@blamejs/blamejs-shop 0.0.44

package/lib/vendor/blamejs/release-notes/v0.8.x.json

@@ -0,0 +1,3318 @@
+{
+  "$schema": "../scripts/release-notes-consolidated-schema.json",
+  "minor": "0.8",
+  "releases": [
+    {
+      "version": "0.8.90",
+      "date": "2026-05-11",
+      "headline": "RFC 8689 REQUIRETLS support via `b.mail.requireTls`",
+      "summary": "Per-message TLS-requirement signaling between sender and receiver MTAs. Complements MTA-STS and DANE (policy-side, domain-scoped) with a per-message knob that overrides policy when the operator wants stricter-than-policy delivery — the message bounces instead of falling back to cleartext if no downstream MTA can deliver under TLS.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.requireTls.peerSupports(ehloLines)`",
+              "body": "Walks a parsed EHLO response and returns `true` when the peer advertised the `REQUIRETLS` keyword. Case-insensitive per RFC 5321 §2.4; refuses substring matches (`FOO-REQUIRETLS-BAR` does NOT match); empty / non-array input returns `false`."
+            },
+            {
+              "title": "`b.mail.requireTls.mailFromExtension({ requireTls })`",
+              "body": "Builds the trailing `\" REQUIRETLS\"` token to append to a MAIL FROM line. Refuses a non-boolean flag value (a truthy-but-wrong-shape value like `\"yes\"` throws instead of silently succeeding)."
+            },
+            {
+              "title": "`b.mail.requireTls.parseTlsRequiredHeader(headerValue)`",
+              "body": "Parses the RFC 8689 §5 `TLS-Required` header. Returns `\"no\"` only when the value is the literal token `no` (case-insensitive, ignoring whitespace) per spec; any other non-empty value returns `\"yes\"` (RFC 8689 §5: \"any value other than 'No' MUST be treated as if the field had been absent\" — conservative strict path); returns `null` for absent / empty / non-string input. Refuses control characters on the raw header value before `trim()` runs so a leading `\\n` / trailing `\\r` / NUL / DEL byte can no longer slip past as the literal token `no` (ASCII HT remains permitted as structural folding whitespace)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8689 SMTP Require TLS Option",
+          "url": "https://www.rfc-editor.org/rfc/rfc8689.html"
+        },
+        {
+          "label": "RFC 5321 Simple Mail Transfer Protocol",
+          "url": "https://www.rfc-editor.org/rfc/rfc5321.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.89",
+      "date": "2026-05-11",
+      "headline": "Hotfix: `b.earlyHints.send()` case-variant link bypass + new `b.mail.srs` Sender Rewriting Scheme",
+      "summary": "Closes a case-variant header bypass that let unvalidated `Link` headers reach `writeEarlyHints()` and ships an SRS0 forwarder primitive so the next-hop SPF check passes and bounces route back correctly.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.srs.create({ secret, forwarderDomain, expiryDays? })`",
+              "body": "Sender Rewriting Scheme (SRS0) implementation for forwarder envelope-from rewriting. Returns `{ rewrite, reverse }`. `rewrite(addr)` produces an SRS-encoded `SRS0=HHHH=TT=domain=local@forwarder.example` form; `reverse(srs)` decodes back to the original sender, verifying an HMAC-SHA-256 short-tag (operator-supplied secret), the day-stamp expiry window (default 30 days), and the canonical 4-field SRS0 grammar. Domain-binding: `reverse(srs)` refuses with `srs/wrong-forwarder` when the SRS0 address's `@domain` part doesn't match the rewriter's `forwarderDomain` (case-insensitive per RFC 5321 §2.3.5). Refuses tampered tags via `srs/bad-tag`, expired rewrites via `srs/expired`, double-SRS-encoding via `srs/already-rewritten`, and bad address shapes via `srs/bad-address`. HMAC uses `b.crypto.timingSafeEqual` for constant-time tag comparison."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.earlyHints.send()` case-variant `Link` header bypass",
+              "body": "Pre-v0.8.89, supplying both `link` (lowercase) AND `Link` (capital, or any other case variant) to `b.earlyHints.send()` bypassed the validator. `opts.link` got the dedicated `_validateLink` pass and was assigned to `headers.link`; the trailing header loop then iterated `Object.keys(opts)`, skipped only the exact-match `\"link\"` key, and for `\"Link\"` lowercased the name and wrote `headers.link = opts.Link` — overwriting the validated value with unvalidated content. Malformed Link headers (missing `rel=`, unknown relation, oversized) reached `writeEarlyHints()` despite the API contract. The fix collapses all opt keys to a single canonical lowercase map up front; duplicate case-variants of any header (not just `link`) now refuse with `early-hints/duplicate-header` so operators see the collision instead of silent winner-take-all behavior. Capital `Link` alone (no lowercase variant) still works — it goes through the same validator. Tests added: case-variant-collision refuse, capital-Link-alone validates, capital-Link with malformed value still throws `bad-link`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 5321 §2.3.5 (domain name case-insensitivity)",
+          "url": "https://www.rfc-editor.org/rfc/rfc5321.html#section-2.3.5"
+        },
+        {
+          "label": "RFC 8297 Early Hints",
+          "url": "https://www.rfc-editor.org/rfc/rfc8297.html"
+        },
+        {
+          "label": "SRS specification (Meng Wong, 2003)",
+          "url": "https://www.libsrs2.org/srs/srs.pdf"
+        }
+      ]
+    },
+    {
+      "version": "0.8.88",
+      "date": "2026-05-11",
+      "headline": "Hotfix: `b.auth.fal.meets()` invalid-band authorization-correctness bug + new `b.earlyHints` RFC 8297 helper",
+      "summary": "`b.auth.fal.meets(actualBand, requiredBand)` previously compared raw ranks without validating either input. Unknown bands mapped to rank `0`, so `meets(\"FAL1\", \"FALX\")` returned `true` and `meets(\"bad\", \"bad\")` returned `true` — both contradicting the documented contract that invalid bands MUST return `false`. Operators calling `meets()` directly for authorization decisions could grant access on malformed input pairs. Plus a new RFC 8297 103 Early Hints helper.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.auth.fal.meets()` validates both bands",
+              "body": "The new implementation validates both bands via `isValidBand()` first; any invalid band on either side returns `false`. The `requireFal()` guard was already correct (it used `meets()` after a separate `isValidBand(actualBand)` check, but a defense-in-depth pass into `meets()` itself now catches direct callers too). Tests added: 7 invalid-input shapes (`FALX` actual, `FALX` required, `bad`/`bad`, `FALX`/`FALX`, null on either side, both null)."
+            }
+          ]
+        },
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.earlyHints.send(res, { link })` — RFC 8297 103 Early Hints",
+              "body": "Wraps Node 18.11+'s built-in `res.writeEarlyHints()` with: link-header validation (RFC 8288 form with one of `preload` / `preconnect` / `prefetch` / `dns-prefetch` / `modulepreload` / `prerender` / `next` / `prev`); silent no-op when the response object lacks `writeEarlyHints` (HTTP/1.0, mocks, older Node); refusal of per-request-state headers per RFC 8297 §3 (`set-cookie`, `authorization`, `content-length`, `content-type`, etc.). Operators use it to start browser-side preload of CSS / JS / fonts / preconnect origins in parallel with the server-side composition of the final response."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8297 103 Early Hints",
+          "url": "https://www.rfc-editor.org/rfc/rfc8297.html"
+        },
+        {
+          "label": "RFC 8288 Web Linking",
+          "url": "https://www.rfc-editor.org/rfc/rfc8288.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.87",
+      "date": "2026-05-11",
+      "headline": "`b.auth.fal` 800-63-4 FAL classifier + RFC 7505 Null-MX helper + Gmail Feedback-ID builder + vendor-update.sh cleanup",
+      "summary": "Adds the federation-side counterpart to the existing AAL band classifier (800-63C-4 FAL1/FAL2/FAL3), an RFC 7505 Null-MX classifier for send-side opt-out detection, a Gmail FBL Feedback-ID builder, and a `vendor-update.sh` cleanup that removes a stale argon2 entry.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.fal` NIST 800-63C-4 FAL classifier",
+              "body": "Federation-side counterpart to the existing `b.auth.aal` band classifier. `fromAssertion({ channel, encrypted?, replayProtected?, hokBinding? })` classifies an incoming federation assertion as `\"FAL1\"` / `\"FAL2\"` / `\"FAL3\"` per NIST 800-63C-4: Holder-of-Key (mTLS / DPoP / SAML HoK) with replay-protection → FAL3; back-channel OR encrypted front-channel with replay-protection → FAL2; bare bearer front-channel → FAL1. Conservative: missing replay-protection on a back-channel assertion downgrades to FAL1 because §5.2 requires nonce / jti binding before back-channel can claim FAL2. `requireFal(minimumBand)` builds a band-check guard that throws `auth/fal-insufficient` for stale-band requests."
+            },
+            {
+              "title": "`b.network.dns.isNullMx(records)` — RFC 7505",
+              "body": "Returns `true` when an operator-supplied MX-record array signals \"this domain does not accept email\" (single record, priority 0, exchange `.` per RFC 7505 §3). Operators send-side check this before delivery to skip domains that have explicitly opted out — `node:dns.resolveMx` returns `exchange: \"\"` for the same RDATA, so the classifier accepts both shapes."
+            },
+            {
+              "title": "`b.mail.feedbackId({ campaignId, customerId, mailType, senderId })`",
+              "body": "Builds a Gmail Feedback-Loop (FBL) Feedback-ID header value as the canonical 4-tuple `CampaignID:CustomerID:MailType:SenderID`. Refuses missing / empty fields, fields containing `:` (would corrupt the field separator), fields >64 chars (Gmail FBL truncation threshold), and control-char content (CR/LF header-injection defense). Setting Feedback-ID on outbound mail lets Gmail Postmaster Tools surface per-campaign abuse-rate metrics keyed by the operator's vocabulary instead of by SMTP envelope-sender alone."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`vendor-update.sh --check` removed stale argon2 entry",
+              "body": "argon2 was removed from `lib/vendor/` when Node 24's built-in `crypto.argon2*` API replaced the third-party prebuilds (per `lib/argon2-builtin.js`); the script still listed it in the check array, producing a false \"UPDATE AVAILABLE\" line for an unvendored package. The case-block error path that still says \"argon2 is no longer vendored\" stays so anyone running `./scripts/vendor-update.sh argon2` gets the operator-friendly explanation."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "NIST SP 800-63C-4",
+          "url": "https://pages.nist.gov/800-63-4/sp800-63c.html"
+        },
+        {
+          "label": "RFC 7505 Null-MX",
+          "url": "https://www.rfc-editor.org/rfc/rfc7505.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.86",
+      "date": "2026-05-11",
+      "headline": "Sectoral + cybersecurity posture sweep + HTTP-hygiene primitives + npm-publish hotfix",
+      "summary": "v0.8.85's `npm audit signatures` step failed with `npm error found no installed dependencies to audit` because the framework's zero-runtime-deps posture produces an empty install tree; the gate now treats that specific message as success. v0.8.85 npm tarball never published — operators upgrade `0.8.83 → 0.8.86` to pick up the carried v0.8.84 + v0.8.85 surface plus the new v0.8.86 primitives.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "New sectoral + cybersecurity compliance postures",
+              "body": "`cmmc-2.0` (DoD Cybersecurity Maturity Model Certification 2.0), `cjis-v6` (FBI CJIS Security Policy v6.0), `iso-27001-2022` + `iso-27002-2022` + `iso-27017` + `iso-27018` + `iso-27701` (ISO/IEC 27001 family), `nist-800-66-r2` (HIPAA Security Rule implementation guidance), `ehds` (European Health Data Space), `circia` (US Cyber Incident Reporting for Critical Infrastructure Act). Cascade defaults set encrypted-backup + signed-audit-chain + TLS 1.3 + vacuum-after-erase for the data-tier postures; `iso-27002-2022` + `circia` defer the data-tier mandate to operator choice."
