  751. package/lib/vendor/blamejs/lib/webhook.js +977 -0
  752. package/lib/vendor/blamejs/lib/websocket-channels.js +327 -0
  753. package/lib/vendor/blamejs/lib/websocket.js +1561 -0
  754. package/lib/vendor/blamejs/lib/wiki-concepts.js +338 -0
  755. package/lib/vendor/blamejs/lib/worker-pool.js +464 -0
  756. package/lib/vendor/blamejs/lib/ws-client.js +978 -0
  757. package/lib/vendor/blamejs/lib/xml-c14n.js +506 -0
  758. package/lib/vendor/blamejs/memory/specs/node-26-map-getorinsert-migration.md +164 -0
  759. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +19 -0
  760. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/README.md +88 -0
  761. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/build.sh +26 -0
  762. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/project.yaml +28 -0
  763. package/lib/vendor/blamejs/package.json +81 -0
  764. package/lib/vendor/blamejs/release-notes/v0.0.x.json +310 -0
  765. package/lib/vendor/blamejs/release-notes/v0.1.x.json +1798 -0
  766. package/lib/vendor/blamejs/release-notes/v0.10.x.json +1288 -0
  767. package/lib/vendor/blamejs/release-notes/v0.11.x.json +2551 -0
  768. package/lib/vendor/blamejs/release-notes/v0.12.0.json +64 -0
  769. package/lib/vendor/blamejs/release-notes/v0.12.1.json +32 -0
  770. package/lib/vendor/blamejs/release-notes/v0.12.2.json +45 -0
  771. package/lib/vendor/blamejs/release-notes/v0.2.x.json +706 -0
  772. package/lib/vendor/blamejs/release-notes/v0.3.x.json +786 -0
  773. package/lib/vendor/blamejs/release-notes/v0.4.x.json +588 -0
  774. package/lib/vendor/blamejs/release-notes/v0.5.x.json +390 -0
  775. package/lib/vendor/blamejs/release-notes/v0.6.x.json +1947 -0
  776. package/lib/vendor/blamejs/release-notes/v0.7.x.json +3811 -0
  777. package/lib/vendor/blamejs/release-notes/v0.8.x.json +3318 -0
  778. package/lib/vendor/blamejs/release-notes/v0.9.x.json +2257 -0
  779. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +325 -0
  780. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +62 -0
  781. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +108 -0
  782. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +83 -0
  783. package/lib/vendor/blamejs/scripts/check-services.js +483 -0
  784. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +349 -0
  785. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +216 -0
  786. package/lib/vendor/blamejs/scripts/gen-migrating.js +275 -0
  787. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +577 -0
  788. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +79 -0
  789. package/lib/vendor/blamejs/scripts/publish-dep-confusion-placeholder.sh +101 -0
  790. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +31 -0
  791. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +132 -0
  792. package/lib/vendor/blamejs/scripts/release.js +652 -0
  793. package/lib/vendor/blamejs/scripts/sha3-digest.js +62 -0
  794. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +92 -0
  795. package/lib/vendor/blamejs/scripts/test-integration.js +181 -0
  796. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +126 -0
  797. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +77 -0
  798. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +186 -0
  799. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +101 -0
  800. package/lib/vendor/blamejs/scripts/vendor-update.sh +278 -0
  801. package/lib/vendor/blamejs/test/00-primitives.js +19075 -0
  802. package/lib/vendor/blamejs/test/10-state.js +622 -0
  803. package/lib/vendor/blamejs/test/20-db.js +561 -0
  804. package/lib/vendor/blamejs/test/30-chain.js +2110 -0
  805. package/lib/vendor/blamejs/test/40-consumers.js +2453 -0
  806. package/lib/vendor/blamejs/test/50-integration.js +486 -0
  807. package/lib/vendor/blamejs/test/_helpers.js +10 -0
  808. package/lib/vendor/blamejs/test/_smoke-worker.js +69 -0
  809. package/lib/vendor/blamejs/test/fixtures/exploit-corpus/corpus.json +368 -0
  810. package/lib/vendor/blamejs/test/fixtures/http-client-stream-payload.txt +2 -0
  811. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +52 -0
  812. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +24 -0
  813. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +203 -0
  814. package/lib/vendor/blamejs/test/helpers/_shape-match.js +513 -0
  815. package/lib/vendor/blamejs/test/helpers/check.js +36 -0
  816. package/lib/vendor/blamejs/test/helpers/cluster.js +70 -0
  817. package/lib/vendor/blamejs/test/helpers/db.js +143 -0
  818. package/lib/vendor/blamejs/test/helpers/drivers.js +207 -0
  819. package/lib/vendor/blamejs/test/helpers/fs-watch.js +101 -0
  820. package/lib/vendor/blamejs/test/helpers/http.js +14 -0
  821. package/lib/vendor/blamejs/test/helpers/index.js +93 -0
  822. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +120 -0
  823. package/lib/vendor/blamejs/test/helpers/mocks.js +20 -0
  824. package/lib/vendor/blamejs/test/helpers/otel.js +13 -0
  825. package/lib/vendor/blamejs/test/helpers/services.js +380 -0
  826. package/lib/vendor/blamejs/test/helpers/wait.js +206 -0
  827. package/lib/vendor/blamejs/test/integration/cache.test.js +235 -0
  828. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +174 -0
  829. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +611 -0
  830. package/lib/vendor/blamejs/test/integration/http-client.test.js +129 -0
  831. package/lib/vendor/blamejs/test/integration/log-stream.test.js +219 -0
  832. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +181 -0
  833. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +152 -0
  834. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +161 -0
  835. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +289 -0
  836. package/lib/vendor/blamejs/test/integration/network-dns.test.js +123 -0
  837. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +101 -0
  838. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +89 -0
  839. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +403 -0
  840. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +271 -0
  841. package/lib/vendor/blamejs/test/integration/pubsub.test.js +137 -0
  842. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +352 -0
  843. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +96 -0
  844. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +98 -0
  845. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +261 -0
  846. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +230 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +211 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +59 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +136 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +219 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +69 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +266 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +262 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +390 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +174 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +279 -0
  857. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +322 -0
  858. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +227 -0
  859. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +302 -0
  860. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +150 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +44 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +150 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +50 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +96 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +76 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +1080 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +311 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +291 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +140 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +267 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +108 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +929 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +80 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +176 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +132 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +97 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +141 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +115 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +163 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +246 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +485 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +331 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +352 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +572 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +61 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +258 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +105 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +34 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +107 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +131 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +118 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +85 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +38 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +861 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +55 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +209 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +129 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +871 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +891 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +43 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +243 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +550 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +107 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +147 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +104 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +135 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +67 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +75 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +98 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +145 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +133 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +97 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +160 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +84 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +69 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +142 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +133 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +237 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +9600 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +575 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +89 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +36 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +712 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +278 -0
  925. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +97 -0
  926. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +424 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +94 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +357 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +31 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +226 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +86 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +85 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +193 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +98 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +132 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +155 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +129 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +72 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +96 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +401 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +34 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +180 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +210 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +153 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +66 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +74 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +226 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +136 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +165 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +150 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +191 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +228 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +55 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +89 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +184 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +203 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +303 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +163 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +39 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +165 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +59 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +55 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +786 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +105 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +147 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +105 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +243 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +181 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +190 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +531 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +118 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +89 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +156 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +79 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +216 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +434 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +432 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +81 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +887 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +51 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +375 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +321 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +41 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +32 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +87 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +328 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +339 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +694 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +296 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +234 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +192 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +89 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +71 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +386 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +859 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +357 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +92 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +174 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +317 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +199 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +214 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +111 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +110 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +112 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +86 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +92 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +301 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +265 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +161 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +100 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +79 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +269 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +89 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +78 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +288 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +69 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +102 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +202 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +203 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +51 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +50 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +37 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +692 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +280 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +225 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +203 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +991 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +63 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +73 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +612 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +56 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +166 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +29 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +121 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +58 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +110 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +159 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +118 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +150 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +489 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +207 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +283 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +65 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +417 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +208 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +910 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +502 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +680 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +128 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +149 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +323 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +297 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +514 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +369 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +199 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +627 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +56 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +217 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +283 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +217 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +334 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +271 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +128 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +215 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +336 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +732 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +840 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +130 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +285 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +74 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +112 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +229 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +394 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +147 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +151 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +204 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +152 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +279 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +323 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +165 -0
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +439 -0
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +202 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +155 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +112 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +224 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +278 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +376 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +89 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +200 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +106 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +133 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +372 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +635 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +128 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +130 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +179 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +447 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +369 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +21 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +42 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +98 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +707 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +142 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +72 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +597 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +190 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +877 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +257 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +522 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +216 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +324 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +546 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +153 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +94 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +195 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +62 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +93 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +68 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +138 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +174 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +197 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +232 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +178 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +322 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +266 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +300 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +338 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +75 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +246 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +130 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +335 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +170 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +93 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +34 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +52 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +67 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +535 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +128 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +163 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +170 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +248 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +451 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +289 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +206 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +104 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +339 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +180 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +78 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +123 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +95 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +77 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +257 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +249 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +228 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +238 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +92 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +700 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +67 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +85 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +107 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +175 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +816 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +168 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +302 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +93 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +247 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +295 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +142 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +952 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +441 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +330 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +233 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +105 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +319 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +148 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +283 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +67 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +266 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +487 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +773 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +173 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +180 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +66 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +89 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +571 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +190 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +119 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +522 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +151 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +168 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +275 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +105 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +35 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +81 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +280 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +93 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +277 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +252 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +149 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +92 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +661 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +308 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +144 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +674 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +360 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +302 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +349 -0
  1214. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +717 -0
  1215. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +444 -0
  1216. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +597 -0
  1217. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +308 -0
  1218. package/lib/vendor/blamejs/test/smoke.js +431 -0
  1219. package/lib/webhooks.js +305 -0
  1220. package/package.json +43 -0
package/lib/vendor/blamejs/lib/safe-schema.js ADDED
@@ -0,0 +1,1810 @@
1
+ "use strict";
2
+ /**
3
+ * @module b.safeSchema
4
+ * @featured true
5
+ * @nav Validation
6
+ * @title Safe Schema
7
+ *
8
+ * @intro
9
+ * Declarative input validation with a Zod-shaped chained-method
10
+ * surface. Built for request-body validation, config validation,
11
+ * API payload validation, anywhere operators have an `unknown`
12
+ * shape they need to confirm before reading. Vendor-free; built
13
+ * on framework primitives. No JIT, no codegen, no chained-Promise
14
+ * weirdness.
15
+ *
16
+ * Schemas are immutable — every chained check returns a new
17
+ * schema; the original is untouched. `parse(input)` throws
18
+ * `SafeSchemaError` carrying a full per-field issues array;
19
+ * `safeParse(input)` never throws and returns `{ ok, value?,
20
+ * errors? }` (operator-friendly at HTTP boundaries).
21
+ *
22
+ * Security guarantees: prototype-pollution defense — `__proto__`
23
+ * / `constructor` / `prototype` keys are rejected at object-shape
24
+ * construction AND at parse-time on object + record inputs (mirrors
25
+ * `b.safeJson`'s POISONED_KEYS). Per-format defensive length caps
26
+ * (email 254, url 8 KiB, uuid 50, datetime 100 chars …) bound input
27
+ * BEFORE the regex engine runs, so a hostile payload can't ReDoS
28
+ * `.email()` / `.url()` / `.datetime()`. All format regexes are
29
+ * static module-level constants — no string→regex parsing on the
30
+ * validation path. `.refine()` predicates that throw turn into a
31
+ * regular validation issue rather than crashing the request.
