@blamejs/blamejs-shop 0.0.44

package/lib/vendor/blamejs/release-notes/v0.7.x.json

@@ -0,0 +1,3811 @@
+{
+  "$schema": "../scripts/release-notes-consolidated-schema.json",
+  "minor": "0.7",
+  "releases": [
+    {
+      "version": "0.7.114",
+      "date": "2026-05-06",
+      "headline": "`b.vault.aad` AAD-bound sealed columns + `b.wsClient` outbound WebSocket client",
+      "summary": ". `b.vault.aad.seal(plaintext, aadParts)` / `b.vault.aad.unseal(value, aadParts)` binds the seal to an AAD tuple `(table, rowId, column, schemaVersion)` so the AEAD tag fails on any decrypt where the AAD differs — copy-paste between rows, replay across schema-version bumps, and table-mismatch attacks all surface as a refused decrypt.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.vault.aad.seal(plaintext, aadParts)`",
+              "body": "/. (See CHANGELOG for full context)."
+            },
+            {
+              "title": "`b.vault.aad.unseal(value, aadParts)`",
+              "body": "binds the seal to an AAD tuple `(table, rowId, column, schemaVersion)` so the AEAD tag fails on any decrypt where the AAD differs — copy-paste between rows, replay across schema-version bumps, and table-mismatch attacks all surface as a refused decrypt. Symmetric key derived per-row via SHAKE256 over `(\"vault.aad/v1/\" || vault-root || canonical-AAD)` with the AAD threaded into XChaCha20-Poly1305's tag. `buildColumnAad` / `buildContextAad` helpers produce canonical (sorted-keys, length-prefixed) AAD bytes; `reseal(value, fromAad, toAad)` re-binds a value to a new context after authenticating the source. Audit emissions: `vault.aad.sealed` / `vault.aad.unseal_failed`."
+            },
+            {
+              "title": "`b.wsClient.connect(url, opts)`",
+              "body": "ships the outbound RFC 6455 WebSocket client — companion to `b.websocket` (server-side). HTTP/1.1 Upgrade with Sec-WebSocket-Key generation + Sec-WebSocket-Accept verification (rejects on hash mismatch); subprotocol + permessage-deflate (RFC 7692) negotiation; client-side frame masking (RFC 6455 §5.3); TLS via `b.network.tls.pqc` (X25519MLKEM768 hybrid handshake, security-defaults-on); heartbeat ping/pong with pongDeadline tracking; auto-reconnect with exponential-backoff + full jitter; CRLF-injection defense on operator-supplied headers; configurable `maxMessageBytes` / `maxFrameBytes` / `pingMs` / `pongMs` / `handshakeTimeoutMs` / `reconnect: { maxAttempts, baseMs, maxMs }`. EventEmitter API: `open` / `message` / `close` / `error` / `reconnecting`. Reuses `FrameParser` and `serializeFrame` from `lib/websocket.js` so the wire layer is identical to the server. Integration test `test/integration/ws-client-roundtrip.test.js` boots a real `http.Server` driven by `b.websocket` primitives and dials it with `b.wsClient`, exercising plain ws:// handshake + subprotocol negotiation + text/binary echo + ping/pong heartbeat + close round-trip + permessage-deflate compress/inflate end-to-end. Audit emissions: `wsclient.connected` / `wsclient.closed` / `wsclient.error`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6455",
+          "url": "https://www.rfc-editor.org/rfc/rfc6455.html"
+        },
+        {
+          "label": "RFC 7692",
+          "url": "https://www.rfc-editor.org/rfc/rfc7692.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.113",
+      "date": "2026-05-06",
+      "headline": "`@noble/post-quantum` attribution sweep",
+      "summary": "NOTICE picks up the v0.6.1 vendored bundle with full copyright + Used-for + thank-you line per the framework's attribution convention. README's \"Vendored dependencies\" dependency table picks up the noble-post-quantum row alongside noble-ciphers. The wiki home page's \"Special thanks\" list cites Paul Miller for both noble-ciphers and noble-post-quantum.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`@noble/post-quantum` attribution sweep",
+              "body": "`@noble/post-quantum` attribution sweep. NOTICE picks up the v0.6.1 vendored bundle with full copyright + Used-for + thank-you line per the framework's attribution convention. README's \"Vendored dependencies\" dependency table picks up the noble-post-quantum row alongside noble-ciphers. The wiki home page's \"Special thanks\" list cites Paul Miller for both noble-ciphers and noble-post-quantum. The wiki `welcome` page's \"What's in the box\" table picks up `@noble/post-quantum` ↔ `b.pqcSoftware` with the security-first defaults (ML-KEM-1024, ML-DSA-87, SLH-DSA-SHAKE-256f). Pure docs / attribution sweep — no behaviour changes."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.112",
+      "date": "2026-05-06",
+      "headline": "`b.asyncapi` AsyncAPI 3.0 schema-document builder + `b.pqcSoftware` pure-JS PQC primitive wrapper",
+      "summary": "around vendored `@noble/post-quantum`. `b.asyncapi.create({ info, servers, defaultContentType, security, externalDocs, tags, id })` returns an event-driven sibling to `b.openapi` — operators describe pubsub / websocket / kafka / mqtt / amqp surfaces as a single document the framework can serve at `/asyncapi.json` (or YAML).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.asyncapi.create({ info, servers, defaultContentType, security, externalDocs, tags, id })`",
+              "body": "returns an event-driven sibling to `b.openapi` — operators describe pubsub / websocket / kafka / mqtt / amqp surfaces as a single document the framework can serve at `/asyncapi.json` (or YAML)."
+            },
+            {
+              "title": "`builder.channel(channelId, opts)`",
+              "body": "registers channels with messages / parameters / per-channel bindings;."
+            },
+            {
+              "title": "`builder.operation(operationId, opts)`",
+              "body": "registers `send` / `receive` operations against declared channels (dangling-channel references throw at registration). `builder.schema / message / parameter / correlationId / requestBody` register reusable components."
+            },
+            {
+              "title": "`builder.security.add / require`",
+              "body": "with same scheme builders shared with `b.openapi.security` (bearer / basic / apiKey / oauth2 / openIdConnect / mtls / dpop)."
+            },
+            {
+              "title": "`builder.toJson() / toJsonString() / toYaml()`",
+              "body": "final dangling-security-reference checks; YAML emitter shared with `b.openapi`."
+            },
+            {
+              "title": "`b.asyncapi.bindings.{websockets,kafka,amqp,mqtt,http}`",
+              "body": "typed binding builders for the four protocols framework primitives speak; rejection on bad shape (websockets method ∈ {GET, POST}, kafka partitions/replicas > 0, amqp `is` ∈ {queue, routingKey}, mqtt qos ∈ {0, 1, 2})."
+            },
+            {
+              "title": "`b.asyncapi.traits.{operation, message, applyOperation, applyMessage}`",
+              "body": "AsyncAPI trait composition with shallow-merge semantics — operators define a trait once (e.g. \"every kafka publish carries tracing-header envelope\") and apply it across operations / messages."
+            },
+            {
+              "title": "`b.middleware.asyncapiServe({ document, pathJson, pathYaml, accessControl, cacheControl,",
+              "body": "mirrors `openapiServe`: GET / HEAD only, SHA3-512 ETag for conditional 304s, CORS gating."
+            },
+            {
+              "title": "`b.pqcSoftware`",
+              "body": "ships pure-JS FIPS 203 / 204 / 205 PQC algorithms via `lib/vendor/noble-post-quantum.cjs` (Paul Miller's `@noble/post-quantum` v0.6.1, MIT, vendored under `lib/vendor/MANIFEST.json` with SHA-256 pin). Usable server-side and client-side; ciphertexts FIPS 203 conformant in both directions with Node's built-in WebCrypto ML-KEM. Defaults pin to the highest cat-5 level: `DEFAULT_KEM` = ML-KEM-1024, `DEFAULT_LATTICE_SIG` = ML-DSA-87, `DEFAULT_HASH_SIG` = SLH-DSA-SHAKE-256f. Surface: `ml_kem_512` / `ml_kem_768` / `ml_kem_1024` (FIPS 203 KEM), `ml_dsa_44` / `ml_dsa_65` / `ml_dsa_87` (FIPS 204 lattice signatures), `slh_dsa_sha2_*f` / `slh_dsa_shake_*f` (FIPS 205 hash signatures), `isAvailable()` + `listAlgorithms()` + getter-style algorithm accessors. Audit emissions: `asyncapi.document.built` / `asyncapi.document.served`. 200+ test cases."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.111",
+      "date": "2026-05-06",
+      "headline": "`b.flag` + `b.middleware.flagContext` — OpenFeature-aligned feature-flag client",
+      "summary": "`b.flag.create({ provider, providers, defaultEvaluationContext, audit, errorHandler, hooks })` returns a flag client with `getValue / getBoolean / getString / getNumber / getObject / getDetails / getValues / getDetailsAll / addProvider / removeProvider / list / middleware`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.flag.create({ provider, providers, defaultEvaluationContext, audit, errorHandler, hooks })`",
+              "body": "returns a flag client with `getValue / getBoolean / getString / getNumber / getObject / getDetails / getValues / getDetailsAll / addProvider / removeProvider / list / middleware`. Hot-path drop-silent — operator-supplied defaults returned on flag-not-found / provider-error; an `errorHandler` callback + audit emission on `flag.evaluation.error` surface the issue without taking down the request."
+            },
+            {
+              "title": "`b.flag.providers`",
+              "body": "ships three first-party providers: `memory({ flags })` for in-process / test flag sets, `localFile({ path, watch })` for JSON-file-backed flags with optional watch-on-change reload (hot-path-tolerant — bad JSON during reload is drop-silent), and `environmentVariable({ prefix, flags })` for `FLAG_*` env-var overrides. Flag specs validate at registration time per the no-MVP rule: `default` must reference a registered variant, every rule's `variant` must reference a registered variant, every rollout entry's percentage must be in [0, 100] with the sum bounded at 100."
+            },
+            {
+              "title": "`b.flag.targeting`",
+              "body": "evaluates rules with 14 operators (eq / neq / in / nin / gt / gte / lt / lte / starts_with / ends_with / contains / regex / exists / not_exists / between); regex patterns capped at 200 chars (DoS defense); rules support nested-attribute paths (`user.profile.tier`); conjunction across `conditions[]`."
+            },
+            {
+              "title": "`b.flag.context`",
+              "body": "ships evaluation-context builders: `create`, `merge`, `fromRequest({ userKey, extra })` (extracts targeting key from `req.user.id` or anonymous fallback hashed from clientIp + userAgent), `bucketOf(targetingKey, flagKey)` deterministic SHA3-512 percentage bucket helper."
+            },
+            {
+              "title": "`b.flag.cache(downstream, { ttlMs, maxEntries })`",
+              "body": "wraps a downstream provider with a per-`(targetingKey, flagKey)` TTL cache backed by an insertion-ordered Map (oldest-first eviction at maxEntries cap; flag-not-found never cached so operators can add flags later); `cached.bust()` clears all entries; `cached.stats()` returns `{ size, hits, misses, evictions, hitRatio, ttlMs, maxEntries }`."
+            },
+            {
+              "title": "`b.middleware.flagContext({ userKey, userKeyHeader, extractAttributes, tenantKeyHeader })`",
+              "body": "request-time middleware that extracts an evaluation context onto `req.flagCtx` for downstream handlers and multi-client flag setups (separate from the per-client `flag.middleware()` accessor that attaches `req.flag.{getBoolean,getString,...}` directly)."
+            },
+            {
+              "title": "OpenFeature hooks",
+              "body": "`before / after / error / finally` callbacks fire around every evaluation; throwing hooks are drop-silent (observability, not blocking). Audit emissions: `flag.evaluated` / `flag.evaluation.error` / `flag.cache.bust`. 130+ test cases."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.110",
+      "date": "2026-05-06",
+      "headline": "`b.openapi` + `b.middleware.openapiServe` — OpenAPI 3.1 schema-document builder",
+      "summary": ". `b.openapi.create({ info, servers, externalDocs, tags, security })` returns an immutable-on-`toJson` builder for hand-authored API contracts.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.openapi.create({ info, servers, externalDocs, tags, security })`",
+              "body": "returns an immutable-on-`toJson` builder for hand-authored API contracts."
+            },
+            {
+              "title": "`builder.path(method, urlPattern, opts)`",
+              "body": "registers operations with full RFC-9110-method validation (get / put / post / delete / options / head / patch / trace), path-template `{name}` placeholders cross-checked against declared `parameters: [{ in: \"path\", required: true }]` (build-time throw on mismatch), required `responses` map per OpenAPI 3.1 §4.8.5 with required `description` on every response, body-content map under `requestBody.content[mediaType].schema`."
+            },
+            {
+              "title": "`builder.schema(name, schemaSpec)`",
+              "body": "/ `response(...)` / `parameter(...)` / `requestBody(...)` / `header(...)` / `example(...)` register reusable `components`. Schema specs accept three forms: a `b.safeSchema` object (walked into JSON Schema 2020-12 by `lib/openapi-schema-walk.js`), a hand-shaped JSON Schema object (passes through with shape validation), or a primitive type-name string."
+            },
+            {
+              "title": "`builder.security.add(name, scheme)`",
+              "body": "+ `security.require(requirement)` register security schemes; the builder surfaces `b.openapi.security.{bearer,basic,apiKey,oauth2,openIdConnect,mtls,dpop}` typed builders that validate every IANA-registered scheme shape (apiKey `in` ∈ {header, query, cookie}; oauth2 `flows` with per-flow `authorizationUrl` / `tokenUrl` / `scopes` validation; mTLS uses the OpenAPI 3.1 `mutualTLS` type)."
+            },
+            {
+              "title": "`builder.toJson()`",
+              "body": "runs final dangling-reference checks (every `security` requirement key MUST resolve to a registered scheme). `builder.toJsonString(indent)` +."
+            },
+            {
+              "title": "`builder.toYaml()`",
+              "body": "emit the document; the YAML emitter (`lib/openapi-yaml.js`) handles spec-quoted strings (numbers / booleans / dates / yaml-special tokens), nested arrays / objects, empty `[]` / `{}`. `builder.middleware({ pretty, cacheControl })` is the single-builder embed;."
+            },
+            {
+              "title": "`b.middleware.openapiServe({ document, pathJson, pathYaml, accessControl, cacheControl, pretty,",
+              "body": "is the framework-style mounted middleware that responds at `/openapi.json` + `/openapi.yaml` (configurable), emits SHA3-512-derived ETag for conditional-GET 304s, gates by `accessControl: \"public\" | \"same-origin\"` for the `Access-Control-Allow-Origin: *` header, falls through on non-GET / non-HEAD methods. Audit emissions: `openapi.document.built` / `openapi.document.served`. 100+ test cases."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.109",
+      "date": "2026-05-06",
+      "headline": "`b.compliance.aiAct` + `b.middleware.aiActDisclosure` — full EU AI Act (Regulation (EU) 2024/1689)",
+      "summary": "compliance primitive with deadline-aware classification, Article 5 prohibited-practices catalog, Article 6 + Annex III high-risk classifier, Article 12 logging helpers (with biometric-system-specific minimum-fields enforcement per Art.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.compliance.aiAct.classify({ purpose, deployContext, deployerType, ... })`",
+              "body": "returns `{ tier, prohibitedHits, annexIIIHits, obligations, action, legalReference }` — tier is `prohibited` / `high-risk` / `limited-risk` / `general-purpose` / `minimal-risk`."
+            },
+            {
+              "title": "`b.compliance.aiAct.prohibited`",
+              "body": "ships the eight Art. 5 prohibited practices catalog (subliminal manipulation, vulnerable-group exploitation, social scoring, profiling-only predictive policing, untargeted facial scraping, workplace/education emotion inference, sensitive-attribute biometric categorisation, real-time RBI in public spaces) with conservative classifier and exemption handling."
+            },
+            {
+              "title": "`b.compliance.aiAct.risk`",
+              "body": "ships the eight Annex III rows with per-row Article 9-15 obligation lists (Article 27 FRIA added for law-enforcement / migration)."
+            },
+            {
+              "title": "`b.compliance.aiAct.transparency`",
+              "body": "ships banner / htmlBanner / watermark / jsonLdDisclosure / metaTags builders for the four Art. 50 obligations."
+            },
+            {
+              "title": "`b.compliance.aiAct.logging`",
+              "body": "ships buildEvent / emit / logEvent / loggerFor / retentionFloorMs (per Art. 19 — 180-day default, 365-day floor for financial / employment / law-enforcement). Biometric systems require the Art. 12(3) minimum fields (periodStart, periodEnd, referenceDatabase, matchedInputRef, verifiers); the builder throws when they're missing."
+            },
+            {
+              "title": "`b.compliance.aiAct.gpai`",
+              "body": "classifies general-purpose AI models with the Art. 51(2) FLOP threshold (10^25 cumulative training compute → presumption of systemic risk per Art. 55)."
+            },
+            {
+              "title": "`b.compliance.aiAct.annexIVScaffold(...)`",
+              "body": "returns the eight Annex IV documentation sections (general description / detailed description / monitoring + functioning / risk-management / changes / harmonised standards / EU declaration of conformity / post-market monitoring)."
+            },
+            {
+              "title": "`b.compliance.aiAct.deployerChecklist(assessment)`",
+              "body": "returns operator-actionable next-steps with article references for the assessment's tier (prohibited → do-not-deploy; high-risk → conformity assessment + technical doc + risk mgmt + data governance + logging + human oversight + Art. 71 EU database + Art. 72 post-market monitoring; limited-risk → transparency middleware mount; GPAI → technical doc + downstream info + copyright policy + training summary + Art. 55 systemic-risk obligations when applicable)."
+            },
+            {
+              "title": "`b.compliance.aiAct.DEADLINES`",
+              "body": "carries the Art. 113 phase-in calendar (2026-02-02 prohibited / 2026-08-02 GPAI + transparency / 2027-08-02 high-risk)."
+            },
+            {
+              "title": "`b.middleware.aiActDisclosure({ kind, deployerName, policyUri, mode })`",
+              "body": "auto-injects `AI-Act-Notice` / `AI-Act-Article` / `AI-Act-Policy` response headers on every 2xx response, plus an `<div role=\"status\">` banner injection on 2xx HTML responses when mode=`html`; honors `X-Skip-AI-Act` request header and `res.locals.aiActSkip` opt-out. Audit emissions: `compliance.aiact.classified` / `aiact.disclosed` / `aiact.<kind>`. 130+ test cases covering catalog completeness, classifier exemptions, GPAI FLOP threshold, banner / watermark / metaTag round-trips, logging biometric-field enforcement, retention floors, annexIVScaffold sections, deployer checklist for all five tiers."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.108",
+      "date": "2026-05-06",
+      "headline": "`b.auth.stepUp` + `b.middleware.requireStepUp` — RFC 9470 step-up authentication",
+      "summary": "OAuth 2.0 Step-Up Authentication Challenge with elevation-grant short-circuit, RFC 9396 authorization-details parsing, and RFC 8176 AMR phishing-resistance evaluation. Routes that need a stronger or fresher authentication ceremony now have a complete primitive.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.acr` ACR-vocabulary registry",
+              "body": "Operator-extendable registry with rank-based `meets(presented, required)` and `meetsAny(presented, required[])` comparison plus `register({ value, rank })` for private vocabularies. Ships NIST 800-63-4 AAL1/2/3, OIDC `0`/`1`/`2`, ISO 29115 `loa1`-`loa4`, InCommon Bronze/Silver/Gold, and RFC 9470 `phr`/`phrh`."
+            },
+            {
+              "title": "`b.auth.authTime` freshness helpers",
+              "body": "`ageSec(claims)` / `freshEnough(claims, maxAge)` / `buildClaims({ method, prevAt })` (refresh preserves prior auth_time per OIDC Core 1.0 §5.4) / `recommendMaxAge` clamping helper."
+            },
+            {
+              "title": "`b.auth.stepUp.evaluate` full RFC 9470 evaluation",
+              "body": "Runs ACR rank check, ACR-values list (any-satisfies), `max_age` freshness, RFC 8176 AMR `requiredAmr: [\"hwk\", \"pop\"]` requirement, and `phishingResistant: true` boolean check. Returns structured `{ ok: false, error, reason }` so the request path keeps moving; operator typos in the requirement bubble up at boot."
+            },
+            {
+              "title": "`buildChallenge` + `parseChallenge`",
+              "body": "`buildChallenge({ requirement, realm, errorDescription })` assembles the RFC 7235-quoted `WWW-Authenticate: Bearer error=\"insufficient_user_authentication\", acr_values=\"...\", max_age=\"...\"` value with control-character / quote-injection rejection. `parseChallenge(headerValue)` is the operator-side roundtrip helper."
+            },
+            {
+              "title": "`parseAuthorizationDetails` RFC 9396 parser",
+              "body": "Parses the fine-grained authorization-details parameter and validates each entry has the required `type` field."
+            },
+            {
+              "title": "Elevation-grant primitives",
+              "body": "`b.auth.stepUp.grant.{create,verify,revoke,isRevoked,list,setSigningKey}` issues short-lived HMAC-SHA3-512 signed elevation grants binding `(subject, scope, acr, amr, audience, evidence, iat, exp, jti)`; `verify` enforces audience, scope, subject, expiry, and revocation."
+            },
+            {
+              "title": "`b.middleware.requireStepUp`",
+              "body": "Mounts the RFC 9470 challenge in front of routes; checks an optional `X-Step-Up-Grant` header first (multi-step flows skip re-prompting), falls back to claims-based evaluation. Audit emissions on every state transition: `auth.stepup.required`, `satisfied`, `denied`, `grant.issued`, `consumed`, `revoked`, `rejected`. Sixty-plus test cases cover ACR rank, registration, AMR phishing-resistance, auth_time freshness with skew, RFC 7235 quote-injection rejection, RAR JSON shape checks, grant happy-path / tamper / audience / scope / expiry / revoke, and middleware happy-path / 401-with-WWW-Authenticate / grant short-circuit / scope-mismatch fallback / config-time typo throws."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9470 OAuth 2.0 Step-Up Authentication Challenge",
+          "url": "https://www.rfc-editor.org/rfc/rfc9470.html"
+        },
+        {
+          "label": "RFC 9396 Rich Authorization Requests",
+          "url": "https://www.rfc-editor.org/rfc/rfc9396.html"
+        },
+        {
+          "label": "RFC 8176 Authentication Method Reference Values",
+          "url": "https://www.rfc-editor.org/rfc/rfc8176.html"
+        },
+        {
+          "label": "RFC 7235 HTTP Authentication",
+          "url": "https://www.rfc-editor.org/rfc/rfc7235.html"
+        },
+        {
+          "label": "NIST SP 800-63-4",
+          "url": "https://pages.nist.gov/800-63-4/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.107",
+      "date": "2026-05-06",
+      "headline": "`b.auth.sdJwtVc` Selective Disclosure JWT for Verifiable Credentials",
+      "summary": "SD-JWT VC primitive aligned with the EU Digital Identity Wallet (EUDI) roll-out and EU AI Act Art. 50 disclosure requirements. Ships issuer, holder, verifier, and key-binding flows with PQC algorithm defaults.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.sdJwtVc.issue` issuer flow",
+              "body": "`issue({ issuer, vct, claims, selectivelyDisclosed, issuerKey, ... })` mints an SD-JWT VC: per-claim disclosures (base64url-encoded `[salt, name, value]` JSON arrays) with their SHA-256 / SHA3-256 / SHA-512 / SHA3-512 digests pinned in the issuer-signed `_sd` array. Selectively-disclosed claims are hidden from the issuer payload; plain claims pass through. Optional `cnf` claim pins the holder's public JWK for key-binding. Supported algorithms: ES256 (default per spec), ES384, EdDSA, ML-DSA-87 (the framework's PQC default), ML-DSA-65."
+            },
+            {
+              "title": "`present` holder presentation builder",
+              "body": "`present({ sdJwt, disclosedClaimNames, audience, nonce, holderKey })` selects which disclosures to reveal and signs an optional Key Binding JWT (typ=`kb+jwt`) carrying the audience, nonce, iat, and an `sd_hash` binding it to the specific presentation."
+            },
+            {
+              "title": "`verify` verifier pipeline",
+              "body": "`verify(presentation, { issuerKeyResolver, audience, nonce, expectedVct, requireKeyBinding })` runs the full verification pipeline: issuer JWT signature, iat / exp / vct, per-disclosure digest match against the issuer's `_sd` array, and optional KB-JWT signature plus audience, nonce, and `sd_hash` checks."
+            },
+            {
+              "title": "`b.auth.sdJwtVc.issuer.create` operator-side factory",
+              "body": "Operator-side issuer factory with key management, `kid` stamping, per-issuance audit emission, and `rotateKey` support."
+            },
+            {
+              "title": "`b.auth.sdJwtVc.holder.create` wallet helper",
+              "body": "Operator-pluggable storage (production wires `b.db` / `b.objectStore`; built-in `memoryStorage()` for dev / tests). `store` / `present` / `list` / `get` / `delete` covers the full wallet lifecycle."
+            },
+            {
+              "title": "`b.auth.sdJwtVc.disclosure.encode` / `decode`",
+              "body": "Pure helpers for the SD-JWT disclosure format. Audit emissions on every state transition (`auth.sdJwtVc.issued`, `auth.sdJwtVc.holder.stored`, `presented`, `deleted`, `auth.sdJwtVc.key_rotated`). Thirty-two test cases cover disclosure round-trip, issue/verify happy path, signature tamper, expiration, vct mismatch, disclosure tamper, present subset, key binding, issuer factory + key rotation, holder factory + storage round-trip, hash-algorithm switching, and plain-only credentials."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "draft-ietf-oauth-sd-jwt-vc",
+          "url": "https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/"
+        },
+        {
+          "label": "EU Digital Identity Wallet (EUDI)",
+          "url": "https://digital-strategy.ec.europa.eu/en/policies/eudi-wallet"
+        },
+        {
+          "label": "EU AI Act (Regulation 2024/1689) Art. 50",
+          "url": "https://eur-lex.europa.eu/eli/reg/2024/1689/oj"
+        }
+      ]
+    },
+    {
+      "version": "0.7.106",
+      "date": "2026-05-06",
+      "headline": "`b.guardHtml.wcag` audit-only accessibility scanner",
+      "summary": "Pure static analysis of HTML against WCAG 2.2 — no rendering, no JS execution. Emits structured findings the operator wires into a CI gate, an audit log, or a dev warning. Ships page-level, ARIA, tables, and forms scanners.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardHtml.wcag.audit` page + element scanner",
+              "body": "`audit(html, { level, ignore, allowedRoles, allowedAutocomplete, ... })` returns `{ findings: [{ sc, level, severity, element, line, column, message, remediation }], summary: { error, warning, info }, score, totalFindings, scopeUrl, scannedAt }`. Page-level checks: `<html lang>` (3.1.1), `<title>` (2.4.2), skip-link (2.4.1). Element-level checks: `<img alt>` (1.1.1), input labels (3.3.2), input names (4.1.2), button text (4.1.2), anchor accessible name (2.4.4), heading order, and empty heading (1.3.1)."
+            },
+            {
+              "title": "`b.guardHtml.wcag.aria.audit` WAI-ARIA 1.2 validation",
+              "body": "Catches unknown role values, missing required ARIA properties (e.g. `role=\"checkbox\"` without `aria-checked`), aria-* values outside the spec value set (`aria-checked` outside `{true, false, mixed}`), unresolved `aria-labelledby` / `aria-controls` / `aria-describedby` references, and `aria-hidden=\"true\"` on interactive elements. Operators with custom design systems extend the role registry via `allowedRoles`."
+            },
+            {
+              "title": "`b.guardHtml.wcag.tables.audit` table semantics",
+              "body": "Flags `<table>` without `<caption>` for data tables (layout tables with `role=\"presentation\"` skip the check), `<th>` without scope or with invalid scope value, and `<tr>` outside table-context wrappers."
+            },
+            {
+              "title": "`b.guardHtml.wcag.forms.audit` form-specific checks",
+              "body": "`<fieldset>` without `<legend>` (1.3.1), input `autocomplete=` value against the HTML 5.3 token registry (1.3.5), password input with `autocomplete=\"off\"` (3.3.8 blocks password managers), input/email without autocomplete (3.3.7 redundant entry), and `<textarea>` without a label."
+            },
+            {
+              "title": "Filters + heuristic score",
+              "body": "Conformance level filter (`A` / `AA` / `AAA`); `ignore: [\"1.4.3\"]` for SC-by-SC opt-out; `skipAria` / `skipTables` / `skipForms` for module-level opt-out. Heuristic score (1 - weighted-violations / heuristic-max) for a quick gauge. Fifty-one test cases."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "WCAG 2.2",
+          "url": "https://www.w3.org/TR/WCAG22/"
+        },
+        {
+          "label": "WAI-ARIA 1.2",
+          "url": "https://www.w3.org/TR/wai-aria-1.2/"
+        },
+        {
+          "label": "HTML autocomplete token registry",
+          "url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill"
+        }
+      ]
+    },
+    {
+      "version": "0.7.105",
+      "date": "2026-05-06",
+      "headline": "`b.compliance.sanctions` screening primitive",
+      "summary": "Sanctions-list screening for KYC, payment, and customer-onboarding flows. Framework owns indexing plus three match strategies; operator owns the daily fetch and format-specific parsing. Ships parser shims for OFAC SDN, EU CSL, and UN 1267.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.compliance.sanctions.create` screener",
+              "body": "`create({ entries, algorithm, fuzzy, ... })` returns a screener with `screen(input)` (single record), `screenBulk(inputs)` (batch), `snapshot()` (rule-version digest for audit trails), `reload(newEntries)` (atomic index swap with diff), `entryById(id)`, and `size()`."
+            },
+            {
+              "title": "Three match strategies",
+              "body": "`exact` (fastest, no fuzz), `jaro-winkler` (default, threshold 0.85), and `levenshtein` (edit-distance with cap). Match output: `{ match, hits: [{ entryId, name, matchedOn, score, reason, listed, programs }], algorithm, ruleVersion, screenedAt }`."
+            },
+            {
+              "title": "`b.compliance.sanctions.fuzzy` algorithmic core",
+              "body": "Pure helpers: `normalize` (Unicode diacritic strip + lowercase + whitespace collapse), `tokenize`, `levenshtein` (cap + early-exit), `jaro` / `jaroWinkler`, `tokenSetSimilarity` (order-invariant bag-of-tokens), `substringContains` (token-bounded), and `initialsMatch`."