+            },
+            {
+              "title": "`b.cacheStatus` — RFC 9211 Cache-Status",
+              "body": "Response-header builder + parser. `append(prev, entry)` chains the operator's current cache decision onto whatever upstream caches wrote; `entry({...})` formats a single entry; `parse(headerValue)` returns the parsed chain as `[{ cache, params }]` records with `hit` / `stored` / `collapsed` as booleans, `ttl` / `fwdStatus` as numbers, `fwd` as the RFC 9211 §2 enum string, `key` / `detail` as unquoted sf-strings."
+            },
+            {
+              "title": "`b.serverTiming` — W3C Server-Timing",
+              "body": "`create()` returns a per-request collector with `mark(name, durationMs?, description?)` / `measure(name, fn)` async-timing wrapper / `toHeader()` serializer. Surfaces server-side latency in the browser's Performance API."
+            },
+            {
+              "title": "`b.middleware.noCache` — RFC 9111 §5.2.2.5",
+              "body": "`Cache-Control: no-store` middleware for auth-gated / individualized response paths. Sets `Cache-Control: no-store`, `Pragma: no-cache` (HTTP/1.0 compatibility), `Vary: Cookie, Authorization` so intermediate caches don't store personalized responses keyed by URL alone. Optional `opts.when(req)` predicate for conditional application; `opts.skipExisting: true` skips when `Cache-Control` is already set."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "npm-publish gate treats empty install tree as success",
+              "body": "`npm audit signatures` step in `npm-publish.yml` now treats the `npm error found no installed dependencies to audit` message as success while keeping every other failure mode loud."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9211 Cache-Status",
+          "url": "https://www.rfc-editor.org/rfc/rfc9211.html"
+        },
+        {
+          "label": "RFC 9111 HTTP Caching",
+          "url": "https://www.rfc-editor.org/rfc/rfc9111.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.85",
+      "date": "2026-05-11",
+      "headline": "MCP tool registry + tool-call signing + A2A v1 task-exchange surface",
+      "summary": "Closes substantial agent-protocol gaps. MCP tool registry signs every tool descriptor and adds tool-call envelope signing (defends compromised MCP server / descriptor drift, MCP-middleman / indirect-prompt-injection synthesized calls, and call-replay). A2A v1 task-exchange surface ships client dispatchers + server middleware for `tasks/send`, `tasks/get`, `tasks/cancel` plus a signed Agent Card at `/.well-known/agent.json`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mcp.toolRegistry.create({ tools, signingKey, verifyingKey?, alg?, ttlMs? })`",
+              "body": "Every registered tool gets a signed descriptor blob `{ tool, alg, signature }` (defense against compromised MCP server / descriptor drift) and a `descriptorsManifest()` produces a signed `{ body, signature }` document for operator-side attestation. The registry's `signCall({ toolName, args, nonce?, ttlMs? })` builds + signs an outbound tool-call envelope `{ tool, argsHash, nonce, iat, exp }`; `verifyCall(signed, { args?, seen?, nowMs? })` runs the inverse on inbound — refuses signature mismatch (`mcp/call-verify-failed`), expired envelopes (`mcp/call-expired`), replayed nonces via operator-supplied `seen(nonce)` callback (`mcp/call-replay`), unregistered tools (`mcp/call-unregistered-tool`), and args-hash mismatch when raw args supplied (`mcp/call-args-mismatch`). Default algorithm ML-DSA-87 per the framework's PQC-first rule; Ed25519 / ECDSA / SLH-DSA also available."
+            },
+            {
+              "title": "A2A v1 task-exchange surface",
+              "body": "`b.a2a.tasks.{ send, get, cancel }` (client-side JSON-RPC dispatchers — `send` posts `tasks/send` to the peer URL with task validation + https-only refusal; `get` polls `tasks/get`; `cancel` requests `tasks/cancel`). `b.a2a.middleware.tasks({ scopes, handler, maxBytes? })` (server-side connect-style middleware — parses inbound JSON-RPC 2.0, enforces method allowlist `[tasks/send, tasks/get, tasks/cancel]` with -32601 method-not-found, enforces per-skill scopes via `req.a2aScopes` with -32001 scope-denied, dispatches to operator handler, maps errors to JSON-RPC -32603, refuses non-POST with 405 + non-JSON content-type with 415). `b.a2a.middleware.agentCard({ card, maxAgeSec? })` serves operator's signed Agent Card at `/.well-known/agent.json` per A2A v1 discovery — 405 on non-GET, Cache-Control max-age operator-tunable."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.84",
+      "date": "2026-05-11",
+      "headline": "Supply-chain hardening trio + HTTP-API hygiene primitives (RFC 9457 + idempotency-key)",
+      "summary": "Adds CodeQL SAST workflow on `security-extended`, `npm audit signatures` step in `npm-publish.yml`, vendored-SBOM cosign signing, and ships `b.problemDetails` (RFC 9457) + `b.middleware.idempotencyKey` (draft-ietf-httpapi-idempotency-key). The v0.8.84 git tag landed on a wrong commit due to a release-workflow ordering issue and the npm publish did not ship; operators upgrade directly from 0.8.83 to 0.8.85.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "CodeQL SAST workflow",
+              "body": "`.github/workflows/codeql.yml` runs on PR + push-to-main + weekly Mon-05:31-UTC schedule against the JavaScript surface using the `security-extended` query pack (catches SQL injection, XSS, prototype pollution, command injection, ReDoS, unsafe deserialization, SSRF, hardcoded credentials beyond what OSV-Scanner sees; findings surface as SARIF in the Security tab)."
+            },
+            {
+              "title": "`npm audit signatures` step in `npm-publish.yml`",
+              "body": "Verifies the cryptographic signing chain for every package in the install tree against the npm registry's public keys before the publish step runs. Regression-defense — the framework ships zero npm runtime deps so the tree is trivially empty today; if a future patch accidentally adds a runtime dep, the gate refuses an unsigned registry entry before tag-push triggers a release."
+            },
+            {
+              "title": "Vendored-SBOM cosign signing",
+              "body": "Extends the existing cosign-keyless flow to sign `sbom.vendored.cdx.json` alongside `sbom.cdx.json` and attaches both `.sigstore` bundles to the GitHub Release."
+            },
+            {
+              "title": "`b.problemDetails` (RFC 9457)",
+              "body": "`create({ type, title, status, detail, instance, ...extensions })` builds a frozen problem doc with field validation; `fromError(err)` converts a `FrameworkError` into a problem doc with `type` derived from `err.code` against a configurable base URI; `respond(res, problem)` writes the response with `Content-Type: application/problem+json` + `Cache-Control: no-store` per RFC 9457 §3 + RFC 9111 §5.2.2.5; `validate(doc)` parses inbound problem docs from upstream APIs with shape refusal."
+            },
+            {
+              "title": "`b.middleware.idempotencyKey` (draft-ietf-httpapi-idempotency-key)",
+              "body": "Replay-safe POST / PUT / PATCH / DELETE — operator-supplied store interface with first-party `memoryStore({ maxEntries })`. Cached fingerprint = `method + path + sha3-256(body)`. 422 + `idempotency/key-reuse-mismatch` problem-details on same-key-different-body per draft §4.3. 5xx responses are NOT cached (replaying a transient infrastructure failure is not idempotent). Default TTL 24h; default methods POST / PUT / PATCH / DELETE."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9457 Problem Details for HTTP APIs",
+          "url": "https://www.rfc-editor.org/rfc/rfc9457.html"
+        },
+        {
+          "label": "draft-ietf-httpapi-idempotency-key",
+          "url": "https://datatracker.ietf.org/doc/draft-ietf-httpapi-idempotency-key/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.83",
+      "date": "2026-05-11",
+      "headline": "ACME 47-day-cert readiness — certificate profiles + dns-account-01 challenge + ARI renewal-window jitter",
+      "summary": "Adds draft-aaron-acme-profiles, draft-ietf-acme-dns-account-label, and RFC 9773 §4.2 fleet-scheduling jitter on `b.acme` so operators distribute renewal storms uniformly across the CA-suggested window.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`acme.listProfiles()` + `acme.newOrder({ profile })`",
+              "body": "draft-aaron-acme-profiles. `listProfiles()` reads `directory.meta.profiles` and returns the CA-advertised `{ name: description }` map. `newOrder({ profile })` passes the chosen profile name through the order payload; refuses non-string + caps length at 64 bytes. As CA/B Forum SC-081v3 phases in the 47-day mandate, profile-name vocabulary becomes the operator-facing handle for \"long-lived\" vs \"47-day\" vs \"short-lived\" cert selection."
+            },
+            {
+              "title": "`acme.dnsAccount01ChallengeRecord(token, { identifier, ttl? })`",
+              "body": "draft-ietf-acme-dns-account-label. Builds the per-account-scoped TXT record (`_<accountLabel>._acme-challenge.<host>`) where `accountLabel` is the lowercase base32 of the first 80 bits of `SHA-256(accountUrl)`. Refuses pre-newAccount (label needs accountUrl as seed); caps identifier at 255 bytes; refuses negative / huge TTL."
+            },
+            {
+              "title": "`acme.renewIfDue({ jitter: true })` fleet-scheduling jitter",
+              "body": "RFC 9773 §4.2. Returns a `renewAt` ISO timestamp picked uniformly across the CA-suggested window so operator fleets running on the same poll cadence stop clustering their renewal storms at the window-start instant. Default behavior (`jitter` off or absent) preserves pre-0.8.83 \"renew now\" semantics. The `acme.cert.renew.scheduled` audit row carries the chosen `renewAt` when jitter is on."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9773 ACME Renewal Information",
+          "url": "https://www.rfc-editor.org/rfc/rfc9773.html"
+        },
+        {
+          "label": "draft-aaron-acme-profiles",
+          "url": "https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/"
+        },
+        {
+          "label": "draft-ietf-acme-dns-account-label",
+          "url": "https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.82",
+      "date": "2026-05-11",
+      "headline": "Privacy 2026 posture sweep — 27 new compliance postures",
+      "summary": "Closes the privacy gap with US-federal, UK, Latin America, APAC, US-state child-privacy, and EU non-personal-data postures. Introduces new REGIME_MAP `domain` values (`child-privacy`, `financial-privacy`, `consumer-privacy`, `genetic-privacy`, `platform-governance`, `identity`) so dashboards grouped by domain pick up the new buckets via `b.compliance.posturesByDomain(domain)` without code changes.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "US federal postures",
+              "body": "`coppa` + `coppa-2025` (FTC final rule 2025-04-22, effective 2026-06-23 — biometric expansion + knowing-collection-13-and-under disclosure; cascade adds `backupEncryptionRequired: true` + vacuum-after-erase), `glba-safeguards` (Safeguards Rule 2024 Amendment, effective 2024-05-13), `gina` (Genetic Information Nondiscrimination Act), `vppa` (Video Privacy Protection Act), `can-spam`, `il-gipa` (Illinois Genetic Information Privacy Act with post-2024 private right of action), `hhs-repro-24` (HHS Reproductive Health HIPAA Amendment 2024-12-23), `nist-pf-1.1` (NIST Privacy Framework 1.1, final 2025-04-14)."
+            },
+            {
+              "title": "UK + Latin America postures",
+              "body": "`uk-duaa` (Data (Use and Access) Act 2025 — Royal Assent 2025-06-19; replaces the abandoned DPDI Bill). `cl-pdpa` (Chile Ley 21.719, enacted 2024-12-13, effective 2026-12-01), `mx-lfpdppp` (Mexico 2025 secondary reform), `ar-pdpa` (Argentina Ley 25.326)."
+            },
+            {
+              "title": "APAC postures",
+              "body": "`pipa-kr` (Korea PIPA 2023 major amendment, phased 2023-09-15 / 2024-03-15), `au-privacy` (Australia Privacy Act + 2024 Amendment Act — statutory tort effective 2025-06-10), `th-pdpa`, `vn-pdp` (Vietnam PDP Law effective 2026-01-01), `id-pdp` (Indonesia PDP Law effective 2024-10-17), `my-pdpa` (Malaysia 2024 amendments effective 2025-04-30)."
+            },
+            {
+              "title": "US-state child-privacy postures",
+              "body": "`ny-safe-kids` + `ny-saffe` (NY Child Data Protection Act + Stop Addictive Feeds Exploitation, both effective 2025-06-20), `md-kids-code` (Maryland Age-Appropriate Design Code), `vt-aadc` (Vermont AADC)."