32
+ *
33
+ * Coercion is deliberately not shipped (`.coerce` is a footgun:
34
+ * "0" → 0 vs "0" → "0" ambiguity, truthy/falsy edge cases).
35
+ * Operators do explicit `s.preprocess(fn, schema)` instead.
36
+ *
37
+ * Relationship to `b.forms.validate`: forms.validate carries
38
+ * HTML-spec concerns (checkbox coercion, select option allowlist)
39
+ * that don't belong on the general-purpose validator, so the two
40
+ * surfaces stay distinct rather than one wrapping the other.
41
+ *
42
+ * Surface (every schema has these chained methods unless noted):
43
+ *
44
+ * Type constructors:
45
+ * string() .min, .max, .length, .regex, .email, .url, .uuid,
46
+ * .datetime (ISO-8601), .date (YYYY-MM-DD),
47
+ * .ip, .ipv4, .ipv6, .nonempty, .startsWith,
48
+ * .endsWith, .includes, .cuid, .ulid, .base64,
49
+ * .trim, .toLowerCase, .toUpperCase
50
+ * number() .int, .min, .max, .gt, .lt, .positive, .negative,
51
+ * .nonnegative, .nonpositive, .finite, .safe,
52
+ * .multipleOf
53
+ * boolean()
54
+ * literal(v)
55
+ * enum_([...]) | oneOf([...])
56
+ * null_(), undefined_(), any(), unknown()
57
+ *
58
+ * Composites:
59
+ * object({...}) .strict, .passthrough, .pick, .omit, .extend,
60
+ * .partial, .required
61
+ * array(item) .min, .max, .length, .nonempty
62
+ * tuple([...]) .rest(item)
63
+ * union([...]) first matching option wins
64
+ * discriminatedUnion(key, [...]) tagged-union dispatch
65
+ * record(value) | record(key, value)
66
+ * lazy(() => schema) deferred (recursion)
67
+ * preprocess(fn, schema) pre-validation transform
68
+ *
69
+ * Modifiers (any schema):
70
+ * .optional(), .nullable(), .default(v|fn), .catch(v|fn),
71
+ * .refine(fn, opts), .transform(fn), .pipe(next)
72
+ *
73
+ * Deliberately not shipped (with structural reason): z.bigint /
74
+ * z.date / z.map / z.set (no JSON representation), z.nativeEnum
75
+ * / z.never / z.void / z.function (TypeScript-specific), z.coerce
76
+ * (security foot-gun — use s.preprocess), z.intersection
77
+ * (use .extend() for object schemas), z.brand (compile-time tag,
78
+ * no runtime effect), per-schema errorMap (chain .refine() with
79
+ * custom message instead).
80
+ *
81
+ * Design choices:
82
+ * - Schemas are immutable. Chaining returns a new schema with one
83
+ * additional check; the original is untouched. Cheap because
84
+ * checks are concat'd into a small array, not deep-copied.
85
+ * - .optional() means "may be undefined"; .nullable() means "may be
86
+ * null"; .default(v) means "if undefined, substitute v";
87
+ * .catch(v) means "on ANY validation failure, substitute v".
88
+ * These compose: optional().default(0) → "may be undefined,
89
+ * in which case use 0".
90
+ * - Objects are STRICT by default: unknown keys produce an issue.
91
+ * Use .passthrough() to retain unknown keys, .strict() to flip
92
+ * back if a parent .passthrough() set the mode.
93
+ * - Sync-only: no async refinements; operators await at the boundary.
94
+ *
95
+ * @card
96
+ * Declarative input validation with a Zod-shaped chained-method surface.
97
+ */
98
+
99
+ var C = require("./constants");
100
+ var safeJson = require("./safe-json");
101
+ var { defineClass } = require("./framework-error");
102
+
103
+ // Maximum URL length per RFC 7230 §3.1.1 guidance — also reused as the
104
+ // Base64 length cap (no protocol-fixed bound; this matches .url()).
105
+ var URL_MAX_LEN = C.BYTES.kib(8);
106
+
107
+ // Per-format defensive length caps. Each named-format regex below runs
108
+ // only after the input is bounded by these caps so a hostile payload
109
+ // can't drive the regex engine with an arbitrarily long string. Caps
110
+ // are deliberately not multiples of 8 — these are character-count
111
+ // bounds, not memory sizes, so C.BYTES.* helpers don't apply.
112
+ var EMAIL_MAX_LEN = 254; // RFC 5321 §4.5.3.1.3 forward-path bound
113
+ var UUID_MAX_LEN = 50; // RFC 4122 UUID is 36 chars; slack for whitespace edge cases
114
+ var DATE_MAX_LEN = 30; // YYYY-MM-DD is 10 chars
115
+ var DATETIME_MAX_LEN = 100; // ISO-8601 with offset + fractional seconds tops near 35
116
+ var CUID_MAX_LEN = 50; // CUID v1/v2 is 25 chars
117
+ var ULID_MAX_LEN = 50; // ULID is exactly 26 chars
118
+
119
+ /**
120
+ * @primitive b.safeSchema.SafeSchemaError
121
+ * @signature b.safeSchema.SafeSchemaError
122
+ * @since 0.1.0
123
+ * @status stable
124
+ * @related b.safeSchema.string, b.safeSchema.object
125
+ *
126
+ * Error class thrown by every `b.safeSchema` primitive on
127
+ * construction-time misuse (bad shape / bad enum / bad union /
128
+ * poisoned key) and by `schema.parse(...)` on validation failure.
129
+ * Built via `b.framework.defineClass` and marked `alwaysPermanent`
130
+ * so it never round-trips through retry or transient-error logic.
131
+ * The thrown instance carries `.issues` — the full per-field
132
+ * issues array (`{ path, code, message }[]`) — so HTTP middleware
133
+ * can surface every failure in one 400 response.
134
+ *
135
+ * @example
136
+ * var b = require("blamejs");
137
+ * var s = b.safeSchema;
138
+ *
139
+ * try {
140
+ * s.string().min(3).parse("ab");
141
+ * } catch (e) {
142
+ * e instanceof s.SafeSchemaError;
143
+ * // → true
144
+ * e.issues[0].code;
145
+ * // → "string/too-short"
146
+ * }
147
+ */
148
+ var SafeSchemaError = defineClass("SafeSchemaError", { alwaysPermanent: true });
149
+
150
+ // Prototype-pollution defense — these key names are rejected in object
151
+ // and record schemas regardless of mode (strict, passthrough, or lazy
152
+ // match). Mirrors safe-json.js's POISONED_KEYS set so the framework
153
+ // presents one consistent guarantee: an attacker cannot pollute
154
+ // Object.prototype by submitting a JSON body with __proto__ /
155
+ // constructor / prototype keys, even if the operator schema is
156
+ // .passthrough().
157
+ var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
158
+
159
+ // Pragmatic regexes — RFC-correct is impractical without exploding the
160
+ // regex (especially email). Operators wanting deeper validation chain
161
+ // .refine() on top.
162
+ //
163
+ // All regexes are static module-level constants; nothing parses an input
164
+ // string into a regex on the validation path (no ReDoS-via-input vector,
165
+ // no dynamic regex compilation).
166
+ var EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
167
+ var URL_RE = /^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/[^\s]+$/;
168
+ var UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/;
169
+ var DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
170
+ // ISO-8601 datetime with timezone (Z or ±HH:MM); fractional seconds optional.
171
+ var DATETIME_RE = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})$/;
172
+ var IPV4_RE = /^(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)$/;
173
+ // CUID v1 / v2: 25-char base36, starts with 'c'. Common in TypeScript ecosystems.
174
+ var CUID_RE = /^c[a-z0-9]{24}$/;
175
+ // ULID: Crockford-base32, 26 chars, time-sortable.
176
+ var ULID_RE = /^[0-9A-HJKMNP-TV-Z]{26}$/;
177
+ // base64 (standard alphabet, with optional padding). Base64url variants
178
+ // rejected — operators chain .regex(...) for that.
179
+ var BASE64_RE = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
180
+ // IPv6 structural pattern — full 8-hextet, every `::`-compressed shape,
181
+ // `::` and `::1` literals, IPv4-mapped (`::ffff:1.2.3.4`), and 6-prefix
182
+ // + IPv4 tail. Adapted from validator.js (Apache-2.0); zone IDs
183
+ // (`fe80::1%eth0`) are deliberately omitted — the framework rejects
184
+ // them as non-portable, matching `safe-json.formats.ipv6`. Bounded
185
+ // quantifiers, no nested-quantifier alternation, ReDoS-safe.
186
+ //
187
+ // `.ipv6()` schema method delegates to `safeJson.formats.ipv6` for
188
+ // stricter algorithmic validation; this regex is exported as a
189
+ // structural pattern for operators who want it directly.
190
+ var IPV6_RE = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;
191
+
192
+ // ---- helpers ----
193
+
194
+ function _fail(path, code, message) {
195
+ return { ok: false, issues: [{ path: path.slice(), code: code, message: message }] };
196
+ }
197
+
198
+ function _formatIssues(issues) {
199
+ if (!issues || issues.length === 0) return "(no issues)";
200
+ return issues.map(function (i) {
201
+ var p = i.path && i.path.length > 0 ? i.path.join(".") + ": " : "";
202
+ return p + i.message;
203
+ }).join("; ");
204
+ }
205
+
206
+ // Run a schema's modifier-aware pipeline. Used by both root parse() and
207
+ // child-key dispatch inside object/array/etc.
208
+ function _runWithModifiers(schema, value, path) {
209
+ // Apply default BEFORE catching, so a schema with both .default() and
210
+ // .catch() prefers the default for undefined input (predictable).
211
+ if (value === undefined) {
212
+ if (schema._hasDefault) value = typeof schema._default === "function" ? schema._default() : schema._default;
213
+ else if (schema._isOptional) return { ok: true, value: undefined };
214
+ else return _fail(path, "required", "is required");
215
+ }
216
+ if (value === null) {
217
+ if (schema._isNullable) return { ok: true, value: null };
218
+ if (schema._hasCatch) return { ok: true, value: schema._catch };
219
+ return _fail(path, "type", "must not be null");
220
+ }
221
+ var r = schema._run(value, path);
222
+ if (!r.ok && schema._hasCatch) {
223
+ return { ok: true, value: typeof schema._catch === "function" ? schema._catch() : schema._catch };
224
+ }
225
+ return r;
226
+ }
227
+
228
+ // ---- core schema factory ----
229
+ //
230
+ // Every schema stores:
231
+ // _kind — for diagnostics
232
+ // _isOptional, _isNullable, _hasDefault, _default, _hasCatch, _catch
233
+ // _run(value, path) — type check + checks pipeline
234
+ //
235
+ // Modifier methods (optional/nullable/default/catch/refine/transform) live
236
+ // on the prototype; chained methods are added by each constructor's
237
+ // builder (string adds .min/.max etc., array adds .min/.length, etc.).