+            },
+            {
+              "title": "`b.compliance.sanctions.aliases.expand`",
+              "body": "Alias-expansion helper covering nicknames (Bill / William, Mike / Michael), transliteration variants (Mohamed / Mohammed), reverse-order forms (Smith John / Smith, John), and initials (J. Smith). Thirty-two built-in name pairs plus operator-extensible `extraPairs`."
+            },
+            {
+              "title": "`b.compliance.sanctions.fetcher.create` periodic refresh",
+              "body": "Worker that runs the operator's `fetch` callback, validates a non-empty result, and atomically reloads the screener via `screener.reload`. Audit emissions on every refresh state: `compliance.sanctions.refresh.started`, `completed`, `skipped`, `failed`."
+            },
+            {
+              "title": "Parser shims for canonical public list formats",
+              "body": "`parseOfacCsvRow` / `parseOfacAliasRow` / `mergeAliases` (OFAC SDN), `parseEuCslEntry` (EU Consolidated Sanctions List XML), and `parseUn1267Entry` (UN Security Council XML). The framework intentionally does not vendor the lists themselves — they change daily and have legal-distribution implications."
+            },
+            {
+              "title": "Audit emissions on screen + match",
+              "body": "`compliance.sanctions.screened` on every screen call; `compliance.sanctions.matched` when hits > 0. Thirty-nine test cases cover normalize, tokenize, Levenshtein, Jaro-Winkler, token-set, substring, initials, screen modes, type filter, bulk, snapshot, reload, alias expansion, and fetcher tick + failure modes."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "U.S. Treasury OFAC SDN list",
+          "url": "https://ofac.treasury.gov/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists"
+        },
+        {
+          "label": "EU Consolidated Sanctions List",
+          "url": "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions"
+        },
+        {
+          "label": "UK HMT consolidated list",
+          "url": "https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets"
+        },
+        {
+          "label": "UN Security Council 1267 list",
+          "url": "https://www.un.org/securitycouncil/content/un-sc-consolidated-list"
+        }
+      ]
+    },
+    {
+      "version": "0.7.104",
+      "date": "2026-05-06",
+      "headline": "`b.dsr` data-subject-rights workflow primitive",
+      "summary": "End-to-end coordinator for GDPR Article 15-22, CCPA, CPRA, LGPD, PIPEDA, and UK-GDPR data-subject requests. Ships ticket lifecycle, posture-aware deadlines, verification ladder, signed receipts, portability bundles, and two ticket-store backends.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.dsr.create` workflow coordinator",
+              "body": "`b.dsr.create({ ticketStore, posture, identityResolver, sources, ... })` returns a workflow instance with full ticket lifecycle. `submit(input)` resolves the subject identity via the operator-supplied `identityResolver`, computes a posture-aware deadline (gdpr 30d / ccpa 45d / lgpd-br 15d / pipl-cn 15d / pipeda-ca 30d / appi-jp 30d / pdpa-sg 30d / uk-gdpr 30d), and persists a pending ticket. `process(ticketId, opts)` orchestrates per-source `query` (for access / portability / rectification) or `erase` (for erasure) callbacks; partial source failures land the ticket in `partially_completed` state with per-source error capture. `cancel` / `reject` (with required reason per GDPR) advance to terminal states. `expireOverdue()` marks deadline-overdue tickets as `expired`."
+            },
+            {
+              "title": "Seven request types covered",
+              "body": "`access`, `erasure`, `portability`, `rectification`, `restriction`, `object`, and `automated-decision` are all first-class workflow entry points."
+            },
+            {
+              "title": "Verification ladder per GDPR Art. 12(6)",
+              "body": "Three levels (`minimal` / `secondary` / `strong`) with a minimum required level by request type and an operator override. Erasure, portability, and rectification require `secondary` by default."
+            },
+            {
+              "title": "Receipt + portability builders",
+              "body": "`buildReceipt(ticketId)` emits a canonical `blamejs.dsr.receipt/1` JSON envelope for completed/cancelled/rejected/expired tickets with an optional `receiptSigner` hook for cryptographic attestation. `buildPortabilityBundle(ticket)` produces the `blamejs.dsr.portability/1` JSON shape with per-source data for access and portability requests."
+            },
+            {
+              "title": "Two ticket-store backends",
+              "body": "`memoryTicketStore()` for development and tests; `dbTicketStore({ db, table })` for production (auto-provisions a SQLite table with subject_email + status indexes and a `purgeExpired()` retention sweep)."
+            },
+            {
+              "title": "Audit emissions on every state transition",
+              "body": "`dsr.ticket.submitted`, `in_progress`, `completed`, `partial`, `cancelled`, `rejected`, `expired`, plus per-source `dsr.source.queried`, `erased`, and `failed`. Thirty-eight test cases cover submit, process, cancel, reject, list, expire, portability, verification ladder, receipt, and store backends."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "GDPR Articles 15-22",
+          "url": "https://gdpr-info.eu/chapter-3/"
+        },
+        {
+          "label": "CCPA / CPRA",
+          "url": "https://oag.ca.gov/privacy/ccpa"
+        },
+        {
+          "label": "LGPD (Brazil)",
+          "url": "https://www.gov.br/cnpd/pt-br"
+        },
+        {
+          "label": "PIPEDA (Canada)",
+          "url": "https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/"
+        },
+        {
+          "label": "UK GDPR",
+          "url": "https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.103",
+      "date": "2026-05-06",
+      "headline": "W3C distributed tracing suite — tracestate / Baggage / OTel-shaped spans / OTLP exporter",
+      "summary": "End-to-end OTel-shaped distributed tracing without a vendored OTel SDK. Adds tracestate + Baggage parsers, an OTel-compatible span builder, an OTLP/JSON exporter, HTTP server span middleware, and log correlation that auto-stamps `trace_id` + `span_id` on every log line inside a request handler.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.observability.traceContext.parseTracestate` / `buildTracestate`",
+              "body": "W3C Trace Context section 3.3 vendor data: enforces vendor-key shape (lcase-alnum + `_-*/`, optional `<tenant>@<system>`), value charset (printable ASCII excluding `,` and `=`), 32-entry cap, 512-char total cap, dup-key-keep-first per section 3.3.1.5."
+            },
+            {
+              "title": "`b.observability.baggage.parse` / `build`",
+              "body": "W3C Baggage spec parser + builder for operator-supplied context (tenantId, region, experimentId, etc.) propagated across service boundaries. RFC 7230 tchar key grammar, percent-encoded UTF-8 values, optional per-entry properties (`key=value;property=value`), 64-entry / 8192-char caps."
+            },
+            {
+              "title": "`b.observability.tracer.create({ service, resource, onEnd })`",
+              "body": "OTel-shaped span builder. `tracer.start(name, opts)` returns a span with `setAttribute` / `setAttributes` / `addEvent` / `recordException` / `setStatus` / `end` / `isRecording` / `toJSON`. OTLP/JSON-compatible output (Trace v1) with `traceId` / `spanId` / `parentSpanId` / `name` / `kind` / `startTimeUnixNano` / `endTimeUnixNano` / `attributes` / `events` / `status` / `resource` / `scope` / `droppedAttributesCount` / `droppedEventsCount`. Attribute caps (128 keys, 1024-char values), event cap (128) per OTLP defaults. `tracer.startChildOf(parent, name)` derives child spans sharing the trace context."
+            },
+            {
+              "title": "`b.observability.tracer.spanToTraceparent(span)`",
+              "body": "Emits the canonical W3C `traceparent` for outbound propagation."
+            },
+            {
+              "title": "`b.observability.otlpExporter.create({ endpoint, ... })`",
+              "body": "Buffered OTLP/HTTP JSON span exporter. Batches spans (default 200), flushes on size + interval (default 5s), retries 5xx + 408/429 with exponential backoff, drops oldest on queue overflow (default 4096). Custom `fetchImpl` opt for testing or non-default HTTP transports; `allowedProtocols` opt for cleartext dev collectors."
+            },
+            {
+              "title": "`b.middleware.spanHttpServer({ tracer, ... })`",
+              "body": "Auto-creates a root server span per HTTP request, populates OTel `SEMCONV.HTTP_*` / `URL_*` / `SERVER_*` / `CLIENT_*` attributes, attaches the span to `req.span`, ends on response close, fires `onEnd(span.toJSON())` for export. `ignorePaths` (string + RegExp) keeps healthz / static-asset routes out of span volume; `captureRequestHeaders` / `captureResponseHeaders` lift named headers into the span as `http.request.header.*` / `http.response.header.*` attributes."
+            },
+            {
+              "title": "`b.middleware.traceLogCorrelation({ logger })`",
+              "body": "Wraps a `b.log` instance for the request lifetime so every `info()` / `warn()` / `error()` emission inside the handler auto-includes `trace_id` + `span_id` from the active context (via `req.trace` + `req.span`). Pass-through when no trace context present."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.middleware.tracePropagate` reads inbound tracestate",
+              "body": "Extended to also read inbound `tracestate` and stamp `req.trace.tracestate` as the parsed entries array (or `[]` when missing); when `setResponseHeader: true`, echoes both `traceparent` and `tracestate` on the response."
+            },
+            {
+              "title": "Shared regex constants consolidated across observability + guard surfaces",
+              "body": "`safeBuffer.TRACE_ID_HEX_RE` / `SPAN_ID_HEX_RE` / `RFC7230_TCHAR_RE` extracted as shared regex constants; `guard-mime` / `middleware/headers` / `observability` consolidated against the new shared constants."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "W3C Trace Context Level 1",
+          "url": "https://www.w3.org/TR/trace-context-1/"
+        },
+        {
+          "label": "W3C Baggage",
+          "url": "https://www.w3.org/TR/baggage/"
+        },
+        {
+          "label": "OTLP/HTTP specification",
+          "url": "https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/otlp.md"
+        },
+        {
+          "label": "RFC 7230 tchar grammar",
+          "url": "https://www.rfc-editor.org/rfc/rfc7230.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.102",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.tracePropagate` — inbound traceparent ingestion middleware",
+      "summary": "Consumes the inbound `traceparent` header per W3C Trace Context and stamps `req.trace = { traceId, parentId, sampled, hadUpstream }` for downstream handlers + propagation into outbound HTTP calls. Composes with the v0.7.101 `b.observability.traceContext` parser/builder.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.tracePropagate({ generateIfMissing, ... })`",
+              "body": "`generateIfMissing: true` (default) synthesises a fresh trace when the inbound header is missing/malformed and stamps `hadUpstream: false`. `auditOnMissing: true` emits `system.trace.synthesised` audit events on every locally-originated trace. `setResponseHeader: true` echoes the resolved traceparent on the response (useful when the framework is the back-end of an L7 router that wants to log it). Downstream handlers read `req.trace.traceId` and pass it to `traceContext.build({ traceId: req.trace.traceId, parentId: traceContext.newParentId(), sampled: req.trace.sampled })` for the `traceparent` header on upstream calls."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "W3C Trace Context Level 1",
+          "url": "https://www.w3.org/TR/trace-context-1/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.101",
+      "date": "2026-05-06",
+      "headline": "`b.observability.traceContext` — W3C Trace Context parser + builder",
+      "summary": "Vendor-free W3C Trace Context support so operators can propagate trace IDs across an outbound HTTP call without a vendored OTel SDK. Pairs with the SEMCONV constants from v0.7.95 to build OTel-aligned spans on top.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`traceContext.parse(headerValue)`",
+              "body": "Consumes a `traceparent` HTTP header value (`00-<32hex traceId>-<16hex parentId>-<2hex flags>`) and returns `{ version, traceId, parentId, flags, sampled }` or null on malformed input. Enforces the section 3.2.2.3 / 3.2.2.4 all-zero-rejection rule (zero trace-id and zero parent-id are explicitly forbidden by spec)."
+            },
+            {
+              "title": "`traceContext.build({ traceId, parentId, sampled })`",
+              "body": "Produces a v1 `traceparent` header value; throws on bad input shape."
+            },
+            {
+              "title": "`traceContext.newTraceId()` / `newParentId()`",
+              "body": "Generate fresh randomized 128-bit / 64-bit hex strings, with the all-zero retry path the spec requires."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "W3C Trace Context Level 1",
+          "url": "https://www.w3.org/TR/trace-context-1/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.100",
+      "date": "2026-05-06",
+      "headline": "`b.network.tls.expiryMonitor` — periodic CA-trust-store expiry monitor",
+      "summary": "Runs `expiringSoon(windowMs)` on a schedule and surfaces expiring CAs via audit events, observability counters, and an optional operator hook. Closes the continuous-trust-monitoring follow-up to the v0.7.26 OCSP/CT release.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.tls.expiryMonitor({ intervalMs, windowMs, onExpiring })`",
+              "body": "Emits `network.tls.ca.expiry_check` audit event on every check (with `expiring` count + `total` CA count), `network.tls.ca.expiring` audit event when any CA falls inside the window, and the matching `network.tls.ca.expiring` observability counter. Optional `onExpiring(rows)` operator hook fires on every check that surfaces expiring CAs so operators can wire pager / Slack alerts. Audit metadata captures the expiring CA labels + the earliest `validTo` timestamp so dashboards can compute days-until-first-expiry without re-querying. Returns a handle with `.stop()` for graceful shutdown."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.99",
+      "date": "2026-05-06",
+      "headline": "`b.db.integrityCheck` + `b.db.integrityMonitor` — periodic SQLite corruption detection",
+      "summary": "On-demand `PRAGMA integrity_check` plus a scheduled monitor for long-running deployments where filesystem-level corruption can develop after boot. The boot-time check added in v0.7.79 continues to run unchanged at `db.init`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.db.integrityCheck()`",
+              "body": "Runs `PRAGMA integrity_check` against the live database and returns `\"ok\"` on a healthy database, or an array of corruption description strings on damage. Operators wire this into `/healthz` handlers or one-off CLI checks."
+            },
+            {
+              "title": "`b.db.integrityMonitor({ intervalMs, onCorruption })`",
+              "body": "Runs the check on a schedule (24h default), emits `system.db.integrity_ok` / `system.db.integrity_corrupt` audit events, and fires the `db.integrity_check_ok` / `db.integrity_check_corrupt` observability counters. Optional `onCorruption(issues)` operator hook fires on every corrupt result so operators can wire pager alerts. Returns a handle with `.stop()` for graceful shutdown."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.98",
+      "date": "2026-05-06",
+      "headline": "`b.ntpCheck.monitor` — periodic clock-drift monitor with audit + observability emissions",
+      "summary": "Runs `checkDrift` on a schedule and emits audit + observability events on threshold crossings. The boot-time `b.ntpCheck.bootCheck` continues to run unchanged at `db.init`; the monitor exists for long-running deployments where clock-drift can develop after boot (container with no RTC sync, ntpd stopped after boot, etc.).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.ntpCheck.monitor({ intervalMs, ... })`",
+              "body": "Returns a handle with `.stop()` for graceful shutdown. Audit emissions: `system.ntp.checked` (every check), `system.ntp.drift_warn` (drift exceeds warn threshold), `system.ntp.drift_fatal` (drift exceeds fatal threshold), `system.ntp.unreachable` (every server in the list failed to respond). Observability event: `ntp.drift_ms` gauge on every successful check, labeled with the responding server. Optional `onDrift(result)` operator hook fires on every warning/fatal check so operators can wire pager / Slack notifications."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.97",
+      "date": "2026-05-06",
+      "headline": "`b.compliance` lookup helpers — posturesByDomain / posturesByJurisdiction / list",
+      "summary": "Pure-function lookups over the v0.7.94 `REGIME_MAP` so admin UIs and multi-region deployments can resolve postures by domain or ISO 3166 alpha-2 jurisdiction without iterating the raw map.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.compliance.posturesByDomain(domain)`",
+              "body": "Returns every posture matching the named domain (`\"privacy\"` / `\"health\"` / `\"payment\"` / `\"cybersecurity\"` / `\"financial-reporting\"` / `\"financial-resilience\"` / `\"product-cybersecurity\"` / `\"ai-governance\"` / `\"biometrics\"` / `\"audit-attestation\"`)."
+            },
+            {
+              "title": "`b.compliance.posturesByJurisdiction(jurisdiction)`",
+              "body": "Returns postures matching the ISO 3166 alpha-2 code, `EU`, or `international` — useful for multi-region deployments that resolve different posture configs per region."
+            },
+            {
+              "title": "`b.compliance.list()`",
+              "body": "Returns every posture as a `{ posture, name, citation, jurisdiction, domain }` row in canonical `KNOWN_POSTURES` order. Admin UIs render the full set as a dropdown / table without iterating `REGIME_MAP` keys themselves."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.96",
+      "date": "2026-05-06",
+      "headline": "`b.observability.timed` — wrap a sync/async operation in a duration + outcome counter",
+      "summary": "Consolidates the hand-rolled `t0 = Date.now(); ... event(name, 1, { duration_ms, outcome })` pattern that had been repeated at many observability call sites into a single helper. Composes with the existing `b.observability.SEMCONV` constants.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.observability.timed(name, fn, labels)`",
+              "body": "Measures wall-clock duration of a sync or async operation and emits a counter event carrying `duration_ms` in the labels alongside `outcome: \"ok\" | \"fail\"`. Returns the wrapped function's return value verbatim; rethrows on error after emitting the failure event with `error_type` capturing the thrown error's `.name`. Operation name MUST be a stable string (not derived from input) to keep metric cardinality bounded; dynamic per-tenant labels go in the `labels` parameter. Example: `b.observability.timed(\"db.query\", async () => db.query(\"SELECT ...\"), { [SEMCONV.DB_OPERATION_NAME]: \"select\" })`."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.95",
+      "date": "2026-05-06",
+      "headline": "`b.observability.SEMCONV` — GenAI + cloud + container attribute coverage",
+      "summary": "Twenty-eight new OpenTelemetry semantic-convention attribute names covering generative-AI workloads, vector databases, cloud runtime context, and Kubernetes orchestration. Reference these constants instead of hand-rolling the strings — typos throw at access time instead of producing mis-named span attributes the OTel collector silently drops.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "GenAI attributes (19)",
+              "body": "`GEN_AI_SYSTEM` / `GEN_AI_REQUEST_MODEL` / `GEN_AI_REQUEST_TEMPERATURE` / `GEN_AI_REQUEST_TOP_P` / `GEN_AI_REQUEST_TOP_K` / `GEN_AI_REQUEST_MAX_TOKENS` / `GEN_AI_REQUEST_STOP_SEQUENCES` / `GEN_AI_RESPONSE_MODEL` / `GEN_AI_RESPONSE_ID` / `GEN_AI_RESPONSE_FINISH_REASONS` / `GEN_AI_USAGE_INPUT_TOKENS` / `GEN_AI_USAGE_OUTPUT_TOKENS` / `GEN_AI_USAGE_TOTAL_TOKENS` / `GEN_AI_OPERATION_NAME` / `GEN_AI_TOOL_NAME` / `GEN_AI_TOOL_CALL_ID` / `GEN_AI_AGENT_ID` / `GEN_AI_AGENT_NAME` / `GEN_AI_AGENT_DESCRIPTION`."
+            },
+            {
+              "title": "Vector DB / RAG attributes (3)",
+              "body": "`DB_VECTOR_QUERY_TOP_K` / `DB_VECTOR_QUERY_DIMENSIONS` / `DB_VECTOR_QUERY_DISTANCE_METRIC`."
+            },
+            {
+              "title": "Cloud attributes (4)",
+              "body": "`CLOUD_PROVIDER` / `CLOUD_REGION` / `CLOUD_ACCOUNT_ID` / `CLOUD_RESOURCE_ID`."
+            },
+            {
+              "title": "Container / Kubernetes attributes (6)",
+              "body": "`CONTAINER_ID` / `CONTAINER_IMAGE_NAME` / `CONTAINER_IMAGE_TAG` / `K8S_NAMESPACE_NAME` / `K8S_POD_NAME` / `K8S_DEPLOYMENT_NAME`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "OpenTelemetry semantic conventions",
+          "url": "https://opentelemetry.io/docs/specs/semconv/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.94",
+      "date": "2026-05-06",
+      "headline": "`b.compliance.REGIME_MAP` + `b.compliance.describe` — posture name / citation / jurisdiction / domain lookup",
+      "summary": "Frozen lookup table mapping each compliance posture to its human-readable name, statutory citation, jurisdiction, and domain. Operators rendering deployment posture in admin UI or audit logs reach for this instead of hand-rolling the table; values track the regulatory text and update with the framework rather than going stale.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.compliance.REGIME_MAP` + `b.compliance.describe(<posture>)`",
+              "body": "`b.compliance.describe(\"hipaa\")` returns `{ name: \"Health Insurance Portability and Accountability Act\", citation: \"Pub. L. 104-191; 45 CFR Parts 160, 162, 164\", jurisdiction: \"US\", domain: \"health\" }`. Covers all 19 postures shipped through v0.7.91 (hipaa / pci-dss / soc2 / sox plus the v0.7.91 expansions: wmhmda / bipa / ccpa / gdpr / dora / nis2 / cra / ai-act / lgpd-br / pipl-cn / appi-jp / pdpa-sg / pipeda-ca / uk-gdpr). The `domain` field categorizes the regime (privacy / health / payment / cybersecurity / financial-reporting / etc.) so operators can render compliance dashboards grouped by domain instead of alphabetical posture."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.93",
+      "date": "2026-05-06",
+      "headline": "Adjacent-regulation incident-reporting deadline references exported on `b.dora`",
+      "summary": "`b.dora.DEADLINES_NIS2` — NIS2 (Directive (EU) 2022/2555) Art. 23 deadlines: 24h early warning, 72h initial notification, 1 month final report. `b.dora.DEADLINES_CRA` — CRA (Regulation (EU) 2024/2847) Art. 14 deadlines: 24h early warning, 72h initial notification, 14 days final report.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.dora.DEADLINES_NIS2`",
+              "body": "NIS2 (Directive (EU) 2022/2555) Art. 23 deadlines: 24h early warning, 72h initial notification, 1 month final report."
+            },
+            {
+              "title": "`b.dora.DEADLINES_CRA`",
+              "body": "CRA (Regulation (EU) 2024/2847) Art. 14 deadlines: 24h early warning, 72h initial notification, 14 days final report."
+            },
+            {
+              "title": "`b.dora.DEADLINES_HIPAA_BREACH`",
+              "body": "HIPAA Breach Notification Rule (45 CFR §164.404 / §164.408) deadlines: 60 days for affected individuals, 60 days for HHS Secretary, annual aggregate report by March 1 for sub-500-individual breaches. Operators handling NIS2 / CRA / HIPAA reporting reach for these constants instead of pinning literal hour counts in their workflow code; the values track the regulatory text and update with the framework rather than going stale in operator code. The b.dora factory itself continues to enforce DORA Article 19 deadlines unchanged — operators wiring NIS2 / CRA / HIPAA workflows compose against the deadline constants directly with their own scheduler / submission code."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.92",
+      "date": "2026-05-06",
+      "headline": "Retention floors + observability semconv expansion",
+      "summary": "`b.retention.complianceFloor(<posture>, candidateMs)` now recognizes `nis2` (3 years — NIS2 Art. 23 incident reporting), `cra` (5 years — CRA Art. 14 vulnerability handling logs), `lgpd-br` (5 years — Brazil fiscal record minimum + LGPD Art.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.retention.complianceFloor(<posture>, candidateMs)`",
+              "body": "now recognizes `nis2` (3 years — NIS2 Art. 23 incident reporting), `cra` (5 years — CRA Art. 14 vulnerability handling logs), `lgpd-br` (5 years — Brazil fiscal record minimum + LGPD Art. 16), `appi-jp` (3 years — Japan APPI handler-of-record), `pdpa-sg` (1 year — PDPA breach notification audit trail), and `uk-gdpr` (6 years — UK ICO guidance + statutory limit alignment). `gdpr` continues to have no fixed minimum (Art. 5(1)(e) is \"no longer than necessary\" — operator-driven)."
+            },
+            {
+              "title": "`b.observability.SEMCONV`",
+              "body": "gains RPC attributes (`RPC_SYSTEM` / `RPC_SERVICE` / `RPC_METHOD` / `RPC_GRPC_STATUS_CODE`), additional messaging keys (`MESSAGING_CLIENT_ID` / `MESSAGING_MESSAGE_ID` / `MESSAGING_DESTINATION_PARTITION_ID` / `MESSAGING_BATCH_MESSAGE_COUNT`), network transport (`NETWORK_TRANSPORT` / `NETWORK_CONNECTION_TYPE`), process / runtime identification (`PROCESS_PID` / `PROCESS_RUNTIME_NAME` / `PROCESS_RUNTIME_VERSION`), service identification (`SERVICE_NAME` / `SERVICE_VERSION` / `SERVICE_INSTANCE_ID`), and telemetry SDK self-id (`TELEMETRY_SDK_NAME` / `TELEMETRY_SDK_LANGUAGE` / `TELEMETRY_SDK_VERSION`). Operators wiring the framework's tap into a gRPC-fronted OTel collector or an outbox-fed Kafka topic now reference the canonical attribute names directly without an aliasing table on their side."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.91",
+      "date": "2026-05-06",
+      "headline": "Compliance-posture vocabulary expanded + OpenTelemetry semantic-convention attribute table",
+      "summary": "`b.compliance.set(<posture>)` now accepts thirteen new posture names: `wmhmda` (Washington My Health My Data Act), `bipa` (Illinois Biometric Information Privacy Act), `ccpa` (California Consumer Privacy Act), `nis2` (EU NIS2 Directive), `cra` (EU Cyber Resilience Act), `ai-a.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.compliance.set(<posture>)`",
+              "body": "now accepts thirteen new posture names: `wmhmda` (Washington My Health My Data Act), `bipa` (Illinois Biometric Information Privacy Act), `ccpa` (California Consumer Privacy Act), `nis2` (EU NIS2 Directive), `cra` (EU Cyber Resilience Act), `ai-act` (EU AI Act), `lgpd-br` (Brazil LGPD), `pipl-cn` (China PIPL), `appi-jp` (Japan APPI), `pdpa-sg` (Singapore PDPA), `pipeda-ca` (Canada PIPEDA), `uk-gdpr` (UK GDPR). Existing `hipaa` / `pci-dss` / `gdpr` / `soc2` / `dora` / `sox` continue to work. Postures map to per-primitive defaults via the existing compliancePosture opt on guards, retention, dora, etc. — operators set the deployment-wide posture once and primitives that key off it pick up the right defaults."
+            },
+            {
+              "title": "`b.observability.SEMCONV`",
+              "body": "frozen attribute-name table tracking the OpenTelemetry semantic-convention stable namespace (1.27+). HTTP server attributes (`http.request.method`, `http.response.status_code`, `http.route`, `server.address`, `client.address`), URL (`url.full`, `url.path`, `url.scheme`), database (`db.system`, `db.namespace`, `db.operation.name`, `db.query.text`), messaging (`messaging.system`, `messaging.destination.name`), auth (`user.id`, `session.id`), errors (`error.type`, `exception.type`, `exception.message`). Operators wiring the framework's tap into an OTel SDK reference these constants instead of hand-rolling the names — no aliasing table on the operator side, and string typos throw at access time instead of producing mis-named span attributes that the OTel collector silently drops."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.90",
+      "date": "2026-05-06",
+      "headline": "`b.outbox` — transactional outbox primitive for at-least-once event publication without distributed",
+      "summary": "transactions. `b.outbox.create({ externalDb, table, publisher, ... })` returns an outbox instance with three core operations: `enqueue(event, txn)` writes the outbox row inside the operator's transaction (using the `txClient` returned by `b.externalDb.transaction`), `start()` spins a polling publisher worker that claims rows via `SELECT ...",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.outbox.create({ externalDb, table, publisher, ... })`",
+              "body": "returns an outbox instance with three core operations: `enqueue(event, txn)` writes the outbox row inside the operator's transaction (using the `txClient` returned by `b.externalDb.transaction`), `start()` spins a polling publisher worker that claims rows via `SELECT ... FOR UPDATE SKIP LOCKED` (Postgres) and dispatches to the operator-supplied async `publisher(event)` callback, `stop()` gracefully shuts the worker down. Failed publishes retry with exponential backoff (`retryBackoff: { initialMs, maxMs, factor }`); rows that exceed `maxAttempts` are marked `'dead'` for operator triage and an `system.outbox.deadletter` audit event fires. Schema is operator-managed: `outbox.declareSchema(externalDb)` runs an idempotent `CREATE TABLE IF NOT EXISTS ... (id, topic, payload, key, headers, enqueued_at, next_attempt_at, published_at, attempts, last_error, status)` + a partial index on `(next_attempt_at) WHERE status = 'pending'`. `pendingCount()` / `deadCount()` expose the queue depth + DLQ depth for operator dashboards. Observability events on every state transition (`outbox.enqueued` / `outbox.published` / `outbox.publish-failed` / `outbox.dead-letter`)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.89",
+      "date": "2026-05-06",
+      "headline": "Three additive primitives bundled: TUS resumable uploads, WebAuthn Signal API, DPoP server-issued nonce challenge",
+      "summary": "`b.middleware.tusUpload({ mountPath, store, ... })` implements the [tus.io](https://tus.io) v1.0.0 resumable-upload protocol — POST creates uploads, HEAD reports offsets, PATCH appends chunks, DELETE terminates. Supported extensions: `creation`, `creation-with-upload`, `expiration`, `checksum`, `termination`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.tusUpload({ mountPath, store, ... })`",
+              "body": "implements the [tus.io](https://tus.io) v1.0.0 resumable-upload protocol — POST creates uploads, HEAD reports offsets, PATCH appends chunks, DELETE terminates. Supported extensions: `creation`, `creation-with-upload`, `expiration`, `checksum`, `termination`. The `checksum` extension defaults to PQC-first algorithms (`sha3-512`, `shake256`) — operators add classical algorithms explicitly via `checksumAlgorithms`. A built-in `b.middleware.tusUpload.memoryStore({ maxSize })` ships for development; production operators implement the `{ create, head, append, setLength, terminate, purgeExpired, getBuffer }` shape against their object-store backend. Bounded chunk collection routes through `safeBuffer.boundedChunkCollector` (cap-enforced at push time, no 10-GiB pre-collect). Concatenation extension (parallel-chunk assembly) deferred — operators that need it compose against their store layer; re-open if a store-layer-only solution proves insufficient."
+            },
+            {
+              "title": "`b.auth.passkey.signalUnknownCredential` / `signalAllAcceptedCredentials` /",
+              "body": "add the W3C WebAuthn Signal API descriptor builders — when the browser implements `PublicKeyCredential.signal*`, operators emit the matching JSON descriptor to clean up stale passkeys, refresh user details, and surface revocations without forcing a re-registration. All three validate `rpId` / `userId` / `credentialId` shape (base64url) and refuse `name`/`displayName` longer than 256 chars."