+            },
+            {
+              "title": "EU non-personal-data + adjacent postures",
+              "body": "`dsa` (Digital Services Act, fully applicable 2024-02-17), `dga` (Data Governance Act, applicable 2023-09-24), `eu-cer` (Critical Entities Resilience Directive 2022/2557, transposition 2024-10-17), `eu-cyber-sol` (Cyber Solidarity Act 2025/38, effective 2025-02-04), `eidas-2` (eIDAS 2 / EUDI Wallet, rollout 2026-2027)."
+            },
+            {
+              "title": "New REGIME_MAP `domain` values",
+              "body": "`child-privacy`, `financial-privacy`, `consumer-privacy`, `genetic-privacy`, `platform-governance`, `identity`. Operators rendering compliance dashboards grouped by domain pick up the new buckets via `b.compliance.posturesByDomain(domain)` without code changes."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.81",
+      "date": "2026-05-11",
+      "headline": "AI-governance postures + ISO 42001 / 23894 cross-walk + privacy catalog drift fixes",
+      "summary": "18 new postures register in `b.compliance.KNOWN_POSTURES` (state AI governance, international AI, AI management standards, California gen-AI content credentials, substrate-to-posture cleanup, plus `fl-fdbr` and the long-missing `dpdp`). Adds an ISO 42001 + 23894 cross-walk for operators chasing ISO certification under AI Act high-risk scope, and corrects state-privacy citation drift.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "AI-governance posture additions",
+              "body": "State AI governance: `co-ai`, `il-hb3773`, `tx-traiga`, `ut-aipa`, `nyc-ll144`, `ca-tfaia` (frontier AI critical-incident records cascade to `backupEncryptionRequired: true`). International AI: `kr-ai-basic`, `cn-ai-label`. AI management standards: `iso-42001`, `iso-23894`. California gen-AI content credentials: `ca-sb942`, `ca-ab853`. Substrate-to-posture cleanup: `eaa` for EU Accessibility Act, `wcag-2-2` for `b.guardHtml.wcag`, `eu-data-act` for `b.dataAct`, `hitech` extending HIPAA-tier, `ferpa` for student records. Plus `fl-fdbr` (Florida Digital Bill of Rights) and the long-missing `dpdp` (India DPDP Act 2023)."
+            },
+            {
+              "title": "ISO 42001 + 23894 cross-walks",
+              "body": "`b.compliance.aiAct.crossWalkIso42001([aiActCitation])` and `crossWalkIso23894()` return a 15-row mapping table linking EU AI Act articles (Art. 9 risk management → Art. 73 incident reporting) to ISO/IEC 42001:2023 Annex A controls and ISO/IEC 23894:2023 risk-management clauses. Read-only metadata, defensive copies returned, no behavior change at deploy time."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.compliance.set(\"dpdp\")` now resolves",
+              "body": "India DPDP Act 2023 was in the `POSTURE_DEFAULTS` cascade table but not in `KNOWN_POSTURES`, so `b.compliance.set(\"dpdp\")` threw `compliance/unknown-posture`."
+            },
+            {
+              "title": "DSR drift fix for `fl-fdbr`",
+              "body": "`b.dsr.stateRules(\"fl-fdbr\")` / `stateRules(\"FL\")` now resolve (45-day response window, 15-day extension, 30-day cure, profiling opt-out enabled, minor opt-in 13)."
+            },
+            {
+              "title": "State-privacy citation drift",
+              "body": "Four state-privacy posture citations corrected from `(effective 2026-MM-DD)` to `(effective 2025-MM-DD)` — `modpa`, `nh-nhpa`, `nj-njdpa`, `mn-mncdpa` all took effect during 2025; the year-late citations would have surfaced as audit-trail discrepancies under operator review."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.80",
+      "date": "2026-05-10",
+      "headline": "Bug fix — `b.config.loadDbBacked` overlapping-tick race",
+      "summary": "`cfg.refresh()` calls `_tick()` directly and the periodic poller also invokes `_tick()` independently. When two ticks overlap, the older read could resolve LAST and overwrite a newer config write — so `admin-save → await cfg.refresh()` was not guaranteed to leave the latest value active when `fetchRows` latency varied. Sequence-numbered ticks now drop stale apply attempts.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Sequence-numbered ticks drop stale apply attempts",
+              "body": "Every tick claims a monotonic sequence number at start; at apply-time, ticks whose sequence is older than the last-applied sequence drop with a `config.reload.skipped` audit emission (stale-tick reason). The high-water mark advances ONLY after `cfg.reload` succeeds — a newer tick whose validation fails must not suppress an older in-flight tick that still has valid data (otherwise `refresh(valid)` followed by `refresh(invalid)` could silently keep stale config active). Fetch / transform failures short-circuit before the apply path and likewise do NOT advance the watermark."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.78",
+      "date": "2026-05-10",
+      "headline": "Save-triggered reload for `b.config.loadDbBacked`",
+      "summary": "Admin save handlers / settings-management UIs that write a row in `_blamejs_config_overrides` now call `await cfg.refresh()` immediately after the write, so the new value is active without waiting for the poll's `intervalMs` tick. The poll stays in place as a safety-net for drift.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`cfg.refresh()` save-triggered reload",
+              "body": "Returns a `Promise<void>` of identical shape to `cfg.hydrated`: resolves after the tick settles (success OR audit-on-failure), NEVER rejects so save handlers don't deadlock on a flaky DB. The existing `cfg.subscribe(fn)` continues to fire synchronously inside every successful reload — operators reach for it to invalidate caches / recompute derived state / hot-rebuild middleware that closed over the previous config. Three-tier precedence is documented explicitly in the `@primitive` block: DB-row overlay > `opts.env` baseline > schema `default(...)`."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.77",
+      "date": "2026-05-10",
+      "headline": "OAuth RS completeness + vendored-deps SBOM + MCP coverage + ACME completeness + SCIM 2.0 + AI Act forward templates + C2PA COSE + US-state postures + config reactive value + idempotent startup hydration",
+      "summary": "Closes ten substantial gaps: RFC 7662 / 7591 / 8628 / 8693 OAuth resource-server completeness, vendored-deps SBOM signing, MCP `assertProtocolVersion` + sampling/elicitation guards, ACME `revokeCert` / `accountKeyRollover` / `deactivateAccount` / `tlsAlpn01` / EAB, Permissions-Policy denylist expansion, NIST control crosswalk catalog, SCIM 2.0 server middleware, CRA Annex VIII + AI Act Article 27 FRIA + GPAI Article 53(1)(d) templates, C2PA COSE_Sign1 wrap, 22 new US-state privacy postures + per-state DSR rules. Plus a reactive `cfg.value` + first-immediate-tick hydration + `resetAll()` on the rate-limit module.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "OAuth resource-server completeness",
+              "body": "`b.auth.oauth.introspectToken` (RFC 7662), `registerClient` (RFC 7591 — refuses empty redirect_uris), `deviceAuthorization` + `pollDeviceCode` (RFC 8628 with slow_down / authorization_pending handling), `exchangeToken` (RFC 8693 subject+actor delegation), `b.middleware.protectedResourceMetadata` serving `.well-known/oauth-protected-resource` (draft-ietf-oauth-resource-metadata)."
+            },
+            {
+              "title": "Vendored-deps SBOM",
+              "body": "`scripts/build-vendored-sbom.js` emits `sbom.vendored.cdx.json` (CycloneDX 1.6) covering every `lib/vendor/*` bundle with per-file SHA-256 + purl + license metadata; wired into `npm-publish.yml` so OSV-Scanner now scans it alongside the primary `sbom.cdx.json`."
+            },
+            {
+              "title": "MCP endpoint coverage",
+              "body": "`b.mcp.assertProtocolVersion` (MCP 2025-11-25 §4.1 header). `b.mcp.sampling.guard({ maxRequestsPerSession, maxMessagesPerRequest, maxTokensPerRequest, allowedModelHints })` (HIGH-RISK endpoint — confused-deputy class). `b.mcp.elicitation.guard` (prompt-injection scan + schema-type allowlist + size cap)."
+            },
+            {
+              "title": "ACME completeness for the 47-day cert lifetime",
+              "body": "`revokeCert` (RFC 8555 §7.6), `accountKeyRollover` (§7.3.5), `deactivateAccount` (§7.3.6), `tlsAlpn01KeyAuthorization` (RFC 8737), External Account Binding opt on `newAccount` (§7.3.4 — required by ZeroSSL / Buypass / Google CA). Closes 47-day CA/B forum surface before March 2026 effective date."
+            },
+            {
+              "title": "Permissions-Policy denylist expansion",
+              "body": "Adds `identity-credentials-get`, `attribution-reporting-cross-site`, `publickey-credentials-create`, `join-ad-interest-group`, `run-ad-auction`, `shared-storage`, `shared-storage-select-url`, `smartcard`, `all-screens-capture`, `deferred-fetch`."
+            },
+            {
+              "title": "`b.nistCrosswalk` control catalog",
+              "body": "Catalog mapping `800-53r5` (~50 controls), `csf-2.0` (~22 functions), `800-171r3` (~25 requirements), `800-218` (SSDF tasks) to framework primitives — used by operators producing SSPs, POAMs, ATO packages, CMMC self-assessments."
+            },
+            {
+              "title": "`b.middleware.scimServer` (SCIM 2.0)",
+              "body": "Implements RFC 7642 / 7643 / 7644 — Users + Groups + ServiceProviderConfig + ResourceTypes + Schemas + filter parser (eq / ne / co / sw / ew / pr / gt / ge / lt / le) + GET / POST / PUT / PATCH / DELETE dispatch + bearer-auth callback hook + 1 MiB body cap."
+            },
+            {
+              "title": "CRA + EU AI Act forward-deadline templates",
+              "body": "`b.cra.conformityAssessment` Annex VIII technical dossier scaffold (CE marking, Module routing, vuln-handling auto-fill). `b.complianceAiAct.fundamentalRightsImpactAssessment` (Article 27 FRIA template — mandatory for Annex III §5-8 deployers). `b.complianceAiAct.gpai.trainingDataSummary` (Article 53(1)(d) AI Office template — mandatory 2026-08-02)."
+            },
+            {
+              "title": "`b.contentCredentials.signCose` (C2PA COSE_Sign1)",
+              "body": "Produces RFC 9052 COSE_Sign1 CBOR envelope with x5chain header + ML-DSA-87 / ed25519 / es256 / 384 / 512 / SLH-DSA-SHAKE-256f algorithms. Interops with c2patool / JPEG Trust / Adobe verifiers (current `sign()` ships a blamejs-internal envelope; the new `signCose()` ships the canonical wire format)."
+            },
+            {
+              "title": "US-state compliance postures + per-state DSR rules",
+              "body": "`vcdpa`, `co-cpa`, `ctdpa`, `ucpa`, `tdpsa`, `or-cpa`, `mt-cdpa`, `ia-icdpa`, `in-indpa`, `de-dpdpa`, `nh-nhpa`, `nj-njdpa`, `ky-kcdpa`, `tn-tipa`, `mn-mncdpa`, `ri-ricpa`, `ne-dpa`, `nv-sb370`, `ca-aadc`, `ct-sb3`, `tx-cubi` (plus existing `modpa` + `quebec-25`). Registered in `b.compliance` + per-state DSR rules via `b.dsr.stateRules(state)` / `b.dsr.listStateRules()` returning `{ responseDays, extensionDays, cureDays, profilingOptOut, minorOptIn, notes }`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.middleware.rateLimit` instance gains `.resetAll()` + module-level registry",
+              "body": "In-memory backends only; cluster backend no-ops per multi-replica race-safety. The module keeps a registry of every rate-limit middleware created in the process. Incident-response scripts can enumerate every limiter and flush state across the whole process without threading references through the app code. `create()` registers; `middleware.close()` deregisters. Top-level `resetAll()` returns the count of instances it walked."
+            },
+            {
+              "title": "`b.config.loadDbBacked` gains `transformValue`",
+              "body": "Per-row transform applied between `fetchRows` and schema validation; common shape is unsealing a `b.vault`-sealed ciphertext column so canonical secrets live encrypted-at-rest in `_blamejs_config_overrides`. Per-row failures emit `config.reload.failed` and skip the row so a single bad row can't crash the poller."