238
+
239
+ function _baseSchema(spec) {
240
+ var s = {
241
+ _kind: spec.kind,
242
+ _isOptional: spec.isOptional || false,
243
+ _isNullable: spec.isNullable || false,
244
+ _hasDefault: spec.hasDefault || false,
245
+ _default: spec.defaultValue,
246
+ _hasCatch: spec.hasCatch || false,
247
+ _catch: spec.catchValue,
248
+ _run: spec.run,
249
+ };
250
+
251
+ s.parse = function (input) {
252
+ var r = _runWithModifiers(s, input, []);
253
+ if (r.ok) return r.value;
254
+ var err = new SafeSchemaError(
255
+ "safe-schema/invalid",
256
+ "validation failed: " + _formatIssues(r.issues)
257
+ );
258
+ err.issues = r.issues;
259
+ throw err;
260
+ };
261
+
262
+ s.safeParse = function (input) {
263
+ var r = _runWithModifiers(s, input, []);
264
+ if (r.ok) return { ok: true, value: r.value };
265
+ return { ok: false, errors: r.issues };
266
+ };
267
+
268
+ s.optional = function () {
269
+ return _baseSchema(_extendSpec(spec, { isOptional: true }));
270
+ };
271
+ s.nullable = function () {
272
+ return _baseSchema(_extendSpec(spec, { isNullable: true }));
273
+ };
274
+ s.default = function (v) {
275
+ return _baseSchema(_extendSpec(spec, { isOptional: true, hasDefault: true, defaultValue: v }));
276
+ };
277
+ s.catch = function (v) {
278
+ return _baseSchema(_extendSpec(spec, { hasCatch: true, catchValue: v }));
279
+ };
280
+ s.refine = function (predicate, opts) {
281
+ opts = opts || {};
282
+ var code = opts.code || "refine";
283
+ var message = opts.message || "failed custom validation";
284
+ var inner = s;
285
+ return _baseSchema(_extendSpec(spec, {
286
+ run: function (value, path) {
287
+ var r = inner._run(value, path);
288
+ if (!r.ok) return r;
289
+ try {
290
+ if (!predicate(r.value)) return _fail(path, code, message);
291
+ } catch (e) {
292
+ return _fail(path, code,
293
+ message + " (predicate threw: " + ((e && e.message) || String(e)) + ")");
294
+ }
295
+ return r;
296
+ },
297
+ }));
298
+ };
299
+ s.transform = function (fn) {
300
+ var inner = s;
301
+ return _baseSchema(_extendSpec(spec, {
302
+ run: function (value, path) {
303
+ var r = inner._run(value, path);
304
+ if (!r.ok) return r;
305
+ try {
306
+ return { ok: true, value: fn(r.value) };
307
+ } catch (e) {
308
+ return _fail(path, "transform",
309
+ "transform threw: " + ((e && e.message) || String(e)));
310
+ }
311
+ },
312
+ }));
313
+ };
314
+ // .pipe(next) — feed this schema's validated output into another
315
+ // schema for a second round of validation. Common idiom for
316
+ // "validate input shape, transform, re-validate output shape":
317
+ //
318
+ // var port = s.string().regex(/^\d+$/).transform(Number).pipe(
319
+ // s.number().int().min(1).max(65535)
320
+ // );
321
+ s.pipe = function (next) {
322
+ if (!next || typeof next._run !== "function") {
323
+ throw new SafeSchemaError("safe-schema/bad-pipe",
324
+ "pipe: argument must be a schema");
325
+ }
326
+ var inner = s;
327
+ return _baseSchema(_extendSpec(spec, {
328
+ run: function (value, path) {
329
+ var r = inner._run(value, path);
330
+ if (!r.ok) return r;
331
+ return _runWithModifiers(next, r.value, path);
332
+ },
333
+ }));
334
+ };
335
+
336
+ return s;
337
+ }
338
+
339
+ function _extendSpec(spec, overrides) {
340
+ return {
341
+ kind: overrides.kind != null ? overrides.kind : spec.kind,
342
+ isOptional: overrides.isOptional != null ? overrides.isOptional : spec.isOptional,
343
+ isNullable: overrides.isNullable != null ? overrides.isNullable : spec.isNullable,
344
+ hasDefault: overrides.hasDefault != null ? overrides.hasDefault : spec.hasDefault,
345
+ defaultValue: overrides.hasDefault != null ? overrides.defaultValue : spec.defaultValue,
346
+ hasCatch: overrides.hasCatch != null ? overrides.hasCatch : spec.hasCatch,
347
+ catchValue: overrides.hasCatch != null ? overrides.catchValue : spec.catchValue,
348
+ run: overrides.run != null ? overrides.run : spec.run,
349
+ };
350
+ }
351
+
352
+ // Adds a check fn into the schema's _run pipeline by composing it on top
353
+ // of the existing _run. Used by string/number/array builders to chain
354
+ // .min/.max/etc. onto an existing schema instance.
355
+ //
356
+ // The check fn returns either:
357
+ // { ok: true } — pass; keep the inner value unchanged
358
+ // { ok: true, value: newVal } — pass and mutate the value (used by
359
+ // ergonomic transforms like .trim())
360
+ // { ok: false, issues } — fail with the given issue
361
+ function _withCheck(schema, spec, check) {
362
+ var inner = schema;
363
+ return _baseSchema(_extendSpec(spec, {
364
+ run: function (value, path) {
365
+ var r = inner._run(value, path);
366
+ if (!r.ok) return r;
367
+ var cr = check(r.value, path);
368
+ if (!cr.ok) return cr;
369
+ if (Object.prototype.hasOwnProperty.call(cr, "value")) {
370
+ return { ok: true, value: cr.value };
371
+ }
372
+ return r;
373
+ },
374
+ }));
375
+ }
376
+
377
+ // ---- string ----
378
+
379
+ /**
380
+ * @primitive b.safeSchema.string
381
+ * @signature b.safeSchema.string()
382
+ * @since 0.1.0
383
+ * @status stable
384
+ * @related b.safeSchema.number, b.safeSchema.object
385
+ *
386
+ * Construct a string-typed schema. Chain `.min`, `.max`, `.length`,
387
+ * `.regex`, `.email`, `.url`, `.uuid`, `.datetime`, `.date`, `.ipv4`,
388
+ * `.ipv6`, `.ip`, `.cuid`, `.ulid`, `.base64`, `.startsWith`,
389
+ * `.endsWith`, `.includes`, `.nonempty`, `.trim`, `.toLowerCase`,
390
+ * `.toUpperCase` to add checks and coercions. Each chained call
391
+ * returns a new immutable schema.
392
+ *
393
+ * The named-format methods (`.email` / `.url` / `.uuid` / etc.)
394
+ * apply a defensive length cap BEFORE running the regex so a
395
+ * hostile payload cannot drive the regex engine with an arbitrarily
396
+ * long string.
397
+ *
398
+ * @example
399
+ * var b = require("blamejs");
400
+ * var s = b.safeSchema;
401
+ *
402
+ * var name = s.string().min(1).max(80);
403
+ * name.parse("alice");
404
+ * // → "alice"
405
+ *
406
+ * var email = s.string().trim().toLowerCase().email();
407
+ * email.parse(" Alice@Example.COM ");
408
+ * // → "alice@example.com"
409
+ *
410
+ * var safe = s.string().min(3).safeParse("ab");
411
+ * safe.ok;
412
+ * // → false
413
+ * safe.errors[0].code;
414
+ * // → "string/too-short"
415
+ */
416
+ function string() {
417
+ var spec = {
418
+ kind: "string",
419
+ run: function (value, path) {
420
+ if (typeof value !== "string") return _fail(path, "type", "must be a string");
421
+ return { ok: true, value: value };
422
+ },
423
+ };
424
+ return _stringMethods(_baseSchema(spec), spec);
425
+ }
426
+
427
+ function _stringMethods(schema, spec) {
428
+ function chain(check) {
429
+ var next = _withCheck(schema, spec, check);
430
+ return _stringMethods(next, _extendSpec(spec, { run: next._run }));
431
+ }
432
+ schema.min = function (n, msg) {
433
+ return chain(function (v, p) {
434
+ return v.length >= n ? { ok: true } :
435
+ _fail(p, "string/too-short", msg || ("must be at least " + n + " characters"));
436
+ });
437
+ };
438
+ schema.max = function (n, msg) {
439
+ return chain(function (v, p) {
440
+ return v.length <= n ? { ok: true } :
441
+ _fail(p, "string/too-long", msg || ("must be at most " + n + " characters"));
442
+ });
443
+ };
444
+ schema.length = function (n, msg) {
445
+ return chain(function (v, p) {
446
+ return v.length === n ? { ok: true } :
447
+ _fail(p, "string/wrong-length", msg || ("must be exactly " + n + " characters"));
448
+ });
449
+ };
450
+ schema.nonempty = function (msg) { return schema.min(1, msg || "must not be empty"); };
451
+ schema.regex = function (re, msg) {
452
+ return chain(function (v, p) {
453
+ return re.test(v) ? { ok: true } :
454
+ _fail(p, "string/regex", msg || "does not match required pattern");
455
+ });
456
+ };
457
+ schema.startsWith = function (prefix, msg) {
458
+ return chain(function (v, p) {
459
+ return v.indexOf(prefix) === 0 ? { ok: true } :
460
+ _fail(p, "string/starts-with", msg || "must start with '" + prefix + "'");
461
+ });
462
+ };
463
+ schema.endsWith = function (suffix, msg) {
464
+ return chain(function (v, p) {
465
+ return v.length >= suffix.length && v.slice(-suffix.length) === suffix ? { ok: true } :
466
+ _fail(p, "string/ends-with", msg || "must end with '" + suffix + "'");
467
+ });
468
+ };
469
+ schema.includes = function (needle, msg) {
470
+ return chain(function (v, p) {
471
+ return v.indexOf(needle) !== -1 ? { ok: true } :
472
+ _fail(p, "string/includes", msg || "must include '" + needle + "'");
473
+ });
474
+ };
475
+ schema.email = function () {
476
+ return chain(function (v, p) {
477
+ // RFC 5321 §4.5.3.1.3 — max forward-path is 256 octets including
478
+ // angle brackets, so the address itself is bounded at 254 chars.
479
+ // Without this cap an operator chaining .email() on a request body
480
+ // is open to a DoS shape (50 KB email -> downstream DB writes
481
+ // unbounded string columns, log lines, etc.). Operators with a
482
+ // legitimate non-RFC reason for longer emails skip .email() and
483
+ // chain .regex(custom) directly.
484
+ if (v.length > EMAIL_MAX_LEN) return _fail(p, "string/email-too-long",
485
+ "must be a valid email address (max " + EMAIL_MAX_LEN + " chars per RFC 5321)");
486
+ return EMAIL_RE.test(v) ? { ok: true } :
487
+ _fail(p, "string/email", "must be a valid email address");
488
+ });
489
+ };
490
+ schema.url = function () {
491
+ return chain(function (v, p) {
492
+ // RFC 9110 doesn't set a hard URL length, but RFC 7230 §3.1.1
493
+ // recommended 8000 octets and most HTTP origin servers + load
494
+ // balancers cap at 8 KB. Without this bound an operator chaining
495
+ // .url() on a request body was open to a 50 MB URL passing
496
+ // validation. Operators with a legitimate non-standard use
497
+ // (tunnels, proxies with embedded payloads) skip .url() and
498
+ // chain .regex(custom) directly.
499
+ if (v.length > URL_MAX_LEN) return _fail(p, "string/url-too-long",
500
+ "must be a valid URL (max " + URL_MAX_LEN + " chars per RFC 7230 §3.1.1 guidance)");
501
+ return URL_RE.test(v) ? { ok: true } :
502
+ _fail(p, "string/url", "must be a valid URL");
503
+ });
504
+ };
505
+ schema.uuid = function () {
506
+ return chain(function (v, p) {
507
+ // RFC 4122 UUID is 36 chars (8-4-4-4-12 + 4 dashes); cap defensively
508
+ // so a 50-MB string can't reach the regex engine.