+            },
+            {
+              "title": "`b.middleware.dpop({ requireNonce: true, nonceRotateSec? })`",
+              "body": "implements RFC 9449 §8 server-issued DPoP-Nonce challenge — the middleware emits `DPoP-Nonce: <fresh>` on every 401 response, refuses proofs whose `nonce` claim isn't in the rolling current+previous pair, and refreshes the nonce on every successful response. The rolling-pair manager rotates without timers (lazy maybe-rotate on access); no operator nonce store needed. The `getNonce` callback path stays intact for operator-managed nonce flows."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9449",
+          "url": "https://www.rfc-editor.org/rfc/rfc9449.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.88",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.webAppManifest` + `b.middleware.assetlinks` — two static-content middlewares for PWA",
+      "summary": "+ Trusted Web Activity support. `b.middleware.webAppManifest({ name, start_url, icons, ... })` serves the W3C Web App Manifest at `/manifest.webmanifest` (and `/manifest.json` when `alsoAtJsonPath: true`).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.webAppManifest({ name, start_url, icons, ... })`",
+              "body": "serves the W3C Web App Manifest at `/manifest.webmanifest` (and `/manifest.json` when `alsoAtJsonPath: true`). The framework JSON-serializes once at create() and serves with `Content-Type: application/manifest+json` per the W3C spec + `Cache-Control: public, max-age=86400` + `X-Content-Type-Options: nosniff`. The W3C-spec attribute set is allowlisted (name / short_name / description / start_url / scope / display / display_override / orientation / theme_color / background_color / icons / screenshots / shortcuts / categories / lang / dir / id / prefer_related_applications / related_applications) — typos throw at create. `name`, `start_url`, and at least one icon are required (W3C — installability minimum). HEAD + GET only."
+            },
+            {
+              "title": "`b.middleware.assetlinks({ statements })`",
+              "body": "serves Digital Asset Links at `/.well-known/assetlinks.json` per Google's spec — used by Trusted Web Activity, Android App Links, Smart Lock for Passwords, WebAuthn for Android. Validates each statement carries `relation` (non-empty array) and `target` (object). Same Content-Type / Cache-Control / X-Content-Type-Options posture as the security.txt + manifest emitters."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.87",
+      "date": "2026-05-06",
+      "headline": "Two route-guard middlewares for API hardening — `b.middleware.requireMethods` and `b.middleware.requireContentType`",
+      "summary": "`b.middleware.requireMethods([\"GET\", \"POST\"])` refuses any HTTP method outside the allowlist with `405 Method Not Allowed` + `Allow:` header listing the allowed methods (per RFC 9110 §15.5.6).",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.middleware.requireMethods([\"GET\", \"POST\"])`",
+              "body": "refuses any HTTP method outside the allowlist with `405 Method Not Allowed` + `Allow:` header listing the allowed methods (per RFC 9110 §15.5.6). Defends against unexpected verb routing — many CVE-class bugs trace to a route handler wired for GET that accidentally accepts arbitrary verbs (PROPFIND, OPTIONS, custom)."
+            },
+            {
+              "title": "`b.middleware.requireContentType([\"application/json\"])`",
+              "body": "refuses requests with a body (POST/PUT/PATCH by default) whose `Content-Type` isn't in the allowlist with `415 Unsupported Media Type` + `Accept:` header listing the allowed types (RFC 9110 §15.5.16). Defends against MIME-type confusion — a route that processes JSON shouldn't accept `application/x-www-form-urlencoded` even if the body parses. Both middlewares emit observability events (`middleware.requireMethods.denied` / `middleware.requireContentType.denied`) on every refusal for triage. Operators wanting to enforce content-type on idempotent verbs that DO carry bodies (rare DELETE-with-body shapes) override the default body-method list via `requireContentType(types, { methods })`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9110",
+          "url": "https://www.rfc-editor.org/rfc/rfc9110.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.86",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.csrfProtect({ requireJsonContentType: true })` — strict-fetch mode for JSON-only API",
+      "summary": "surfaces. State-changing requests (POST/PUT/PATCH/DELETE) without `Content-Type: application/json` are refused before the token check with `CSRF: state-changing requests require Content-Type: application/json.` and audit emission `csrf.denied` with `reason: \"non-JSON content-type: ...\"`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.csrfProtect({ requireJsonContentType: true })` — strict-fetch mode for JSON-only API",
+              "body": "`b.middleware.csrfProtect({ requireJsonContentType: true })` — strict-fetch mode for JSON-only API surfaces. State-changing requests (POST/PUT/PATCH/DELETE) without `Content-Type: application/json` are refused before the token check with `CSRF: state-changing requests require Content-Type: application/json.` and audit emission `csrf.denied` with `reason: \"non-JSON content-type: ...\"`. The browser's form-encoded POST shape is the canonical CSRF vector — a malicious page can `<form action=\"/transfer\" method=POST>` a victim into a state-changing request without a preflight. An `application/json` body forces a CORS preflight (the browser refuses to skip it for non-simple Content-Type values), so an attacker without an operator-allowlisted CORS origin can't reach the route at all. Default `false` — operators with HTML form submissions on the same routes (mixed SPA + classic form pages) keep current behavior; pure-fetch API operators opt in."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.85",
+      "date": "2026-05-06",
+      "headline": "`b.auth.statusList` — OAuth Token Status List (draft-ietf-oauth-status-list-20). The canonical",
+      "summary": "credential-revocation mechanism for SD-JWT VC and OpenID for Verifiable Credentials. An issuer publishes a JWT-wrapped bitstring at a URL; relying parties fetch + check the bit at index N to determine if the credential whose `status_list` claim points at that URL+index is valid / invalid / suspended / application-specific.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.statusList.create({ size, bits?, fill? })`",
+              "body": "allocates a bit-packed buffer (`bits` ∈ {1, 2, 4, 8} per draft §6.1.1, default 1). The returned object exposes `.set(idx, status)` / `.get(idx)` / `.snapshot()` / `.toJwt({ issuer, subject, privateKey, algorithm, expiresInSec?, ... })`."
+            },
+            {
+              "title": "`b.auth.statusList.fromJwt(token, { publicKey | keyResolver, algorithms?, expectedIssuer?, ... })`",
+              "body": "verifies the JWT through `b.auth.jwt.verify` and returns `{ list, claims }` — the list exposes `.get(idx)` to check status of an individual credential without decompressing into a separate Buffer. The bitstring is zlib-deflated (RFC 1951 raw deflate per draft §6.1.4) before base64url encoding so a million-entry list collapses to ~125 KB on the wire when most bits are zero. Caps the compressed payload at 1 MiB; operators publishing larger lists shard. Status constants exported as `b.auth.statusList.STATUS_{VALID,INVALID,SUSPENDED,APPLICATION_SPECIFIC}`. Foundational for the v0.7.58 EU AI Act + eIDAS 2.0 wallet slice."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 1951",
+          "url": "https://www.rfc-editor.org/rfc/rfc1951.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.84",
+      "date": "2026-05-06",
+      "headline": "`b.crypto.sri(content, { algorithm? })` — Subresource Integrity hash builder per W3C SRI 1.0",
+      "summary": ". Operators emit `<script integrity=\"sha384-...\">` and `<link integrity=\"sha384-...\">` to defend against CDN compromise + ISP MITM injection — the browser refuses to load a resource whose actual hash diverges from the integrity attribute.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.crypto.sri(content, { algorithm? })` — Subresource Integrity hash builder per W3C SRI 1.0",
+              "body": "`b.crypto.sri(content, { algorithm? })` — Subresource Integrity hash builder per W3C SRI 1.0. Operators emit `<script integrity=\"sha384-...\">` and `<link integrity=\"sha384-...\">` to defend against CDN compromise + ISP MITM injection — the browser refuses to load a resource whose actual hash diverges from the integrity attribute. Default algorithm is `sha384` (W3C §3.2 — collision margin without sha512's 64-byte overhead); `sha256` and `sha512` also accepted, anything else refused. Accepts `Buffer` / `Uint8Array` / `string` / array of those — array inputs emit multiple space-separated integrity tokens per W3C §3.3 multi-integrity (browser picks the strongest it recognizes). Returns the standard `sha###-<base64>` format ready to paste into the `integrity=\"\"` attribute."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.83",
+      "date": "2026-05-06",
+      "headline": "OpenID Connect RP-Initiated Logout + RFC 9126 Pushed Authorization Requests",
+      "summary": "`b.auth.oauth` gains two operator-facing helpers: `endSessionUrl()` builds the IdP-termination redirect URL for `/logout` routes, and `pushAuthorizationRequest()` POSTs authorization parameters out-of-band to the IdP's PAR endpoint and returns the short `request_uri` reference to redirect the browser through.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.oauth.endSessionUrl()` (OpenID Connect RP-Initiated Logout)",
+              "body": "Builds the URL the operator's `/logout` route redirects the user-agent to so the IdP terminates the session and bounces back to the operator's app. Accepts `{ idTokenHint?, postLogoutRedirectUri?, state?, logoutHint?, uiLocales?, clientId?, extraParams? }`. The IdP's `end_session_endpoint` is read from the OIDC discovery document or operator-supplied at `create({ endSessionEndpoint })`. Throws `auth-oauth/no-end-session-endpoint` when neither the discovery doc nor the operator opts supply the endpoint."
+            },
+            {
+              "title": "`b.auth.oauth.pushAuthorizationRequest()` (RFC 9126 PAR)",
+              "body": "POSTs the authorization-request parameters directly to the IdP's PAR endpoint (mTLS or client-secret authenticated) and returns `{ url, state, nonce, verifier, challenge, requestUri, expiresIn }` — the browser-side redirect URL is `<authorizationEndpoint>?client_id=...&request_uri=...`. Defends against authorization-request parameter tampering by a man-in-the-middle at the user-agent and against URL-length overflow on long authorization requests (the `request_uri` reference is short). The PAR endpoint is read from the discovery doc's `pushed_authorization_request_endpoint` or operator-supplied at `create({ pushedAuthorizationRequestEndpoint })`. Throws `auth-oauth/no-par-endpoint` when neither source supplies it."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "OpenID Connect RP-Initiated Logout 1.0",
+          "url": "https://openid.net/specs/openid-connect-rpinitiated-1_0.html"
+        },
+        {
+          "label": "RFC 9126 OAuth 2.0 Pushed Authorization Requests",
+          "url": "https://www.rfc-editor.org/rfc/rfc9126.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.82",
+      "date": "2026-05-06",
+      "headline": "`b.mail.bimi` — BIMI record builder + DNS verifier (RFC 9091)",
+      "summary": "BIMI publishes a sender's brand logo URL in DNS so receiving MTAs can render it next to messages in supported clients (Gmail, Yahoo, Apple Mail). Three primitives ship: a record-shape builder, a DNS fetch + parse, and a standalone parser for operator-supplied TXT bodies.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.bimi.recordShape({ logoUrl, vmcUrl?, selector? })`",
+              "body": "Produces the canonical `v=BIMI1; l=https://...; a=https://...` TXT-record string per RFC 9091 §4. Both `l=` (SVG logo URL) and `a=` (Verified Mark Certificate URL per RFC 9091 §6) are HTTPS-required (refuses `http://`). All field values are CR/LF/NUL/semicolon-screened so a hostile URL can't inject a record-separator into the published TXT."
+            },
+            {
+              "title": "`b.mail.bimi.fetchPolicy(domain, { selector?, dnsLookup? })`",
+              "body": "Queries `<selector>._bimi.<domain>` (default selector `\"default\"`) and returns the structured record `{ v, l, a }` or `null` when no policy is published or the record is malformed. Layered on a passing DMARC posture; operators with the existing `b.mail.dmarc` posture set up benefit from BIMI rendering immediately on receivers that honor it."
+            },
+            {
+              "title": "`b.mail.bimi.parseRecord(text)`",
+              "body": "Parses any operator-supplied TXT body — semicolon-separated `key=value` pairs per RFC 9091 §4. The framework does not validate SVG or VMC contents against the RFC §5/§6 profiles; operators feed those to their own asset pipeline. The fetch primitive is a thin DNS lookup that returns the structured record so an operator dashboard or SMTP send-time preflight can verify the publication."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9091 BIMI",
+          "url": "https://www.rfc-editor.org/rfc/rfc9091.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.81",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.hostAllowlist` — DNS rebinding defense",
+      "summary": "Refuses requests whose `Host` header doesn't match the operator-supplied allowlist. Closes the DNS rebinding chain (attacker DNS flips `evil.com` → `127.0.0.1`, browser still believes the URL string says `evil.com` so same-origin policy lets the JS read the response, but the operator's localhost is what actually serves).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.hostAllowlist({ hosts, denyStatus?, denyBody?, audit? })`",
+              "body": "Operators pass an allowlist of canonical Host values (with or without port). Wildcard-leading entries (`*.example.com`) match any single label; `app.sub.example.com` does NOT match `*.example.com` (multi-label is rejected by design — wildcard certificate authorities issue only single-label intermediates). Entries without a port match any port; entries with a port require exact match. Default `denyStatus: 421` (RFC 7540 §9.1.2 \"Misdirected Request\"); default `denyBody: \"Misdirected Request\"`. Audit emits `network.host_allowlist.denied` with the reason (`missing-host` / `host-not-in-allowlist`) and the actual Host value for triage. Operators running explicitly-public services that accept arbitrary subdomains (multi-tenant forum shapes) skip this middleware entirely; there is no per-request opt-out."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7540 §9.1.2 Misdirected Request",
+          "url": "https://www.rfc-editor.org/rfc/rfc7540.html#section-9.1.2"
+        }
+      ]
+    },
+    {
+      "version": "0.7.80",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.securityTxt` (RFC 9116) + SQLite `secure_delete=ON` at DB boot",
+      "summary": "Operators serve a static `/.well-known/security.txt` so security researchers know where to find the disclosure policy, and SQLite databases now overwrite freed page bytes on delete instead of just unlinking them from the B-tree.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.securityTxt({ contact, expires, encryption?, policy?, ack?, preferredLanguages?, hiring?, canonical?, alsoAtRoot?, audit? })`",
+              "body": "Serves a static body at `/.well-known/security.txt` (and root `/security.txt` when `alsoAtRoot: true`) per RFC 9116. The `Contact:` and `Expires:` fields are REQUIRED per §2.5; the framework throws at config-time when either is missing AND when `expires` is in the past (RFC 9116 §2.5.5). All field values are CR/LF/NUL-screened (header-injection defense). The body is built once at `create()` and served with `Content-Length` + `Cache-Control: public, max-age=86400` + `X-Content-Type-Options: nosniff`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "SQLite `PRAGMA secure_delete=ON` applied at `b.db.init`",
+              "body": "SQLite normally just unlinks rows from the B-tree; the underlying page bytes survive on disk until a new write reuses the slot. With `secure_delete=ON`, freed pages are overwritten with zeros so a forensic recovery against the encrypted database file can't reconstruct deleted rows. The cost is one extra write per delete — already dominated by the framework's audit-chain emissions on every DSR erase / cascade fan-out."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9116 security.txt",
+          "url": "https://www.rfc-editor.org/rfc/rfc9116.html"
+        },
+        {
+          "label": "SQLite PRAGMA secure_delete",
+          "url": "https://www.sqlite.org/pragma.html#pragma_secure_delete"
+        }
+      ]
+    },
+    {
+      "version": "0.7.79",
+      "date": "2026-05-06",
+      "headline": "PQC TLS handshake key shares + DB hardening (integrity check, lock-holder boot token)",
+      "summary": "The framework's app-layer envelope has been PQC-first since v0.7.28 (ML-KEM-1024 + X25519 hybrid for sealed records); this release extends PQC posture down to the TLS handshake itself. SQLite integrity check at boot catches B-tree corruption before mid-query failure, and the migration-lock holder ID now carries a per-process boot token so PID-reuse across container restart can't be misattributed.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.tls.pqc` — operator-facing TLS 1.3 key-share configuration",
+              "body": "`b.network.tls.pqc.setKeyShares([\"X25519MLKEM768\", \"X25519\", \"secp256r1\"])` configures the TLS 1.3 key-share groups the framework's `https.Server` / `https.Agent` advertises. The first listed group is the operator priority; the peer picks the first mutually supported entry. `X25519MLKEM768` is the IETF draft-kwiatkowski-tls-ecdhe-mlkem-02 hybrid KEM that negotiates post-quantum + classical in one handshake — forward-secrecy survives both classical-CRQC and future quantum cryptanalysis. The default list attempts hybrid first, falls back to classical X25519 with peers that don't support the hybrid (most of the public web today), and to `secp256r1` for legacy peers. Operators wanting classical-only call `setKeyShares([\"X25519\"])`; `resetKeyShares()` restores the default. Requires Node 24+ with OpenSSL 3.5+ for the X25519MLKEM768 group; older Node falls back silently to the classical entries."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.network.tls.applyToContext({ base })` threads PQC key shares",
+              "body": "Now threads the configured key-share list through as the `groups` option to Node's TLS context. Operators who explicitly set `groups` in their `base` config keep the override."
+            },
+            {
+              "title": "`b.db.init` runs `PRAGMA integrity_check` at boot",
+              "body": "Refuses boot if SQLite reports anything other than `\"ok\"`. Catches B-tree corruption at boot rather than letting it surface mid-query when the engine stumbles on a bad page. Skip via `opts.skipIntegrityCheck: true` for tmpfs-only fixtures (audited reason)."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Migration-lock holder ID gains a per-process boot token",
+              "body": "`lib/external-db-migrate.js:_lockHolderId()` now appends a per-process random 8-byte boot token, so a recycled PID-on-hostname slot after a container restart can't be misattributed back to the new boot when reading stale lock rows. Closes the PID-reuse-across-container-restart concurrent-ownership window."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "draft-kwiatkowski-tls-ecdhe-mlkem",
+          "url": "https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/"
+        }
+      ]
+    },
+    {
+      "version": "0.7.78",
+      "date": "2026-05-06",
+      "headline": "`b.cloudEvents.wrap` / `.parse` — CloudEvents 1.0 envelope",
+      "summary": "Vendor-neutral event-format spec adopted by AWS EventBridge, Knative, Azure Event Grid, Google Eventarc, Datadog, and the broader CNCF event ecosystem. Operators wrap outbound events from webhook / pubsub / queue boundaries to interop with these consumers without each consumer learning a bespoke shape.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.cloudEvents.wrap({ source, type, data?, subject?, time?, id?, datacontenttype?, dataschema?, extensions? })`",
+              "body": "Produces a CloudEvents 1.0 envelope: required attributes (`id` auto-minted as RFC 4122 v4 UUID when omitted, `source`, `specversion=\"1.0\"`, `type`, `time` auto-set to `new Date().toISOString()`), optional attributes (`subject`, `datacontenttype` auto-set to `\"application/json\"` when `data` is JSON-serializable or `\"application/octet-stream\"` when `data` is a `Buffer` — base64-encoded into `data_base64`, `dataschema`), plus operator-defined extension attributes that conform to the §3.1 naming rules (lowercase ASCII alnum, 1-20 chars)."
+            },
+            {
+              "title": "`b.cloudEvents.parse(envelope)`",
+              "body": "Validates the envelope shape and returns a structured form with `extensions` surfaced as a separate object so consumers can route on operator-defined fields without grepping the envelope. Refuses `data` + `data_base64` together (CloudEvents §3.1.1), unsupported specversion, missing required attributes, malformed extension names."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`testAuditSafeEmitRedacts` smoke fixture registers its audit namespace",
+              "body": "The smoke fixture introduced in v0.7.75 now registers the `test` audit namespace before emitting so the audit handler's noise log line (`namespace 'test' is not registered`) no longer appears in CI smoke output."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CloudEvents v1.0 spec",
+          "url": "https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md"
+        }
+      ]
+    },
+    {
+      "version": "0.7.77",
+      "date": "2026-05-06",
+      "headline": "Argon2 switched from vendored prebuilds to Node's built-in `crypto.argon2*`",
+      "summary": "Targets Node 24+. The framework's `lib/vendor/argon2/` directory (with the `argon2.cjs` bundle and the `prebuilds/` tree of platform-specific `.glibc.node` / `.musl.node` artifacts for darwin-arm64 / darwin-x64 / freebsd-arm64 / freebsd-x64 / linux-arm / linux-arm64 / linux-x64 / win32-x64) is deleted.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Argon2 switched from vendored prebuilds to Node's built-in `crypto",
+              "body": "Argon2 switched from vendored prebuilds to Node's built-in `crypto.argon2*` (Node 24+). The framework's `lib/vendor/argon2/` directory (with the `argon2.cjs` bundle and the `prebuilds/` tree of platform-specific `.glibc.node` / `.musl.node` artifacts for darwin-arm64 / darwin-x64 / freebsd-arm64 / freebsd-x64 / linux-arm / linux-arm64 / linux-x64 / win32-x64) is deleted. New `lib/argon2-builtin.js` is a thin wrapper over `crypto.argon2Sync` that produces and parses the PHC string format (`$argon2id$v=19$m=...,t=...,p=...$<salt>$<hash>`). Wire-format compatibility preserved: existing rows in operator databases continue to verify. Behavior preserved: `b.auth.password.hash` / `.verify` / `.needsRehash` retain their async signatures and return shapes; `b.vault.wrap` and `b.backupCrypto.deriveKey` use the same `raw: true` path for raw-bytes output. Operators wanting to supply their own argon2 implementation (pinned upstream, hardware-accelerated, etc.) override at the call site via `opts.argon2` — the supplied object MUST expose the same `hash` / `verify` / `needsRehash` shape. Drops ~440 KB of platform-specific native prebuilds from the repository and shipped npm tarball; eliminates a supply-chain hop. The vendor manifest's `argon2` entry is removed; `scripts/vendor-update.sh argon2` now refuses with a pointer to `lib/argon2-builtin.js`."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.76",
+      "date": "2026-05-06",
+      "headline": "CVE-class web hardening sweep — Trojan Source (CVE-2021-42574) log defense + drive-by-MIME attachment opt for `staticServe`",
+      "summary": "Trojan Source defense in `b.log` output: every log line now post-processes Unicode bidi / format-control characters (U+061C / U+200E-200F / U+202A-202E / U+2066-2069) into their `\\uXXXX` literal escape on the wire so a hostile log message can't re-order the visible line in a TTY / syslog / file reader.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`staticServe.create({ safeAttachmentForRiskyMimes: true })`",
+              "body": "opt-in flag that adds `Content-Disposition: attachment` to responses whose Content-Type is in the risky-inline-MIME set (`text/html`, `text/xml`, `application/xml`, `application/xhtml+xml`, `image/svg+xml`, `application/javascript`, `text/javascript`, `application/x-javascript`). Defends against drive-by execution of user-uploaded HTML / JS / SVG (CVE-2017-15012 SVG XSS / CVE-2009-1312 HTML drive-by class). Default `false` — operators serving framework asset bundles continue to render inline; operators serving user-content directories opt in. Filename is RFC 5987-encoded (ASCII filename + `filename*=UTF-8''...`) so non-ASCII filenames survive without allowing CR/LF header injection."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 5987",
+          "url": "https://www.rfc-editor.org/rfc/rfc5987.html"
+        },
+        {
+          "label": "CVE-2021-42574",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        },
+        {
+          "label": "CVE-2017-15012",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15012"
+        },
+        {
+          "label": "CVE-2009-1312",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1312"
+        }
+      ]
+    },
+    {
+      "version": "0.7.75",
+      "date": "2026-05-06",
+      "headline": "Audit-emit redaction pipeline",
+      "summary": "`b.audit.safeEmit` now scrubs the `actor` / `reason` / `metadata` fields through `b.redact.redact()` before they hit the audit handler.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Audit-emit redaction pipeline",
+              "body": "Audit-emit redaction pipeline. `b.audit.safeEmit` now scrubs the `actor` / `reason` / `metadata` fields through `b.redact.redact()` before they hit the audit handler. Operators who pass `metadata: { reason: e.message }` from a caught error could land DB connection strings, bearer tokens, JWT compact-serialization fixtures, AWS access keys, PEM private keys, SSH keys, credit cards, and SSNs in audit rows; the redact pipeline catches the common shapes (sensitive field names + value-shape detectors) and replaces them with markers (`[REDACTED]`, `[REDACTED-CONN-STRING]`, `[REDACTED-JWT]`, `[REDACTED-PEM]`, `[REDACTED-AWS-KEY]`, `[REDACTED-CC]`, `[REDACTED-SSN]`, `[REDACTED-SEALED]`, `[REDACTED-SSH-KEY]`). The `b.redact` primitive existed in lib/ since v0.4.x but was dead code — `audit.safeEmit` previously passed metadata through unchanged. New connection-string detector matches `protocol://user:pass@host` shapes that surface in error messages from external-DB / SMTP / HTTP drivers (RFC 3986 generic syntax). Drop-silent on redact failure — the pipeline never breaks the caller's audit attempt."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 3986",
+          "url": "https://www.rfc-editor.org/rfc/rfc3986.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.74",
+      "date": "2026-05-06",
+      "headline": "Email receive-side parity: DMARC aggregate (RUA) report parser + ARC trust evaluation + Authentication-Results header builder",
+      "summary": "Closes the \"framework can send mail compliantly but can't receive compliantly\" gap. `b.mail.dmarc.parseAggregateReport(xmlBytes, { contentType? })` parses RFC 7489 §7.2 aggregate XML reports through the framework's existing `lib/parsers/safe-xml.js` (the existing security-focused XML parser handles XXE / DOCTYPE / entity-expansion defenses by default).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.dmarc.parseAggregateReport(xmlBytes, { contentType? })`",
+              "body": "parses RFC 7489 §7.2 aggregate XML reports through the framework's existing `lib/parsers/safe-xml.js` (the existing security-focused XML parser handles XXE / DOCTYPE / entity-expansion defenses by default). Auto-detects gzip via magic bytes (`0x1f 0x8b`) or `Content-Type: application/gzip`. Returns `{ reportMetadata, policyPublished, records, totals }` with per-record source-IP / count / policy-evaluated dispositions / identifiers / DKIM + SPF auth results, plus aggregated `messages` / `aligned` / `notAligned` totals operators want for dashboards. Caps report size at 8 MiB and records-per-report at 10 000."
+            },
+            {
+              "title": "`b.mail.arc.evaluate(rfc822, { trustedSealers })`",
+              "body": "wraps the existing `arc.verify` cryptographic chain check with the operator-side trust decision: given a passing chain, did any hop in the chain belong to a sealer the operator trusts? Returns `{ chainStatus, trusted, trustedHop, trustedDomain }` walking hops most-recent-first so the deepest trusted sealer wins."
+            },
+            {
+              "title": "`b.mail.authResults.emit({ authservId, results, fold? })`",
+              "body": "builds the RFC 8601 Authentication-Results header value — operators consume per-method results from `b.mail.spf.verify` / `b.mail.dmarc.evaluate` / `b.mail.arc.verify`, hand them to `.emit`, and the framework formats the conformant header string with method-specific properties (`smtp.mailfrom`, `header.d`, `header.from`, `policy.iprev`, `policy.ip`, `policy.tls`). Refuses unknown methods / results at config-mistake time."
+            },
+            {
+              "title": "`b.network.smtp.tlsRpt.parseReport(body, { contentType? })`",
+              "body": "is the receive-side counterpart to `tlsRpt.recordShape` / `tlsRpt.submit` — accepts a Buffer or string, auto-detects gzip, parses JSON, validates the RFC 8460 §4.4 required-fields shape (`organization-name`, `date-range`, `report-id`, `policies`), aggregates `total-successful-session-count` / `total-failure-session-count` across policies. Caps report size at 8 MiB and policies-per-report at 1024."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7489",
+          "url": "https://www.rfc-editor.org/rfc/rfc7489.html"
+        },
+        {
+          "label": "RFC 822",
+          "url": "https://www.rfc-editor.org/rfc/rfc822.html"
+        },
+        {
+          "label": "RFC 8601",
+          "url": "https://www.rfc-editor.org/rfc/rfc8601.html"
+        },
+        {
+          "label": "RFC 8460",
+          "url": "https://www.rfc-editor.org/rfc/rfc8460.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.73",
+      "date": "2026-05-06",
+      "headline": "`b.auth.aal` + `b.middleware.requireAal({ minimum })` — NIST SP 800-63-4 Authentication Assurance",
+      "summary": "Level bands. `b.auth.aal.fromMethods({ password, totp, webauthn, ...",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.aal.fromMethods({ password, totp, webauthn, ... })`",
+              "body": "combines a set of operator-asserted authenticator methods into the resulting band: `AAL1` (single factor — memorized secret OR single-factor cryptographic), `AAL2` (multi-factor — memorized secret + OTP/SMS/hardware/mTLS), `AAL3` (phishing-resistant multi-factor — WebAuthn / passkey / hardware-+-PIN). Recognized methods: `password`, `pin`, `totp`, `sms`, `webauthn`, `passkey`, `hardware`, `mtls`."
+            },
+            {
+              "title": "`b.middleware.requireAal({ minimum, getAal?, audit?, realm? })`",
+              "body": "gates routes by the request's AAL band — reads `req.user.aal` by default (or operator-supplied `getAal(req)`), compares against the minimum, returns 401 with `WWW-Authenticate: AAL-StepUp realm=\"...\", required=\"AAL2\"` on insufficient assurance. The bespoke scheme name signals to the operator's frontend that a step-up flow should be triggered (re-prompt for TOTP / passkey) without reusing the generic `Bearer` challenge namespace. Audit emits `auth.aal.granted` / `auth.aal.denied` (drop-silent on observability sink failure). The framework leaves AMR/ACR claim emission to the operator's IdP; the new `b.auth.aal.AMR` constants object provides consistent OIDC-conformant strings for operators emitting access tokens with AAL info. Also exposes `b.auth.aal.meets(actual, required)` for ad-hoc band comparisons outside the middleware. CI vendor-manifest gate fix: vendor files now have an explicit `.gitattributes` `lib/vendor/ -text binary` declaration so git never rewrites line endings between Windows and Linux checkouts. The `lib/vendor/noble-ciphers.cjs` file was renormalized to LF on disk and re-hashed in `lib/vendor/MANIFEST.json`. Closes the v0.7.65–0.7.72 npm-publish.yml smoke-test failures (`vendor manifest: @noble/ciphers :: server hash matches`)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.72",
+      "date": "2026-05-06",
+      "headline": "`b.mail` gains EAI / SMTPUTF8 / Punycode-IDN support (RFC 6531 / 6532 / 6533 / 3492)",
+      "summary": ". Internationalized email addresses (`müller@münchen.example`) now validate through `b.mail.send()` — `_isValidEmail` detects non-ASCII content, converts the IDN domain to Punycode via Node's `url.domainToASCII`, and re-tests the assembled `local@ascii-domain` against the framework's pragmatic email regex.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.toAscii(domain)`",
+              "body": "and. (See CHANGELOG for full context)."