+            },
+            {
+              "title": "`b.cryptoField` gains `sealDoc` / `unsealDoc` doc-shaped aliases",
+              "body": "Aliases of the existing `sealRow` / `unsealRow` — same identity, lets downstream tests reach for the document-naming convention when preparing seed objects via raw `INSERT`."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.config` reactive `value` getter",
+              "body": "`cfg.value.X` now reflects the latest validated state after every `reload()` (and every `loadDbBacked` poll). Before, `cfg.value` was a captured property pinned to the create-time object, so `cfg.value.FEATURE_X` stayed stale and only `cfg.get(\"FEATURE_X\")` saw updates. Now backed by an `Object.defineProperty` getter; `cfg.get()` / `cfg.has()` semantics unchanged."
+            },
+            {
+              "title": "`b.config.loadDbBacked` startup hydration window",
+              "body": "`loadDbBacked` returned a config handle that stayed at env-only defaults for the first `intervalMs` because `safeAsync.repeating` is `setInterval`-shaped (no t=0 fire). The handle now kicks off one immediate hydration `_tick()` on construction and exposes `cfg.hydrated` — a Promise that resolves after the first tick settles. The Promise NEVER rejects (per-tick failures route through audit, last-good value stays)."
+            },
+            {
+              "title": "`b.middleware._modules.rateLimit.instances()` + module-level `.resetAll()`",
+              "body": "Module-level helpers for incident-response scripts to enumerate every limiter and flush state across the whole process. `create()` registers, `middleware.close()` deregisters, top-level `resetAll()` returns the count."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 7662 OAuth Token Introspection",
+          "url": "https://www.rfc-editor.org/rfc/rfc7662.html"
+        },
+        {
+          "label": "RFC 7591 OAuth Dynamic Client Registration",
+          "url": "https://www.rfc-editor.org/rfc/rfc7591.html"
+        },
+        {
+          "label": "RFC 8628 OAuth Device Authorization Grant",
+          "url": "https://www.rfc-editor.org/rfc/rfc8628.html"
+        },
+        {
+          "label": "RFC 8693 OAuth Token Exchange",
+          "url": "https://www.rfc-editor.org/rfc/rfc8693.html"
+        },
+        {
+          "label": "RFC 8555 ACME",
+          "url": "https://www.rfc-editor.org/rfc/rfc8555.html"
+        },
+        {
+          "label": "RFC 8737 ACME tls-alpn-01",
+          "url": "https://www.rfc-editor.org/rfc/rfc8737.html"
+        },
+        {
+          "label": "SCIM 2.0 RFC 7644",
+          "url": "https://www.rfc-editor.org/rfc/rfc7644.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.76",
+      "date": "2026-05-10",
+      "headline": "CI green-up — OSV-Scanner v2 requires CycloneDX SBOM filename match",
+      "summary": "OSV-Scanner v2 refuses to parse SBOMs whose filename doesn't match the CycloneDX recognized-pattern spec — `sbom.cyclonedx.json` is NOT recognized; only `bom.json` / `*.cdx.json` / `*.spdx.json` etc. are. v0.8.75's npm-publish workflow failed with `Failed to parse SBOM \"sbom.cyclonedx.json\": Invalid SBOM filename`.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Rename `sbom.cyclonedx.json` → `sbom.cdx.json` everywhere",
+              "body": "Workflow generation step, post-process script, OSV scan target, cosign sign target, GH release asset upload, `package.json` `files` array, `scripts/check-pack-against-gitignore.js` allowlist, `.gitignore` allowlist. Published-tarball asset filename changes from `sbom.cyclonedx.json` to `sbom.cdx.json` — consumers reading the SBOM out of the install tree should update the path."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.75",
+      "date": "2026-05-10",
+      "headline": "CI green-up — OSV-Scanner v2 removed the `--fail-on-vuln=<severity>` flag",
+      "summary": "OSV-Scanner v2.3.5 removed `--fail-on-vuln=<severity>`; passing it now errors with `flag provided but not defined: -fail-on-vuln` and the npm-publish workflow exits 1 before `npm publish` runs. v0.8.73 + v0.8.74's npm-publish workflows both failed for this reason. v2's default behaviour is exit-1-on-ANY-finding — stricter than v1's `--fail-on-vuln=HIGH` floor, and appropriate for a zero-npm-runtime-dep framework where any surfaced vuln means a vendor refresh is overdue. The framework currently has no findings, so the stricter floor is a no-op at HEAD.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Drop the unsupported `--fail-on-vuln` flag from the OSV-Scanner step",
+              "body": "v2's default is exit-1-on-ANY-finding; the previous v1 `--fail-on-vuln=HIGH` floor is no longer settable as a flag, and the stricter v2 default is what a zero-npm-runtime-dep framework wants anyway."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.74",
+      "date": "2026-05-10",
+      "headline": "`.gitattributes` `*.sh text eol=lf` for shell scripts that run inside Linux containers",
+      "summary": "Under a Windows checkout with `core.autocrlf=true`, git rewrites `*.sh` to CRLF on checkout and bash chokes with `$'\\r': command not found` at line 1. Locally reproduced the OSS-Fuzz upstream submission failure (zero artifacts compiled, every `compile_javascript_fuzzer` call failed silently on the CRLF). Unblocks the OSS-Fuzz upstream submission.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`.gitattributes` enforces LF endings on `*.sh`",
+              "body": "Adds an explicit `*.sh text eol=lf` override so every `.sh` checks out LF regardless of platform; existing tracked scripts re-normalized (CRLF stripped) in the same commit. Verified end-to-end: `docker run ... gcr.io/oss-fuzz-base/base-builder-javascript bash /src/build.sh` now compiles all 15 fuzz harnesses + zips their seed corpora cleanly."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.73",
+      "date": "2026-05-10",
+      "headline": "ClusterFuzzLite + OSS-Fuzz integration replaces the hand-rolled fuzz harness",
+      "summary": "Every `fuzz/*.fuzz.js` is now a jazzer.js / libFuzzer entry-point (`module.exports.fuzz = function (data) { ... }`) so the engine drives the target with coverage-guided mutation instead of random bytes. Same 15 targets as v0.8.72. ClusterFuzzLite runs locally + on PRs; OSS-Fuzz submission-ready project config ships under `oss-fuzz/projects/blamejs/`.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Fuzz harnesses migrated to jazzer.js / libFuzzer",
+              "body": "Every `fuzz/*.fuzz.js` exports `module.exports.fuzz = function (data) { ... }`. Each gets a `fuzz/<name>_seed_corpus/` directory with realistic bootstrap inputs that libFuzzer mutates from. The shared `_expected.js` classifies operator-friendly framework throws (codes matching `<domain>/<error>` or `<domain>.<error>` shape; node-builtin error subclasses with input-shape messaging) as expected outcomes; anything else escapes as a finding the engine records + minimizes into a regression-corpus entry."
+            },
+            {
+              "title": "ClusterFuzzLite (local, free)",
+              "body": "`.clusterfuzzlite/Dockerfile` + `build.sh` + `project.yaml` ride alongside the framework source. Two GH Actions workflows wire it in — `cflite_pr.yml` runs 300s of coverage-guided fuzzing per target on every PR touching `lib/` or `fuzz/`; `cflite_batch.yml` runs the deeper 1800s batch + 600s coverage measurement on a daily 05:17 UTC schedule. Findings surface as PR annotations + SARIF in the Security tab."
+            },
+            {
+              "title": "OSS-Fuzz upstream-submission config",
+              "body": "`oss-fuzz/projects/blamejs/{Dockerfile, build.sh, project.yaml, README.md}` is the submission-ready project config that gets copy-pasted into `projects/blamejs/` in the `google/oss-fuzz` upstream repo. Once accepted, ClusterFuzz fuzzes 24/7 on Google Cloud with permanent corpus persistence, stack-trace dedup, automatic regression testing against every commit, and a public coverage dashboard. The OSS-Fuzz `build.sh` mirrors `.clusterfuzzlite/build.sh` byte-for-byte (modulo comment block) so findings reproduce identically locally."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "Fuzz-coverage gate now verifies jazzer.js shape",
+              "body": "`testParserPrimitivesHaveFuzzHarness` verifies the jazzer.js shape (`module.exports.fuzz = ...`) in addition to the missing-harness check — a future parser primitive lands either with a coverage-guided harness or an audited `FUZZ_NOT_REQUIRED` entry. `npm run fuzz` switched to invoke jazzer.js for one-target local dev (`npx @jazzer.js/core fuzz/safe-json.fuzz.js -- -max_total_time=60`); the previous random-fuzzer + standalone `.github/workflows/fuzz.yml` are removed. SECURITY.md threat-model + operator-checklist updated with the new dual-pipeline posture."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.72",
+      "date": "2026-05-10",
+      "headline": "Fuzz harness against the parser / validator surface + smoke-time fuzz-coverage gate",
+      "summary": "New `fuzz/` directory ships hand-rolled fuzz harnesses against the 11 highest-value adversarial-input primitives. Each harness generates random / mutated / bidi-salted / control-char-salted inputs against a per-target seed corpus, runs until `FUZZ_BUDGET_MS` elapses, and fails with a reproducer when the target throws an unexpected error. New CI workflow + a Layer 0 detector that enforces fuzz-harness coverage for `lib/safe-*.js` and `lib/guard-*.js` files.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`fuzz/` directory + 11 hand-rolled harnesses",
+              "body": "Targets: `b.safeJson.parse`, `b.safeUrl.parse`, `b.safeJsonPath.validateExpression`, `b.guardCsv.validate`, `b.guardHtml.validate`, `b.guardJson.parse`, `b.guardYaml.parse`, `b.guardXml.validate`, `b.guardSvg.validate`, `b.guardMarkdown.validate`, `b.guardEmail.validateMessage`. Each runs until `FUZZ_BUDGET_MS` elapses (default 30s; CI: 60s on PR / 300s on schedule) and fails with a reproducer when the target throws an unexpected error (vs. an operator-friendly framework error code in the documented `domain/error` or `domain.error` shape). Native `TypeError` with input-shape messaging, `SyntaxError`, and `RangeError` matching the depth/length/cap contract are accepted; everything else is a finding."
+            },
+            {
+              "title": "`.github/workflows/fuzz.yml`",
+              "body": "Runs the harness in matrix on every PR touching `lib/` or `fuzz/` and on a daily 05:17 UTC schedule. `npm run fuzz` runs every harness sequentially via `fuzz/_run-all.js` for local dev."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "`testParserPrimitivesHaveFuzzHarness`",
+              "body": "New Layer 0 detector in `test/layer-0-primitives/codebase-patterns.test.js` enforces that every `lib/safe-*.js` and `lib/guard-*.js` file has a corresponding `fuzz/<name>.fuzz.js` OR an explicit `FUZZ_NOT_REQUIRED` allowlist entry with reason — so a future parser primitive can't silently ship without fuzz coverage."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "README OpenSSF Scorecard badge URL",
+              "body": "Corrected `api.scorecards.dev` → `api.scorecard.dev` (plural-singular typo)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.71",
+      "date": "2026-05-10",
+      "headline": "CI green-up — cosign-installer action commit SHA correction",
+      "summary": "The v0.8.70 `npm-publish` workflow's cosign-sign-blob step couldn't resolve its pinned `sigstore/cosign-installer` action commit SHA because the SHA was a typo, not a real commit on the action's repo. Replaced with the actual v3.7.0 commit SHA so the publish pipeline resolves the dependency and runs end-to-end.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`sigstore/cosign-installer` action SHA pin corrected",
+              "body": "The pinned commit SHA `d7d6e07b3e89342f1d8bcd4f76c2fa5a9d1a1f7e` did not exist on the action's repo and broke the publish workflow at the cosign-installer step. Replaced with the actual v3.7.0 commit SHA `dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da`. No primitive surface change versus v0.8.70."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.70",
+      "date": "2026-05-10",
+      "headline": "Additive surface across OAuth/OIDC, FAPI 2.0, browser hardening, MCP safety, compliance, and supply-chain",
+      "summary": "Bundled additive release covering RFC 9207 iss-validation, JARM decoding, refresh-token replay defense, FAPI 2.0 message-signing posture, Private Network Access preflight handling, MCP tool-result sanitization + capability checks, five new compliance postures, the EU Data Act primitive, and supply-chain hardening (CycloneDX 1.6 + OSV-Scanner + Sigstore cosign signing).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "OAuth/OIDC: iss validation, JARM decoding, refresh-token replay defense",
+              "body": "`b.auth.oauth.parseCallback(query, opts?)` validates the RFC 9207 AS Issuer Identifier — refuses iss-mismatch and OP `error=` redirects; optional `requireIssParam` refuses missing iss. `parseJarmResponse(jwt, opts?)` decodes OAuth 2.0 JARM signed authorization responses. `refreshAccessToken(token, { seen })` accepts an operator-supplied callback that refuses replayed refresh tokens before any HTTP call (RFC 9700 §4.13 / OAuth 2.1 §6.1 one-time-use rotation); returns `refreshTokenRotated: true` on success."