509
+ if (typeof v !== "string" || v.length > UUID_MAX_LEN || !UUID_RE.test(v)) {
510
+ return _fail(p, "string/uuid", "must be a valid UUID");
511
+ }
512
+ return { ok: true };
513
+ });
514
+ };
515
+ schema.date = function () {
516
+ return chain(function (v, p) {
517
+ // YYYY-MM-DD is 10 chars; cap defensively before the regex test.
518
+ if (typeof v !== "string" || v.length > DATE_MAX_LEN || !DATE_RE.test(v)) {
519
+ return _fail(p, "string/date", "must be a YYYY-MM-DD date");
520
+ }
521
+ return { ok: true };
522
+ });
523
+ };
524
+ schema.datetime = function () {
525
+ return chain(function (v, p) {
526
+ // ISO-8601 with offset + fractional seconds tops out near 64 chars;
527
+ // cap defensively before the regex test.
528
+ if (typeof v !== "string" || v.length > DATETIME_MAX_LEN || !DATETIME_RE.test(v)) {
529
+ return _fail(p, "string/datetime", "must be an ISO-8601 datetime with timezone");
530
+ }
531
+ return { ok: true };
532
+ });
533
+ };
534
+ // IP-address validators delegate to safe-json's algorithmic format
535
+ // checks rather than re-running regex matches. The algorithmic path
536
+ // handles edge cases that pure regex misses (compressed `::` shapes,
537
+ // IPv4-mapped `::ffff:1.2.3.4`, multi-`::` rejection, group-count
538
+ // bounds) and keeps the framework's IP-validation behavior in one
539
+ // tested place. IPV4_RE / IPV6_RE remain exported for operators who
540
+ // want the structural pattern, but `.ipv4()` / `.ipv6()` / `.ip()`
541
+ // are the canonical validation surface.
542
+ schema.ipv4 = function () {
543
+ return chain(function (v, p) {
544
+ return (typeof v === "string" && safeJson.formats.ipv4(v))
545
+ ? { ok: true }
546
+ : _fail(p, "string/ipv4", "must be a valid IPv4 address");
547
+ });
548
+ };
549
+ schema.ipv6 = function () {
550
+ return chain(function (v, p) {
551
+ return (typeof v === "string" && safeJson.formats.ipv6(v))
552
+ ? { ok: true }
553
+ : _fail(p, "string/ipv6", "must be a valid IPv6 address");
554
+ });
555
+ };
556
+ schema.ip = function () {
557
+ return chain(function (v, p) {
558
+ return (typeof v === "string" && safeJson.formats.ip(v))
559
+ ? { ok: true }
560
+ : _fail(p, "string/ip", "must be a valid IP address (v4 or v6)");
561
+ });
562
+ };
563
+ schema.cuid = function () {
564
+ return chain(function (v, p) {
565
+ // CUID v1/v2 is 25 chars; cap defensively before the regex test.
566
+ if (typeof v !== "string" || v.length > CUID_MAX_LEN || !CUID_RE.test(v)) {
567
+ return _fail(p, "string/cuid", "must be a valid CUID");
568
+ }
569
+ return { ok: true };
570
+ });
571
+ };
572
+ schema.ulid = function () {
573
+ return chain(function (v, p) {
574
+ // ULID is exactly 26 chars; cap defensively before the regex test.
575
+ if (typeof v !== "string" || v.length > ULID_MAX_LEN || !ULID_RE.test(v)) {
576
+ return _fail(p, "string/ulid", "must be a valid ULID");
577
+ }
578
+ return { ok: true };
579
+ });
580
+ };
581
+ schema.base64 = function () {
582
+ return chain(function (v, p) {
583
+ // Base64 has no protocol-fixed cap; bound at the same 8 KiB the
584
+ // .url() validator uses so a hostile payload can't feed an
585
+ // unbounded string to the regex.
586
+ if (typeof v !== "string" || v.length > URL_MAX_LEN) {
587
+ return _fail(p, "string/base64", "must be valid base64 (standard alphabet)");
588
+ }
589
+ return BASE64_RE.test(v) ? { ok: true } :
590
+ _fail(p, "string/base64", "must be valid base64 (standard alphabet)");
591
+ });
592
+ };
593
+ // Coercion-via-transform — these mutate the validated string before
594
+ // the next check runs. Apply EARLY in the chain (before .min, .email,
595
+ // etc.) so subsequent checks see the normalized form.
596
+ schema.trim = function () {
597
+ return chain(function (v) { return { ok: true, value: v.trim() }; });
598
+ };
599
+ schema.toLowerCase = function () {
600
+ return chain(function (v) { return { ok: true, value: v.toLowerCase() }; });
601
+ };
602
+ schema.toUpperCase = function () {
603
+ return chain(function (v) { return { ok: true, value: v.toUpperCase() }; });
604
+ };
605
+ return schema;
606
+ }
607
+
608
+ // ---- number ----
609
+
610
+ /**
611
+ * @primitive b.safeSchema.number
612
+ * @signature b.safeSchema.number()
613
+ * @since 0.1.0
614
+ * @status stable
615
+ * @related b.safeSchema.string, b.safeSchema.literal
616
+ *
617
+ * Construct a number-typed schema. Rejects `NaN` at the type check.
618
+ * Chain `.int`, `.min`, `.max`, `.gt`, `.lt`, `.positive`,
619
+ * `.negative`, `.nonnegative`, `.nonpositive`, `.finite`, `.safe`,
620
+ * `.multipleOf` to bound the value. `.safe()` enforces the
621
+ * `Number.isSafeInteger` range — important for IDs that round-trip
622
+ * through JSON (no BigInt support) and need to survive without
623
+ * precision loss.
624
+ *
625
+ * @example
626
+ * var b = require("blamejs");
627
+ * var s = b.safeSchema;
628
+ *
629
+ * var age = s.number().int().min(0).max(150);
630
+ * age.parse(30);
631
+ * // → 30
632
+ *
633
+ * try { age.parse(200); }
634
+ * catch (e) { e.issues[0].code; }
635
+ * // → "number/too-large"
636
+ *
637
+ * var price = s.number().finite().multipleOf(0.01);
638
+ * price.parse(19.99);
639
+ * // → 19.99
640
+ */
641
+ function number() {
642
+ var spec = {
643
+ kind: "number",
644
+ run: function (value, path) {
645
+ if (typeof value !== "number" || Number.isNaN(value)) {
646
+ return _fail(path, "type", "must be a number");
647
+ }
648
+ return { ok: true, value: value };
649
+ },
650
+ };
651
+ return _numberMethods(_baseSchema(spec), spec);
652
+ }
653
+
654
+ function _numberMethods(schema, spec) {
655
+ function chain(check) {
656
+ var next = _withCheck(schema, spec, check);
657
+ return _numberMethods(next, _extendSpec(spec, { run: next._run }));
658
+ }
659
+ schema.int = function (msg) {
660
+ return chain(function (v, p) {
661
+ return Number.isInteger(v) ? { ok: true } :
662
+ _fail(p, "number/not-integer", msg || "must be an integer");
663
+ });
664
+ };
665
+ schema.min = function (n, msg) {
666
+ return chain(function (v, p) {
667
+ return v >= n ? { ok: true } : _fail(p, "number/too-small", msg || ("must be ≥ " + n));
668
+ });
669
+ };
670
+ schema.max = function (n, msg) {
671
+ return chain(function (v, p) {
672
+ return v <= n ? { ok: true } : _fail(p, "number/too-large", msg || ("must be ≤ " + n));
673
+ });
674
+ };
675
+ schema.gt = function (n, msg) {
676
+ return chain(function (v, p) {
677
+ return v > n ? { ok: true } : _fail(p, "number/not-gt", msg || ("must be > " + n));
678
+ });
679
+ };
680
+ schema.lt = function (n, msg) {
681
+ return chain(function (v, p) {
682
+ return v < n ? { ok: true } : _fail(p, "number/not-lt", msg || ("must be < " + n));
683
+ });
684
+ };
685
+ schema.positive = function (msg) { return schema.gt(0, msg || "must be positive"); };
686
+ schema.negative = function (msg) { return schema.lt(0, msg || "must be negative"); };
687
+ schema.nonnegative = function (msg) { return schema.min(0, msg || "must be non-negative"); };
688
+ schema.nonpositive = function (msg) { return schema.max(0, msg || "must be non-positive"); };
689
+ schema.finite = function (msg) {
690
+ return chain(function (v, p) {
691
+ return Number.isFinite(v) ? { ok: true } :
692
+ _fail(p, "number/not-finite", msg || "must be a finite number");
693
+ });
694
+ };
695
+ // safe() — Number.isSafeInteger range. Important for IDs that round-trip
696
+ // through JSON (which can't represent BigInts) and need to survive without
697
+ // precision loss.
698
+ schema.safe = function (msg) {
699
+ return chain(function (v, p) {
700
+ return Number.isSafeInteger(v) ? { ok: true } :
701
+ _fail(p, "number/not-safe", msg || "must be a safe integer (within ±2^53)");
702
+ });
703
+ };
704
+ schema.multipleOf = function (n, msg) {
705
+ return chain(function (v, p) {
706
+ // Use modulo with fp tolerance — exact mod on floats is fragile.
707
+ var quot = v / n;
708
+ return Math.abs(quot - Math.round(quot)) < 1e-9 ? { ok: true } :
709
+ _fail(p, "number/not-multiple-of", msg || ("must be a multiple of " + n));
710
+ });
711
+ };
712
+ return schema;
713
+ }
714
+
715
+ // ---- boolean ----
716
+
717
+ /**
718
+ * @primitive b.safeSchema.boolean
719
+ * @signature b.safeSchema.boolean()
720
+ * @since 0.1.0
721
+ * @status stable
722
+ * @related b.safeSchema.literal, b.safeSchema.preprocess
723
+ *
724
+ * Construct a boolean-typed schema. Strict `typeof === "boolean"`
725
+ * check — does not coerce truthy/falsy values. To accept the strings
726
+ * `"true"` / `"false"` from query parameters, wrap in
727
+ * `s.preprocess(fn, s.boolean())`.
728
+ *
729
+ * @example
730
+ * var b = require("blamejs");
731
+ * var s = b.safeSchema;
732
+ *
733
+ * s.boolean().parse(true);
734
+ * // → true
735
+ *
736
+ * try { s.boolean().parse("true"); }
737
+ * catch (e) { e.issues[0].code; }
738
+ * // → "type"
739
+ */
740
+ function boolean() {
741
+ return _baseSchema({
742
+ kind: "boolean",
743
+ run: function (value, path) {
744
+ if (typeof value !== "boolean") return _fail(path, "type", "must be a boolean");
745
+ return { ok: true, value: value };
746
+ },
747
+ });
748
+ }
749
+
750
+ // ---- literal ----
751
+
752
+ /**
753
+ * @primitive b.safeSchema.literal
754
+ * @signature b.safeSchema.literal(expected)
755
+ * @since 0.1.0
756
+ * @status stable
757
+ * @related b.safeSchema.enum_, b.safeSchema.discriminatedUnion
758
+ *
759
+ * Construct a schema that accepts exactly one specific value
760
+ * (compared via `===`). Useful as the discriminator on tagged
761
+ * unions — see `s.discriminatedUnion`.