+            },
+            {
+              "title": "`b.mail.toUnicode(domain)`",
+              "body": "are the operator-facing wrappers around `node:url`'s IDN helpers — one obvious place to reach for Punycode encoding when handling addresses outside `send()`. SMTP transport now captures EHLO extension lines (250-X continuations) and detects `SMTPUTF8`. Messages whose from / to / cc / bcc / subject contain non-ASCII octets compute `requiresSmtpUtf8 = true`; when the peer advertises `SMTPUTF8` the transport appends ` SMTPUTF8` to `MAIL FROM:<...>` per RFC 6531 §3.4. When the peer does NOT advertise `SMTPUTF8` AND the message requires it, the transport refuses with `mail/smtp-failed: eai-required-not-supported` rather than emit a mangled wire (some peers would silently corrupt headers downstream). Pure-ASCII messages continue without the keyword (some legacy mailboxes reject `SMTPUTF8` outright on transactions that don't need it)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6531",
+          "url": "https://www.rfc-editor.org/rfc/rfc6531.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.71",
+      "date": "2026-05-06",
+      "headline": "`b.auth.oauth` adopts the OAuth 2.1 (draft-ietf-oauth-v2-1) baseline. `pkce: false` is now",
+      "summary": "now refused outright — `create()` throws `auth-oauth/pkce-required` rather than warning-and-continuing. PKCE is required for every client (public AND confidential) per OAuth 2.1; the prior pre-1.0 leniency that emitted a warning and proceeded is closed.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`pkce: false` is now refused outright",
+              "body": "`create()` throws `auth-oauth/pkce-required` rather than warning-and-continuing. PKCE is required for every client (public AND confidential) per OAuth 2.1; the prior pre-1.0 leniency that emitted a warning and proceeded is closed. Operators integrating with genuinely-broken legacy IdPs that don't accept `code_challenge` must strip the parameters at their own ingress; the framework primitive does not ship that escape hatch. The framework's authorization-code flow already implements the rest of the OAuth 2.1 baseline (`response_type=code` only — no implicit / password / client-credentials grants exposed; mandatory `state`; HTTPS-required `redirect_uri` outside localhost dev opt-in). Wiki docstring updated to reflect the lock-in."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.70",
+      "date": "2026-05-06",
+      "headline": "`b.auth.dpop` + `b.middleware.dpop` — RFC 9449 Demonstrating Proof of Possession. Bearer tokens are",
+      "summary": "bound to a per-client keypair, so an attacker who exfils the access token still can't replay it without stealing the client's private key.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.dpop.buildProof({ htm, htu, privateKey, accessToken?, nonce?, jti?, iat? })`",
+              "body": "produces a compact-JWS proof with the public key embedded in the header (`typ: \"dpop+jwt\"`, `jwk`); the proof signs over the request method + canonicalized URI + a fresh `jti`, optionally binding to `ath = sha256(access_token)` and a server-issued nonce."
+            },
+            {
+              "title": "`b.auth.dpop.verify(proof, { htm, htu, algorithms?, iatWindowSec?, accessToken?,",
+              "body": "validates the proof: typ check, alg-allowlist (HS*/none refused outright), signature verified against the embedded jwk, htm/htu match, iat window, ath match if accessToken supplied, nonce match if supplied, jti replay defense via `b.nonceStore`, jwk-thumbprint match if `expectedThumbprint` supplied. Returns `{ header, payload, jkt }` where `jkt` is the RFC 7638 thumbprint operators compare against the `cnf.jkt` claim of the bound access token."
+            },
+            {
+              "title": "`b.middleware.dpop({ replayStore, algorithms, getAccessToken, getNonce, getHtu, audit })`",
+              "body": "wraps verify into the request lifecycle — reads `req.headers.dpop`, reconstructs htu from `X-Forwarded-{Proto,Host}` + `req.url`, attaches `req.dpop` on success, returns 401 with `WWW-Authenticate: DPoP error=\"invalid_dpop_proof\"` on failure (or `error=\"use_dpop_nonce\"` per RFC 9449 §8 when nonce missing/mismatched). Default algorithm allowlist: ES256/384/512, PS256/384/512, RS256/384/512, EdDSA, ML-DSA-87 (forward-PQC). SLH-DSA-SHAKE-256f is intentionally omitted because Node lacks SLH-DSA JWK round-trip and the alg's ~50 KB signatures + ~80x sign-time penalty make it a poor fit for per-request proofs regardless. JWK header refuses any private-key components (`d`/`p`/`q`/`dp`/`dq`/`qi`/`k`/`priv`) — a proof must NEVER carry the private half. `crit` header rejected outright. The `replayStore` opt accepts the same atomic `checkAndInsert(jti, expireAtMs)` shape as `b.auth.jwt.verify`'s `replayStore` so the same `b.nonceStore.create()` instance can serve both primitives."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9449",
+          "url": "https://www.rfc-editor.org/rfc/rfc9449.html"
+        },
+        {
+          "label": "RFC 7638",
+          "url": "https://www.rfc-editor.org/rfc/rfc7638.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.69",
+      "date": "2026-05-06",
+      "headline": "`b.auth.jwt.verify({ replayStore })` — RFC 7519 §4.1.7 jti replay defense. Captured bearer tokens",
+      "summary": "replayed against the verifier (TLS-terminated proxy capture, log scraping, browser-history exposure, leaked Authorization headers in shared dev tools) are refused with `auth-jwt/replay` when an operator wires the new `replayStore` opt.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.auth.jwt.verify({ replayStore })` — RFC 7519 §4.1.7 jti replay defense. Captured bearer tokens",
+              "body": "`b.auth.jwt.verify({ replayStore })` — RFC 7519 §4.1.7 jti replay defense. Captured bearer tokens replayed against the verifier (TLS-terminated proxy capture, log scraping, browser-history exposure, leaked Authorization headers in shared dev tools) are refused with `auth-jwt/replay` when an operator wires the new `replayStore` opt. The store contract is the same atomic `checkAndInsert(jti, expireAtMs)` that `b.nonceStore` exposes — first call records the jti, any later call with the same jti returns false and the verifier throws. The token MUST carry a non-empty `jti` claim; without one the verifier throws `auth-jwt/replay-no-jti` rather than silently letting every jti-less token through. Bad-shape stores throw `auth-jwt/bad-replay-store` at config-mistake time; backend-level errors propagate as `auth-jwt/replay-store-failed`. The TTL is bounded by the token's `exp` claim, capped at 24h so an in-memory backend can't be made to grow unbounded by tokens with absurd exp claims. Use `b.nonceStore.create({ backend: \"memory\" })` for single-node, `{ backend: \"cluster\" }` for the framework's external-DB cluster posture, or supply a Redis/Memcached/etc. backend by passing any object with a compatible `checkAndInsert` method. Replay defense remains opt-in — the verifier's default behavior is unchanged."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7519",
+          "url": "https://www.rfc-editor.org/rfc/rfc7519.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.68",
+      "date": "2026-05-06",
+      "headline": "`b.network.dns.resolveSecure(host, type)` + DNS name-compression parser bug fix. The pre-0.7.68",
+      "summary": "`_decodeDnsAnswer` had a name-walk bug: after a name-compression pointer (RFC 1035 §3.1 — high two bits `11`), the parser unconditionally executed `if (buf[off] === 0) off++` which consumed the high byte of the next field.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.network.dns.resolveSecure(host, type)`",
+              "body": "is the new DNSSEC-aware resolution API. Returns `{ rrs, ad }` where `ad` is the AD bit (RFC 4035) set by the upstream DoH resolver after chain validation, and `rrs` is the answer-record list. Only available over DoH (`useDnsOverHttps`) — DoT and the system resolver don't surface the AD bit through Node's API today. Operators wiring DANE / TLSA validation (RFC 7672 §1.3) refuse the chain when `ad === false`. The `network-smtp-policy.js` docstring updates to point operators at this primitive. `_readAdBit(buf)` helper extracts the AD bit (byte 3, mask 0x20) from any DNS reply."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 1035",
+          "url": "https://www.rfc-editor.org/rfc/rfc1035.html"
+        },
+        {
+          "label": "RFC 4035",
+          "url": "https://www.rfc-editor.org/rfc/rfc4035.html"
+        },
+        {
+          "label": "RFC 7672",
+          "url": "https://www.rfc-editor.org/rfc/rfc7672.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.67",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.gpc` (Sec-GPC honoring) + `Reporting-Endpoints` opt on",
+      "summary": "`b.middleware.securityHeaders`. `b.middleware.gpc({ audit, consent, mode, statusHeader })` reads the `Sec-GPC: 1` request header (W3C Privacy Sandbox / IETF draft-doty-gpc-header) and sets `req.gpcOptOut = true` for downstream consumers.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.gpc({ audit, consent, mode, statusHeader })`",
+              "body": "reads the `Sec-GPC: 1` request header (W3C Privacy Sandbox / IETF draft-doty-gpc-header) and sets `req.gpcOptOut = true` for downstream consumers. Optional `consent` integration calls `consent.recordOptOut({ req, purposes, source: \"sec-gpc\", mode })` so the operator's data-flow primitives can refuse `sale` / `share` / `targeted-ads` / `cross-context-behavioral-advertising` / `profiling` purposes for the session. Echoes a `Sec-GPC-Status: honored` response header so the UA + audit logs see the acknowledgement."
+            },
+            {
+              "title": "Compliance context",
+              "body": "Sec-GPC is legally required by California (CCPA/CPRA) since Jan 2024 and by 12+ US states (Colorado, Connecticut, Texas, Oregon, Delaware, Montana, Iowa, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota) by various dates through Jan 2026. CPPA fines up to $7,500 per intentional violation."
+            },
+            {
+              "title": "`b.middleware.securityHeaders({ reportingEndpoints: { default: \"https://...\", csp:",
+              "body": "when operator passes a map of endpoint-name → URL, emits `Reporting-Endpoints: name=\"url\", ...` (W3C Reporting API). When the `default` endpoint is set AND the operator hasn't overridden the framework's default CSP, auto-appends `report-to default` to the CSP so violations route to the named endpoint."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.66",
+      "date": "2026-05-06",
+      "headline": "`b.mail.unsubscribe` — RFC 8058 / RFC 2369 List-Unsubscribe support. Two pieces ship together:",
+      "summary": "`b.mail.unsubscribe.buildHeaders({ url, mailto, oneClick })` produces the `List-Unsubscribe` and (when `oneClick: true`) `List-Unsubscribe-Post: List-Unsubscribe=One-Click` header values.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.unsubscribe.buildHeaders({ url, mailto, oneClick })`",
+              "body": "produces the `List-Unsubscribe` and (when `oneClick: true`) `List-Unsubscribe-Post: List-Unsubscribe=One-Click` header values."
+            },
+            {
+              "title": "`b.mail.unsubscribe.handler({ onUnsubscribe })`",
+              "body": "is the request-lifecycle middleware that validates the RFC 8058 §3.1 one-click POST body (`List-Unsubscribe=One-Click` exact byte sequence) and dispatches to the operator's `onUnsubscribe` callback; on success returns 200 OK with empty body. Refuses non-POST (405) / wrong body (400) / oversized body (413). Compliance context: Gmail + Yahoo bulk-sender requirements (Feb 2024) mandate one-click List-Unsubscribe for senders >= 5k/day; Microsoft 365 followed in 2025."
+            },
+            {
+              "title": "`b.mail.send({ unsubscribe: { ... } })`",
+              "body": "is the convenience opt — the existing `send` translates the structured unsubscribe value into the right header pair before transport. Operators using their own header-construction continue to work unchanged."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8058",
+          "url": "https://www.rfc-editor.org/rfc/rfc8058.html"
+        },
+        {
+          "label": "RFC 2369",
+          "url": "https://www.rfc-editor.org/rfc/rfc2369.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.65",
+      "date": "2026-05-06",
+      "headline": "Vendor manifest tamper defense + JWT keyResolver kid contract",
+      "summary": "`lib/vendor/MANIFEST.json` gains SHA-256 hashes per file. Each vendored package's `files` map now has a corresponding `hashes` map (`sha256:...` for files, `sha256-tree:...` for directory trees).",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`lib/vendor/MANIFEST.json` gains SHA-256 hashes per file",
+              "body": "Each vendored package's `files` map now has a corresponding `hashes` map (`sha256:...` for files, `sha256-tree:...` for directory trees). Closes the supply-chain class where a compromised `scripts/vendor-update.sh` could swap a vendored dependency silently — the on-disk content must match the committed hash. Verification gate ships in `test/layer-0-primitives/vendor-manifest.test.js` so smoke catches drift locally before commit."
+            },
+            {
+              "title": "`scripts/refresh-vendor-manifest.js`",
+              "body": "is the operator-facing tool — run it after `scripts/vendor-update.sh` bumps a vendored package to update the manifest."
+            },
+            {
+              "title": "`b.auth.jwt` `keyResolver` contract",
+              "body": "the docstring above the resolver call site now points operators at `b.guardJwt.kidSafe(header.kid)` for path-traversal sanitization. The `kidSafe` helper has shipped since v0.7.50; this slice surfaces the contract directly in the JWT verifier so operators wiring custom resolvers (cache lookup, file load, JWKS index) can't miss it."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.64",
+      "date": "2026-05-06",
+      "headline": "HTTP/2 + WebSocket DoS hardening",
+      "summary": "HTTP/2 server caps — `lib/router.js` `http2.createSecureServer` now ships framework-default hardening: `maxConcurrentStreams: 100` (CVE-2023-44487 Rapid Reset cap; Node default was 4294967295), `maxSessionMemory: 10` (MB), `maxHeaderListPairs: 100` (CVE-2024-27983 / CVE-2024-.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "HTTP/2 server caps",
+              "body": "`lib/router.js` `http2.createSecureServer` now ships framework-default hardening: `maxConcurrentStreams: 100` (CVE-2023-44487 Rapid Reset cap; Node default was 4294967295), `maxSessionMemory: 10` (MB), `maxHeaderListPairs: 100` (CVE-2024-27983 / CVE-2024-28182 CONTINUATION-flood cap), `maxSettings: 32`, `peerMaxConcurrentStreams: 100`, `unknownProtocolTimeout: 10s` (Slowloris-h2 variant). Operator-supplied `tlsOptions` override any of these."
+            },
+            {
+              "title": "Slowloris timeouts",
+              "body": "`server.headersTimeout = 60s`, `server.requestTimeout = 5min`, `server.keepAliveTimeout = 5s` set explicitly post-listen. The framework was previously relying on Node-version-shifting defaults; pinning brings older Node releases up to the modern bar."
+            },
+            {
+              "title": "WebSocket origin default",
+              "body": "*breaking change* (pre-1.0, no compat shim — operators upgrade across breaking changes): when `origins` is omitted from `b.websocket.create({ ... })`, the new default is same-origin enforcement (Origin header host must match Host header). Pre-0.7.64 the default was \"accept all\", which is the canonical Cross-Site WebSocket Hijacking (CSWSH) class. Operators needing cross-origin opt in via `origins: \"*\"` (with audited reason) or `origins: [...allowlist]`. Non-browser clients (no Origin header) continue to bypass — origin enforcement is a browser-class defense."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2023-44487",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
+        },
+        {
+          "label": "CVE-2024-27983",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
+        },
+        {
+          "label": "CVE-2024-28182",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
+        }
+      ]
+    },
+    {
+      "version": "0.7.63",
+      "date": "2026-05-06",
+      "headline": "Gitleaks regex allowlist extended to cover JWT fixtures split across multiple string literals",
+      "summary": "The v0.7.62 regex only matched the full three-segment JWT compact-serialization shape; source files split long JWT fixtures across literals for line-length, so gitleaks saw individual `eyJ...`-prefixed base64url segments and still flagged them. Added a second allowlist regex matching any `eyJ`-prefixed segment of substantive length (`{20,}`).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Gitleaks regex allowlist extended to cover JWT fixtures split across multiple string literals",
+              "body": "gitleaks regex allowlist extended to cover JWT fixtures split across multiple string literals. The v0.7.62 regex only matched the full three-segment JWT compact-serialization shape; source files split long JWT fixtures across literals for line-length, so gitleaks saw individual `eyJ...`-prefixed base64url segments and still flagged them. Added a second allowlist regex matching any `eyJ`-prefixed segment of substantive length (`{20,}`). Same rationale: real signing keys never appear as `eyJ...` base64url tokens — they're PEM / DER / PKCS#8."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.62",
+      "date": "2026-05-06",
+      "headline": "Gitleaks regex allowlist for JWT compact-serialization shape",
+      "summary": "The new `b.guardJwt` and `b.guardAuth` test fixtures legitimately embed JWT-shaped strings as benign + hostile inputs; gitleaks' default `generic-api-key` rule fires on the high-entropy base64url segments and refuses every release tag with the fixtures present.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Gitleaks regex allowlist for JWT compact-serialization shape (`eyJ",
+              "body": "gitleaks regex allowlist for JWT compact-serialization shape (`eyJ...header.eyJ...payload.signature`). The new `b.guardJwt` and `b.guardAuth` test fixtures legitimately embed JWT-shaped strings as benign + hostile inputs; gitleaks' default `generic-api-key` rule fires on the high-entropy base64url segments and refuses every release tag with the fixtures present. Real signing keys never appear in compact serialization shape — they're PEM / DER / PKCS#8 — so this allowlist doesn't suppress detection of actual key leaks. Allowlist regex added under the existing \"Doc-string credential-shaped placeholders\" block in `.gitleaks.toml`. No code change."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.61",
+      "date": "2026-05-06",
+      "headline": "Eslint cleanup in `lib/guard-regex.js` and `lib/guard-shell.js`",
+      "summary": "The `no-useless-escape` rule (eslint v9+) flagged unnecessary backslashes inside regex character classes — `*`, `+`, `?`, `[` don't need escaping when they appear inside `[...]`. Behavior unchanged: regex semantics are identical with or without the escapes (the engine treats both forms as the literal character).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Eslint cleanup in `lib/guard-regex",
+              "body": "eslint cleanup in `lib/guard-regex.js` and `lib/guard-shell.js`. The `no-useless-escape` rule (eslint v9+) flagged unnecessary backslashes inside regex character classes — `*`, `+`, `?`, `[` don't need escaping when they appear inside `[...]`. Behavior unchanged: regex semantics are identical with or without the escapes (the engine treats both forms as the literal character). The framework's CI gate runs eslint with `--max-warnings 0`; this slice unblocks the CI lint job that's been failing on tag pushes since v0.7.53. No operator-facing behavior change."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.60",
+      "date": "2026-05-05",
+      "headline": "`b.crypto.encryptEnvelopeAsCertPeer` + `b.crypto.decryptEnvelopeAsCertPeer` — cert-bound envelope",
+      "summary": "primitives. The default `b.crypto.encrypt` / `b.crypto.decrypt` source the recipient from a published framework keypair (operator owns both halves); the new cert-peer variants source the recipient's ECDH P-384 half from a TLS peer cert plus a peer-supplied ML-KEM-1024 pubkey.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.crypto.encryptEnvelopeAsCertPeer` + `b.crypto.decryptEnvelopeAsCertPeer` — cert-bound envelope",
+              "body": "`b.crypto.encryptEnvelopeAsCertPeer` + `b.crypto.decryptEnvelopeAsCertPeer` — cert-bound envelope primitives. The default `b.crypto.encrypt` / `b.crypto.decrypt` source the recipient from a published framework keypair (operator owns both halves); the new cert-peer variants source the recipient's ECDH P-384 half from a TLS peer cert plus a peer-supplied ML-KEM-1024 pubkey. Wire format unchanged — the envelope dispatches on the same version bytes and KEM ID; only the input keys differ. Use cases: sealed-storage records with peer recipients (operator A seals to operator B's TLS cert + KEM pubkey), cross-service messages between cert-identified peers without a shared framework keypair, audit log entries tagged with peer recipients. The encrypt path extracts the cert's SPKI as P-384 ECDH pubkey and refuses with `crypto/cert-key-not-ecdh-p384` if the cert isn't `id-ecPublicKey` over `secp384r1`; the decrypt path accepts either a `KeyObject` or a PEM string for `certPrivateKey` and applies the same curve check. Math is the existing hybrid ML-KEM-1024 + P-384 ECDH + SHAKE256 + XChaCha20-Poly1305 — these are convenience wrappers, not new crypto."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.59",
+      "date": "2026-05-05",
+      "headline": "`b.guardAuth` — composite auth-bundle safety primitive (KIND=\"auth-bundle\"). Composes `guardJwt` +",
+      "summary": "`guardOauth` + `b.cookies.parseSafe` + light header-smuggling detection into a single auth-flow gate. Consumes `ctx.authBundle` shape `{ jwtToken?, oauthFlow?, cookieHeader?, requestHeaders? }`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardAuth` — composite auth-bundle safety primitive (KIND=\"auth-bundle\"). Composes `guardJwt` +",
+              "body": "`b.guardAuth` — composite auth-bundle safety primitive (KIND=\"auth-bundle\"). Composes `guardJwt` + `guardOauth` + `b.cookies.parseSafe` + light header-smuggling detection into a single auth-flow gate. Consumes `ctx.authBundle` shape `{ jwtToken?, oauthFlow?, cookieHeader?, requestHeaders? }`. Each sub-validator runs independently; aggregated issues carry a `source` field (`\"jwt\"` / `\"oauth\"` / `\"cookies\"` / `\"headers\"` / `\"auth\"`) so operators see which sub-guard raised which issue. Sub-guards run at the operator's chosen `childProfile` (default tracks the auth profile). `requireAtLeastOne: true` (strict default) refuses empty bundles to defend against the operator-misuse class where the gate runs but no auth input is supplied. Profiles: `strict` (childProfile=strict, requireAtLeastOne), `balanced` (childProfile=balanced, allow empty), `permissive` (childProfile=permissive, allow empty). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Adaptive integration harness gains a KIND=\"auth-bundle\" dispatcher reading `ctx.authBundle`. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.58",
+      "date": "2026-05-05",
+      "headline": "`b.guardPdf` — PDF identifier-safety primitive (KIND=\"metadata\"). Validates PDF inputs without",
+      "summary": "vendoring a full parser; operators bring their own PDF library (pdf-lib, pdfjs-dist, vendored mupdf) and feed structural metadata to the guard for policy enforcement.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardPdf.inspectMagic(bytes)`",
+              "body": "is the operator helper that returns `true` when bytes start with `%PDF-`. Profiles: `strict` (max 500 pages, 0 embedded files, 64 MiB), `balanced` (max 5000 pages, 10 embedded files, 128 MiB; audit non-RCE classes), `permissive` (max 50000 pages, 100 embedded files, 512 MiB; allow encrypted). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD. set of the original guard-family expansion plan complete."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.57",
+      "date": "2026-05-05",
+      "headline": "`b.guardImage` — image-format identifier-safety primitive (KIND=\"metadata\"). Validates image-format",
+      "summary": "inputs without vendoring a full decoder; the framework's stance is operators bring their own decoder (sharp, jimp, libvips wrappers, etc.) and `guardImage` closes the magic-byte vs declared-Content-Type mismatch class plus operator-supplied metadata bounds.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardImage.inspectMagic(bytes)`",
+              "body": "is the operator helper that returns the detected MIME types without running the full validate / gate flow. Profiles: `strict` (8192×8192, 60 frames, 32 MiB), `balanced` (16384×16384, 200 frames, 64 MiB), `permissive` (65536×65536, 1000 frames, 256 MiB). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Adaptive integration harness gains a KIND=\"metadata\" dispatcher reading `ctx.metadata`. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.56",
+      "date": "2026-05-05",
+      "headline": "`b.guardTemplate` — Server-Side Template Injection (SSTI) identifier-safety primitive",
+      "summary": "(KIND=\"identifier\"). Detects template-engine syntax in user-input strings before they're rendered through any template engine; refused by default at every profile because operator-untrusted input rarely legitimately contains template syntax.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardTemplate` — Server-Side Template Injection (SSTI) identifier-safety primitive",
+              "body": "`b.guardTemplate` — Server-Side Template Injection (SSTI) identifier-safety primitive (KIND=\"identifier\"). Detects template-engine syntax in user-input strings before they're rendered through any template engine; refused by default at every profile because operator-untrusted input rarely legitimately contains template syntax. Threat catalog: Jinja / Django / Twig / Liquid / Handlebars / AngularJS `{{...}}` + `{%...%}` (CVE-2024-22195 Jinja `xml_attr` filter, CVE-2024-26139 Bottle, CVE-2024-23348 Pyrogram); ERB / Tornado `<%...%>` and `<%=...%>`; Pug `#{...}` + `!{...}` interpolation; Mako / Velocity / Tornado `${...}` interpolation; Velocity directives (`#set` / `#if` / `#else` / `#elseif` / `#end` / `#foreach` / `#parse` / `#include` / `#stop`); BIDI / null / control / zero-width universal refuse. Profiles: `strict` (refuse everything), `balanced` (Jinja / ERB / Pug / Velocity directives still refused; audit `${...}` since it can also be a JS template-literal in some operator contexts), `permissive` (universal SSTI shapes still refused; audit `${...}` + Velocity directives). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD. set of the original guard-family expansion plan complete."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2024-22195",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
+        },
+        {
+          "label": "CVE-2024-26139",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26139"
+        },
+        {
+          "label": "CVE-2024-23348",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23348"
+        }
+      ]
+    },
+    {
+      "version": "0.7.55",
+      "date": "2026-05-05",
+      "headline": "`b.guardJsonpath` — JSONPath identifier-safety primitive (KIND=\"identifier\"). Validates",
+      "summary": "user-supplied JSONPath strings (RFC 9535) before they're handed to a JSONPath evaluator. Many JSONPath libraries (notably the original Stefan Goessner implementation and several JS forks) route filter / script expressions through dynamic-code execution, turning a query path into an RCE primitive.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardJsonpath` — JSONPath identifier-safety primitive (KIND=\"identifier\"). Validates",
+              "body": "`b.guardJsonpath` — JSONPath identifier-safety primitive (KIND=\"identifier\"). Validates user-supplied JSONPath strings (RFC 9535) before they're handed to a JSONPath evaluator. Many JSONPath libraries (notably the original Stefan Goessner implementation and several JS forks) route filter / script expressions through dynamic-code execution, turning a query path into an RCE primitive. Threat catalog: filter expression `?(...)` (dynamic-code-execution class — universally refused); script expression `(@.x)` style; JS-source hint detection (path containing tokens that only appear in code-injection attempts — dynamic-code-exec keyword, constructor invocation keyword, function-declaration keyword, arrow-function arrow, statement-separator semicolon — all built from explicit substrings to keep the source file free of the literal keywords); recursive-descent depth bombs (operator-tunable `maxRecursiveDescents`); excessive bracket nesting; oversized pattern; BIDI / null / control / zero-width universal refuse. Profiles: `strict` (refuse everything), `balanced` (RCE class refused; audit bracket nesting + recursive descent), `permissive` (RCE class still refused; allow recursive descent up to 16). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9535",
+          "url": "https://www.rfc-editor.org/rfc/rfc9535.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.54",
+      "date": "2026-05-05",
+      "headline": "`b.guardRegex` — regex pattern identifier-safety primitive (KIND=\"identifier\"). Validates",
+      "summary": "user-supplied regex pattern strings for catastrophic-backtracking (ReDoS) shapes BEFORE compilation.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardRegex` — regex pattern identifier-safety primitive (KIND=\"identifier\"). Validates",
+              "body": "`b.guardRegex` — regex pattern identifier-safety primitive (KIND=\"identifier\"). Validates user-supplied regex pattern strings for catastrophic-backtracking (ReDoS) shapes BEFORE compilation. Threat catalog: nested quantifiers (canonical ReDoS class — `(a+)+`, `(a*)+`, `(.+)+` — CVE-2024-21538 cross-spawn / CVE-2022-25929 chartjs-adapter-luxon are recent prominent examples; universally refused at every profile); alternation with quantifier (`(a|b)+`); bounded-repeat upper-bound overflow (operator-tunable `maxBoundedRepeat` — strict 100 / balanced 1000 / permissive 10000); lookaround with internal quantifier; oversized pattern; BIDI / null / control / zero-width universal refuse. Profiles: `strict` (refuse everything), `balanced` (nested quants still refused; audit the rest), `permissive` (nested quants + codepoint class still refused; allow alternation-quant). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2024-21538",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
+        },
+        {
+          "label": "CVE-2022-25929",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25929"
+        }
+      ]
+    },
+    {
+      "version": "0.7.53",
+      "date": "2026-05-05",
+      "headline": "`b.guardShell` — shell-argument identifier-safety primitive (KIND=\"identifier\"). Validates",
+      "summary": "user-input strings BEFORE they're handed to a child-process spawn. The canonical defense remains \"use array args + `shell: false`\", but operators still receive operator-untrusted strings that flow through path-arg or arg-list shapes — `guardShell` refuses obvious shell-injection shapes before the spawn call.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardShell` — shell-argument identifier-safety primitive (KIND=\"identifier\"). Validates",
+              "body": "`b.guardShell` — shell-argument identifier-safety primitive (KIND=\"identifier\"). Validates user-input strings BEFORE they're handed to a child-process spawn. The canonical defense remains \"use array args + `shell: false`\", but operators still receive operator-untrusted strings that flow through path-arg or arg-list shapes — `guardShell` refuses obvious shell-injection shapes before the spawn call. Threat catalog: POSIX shell metacharacters (`;`, `&`, `|`, `<`, `>`, `(`, `)`, `{`, `}`, `[`, `]`, `*`, `?`, `~`, `!`, `#`, `\\`, single+double quotes), cmd.exe metacharacters (`&`, `|`, `<`, `>`, `^`, `%`, `\"`, `'`, `(`, `)`, `,`, `;`, `=`), `$(...)` + `${VAR}` command + parameter substitution, backtick command substitution, `<(...)` / `>(...)` Bash process substitution, `$VAR` parameter expansion, newline / NUL injection (line-splitting class), leading-hyphen option-flag injection (operator opt-in to refuse args starting with `-` — defends against `-rf` / `--exec` shapes interpreted as option flags), BIDI / null / control / zero-width universal refuse. Profiles: `strict` (refuse everything), `balanced` (universal-refuse class only — substitutions / newline / BIDI / null still refused; metacharacters audited), `permissive` (universal-refuse class still refused; metacharacters audited; leading hyphen allowed). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.52",
+      "date": "2026-05-05",
+      "headline": "`b.guardGraphql` — GraphQL request-shape safety primitive (KIND=\"graphql-request\"). Validates",
+      "summary": "user-supplied GraphQL request bundles against the canonical query-shape DoS catalog before the framework hands the query to a schema-aware executor.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardGraphql` — GraphQL request-shape safety primitive (KIND=\"graphql-request\"). Validates",
+              "body": "`b.guardGraphql` — GraphQL request-shape safety primitive (KIND=\"graphql-request\"). Validates user-supplied GraphQL request bundles against the canonical query-shape DoS catalog before the framework hands the query to a schema-aware executor. Threat catalog: query depth bombs (N² query-shape DoS — caps at strict 8 / balanced 12 / permissive 24); alias-bomb breadth DoS (caps at 8/16/32 aliases per selection-set); introspection in production (`__schema` / `__type` schema-leak); batch query DoS (caps at 1/10/50 entries per array); persisted-query enforcement (refuse free-form queries when `persistedQueryPolicy: \"require\"`); operation-name allowlist drift; variable type confusion (operator declares `variableShapes: { id: \"string\", limit: \"number\" }`); oversized query / variable / total bytes; BIDI / null / control / zero-width universal refuse on the query string. Brace-counting query-shape walker handles strings + comments correctly without requiring a full GraphQL parser. Profiles: `strict` (refuse introspection + batch + shape-DoS), `balanced` (audit most, allow batch up to 10), `permissive` (universal-refuse class still refused; rest allow / audit). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Adaptive integration harness gains a KIND=\"graphql-request\" dispatcher reading `ctx.graphqlRequest`. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.51",
+      "date": "2026-05-05",
+      "headline": "`b.guardOauth` — OAuth flow-shape safety primitive (KIND=\"oauth-flow\"). Validates user-supplied",
+      "summary": "OAuth 2.x / OIDC authorization-code-flow parameter bundles before the framework's `b.auth.oauth` client exchanges them.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardOauth` — OAuth flow-shape safety primitive (KIND=\"oauth-flow\"). Validates user-supplied",
+              "body": "`b.guardOauth` — OAuth flow-shape safety primitive (KIND=\"oauth-flow\"). Validates user-supplied OAuth 2.x / OIDC authorization-code-flow parameter bundles before the framework's `b.auth.oauth` client exchanges them. Threat catalog: PKCE missing or non-S256 (RFC 7636 / OAuth 2.1 mandate; `plain` is the downgrade-attack class); state missing (RFC 6749 §10.12 CSRF); redirect_uri not in operator allowlist (exact-match per OAuth 2.1 — no prefix / wildcard / scheme drift); response_type allowlist drift (refuse implicit `token` deprecated in OAuth 2.1, require operator-allowed types); scope-token shape per RFC 6749 §3.3 (refuse non-printable / control / whitespace-other-than-space); issuer missing on callback (RFC 9207 IdP-mix-up defense — set `flow._isCallback = true` to enforce); authorization-code reuse via operator-supplied `seenCodeStore.hasSeen(code)` (RFC 6749 §10.5 replay class); excessive parameter / total bytes; BIDI / null / control / zero-width universal refuse. Profiles: `strict` (PKCE S256, state required, redirect_uri exact-match, RFC 9207 iss required), `balanced` (PKCE any method, state + redirect_uri allowlist required, iss audited), `permissive` (universal-refuse class still refused; rest audit). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Adaptive integration harness gains a KIND=\"oauth-flow\" dispatcher reading `ctx.oauthFlow`. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7636",
+          "url": "https://www.rfc-editor.org/rfc/rfc7636.html"
+        },
+        {
+          "label": "RFC 6749",
+          "url": "https://www.rfc-editor.org/rfc/rfc6749.html"
+        },
+        {
+          "label": "RFC 9207",
+          "url": "https://www.rfc-editor.org/rfc/rfc9207.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.50",
+      "date": "2026-05-05",
+      "headline": "`b.guardJwt` — JWT identifier-safety primitive (KIND=\"identifier\"). Validates user-supplied JWT",
+      "summary": "compact-serialization strings against the canonical CVE-class refuse list before hand-off to a verifier — `b.guardJwt` never replaces signature verification, it reduces the input space the verifier sees.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardJwt.kidSafe(kid)`",
+              "body": "is the documented contract for operator `keyResolver` implementations: throws on traversal indicators or control bytes, returns the validated kid on success. Profiles: `strict` (refuse everything), `balanced` (refuse alg=none / kid-traversal / unknown-crit; audit the rest), `permissive` (universal-refuse class still refused). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7515",
+          "url": "https://www.rfc-editor.org/rfc/rfc7515.html"
+        },
+        {
+          "label": "CVE-2015-9235",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9235"
+        },
+        {
+          "label": "CVE-2018-0114",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0114"
+        }
+      ]
+    },
+    {
+      "version": "0.7.49",
+      "date": "2026-05-05",
+      "headline": "`b.middleware.headers(opts)` — inbound HTTP header threat-detection middleware. Sits at the top of",
+      "summary": "the request lifecycle. Threat catalog: `header-name-shape` (header name not a valid RFC 9110 §5.1 token); `header-value-control-byte` (CR / LF / NUL inside any header value — header-injection defense in depth on top of Node's rejection); `header-count-cap` (default 100 inbound he.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.headers(opts)` — inbound HTTP header threat-detection middleware. Sits at the top of",
+              "body": "`b.middleware.headers(opts)` — inbound HTTP header threat-detection middleware. Sits at the top of the request lifecycle. Threat catalog: `header-name-shape` (header name not a valid RFC 9110 §5.1 token); `header-value-control-byte` (CR / LF / NUL inside any header value — header-injection defense in depth on top of Node's rejection); `header-count-cap` (default 100 inbound headers max); `header-value-cap` (default 8 KiB per value); `smuggling-cl-te` (RFC 9112 §6.1 — both Content-Length and Transfer-Encoding present, the canonical CL.TE / TE.CL request-smuggling vector); `smuggling-cl-multi` / `smuggling-te-multi` (multiple values for either header — proxy-desync class); `deprecated-trust-header` (X-Forwarded-For / -Proto / -Host / -Port / X-Real-IP present without operator-supplied `trustProxy: true` opt — operators should adopt RFC 7239 `Forwarded`). On `mode: \"enforce\"` + `refuseOnHigh` (default), refuses with HTTP 400 + JSON body listing detected high-severity issues; emits one audit row per issue regardless of mode. Complements the existing per-route smuggling defense in `b.middleware.bodyParser` by running the same check at the top of the chain (covers GET / HEAD requests that don't body-parse)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9110",
+          "url": "https://www.rfc-editor.org/rfc/rfc9110.html"
+        },
+        {
+          "label": "RFC 9112",
+          "url": "https://www.rfc-editor.org/rfc/rfc9112.html"
+        },
+        {
+          "label": "RFC 7239",
+          "url": "https://www.rfc-editor.org/rfc/rfc7239.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.48",
+      "date": "2026-05-05",
+      "headline": "`b.cookies.parseSafe` + `b.middleware.cookies` inbound cookie-header threat detection",
+      "summary": "Closes the inbound-detection gap on the cookie surface. `b.cookies.parse` remains lenient (last-write-wins, silent skip); `parseSafe` returns `{ jar, issues }` surfacing every detected anomaly, and the matching middleware wires it into the request lifecycle.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.cookies.parseSafe(header, opts)`",
+              "body": "Returns `{ jar, issues }` and surfaces every detected anomaly: header-cap (oversized Cookie header), header-control-byte (CR / LF / NUL injected through proxy — header-injection prelude class), pair-malformed (missing `=`), pair-empty-name, name-cap (oversized name), value-cap (oversized value), duplicate-name (cookie-tossing class — same name appearing more than once in one Cookie header indicates an attacker-set parent-domain cookie shadowing the legitimate one)."