+            },
+            {
+              "title": "FAPI 2.0 runtime checks + `fapi-2.0-message-signing` posture",
+              "body": "`b.fapi2.assertCallback(query)` refuses missing iss when `fapi-2.0` posture is set, and refuses bare-param when `fapi-2.0-message-signing` is set (requires JARM `response`). `b.fapi2.assertAuthzRequest(authzParams)` refuses non-JAR (bare-param) authorization requests under FAPI 2.0. New `fapi-2.0-message-signing` posture registered."
+            },
+            {
+              "title": "Browser hardening: Permissions-Policy denylist + PNA preflight + 401 cache headers",
+              "body": "`Permissions-Policy` defaults extend with `storage-access=()`, `browsing-topics=()`, `private-aggregation=()`, `controlled-frame=()`, `captured-surface-control=()`. `b.middleware.cors` gains an `allowPrivateNetwork` opt + Private Network Access preflight handling — refuses `Access-Control-Request-Private-Network` by default, sets `Access-Control-Allow-Private-Network: true` when opted in. `b.middleware.requireAuth` / `requireAal` / `requireStepUp` 401 responses now set `Cache-Control: no-store` per RFC 9111 §5.2.2.5."
+            },
+            {
+              "title": "MCP safety + LLM07/08 mitigations",
+              "body": "`b.mcp.toolResult.sanitize(result, opts?)` runs a prompt-injection regex + dangerous-HTML detection + URL allowlist on tool outputs (modes `refuse` / `sanitize` / `audit-only`). `b.mcp.capability.create(scopes)` + `satisfiedBy(granted)` formalize least-privilege capability checks. `b.mcp.validateToolInput(toolName, input, schema)` enforces a JSON Schema 2020-12 subset (`type` / `properties` / `required` / `items` / `enum` / `const` / `minLength` / `maxLength` / `minimum` / `maximum`)."
+            },
+            {
+              "title": "Compliance postures: `modpa`, `nydfs-500`, `hipaa-2026`, `quebec-25`, `fapi-2.0-message-signing`",
+              "body": "Maryland Online Data Privacy Act, NY DFS Cybersecurity Regulation, HHS HIPAA Final Rule effective 2026, Quebec Law 25, and the FAPI 2.0 message-signing financial posture all register in `b.compliance.KNOWN_POSTURES` with the matching cascade entries."
+            },
+            {
+              "title": "`b.dataAct` — EU Data Act (Regulation 2023/2854)",
+              "body": "`declareProduct`, `recordUserAccess`, `shareWithThirdParty` (Art 32 §1 refuses sharing with DMA designated gatekeepers without an audited override via `acceptGatekeeper.reason`), `recordSwitchRequest` (Art 28 §3 caps notice period at 30 days)."
+            },
+            {
+              "title": "Supply-chain hardening — SBOM bump, OSV-Scanner, Sigstore SBOM signing, dep-confusion claim",
+              "body": "SBOM bumped to CycloneDX 1.6. The `npm-publish` workflow now runs OSV-Scanner with `--fail-on-vuln=HIGH` and signs the SBOM via the Sigstore cosign keyless flow (attaches the `.sigstore` bundle to the GitHub release alongside the JSON). `scripts/publish-dep-confusion-placeholder.sh` claims unscoped names (`blamejs`, `blame-js`, `blamejs-core`) on npm with placeholder packages that exit 1 + redirect to canonical `@blamejs/core`; manual, run on maintainer rotation, refuses overwrite when a different owner already holds the name."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9207 OAuth 2.0 Authorization Server Issuer Identification",
+          "url": "https://www.rfc-editor.org/rfc/rfc9207.html"
+        },
+        {
+          "label": "RFC 9700 OAuth 2.0 Security Best Current Practice",
+          "url": "https://www.rfc-editor.org/rfc/rfc9700.html"
+        },
+        {
+          "label": "RFC 9111 HTTP Caching",
+          "url": "https://www.rfc-editor.org/rfc/rfc9111.html"
+        },
+        {
+          "label": "FAPI 2.0 Security Profile",
+          "url": "https://openid.net/specs/fapi-2_0-security-profile.html"
+        },
+        {
+          "label": "EU Data Act (Regulation 2023/2854)",
+          "url": "https://eur-lex.europa.eu/eli/reg/2023/2854/oj"
+        },
+        {
+          "label": "CycloneDX 1.6",
+          "url": "https://cyclonedx.org/docs/1.6/json/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.69",
+      "date": "2026-05-10",
+      "headline": "Test-side `waitUntil` helper for observable async conditions",
+      "summary": "Recurring `SMOKE_PARALLEL=64` and macOS-runner flakes shared one root cause — fixed-budget `setTimeout(r, N)` sleeps too short for runner-contention reality. A new polling helper replaces hand-tuned sleeps with assertions against the observable condition itself, exiting early on fast platforms and using the full budget on contended ones.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`waitUntil` + `waitUntilEqual` test helpers",
+              "body": "`test/helpers/wait.js` ships `waitUntil(predicate, opts?)` — polls every `intervalMs` (default 25ms) up to `timeoutMs` (default 5000ms), exits early when the predicate returns truthy, throws a labeled error on timeout. `waitUntilEqual(getter, expected)` is the convenience wrapper for the common case. Both re-exported from `test/helpers/index.js`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`log-stream-otlp` collector-retry gate converted to `waitUntil`",
+              "body": "`test/layer-0-primitives/log-stream-otlp.test.js`'s 'collector saw retries' gate now uses `waitUntil({ failCount >= 2, dropEvents.length === 1 })` instead of `_sleep(200)`. Fast platforms exit in ~30ms; contended platforms get the full 5s budget. The general convention: when you find yourself bumping a hand-tuned sleep to fix a CI flake, that's the smell — convert to `waitUntil` so future flake fixes adjust one timeout ceiling instead of N inline budgets."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.68",
+      "date": "2026-05-10",
+      "headline": "`b.watcher` polling backend for environments where `fs.watch` doesn't deliver events",
+      "summary": "Pre-v0.8.68 the watcher used `fs.watch(root, { recursive: true })` exclusively — silent on filesystems where the kernel→userspace event bridge doesn't exist: Docker Desktop bind-mounts on Windows / macOS hosts (gRPC-FUSE / VirtioFS), NFS / SMB, some FUSE filesystems. Adds `mode: \"fs\" | \"poll\"` (default `\"fs\"`) — when `\"poll\"`, the watcher walks the tree on a fixed interval and diffs against the previous snapshot.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.watcher.create({ mode: \"poll\" })` polling backend",
+              "body": "When `mode: \"poll\"`, the watcher walks the tree on a fixed interval and diffs against the previous snapshot. New file / mtime-change / size-change → `onChange` via the existing debounce + ignore + lstat dispatch; missing path → `onDelete`. `pollIntervalMs` (default 1s) sets cadence; `pollMaxFiles` (default 50000) caps the per-tick walk so a misconfigured root can't stall the event loop stat'ing 100k files every second — overflow refuses with `watcher/poll-overflow`. Symlinks skipped (matches `fs.watch` path). The initial walk happens synchronously in `create()` so the first event fires only on real post-start changes (not on pre-existing files). `_flushForTest()` runs one synchronous tick + drains pending debounces so polling tests don't have to sleep `pollIntervalMs`. Returned handle gains `.mode` for operator introspection. `fs.watch`-backend error messages now suggest `mode: \"poll\"` as the fallback."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.67",
+      "date": "2026-05-10",
+      "headline": "SAML XMLDSig Reference Transforms (`enveloped-signature` + per-Reference c14n) + IdP round-trip in the federation-auth test",
+      "summary": "Pre-v0.8.67 `b.auth.saml.sp.verifyResponse` only honored the SignedInfo's `CanonicalizationMethod`; it didn't process the `<ds:Transforms>` block on the Reference. Real-world IdP-signed responses (Keycloak, ADFS, Okta) attach `http://www.w3.org/2000/09/xmldsig#enveloped-signature` + a per-Reference `xml-exc-c14n#` Transform; without them, the digest never matched and verifyResponse rejected legitimate responses. No primitive surface change versus v0.8.66.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`_verifyXmldsig` honors per-Reference Transforms",
+              "body": "Reads the Transforms list, applies `enveloped-signature` by filtering the parsed-tree's `<Signature>` element children before canonicalization, and honors the per-Reference c14n choice (with vs without comments). The single-match-by-ID invariant + signature-wrapping defense moves into the saml.js path directly so the modified subtree (signature stripped) is the one that gets canonicalized + digested. Unsupported Transform algorithms refuse loudly via `auth-saml/unsupported-transform`."
+            },
+            {
+              "title": "Full IdP-emitted SAML round-trip in the federation-auth integration test",
+              "body": "`test/integration/federation-auth.test.js` now drives Keycloak's HTML login form via cookie-jar curl-equivalent (no headless browser needed), captures the IdP-signed SAMLResponse, fetches the IdP signing certificate from `/protocol/saml/descriptor`, hands the response to `sp.verifyResponse(b64, { expectedInResponseTo })`, and asserts the extracted `nameId` / `issuer` / `audience` / `inResponseTo` match the realm's signed claims."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.66",
+      "date": "2026-05-10",
+      "headline": "`b.session.updateData(token, data, opts?)`",
+      "summary": "Update the sealed `data` payload on a session WITHOUT rotating the sid. Pre-v0.8.66 the only path to mutate session data was `b.session.rotate(token, { data })` which forces an sid rotation — appropriate for security-boundary transitions (login, MFA, role escalation) but heavyweight for cart-state writes / preference flips / step-up-completion flags.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.session.updateData(token, data, opts?)`",
+              "body": "Default semantics: full payload replace, `lastActivity` bumped (idle-timeout reset), reserved `__bj_fingerprint` binding preserved automatically so `verify()` still surfaces drift correctly. `opts.merge: true` does a one-level deep merge into the existing payload; `opts.touchLastActivity: false` skips the idle-timeout bump. Returns `false` for unknown / expired / pre-v0.8.61-raw-format tokens (no throw). Anonymous-session userIds work the same as named userIds. Leader-only."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.65",
+      "date": "2026-05-10",
+      "headline": "Federated-authentication integration test fixture (Keycloak as OIDC OP + SAML IdP)",
+      "summary": "Adds `quay.io/keycloak/keycloak:26.0` to `docker-compose.test.yml` with realm-import on ports :18080 (HTTP) + :18081 (Quarkus health). Realm boots with one OIDC client, one SAML SP client, and a test user. New `test/integration/federation-auth.test.js` exercises end-to-end OIDC + SAML flows against the live Keycloak.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Keycloak integration test fixture",
+              "body": "Adds `quay.io/keycloak/keycloak:26.0` to `docker-compose.test.yml` running with realm-import on port `:18080` (HTTP) + `:18081` (Quarkus health). Realm `blamejs-test` boots with one OIDC client (`blamejs-rp-oidc`, secret `blamejs-test-rp-secret`, frontchannel + backchannel logout enabled), one SAML SP client (entityID `https://sp.blamejs-test.example`, RSA-SHA256 assertion signature), and a test user (`alice` / `blamejs-test-password`)."