762
+ *
763
+ * @example
764
+ * var b = require("blamejs");
765
+ * var s = b.safeSchema;
766
+ *
767
+ * var version = s.literal("v1");
768
+ * version.parse("v1");
769
+ * // → "v1"
770
+ *
771
+ * try { version.parse("v2"); }
772
+ * catch (e) { e.issues[0].code; }
773
+ * // → "literal"
774
+ */
775
+ function literal(expected) {
776
+ return _baseSchema({
777
+ kind: "literal",
778
+ run: function (value, path) {
779
+ if (value !== expected) {
780
+ return _fail(path, "literal", "must be exactly " + JSON.stringify(expected));
781
+ }
782
+ return { ok: true, value: value };
783
+ },
784
+ });
785
+ }
786
+
787
+ // ---- enum / oneOf ----
788
+
789
+ /**
790
+ * @primitive b.safeSchema.enum_
791
+ * @signature b.safeSchema.enum_(values)
792
+ * @since 0.1.0
793
+ * @status stable
794
+ * @related b.safeSchema.literal, b.safeSchema.union
795
+ *
796
+ * Construct a schema that accepts any value from the given
797
+ * non-empty array (compared via `Set.has`). Also exported as
798
+ * `b.safeSchema.oneOf` because `enum` is a reserved word in some
799
+ * tooling. Throws `SafeSchemaError` (`safe-schema/bad-enum`) when
800
+ * `values` is not a non-empty array.
801
+ *
802
+ * @example
803
+ * var b = require("blamejs");
804
+ * var s = b.safeSchema;
805
+ *
806
+ * var role = s.enum_(["admin", "editor", "viewer"]);
807
+ * role.parse("editor");
808
+ * // → "editor"
809
+ *
810
+ * try { role.parse("guest"); }
811
+ * catch (e) { e.issues[0].code; }
812
+ * // → "enum"
813
+ *
814
+ * // oneOf is the same primitive under a friendlier name.
815
+ * var same = s.oneOf(["a", "b"]);
816
+ * same.parse("a");
817
+ * // → "a"
818
+ */
819
+ function enum_(values) {
820
+ if (!Array.isArray(values) || values.length === 0) {
821
+ throw new SafeSchemaError("safe-schema/bad-enum",
822
+ "enum requires a non-empty array of allowed values");
823
+ }
824
+ var allowedSet = new Set(values);
825
+ return _baseSchema({
826
+ kind: "enum",
827
+ run: function (value, path) {
828
+ if (!allowedSet.has(value)) {
829
+ return _fail(path, "enum",
830
+ "must be one of: " + values.map(function (v) { return JSON.stringify(v); }).join(", "));
831
+ }
832
+ return { ok: true, value: value };
833
+ },
834
+ });
835
+ }
836
+
837
+ // ---- null / undefined / any / unknown ----
838
+
839
+ /**
840
+ * @primitive b.safeSchema.null_
841
+ * @signature b.safeSchema.null_()
842
+ * @since 0.1.0
843
+ * @status stable
844
+ * @related b.safeSchema.undefined_, b.safeSchema.any
845
+ *
846
+ * Construct a schema that accepts only `null`. Trailing-underscore
847
+ * name because `null` is a reserved word. Useful inside unions
848
+ * (e.g. `s.union([s.string(), s.null_()])`), though
849
+ * `s.string().nullable()` is the more common idiom.
850
+ *
851
+ * @example
852
+ * var b = require("blamejs");
853
+ * var s = b.safeSchema;
854
+ *
855
+ * s.null_().parse(null);
856
+ * // → null
857
+ *
858
+ * try { s.null_().parse(0); }
859
+ * catch (e) { e.issues[0].code; }
860
+ * // → "type"
861
+ */
862
+ function null_() {
863
+ return _baseSchema({
864
+ kind: "null",
865
+ isNullable: true,
866
+ run: function (value, path) {
867
+ // Modifier handler accepts null already; if we got here, value is non-null.
868
+ return _fail(path, "type", "must be null");
869
+ },
870
+ });
871
+ }
872
+
873
+ /**
874
+ * @primitive b.safeSchema.undefined_
875
+ * @signature b.safeSchema.undefined_()
876
+ * @since 0.1.0
877
+ * @status stable
878
+ * @related b.safeSchema.null_, b.safeSchema.any
879
+ *
880
+ * Construct a schema that accepts only `undefined`. Trailing-
881
+ * underscore name because `undefined` shadows poorly. The schema is
882
+ * implicitly `optional` — `parse(undefined)` succeeds.
883
+ *
884
+ * @example
885
+ * var b = require("blamejs");
886
+ * var s = b.safeSchema;
887
+ *
888
+ * s.undefined_().parse(undefined);
889
+ * // → undefined
890
+ *
891
+ * try { s.undefined_().parse(null); }
892
+ * catch (e) { e.issues[0].code; }
893
+ * // → "type"
894
+ */
895
+ function undefined_() {
896
+ return _baseSchema({
897
+ kind: "undefined",
898
+ isOptional: true,
899
+ run: function (_value, path) {
900
+ return _fail(path, "type", "must be undefined");
901
+ },
902
+ });
903
+ }
904
+
905
+ /**
906
+ * @primitive b.safeSchema.any
907
+ * @signature b.safeSchema.any()
908
+ * @since 0.1.0
909
+ * @status stable
910
+ * @related b.safeSchema.unknown, b.safeSchema.preprocess
911
+ *
912
+ * Construct a schema that accepts any value, including `null` and
913
+ * `undefined`. Useful as a placeholder while iterating on a schema
914
+ * shape, or inside `s.record(s.any())` when the operator wants the
915
+ * keys validated but not the values.
916
+ *
917
+ * @example
918
+ * var b = require("blamejs");
919
+ * var s = b.safeSchema;
920
+ *
921
+ * s.any().parse({ anything: "goes" });
922
+ * // → { anything: "goes" }
923
+ *
924
+ * s.any().parse(null);
925
+ * // → null
926
+ */
927
+ function any() {
928
+ return _baseSchema({
929
+ kind: "any",
930
+ isOptional: true,
931
+ isNullable: true,
932
+ run: function (value) { return { ok: true, value: value }; },
933
+ });
934
+ }
935
+
936
+ /**
937
+ * @primitive b.safeSchema.unknown
938
+ * @signature b.safeSchema.unknown()
939
+ * @since 0.1.0
940
+ * @status stable
941
+ * @related b.safeSchema.any
942
+ *
943
+ * Alias for `b.safeSchema.any`. Some operators prefer the spelling
944
+ * `unknown` to signal "we accept anything but expect downstream
945
+ * code to narrow the type". Behavior is identical.
946
+ *
947
+ * @example
948
+ * var b = require("blamejs");
949
+ * var s = b.safeSchema;
950
+ *
951
+ * s.unknown().parse({ raw: 1 });
952
+ * // → { raw: 1 }
953
+ */
954
+ function unknown() { return any(); }
955
+
956
+ // ---- object ----
957
+
958
+ /**
959
+ * @primitive b.safeSchema.object
960
+ * @signature b.safeSchema.object(shape)
961
+ * @since 0.1.0
962
+ * @status stable
963
+ * @related b.safeSchema.record, b.safeSchema.discriminatedUnion
964
+ *
965
+ * Construct an object schema from a `{ key: schema }` shape map.
966
+ * Strict by default — unknown keys produce an `object/unknown-key`
967
+ * issue. Chain `.passthrough()` to retain extras, `.strict()` to
968
+ * flip back, `.pick`, `.omit`, `.extend`, `.partial`, `.required`
969
+ * to derive related shapes.
970
+ *
971
+ * Prototype-pollution defense — `__proto__` / `constructor` /
972
+ * `prototype` keys are rejected at shape-construction time AND at
973
+ * parse time regardless of mode (`.passthrough()` does NOT permit
974
+ * them). Throws `SafeSchemaError`
975
+ * (`safe-schema/poisoned-shape-key` / `safe-schema/bad-shape`) on
976
+ * invalid input.
977
+ *
978
+ * @example
979
+ * var b = require("blamejs");
980
+ * var s = b.safeSchema;
981
+ *
982
+ * var user = s.object({
983
+ * email: s.string().email(),
984
+ * age: s.number().int().min(0).max(150),
985
+ * });
986
+ *
987
+ * user.parse({ email: "alice@example.com", age: 30 });
988
+ * // → { email: "alice@example.com", age: 30 }
989
+ *
990
+ * // Unknown keys rejected by default.
991
+ * try { user.parse({ email: "a@b.com", age: 30, extra: 1 }); }
992
+ * catch (e) { e.issues[0].code; }
993
+ * // → "object/unknown-key"
994
+ *
995
+ * // Prototype-pollution attempt rejected even with passthrough.
996
+ * var loose = user.passthrough();
997
+ * var report = loose.safeParse({ email: "a@b.com", age: 30, __proto__: { admin: true } });
998
+ * report.ok;
999
+ * // → false
1000
+ * report.errors[0].code;
1001
+ * // → "object/poisoned-key"
1002
+ */
1003
+ function object(shape) {
1004
+ if (shape == null || typeof shape !== "object") {
1005
+ throw new SafeSchemaError("safe-schema/bad-shape",
1006
+ "object() requires a shape object mapping field name to schema");
1007
+ }
1008
+ // Use getOwnPropertyNames so an operator who built the shape via
1009
+ // Object.fromEntries / defineProperty (the only paths by which a
1010
+ // POISONED_KEYS name can appear as an own property — object-literal
1011
+ // {"__proto__": ...} syntax sets the prototype rather than creating
1012
+ // such a key) gets a refusal at construction time.
1013
+ var allOwnKeys = Object.getOwnPropertyNames(shape);
1014
+ for (var ai = 0; ai < allOwnKeys.length; ai++) {
1015
+ if (POISONED_KEYS.has(allOwnKeys[ai])) {
1016
+ throw new SafeSchemaError("safe-schema/poisoned-shape-key",
1017
+ "object shape: key '" + allOwnKeys[ai] + "' is forbidden (prototype-pollution defense)");
1018
+ }
1019
+ }
1020
+ var keys = Object.keys(shape);
1021
+ for (var k = 0; k < keys.length; k++) {
1022
+ if (!shape[keys[k]] || typeof shape[keys[k]]._run !== "function") {
1023
+ throw new SafeSchemaError("safe-schema/bad-shape",
1024
+ "object shape: '" + keys[k] + "' is not a schema");
1025
+ }
1026
+ }
1027
+ return _objectWithMode(shape, keys, "strict");
1028
+ }
1029
+
1030
+ function _objectWithMode(shape, keys, mode) {
1031
+ var spec = {
1032
+ kind: "object",
1033
+ run: function (value, path) {
1034
+ if (typeof value !== "object" || Array.isArray(value)) {
1035
+ return _fail(path, "type", "must be an object");
1036
+ }
1037
+ var issues = [];
1038
+ var out = {};
1039
+ for (var i = 0; i < keys.length; i++) {
1040
+ var key = keys[i];
1041
+ var sub = shape[key];
1042
+ var childPath = path.concat([key]);
1043
+ var r = _runWithModifiers(sub, value[key], childPath);
1044
+ if (!r.ok) {
1045
+ for (var j = 0; j < r.issues.length; j++) issues.push(r.issues[j]);
1046
+ continue;
1047
+ }
1048
+ if (r.value !== undefined) out[key] = r.value;
1049
+ }
1050
+ var inputKeys = Object.keys(value);
1051
+ for (var ii = 0; ii < inputKeys.length; ii++) {
1052
+ var ik = inputKeys[ii];
1053
+ if (Object.prototype.hasOwnProperty.call(shape, ik)) continue;
1054
+ // Prototype-pollution defense — refuse __proto__/constructor/
1055
+ // prototype regardless of mode. .passthrough() never propagates
1056
+ // these because they are always rejected as input.