+            },
+            {
+              "title": "`b.middleware.cookies({ mode, audit, refuseOnHigh })`",
+              "body": "Wires `parseSafe` into the request lifecycle: populates `req.cookieJar`, emits one audit row per detected issue, and refuses with HTTP 400 on any high-severity issue when `mode: \"enforce\"` (default)."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Existing `b.cookies` invariants unchanged",
+              "body": "RFC 6265bis token grammar enforcement, `__Host-` / `__Secure-` prefix invariants, SameSite=None requires Secure, `Partitioned` / CHIPS attribute support, length caps on serialize-side all remain unchanged — this release closes the inbound-detection gap only."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6265bis — Cookies: HTTP State Management Mechanism",
+          "url": "https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/"
+        },
+        {
+          "label": "CHIPS — Cookies Having Independent Partitioned State",
+          "url": "https://github.com/privacycg/CHIPS"
+        }
+      ]
+    },
+    {
+      "version": "0.7.47",
+      "date": "2026-05-05",
+      "headline": "`b.guardMime` RFC 6838 media-type identifier-safety primitive",
+      "summary": "Validates user-supplied media type strings destined for Accept-shape comparison, content-type allowlists, and dispatch routing. Auto-registers into `b.guardAll` as a STANDALONE_GUARD.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardMime` (KIND=\"identifier\") media-type validator",
+              "body": "Validates media type strings against RFC 6838. `sanitize` lowercases type/subtype while preserving parameter case (multipart boundary tokens etc. are case-significant)."
+            },
+            {
+              "title": "Media-type threat catalog",
+              "body": "Shape malformation (missing `/`, bad type/subtype tokens against RFC 6838 §4.2 restricted-name grammar); parameter validation against the RFC 7231 §3.1.1.1 tchar token grammar (token-only or quoted-string per RFC 7230 §3.2.6); wildcard (`type/subtype` with `*`) outside Accept context refuse; vendor tree (`vnd.*`), personal tree (`prs.*`), and unregistered (`x.*` / `x-*`) namespace audit so operators audit those slots; BIDI / zero-width / control / null-byte universal refuse."
+            },
+            {
+              "title": "Risky-type refuse list",
+              "body": "Refuses executable + script-host content types: `application/x-msdownload`, `application/x-bat`, `application/x-msdos-program`, `application/x-sh`, `application/x-csh`, `application/x-perl`, `application/x-python`, `application/javascript`, `application/x-javascript`, `text/javascript`, `text/x-javascript`, `application/x-shockwave-flash`, `application/x-msi`."
+            },
+            {
+              "title": "Profiles + compliance postures",
+              "body": "Profiles: `strict` (refuse wildcard + risky-type, audit trees + parameters), `balanced` (audit most things, allow vendor tree), `permissive` (universal-refuse class still refused). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6838 — Media Type Specifications and Registration Procedures",
+          "url": "https://www.rfc-editor.org/rfc/rfc6838.html"
+        },
+        {
+          "label": "RFC 7230 — HTTP/1.1 Message Syntax and Routing",
+          "url": "https://www.rfc-editor.org/rfc/rfc7230.html"
+        },
+        {
+          "label": "RFC 7231 — HTTP/1.1 Semantics and Content",
+          "url": "https://www.rfc-editor.org/rfc/rfc7231.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.46",
+      "date": "2026-05-05",
+      "headline": "`b.guardTime` RFC 3339 / ISO 8601 datetime identifier-safety primitive",
+      "summary": "Validates user-supplied datetime strings destined for audit timestamps, scheduling, retention windows, query ranges, and cross-system event correlation. Auto-registers into `b.guardAll` as a STANDALONE_GUARD.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardTime` (KIND=\"identifier\") datetime validator",
+              "body": "Validates user-supplied datetime strings against the RFC 3339 §5.6 grammar / ISO 8601. `sanitize` normalises a space date/time separator to `T` and uppercases the trailing `z` UTC marker."
+            },
+            {
+              "title": "Threat catalog for datetime inputs",
+              "body": "Shape malformation against RFC 3339 §5.6; year-window overflow (default `[1970, 9999]`); naive datetime (no offset) refuse; non-UTC offset policy (strict requires `Z` / `+00:00`); leap-second `60` field policy (RFC 3339 §5.6 valid but parser-panic prone); excessive fractional precision cap (default 9 digits / nanoseconds); date-only and time-only refuse for full-datetime contexts; structural range violations (month / day-in-month / hour / minute / second); BIDI / zero-width / control / null-byte universal refuse."
+            },
+            {
+              "title": "Profiles + compliance postures",
+              "body": "Profiles: `strict` (refuse all of the above), `balanced` (refuse naive; audit non-UTC + leap + fractional + date/time-only), `permissive` (universal-refuse class still refused). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 3339 — Date and Time on the Internet",
+          "url": "https://www.rfc-editor.org/rfc/rfc3339.html"
+        },
+        {
+          "label": "ISO 8601",
+          "url": "https://www.iso.org/iso-8601-date-and-time-format.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.45",
+      "date": "2026-05-05",
+      "headline": "`b.guardCidr` CIDR identifier-safety primitive",
+      "summary": "Validates user-supplied CIDR notation strings (IPv4 + IPv6) destined for network allowlists, ACLs, security-group rules, and tenant-boundary configuration. Auto-registers into `b.guardAll` as a STANDALONE_GUARD.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardCidr` (KIND=\"identifier\") CIDR validator",
+              "body": "Validates user-supplied IPv4 and IPv6 CIDR notation strings before they reach allowlists / ACLs / security-group rules / tenant-boundary configuration."
+            },
+            {
+              "title": "CIDR threat catalog",
+              "body": "Shape malformation, IPv4 octet overflow + leading-zero refuse, IPv6 zero-group ambiguity, mask out-of-range (IPv4 32 / IPv6 128 ceiling), network-address misalignment (host bits set on a non-/32 / non-/128 prefix — common typo class). BIDI / zero-width / control / null-byte universal refuse."
+            },
+            {
+              "title": "Reserved-range membership detection",
+              "body": "Covers all IPv4 RFC 1918 private blocks (`10/8`, `172.16/12`, `192.168/16`), loopback `127/8`, link-local `169.254/16`, multicast `224/4`, class-E `240/4`, RFC 5737 documentation `192.0.2/24` + `198.51.100/24` + `203.0.113/24`, benchmarking `198.18/15`, CGNAT `100.64/10`, this-network `0/8`, plus IPv6 loopback `::1`, unspecified `::/128`, ULA `fc00::/7`, link-local `fe80::/10`, multicast `ff00::/8`, documentation `2001:db8::/32`, teredo, deprecated 6to4 `2002::/16`."
+            },
+            {
+              "title": "IPv4-mapped IPv6 dual-stack confusion",
+              "body": "Detects `::ffff:0:0/96` dual-stack confusion (CVE-2021-22931 IPv6 variant). Bare-IP-without-mask policy: strict refuses, balanced audits, permissive allows."
+            },
+            {
+              "title": "Profiles + compliance postures",
+              "body": "Profiles: `strict` / `balanced` / `permissive`. Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 1918 — Address Allocation for Private Internets",
+          "url": "https://www.rfc-editor.org/rfc/rfc1918.html"
+        },
+        {
+          "label": "RFC 5737 — IPv4 Address Blocks Reserved for Documentation",
+          "url": "https://www.rfc-editor.org/rfc/rfc5737.html"
+        },
+        {
+          "label": "CVE-2021-22931 — Node.js IPv6 / IPv4-mapped resolution",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
+        }
+      ]
+    },
+    {
+      "version": "0.7.44",
+      "date": "2026-05-05",
+      "headline": "`b.guardUuid` UUID identifier-safety primitive",
+      "summary": "Validates user-supplied UUID strings per RFC 9562 (May 2024, obsoletes RFC 4122). Auto-registers into `b.guardAll` as a STANDALONE_GUARD; the adaptive integration harness picks it up via the KIND=\"identifier\" dispatcher.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardUuid` (KIND=\"identifier\") UUID validator",
+              "body": "Validates user-supplied UUID strings against RFC 9562. Recognises the four canonical forms (hyphenated 8-4-4-4-12, hyphenless 32-hex, Microsoft GUID braces `{...}`, `urn:uuid:` prefix) and refuses shape malformations. `sanitize` returns canonical lowercase hyphenated form (strips braces / urn prefix)."
+            },
+            {
+              "title": "Threat catalog for UUID inputs",
+              "body": "Refuses RFC 9562 §4.2 unassigned version digits (only 1-8 are defined); refuses non-RFC 4122 variant bits (only the `10xx` high-bits family is the canonical UUID variant); refuses nil UUID §5.9 / max UUID §5.10 sentinel-leak shapes; enforces a format policy (strict default = `hyphenated-only`); BIDI / zero-width / control / null-byte universal refuse via `lib/codepoint-class.js`."
+            },
+            {
+              "title": "Profiles + compliance postures",
+              "body": "Profiles: `strict` (hyphenated-only, refuse all sentinels and non-canonical forms), `balanced` (accept any form, audit sentinels), `permissive` (universal-refuse class still refused). Postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9562 — Universally Unique IDentifiers (UUIDs)",
+          "url": "https://www.rfc-editor.org/rfc/rfc9562.html"
+        },
+        {
+          "label": "RFC 4122 (obsoleted)",
+          "url": "https://www.rfc-editor.org/rfc/rfc4122.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.43",
+      "date": "2026-05-05",
+      "headline": "`b.guardDomain` — domain-name identifier-safety primitive (KIND=\"identifier\"). Validates",
+      "summary": "user-supplied DNS names destined for allowlists, redirect targets, webhook endpoints, email-domain extraction, and CORS origin checks.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardDomain` — domain-name identifier-safety primitive (KIND=\"identifier\"). Validates",
+              "body": "`b.guardDomain` — domain-name identifier-safety primitive (KIND=\"identifier\"). Validates user-supplied DNS names destined for allowlists, redirect targets, webhook endpoints, email-domain extraction, and CORS origin checks. Threat catalog: RFC 1035 §2.3.4 length caps (63 octets per label, 253 octets per FQDN), RFC 952 / 1123 LDH-rule violations (no leading/trailing hyphen, no `--` at positions 3-4 except `xn--`), IDN homograph mixed-script confusables (Latin / Cyrillic / Greek / Cherokee / Armenian / Han / Hiragana / Katakana / Hangul / Arabic / Hebrew range tables), BIDI / zero-width / control / null universal refuse via `lib/codepoint-class.js` (CVE-2021-42574 Trojan Source class), Punycode A-label malformation (bare `xn--`, double-encoded), RFC 6761 special-use suffix matching (`.localhost` / `.local` / `.invalid` / `.test` / `.onion` / `.alt` / `.home.arpa` / `.internal`), IPv4-as-domain confusion (CVE-2021-22931 — dotted-decimal / octal / hex / long-decimal forms), IPv6 bracket-literal, single-label / TLD-only refuse, wildcard `*` label refuse at every profile, RFC 8552 underscore-service-label policy, DGA Shannon-entropy heuristic for high-entropy long single labels (Mirai / Conficker C2 shape). Profiles: `strict` (Latin-only scripts, refuse-on-everything), `balanced` (audit Punycode, allow major international scripts, audit DGA), `permissive` (universal-refuse class still refused; everything else audit / allow). Compliance postures: `hipaa` / `pci-dss` / `soc2` strict overlay; `gdpr` balanced overlay. Auto-registers into `b.guardAll` as a STANDALONE_GUARD; the adaptive integration harness at `test/layer-5-integration/guard-host-integration.test.js` picks it up automatically. Defer-with-condition: full UTS #46 ToASCII / ToUnicode round-trip and Public-Suffix-List boundary enforcement ship behind operator-supplied callbacks (`opts.idnToAscii`, `opts.publicSuffixList`); re-open conditions are documented in the wiki page."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 1035",
+          "url": "https://www.rfc-editor.org/rfc/rfc1035.html"
+        },
+        {
+          "label": "RFC 952",
+          "url": "https://www.rfc-editor.org/rfc/rfc952.html"
+        },
+        {
+          "label": "RFC 6761",
+          "url": "https://www.rfc-editor.org/rfc/rfc6761.html"
+        },
+        {
+          "label": "RFC 8552",
+          "url": "https://www.rfc-editor.org/rfc/rfc8552.html"
+        },
+        {
+          "label": "CVE-2021-42574",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        },
+        {
+          "label": "CVE-2021-22931",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
+        }
+      ]
+    },
+    {
+      "version": "0.7.42",
+      "date": "2026-05-05",
+      "headline": "Gitleaks allowlist for v0",
+      "summary": "7.28 CHANGELOG doc-snippet false-positive. The v0.7.28 release-notes entry for `b.crypto.encryptMlkem768X25519` includes a JS-object-literal code example with a `privateKey: mlkemPrivateKey` field; gitleaks' default `generic-api-key` rule fires on the high-entropy content adjacent to the `privateKey:` token, blocking every release-tag CI run since v0.7.38.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Gitleaks allowlist for v0",
+              "body": "gitleaks allowlist for v0.7.28 CHANGELOG doc-snippet false-positive. The v0.7.28 release-notes entry for `b.crypto.encryptMlkem768X25519` includes a JS-object-literal code example with a `privateKey: mlkemPrivateKey` field; gitleaks' default `generic-api-key` rule fires on the high-entropy content adjacent to the `privateKey:` token, blocking every release-tag CI run since v0.7.38. Allowlisted by commit + fingerprint per the same pattern as the existing `74e627e` entry — surgical suppression of the documented false positive, no broader rule weakening. Working-tree-only or rule-disabling alternatives were rejected: gitleaks' `git`-history scan is the stricter gate (catches secrets that landed and were later removed) and the documented snippet contains no real secret."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.41",
+      "date": "2026-05-05",
+      "headline": "Wiki primitive-validator BACKLOG sweep: 50 of 101 entries pruned",
+      "summary": "Audited every entry in `examples/wiki/test/validate-primitive-sections.js`'s `UNDOCUMENTED_BACKLOG` map against the actual wiki page bodies; primitives that already have signature-form headings (`b.X.Y(...)`) discovered by the validator no longer need a BACKLOG entry suppressing them.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Wiki primitive-validator BACKLOG sweep: 50 of 101 entries pruned",
+              "body": "wiki primitive-validator BACKLOG sweep: 50 of 101 entries pruned. Audited every entry in `examples/wiki/test/validate-primitive-sections.js`'s `UNDOCUMENTED_BACKLOG` map against the actual wiki page bodies; primitives that already have signature-form headings (`b.X.Y(...)`) discovered by the validator no longer need a BACKLOG entry suppressing them. Removed entries: `consent`, `websocketChannels`, `ssrfGuard`, `htmlBalance`, `csv`, `uuid`, `time`, `mailBounce`, `archive`, `breakGlass`, `forms`, `render`, `errorPage`, `cluster`, `safeBuffer`, `safeSql`, `safeUrl`, `retry`, `fileType`, `scheduler`, `jobs`, `backup`, `restore`, `i18n`, `cache`, `crypto`, `createApp`, `fileUpload`, `mtlsCa`, `pqcGate`, `pqcAgent`, `permissions`, `apiKey`, `webhook`, `notify`, `credentialHash`, `queue`, plus the 11-guard family (`guardEmail` through `guardAll`). The remaining 51 entries fall into three real classes: namespace-level entries with method-only headings (vault primitives, audit chain, etc.), pages structured around backend-builder patterns instead of flat methods (`objectStore`, `backupBundle`, etc.), and internal helpers that aren't part of the operator surface (`cli`, `boot`, `dev`, `protocolDispatcher`). The shrunk BACKLOG narrows the gap operators see between \"covered by the parent's wiki page\" and \"actually drift waiting to be fixed.\"."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.40",
+      "date": "2026-05-05",
+      "headline": "RFC 8617 ARC chain-validity hardening: duplicate-instance refusal, gap detection, hop ceiling, per-hop `cv=` rule enforcement",
+      "summary": "Closes a class of chain-injection holes the prior `arcVerify` would silently accept. Duplicate instance — two `ARC-Seal` (or AMS / AAR) headers at the same `i=N` now fail with `reason: \"duplicate-instance\"` instead of silently letting the second header overwrite the first signer's record (the latter is a known forwarder-injection attack).",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Duplicate instance",
+              "body": "two `ARC-Seal` (or AMS / AAR) headers at the same `i=N` now fail with `reason: \"duplicate-instance\"` instead of silently letting the second header overwrite the first signer's record (the latter is a known forwarder-injection attack)."
+            },
+            {
+              "title": "Non-contiguous chain",
+              "body": "gap detection (`i=1, i=3` with no `i=2`) now correctly fails with `reason: \"incomplete-or-non-contiguous\"`. The prior `.some()` check skipped sparse-array empty slots and let the gap through."
+            },
+            {
+              "title": "Hop ceiling",
+              "body": "RFC 8617 §5.1.2 caps the chain at 50 sets; verifier now refuses with `reason: \"too-many-hops\"`."
+            },
+            {
+              "title": "Per-hop `cv=` rules",
+              "body": "i=1 MUST be `cv=none` (no upstream chain to validate); i≥2 MUST be `cv=pass` or `cv=fail` (cv=none invalid past hop 1); a downstream `cv=pass` after an upstream `cv=fail` is invalid (a hop can't claim chain-pass when an earlier hop saw it fail). Each violation surfaces with a structured `reason` field. Result shape gains `perHopCv: [string|null,...]` (one entry per hop) and `reason: string` when `chainStatus === \"fail\"` so operators can distinguish \"signature failed\" from \"chain rules violated\" without parsing free-text errors."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8617",
+          "url": "https://www.rfc-editor.org/rfc/rfc8617.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.39",
+      "date": "2026-05-05",
+      "headline": "RFC 8954 OCSP nonce extension default-on, plus persistent-log reliability fix in the smoke runner",
+      "summary": "`b.network.tls.ocsp.buildRequest(opts)` (NEW) — constructs a DER-encoded OCSPRequest for a single (`leafCertDer`, `issuerCertDer`) pair. The RFC 8954 nonce extension is on by default (security-defaults-on rule); operators talking to responders that ignore nonces opt out via `nonce: false`.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.network.tls.ocsp.buildRequest(opts)`",
+              "body": "(NEW) — constructs a DER-encoded OCSPRequest for a single (`leafCertDer`, `issuerCertDer`) pair. The RFC 8954 nonce extension is on by default (security-defaults-on rule); operators talking to responders that ignore nonces opt out via `nonce: false`. Default nonce length is 16 bytes (RFC 8954 §2.1 floor 1, ceiling 32 — `nonceLen` overrides). CertID hashes are SHA-1 per RFC 6960 §4.1.1 (the universally-supported algorithm; SHA-256 in OCSP requests is §4.3 optional and many responders reject). Returns `{ requestDer, nonce }`. Operators send `requestDer` to the OCSP responder URL via `b.httpClient` (Content-Type: `application/ocsp-request`) and pass the returned `nonce` Buffer to `evaluate(responseDer, { issuerPem, expectedNonce })` — defends against replay attacks where an attacker captures a \"good\" OCSP response and replays it after the cert is revoked."
+            },
+            {
+              "title": "DER writer surface added to `lib/asn1-der.js`",
+              "body": "`writeNode` / `writeSequence` / `writeOctetString` / `writeInteger` / `writeNull` / `writeOid` / `writeContextExplicit` (minimal, ~80 lines, X.690 short + long-form length encoding)."
+            },
+            {
+              "title": "`evaluate(der, opts)` accepts `expectedNonce`",
+              "body": "when supplied, the response's nonce extension MUST match (else `tls/ocsp-nonce-mismatch`). Result shape gains a `nonce` field: `\"matched\"` / `\"present-not-checked\"` / `\"n/a\"`."
+            },
+            {
+              "title": "Smoke-runner persistent log reliability fix",
+              "body": "the `.test-output/smoke.log` tee was using `fs.createWriteStream` (async); when the runner threw on a test failure the buffer didn't flush before `process.exit`, so the failure detail never reached the log. Replaced with synchronous `fs.writeSync` against an open fd — every byte hits disk before exit. Surface change for diagnosing future failures: the log now ALWAYS captures the failure stack instead of truncating mid-run."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8954",
+          "url": "https://www.rfc-editor.org/rfc/rfc8954.html"
+        },
+        {
+          "label": "RFC 6960",
+          "url": "https://www.rfc-editor.org/rfc/rfc6960.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.38",
+      "date": "2026-05-05",
+      "headline": "RFC 6698 + RFC 7672 DANE certificate-chain verification, plus smoke-runner LPT scheduling and a wiki failure-detail bugfix",
+      "summary": "`b.network.smtp.dane.verifyChain(certChain, tlsaRecords, opts?)` (NEW) — walks the peer cert chain (leaf-first DER buffers — typically `sock.getPeerCertificate(true).raw`) and confirms at least one TLSA record matches per the record's usage / selector / mtype.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.smtp.dane.verifyChain(certChain, tlsaRecords, opts?)`",
+              "body": "(NEW) — walks the peer cert chain (leaf-first DER buffers — typically `sock.getPeerCertificate(true).raw`) and confirms at least one TLSA record matches per the record's usage / selector / mtype. SMTP outbound (RFC 7672) only honors `DANE-TA` (2) and `DANE-EE` (3); `PKIX-TA` (0) and `PKIX-EE` (1) require a full PKIX path validator + CA-bundle and are refused unless the operator opts in via `allowPkixModes`. Selector `Cert` (0) compares the full DER; selector `SPKI` (1) compares the SubjectPublicKeyInfo bytes (extracted via the framework ASN.1 walker). Matching types: `Full`, sha-two-family at the short-digest length, sha-two-family at the long-digest length. Returns `{ ok, matches: [{ tlsaIndex, certIndex, usage, mtype }], errors }`."
+            },
+            {
+              "title": "ASN.1 walker",
+              "body": "`lib/asn1-der.js` `readNode` now surfaces a `.raw` field on each node (header + value bytes from the source buffer) so SPKI extraction can return the exact wire bytes for byte-identical TLSA matching."
+            },
+            {
+              "title": "Smoke-runner LPT scheduling",
+              "body": "`test/smoke.js` parallel mode now uses Longest-Processing-Time-first scheduling with a continuous worker queue. Per-test durations persist under `.test-output/smoke-timings.json` keyed by `process.platform` (so host win32/darwin and Linux container don't pollute each other's medians) with a 5-run history per test. Replaces the prior batched `Promise.all(slice(i, i + PARALLEL))` scheduling that left workers idle when one batch contained the long-tail test."