+            },
+            {
+              "title": "`test/integration/federation-auth.test.js`",
+              "body": "Exercises end-to-end against the live Keycloak: OIDC discovery, `b.auth.oauth.authorizationUrl` (state + nonce + PKCE), password-grant token retrieval, `verifyIdToken` against the realm JWKS, `fetchUserInfo` with `idTokenSub` cross-check, RP-Initiated Logout URL build, `parseFrontchannelLogoutRequest` iss-mismatch refusal, `verifyBackchannelLogoutToken` JWKS-lookup + signature + typ-check failure paths, SAML `buildAuthnRequest` POST to the IdP's `/protocol/saml` endpoint, SP `metadata()` XML emit, and CIBA `startAuthentication` wire-format check (Keycloak's `backchannel_authentication_endpoint` is at `/protocol/openid-connect/ext/ciba/auth`)."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.auth.ciba._postForm` response handling + URL validation",
+              "body": "Sets `responseMode: \"always-resolve\"` so deterministic OAuth-shape error JSON (`{ error, error_description }`) reaches the AuthError-mapping path instead of being rejected as a generic HTTP error. URL validation switched from a non-existent `safeUrl.assertHttpUrl` to `safeUrl.parse({ allowedProtocols })`."
+            },
+            {
+              "title": "Service-check + helper wiring for Keycloak",
+              "body": "`scripts/check-services.js` registers `keycloak` + `keycloak-health` (both v4 + v6); `test/helpers/services.js` exposes `URLS.keycloak`. The release workflow documents the federation-auth integration test path under live-integration gates. OID4VCI / OID4VP / OpenID Federation deferred — Keycloak's `oid4vc-issuer` SPI is preview-only and there's no entity-statement publisher in the base image."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.64",
+      "date": "2026-05-10",
+      "headline": "CI green-up for v0.8.63 (wiki source-comment validator)",
+      "summary": "v0.8.62 missed `examples/wiki/test/validate-source-comment-blocks.js` — a wiki-side validator that enforces every `@primitive` block has `@signature` starting with `b.`, matching function arity, an `@opts` declaration when the function takes opts, an `@example` block, and resolvable `@related` cross-refs. 50 findings across the new federation/VC primitives. No primitive surface change versus v0.8.63.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki source-comment validator findings on federation/VC primitives",
+              "body": "Every nested-namespace `@signature` (`b.auth.ciba.client.X`, `b.auth.oid4vci.issuer.X`, `b.auth.oid4vp.verifier.X`, `b.auth.saml.sp.X`) re-qualified with the full `b.*` prefix instead of the bare `client.X` shorthand. Arity collapsed to `(opts)` where the function takes a single opts arg. `@example` block added to every primitive. `@opts` block added to `ciba.client.startAuthentication` / `parseNotification` + `openidFederation.resolveLeaf`. `@primitive` block added to `xmlC14n.parse`. `@related` cross-refs scrubbed of dangling references to undocumented primitives. The parse-as-JS check on oid4vci's `@example` caught a `{...}` literal with no target — replaced with a concrete object spread."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.63",
+      "date": "2026-05-10",
+      "headline": "CI green-up for v0.8.62 (ESLint findings on the new federation/VC primitives)",
+      "summary": "Ten ESLint findings missed by the local pre-ship audit (eslint not run before commit): unused vars, an unnecessary `\\-` escape in xml-c14n's name-character regex, and a control-character regex in CIBA's binding_message validator (`no-control-regex` refuses control-char ranges in regex literals regardless of `\\u` escaping). No primitive surface change versus v0.8.62.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Unused vars + redundant regex escape across federation/VC primitives",
+              "body": "Removed `openTag` in xml-c14n; `cache` + unused `C` import + `DEFAULT_CHAIN_TTL_MS` in openid-federation; `safeJson` in oid4vp; `sdJwtVcCore` + `SUPPORTED_PROOF_TYPES` in oid4vci. Dropped a redundant `\\-` escape in xml-c14n's name-character regex."
+            },
+            {
+              "title": "CIBA `binding_message` control-char scan",
+              "body": "Replaced the regex with an explicit codepoint scan in `_validateBindingMessage` that walks `msg.charCodeAt(i)` and refuses C0 / DEL+C1 / zero-width / bidi-mark / bidi-isolate / BOM ranges (`no-control-regex` refuses control-char ranges in regex literals)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.62",
+      "date": "2026-05-10",
+      "headline": "Federation / VC primitive family + standalone DB-file lifecycle + anonymous-session ergonomics",
+      "summary": "OpenID Connect Front-Channel + Back-Channel Logout, CIBA Core 1.0, OpenID4VCI 1.0, OpenID4VP 1.0 + DCQL, OpenID Federation 1.0, SAML 2.0 SP, RFC 3741 Exclusive XML Canonicalization, SD-JWT VC key-attestation extension, `b.db.fileLifecycle` for consumers owning their own SQLite handle, anonymous-session ergonomics, and a `makeNamespacedEmitters` helper.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "OIDC Front-Channel + Back-Channel Logout 1.0 on `b.auth.oauth`",
+              "body": "`parseFrontchannelLogoutRequest(req)` validates iss + sid query params. `verifyBackchannelLogoutToken(jwt, vopts)` verifies the JWS (typ=logout+jwt), validates the events claim per OIDC §2.6, refuses logout-tokens carrying nonce, requires sub OR sid, and runs an operator-supplied `seen({ jti, iss, iat })` callback for jti-replay defense. Discovery surface extended to `check_session_iframe` + `backchannel_authentication_endpoint`."
+            },
+            {
+              "title": "CIBA Core 1.0 at `b.auth.ciba.client.create`",
+              "body": "`deliveryMode: \"poll\"|\"ping\"|\"push\"` with `startAuthentication` / `pollToken` / `parseNotification`. Supports JWT-bearer / mTLS / shared-secret client auth, binding_message + acr_values + requested_expiry, ping/push notification token (timing-safe compared via sha3 hash), and the `urn:openid:params:grant-type:ciba` grant."
+            },
+            {
+              "title": "OpenID4VCI 1.0 at `b.auth.oid4vci.issuer.create`",
+              "body": "Issuer-initiated credential_offer with pre-authorized_code + tx_code, /token grant exchange, /credential endpoint with proof-JWT verification (typ=openid4vci-proof+jwt, iat freshness, nonce-replay defense, holder-key binding via header.jwk + JWS verify), c_nonce rotation per request, /.well-known/openid-credential-issuer metadata. Composes `b.auth.sdJwtVc.issuer` for SD-JWT VC minting."
+            },
+            {
+              "title": "OpenID4VP 1.0 + DCQL at `b.auth.oid4vp.verifier.create`",
+              "body": "`createRequest` builds a vp_token authz request with a DCQL query. `verifyResponse` parses the wallet's vp_token, runs each presentation through `b.auth.sdJwtVc.verify` (audience + nonce + KB-JWT bound, optional key_attestation verifier), then runs the DCQL matcher. DCQL covers credentials[] (id / format / meta vct_values / meta issuer_values / claims with path + values) and credential_sets[] (options + required) per OID4VP §6."
+            },
+            {
+              "title": "OpenID Federation 1.0",
+              "body": "`b.auth.openidFederation.{ parseEntityStatement, verifyEntityStatement, buildTrustChain, applyMetadataPolicy, resolveLeaf }` — fetches entity configs from `<entity>/.well-known/openid-federation`, walks `authority_hints` up to a trust anchor (operator-pinned JWKS), verifies each subordinate-statement JWS, and applies the federation's metadata_policy (`value` / `default` / `add` / `one_of` / `subset_of` / `superset_of` / `essential` — unknown operators refuse)."
+            },
+            {
+              "title": "SAML 2.0 SP at `b.auth.saml.sp.create`",
+              "body": "AuthnRequest builder for HTTP-Redirect / POST bindings. Response parser verifies XMLDSig (Response-level OR Assertion-level signature), defends against signature-wrapping via `b.xmlC14n.canonicalizeElementById`'s single-match invariant, validates SubjectConfirmation Bearer (NotOnOrAfter / NotBefore / Recipient / InResponseTo) + Conditions audience + Status. Plus `b.auth.saml.fetchMdq({ baseUrl, entityId, trustCertPem? })` for MDQ-style metadata fetch with optional XMLDSig verification."
+            },
+            {
+              "title": "`b.xmlC14n` — RFC 3741 Exclusive XML Canonicalization",
+              "body": "`canonicalize(input, opts?)` and `canonicalizeElementById(xml, id, opts?)`. The `canonicalizeElementById` single-match invariant is the core defense against XML signature-wrapping attacks (refuses ID collisions + zero-match references). Doctype + ENTITY refused at parse time."
+            },
+            {
+              "title": "SD-JWT VC `key_attestation` extension",
+              "body": "`b.auth.sdJwtVc.holder.store({..., keyAttestation })` persists a holder-side attestation JWT alongside the credential. `b.auth.sdJwtVc.present({..., keyAttestation })` embeds it in the KB-JWT header. `b.auth.sdJwtVc.verify(presentation, { keyAttestationVerifier, requireKeyAttestation })` surfaces the attestation token to an operator-supplied verifier so trust-anchor decisions (TEE / FIDO MDS3 / App Attest / Play Integrity) stay operator-side."
+            },
+            {
+              "title": "`b.db.fileLifecycle({ dataDir, vault, ... })`",
+              "body": "Standalone encrypted-DB-file lifecycle for consumers that own their own SQLite handle (own schema, own migrations, own connection). Decrypts `<dataDir>/db.enc` to a tmpfs path (`/dev/shm` on Linux), exposes `dbPath` for the operator to open, runs a periodic re-encrypt flush via `startFlushTimer(db)`, returns an in-memory snapshot via `snapshot(db)`, and runs a graceful flush + cleanup via `flushAndCleanup(db, opts)`. Same envelope shape as `b.db`; no schema / audit-chain coupling."
+            },
+            {
+              "title": "`b.session.create({ anonymous: true })`",
+              "body": "Auto-mints `userId = \"anon:\" + crypto.randomUUID()` so operators running pre-login flows keep the full sealed-cookie + sealed-userId + sidHash + idle/absolute-timeout posture without rolling their own opaque-id pattern. `b.session.isAnonymous(userId)` helper for post-auth gates. `destroyAllForUser` refuses anon-prefix ids (per-session, not portable)."
+            },
+            {
+              "title": "`validateOpts.makeNamespacedEmitters(prefix, { audit, observability })`",
+              "body": "Collapses the recurring per-primitive `_emitAudit` / `_emitMetric` boilerplate into one call; the new federation/VC primitives consume it."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "OpenID Connect Front-Channel Logout 1.0",
+          "url": "https://openid.net/specs/openid-connect-frontchannel-1_0.html"
+        },
+        {
+          "label": "OpenID Connect Back-Channel Logout 1.0",
+          "url": "https://openid.net/specs/openid-connect-backchannel-1_0.html"
+        },
+        {
+          "label": "OpenID Client-Initiated Backchannel Authentication 1.0",
+          "url": "https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html"
+        },
+        {
+          "label": "OpenID4VCI",
+          "url": "https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html"
+        },
+        {
+          "label": "OpenID4VP",
+          "url": "https://openid.net/specs/openid-4-verifiable-presentations-1_0.html"
+        },
+        {
+          "label": "OpenID Federation 1.0",
+          "url": "https://openid.net/specs/openid-federation-1_0.html"
+        },
+        {
+          "label": "RFC 3741 Exclusive XML Canonicalization",
+          "url": "https://www.rfc-editor.org/rfc/rfc3741.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.61",
+      "date": "2026-05-10",
+      "headline": "PQC-sealed session cookie + IP-prefix fingerprint binding + pluggable session store + `b.db.collection` schemaless extensions",
+      "summary": "Breaking pre-1.0 change: `b.session.create(...).token` now returns a vault-sealed envelope (ML-KEM-1024 + P-384 hybrid + XChaCha20-Poly1305) instead of the plaintext sid. Pre-v0.8.61 raw-sid cookies fail to unseal and the affected user re-authenticates. Adds `b.db.collection` schemaless-document opts (`overflow: \"data\"`, `jsonColumns`, `sealedFields`), IPv4 /24 + IPv6 /64 fingerprint binding for roaming carriers, and a pluggable session store with a first-party `localDbThin` adapter.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "BREAKING: `b.session.create(...).token` returns a vault-sealed envelope",
+              "body": "Token is now a `vault:`-prefixed ML-KEM-1024 + P-384 hybrid + XChaCha20-Poly1305 envelope instead of the plaintext sid. Pre-v0.8.61 raw-sid cookies fail to unseal at `b.session.verify` and the affected user re-authenticates. Pre-v1.0 ships no compat shim — every existing session force-logs-out on upgrade. Storage path unchanged: the DB still keys on `sha3('bj-session:' || sid)`, sealing only changes the wire format."