1057
+ if (POISONED_KEYS.has(ik)) {
1058
+ issues.push({
1059
+ path: path.concat([ik]),
1060
+ code: "object/poisoned-key",
1061
+ message: "key '" + ik + "' is forbidden (prototype-pollution defense)",
1062
+ });
1063
+ continue;
1064
+ }
1065
+ if (mode === "passthrough") {
1066
+ out[ik] = value[ik];
1067
+ } else {
1068
+ issues.push({
1069
+ path: path.concat([ik]),
1070
+ code: "object/unknown-key",
1071
+ message: "unknown key '" + ik + "' (use .passthrough() to allow extra keys)",
1072
+ });
1073
+ }
1074
+ }
1075
+ if (issues.length > 0) return { ok: false, issues: issues };
1076
+ return { ok: true, value: out };
1077
+ },
1078
+ };
1079
+ var schema = _baseSchema(spec);
1080
+ schema.shape = shape;
1081
+ schema.strict = function () { return _objectWithMode(shape, keys, "strict"); };
1082
+ schema.passthrough = function () { return _objectWithMode(shape, keys, "passthrough"); };
1083
+
1084
+ // .pick(["a","b"]) → narrow to listed keys
1085
+ schema.pick = function (pickKeys) {
1086
+ var newShape = {};
1087
+ for (var i = 0; i < pickKeys.length; i++) {
1088
+ var k = pickKeys[i];
1089
+ if (Object.prototype.hasOwnProperty.call(shape, k)) newShape[k] = shape[k];
1090
+ }
1091
+ return _objectWithMode(newShape, Object.keys(newShape), mode);
1092
+ };
1093
+ // .omit(["a","b"]) → drop listed keys
1094
+ schema.omit = function (omitKeys) {
1095
+ var omitSet = new Set(omitKeys);
1096
+ var newShape = {};
1097
+ var newKeys = [];
1098
+ for (var i = 0; i < keys.length; i++) {
1099
+ if (!omitSet.has(keys[i])) {
1100
+ newShape[keys[i]] = shape[keys[i]];
1101
+ newKeys.push(keys[i]);
1102
+ }
1103
+ }
1104
+ return _objectWithMode(newShape, newKeys, mode);
1105
+ };
1106
+ // .extend({ ... }) → merge additional shape; new keys override
1107
+ schema.extend = function (additional) {
1108
+ if (!additional || typeof additional !== "object") {
1109
+ throw new SafeSchemaError("safe-schema/bad-extend",
1110
+ "extend() requires a shape object");
1111
+ }
1112
+ var merged = Object.assign({}, shape, additional);
1113
+ return _objectWithMode(merged, Object.keys(merged), mode);
1114
+ };
1115
+ // .partial() → mark every key optional
1116
+ schema.partial = function () {
1117
+ var newShape = {};
1118
+ var newKeys = [];
1119
+ for (var i = 0; i < keys.length; i++) {
1120
+ newShape[keys[i]] = shape[keys[i]].optional();
1121
+ newKeys.push(keys[i]);
1122
+ }
1123
+ return _objectWithMode(newShape, newKeys, mode);
1124
+ };
1125
+ // .required() — inverse of partial(). Strips optional + default + nullable
1126
+ // off every key (operators sometimes call .partial() and then peel back
1127
+ // a subset; this is the cleanest path).
1128
+ schema.required = function () {
1129
+ var newShape = {};
1130
+ var newKeys = [];
1131
+ for (var i = 0; i < keys.length; i++) {
1132
+ var inner = shape[keys[i]];
1133
+ // Strip modifiers by rebuilding without them. We don't have the
1134
+ // pre-modifier schema cached, but we can reach it: the underlying
1135
+ // _run is preserved; clone with all modifier flags off.
1136
+ newShape[keys[i]] = _baseSchema({
1137
+ kind: inner._kind,
1138
+ isOptional: false,
1139
+ isNullable: false,
1140
+ hasDefault: false,
1141
+ hasCatch: inner._hasCatch,
1142
+ catchValue: inner._catch,
1143
+ run: inner._run,
1144
+ });
1145
+ newKeys.push(keys[i]);
1146
+ }
1147
+ return _objectWithMode(newShape, newKeys, mode);
1148
+ };
1149
+ return schema;
1150
+ }
1151
+
1152
+ // ---- array ----
1153
+
1154
+ /**
1155
+ * @primitive b.safeSchema.array
1156
+ * @signature b.safeSchema.array(itemSchema)
1157
+ * @since 0.1.0
1158
+ * @status stable
1159
+ * @related b.safeSchema.tuple, b.safeSchema.record
1160
+ *
1161
+ * Construct an array schema where every element is validated
1162
+ * against `itemSchema`. Chain `.min`, `.max`, `.length`, `.nonempty`
1163
+ * to bound the length. Issues from individual items carry their
1164
+ * index in the path (e.g. `[3]`). Throws `SafeSchemaError`
1165
+ * (`safe-schema/bad-item`) when the item argument is not a schema.
1166
+ *
1167
+ * @example
1168
+ * var b = require("blamejs");
1169
+ * var s = b.safeSchema;
1170
+ *
1171
+ * var tags = s.array(s.string().min(1)).max(10);
1172
+ * tags.parse(["alpha", "beta"]);
1173
+ * // → ["alpha", "beta"]
1174
+ *
1175
+ * var report = tags.safeParse(["ok", "", "also-ok"]);
1176
+ * report.ok;
1177
+ * // → false
1178
+ * report.errors[0].path;
1179
+ * // → [1]
1180
+ */
1181
+ function array(itemSchema) {
1182
+ if (!itemSchema || typeof itemSchema._run !== "function") {
1183
+ throw new SafeSchemaError("safe-schema/bad-item",
1184
+ "array() requires an item schema");
1185
+ }
1186
+ var spec = {
1187
+ kind: "array",
1188
+ run: function (value, path) {
1189
+ if (!Array.isArray(value)) return _fail(path, "type", "must be an array");
1190
+ var issues = [];
1191
+ var out = [];
1192
+ for (var i = 0; i < value.length; i++) {
1193
+ var childPath = path.concat([i]);
1194
+ var r = _runWithModifiers(itemSchema, value[i], childPath);
1195
+ if (!r.ok) {
1196
+ for (var j = 0; j < r.issues.length; j++) issues.push(r.issues[j]);
1197
+ continue;
1198
+ }
1199
+ out.push(r.value);
1200
+ }
1201
+ if (issues.length > 0) return { ok: false, issues: issues };
1202
+ return { ok: true, value: out };
1203
+ },
1204
+ };
1205
+ return _arrayMethods(_baseSchema(spec), spec);
1206
+ }
1207
+
1208
+ function _arrayMethods(schema, spec) {
1209
+ function chain(check) {
1210
+ var next = _withCheck(schema, spec, check);
1211
+ return _arrayMethods(next, _extendSpec(spec, { run: next._run }));
1212
+ }
1213
+ schema.min = function (n, msg) {
1214
+ return chain(function (v, p) {
1215
+ return v.length >= n ? { ok: true } :
1216
+ _fail(p, "array/too-short", msg || ("must contain at least " + n + " items"));
1217
+ });
1218
+ };
1219
+ schema.max = function (n, msg) {
1220
+ return chain(function (v, p) {
1221
+ return v.length <= n ? { ok: true } :
1222
+ _fail(p, "array/too-long", msg || ("must contain at most " + n + " items"));
1223
+ });
1224
+ };
1225
+ schema.length = function (n, msg) {
1226
+ return chain(function (v, p) {
1227
+ return v.length === n ? { ok: true } :
1228
+ _fail(p, "array/wrong-length", msg || ("must contain exactly " + n + " items"));
1229
+ });
1230
+ };
1231
+ schema.nonempty = function (msg) { return schema.min(1, msg || "must not be empty"); };
1232
+ return schema;
1233
+ }
1234
+
1235
+ // ---- tuple ----
1236
+
1237
+ /**
1238
+ * @primitive b.safeSchema.tuple
1239
+ * @signature b.safeSchema.tuple(items)
1240
+ * @since 0.1.0
1241
+ * @status stable
1242
+ * @related b.safeSchema.array, b.safeSchema.union
1243
+ *
1244
+ * Construct a fixed-length heterogeneous array schema. `items` is
1245
+ * a non-empty array of schemas, one per slot. Chain `.rest(item)`
1246
+ * to allow a variadic tail (common for `[verb, ...args]` /
1247
+ * `[event, payload, ...metadata]` shapes). Throws
1248
+ * `SafeSchemaError` (`safe-schema/bad-tuple`) on invalid input.
1249
+ *
1250
+ * @example
1251
+ * var b = require("blamejs");
1252
+ * var s = b.safeSchema;
1253
+ *
1254
+ * var pair = s.tuple([s.string(), s.number()]);
1255
+ * pair.parse(["count", 42]);
1256
+ * // → ["count", 42]
1257
+ *
1258
+ * // Variadic tail via .rest()
1259
+ * var event = s.tuple([s.string()]).rest(s.number());
1260
+ * event.parse(["sum", 1, 2, 3]);
1261
+ * // → ["sum", 1, 2, 3]
1262
+ */
1263
+ function tuple(items) {
1264
+ if (!Array.isArray(items) || items.length === 0) {
1265
+ throw new SafeSchemaError("safe-schema/bad-tuple",
1266
+ "tuple() requires a non-empty array of item schemas");
1267
+ }
1268
+ for (var i = 0; i < items.length; i++) {
1269
+ if (!items[i] || typeof items[i]._run !== "function") {
1270
+ throw new SafeSchemaError("safe-schema/bad-tuple",
1271
+ "tuple item " + i + " is not a schema");
1272
+ }
1273
+ }
1274
+ return _tupleWithRest(items, null);
1275
+ }
1276
+
1277
+ function _tupleWithRest(items, restSchema) {
1278
+ var schema = _baseSchema({
1279
+ kind: "tuple",
1280
+ run: function (value, path) {
1281
+ if (!Array.isArray(value)) return _fail(path, "type", "must be an array (tuple)");
1282
+ if (restSchema === null && value.length !== items.length) {
1283
+ return _fail(path, "tuple/wrong-length",
1284
+ "tuple must contain exactly " + items.length + " items (got " + value.length + ")");
1285
+ }
1286
+ if (restSchema !== null && value.length < items.length) {
1287
+ return _fail(path, "tuple/wrong-length",
1288
+ "tuple must contain at least " + items.length + " items (got " + value.length + ")");
1289
+ }
1290
+ var issues = [];
1291
+ var out = [];
1292
+ for (var i = 0; i < items.length; i++) {
1293
+ var r = _runWithModifiers(items[i], value[i], path.concat([i]));
1294
+ if (!r.ok) {
1295
+ for (var j = 0; j < r.issues.length; j++) issues.push(r.issues[j]);
1296
+ continue;
1297
+ }
1298
+ out.push(r.value);
1299
+ }
1300
+ // Variadic tail — every extra item is checked against restSchema.