+            },
+            {
+              "title": "Wiki failure-detail bugfix",
+              "body": "`examples/wiki/test/e2e.js` was printing the per-example failure list AFTER the assert that throws on failure → operators only saw \"1 of 178 failed\" without WHICH example. Reordered so failure detail prints first."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6698",
+          "url": "https://www.rfc-editor.org/rfc/rfc6698.html"
+        },
+        {
+          "label": "RFC 7672",
+          "url": "https://www.rfc-editor.org/rfc/rfc7672.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.37",
+      "date": "2026-05-05",
+      "headline": "RFC 8460 TLS-RPT submission transport via `b.network.smtp.tlsRpt`",
+      "summary": "Adds `fetchPolicy` + `submit`. The previous `recordShape` only generated the JSON; operators had to wire submission themselves.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.smtp.tlsRpt.fetchPolicy(domain, opts)`",
+              "body": "(NEW) — reads the RFC 8460 §3 `_smtp._tls.<domain>` TXT record and returns `{ version, rua: [string,...] }` where `rua` is the comma-separated list of report URIs (`https://` and `mailto:`) the recipient publishes. Returns `null` when no record is published. `opts.dnsLookup` is operator-supplied so the call composes with `b.network.dns` (DoH / DoT) without a hard dep; falls back to `node:dns/promises.resolveTxt`."
+            },
+            {
+              "title": "`b.network.smtp.tlsRpt.submit(report, opts)`",
+              "body": "(NEW) — submits a TLS-RPT report to the published rua endpoints. `https://` URIs receive an HTTPS `POST` with `Content-Type: application/tlsrpt+gzip` and a gzip-compressed JSON body per RFC 8460 §6.2. `mailto:` URIs return a prepared `{ to, subject, contentType, encoding, body }` object so operators hand it to `b.mail` with their configured relay (the framework doesn't bake an SMTP relay in — operators wire transport per their environment). Per-endpoint result records carry `{ uri, kind, ok, status, error }` so a failure on one rua doesn't cascade. Routes through `b.httpClient` so SSRF + DNS-pin + retry policy come for free."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8460",
+          "url": "https://www.rfc-editor.org/rfc/rfc8460.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.36",
+      "date": "2026-05-05",
+      "headline": "RFC 7633 must-staple enforcement via `b.network.tls.ocsp.inspectMustStaple`",
+      "summary": "Adds `inspectMustStaple` + a `requireMustStaple` predicate. The TLS Feature extension (OID `1.3.6.1.5.5.7.1.24`) is the cert-side contract that says \"every connection MUST carry an OCSP staple\"; clients that ignore the extension defeat its purpose.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.tls.ocsp.inspectMustStaple(rawDer)`",
+              "body": "(NEW) — walks the X.509 cert DER and reads the TLS Feature extension. Returns `{ mustStaple, features }` where `mustStaple === true` when status_request (5) is in the feature list. Tolerant of malformed cert input (returns `{ mustStaple: false, features: [] }` rather than throwing)."
+            },
+            {
+              "title": "`b.network.tls.ocsp.requireMustStaple(opts)`",
+              "body": "(NEW) — operator predicate `(peerCert, ctx) → Error|null`. Refuses connections where the cert advertises must-staple but `ctx.ocspBytes` is empty/missing per RFC 7633 §4.2.3. `opts.enforceUnconditional: true` extends the policy to refuse staple-less responses on certs that don't carry must-staple — operator-stricter-than-RFC posture. Error codes: `tls/ocsp-no-cert` / `tls/ocsp-must-staple-violated` / `tls/ocsp-staple-required`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7633",
+          "url": "https://www.rfc-editor.org/rfc/rfc7633.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.35",
+      "date": "2026-05-05",
+      "headline": "DKIM verify hardening: process-local key cache + RSA modulus-size enforcement + `l=` warning",
+      "summary": "Process-local DKIM key cache — `_fetchDkimKey` now caches each successful TXT lookup keyed by `<selector>._domainkey.<domain>` for 5 minutes (TTL-bounded; rotated keys propagate within minutes). LRU-ish eviction at 1024 entries. Mailing-list fan-out and bulk-replay scenarios that previously hammered DNS for the same selector now hit the cache.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Process-local DKIM key cache",
+              "body": "`_fetchDkimKey` now caches each successful TXT lookup keyed by `<selector>._domainkey.<domain>` for 5 minutes (TTL-bounded; rotated keys propagate within minutes). LRU-ish eviction at 1024 entries. Mailing-list fan-out and bulk-replay scenarios that previously hammered DNS for the same selector now hit the cache."
+            },
+            {
+              "title": "RSA modulus-size enforcement",
+              "body": "RSA keys < 1024 bits hard-fail per RFC 8301 §3.1; keys < 2048 bits emit a `rsa-key-weak` warning so operators can quarantine while transitioning. Reads `keyObj.asymmetricKeyDetails.modulusLength` from `node:crypto`."
+            },
+            {
+              "title": "`l=` body-length warning on verify",
+              "body": "the framework refuses `l=` at SIGN-time per v0.7.18 (M³AAWG / Gmail / Microsoft 365 guidance). On VERIFY of inbound mail, an `l=` tag now surfaces as `l-tag-present: append-after-signature exposure (RFC 6376 §8.2)` in the result's `warnings` array. The verifier still honors the cap so legitimate senders that use `l=` don't break, but operators see the exposure. Verify-result shape gains a `warnings` field on `pass` / `fail` results (alongside the existing `errors` array)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8301",
+          "url": "https://www.rfc-editor.org/rfc/rfc8301.html"
+        },
+        {
+          "label": "RFC 6376",
+          "url": "https://www.rfc-editor.org/rfc/rfc6376.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.34",
+      "date": "2026-05-05",
+      "headline": "`b.network.tls.ct.verifyScts` with real RFC 6962 / 9162 Signed Certificate Timestamp signature",
+      "summary": "verification, plus `b.network.tls.ct.parseScts` ASN.1 walker.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.tls.ct.parseScts(rawDer)`",
+              "body": "(NEW) — full ASN.1 walk; returns `[{ version, logIdHex, timestamp, signature, ... }]` or `[]` when no SCT extension present (tolerant of malformed cert input — returns empty rather than throwing)."
+            },
+            {
+              "title": "`b.network.tls.ct.verifyScts(rawDer, opts)`",
+              "body": "(NEW) — full verification. `opts.logKeys` maps log_id (hex SHA-256 of the log's pubkey) → PEM public key; operators populate from the Chrome CT log list (the framework doesn't bake log keys in — they rotate). Returns `{ ok, verifiedCount, totalScts, reason, scts: [{ logIdHex, verified, ... }] }`."
+            },
+            {
+              "title": "`b.network.tls.ct.requireScts({ minScts, logKeys })`",
+              "body": "(UPGRADED) — was OID-presence-only; now performs full signature verification. Reason-prefixed error codes: `tls/ct-no-cert` / `tls/ct-no-sct-extension` / `tls/ct-insufficient-verified` / `tls/ct-not-verified`. Breaking — `network.tls.ct.APPROVED_LOGS` removed. The hardcoded log-list instance was always a stand-in; CT logs rotate keys and add/remove entries on the order of months. Operators now pass `logKeys` per call. Pre-v1, no compat shim."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6962",
+          "url": "https://www.rfc-editor.org/rfc/rfc6962.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.33",
+      "date": "2026-05-05",
+      "headline": "`b.network.tls.ocsp.requireGood` with real signature verification, plus a focused ASN.1 DER walker",
+      "summary": "for the framework's narrow cryptographic uses. `lib/asn1-der.js` (NEW) — minimal DER walker exposing `readNode` / `readSequence` / `readOid` / `readOctetString` / `readUnsignedInt` / `readBitString` / `unwrapExplicit`. Refuses BER indefinite-length encoding (DER-only).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`lib/asn1-der.js`",
+              "body": "(NEW) — minimal DER walker exposing `readNode` / `readSequence` / `readOid` / `readOctetString` / `readUnsignedInt` / `readBitString` / `unwrapExplicit`. Refuses BER indefinite-length encoding (DER-only). Throws `Asn1Error` with stable error codes (`asn1/short` / `asn1/bad-length` / `asn1/oid-malformed` / `asn1/wrong-tag` / etc.)."
+            },
+            {
+              "title": "`b.network.tls.ocsp.parseResponse(der)`",
+              "body": "RFC 6960 OCSPResponse parser. Returns `{ status, basic: { tbsResponseDataDer, signatureAlgorithmOid, signature, responses[] } }`. Each response carries `{ certIdSerialHex, certStatus, thisUpdate, nextUpdate }`."
+            },
+            {
+              "title": "`b.network.tls.ocsp.evaluate(der, { issuerPem, serialHex? })`",
+              "body": "full verification: parse + signature-verify against the operator-supplied issuer cert (rsa-sha256/384/512 + ecdsa-sha256/384/512) + certStatus check. Returns `{ ok, status, certStatus, thisUpdate, nextUpdate, signatureValid, errors }`."
+            },
+            {
+              "title": "`b.network.tls.ocsp.requireGood(opts)`",
+              "body": "(NEW) — connect + parse + signature-verify + certStatus check in one call. Throws `tls/ocsp-not-good` when the OCSP response is malformed, unsigned, signed-by-wrong-key, or carries `certStatus=revoked/unknown`. The honest counterpart to v0.7.31's `requireStapled` rename: `requireStapled` checks presence only (existing wrapper), `requireGood` does the full RFC 6960 validation."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6960",
+          "url": "https://www.rfc-editor.org/rfc/rfc6960.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.32",
+      "date": "2026-05-05",
+      "headline": "Wiki backfill for v0",
+      "summary": "7.18-31 primitives + parallel e2e example execution.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Wiki primitive-signature regex relaxed",
+              "body": "was `b.X.Y(...)` two-level only; now also matches `b.X(args)` top-level functions like `b.pick`, `b.lazyRequire`, `b.createApp`."
+            },
+            {
+              "title": "Parallel e2e example execution",
+              "body": "`examples/wiki/test/validate-primitive-sections.js` `runExamples()` now respects `SMOKE_PARALLEL=N` (capped at 64) and forks the per-example child processes in parallel batches. Timing: 78s sequential → 15s parallel-64 (5.2× speedup). Same env var as smoke; `SMOKE_PARALLEL=1` falls back to sequential for diagnosis."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.31",
+      "date": "2026-05-05",
+      "headline": "DKIM verify + ARC per-hop signature verification + wiki missing-section gate",
+      "summary": "`b.mail.dkim.verify(rfc822, opts)` (NEW) — RFC 6376 verifier counterpart to the existing signer.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.mail.dkim.verify(rfc822, opts)`",
+              "body": "(NEW) — RFC 6376 verifier counterpart to the existing signer. Walks every `DKIM-Signature` header in the message, parses the tag list, fetches the signing public key from DNS TXT at `<selector>._domainkey.<domain>` (operator passes `dnsLookup` callback or falls back to `node:dns/promises.resolveTxt`), canonicalizes the body + headers per the `c=` tag, and runs `node:crypto.verify`. Returns one result per signature: `{ d, s, alg, result, errors }` where result is `pass` / `fail` / `permerror` / `temperror` / `none`. Supports `rsa-sha256` and `ed25519-sha256`."
+            },
+            {
+              "title": "`b.mail.arc.verify(rfc822, opts)`",
+              "body": "(UPGRADED) — was structural-only; now performs full per-hop ARC-Message-Signature + ARC-Seal signature verification per RFC 8617 §5.1.1 and §5.1.2. AMS reuses the DKIM verifier (identical cryptographic shape); AS canonicalizes the chain of prior AAR/AMS/AS headers + own AAR/AMS plus AS-with-empty-`b=` per §5.1.2. Returns `{ chainStatus, hopCount, cv, hops: [{ instance, amsResult, asResult, ... }] }`. Chain validity per §5.2 — most recent AS's `cv=` must reflect upstream validity."
+            },
+            {
+              "title": "DKIM signer fold-output fix",
+              "body": "`_foldSignatureHeader` was producing malformed wire (`v=1\\r\\n\\ta=rsa-sha256;\\r\\n\\t...` — missing `;` after the first segment). RFC 6376 §3.2 requires `;` to stay on the prior line at fold boundaries. The corrected output is `v=1;\\r\\n\\ta=rsa-sha256;\\r\\n\\t...`. Pre-v1, no compat shims — operators rotate keys / rebuild any saved signatures."
+            },
+            {
+              "title": "`b.network.tls.ocsp.requireGood` → `requireStapled`",
+              "body": "(RENAMED) — the wrapper claimed \"good\" but only checked stapling-presence + non-empty bytes; full OCSP-response signature verification is a follow-up patch alongside an ASN.1 DER helper. The honest name keeps the surface from claiming verification it doesn't perform."
+            },
+            {
+              "title": "Wiki missing-section gate",
+              "body": "`examples/wiki/test/validate-primitive-sections.js` now enumerates every operator-facing primitive on `b.*` and refuses release if a primitive lacks a documented wiki section. Pre-v0.7.31 backlog explicitly listed in `UNDOCUMENTED_BACKLOG` with per-primitive reasons (most are documented under existing pages with prose-form rather than signature-form headings — backfilling the headings is a separate sweep). New primitives shipped from v0.7.31 forward MUST either land with a wiki section OR add an explicit BACKLOG entry."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 822",
+          "url": "https://www.rfc-editor.org/rfc/rfc822.html"
+        },
+        {
+          "label": "RFC 6376",
+          "url": "https://www.rfc-editor.org/rfc/rfc6376.html"
+        },
+        {
+          "label": "RFC 8617",
+          "url": "https://www.rfc-editor.org/rfc/rfc8617.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.30",
+      "date": "2026-05-05",
+      "headline": "`b.mail.spf` + `b.mail.dmarc` + `b.mail.arc` inbound mail authentication-results verification",
+      "summary": "family. Counterpart to the existing outbound DKIM signer. Operators receiving mail (incoming webhooks, customer-support inboxes, mailing-list ingestion, .eml uploads) evaluate sender authenticity and decide on accept / quarantine / reject.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.spf.verify({ ip, mailFrom, helo, dnsLookup })`",
+              "body": "RFC 7208 SPF check with ip4 / ip6 / include / all mechanisms; recursive include resolution with the 10-DNS-lookup ceiling per §4.6.4; returns `{ result, domain, explanation, lookupCount }` where result is one of `pass` / `fail` / `softfail` / `neutral` / `none` / `temperror` / `permerror`."
+            },
+            {
+              "title": "`b.mail.dmarc.evaluate({ from, spf, dkim, dnsLookup })`",
+              "body": "RFC 7489 DMARC alignment + policy resolution; fetches `_dmarc.<domain>` TXT record, evaluates `aspf` / `adkim` (relaxed/strict) alignment between From-header domain and SPF/DKIM authenticated domains, returns `{ result, policy, alignment, recommendedAction }` where recommendedAction is `deliver` / `quarantine` / `reject` per the published policy."
+            },
+            {
+              "title": "`b.mail.arc.verify(rfc822)`",
+              "body": "RFC 8617 ARC chain inspection; parses `ARC-Seal` / `ARC-Message-Signature` / `ARC-Authentication-Results` headers, returns `{ chainStatus, hopCount, hops }` with status `pass` / `fail` / `none` (structural integrity only — per-hop signature verification deferred to a follow-up patch)."
+            },
+            {
+              "title": "Wiki e2e parallelizable",
+              "body": "added `BLAMEJS_E2E_DATA_DIR` env override so the host wiki e2e and the Linux container wiki e2e can run in parallel without colliding on `examples/wiki/data-e2e`. Out of scope (deferred): SPF a / mx / exists / ptr / redirect mechanisms (operator-supplied dnsLookup callback handles the rare cases via permerror); full DKIM verify path (composes the canonicalization helpers from lib/mail-dkim.js but needs the symmetric verifier — substantial follow-up); ARC per-hop signature verification (depends on the DKIM verifier). The framework gives operators the OUTCOME-policy layer + the structural verifier; the deferred items address the residual signature-verification surface."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7208",
+          "url": "https://www.rfc-editor.org/rfc/rfc7208.html"
+        },
+        {
+          "label": "RFC 7489",
+          "url": "https://www.rfc-editor.org/rfc/rfc7489.html"
+        },
+        {
+          "label": "RFC 822",
+          "url": "https://www.rfc-editor.org/rfc/rfc822.html"
+        },
+        {
+          "label": "RFC 8617",
+          "url": "https://www.rfc-editor.org/rfc/rfc8617.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.29",
+      "date": "2026-05-05",
+      "headline": "`b.network.smtp` MTA-STS + DANE + TLS-RPT outbound SMTP gates. Gmail and Microsoft 365 penalize",
+      "summary": "senders without these policies; the framework now ships the operator surface for verifying recipient-domain policies before opening the SMTP socket. `b.network.smtp.mtaSts.fetch(domain)` — fetches `https://mta-sts.<domain>/.well-known/mta-sts.txt`, parses the policy text, returns `{ version, mode, mx[], max_age }` or `null` (domain doesn't publish).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.smtp.mtaSts.fetch(domain)`",
+              "body": "fetches `https://mta-sts.<domain>/.well-known/mta-sts.txt`, parses the policy text, returns `{ version, mode, mx[], max_age }` or `null` (domain doesn't publish). TTL-bounded `b.cache` per-process."
+            },
+            {
+              "title": "`b.network.smtp.mtaSts.matchMx(mxHost, mxList)`",
+              "body": "RFC 8461 §3.2 wildcard-aware MX matcher (`*.example.com` matches `mx.example.com` but not `a.b.example.com`)."
+            },
+            {
+              "title": "`b.network.smtp.dane.tlsa(domain, port?)`",
+              "body": "DNS TYPE 52 lookup via `node:dns.resolveTlsa`; returns `[{ usage, selector, mtype, dataHex }, ...]` for the `_<port>._tcp.<domain>` qname."
+            },
+            {
+              "title": "`b.network.smtp.dane.recordShape(rec)`",
+              "body": "adds RFC 6698 human-readable labels (`PKIX-TA` / `PKIX-EE` / `DANE-TA` / `DANE-EE`; `Cert` / `SPKI`; `Full` / `SHA-256` / `SHA-512`)."
+            },
+            {
+              "title": "`b.network.smtp.tlsRpt.recordShape(opts)`",
+              "body": "RFC 8460 TLS-RPT JSON report-shape generator with `organization-name` / `date-range` / `policies[].summary.total-{successful,failure}-session-count` / `failure-details`. Operators wire their report transport (SMTP / HTTPS) on top. Out of scope (deferred): full DANE certificate-chain verification per RFC 6698 (needs ASN.1 cert parsing); TLS-RPT submission transport (operator-side); DNSSEC ad-bit validation (operators pin to a DNSSEC-validating resolver externally)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8461",
+          "url": "https://www.rfc-editor.org/rfc/rfc8461.html"
+        },
+        {
+          "label": "RFC 6698",
+          "url": "https://www.rfc-editor.org/rfc/rfc6698.html"
+        },
+        {
+          "label": "RFC 8460",
+          "url": "https://www.rfc-editor.org/rfc/rfc8460.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.28",
+      "date": "2026-05-05",
+      "headline": "`ML_KEM_768_X25519` second envelope (TLS-interop hybrid)",
+      "summary": "The IETF / Cloudflare / Chrome standardized hybrid for TLS 1.3 (codepoint 0x11EC, draft-kwiatkowski-tls-ecdhe-mlkem). Smaller payload than ML-KEM-1024 + P-384 (~1.1 KB vs ~1.6 KB), wider interop with non-blamejs peers using the same hybrid (Cloudflare Workers / Chrome / blamejs-on-the-other-side).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.crypto.SUPPORTED_KEM_ALGORITHMS`",
+              "body": "lists every KEM hybrid the framework accepts on decrypt — `ml-kem-1024` / `ml-kem-1024-p384` (default) / `ml-kem-768-x25519` — for compliance audit visibility. `ACTIVE.KEM` stays on `ML_KEM_1024_P384`; the new hybrid is opt-in for cross-system interop."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.27",
+      "date": "2026-05-05",
+      "headline": "`b.compliance` top-level posture coordinator. Single source of truth for \"what regulatory posture",
+      "summary": "is this deployment running under?\". Primitives with a `compliancePosture` opt fall back to the global setting when the operator hasn't passed one explicitly. Surface: `b.compliance.set(\"hipaa\")` / `b.compliance.current()` / `b.compliance.assert(\"hipaa\")` / `b.compliance.clear()`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`KNOWN_POSTURES`",
+              "body": "`hipaa` / `pci-dss` / `gdpr` / `soc2` / `dora` / `sox`."
+            },
+            {
+              "title": "Boot-time only",
+              "body": "`set()` to a different posture after one is already active throws `compliance/already-set` (runtime switches forbidden — half-set state across initialized primitives is worse than no state); same-value re-set is idempotent."
+            },
+            {
+              "title": "Audit emissions",
+              "body": "`compliance.posture.set` on every successful set, `compliance.posture.cleared` on `clear()`. Wired into `b.gateContract.resolveProfileAndPosture` so every guard-* family member picks up the global posture as fallback when no per-call `compliancePosture` is given. Operators with multi-tenant deploys keep using per-call `compliancePosture` opts to override the global."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.26",
+      "date": "2026-05-05",
+      "headline": "`b.network.tls.ocsp` + `b.network.tls.ct` operator surface for OCSP enforcement and CT SCT",
+      "summary": "inspection. `b.network.tls.ocsp.connect(opts)` / `.requireGood(opts)` — wraps `tls.connect({ requestOCSP: true })` to give operators a one-call shape for \"connect with OCSP request\" and \"refuse if peer didn't staple a good OCSP response\".",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.network.tls.ocsp.connect(opts)` / `.requireGood(opts)`",
+              "body": "wraps `tls.connect({ requestOCSP: true })` to give operators a one-call shape for \"connect with OCSP request\" and \"refuse if peer didn't staple a good OCSP response\". Returns `{ authorized, ocspBytes, peerCert }` on success; rejects with `tls/ocsp-not-stapled` or `tls/ocsp-empty` from `requireGood` when the peer didn't deliver."
+            },
+            {
+              "title": "`b.network.tls.ct`",
+              "body": "Certificate Transparency (RFC 6962 / 9162) operator surface. `ct.inspect(rawDer)` returns `{ hasSctExtension, rawLength }` after byte-pattern locating the SCT extension OID `1.3.6.1.4.1.11129.2.4.2`. `ct.requireScts({ minScts? })` returns a predicate operators wire into their TLS-connect outcome flow — refuses peer certs lacking the SCT extension with `tls/ct-no-sct-extension`. `ct.APPROVED_LOGS` lists the 2026-current Google Argon / Cloudflare Nimbus / DigiCert Yeti / Sectigo Sabre / LetsEncrypt Oak shards. Out of scope this patch (deferred): full ASN.1 OCSPRequest building and OCSPResponse parsing; full SCT-signature verification against log pubkeys (presence-only enforcement until the ASN.1 dependency lands). The framework gives operators the OUTCOME-policy layer; node:tls already does the protocol."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6962",
+          "url": "https://www.rfc-editor.org/rfc/rfc6962.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.25",
+      "date": "2026-05-05",
+      "headline": "`b.dora` DORA Article 17 incident-reporting workflow",
+      "summary": "Financial entities subject to DORA (Regulation (EU) 2022/2554) classify, document, and report ICT-related incidents per the Article 17 RTS template (Commission Delegated Regulation 2024/1772). The new primitive produces the harmonized record their submission code drops into the regulator's API.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.dora.create({ audit })`",
+              "body": "Returns `{ classify, report, draftFinalReport }`. `classify(input)` evaluates the impact dimensions (`severityIndicator` / `affectedClients` / `economicImpact.eur` / `geographicScope` / `durationMs` / `dataAffected` / `reputationalImpact`) against the RTS Article 1 thresholds and returns `{ classification: \"major\"|\"significant\"|\"minor\", mustReport, mustReportInitialByMs, reasons }`. `report(input)` validates and builds the three-stage RTS-shaped record (initial / intermediate / final) with Article 19 deadlines auto-computed (initial → +72h intermediate due; intermediate → +30 days final due). `draftFinalReport(record)` returns a final-stage draft with the Article 19(6) fields ready for operator fill-in (`rootCause`, `remediationActions`, `lessonsLearned`, `preventiveMeasures`)."
+            },
+            {
+              "title": "RTS-aligned threshold constants",
+              "body": "`b.dora.MAJOR_INCIDENT_THRESHOLDS` and `b.dora.SIGNIFICANT_INCIDENT_THRESHOLDS` expose the numeric thresholds: 100k clients / 100k EUR / 2+ member states / 8h critical-process disruption (major); 10k clients / 10k EUR / 2h disruption (significant)."
+            },
+            {
+              "title": "Audit emissions",
+              "body": "`dora.incident.classified` / `dora.incident.reported` / `dora.incident.draftFinal` so the operator's audit chain captures every classification + submission moment alongside the rest of the compliance-relevant surface."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Operator-side submission stays out of scope",
+              "body": "Submission channel + credentials to ESAs / national supervisors are operator-specific; the primitive emits the RTS-shaped record and the operator's existing transport drops it into the regulator's API. The framework owns the record shape, not the wire."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "DORA Regulation (EU) 2022/2554",
+          "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj"
+        },
+        {
+          "label": "Commission Delegated Regulation (EU) 2024/1772",
+          "url": "https://eur-lex.europa.eu/eli/reg_del/2024/1772/oj"
+        }
+      ]
+    },
+    {
+      "version": "0.7.24",
+      "date": "2026-05-05",
+      "headline": "`b.retention.complianceFloor` accessor for regulatory minimum-retention windows",
+      "summary": "Operators get an explicit floor for record-retention TTLs keyed by compliance posture, so a too-short candidate TTL is silently bumped to the regulatory minimum instead of being honored as-is.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.retention.complianceFloor(posture, candidateTtlMs?)`",
+              "body": "Returns the effective TTL that meets or exceeds the regulatory floor for the named posture. When `candidateTtlMs` exceeds the floor it wins; when it's below, the floor takes over. Throws `retention/unknown-posture` on unknown names so a typo at boot doesn't silently produce a non-compliant retention window."
+            },
+            {
+              "title": "`b.retention.COMPLIANCE_RETENTION_FLOOR_MS`",
+              "body": "Exposes the per-posture regulatory minimums for compliance-audit visibility: `pci-dss` 365 days (PCI-DSS Req 10.7.1), `hipaa` 6 years (45 CFR §164.316(b)(2)), `sox` 7 years (Sarbanes-Oxley §802), `soc2` 1 year, `dora` 5 years (DORA Article 17)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "PCI-DSS v4.0 Requirement 10.7",
+          "url": "https://www.pcisecuritystandards.org/document_library/"
+        },
+        {
+          "label": "45 CFR §164.316 HIPAA Security Rule",
+          "url": "https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164"
+        },
+        {
+          "label": "Sarbanes-Oxley Act §802",
+          "url": "https://www.govinfo.gov/content/pkg/PLAW-107publ204/html/PLAW-107publ204.htm"
+        },
+        {
+          "label": "DORA Regulation (EU) 2022/2554",
+          "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj"
+        }
+      ]
+    },
+    {
+      "version": "0.7.23",
+      "date": "2026-05-05",
+      "headline": "DNS-over-HTTPS default-on",
+      "summary": "Default-on DoH for outbound DNS — `lib/network-dns.js` now uses Cloudflare DoH (`https://cloudflare-dns.com/dns-query`) for hostname resolution by default when neither `useDnsOverHttps()` nor `useDnsOverTls()` has been called explicitly.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Default-on DoH for outbound DNS",
+              "body": "`lib/network-dns.js` now uses Cloudflare DoH (`https://cloudflare-dns.com/dns-query`) for hostname resolution by default when neither `useDnsOverHttps()` nor `useDnsOverTls()` has been called explicitly. Privacy-respecting (encrypted DNS over TLS to a non-ISP resolver), aligned with Core Rule §3 (\"security defaults are not opt-in\")."
+            },
+            {
+              "title": "Local-form hosts route through node:dns",
+              "body": "RFC 6761 / 6762 special-form names (`localhost`, `*.localhost`, `*.local`, `*.test`, `*.invalid`, `*.internal`, `*.intranet`, `*.lan`, `*.home`, `*.corp`) AND IP literals skip DoH and use node:dns directly so `/etc/hosts` lookups + dev workflows continue to resolve correctly."
+            },
+            {
+              "title": "Operator opt-out via `b.network.dns.useSystemResolver()`",
+              "body": "split-horizon / internal-DNS deployments call this once at boot and every lookup routes through the OS resolver thereafter."
+            },
+            {
+              "title": "Env override `BLAMEJS_DNS_TRANSPORT`",
+              "body": "operators set `system` (force OS resolver), `dot` (force Cloudflare DNS-over-TLS at 1.1.1.1:853), or leave unset (default DoH)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6761",
+          "url": "https://www.rfc-editor.org/rfc/rfc6761.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.22",
+      "date": "2026-05-05",
+      "headline": "DKIM dual-signer + soc2-cc7 → soc2 posture rename",
+      "summary": "`b.mail.dkim.dualSigner` — RFC 8463 §3 transition signer that produces messages with BOTH a legacy RSA-SHA-256 DKIM-Signature AND an Ed25519-SHA-256 DKIM-Signature header. Receivers without Ed25519 support validate the RSA signature; receivers that prefer Ed25519 validate the post-quantum-friendlier signature.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.dkim.dualSigner`",
+              "body": "RFC 8463 §3 transition signer that produces messages with BOTH a legacy RSA-SHA-256 DKIM-Signature AND an Ed25519-SHA-256 DKIM-Signature header. Receivers without Ed25519 support validate the RSA signature; receivers that prefer Ed25519 validate the post-quantum-friendlier signature. Operators rolling off RSA-SHA-256 wire `b.mail.dkim.dualSigner({ domain, rsa: { selector, privateKey }, eddsa: { selector, privateKey } })` and pass the result anywhere a regular DKIM signer is accepted; `sign()` produces a wire with two `DKIM-Signature` headers. Both signers are constructed eagerly at create-time (configuration errors surface at boot, not at first send)."
+            },
+            {
+              "title": "soc2-cc7 → soc2 posture rename",
+              "body": "every guard's compliance posture name changes from `\"soc2-cc7\"` to `\"soc2\"`. The CC7-specific scoping was misleading (SOC 2 controls span CC1–CC9; the existing posture wasn't CC7-specific). Operators with `compliancePosture: \"soc2-cc7\"` MUST update to `compliancePosture: \"soc2\"` — the old name now throws `unknown compliance posture`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8463",
+          "url": "https://www.rfc-editor.org/rfc/rfc8463.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.21",
+      "date": "2026-05-05",
+      "headline": "Small primitive batch (5 fixes): TLS 1",
+      "summary": "3 framework-wide minimum, `b.safeRedirect`, `b.pick`, audit-sign legacy compat-shim removed, webhook PQC signatures emit base64url. Framework-wide TLS 1.3 minimum — `index.js` sets `tls.DEFAULT_MIN_VERSION = \"TLSv1.3\"` once at boot, before any framework module loads `node:tls`.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Framework-wide TLS 1.3 minimum",
+              "body": "`index.js` sets `tls.DEFAULT_MIN_VERSION = \"TLSv1.3\"` once at boot, before any framework module loads `node:tls`. Applies to every TLS socket (outbound `https.request` / mail SMTP+STARTTLS / Redis-Postgres-Mongo TLS / `b.httpClient`, AND inbound `https.createServer` when blamejs is the listener). Per-call override still works for legacy peers."