+            },
+            {
+              "title": "Session fingerprint subnet binding",
+              "body": "`fingerprintFields: [\"clientIpPrefix\"]` hashes the client IP at `/24` for IPv4 and `/64` for IPv6 (per RFC 4291 §2.5.4 customer-LAN allocation), so roaming carriers' per-request IP flips no longer log out healthy mobile users. IPv4-mapped IPv6 (`::ffff:1.2.3.4`) buckets as v4 `/24`."
+            }
+          ]
+        },
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.db.collection` schemaless-document extensions",
+              "body": "`{ overflow: \"data\" }` folds every insert/update field outside the table's column list into a JSON-text column; `find` / `findOne` parse it and merge keys back onto the row. `WHERE` on an unknown field rewrites to `JSON_EXTRACT(<overflow>, '$.field')` for `$eq` / `$ne` / `$in` (range / `$like` require a real column with an index). `{ jsonColumns: [\"roles\", \"metadata\"] }` auto-`JSON.stringify`s listed columns on write and parses them via `b.safeJson` on read; unknown columns refuse at first use. `{ sealedFields: { email: \"emailHash\" } }` co-locates sealed-column / derived-hash declarations with the collection — registers via `b.cryptoField.registerTable` so the existing query-builder sealed-field rewrite picks up automatically."
+            },
+            {
+              "title": "Pluggable session store + `localDbThin` adapter",
+              "body": "`b.session.useStore(store)` swaps the `_blamejs_sessions` storage backend. First-party adapter `b.session.stores.localDbThin({ file })` wraps `b.localDb.thin` (typically pointed at tmpfs) so heavy session churn doesn't fight the main DB's WAL fsync + at-rest re-encryption cycle. `audit.FRAMEWORK_NAMESPACES` extended with `localdb` so `b.localDb.thin` open / close events stop dropping."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.60",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.59 (`watcher.test.js` macOS structural fix)",
+      "summary": "macOS smoke runner failed `watcher.test.js: surface onChange for non-ignored file` again under SMOKE_PARALLEL=64 + GitHub-Actions-runner contention; the prior 300ms→1500ms bump wasn't enough on a contended Darwin runner. Replaced the fixed-budget wait with a structural priming-then-poll loop. No primitive surface change.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Structural prime-then-poll fix for `watcher.test.js` macOS flake",
+              "body": "Two structural fixes: (a) a 200ms priming wait BEFORE the test writes any files, so the FSEvents watcher is fully established before file-system activity races its startup; (b) a poll-until-event loop after writes that flushes + checks the change set every 100ms up to a 5s deadline, exiting early when the target event lands. Linux / Windows still finish in <100ms; the wider budget only matters on contended macOS."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.59",
+      "date": "2026-05-09",
+      "headline": "Comment cleanup — external consumer names stripped from `lib/`",
+      "summary": "Two stale references to an external consumer name inside `lib/db-collection.js` and `lib/template.js` comments stripped — names of downstream consumers don't belong in framework source. No primitive surface change versus v0.8.58.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Stripped external-consumer name references from `lib/db-collection.js` and `lib/template.js`",
+              "body": "Cleanup of two stale references in source comments. Operator-facing framework source should not name downstream consumers."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.58",
+      "date": "2026-05-09",
+      "headline": "`b.db` query-builder + Mongo facade + `db.init` opt-outs + snapshot helper + mTLS path fix",
+      "summary": "Query atoms (`.increment`, `.whereGroup`, `.orWhere`, `.search`, `.paginate`), a Mongo-shape facade at `b.db.collection(name)`, `db.init` opt-outs (`frameworkTables: false`, `auditSigning: false`), path overrides (`encryptedDbPath`, `encryptedDbName`, `dbKeyPath`), a `b.db.snapshot()` in-memory encrypted Buffer, and a `b.mtlsCa.create({ paths })` absolute-path fix. Release-workflow runtime gates rewritten so host + container phases run sequentially.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Query atoms on `b.db.from(table)`",
+              "body": "`.increment(column, delta)` (atomic `UPDATE col = COALESCE(col, 0) + ?`, refuses unconditional, returns rows-changed). `.whereGroup(qb => ...)` (closure-form OR composition via new `WhereBuilder` class with `.eq` / `.neq` / `.gt` / `.gte` / `.lt` / `.lte` / `.in` / `.like` AND vs `.orEq` / `.orNeq` / ... OR + `.raw`). `.orWhere(...)` (top-level OR; accepts object map / `(field, value)` / `(field, op, value)` / closure). `.search(fields, term, opts?)` (chainable LIKE-OR with `match: \"substring\"|\"prefix\"|\"exact\"`, `~` ESCAPE char to safely handle user-supplied `%`/`_`). `.paginate(opts)` (returns `{ items, total, limit, offset, page, totalPages }`; default limit 25, cap 1000)."
+            },
+            {
+              "title": "Mongo-shape facade at `b.db.collection(name)`",
+              "body": "Returns `{ insert, insertMany, find, findOne, update, updateMany, remove, count, paginate }` — maps Mongo-shape calls onto `b.db.from(name)`. Update operators: `$set` / `$inc` (composes `Query.increment`) / `$unset`. Query operators: `$eq` / `$ne` / `$gt` / `$gte` / `$lt` / `$lte` / `$in` / `$like`. Unknown operators throw at config-time."
+            },
+            {
+              "title": "`db.init` opt-outs",
+              "body": "`frameworkTables: false` skips provisioning `audit_log` / `consent_log`. `auditSigning: false` (finer-grained — keep framework tables but skip the audit-signing-key bootstrap when the host manages its own signing key)."
+            },
+            {
+              "title": "`db.init` path overrides",
+              "body": "`encryptedDbPath` (fully-qualified path to `db.enc`), `encryptedDbName` (basename under `dataDir`, default `\"db.enc\"`), `dbKeyPath` (encryption-key file outside `dataDir`, e.g. KMS-fronted volume)."
+            },
+            {
+              "title": "`b.db.snapshot()`",
+              "body": "In-memory encrypted Buffer (same envelope `flushToDisk` writes, just held in memory; WAL checkpoint forced first so committed state captures cleanly). Plain mode returns the raw plaintext SQLite file."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.mtlsCa.create({ paths })` absolute-path",
+              "body": "`_resolvePaths` no longer joins absolute path entries under `dataDir`. The pre-v0.8.58 shape silently rewrote `MTLS_CA_KEY=/etc/ssl/ca.key` → `<dataDir>/etc/ssl/ca.key`, breaking operators with externally-mounted CA files. Standard `path.join` semantics already preserve absolute arguments — the always-join was an oversight. Relative entries still join under `dataDir` (back-compat)."
+            },
+            {
+              "title": "Release-workflow runtime-gate ordering",
+              "body": "Rewritten so host smoke + host wiki e2e run BEFORE container smoke + container wiki e2e, sequentially, never in parallel. Both runners write to `.test-output/smoke.log` and `.test-output/wiki-e2e.log`; parallel runs clobber each other so the log of the actually-blocking failure may be overwritten by whichever leg finishes second. The container leg writes to `smoke-container.log` / `wiki-e2e-container.log` so diagnose-after-failure is one file lookup."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.57",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.56 (prepack-guard negation-rule handling)",
+      "summary": "The v0.8.56 npm-publish workflow's smoke gate passed but `scripts/check-pack-against-gitignore.js` rejected the tarball: it ran `git check-ignore -v` against every packed path and treated EVERY matching gitignore line as \"ignored\", including `!`-prefixed negation rules. The newly-tracked `lib/vendor/bimi-trust-anchors.pem` matches the `!lib/vendor/*.pem` negation rule that v0.8.54 added, but the script flagged it as \"gitignored in tarball\" and exited 1. No primitive surface change.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`scripts/check-pack-against-gitignore.js` handles `!` negation rules",
+              "body": "Filter out lines whose matching pattern starts with `!` — those are negation rules indicating the file is NOT actually ignored."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.56",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.55 (watcher.test.js macOS delay)",
+      "summary": "macOS smoke runner failed `watcher.test.js: surface onChange for non-ignored file`; the test bumped from 80ms→300ms in v0.8.52, but macOS `fs.watch` event delivery under `SMOKE_PARALLEL=64` + CI runner contention can still exceed 300ms. Bumped to 1500ms. Linux/Windows continue to pass on the first event-loop turn. No primitive surface change.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`watcher.test.js` macOS delay bumped to 1500ms",
+              "body": "Bumped all four delay sites to 1500ms. The longer budget only matters when macOS is contended."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.55",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.54 (rate-limit-cluster microtask budget)",
+      "summary": "The v0.8.54 npm-publish hit `rate-limit-cluster.test.js: cluster: 4th request blocked with 429` failing under CI contention. The test's `_waitMicrotasks(3)` helper chained 3 `setImmediate` ticks between `fire()` calls, but the cluster-backend's async `take()` against the DB hadn't finished bumping the counter — the 4th `fire()` read a stale count. Bumped to 20 ticks. No primitive surface change.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`rate-limit-cluster.test.js` microtask budget",
+              "body": "Bumped `_waitMicrotasks(3)` to `_waitMicrotasks(20)` across every call site. Linux/Alpine container runners pass on the first attempt; the budget only matters under `SMOKE_PARALLEL=64` contention."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.54",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.53 (vendored BIMI PEM `.gitignore` exception)",
+      "summary": "The v0.8.53 push tripped `configDrift.verifyVendorIntegrity` because `lib/vendor/bimi-trust-anchors.pem` was excluded by the global `*.pem` rule in `.gitignore` (designed to block accidental commit of operator-private keys). CI checked out a tree without the PEM, the integrity gate failed, and npm-publish never ran. No primitive surface change versus v0.8.53.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`.gitignore` exception for vendored PEM / CRT bundles",
+              "body": "Adds an explicit `!lib/vendor/*.pem` / `!lib/vendor/*.crt` exception with a comment documenting why (vendored cert bundles are public framework assets, not operator-private material). The BIMI Trust Anchor PEM is now tracked."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.53",
+      "date": "2026-05-09",
+      "headline": "Browser hardening + WebAuthn / FIDO + PSL substrate + email auth/transport + DNS + TLS + HTTP cache + SigV4 response headers",
+      "summary": "Ships a substantial additive surface: browser headers (Clear-Site-Data, NEL, Speculation-Rules, Document-Policy, fenced-frame-src, Accept-CH / Critical-CH, Permissions-Policy structured-fields), WebAuthn L3 BE/BS flags + extension builders + conditional UI + FIDO MDS3 verifier, vendored Public Suffix List substrate (10,207 rules), DMARCbis psd= / np=, RFC 9091 BIMI VMC + CMC + Tiny-PS SVG profile, ARC trust-eval, RFC 5965 ARF ingest, iprev / FCrDNS verifier, RFC 3030 BDAT / CHUNKING / BINARYMIME, RFC 1870 SIZE pre-MAIL-FROM, RFC 3461/3464 DSN + RFC 3798/8098 MDN + RFC 2369/2919 list headers, RFC 9460 SVCB / HTTPS RR + RFC 7858 DoT + RFC 9462 DDR + RFC 9463 DNR, ECH outbound from SVCB, RFC 9525 strict PKIX server identity, full RFC 9111 outbound HTTP cache, S3 SigV4 `responseHeaders` opt on presigned URLs.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Browser hardening primitives + headers",
+              "body": "`b.middleware.clearSiteData` (RFC 9527 logout-side state wipe — cookies / storage / cache / executionContexts / clientHints + wildcard). `b.middleware.nel` (W3C Network Error Logging emitter — emits `NEL` + `Report-To` headers, https-only collector, CR/LF/NUL injection refusal). `b.middleware.speculationRules` (W3C Speculation Rules emitter, header form by default + `inline: true` for inline `<script type=\"speculationrules\">`). `Document-Policy` header default in `b.middleware.securityHeaders` (`document-write=?0, unsized-media=?0, oversized-images=?0`) plus operator override. CSP3 `fenced-frame-src 'none'` baked into `DEFAULT_CSP`. `Accept-CH` + `Critical-CH` UA-CH retry handshake opts. RFC 9651 Permissions-Policy structured-fields validation at config-time. `b.static` `forceAttachmentForNonText: true` opt — every served file outside the safe-render allowlist gets `Content-Disposition: attachment` + `nosniff`."