1301
+ if (restSchema !== null) {
1302
+ for (var k = items.length; k < value.length; k++) {
1303
+ var rr = _runWithModifiers(restSchema, value[k], path.concat([k]));
1304
+ if (!rr.ok) {
1305
+ for (var jj = 0; jj < rr.issues.length; jj++) issues.push(rr.issues[jj]);
1306
+ continue;
1307
+ }
1308
+ out.push(rr.value);
1309
+ }
1310
+ }
1311
+ if (issues.length > 0) return { ok: false, issues: issues };
1312
+ return { ok: true, value: out };
1313
+ },
1314
+ });
1315
+ // .rest(itemSchema) — append a variadic tail to the tuple. Common for
1316
+ // protocol shapes like [verb, ...args] or [event, payload, ...metadata].
1317
+ schema.rest = function (item) {
1318
+ if (!item || typeof item._run !== "function") {
1319
+ throw new SafeSchemaError("safe-schema/bad-tuple-rest",
1320
+ "tuple.rest(): argument must be a schema");
1321
+ }
1322
+ return _tupleWithRest(items, item);
1323
+ };
1324
+ return schema;
1325
+ }
1326
+
1327
+ // ---- union ----
1328
+
1329
+ /**
1330
+ * @primitive b.safeSchema.union
1331
+ * @signature b.safeSchema.union(options)
1332
+ * @since 0.1.0
1333
+ * @status stable
1334
+ * @related b.safeSchema.discriminatedUnion, b.safeSchema.enum_
1335
+ *
1336
+ * Construct a schema that accepts a value matching ANY of the
1337
+ * given option schemas. First match wins. When no option matches,
1338
+ * issues from every branch are collected in the failure for deep
1339
+ * diagnostics, plus a parent-level `union` issue summarizing the
1340
+ * miss. For tagged-variant shapes prefer
1341
+ * `s.discriminatedUnion` — it dispatches in O(1) on the tag and
1342
+ * produces clearer error messages.
1343
+ *
1344
+ * @example
1345
+ * var b = require("blamejs");
1346
+ * var s = b.safeSchema;
1347
+ *
1348
+ * var idOrName = s.union([s.number().int().positive(), s.string().min(1)]);
1349
+ * idOrName.parse(42);
1350
+ * // → 42
1351
+ * idOrName.parse("alice");
1352
+ * // → "alice"
1353
+ *
1354
+ * try { idOrName.parse(true); }
1355
+ * catch (e) { e.issues[0].code; }
1356
+ * // → "union"
1357
+ */
1358
+ function union(options) {
1359
+ if (!Array.isArray(options) || options.length === 0) {
1360
+ throw new SafeSchemaError("safe-schema/bad-union",
1361
+ "union() requires a non-empty array of option schemas");
1362
+ }
1363
+ for (var i = 0; i < options.length; i++) {
1364
+ if (!options[i] || typeof options[i]._run !== "function") {
1365
+ throw new SafeSchemaError("safe-schema/bad-union",
1366
+ "union option " + i + " is not a schema");
1367
+ }
1368
+ }
1369
+ return _baseSchema({
1370
+ kind: "union",
1371
+ run: function (value, path) {
1372
+ var collected = [];
1373
+ for (var i = 0; i < options.length; i++) {
1374
+ var r = _runWithModifiers(options[i], value, path);
1375
+ if (r.ok) return r;
1376
+ // Collect each option's issues so the operator sees the full
1377
+ // failure surface; helpful for debugging which option matched
1378
+ // most closely.
1379
+ for (var j = 0; j < r.issues.length; j++) collected.push(r.issues[j]);
1380
+ }
1381
+ // No option matched — emit a union-level issue at the parent path
1382
+ // plus the collected per-option issues for deep diagnostics.
1383
+ var summary = _fail(path, "union",
1384
+ "did not match any of the " + options.length + " allowed shapes");
1385
+ summary.issues = summary.issues.concat(collected);
1386
+ return summary;
1387
+ },
1388
+ });
1389
+ }
1390
+
1391
+ // ---- record ----
1392
+ // record(value) — string keys, schema-typed values
1393
+ // record(keySchema, value) — both keys and values are schema-validated
1394
+
1395
+ /**
1396
+ * @primitive b.safeSchema.record
1397
+ * @signature b.safeSchema.record(a, b)
1398
+ * @since 0.1.0
1399
+ * @status stable
1400
+ * @related b.safeSchema.object, b.safeSchema.array
1401
+ *
1402
+ * Construct a schema for an object whose KEYS are arbitrary strings
1403
+ * and whose VALUES match a given schema. Two call shapes:
1404
+ * `record(valueSchema)` accepts any string key;
1405
+ * `record(keySchema, valueSchema)` validates both keys and values.
1406
+ * Prototype-pollution defense — `__proto__` / `constructor` /
1407
+ * `prototype` keys are rejected at parse time, mirroring `s.object`.
1408
+ * Throws `SafeSchemaError` on invalid arguments.
1409
+ *
1410
+ * @example
1411
+ * var bjs = require("blamejs");
1412
+ * var s = bjs.safeSchema;
1413
+ *
1414
+ * var counts = s.record(s.number().int().nonnegative());
1415
+ * counts.parse({ apples: 3, pears: 0 });
1416
+ * // → { apples: 3, pears: 0 }
1417
+ *
1418
+ * // Validate keys too: only ULIDs allowed.
1419
+ * var byId = s.record(s.string().ulid(), s.string());
1420
+ * byId.parse({ "01HF5Z6Q9P8R7S4T3V2W1X0Y9Z": "alice" });
1421
+ * // → { "01HF5Z6Q9P8R7S4T3V2W1X0Y9Z": "alice" }
1422
+ */
1423
+ function record(a, b) {
1424
+ var keySchema, valueSchema;
1425
+ if (b === undefined) {
1426
+ keySchema = null; // any string key
1427
+ valueSchema = a;
1428
+ } else {
1429
+ keySchema = a;
1430
+ valueSchema = b;
1431
+ }
1432
+ if (!valueSchema || typeof valueSchema._run !== "function") {
1433
+ throw new SafeSchemaError("safe-schema/bad-value-schema",
1434
+ "record() requires a value schema");
1435
+ }
1436
+ if (keySchema && typeof keySchema._run !== "function") {
1437
+ throw new SafeSchemaError("safe-schema/bad-key-schema",
1438
+ "record(keySchema, valueSchema): keySchema must be a schema");
1439
+ }
1440
+ return _baseSchema({
1441
+ kind: "record",
1442
+ run: function (value, path) {
1443
+ if (typeof value !== "object" || value === null || Array.isArray(value)) {
1444
+ return _fail(path, "type", "must be a plain object (record)");
1445
+ }
1446
+ var issues = [];
1447
+ var out = {};
1448
+ var keys = Object.keys(value);
1449
+ for (var i = 0; i < keys.length; i++) {
1450
+ var k = keys[i];
1451
+ // Prototype-pollution defense — same shape as object() schema.
1452
+ if (POISONED_KEYS.has(k)) {
1453
+ issues.push({
1454
+ path: path.concat([k]),
1455
+ code: "record/poisoned-key",
1456
+ message: "key '" + k + "' is forbidden (prototype-pollution defense)",
1457
+ });
1458
+ continue;
1459
+ }
1460
+ if (keySchema) {
1461
+ var kr = _runWithModifiers(keySchema, k, path.concat([k]));
1462
+ if (!kr.ok) {
1463
+ for (var jj = 0; jj < kr.issues.length; jj++) issues.push(kr.issues[jj]);
1464
+ continue;
1465
+ }
1466
+ }
1467
+ var r = _runWithModifiers(valueSchema, value[k], path.concat([k]));
1468
+ if (!r.ok) {
1469
+ for (var j = 0; j < r.issues.length; j++) issues.push(r.issues[j]);
1470
+ continue;
1471
+ }
1472
+ if (r.value !== undefined) out[k] = r.value;
1473
+ }
1474
+ if (issues.length > 0) return { ok: false, issues: issues };
1475
+ return { ok: true, value: out };
1476
+ },
1477
+ });
1478
+ }
1479
+
1480
+ // ---- discriminatedUnion ----
1481
+ //
1482
+ // Performance + ergonomics improvement over union for the common case
1483
+ // of "tagged variants": a literal field on each option distinguishes
1484
+ // the branches, so we dispatch on that field's value directly rather
1485
+ // than trying every option in turn.
1486
+ //
1487
+ // var event = s.discriminatedUnion("kind", [
1488
+ // s.object({ kind: s.literal("created"), at: s.string().datetime() }),
1489
+ // s.object({ kind: s.literal("deleted"), reason: s.string() }),
1490
+ // ]);
1491
+ //
1492
+ // Each option must be an object schema whose `discriminator` key is a
1493
+ // literal schema. Mismatched discriminator fails fast with a clear
1494
+ // "expected one of [...]" message rather than burying the operator in
1495
+ // per-branch issues.
1496
+ /**
1497
+ * @primitive b.safeSchema.discriminatedUnion
1498
+ * @signature b.safeSchema.discriminatedUnion(discriminator, options)
1499
+ * @since 0.1.0
1500
+ * @status stable
1501
+ * @related b.safeSchema.union, b.safeSchema.literal
1502
+ *
1503
+ * Construct a tagged-union schema. `discriminator` names a key
1504
+ * present on every option as a `s.literal(...)` schema; the
1505
+ * validator dispatches in O(1) on that key's value rather than
1506
+ * trying every option in turn (faster + clearer error messages
1507
+ * than `s.union`). Every option must be an object schema whose
1508
+ * shape carries a literal at the discriminator key. The
1509
+ * discriminator name itself cannot be `__proto__` /
1510
+ * `constructor` / `prototype`. Throws `SafeSchemaError` on
1511
+ * invalid input.
1512
+ *
1513
+ * @example
1514
+ * var b = require("blamejs");
1515
+ * var s = b.safeSchema;
1516
+ *
1517
+ * var event = s.discriminatedUnion("kind", [
1518
+ * s.object({ kind: s.literal("created"), at: s.string().datetime() }),
1519
+ * s.object({ kind: s.literal("deleted"), reason: s.string() }),
1520
+ * ]);
1521
+ *
1522
+ * event.parse({ kind: "created", at: "2026-01-01T00:00:00Z" });
1523
+ * // → { kind: "created", at: "2026-01-01T00:00:00Z" }
1524
+ *
1525
+ * var report = event.safeParse({ kind: "unknown" });
1526
+ * report.ok;
1527
+ * // → false
1528
+ * report.errors[0].code;
1529
+ * // → "discriminated-union/no-match"
1530
+ */
1531
+ function discriminatedUnion(discriminator, options) {
1532
+ if (typeof discriminator !== "string" || discriminator.length === 0) {
1533
+ throw new SafeSchemaError("safe-schema/bad-discriminator",
1534
+ "discriminatedUnion: discriminator must be a non-empty string key name");
1535
+ }
1536
+ if (POISONED_KEYS.has(discriminator)) {
1537
+ throw new SafeSchemaError("safe-schema/poisoned-discriminator",
1538
+ "discriminatedUnion: discriminator key '" + discriminator + "' is forbidden");
1539
+ }
1540
+ if (!Array.isArray(options) || options.length === 0) {
1541
+ throw new SafeSchemaError("safe-schema/bad-union",
1542
+ "discriminatedUnion: options must be a non-empty array");
1543
+ }
1544
+ for (var i = 0; i < options.length; i++) {
1545
+ var opt = options[i];
1546
+ if (!opt || opt._kind !== "object" || !opt.shape) {
1547
+ throw new SafeSchemaError("safe-schema/bad-discriminated-option",
1548
+ "discriminatedUnion option " + i + " must be an object schema");
1549
+ }
1550
+ var disc = opt.shape[discriminator];
1551
+ if (!disc || disc._kind !== "literal") {
1552
+ throw new SafeSchemaError("safe-schema/bad-discriminated-option",
1553
+ "discriminatedUnion option " + i + ": discriminator '" + discriminator +
1554
+ "' must be a literal schema");
1555
+ }
1556
+ // The literal's expected value lives in its closure; we extract via
1557
+ // a probe rather than introspection. literal(v)._run(v) succeeds.