+            },
+            {
+              "title": "`b.safeRedirect`",
+              "body": "open-redirect (CWE-601) defense. `b.safeRedirect.resolve(rawTarget, { allowedOrigins, allowedHosts, fallback })` returns the safe URL (or fallback). Refuses protocol-relative (`//attacker.com`), backslash variants (`\\\\\\\\attacker.com`), control-char-laden (CRLF header injection), and `data:` / `javascript:` schemes; same-origin paths (`/dashboard`) and fragments (`#x`) pass through; full URLs require explicit allowlist. Operator drops the result straight into `res.writeHead(302, { Location: ... })`."
+            },
+            {
+              "title": "`b.pick`",
+              "body": "mass-assignment (CWE-915 / OWASP API3:2023) defense. `b.pick(req.body, [\"a\", \"b\", [\"nested\", [\"sub1\"]]])` returns a NEW object with only allowlisted keys; prototype-pollution keys (`__proto__` / `constructor` / `prototype`) ALWAYS stripped even if listed. `opts.onUnknown: \"throw\"` rejects unknown keys instead of silently dropping. Nested allowlist syntax for object-shaped fields."
+            },
+            {
+              "title": "Audit-sign legacy compat-shim removed",
+              "body": "`lib/audit-sign.js` no longer falls back to `ml-dsa-87` for key files missing the `algorithm` field. Throws `KEY_FILE_MISSING_ALG` / `UNWRAPPED_MISSING_ALG` at load time; operators with legacy files rotate the key (deletes + regenerates) or hand-edit to add `\"algorithm\": \"slh-dsa-shake-256f\"`. Pre-v1 compat-shim sweep per the no-pre-v1-compat rule."
+            },
+            {
+              "title": "Webhook PQC signatures emit base64url",
+              "body": "`b.webhook` now signs to base64url (was hex). SLH-DSA-SHAKE-256f signatures are ~29.5 KB binary → ~40 KB base64url vs ~59 KB hex; the hex form blew past nginx default 8 KB / Cloudflare default 16 KB / many CDN edge limits. Verification accepts EITHER encoding for a transition window — base64url-shaped sig values decode as base64url; hex-shaped values decode as hex."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.20",
+      "date": "2026-05-05",
+      "headline": "Browser-hardening batch (5 fixes): CSRF Origin/Referer cross-check, default CSP gains Trusted Types, expanded",
+      "summary": "middleware.fetchMetadata`. CSRF Origin/Referer cross-check (`b.middleware.csrfProtect`) — second-line defense alongside the double-submit token. State-changing requests whose Origin (or Referer when Origin is absent) doesn't resolve to the request's own origin are refused before the token check.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Expanded Permissions-Policy",
+              "body": "defaults now disable `browsing-topics=()`, `attribution-reporting=()`, `unload=()`, `interest-cohort=()`, `join-ad-interest-group=()`, `run-ad-auction=()`, `private-state-token-issuance=()`, `private-state-token-redemption=()`, `compute-pressure=()`, `hid=()`, `serial=()`, `idle-detection=()` — closes advertising / tracking / load-event-leak / device-API surfaces. Existing operator overrides via `permissionsPolicy: \"...\"` continue unchanged."
+            },
+            {
+              "title": "`__Host-` / `__Secure-` cookie prefix invariants",
+              "body": "(`b.cookies.serialize`) — RFC 6265bis §4.1.3 enforced at serialize time. `__Secure-*` requires `secure: true`; `__Host-*` requires `secure: true` AND `path: \"/\"` AND no `domain:`. Each violation throws a typed `CookieError` with operator-actionable code (`cookies/prefix-secure-required`, `cookies/prefix-host-secure-required`, `cookies/prefix-host-path-required`, `cookies/prefix-host-no-domain`) instead of producing a malformed cookie that browsers silently reject."
+            },
+            {
+              "title": "`b.middleware.fetchMetadata`",
+              "body": "new fetch-metadata isolation primitive. Reads `Sec-Fetch-Site` / `Sec-Fetch-Mode` / `Sec-Fetch-Dest` and refuses cross-site state-changing requests by default. Operators opt in to specific destinations (e.g. `allowedDest: [\"empty\", \"document\"]`) or specific origins (`allowCrossSite: true`). Direct navigations (typed URL / bookmark — `Sec-Fetch-Site: none`) pass through; `same-origin` always passes; `same-site` configurable. Missing fetch-metadata (legacy browsers, server-to-server) deferred to other auth/CSRF layers per `allowMissing: true` default."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.19",
+      "date": "2026-05-05",
+      "headline": "Auth primitives — session timeouts, JWT keyResolver, bearer auth middleware, external JWT verify, Argon2id params",
+      "summary": "Five auth-surface additions: session idle + absolute timeouts (`b.session.verify`) now enforce OWASP ASVS 5.0 §3.3 / NIST SP 800-63B-4 with defaults of 30 min idle and 12 hours absolute. JWT `keyResolver` closes the kid-rotation gap. `b.middleware.bearerAuth`, `b.auth.jwt.verifyExternal`, and `b.auth.password.params()` round out the additions.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Session idle + absolute timeouts",
+              "body": "`b.session.verify` now enforces OWASP ASVS 5.0 §3.3 / NIST SP 800-63B-4 timeouts — defaults: 30 min idle, 12 hours absolute. Operators opt out per-call by passing `idleTimeoutMs: 0` / `absoluteTimeoutMs: 0`. Both surface `auth.session.expired_idle` / `auth.session.expired_absolute` audit events on enforcement."
+            },
+            {
+              "title": "JWT `keyResolver` opt for kid rotation",
+              "body": "`b.auth.jwt.verify` accepts `keyResolver(decodedHeader)` to look up the public key per-token (typically by `kid`). Mutually exclusive with `opts.publicKey`. Async-friendly. Closes the kid-rotation gap where signers carried `kid` but verifiers only accepted a single static key."
+            },
+            {
+              "title": "`b.middleware.bearerAuth`",
+              "body": "New middleware that extracts `Authorization: Bearer <token>`, runs an operator-supplied `verify(token)` function, and attaches `req.user`. Distinct from cookie-session `attachUser`. Missing-Authorization passes through (so cookie path can take over); invalid/null/throw rejects 401 + `WWW-Authenticate: Bearer error=\"invalid_token\"` per RFC 6750 §3."
+            },
+            {
+              "title": "`b.auth.jwt.verifyExternal`",
+              "body": "new generic classical-alg JWT verifier (RS256 / RS384 / RS512 / PS256 / PS384 / PS512 / ES256 / ES384 / ES512 / EdDSA) for integration with external IdPs (Auth0 / Okta / Keycloak / Cognito / Azure AD / Google / Apple). `algorithms` is REQUIRED with no default — defends the alg-confusion class (CVE-2024-54150 / CVE-2025-30144 / CVE-2026-22817 Hono). HMAC algs and `none` are explicitly refused (HMAC + JWKS public-key trust source IS the alg-confusion vector). Three key-source options: `jwks` (pre-fetched array), `jwksUri` (auto-fetched + TTL-cached via `b.httpClient` SSRF gate), `keyResolver` (custom). Standard claim checks (`exp` / `nbf` / `iat` / `aud` / `iss` / `sub`) with operator-tunable `clockSkewMs`."
+            },
+            {
+              "title": "`b.auth.password.params()`",
+              "body": "new accessor returning the active Argon2id params (`memoryCostKib` / `timeCost` / `parallelism`) plus the OWASP 2026 floor (`19 MiB` / `t>=2` / `p>=1`) plus `meetsFloor: bool`. Compliance-audit visibility without parsing PHC strings."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6750",
+          "url": "https://www.rfc-editor.org/rfc/rfc6750.html"
+        },
+        {
+          "label": "CVE-2024-54150",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54150"
+        },
+        {
+          "label": "CVE-2025-30144",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30144"
+        },
+        {
+          "label": "CVE-2026-22817",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22817"
+        }
+      ]
+    },
+    {
+      "version": "0.7.18",
+      "date": "2026-05-05",
+      "headline": "Transport-layer smuggling hardening (four ship-blocker fixes)",
+      "summary": "HTTP request-smuggling defense in `b.middleware.bodyParser` per RFC 9112 §6.1: rejects requests with both `Content-Length` and `Transfer-Encoding` headers (CL.TE / TE.CL smuggling — CVE-2022-31394 / CVE-2024-27316 class), multiple `Content-Length` values, `Transfer-Encoding`.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Transport-layer smuggling hardening (four ship-blocker fixes)",
+              "body": "transport-layer smuggling hardening (four ship-blocker fixes). HTTP request-smuggling defense in `b.middleware.bodyParser` per RFC 9112 §6.1: rejects requests with both `Content-Length` and `Transfer-Encoding` headers (CL.TE / TE.CL smuggling — CVE-2022-31394 / CVE-2024-27316 class), multiple `Content-Length` values, `Transfer-Encoding` whose final coding is not `chunked`, and duplicate `chunked` tokens (TE.TE smuggling). Each rejection responds 400 + `Connection: close` so the upstream proxy doesn't reuse the socket. Static-serve symlink-escape + filename safety in `b.staticServe`: `_resolveSafe` now `fs.realpathSync`-es the resolved path (defeats symlink-out-of-root) AND validates the basename through `b.guardFilename` at the balanced profile (rejects path traversal, null-byte, NTFS alternate data streams, UNC paths, RTLO bidi, overlong UTF-8, Windows reserved device names, double-extension; balanced profile chosen over strict so legitimate operator-deposited shell-exec extensions like `.exe`/`.bin` remain serveable). Outbound SMTP smuggling defense in `b.mail` SMTP transport: every produced RFC 822 wire (post-DKIM-sign) is run through `b.guardEmail.validateMessage` at strict profile before the socket opens; refuses on critical issues — bare CR / bare LF + smuggled SMTP verbs (CVE-2023-51764 Postfix / CVE-2023-51765 Sendmail / CVE-2023-51766 Exim / CVE-2026-32178 .NET class) cannot leave the framework even when operator-supplied subject/body/headers contain the pattern. DKIM `l=` body-length tag forbidden in `b.mail.dkim.create`: passing `bodyLength` now throws `dkim/l-tag-forbidden` at create-time. M³AAWG / Gmail / Microsoft 365 guidance is \"never use l=\" — it enables append-after-signature attacks where an attacker appends arbitrary content past the signed length and the DKIM signature still validates against the original prefix. The body is always hashed in full."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9112",
+          "url": "https://www.rfc-editor.org/rfc/rfc9112.html"
+        },
+        {
+          "label": "RFC 822",
+          "url": "https://www.rfc-editor.org/rfc/rfc822.html"
+        },
+        {
+          "label": "CVE-2022-31394",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31394"
+        },
+        {
+          "label": "CVE-2024-27316",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
+        },
+        {
+          "label": "CVE-2023-51764",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51764"
+        },
+        {
+          "label": "CVE-2023-51765",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765"
+        },
+        {
+          "label": "CVE-2023-51766",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51766"
+        },
+        {
+          "label": "CVE-2026-32178",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32178"
+        }
+      ]
+    },
+    {
+      "version": "0.7.17",
+      "date": "2026-05-05",
+      "headline": "`b.guardEmail` email content-safety primitive (single-address validation + full RFC 822 / 5322",
+      "summary": "message validation). Threat catalog grounded in current research (SMTP smuggling — CVE-2023-51764 Postfix / CVE-2023-51765 Sendmail / CVE-2023-51766 Exim / CVE-2026-32178 .NET System.Net.Mail; SEC Consult / smtpsmuggling.com class; IDN homograph attacks; CRLF header injection).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Profiles",
+              "body": "strict / balanced / permissive (SMTP smuggling + CRLF header injection + multi-@ + null bytes refused at every profile — universal class)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7. Strict default-on via v0.7.12: every `b.fileUpload` + `b.staticServe` deploy gets this gate at strict profile automatically."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 822",
+          "url": "https://www.rfc-editor.org/rfc/rfc822.html"
+        },
+        {
+          "label": "RFC 5322",
+          "url": "https://www.rfc-editor.org/rfc/rfc5322.html"
+        },
+        {
+          "label": "RFC 5321",
+          "url": "https://www.rfc-editor.org/rfc/rfc5321.html"
+        },
+        {
+          "label": "CVE-2023-51764",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51764"
+        },
+        {
+          "label": "CVE-2023-51765",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765"
+        },
+        {
+          "label": "CVE-2023-51766",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51766"
+        },
+        {
+          "label": "CVE-2026-32178",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32178"
+        }
+      ]
+    },
+    {
+      "version": "0.7.16",
+      "date": "2026-05-05",
+      "headline": "`b.guardMarkdown` markdown content-safety primitive. Threat catalog grounded in current research",
+      "summary": "(CVE-2026-30838 CommonMark DisallowedRawHtml whitespace-tag bypass; CVE-2025-9540 Markup Markdown javascript: link XSS; CVE-2025-7969 markdown-it ReDoS; CVE-2025-6493 CodeMirror Markdown catastrophic backtracking; CVE-2025-24981 MDC autolink XSS; CVE-2026-33500 AVideo Parsedown l.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Profiles",
+              "body": "strict / balanced / permissive (dangerous tags + dangerous schemes + image schemes + autolink schemes refused at every profile — script-tag and javascript: are universal class)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7. Strict default-on via v0.7.12: every `b.fileUpload` + `b.staticServe` deploy gets this gate at strict profile automatically."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2026-30838",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30838"
+        },
+        {
+          "label": "CVE-2025-9540",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9540"
+        },
+        {
+          "label": "CVE-2025-7969",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7969"
+        },
+        {
+          "label": "CVE-2025-6493",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6493"
+        },
+        {
+          "label": "CVE-2025-24981",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24981"
+        },
+        {
+          "label": "CVE-2026-33500",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33500"
+        }
+      ]
+    },
+    {
+      "version": "0.7.15",
+      "date": "2026-05-04",
+      "headline": "`b.guardXml` XML content-safety primitive + smoke parallel mode + persistent test output",
+      "summary": ". `b.guardXml` threat catalog grounded in current research (CVE-2026-24400 AssertJ XXE; CVE-2025-3225 sitemap parser; CVE-2024-1455 LangChain; CVE-2024-25062 libxml2 use-after-free with DTD + XInclude; CVE-2024-56171 + CVE-2025-24928 + CVE-2025-32415 + CVE-2025-27113 libxml2 family; CVE-2024-8176 libexpat stack overflow via recursive entity expansion).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardXml`",
+              "body": "threat catalog grounded in current research (CVE-2026-24400 AssertJ XXE; CVE-2025-3225 sitemap parser; CVE-2024-1455 LangChain; CVE-2024-25062 libxml2 use-after-free with DTD + XInclude; CVE-2024-56171 + CVE-2025-24928 + CVE-2025-32415 + CVE-2025-27113 libxml2 family; CVE-2024-8176 libexpat stack overflow via recursive entity expansion). Surface: `validate(input, opts)` returns `{ ok, issues }`; `sanitize(input, opts)` strips character-class threats but throws on critical (DOCTYPE / ENTITY / external — no safe sanitization); `gate(opts)` returns a `b.gateContract`-shaped gate auto-routed by `b.guardAll` for `application/xml` / `text/xml`. KIND=\"content\". Threat catalog: DOCTYPE refused unconditionally (XXE / billion-laughs vector); `<!ENTITY>` declarations including parameter entities (`%` prefix); external entity references (`SYSTEM`/`PUBLIC` with file://, http://, etc.); XInclude (`<xi:include>`); `xsi:schemaLocation` schema fetch; processing instructions (skipping standard `<?xml?>` declaration); CDATA sections; XML signature wrapping (audit); bidi/null/control/zero-width; element-count + depth caps; per-attribute-value-length cap."
+            },
+            {
+              "title": "Profiles",
+              "body": "strict / balanced / permissive (DOCTYPE refused at all profile levels — billion-laughs class is universal)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7."
+            },
+            {
+              "title": "Smoke parallel mode",
+              "body": "new `SMOKE_PARALLEL=N` env var forks Layer 0 test files in parallel batches (each fork is a fresh Node child process for module-state isolation). Layers 1-5 stay sequential because they share db / cluster / vault state. Sanity ceiling 64. Empirical: SMOKE_PARALLEL=64 takes 91s vs sequential 122s (25% faster)."
+            },
+            {
+              "title": "Persistent test output",
+              "body": "`test/smoke.js`, `test/layer-0-primitives/codebase-patterns.test.js` (CLI mode), and `examples/wiki/test/e2e.js` now write a tee'd copy of all stdout/stderr to `.test-output/smoke.log` / `.test-output/codebase-patterns.log` / `.test-output/wiki-e2e.log`. Tee semantics — original stdout/stderr passthrough preserved so npm exit codes + GitHub Actions annotations work unchanged. `.test-output/` is auto-gitignored via the existing `.* ` catchall and never shipped (npm `files` allowlist explicit)."
+            },
+            {
+              "title": "Family infrastructure",
+              "body": "guard-xml shares the same family-ABI shape (resolveProfileAndPosture / aggregateIssues / buildGuardGate / extractBytesAsText / etc.) as the other 6 family members; the v0.7.13 `family-subset` cluster allowlist sustains."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2026-24400",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24400"
+        },
+        {
+          "label": "CVE-2025-3225",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3225"
+        },
+        {
+          "label": "CVE-2024-1455",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1455"
+        },
+        {
+          "label": "CVE-2024-25062",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
+        },
+        {
+          "label": "CVE-2024-56171",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
+        },
+        {
+          "label": "CVE-2025-24928",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
+        },
+        {
+          "label": "CVE-2025-32415",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
+        },
+        {
+          "label": "CVE-2025-27113",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113"
+        },
+        {
+          "label": "CVE-2024-8176",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
+        }
+      ]
+    },
+    {
+      "version": "0.7.14",
+      "date": "2026-05-04",
+      "headline": "`b.guardYaml` YAML content-safety primitive. Threat catalog grounded in current research",
+      "summary": "(CVE-2026-24009 Docling/PyYAML unsafe load → RCE; CVE-2026-27807 MarkUs alias billion-laughs DoS; CVE-2025-68664 LangChain deserialization → RCE; CVE-2025-61301 + CVE-2025-61303 YAML library DoS family — \"Laughter in the Wild\" study; CVE-2022-1471 SnakeYAML constructor RCE; CVE-2.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Profiles",
+              "body": "strict (refuse every threat; 2 MiB cap; depth 8; 16 anchors; 1 alias depth; 1 document; 1024 nodes); balanced (audit most threats; allow YAML 1.2 core tags `!!str` / `!!int` / `!!seq` / `!!map` / etc.; refuse alias-explosion regardless; 8 MiB cap; 64 anchors); permissive (audit most; refuse only null bytes + alias-explosion; 64 MiB cap; 1024 anchors)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7 with strict overlays + forensic snapshots. Refuse-only sanitize discipline: YAML has no safe sanitization — gate decisions are serve / audit-only / refuse only. Strict default-on via v0.7.12: every `b.fileUpload` + `b.staticServe` deploy gets this gate at strict profile automatically."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2026-24009",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24009"
+        },
+        {
+          "label": "CVE-2026-27807",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27807"
+        },
+        {
+          "label": "CVE-2025-68664",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68664"
+        },
+        {
+          "label": "CVE-2025-61301",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61301"
+        },
+        {
+          "label": "CVE-2025-61303",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61303"
+        },
+        {
+          "label": "CVE-2022-1471",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
+        },
+        {
+          "label": "CVE-2020-1747",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1747"
+        },
+        {
+          "label": "CVE-2020-14343",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14343"
+        },
+        {
+          "label": "CVE-2017-18342",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18342"
+        }
+      ]
+    },
+    {
+      "version": "0.7.13",
+      "date": "2026-05-04",
+      "headline": "`b.guardJson` JSON content-safety primitive. Threat catalog grounded in current research",
+      "summary": "(CVE-2025-55182 React/Next.js Server Functions deserialization → RCE; CVE-2025-57820 + CVE-2026-30226 Svelte devalue prototype pollution; CVE-2026-35209 defu; CVE-2026-28794 @orpc/client; CVE-2025-13465 Lodash; CVE-2025-25014 Kibana RCE; CVE-2024-38984 json-override; CVE-2022-42743 deep-parse-json; GHSA-9c47-m6qq-7p4h JSON5).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Threat catalog",
+              "body": "source-level prototype-pollution detection (catches `__proto__` / `constructor` / `prototype` keys BEFORE parse — JSON.parse silently routes `__proto__` through the prototype setter so a post-parse Object.keys walk misses the most dangerous key in the catalog); duplicate-key detection (RFC 8259 SHOULD-unique violation; JSON.parse silently last-wins, letting attackers smuggle duplicate-key payloads past validation that ran on the first occurrence — Bishop Fox JSON-interoperability research); NaN / Infinity / -Infinity / undefined refusal (RFC 8259 forbids; JSON5 / lenient libraries accept); comment refusal (single-line and block); trailing-comma refusal; JSON5 syntax refusal (single-quoted keys, hex literals, unquoted keys); BOM injection (leading + mid-stream); bidi / null / control / zero-width chars; numeric precision-loss (integers above `Number.MAX_SAFE_INTEGER`); top-level-key allowlist; depth + breadth + array-length + string-length + node-count caps."
+            },
+            {
+              "title": "Profiles",
+              "body": "strict (refuse every threat; 2 MiB doc cap; depth 8; 256 keys/object; 1024 array items) / balanced (strip pollution + BOM + bidi + control + null + zero-width; audit duplicates + comments + trailing commas + JSON5 + numeric precision; refuse NaN; 8 MiB cap; depth 32) / permissive (audit most; refuse only null bytes outright; 64 MiB cap; depth 64)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7 with strict overlays + forensic snapshots. Strict default-on via v0.7.12: every `b.fileUpload` + `b.staticServe` deploy gets this gate at strict profile automatically — no explicit wiring required. Family infrastructure: `KNOWN_CLUSTERS` allowlist gains `mode: \"family-subset\"` matcher (collapses 6+ exact-match cluster entries into one subset entry; sustainable as the family grows beyond 6 guards)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8259",
+          "url": "https://www.rfc-editor.org/rfc/rfc8259.html"
+        },
+        {
+          "label": "CVE-2025-55182",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55182"
+        },
+        {
+          "label": "CVE-2025-57820",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57820"
+        },
+        {
+          "label": "CVE-2026-30226",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30226"
+        },
+        {
+          "label": "CVE-2026-35209",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35209"
+        },
+        {
+          "label": "CVE-2026-28794",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28794"
+        },
+        {
+          "label": "CVE-2025-13465",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
+        },
+        {
+          "label": "CVE-2025-25014",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25014"
+        },
+        {
+          "label": "CVE-2024-38984",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38984"
+        },
+        {
+          "label": "CVE-2022-42743",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42743"
+        }
+      ]
+    },
+    {
+      "version": "0.7.12",
+      "date": "2026-05-04",
+      "headline": "`b.fileUpload` and `b.staticServe` ship with `b.guardAll` wired ON by default at strict profile",
+      "summary": ". Defense-in-depth applied automatically: every operator-supplied bytes path runs through the full guard-* family without any explicit wiring.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.fileUpload`",
+              "body": "`contentSafety` defaults to `b.guardAll.byExtension({ profile: \"strict\" })` (every shipped guard's full threat catalog refused — dangerous tags, event handlers, dangerous URL schemes, formula injection, DOCTYPE, SVGZ, animation-href hijack, zip-slip, ratio bombs); new `filenameSafety` opt defaults to `b.guardFilename.gate({ profile: \"strict\" })` (path traversal + null-byte truncation + Windows reserved names + NTFS ADS + RTLO bidi + overlong UTF-8 + shell-exec extensions + double-extension + reserved chars)."
+            },
+            {
+              "title": "`b.staticServe`",
+              "body": "`contentSafety` defaults to `b.guardAll.byExtension({ profile: \"strict\" })`. Explicit opt-out: `contentSafety: null` / `filenameSafety: null` skips the gate AND emits an audit row at `create()` time (`fileUpload.contentSafety.disabled` / `fileUpload.filenameSafety.disabled` / `staticServe.contentSafety.disabled`) with operator-supplied `contentSafetyDisabledReason` / `filenameSafetyDisabledReason` metadata so a security review can reconstruct which deploys disabled the default-on protection AND why. filenameSafety wiring: runs in `fileUpload.finalize` BEFORE `contentSafety` (a refused filename obviates body validation); honours sanitize action (replaces `metadata.filename` with the cleaned form so downstream code sees the safe name). Explicit operator wiring still works: passing `contentSafety: { \".csv\": gate }` or `filenameSafety: gate` uses the operator-supplied object as-is (no default-on override). Migration: this is a behavior change. Code that called `b.fileUpload.create({ stagingDir, onFinalize })` previously had no content / filename safety; after v0.7.12 the same call has both gates wired at strict profile. If existing routes depended on accepting hostile content (raw-bytes uploads, executable-extension artifacts), pass `contentSafety: null` and/or `filenameSafety: null` with an operator-supplied reason at `create()` time."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.11",
+      "date": "2026-05-04",
+      "headline": "Adaptive guard-* family integration harness",
+      "summary": "`test/layer-5-integration/guard-host-integration.test.js` discovers every guard primitive registered in `b.guardAll.allGuards()` and exercises gate decisions through the appropriate host wiring per guard's `KIND`. Adding a new guard automatically picks up the harness without touching the test file.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Adaptive design",
+              "body": "adding a new guard automatically picks up the harness without touching the test file. Each guard exports `KIND` (`\"content\"` / `\"entries\"` / `\"filename\"`) and `INTEGRATION_FIXTURES` with kind-appropriate sample payloads (benign + hostile). The harness iterates `b.guardAll.allGuards()`, dispatches per kind, and per-guard runs: direct gate (benign → serve; hostile → not serve); `b.guardAll.gate` contentTypeMux dispatch; `b.guardAll.gate({ exceptFor })` opt-out path with audit-row verification of the skipped roster; `b.staticServe.create({ contentSafety })` GET round-trip (benign → 2xx, hostile → 4xx); `b.fileUpload.create({ contentSafety })` chunk → finalize round-trip (benign succeeds, hostile throws content-safety error); audit chain captures host-level rows."
+            },
+            {
+              "title": "Family additions",
+              "body": "`lib/guard-all.js` gains `STANDALONE_GUARDS` array (currently `[guardFilename]`) and `allGuards()` aggregator that returns `GUARDS.concat(STANDALONE_GUARDS)`. Each guard module exports `KIND` + `INTEGRATION_FIXTURES`."
+            },
+            {
+              "title": "Tests run in-process",
+              "body": "no docker / network / fixture-archive dependencies; the harness completes in ~100ms regardless of guard count, so the gate runs on every smoke."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.10",
+      "date": "2026-05-04",
+      "headline": "`b.guardArchive` archive content-safety primitive. Threat catalog grounded in current",
+      "summary": "archive-extraction CVE research: CVE-2025-3445 mholt/archiver Zip Slip; CVE-2025-32779 EDDI Zip Slip; CVE-2025-62156 Argo Workflows Zip Slip; CVE-2025-66945 Zdir Pro path traversal; CVE-2025-45582 GNU Tar two-step symlink bypass; CVE-2025-11001/11002 7-Zip symlink + directory tra.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Tests",
+              "body": "102 new layer-0 assertions covering surface, registry parity, zip-slip detection (3 forms), absolute-path detection (3 forms), symlink reject (strict), symlink escape (balanced), hardlink reject + escape, compression-ratio bomb (per-entry), aggregate-ratio bomb, total-size cap, entry-count cap, nested-archive (.zip / .tar.gz), duplicate-entry-name, case-insensitive collision, encryption-claim mismatch, sparse entry, magic-byte detection (8 formats including tar via offset-257 ustar), checkExtractionPath helper, clean-archive + warn-only handling, gate decision shapes (clean / refuse / no-entry-list), profile + posture vocabulary."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2025-3445",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3445"
+        },
+        {
+          "label": "CVE-2025-32779",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32779"
+        },
+        {
+          "label": "CVE-2025-62156",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
+        },
+        {
+          "label": "CVE-2025-66945",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66945"
+        },
+        {
+          "label": "CVE-2025-45582",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
+        },
+        {
+          "label": "CVE-2025-11001",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11001"
+        },
+        {
+          "label": "CVE-2025-4138",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
+        },
+        {
+          "label": "CVE-2025-10854",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10854"
+        },
+        {
+          "label": "CVE-2025-12060",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
+        },
+        {
+          "label": "CVE-2026-26960",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
+        }
+      ]
+    },
+    {
+      "version": "0.7.9",
+      "date": "2026-05-04",
+      "headline": "`b.guardFilename` filename content-safety primitive. Standalone primitive — does NOT register",
+      "summary": "ister into `b.guardAll`'s content-type-routed dispatch (filename is a different axis from content-bytes; operators apply both — filename safety on the upload's name plus content safety on the body).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Standalone primitive",
+              "body": "does NOT register into `b.guardAll`'s content-type-routed dispatch (filename is a different axis from content-bytes; operators apply both — filename safety on the upload's name plus content safety on the body). Threat catalog grounded in OWASP Path Traversal + WSTG file-inclusion testing guides; CWE-22 / CWE-23 / CWE-35 / CWE-73 / CWE-78 / CWE-434; PortSwigger File-path-traversal series (null-byte bypass + extension validation); Memento-RTLO + RTL-Spiegel file-name spoofing reports (CVE-2021-42574 in filename context); Kevin Boone overlong UTF-8 sequence write-up."
+            },
+            {
+              "title": "Threat catalog",
+              "body": "path traversal (raw + percent-encoded `%2e%2e` + double-encoded `%252e%252e` + UTF-8 overlong `0xC0 0xAE` for dot and `0xC0 0xAF` for slash); null-byte truncation; Windows reserved device names (CON / PRN / AUX / NUL / COM1-9 / LPT1-9 / CLOCK$ / CONFIG$, with and without extensions, case-insensitive); NTFS alternate data streams (`name:stream`); leading/trailing whitespace + trailing dots (Windows silently strips them); Unicode bidi / RTLO file-name spoofing; zero-width / homoglyph chars; reserved characters (Windows < > : \" | ? *); UNC paths; path separators in leaf-name; length caps (strict 64-byte / balanced+permissive 255-byte); multi-dot policy (strict requires single dot, balanced+permissive allow .tar.gz); extension allowlist (catches double-extension bypass: `file.jpg.exe` matches `.exe` against the allowlist); shell-shortcut + executable extensions (.exe / .bat / .vbs / .ps1 / .lnk / .scr / .dll / .so / .dmg / .msi / etc); overlong UTF-8 detection at the Buffer level (RFC 3629 §3 prohibits non-shortest-form)."