1558
+ // We sample by trying every option's discriminator separately at
1559
+ // dispatch time (cheap; literal._run is just a triple-equals).
1560
+ }
1561
+ return _baseSchema({
1562
+ kind: "discriminatedUnion",
1563
+ run: function (value, path) {
1564
+ if (typeof value !== "object" || value === null || Array.isArray(value)) {
1565
+ return _fail(path, "type", "must be an object (discriminated union)");
1566
+ }
1567
+ var disc = value[discriminator];
1568
+ // Find the option whose discriminator schema accepts disc.
1569
+ for (var i = 0; i < options.length; i++) {
1570
+ var opt = options[i];
1571
+ var d = opt.shape[discriminator];
1572
+ var dr = d._run(disc, path.concat([discriminator]));
1573
+ if (dr.ok) {
1574
+ return _runWithModifiers(opt, value, path);
1575
+ }
1576
+ }
1577
+ return _fail(path.concat([discriminator]), "discriminated-union/no-match",
1578
+ "discriminator '" + discriminator + "' did not match any option");
1579
+ },
1580
+ });
1581
+ }
1582
+
1583
+ // ---- preprocess ----
1584
+ //
1585
+ // Run a transform BEFORE validation. Common at HTTP boundaries where
1586
+ // query strings arrive as strings but the operator wants a number /
1587
+ // boolean schema downstream.
1588
+ //
1589
+ // var port = s.preprocess(function (v) { return Number(v); }, s.number().int().min(1).max(65535));
1590
+ //
1591
+ // fn errors propagate as a 'preprocess' issue at the parent path; they
1592
+ // don't crash the validate call.
1593
+ /**
1594
+ * @primitive b.safeSchema.preprocess
1595
+ * @signature b.safeSchema.preprocess(fn, inner)
1596
+ * @since 0.1.0
1597
+ * @status stable
1598
+ * @related b.safeSchema.string, b.safeSchema.number
1599
+ *
1600
+ * Wrap a schema with a transform that runs BEFORE validation.
1601
+ * Common at HTTP boundaries where query strings arrive as strings
1602
+ * but the operator wants a number / boolean schema downstream.
1603
+ * Errors thrown by `fn` propagate as a `preprocess` issue at the
1604
+ * parent path rather than crashing the parse. Throws
1605
+ * `SafeSchemaError` (`safe-schema/bad-preprocess`) when args are
1606
+ * the wrong shape.
1607
+ *
1608
+ * Prefer `s.preprocess` over a hypothetical `.coerce` because
1609
+ * coercion ambiguity (`"0" → 0` vs `"0" → "0"`) is a security
1610
+ * foot-gun; `s.preprocess` makes the conversion explicit at the
1611
+ * call site.
1612
+ *
1613
+ * @example
1614
+ * var b = require("blamejs");
1615
+ * var s = b.safeSchema;
1616
+ *
1617
+ * var port = s.preprocess(
1618
+ * function (v) { return Number(v); },
1619
+ * s.number().int().min(1).max(65535)
1620
+ * );
1621
+ *
1622
+ * port.parse("8080");
1623
+ * // → 8080
1624
+ *
1625
+ * var report = port.safeParse("not-a-port");
1626
+ * report.ok;
1627
+ * // → false
1628
+ */
1629
+ function preprocess(fn, inner) {
1630
+ if (typeof fn !== "function") {
1631
+ throw new SafeSchemaError("safe-schema/bad-preprocess",
1632
+ "preprocess: first arg must be a function");
1633
+ }
1634
+ if (!inner || typeof inner._run !== "function") {
1635
+ throw new SafeSchemaError("safe-schema/bad-preprocess",
1636
+ "preprocess: second arg must be a schema");
1637
+ }
1638
+ return _baseSchema({
1639
+ kind: "preprocess",
1640
+ run: function (value, path) {
1641
+ var preprocessed;
1642
+ try {
1643
+ preprocessed = fn(value);
1644
+ } catch (e) {
1645
+ return _fail(path, "preprocess",
1646
+ "preprocess fn threw: " + ((e && e.message) || String(e)));
1647
+ }
1648
+ return _runWithModifiers(inner, preprocessed, path);
1649
+ },
1650
+ });
1651
+ }
1652
+
1653
+ // ---- lazy (recursive schemas) ----
1654
+ //
1655
+ // Defers schema construction until first parse. Operators wanting a
1656
+ // recursive shape — comment threads, file-tree nodes, etc. — wrap the
1657
+ // recursive reference in a function that returns the schema:
1658
+ //
1659
+ // var commentSchema = s.object({
1660
+ // id: s.string(),
1661
+ // replies: s.array(s.lazy(function () { return commentSchema; })),
1662
+ // });
1663
+ //
1664
+ // The function is called lazily and cached per-call site; cycles in the
1665
+ // returned schema are fine.
1666
+ /**
1667
+ * @primitive b.safeSchema.lazy
1668
+ * @signature b.safeSchema.lazy(getter)
1669
+ * @since 0.1.0
1670
+ * @status stable
1671
+ * @related b.safeSchema.object, b.safeSchema.array
1672
+ *
1673
+ * Defer schema construction until first parse, enabling recursive
1674
+ * shapes (comment threads, file-tree nodes, AST nodes). `getter` is
1675
+ * a no-arg function that returns the schema; it's called once on
1676
+ * the first parse and cached. The returned schema can reference
1677
+ * its enclosing variable, breaking the chicken-and-egg cycle.
1678
+ * Throws `SafeSchemaError` (`safe-schema/bad-lazy`) when `getter`
1679
+ * is not a function.
1680
+ *
1681
+ * @example
1682
+ * var b = require("blamejs");
1683
+ * var s = b.safeSchema;
1684
+ *
1685
+ * var commentSchema = s.object({
1686
+ * id: s.string(),
1687
+ * replies: s.array(s.lazy(function () { return commentSchema; })),
1688
+ * });
1689
+ *
1690
+ * var input = { id: "a", replies: [{ id: "b", replies: [] }] };
1691
+ * commentSchema.parse(input);
1692
+ * // → { id: "a", replies: [{ id: "b", replies: [] }] }
1693
+ */
1694
+ function lazy(getter) {
1695
+ if (typeof getter !== "function") {
1696
+ throw new SafeSchemaError("safe-schema/bad-lazy",
1697
+ "lazy: argument must be a function returning a schema");
1698
+ }
1699
+ var cached = null;
1700
+ return _baseSchema({
1701
+ kind: "lazy",
1702
+ run: function (value, path) {
1703
+ if (!cached) {
1704
+ cached = getter();
1705
+ if (!cached || typeof cached._run !== "function") {
1706
+ return _fail(path, "lazy",
1707
+ "lazy() function did not return a schema");
1708
+ }
1709
+ }
1710
+ return _runWithModifiers(cached, value, path);
1711
+ },
1712
+ });
1713
+ }
1714
+
1715
+ // ---- top-level modifier helpers ----
1716
+
1717
+ /**
1718
+ * @primitive b.safeSchema.optional
1719
+ * @signature b.safeSchema.optional(inner)
1720
+ * @since 0.1.0
1721
+ * @status stable
1722
+ * @related b.safeSchema.nullable
1723
+ *
1724
+ * Composition-style alias for `inner.optional()`. Returns a schema
1725
+ * that accepts `undefined` in addition to whatever `inner` accepts.
1726
+ * Equivalent to chaining `.optional()` on the schema; provided for
1727
+ * operators who prefer composition over chaining (e.g. mapping over
1728
+ * a list of schemas).
1729
+ *
1730
+ * @example
1731
+ * var b = require("blamejs");
1732
+ * var s = b.safeSchema;
1733
+ *
1734
+ * var maybeName = s.optional(s.string().min(1));
1735
+ * maybeName.parse(undefined);
1736
+ * // → undefined
1737
+ * maybeName.parse("alice");
1738
+ * // → "alice"
1739
+ */
1740
+ function optional(inner) { return inner.optional(); }
1741
+
1742
+ /**
1743
+ * @primitive b.safeSchema.nullable
1744
+ * @signature b.safeSchema.nullable(inner)
1745
+ * @since 0.1.0
1746
+ * @status stable
1747
+ * @related b.safeSchema.optional
1748
+ *
1749
+ * Composition-style alias for `inner.nullable()`. Returns a schema
1750
+ * that accepts `null` in addition to whatever `inner` accepts.
1751
+ * Compose with `s.optional` for "may be undefined OR null".
1752
+ *
1753
+ * @example
1754
+ * var b = require("blamejs");
1755
+ * var s = b.safeSchema;
1756
+ *
1757
+ * var maybeAge = s.nullable(s.number().int().min(0));
1758
+ * maybeAge.parse(null);
1759
+ * // → null
1760
+ * maybeAge.parse(30);
1761
+ * // → 30
1762
+ */
1763
+ function nullable(inner) { return inner.nullable(); }
1764
+
1765
+ module.exports = {
1766
+ // Primitives
1767
+ string: string,
1768
+ number: number,
1769
+ boolean: boolean,
1770
+ literal: literal,
1771
+ null_: null_,
1772
+ undefined_: undefined_,
1773
+ any: any,
1774
+ unknown: unknown,
1775
+
1776
+ // Composites
1777
+ object: object,
1778
+ array: array,
1779
+ tuple: tuple,
1780
+ union: union,
1781
+ discriminatedUnion: discriminatedUnion,
1782
+ record: record,
1783
+ lazy: lazy,
1784
+ preprocess: preprocess,
1785
+
1786
+ // enum is a reserved word in some tooling — ship both names
1787
+ enum_: enum_,
1788
+ oneOf: enum_,
1789
+
1790
+ // Modifier helpers (chained methods exist on every schema; these are
1791
+ // the equivalents for operators who prefer composition over chaining)
1792
+ optional: optional,
1793
+ nullable: nullable,
1794
+
1795
+ // Errors
1796
+ SafeSchemaError: SafeSchemaError,
1797
+
1798
+ // Validation regexes — exported so other modules don't re-declare
1799
+ // their own copies. Pragmatic patterns; operators wanting RFC-strict
1800
+ // behavior chain `.refine()` on top of the schema instead.
1801
+ EMAIL_RE: EMAIL_RE,
1802
+ URL_RE: URL_RE,
1803
+ UUID_RE: UUID_RE,
1804
+ DATE_RE: DATE_RE,
1805
+ DATETIME_RE: DATETIME_RE,
1806
+ IPV4_RE: IPV4_RE,
1807
+ IPV6_RE: IPV6_RE,
1808
+ CUID_RE: CUID_RE,
1809
+ ULID_RE: ULID_RE,
1810
+ };