+            },
+            {
+              "title": "Profiles",
+              "body": "strict (ASCII-only, single dot, single leaf, 64-byte cap, every threat class refused), balanced (Unicode NFC-normalized, multi-dot allowed, 255-byte cap, refuses dangerous classes + strips zero-width + audits homoglyphs), permissive (multi-component paths up to 16 components, reserved-name audited not refused for non-Windows targets)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7 with appropriate strict overlays + ASCII-only + forensic snapshots."
+            },
+            {
+              "title": "Sanitize discipline",
+              "body": "strips leading/trailing whitespace + trailing dots, NFC-normalizes Unicode, replaces reserved chars with underscore (under strip policy), prepends underscore to Windows reserved device names. ALWAYS THROWS on path-traversal / null-byte / NTFS ADS / UNC / overlong UTF-8 — these have no safe sanitization, the only correct response is reject."
+            },
+            {
+              "title": "New shared helpers",
+              "body": "`gateContract.badInputResultIfNotStringOrBuffer(input)` and `gateContract.aggregateIssues(issues)` — extracted across guard-svg / guard-filename validate paths that need raw-Buffer input pre-conversion. Both registered in KNOWN_ANTIPATTERNS so future re-implementations fail the n=1 gate."
+            },
+            {
+              "title": "Tests",
+              "body": "79 new layer-0 assertions covering surface, path traversal (5 forms), percent-encoded traversal (3 forms), null-byte truncation, every Windows reserved name (12 cases including extensions), NTFS ADS, leading/trailing strip, RTLO bidi spoofing, reserved chars (7 cases), UNC paths, path separators in leaf, length cap, single-dot policy, extension allowlist, shell-exec extensions (11 cases), double-extension bypass, overlong UTF-8 at buffer level, ASCII-only enforcement, sanitize round-trip + throw-on-traversal/null-byte, gate decision shapes, profile + posture vocabulary."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 3629",
+          "url": "https://www.rfc-editor.org/rfc/rfc3629.html"
+        },
+        {
+          "label": "CVE-2021-42574",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        }
+      ]
+    },
+    {
+      "version": "0.7.8",
+      "date": "2026-05-04",
+      "headline": "`b.guardSvg` SVG content-safety primitive + guard-* family helper extraction. `b.guardSvg`",
+      "summary": "vg` ships full v1 scope grounded in current SVG attack-surface research (Fortinet anatomy of SVG attack surface; Angular GHSA-jrmj-c5cx-3cw6 + GHSA-v4hv-rgfq-gp49 SVG animation/href XSS; SVGO CVE-2026-29074 billion laughs DoS; siyuan-note GHSA-5hc8-qmg8-pw27 animate-element san.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.guardSvg`",
+              "body": "ships full v1 scope grounded in current SVG attack-surface research (Fortinet anatomy of SVG attack surface; Angular GHSA-jrmj-c5cx-3cw6 + GHSA-v4hv-rgfq-gp49 SVG animation/href XSS; SVGO CVE-2026-29074 billion laughs DoS; siyuan-note GHSA-5hc8-qmg8-pw27 animate-element sanitizer bypass; cure53/DOMPurify issue #233 xlink:href filtering; insertScript SVG fun-time series). Threat catalog: dangerous tags (script / foreignObject / handler / iframe / embed / object / audio / video / animation family); SMIL animation attributeName allowlist enforcement (recent CVE class — `<animate attributeName=\"href\" to=\"javascript:...\"/>` is the published bypass shape, refused regardless of broader animation policy); on* + SMIL event-handler attributes (onclick / onerror / onload / onbegin / onend / onrepeat); href + xlink:href dangerous URL schemes (javascript / vbscript / data outside image-context / file / mhtml / view-source — entity-encoded form too); cross-origin `<use>` external refs (SSRF + XSS chain); XML DOCTYPE declarations refused unconditionally (defends billion-laughs entity expansion + XXE); custom `<!ENTITY>` declarations; CDATA + processing instructions; SVGZ compressed payloads (gzip magic bytes 0x1F 0x8B refused at gate level — operator must ungzip first); CSS injection in style attributes; <use>-recursion DoS via maxUseDepth; total-document size + element-count + attribute-count caps. Profiles: strict (minimal text+shapes; no animation; no external refs), balanced (adds <use> + <image> with same-origin or http(s); allowExternalRefs=true), permissive (adds animation with attributeName allowlist still enforced). Compliance postures: hipaa / pci-dss / gdpr / soc2-cc7 with strict overlays + forensic snapshots. Guard-* family helper extraction — five new shared helpers landed in `lib/codepoint-class.js` and `lib/gate-contract.js` and the existing guards refactored to consume them: `codepointClass.detectCharThreats(text, opts, codePrefix)`, `codepointClass.assertNoCharThreats(text, opts, errorFactory, codePrefix)`, `codepointClass.applyCharStripPolicies(text, opts)`, `gateContract.resolveProfileAndPosture(opts, cfg)`, `gateContract.runIssueValidator(input, opts, detector)`, `gateContract.buildGuardGate(name, opts, check)`, `gateContract.extractBytesAsText(ctx)`, `gateContract.lookupCompliancePosture(name, postures, errorFactory, codePrefix)`, `gateContract.makeRulePackLoader(errorClass, codePrefix)`, `gateContract.makeProfileBuilder(profiles)`, `numericBounds.requireAllPositiveFiniteIntIfPresent(opts, names, labelPrefix, errorClass, code)`. Pre-existing call sites in `lib/csv.js` and `lib/file-upload.js` migrated in the same patch per the no-future-patch-deferrals rule. New shared module `lib/codepoint-class.js` centralizes BIDI / C0_CTRL / ZERO_WIDTH range tables plus the `_hex4` / `_charClass` / `_fromCp` rendering helpers — the codepoint catalog has a single source of truth and future guard-* slices consume the shared module instead of redeclaring the tables. Each helper extraction registers its inline-shape in `KNOWN_ANTIPATTERNS` (the codebase-patterns gate fires at n=1 if any future code re-introduces the pattern)."
+            },
+            {
+              "title": "Tests",
+              "body": "83 new layer-0 assertions covering surface, registry parity, dangerous-tag detection, on* handler family, dangerous URL schemes (entity-encoded form too), animation attributeName href hijack, cross-origin <use> refusal, DOCTYPE / <!ENTITY> rejection, CDATA + processing-instruction policy, SVGZ magic-byte detection, CSS injection, bidi/control/null-byte detection, depth/size caps, sanitize round-trips, gate decision shapes, profile + posture vocabulary."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2026-29074",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
+        }
+      ]
+    },
+    {
+      "version": "0.7.7",
+      "date": "2026-05-04",
+      "headline": "`b.guardHtml` HTML content-safety primitive ships full v1 scope. Threat catalog grounded in current",
+      "summary": "sanitizer research (DOMPurify CVE series, OWASP XSS / DOM-Clobbering / HTML5 Security cheat sheets, PortSwigger and Sonar mXSS write-ups, html5sec.org).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Threat catalog covered",
+              "body": "dangerous tags (script / style / link / meta / base / iframe / object / embed / applet / form / input / button / frame / frameset / marquee / blink / plaintext / xmp / audio / video / source / track / math / svg / template / noscript / portal / dialog / keygen / menuitem / command); every `on*` event-handler attribute (caught family-wide via `/^on[a-z]/` regex — covers the entire HTML5 event-handler family without a manual list that rots when WHATWG specs a new event); form-override attributes (formaction / formmethod / formenctype / formtarget / formnovalidate, CWE-1021); iframe `srcdoc`; custom-element `is`; CSP-bypass-shaped attributes (nonce / integrity / crossorigin / http-equiv / manifest); URL-scheme allowlist with entity-decode pre-pass (defends `&#x6A;avascript:` and decimal-entity bypasses); CSS injection in style attribute values (expression / behavior: / -moz-binding / javascript:/vbscript: inside url() / @import / @namespace); DOM clobbering (id/name attribute values matching well-known JS globals on form/input/button/a/img/iframe/object/embed/select/textarea); mXSS hints (svg/math namespace-context-shift parents); IE conditional comments; Unicode bidi override (CVE-2021-42574 Trojan Source) / C0 control chars / null bytes / zero-width chars; tag-depth + attribute-count + per-attribute-value-size + total-document-size DoS caps."
+            },
+            {
+              "title": "Profiles",
+              "body": "strict (minimal text-formatting allowlist; reject every threat class) / balanced (links + images + tables + semantic markup; strip rather than reject for character-class threats; data:image/* on `<img>`) / permissive (every tag NOT in the dangerous-tag denylist)."
+            },
+            {
+              "title": "Compliance postures",
+              "body": "hipaa / pci-dss / gdpr / soc2-cc7 with appropriate strict/balanced overlays + forensic-snippet sizing (256 / 256 / 128 / 512 bytes)."
+            },
+            {
+              "title": "Sanitizer discipline",
+              "body": "drops dangerous tags AND their text-content body (script/style/iframe/object/embed/applet/template/svg/math etc. — body parsed as code in the host); strips on* attributes, dangerous URL schemes, CSS injection patterns, DOM-clobbering values, doctypes, CDATA, comments. Documented operator-facing trade-off: for hostile sources, validate+reject is the strong path; sanitize is best-effort and operators displaying untrusted HTML should additionally serve under a strict CSP."
+            },
+            {
+              "title": "Codepoint-table programmatic regex pattern",
+              "body": "same as guard-csv: BIDI_RANGES / C0_CTRL_RANGES / ZERO_WIDTH_RANGES literal numeric tables compiled into character classes via `_charClass` + `\\\\uXXXX` escapes at module load. Source file never embeds attack chars themselves."
+            },
+            {
+              "title": "Tests",
+              "body": "134 new layer-0 assertions covering surface, registry parity, every dangerous tag in the denylist, 15 representative on* handlers, 9 dangerous attributes, 10 dangerous URL schemes (entity-encoded form too), 5 CSS injection patterns, 8 DOM clobber globals, mXSS hints, IE conditional comments, bidi/control/null detection, depth/size caps, sanitize round-trips, escape correctness, gate decision shapes (clean/refuse/sanitize), profile + posture vocabulary."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2021-42574",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        }
+      ]
+    },
+    {
+      "version": "0.7.6",
+      "date": "2026-05-04",
+      "headline": "`b.guardAll` registry + aggregator for the guard-* family. Security-on-by-default: every shipped",
+      "summary": "guard is ON unless the operator opts OUT specifically with an audited reason.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Surface",
+              "body": "`b.guardAll.gate(opts)` returns a single `b.gateContract`-shaped gate that routes by `Content-Type` to the right registered guard; `b.guardAll.byExtension(opts)` and `b.guardAll.byContentType(opts)` return ready-made gate maps for direct drop-in to `b.staticServe.create({ contentSafety: ... })` and any host primitive that dispatches on extension or mime; `b.guardAll.list()` returns the registered roster (operator audit aid); `b.guardAll.GUARDS` / `SHARED_PROFILES` / `SHARED_POSTURES` exposed as readonly registry exports."
+            },
+            {
+              "title": "Opt-out",
+              "body": "`exceptFor: { csv: { reason: \"no CSV emission in this app\" } }` requires a non-empty `reason` string per opted-out guard (throws at gate-creation time, not silently); `override: { csv: { profile: \"email-attachment\" } }` reaches per-guard extension profiles that aren't in the shared vocabulary."
+            },
+            {
+              "title": "Audit emission",
+              "body": "every gate / byExtension / byContentType call with `opts.audit` wired emits `guardAll.gate.created` exactly once at gate-creation time, recording the full `active` + `skipped` roster (each skipped entry carries its `reason`)."
+            },
+            {
+              "title": "Registry contract",
+              "body": "every primitive registered into `b.guardAll` MUST export `NAME` (string), `MIME_TYPES` (frozen array), `EXTENSIONS` (frozen array), `PROFILES` containing the shared vocabulary (`strict` / `balanced` / `permissive`), `COMPLIANCE_POSTURES` containing the shared regulatory shapes (`hipaa` / `pci-dss` / `gdpr` / `soc2-cc7`), and `gate(opts)` returning a `b.gateContract`-shaped gate. The parity check at module load throws `GuardAllError` with a multi-line failure list if any registered guard is missing the contract — this is the framework's mechanism for keeping every future guard slice conformant. Duplicate `NAME` / `MIME_TYPE` / `EXTENSION` across guards is also caught at module load."
+            },
+            {
+              "title": "Adjacent",
+              "body": "`b.guardCsv` now exports `NAME` / `MIME_TYPES` / `EXTENSIONS` for registry compliance. Wiki harness gains `fs` binding for examples that mkdir staging dirs (joins the existing `path` / `os` bindings)."
+            },
+            {
+              "title": "Tests",
+              "body": "56 new layer-0 assertions: surface, registry parity (every member declares the full contract), default-on (no `exceptFor` → every guard active), `exceptFor` reason validation (missing / blank / non-object / unknown name throws), `override` shape validation, profile-vocabulary enforcement (per-guard extensions like csv's `email-attachment` rejected at the aggregator), posture-vocabulary enforcement, audit creation roster, dispatch correctness (text/csv routes to csv guard, unrelated mime bypasses), byExtension / byContentType output shape."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.5",
+      "date": "2026-05-04",
+      "headline": "`b.gateContract` foundation + `b.guardCsv` content-safety primitive",
+      "summary": "The guard-* family of content-safety gates begins here. `b.gateContract` provides the uniform composition contract every future guard-* primitive implements, and `b.guardCsv` is the first member — full v1-defensible scope covering formula injection, dangerous functions, bidi/control/zero-width chars, CSV bombs, dialect ambiguity, and schema-bound serialization. Also includes a pre-v1 breaking change to `b.csv.stringify`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.gateContract` — uniform composition contract for content-safety gates",
+              "body": "Provides `defineGate` / `runGate` / `composeGates` / `multiplexGates` / `contentTypeMux` / `shadowMode` / `canaryGate` / `cachingGate` / `workerThreadGate` / `buildProfile` / `composeHooks` / `summarizeIssues` / `validateGateShape`, plus mode posture (enforce / warn-only / shadow / audit-only / log-only / canary), hook system (`beforeCheck` / `afterCheck` / `onIssue` / `onSanitize` / `onRefuse` / `onAudit`), forensic snapshot store integration, decision cache, and runtime cap via `safeAsync.withTimeout`. Every future guard-* primitive composes this contract."
+            },
+            {
+              "title": "`b.guardCsv` — CSV content-safety gate (full v1 scope)",
+              "body": "Surface: `serialize` / `validate` / `sanitize` / `escapeCell` / `detect` / `parse` / `stringify` / `schema` / `gate` / `buildProfile` / `compliancePosture` / `loadRulePack`. Threat catalogue covers formula injection (5 modes: prefix-tab / prefix-quote / wrap-with-quotes-and-prefix / reject / allowlist) with all 8 ASCII triggers (`= + - @ TAB CR LF |`) plus full-width variants (U+FF1D / U+FF0B / U+FF0D / U+FF20) per OWASP locale catalog; dangerous-function denylist (WEBSERVICE / HYPERLINK / IMAGE / IMPORT* / RTD / DDE / CALL / GOOGLEFINANCE / GOOGLETRANSLATE) surfaced as critical regardless of broader formula policy; Unicode bidi override (CVE-2021-42574 Trojan Source); homoglyph mixed-script detection; C0 control chars; null bytes; BOM mid-stream injection; zero-width chars; dialect ambiguity; CSV bombs (per-cell / total / sanitize-amplification caps); numeric precision loss above `Number.MAX_SAFE_INTEGER`; trailing-whitespace exfiltration policy; PII redaction (composes `b.redact`); and schema-bound serializer with type / regex / range / nullable validation. Profiles: `strict` (OWASP-recommended `prefix-tab` default — Excel-resistant) / `balanced` / `permissive` / `email-attachment`. Compliance postures: `hipaa` / `pci-dss` / `gdpr` / `soc2-cc7`."
+            },
+            {
+              "title": "Codepoint-table programmatic regex composition",
+              "body": "Threat-detection regex literals are composed programmatically from numeric codepoint range tables (`BIDI_RANGES` / `C0_CTRL_RANGES` / `ZERO_WIDTH_RANGES` / `HOMOGLYPH_RANGES` / `FORMULA_PREFIX_CPS`). `_charClass(ranges)` renders into a regex character class via `\\uXXXX` escapes at module load. The source file never embeds the attack characters themselves, only their codepoint numbers; the detector composes the way an attacker would compose the payload."
+            },
+            {
+              "title": "Host primitive integration — `b.staticServe` and `b.fileUpload`",
+              "body": "`b.staticServe` gains `contentSafety: { \".csv\": gate, ... }` extension-keyed gate map that runs after the MIME allowlist and before headers (sanitize replaces body buffer; refuse returns 415). `b.fileUpload` gains `contentSafety: gate` running before `onFinalize` (refuse throws `CONTENT_SAFETY_REFUSED`; sanitize replaces `bodyBuffer`)."
+            },
+            {
+              "title": "`validateOpts.optionalPlainObject(value, label, ErrorClass, code, description)`",
+              "body": "Consolidates the `if (typeof !== \"object\" || Array.isArray) throw` cascade across api-key / db-declare-view / static / file-upload. Registered in `KNOWN_ANTIPATTERNS` so future re-implementations fail the n=1 gate."
+            }
+          ]
+        },
+        {
+          "heading": "Removed",
+          "items": [
+            {
+              "title": "`b.csv.stringify` formula-injection opts (pre-v1 breaking)",
+              "body": "`b.csv.stringify` no longer accepts `preventFormulaInjection` / `formulaPrefixChars` opts. The partial single-mode defense it offered (only `=`/`+`/`-`/`@`/TAB/CR ASCII prefixes, missing LF / `|` / full-width formula chars) was a false-confidence path. `b.csv` is now documented as trusted-source-only emission (RFC 4180 quoting + anti-DoS bounds); any user-supplied cells route through `b.guardCsv.serialize` / `.gate` for the full threat catalogue. The `b.guardCsv.parse` / `.stringify` re-exports are also removed — operators use `b.csv.parse` / `.stringify` directly for pure parsing."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "OWASP CSV Injection",
+          "url": "https://owasp.org/www-community/attacks/CSV_Injection"
+        },
+        {
+          "label": "RFC 4180 CSV",
+          "url": "https://www.rfc-editor.org/rfc/rfc4180"
+        },
+        {
+          "label": "CVE-2021-42574 Trojan Source",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        }
+      ]
+    },
+    {
+      "version": "0.7.4",
+      "date": "2026-05-04",
+      "headline": "CI gate alignment + wiki cross-platform fix + redis-client opts forwarding consolidation",
+      "summary": "Two CI-only gates added to the release workflow (`scripts/check-api-snapshot.js` public-API drift detection and Linux-container wiki e2e cross-platform example execution), `api-snapshot.json` baseline refreshed, and a new `redisClient.pickClientOpts` helper consolidates ~40 lines of duplicated forwarding across the four Redis-backed primitives.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`redisClient.pickClientOpts(cfg, prefix?)`",
+              "body": "New helper returns the standard 9-key opts bag (`url` / `password` / `username` / `tls` / `ca` / `servername` / `connectTimeoutMs` / `commandTimeoutMs` / `maxReconnectAttempts`). The `cache-redis`, `pubsub-redis`, `queue-redis`, and `cache` redis-backend creators all migrated to it, eliminating duplicated inline forwarding across the four files."
+            },
+            {
+              "title": "`scripts/check-api-snapshot.js` gate + Linux-container wiki e2e",
+              "body": "Public-API drift detection now runs in the local release workflow, and the wiki e2e additionally runs inside a Linux container so cross-platform example execution is caught before push. The `api-snapshot.json` baseline was refreshed for the first time since v0.6.17 (40+ patches of accumulated drift; `b.objectStoreRetry` removal in v0.7.0 was the breaking entry)."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki file-upload example cross-platform path",
+              "body": "The example previously hardcoded `stagingDir: \"/var/lib/myapp/uploads\"` which mkdir-passed on Windows but failed `EACCES` on Linux/macOS CI runners. Replaced with `path.join(os.tmpdir(), \"myapp-uploads-\" + Date.now())` and a self-contained `b.fileUpload.create` + `uploads.close()` round-trip; the Usage block likewise instantiates a real `b.router.create()` + uploads pair. `examples/wiki/test/run-example.js` gains `path` + `os` bindings so wiki examples can write idiomatic `path.join(os.tmpdir(), ...)` without falling foul of the harness's `var X = require(...)` line stripper."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "`inline-redis-client-opts-forwarding`",
+              "body": "New `KNOWN_ANTIPATTERNS` entry catches future re-implementations of the redis-client opts forwarding bag at n=1, so the consolidation can't regress silently."
+            },
+            {
+              "title": "`testNoDuplicateCodeBlocks` / `testNoUnresolvedMarkers` / `testNoTierTerminologyInLib` tuning",
+              "body": "`MIN_DISTINCT_FILES` lowered 3 → 2 and `MIN_DISTINCT_TOKENS` lowered 6 → 5 for more aggressive duplicate detection. The forbidden-marker scan adds `defer`, and the forbidden-internal-terminology scan adds the three numeric-suffix forms. `lib/log-stream-syslog.js`'s socket error-handler comment was reworded from \"defer to 'close' for reconnect\" to \"reconnect handled in the close listener\" — same behaviour, no marker false-positive."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.3",
+      "date": "2026-05-04",
+      "headline": "`b.middleware.apiEncrypt` per-session keying mode (opt-in). Per-request keying stays the default —",
+      "summary": "every existing test passes unchanged. Operators opt in by passing `keying: \"per-session\"`; the first request in a session carries the bootstrap envelope `{ _ek, _ct, _ts, _nonce, _sid, _ctr }` and the server stores the session key keyed by `_sid` (UUID v4); subsequent requests in.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Tests",
+              "body": "13 new layer-0 assertions covering default-keying invariant, opt validation (bad keying value / TTL / store shape), bootstrap-and-reuse round-trip (KEM amortization confirmed by inspecting subsequent envelope shape), unknown-sid 401, counter-replay 400, TTL-expiry 401, max-responses-rotation 401, response counter monotonic check, sessionInfo / resetSession client API, observability emission."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.7.2",
+      "date": "2026-05-04",
+      "headline": "Symmetric upload + download primitives ship with full v1-defensible feature sets",
+      "summary": "`b.fileUpload` chunked upload primitive: operators wire HTTP routes for per-chunk PUT (`fileUpload.acceptChunk`) and finalize POST (`fileUpload.finalize`); the framework owns the chunk lifecycle (per-chunk SHA3-512, atomic chunk write to `<stagingDir>/<uploadId>/<index>`, rea.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.fileUpload`",
+              "body": "chunked upload primitive: operators wire HTTP routes for per-chunk PUT (`fileUpload.acceptChunk`) and finalize POST (`fileUpload.finalize`); the framework owns the chunk lifecycle (per-chunk SHA3-512, atomic chunk write to `<stagingDir>/<uploadId>/<index>`, reassemble in manifest order, verify total SHA3-512) and hands the assembled buffer to an operator-supplied `onFinalize` callback. Surface includes `init` / `acceptChunk` / `finalize` / `status` / `list` / `cancelUpload` / `purgeIncomplete`. v1 features: per-actor active-upload quota, total staging-bytes quota, MIME magic-byte allowlist (composes `b.fileType`), `onChunk` operator hook, idle-upload timeout, stream reassembly above `maxStreamReassemblyBytes` (sequential async iterator over chunk files instead of `Buffer.concat`), permissions integration, metadata stash with cap, path-safe upload-ID regex, mode 0o700 staging dir, idempotent re-PUT, force-cancel, audit emission with 5-W actor context, observability counters."
+            },
+            {
+              "title": "`b.staticServe`",
+              "body": "download primitive expanded with the symmetric feature set: permissions gate (403), compliance retention gate (451), force-revoke instance method + revoke-store opt (404), MIME magic-byte allowlist (415), RFC 7233 single-range support (multi-range refused with 416), full conditional-request set (`If-None-Match` / `If-Match` / `If-Modified-Since` / `If-Unmodified-Since`), per-actor + global bandwidth quotas via `b.cache` cluster-shared token-buckets (429 + Retry-After), per-actor concurrency cap (429), `onServe` per-request operator hook, `maxIdleMs` stalled-stream timeout, cancellation propagation (client disconnect destroys file stream + releases concurrency slot), audit + observability emission with 5-W actor context. ETag is now SHA3-512-truncated for PQC posture; the SRI integrity helper keeps SHA-384 because the W3C subresource-integrity spec only allows sha256/sha384/sha512. Object-store backends (sigv4 / gcs / azure-blob) gain a new `getResponse(key, opts?)` method that forwards `range` / `ifNoneMatch` / `ifMatch` / `ifModifiedSince` / `ifUnmodifiedSince` opts to the backend's protocol-specific headers and returns `{ statusCode, body, etag, lastModified, contentRange, size, contentType }` — operators wiring object-store-backed download routes route conditional + range from the client request straight through. Existing `get(key)` returns just the body for back-compat."
+            },
+            {
+              "title": "`HTTP_STATUS`",
+              "body": "constants extended with `PARTIAL_CONTENT` / `RANGE_NOT_SATISFIABLE` / `PRECONDITION_FAILED` / `UNAVAILABLE_FOR_LEGAL_REASONS`."
+            },
+            {
+              "title": "New helpers",
+              "body": "`validateOpts.optionalNonEmptyStringArray(value, label, ErrorClass, code?)` and `validateOpts.optionalObjectWithMethod(value, method, label, ErrorClass, code?, description?)` consolidate the recurring \"string-array\" and \"duck-typed handle\" inline cascades across api-key / file-upload / seeders / notify / webhook / db-role-for. Both registered in `KNOWN_ANTIPATTERNS` so future re-implementations fail the n=1 gate."
+            },
+            {
+              "title": "Tests",
+              "body": "28 new layer-0 fileUpload assertions (init / acceptChunk / finalize / status / list / cancel / quotas / MIME allowlist / onChunk / idle / stream reassembly / permissions) plus 24 new staticServe assertions (range / suffix-range / open-end-range / unsatisfiable-range / multi-range refused / acceptRanges off / If-Match / If-Modified-Since / If-Unmodified-Since / permissions / retention / revoke / MIME allowlist / onServe / audit / stats / invalidateMeta / quotas / concurrency cap). Wiki page `examples/wiki/seeders/prod/pages/file-upload.js` added; routing.js section for `b.staticServe` rewritten to document the v1 surface. README \"what ships in the box\" Communication + Routing bullets updated."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7233",
+          "url": "https://www.rfc-editor.org/rfc/rfc7233.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.1",
+      "date": "2026-05-04",
+      "headline": "`b.websocket` route opts gain `handshakeGuid` to override the RFC 6455 §1.3 magic string used in",
+      "summary": "the `Sec-WebSocket-Accept` derivation. Default stays `258EAFA5-E914-47DA-95CA-C5AB0DC85B11`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Tests",
+              "body": "3 new layer-0 assertions in `test/00-primitives.js` (custom GUID produces different accept key, empty / null falls back to RFC default, malformed handshakeGuid rejected at config time)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6455",
+          "url": "https://www.rfc-editor.org/rfc/rfc6455.html"
+        }
+      ]
+    },
+    {
+      "version": "0.7.0",
+      "date": "2026-05-04",
+      "headline": "Codebase-patterns hardening sweep + primitive consolidation",
+      "summary": "The duplicate-block detector in `test/layer-0-primitives/codebase-patterns.test.js` ran at MIN_DISTINCT_FILES=3 and surfaced ~50 inline-shape clusters that had proliferated across lib/ — the kind of soft drift that's invisible at higher thresholds and hides re-introduction of bug classes the framework already swept once.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Catalog gate",
+              "body": "`KNOWN_ANTIPATTERNS` in the codebase-patterns test now has 24 entries firing at n=1, so future code re-introducing any of the registered inline shapes (even one new file) fails the gate immediately. Pre-v0.7.0 the duplicate-block detector required n>=3 to fire; the catalog closes the gap by registering each extracted primitive's inline shape so it can't drift back in."
+            },
+            {
+              "title": "Cluster allowlist",
+              "body": "`KNOWN_CLUSTERS` allowlist (n>=3 detector) has 25 entries with documented structural reasons (parser error class signatures don't fit the framework's `(code, message)` contract; framework-convention shapes like middleware factories; future consolidation candidates)."
+            },
+            {
+              "title": "Cleanup",
+              "body": "deleted dead re-export shims `lib/object-store/retry.js` (re-exported `lib/retry.js`) and `lib/auth/totp.js` (re-exported `lib/totp.js`); both fit the rule \"pre-v1 frameworks have no operators to compatibly upgrade — every legacy fallback is dead code.\" Renamed `lib/internal-sha1-hibp.js` → `lib/framework-sha1-hibp.js` to match the lib naming convention (the `internal-` prefix wasn't in the convention's five-bucket list; `framework-` is the canonical \"restricted-use\" bucket alongside `framework-error.js` / `framework-schema.js`)."
+            },
+            {
+              "title": "No operator-facing API breakage",
+              "body": "`b.objectStoreRetry` was removed from the public surface (operators use `b.retry` directly, which has been the canonical primitive since v0.2.24)."
+            },
+            {
+              "title": "Eslint config tightened",
+              "body": "added `eqeqeq` (with the `null` exception for the `== null` null-or-undefined idiom), `no-throw-literal`, `no-promise-executor-return`, `default-case`, `no-loss-of-precision`. The previous config was hiding 11 real errors: 8 sites of `return resolve()` / `return done()` inside `new Promise(executor)` (return value silently discarded) across app / dev / http-client / mail / router / wiki/integration / 00-primitives, plus a missing default-case + 2 intentional template-language `==` / `!=` operators in template.js's binary-op evaluator (now allowed via inline `// eslint-disable-next-line eqeqeq -- template language operator`). Also adds `structuredClone` to the Node-globals list so db.js's deep-clone calls don't trip `no-undef`."
+            },
+            {
+              "title": "Release-workflow gate added",
+              "body": "Linux container smoke `docker run --rm -v \"/$(pwd):/blamejs\" -w //blamejs node:24-alpine node test/smoke.js` is now part of the release flow. Catches lingering-handle bugs that pass on Windows / macOS but hang or error on Linux CI."
+            },
+            {
+              "title": "Tests",
+              "body": "smoke 7338 / Linux container smoke 7338 (148s) / wiki e2e 178 / per-primitive integration 16 files / wiki integration green / eslint clean / shellcheck clean."
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}