+            },
+            {
+              "title": "WebAuthn L3 + FIDO MDS3",
+              "body": "WebAuthn L3 §6.1.3 BE/BS flag surface (`backupEligible` + `backupState` on verify-returns). `b.auth.passkey.extensions.{ prf, largeBlob, credBlob }` extension-helper builders. `b.auth.passkey.conditionalAuthOptions` for `mediation: \"conditional\"` autofill. New `b.auth.fidoMds3` AAGUID metadata verifier — JWS-signed BLOB fetch + cert-chain validation against the FIDO Alliance MDS3 root, AAGUID lookup, REVOKED / USER_KEY_PHYSICAL_COMPROMISE / USER_KEY_REMOTE_COMPROMISE refusal, in-memory cache TTL = `nextUpdate - now`."
+            },
+            {
+              "title": "`b.publicSuffix` + vendored Mozilla PSL",
+              "body": "`{ publicSuffix, organizationalDomain, isPublicSuffix, lookupSource }` with vendored Mozilla PSL data (10,207 rules). Exact-match > exception > wildcard > implicit `*` per canonical algorithm; IDNA Punycode normalisation. Consumed by the DMARCbis + BIMI work."
+            },
+            {
+              "title": "Email auth primitives",
+              "body": "DMARCbis `psd=` / `np=` / org-domain discovery via PSL in `lib/mail-auth.js`. RFC 9091 BIMI VMC + CMC chain validation in `b.mail.bimi.fetchAndVerifyMark` (httpClient-fetched cert, cert-path validation against vendored BIMI Trust Anchor roots, `subjectAltName` URI match, RFC 3709 logotype extension parsing for the embedded SVG, BIMI policy OID gate). Tiny-PS SVG profile validator (`b.mail.bimi.validateTinyPsSvg`) refusing `<script>` / `<style>` / `<foreignObject>` / `<animate*>` / external refs / >32 KiB. RFC 8617 ARC trust-eval (`arcEvaluate` returns `{ trust, trustedHops, finalAr, breakAt }`). RFC 5965 ARF abuse-feedback ingestion (`b.mailArf.parse`). RFC 8601 iprev / FCrDNS verifier (`b.mail.iprev.verify` exposed via `b.mail.reverseDns`)."
+            },
+            {
+              "title": "Email transport primitives",
+              "body": "RFC 3030 BDAT / CHUNKING / BINARYMIME framing in `b.mail.send` (default chunk size 256 KiB, BODY=BINARYMIME / 8BITMIME negotiation, refuse-on-binary-without-peer-support). RFC 1870 SIZE pre-MAIL-FROM cap. IPv6 submission + AAAA preference auto-detect (`preferFamily: 4|6|\"any\"`). Generic RFC 3461/3464 DSN parser + generator in `b.mailBounce.dsn.{ parse, build }` (multipart/report message/delivery-status, RFC 6533 SMTPUTF8 EAI-aware). RFC 3798/8098 MDN builder + parser (`b.mailMdn.{ build, parse }` — refuses auto-generation when inbound message asserts `important=required`). RFC 2369 / 2919 List-Help / List-Owner / List-Archive / List-ID bundle in `b.mail.unsubscribe.buildAllListHeaders`."
+            },
+            {
+              "title": "DNS primitives",
+              "body": "RFC 9460 SVCB / HTTPS RR query + parse (`b.network.dns.{ querySvcb, queryHttps }` — AliasMode + ServiceMode, full SvcParam vocabulary including `ech` / `alpn` / `mandatory` / `dohpath` / `ipv4hint` / `ipv6hint`). RFC 7858 DoT first-class transport (`transport: \"dot\"` opt + connection pool). RFC 9462 DDR (`b.network.dns.discoverEncrypted` queries `_dns.resolver.arpa`). RFC 9463 DNR (`b.network.dns.useDesignatedResolvers` operator-side resolver advertisement). Generic `b.network.dns.resolve(name, type, opts)` dispatcher. `b.network.dns.reverse(ip)` PTR helper. RFC 9250 DoQ explicitly NOT shipped — Node QUIC is experimental; documented deferral in `lib/network-dns.js`."
+            },
+            {
+              "title": "TLS primitives",
+              "body": "ECH outbound from SVCB (`b.network.tls.connectWithEch` queries HTTPS RR, parses `ech=` SvcParam per draft-ietf-tls-esni-22 §4 ECHConfigList wire format, attaches to `tls.connect({ ech })` with feature-detect graceful degrade). RFC 9525 strict PKIX server identity verification (`b.network.tls.checkServerIdentity9525` — SAN dNSName required when present, CN-fallback refused, wildcard one-label limit, IP SAN matching)."
+            },
+            {
+              "title": "RFC 9111 outbound HTTP cache",
+              "body": "`b.httpClient.cache.create({ store, sharedCache, defaultMaxStale, revalidateInBackground })` + `b.httpClient.cache.memoryStore({ maxBytes, maxEntries, evictionPolicy })`. §3 storage decision (status allowlist + Cache-Control directives + `Vary` keying), §4.2 freshness (s-maxage > max-age > Expires-Date > heuristic 10% capped at 24h), §4.3 conditional revalidation (`If-None-Match` + `If-Modified-Since`), §5 304 merge, RFC 5861 `stale-while-revalidate` + `stale-if-error`. `Age` + `X-Blamejs-Cache: HIT|MISS|STALE|REVALIDATED` response headers; `httpclient.cache.{ hit, miss, stale, revalidated, evicted }` audit emissions."
+            },
+            {
+              "title": "S3 SigV4 `responseHeaders` opt on presigned downloads",
+              "body": "`b.objectStore.presignedDownloadUrl` accepts `{ contentDisposition?, contentType?, contentLanguage?, contentEncoding?, cacheControl?, expires? }` — adds the S3 `response-*` override query params to the signed URL so a presigned GET overrides Content-Disposition / Content-Type / etc. on the wire regardless of how the object was stored. SigV4 signing math identical (params land in canonicalQueryString before hashing). Verified end-to-end against live MinIO via `scripts/test-integration.js object-store-sigv4` (HTTP + TLS variants, server-side header honoring confirmed)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9527 Clear-Site-Data",
+          "url": "https://www.rfc-editor.org/rfc/rfc9527.html"
+        },
+        {
+          "label": "RFC 9091 BIMI",
+          "url": "https://www.rfc-editor.org/rfc/rfc9091.html"
+        },
+        {
+          "label": "RFC 9460 SVCB / HTTPS RR",
+          "url": "https://www.rfc-editor.org/rfc/rfc9460.html"
+        },
+        {
+          "label": "RFC 9111 HTTP Caching",
+          "url": "https://www.rfc-editor.org/rfc/rfc9111.html"
+        },
+        {
+          "label": "RFC 9525 PKIX Server Identity",
+          "url": "https://www.rfc-editor.org/rfc/rfc9525.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.52",
+      "date": "2026-05-09",
+      "headline": "Cross-platform smoke flake fixes — Windows sqlite lock + macOS fs.watch budget",
+      "summary": "Two pre-existing platform fragilities surfaced under v0.8.51 CI runner contention. The `lib/local-db-thin.js` corrupt-file recovery rename budget was extended for Windows, and the `watcher.test.js` event-delivery wait was extended for macOS.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Windows sqlite-lock recovery budget too short",
+              "body": "`lib/local-db-thin.js` corrupt-file recovery rename retried 5×50ms (250ms total) before giving up. Windows holds a sqlite file lock several hundred ms after `DatabaseSync.close()` returns under load, and CI runner pressure pushed the unlock past the budget. The retry window is now 20×100ms (2s total); Linux/macOS still land on the first attempt."
+            },
+            {
+              "title": "macOS fs.watch delivery budget too short",
+              "body": "`test/layer-0-primitives/watcher.test.js` waited 80ms after writing files before asserting `fs.watch` events landed. macOS delivers events later than Linux/Windows under contention. The test wait is now 300ms in all four delay sites. No primitive surface change versus v0.8.51."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.51",
+      "date": "2026-05-09",
+      "headline": "CI green-up follow-on for v0.8.50 — wiki workspace install + gitleaks prose retrip",
+      "summary": "Two CI gates still failed on v0.8.50 and are now corrected. The wiki validator step couldn't resolve `@blamejs/core` without first installing the wiki workspace deps, and gitleaks re-flagged the v0.8.50 CHANGELOG entry because its prose quoted the same KEM-recipient destructure shape it was reporting fixed.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki validator could not resolve `@blamejs/core`",
+              "body": "The workflow ran the validator without first installing the wiki workspace deps. The step now runs `npm install --silent` in `examples/wiki/` before invoking the validator. The job was also renamed from \"Wiki primitive-section convention\" to reflect the source-driven shape."
+            },
+            {
+              "title": "Gitleaks re-flagged the v0.8.50 CHANGELOG entry",
+              "body": "The prose quoted the same KEM-recipient destructure shape it was reporting fixed, retripping the generic-api-key rule on documentation text. The CHANGELOG entry was rewritten to avoid the literal token shape; `.gitleaks.toml` adds a fingerprint suppression for the historical v0.8.50 commit. No primitive surface change versus v0.8.50."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.50",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.49 — wiki workflow step + gitleaks `@example` allowlists",
+      "summary": "Two CI gates failed on the v0.8.49 push and are now corrected. The wiki validator workflow step pointed at the retired hand-authored-seeder validator, and gitleaks flagged three JSDoc `@example` blocks the source-driven migration introduced.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki validator workflow step pointed at the retired validator",
+              "body": "`.github/workflows/ci.yml` still invoked `examples/wiki/test/validate-primitive-sections.js`, which the source-driven migration retired. The step now runs `validate-source-comment-blocks.js` and runs `npm install` in `examples/wiki/` first so the validator can resolve `@blamejs/core` for the opts probe."
+            },
+            {
+              "title": "Gitleaks flagged three JSDoc `@example` blocks",
+              "body": "A fake hex token in `lib/api-key.js`, a Stripe-shaped redaction example in `lib/log-stream.js`, and a KEM-recipient destructure in `lib/crypto.js` were flagged by gitleaks. The examples were rewritten to use placeholder text. `.gitleaks.toml` broadens the recipient-shape allowlist regex to cover any sibling field name, adds `test/fixtures/.*` to the path allowlist (exploit-corpus fixtures), and pins the historical commit + per-finding fingerprints. No primitive surface change versus v0.8.49."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.49",
+      "date": "2026-05-09",
+      "headline": "Source-driven wiki — every page generated from `@module` + `@primitive` JSDoc blocks",
+      "summary": "The hand-authored seeders under `examples/wiki/seeders/prod/pages/` are retired (~40 files, ~13k lines deleted). Pages, sidebar nav, the home-page card grid, and reference pages are produced at boot from JSDoc-style comment blocks in `lib/`. Drift between code and docs is structurally impossible — the same diff that changes the function changes the documentation.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`@module` + `@primitive` comment-block convention drives wiki generation",
+              "body": "Every page is produced by `examples/wiki/lib/page-generator.js` walking parsed source comments. Sidebar nav, home-page card grid, and page-generator curation entries auto-derive from `@nav` / `@title` / `@card` / `@featured` / `@order` / `@slug` tags on `@module` blocks via `examples/wiki/lib/auto-site-entries.js`. Cross-cutting narrative content lives in `lib/wiki-concepts.js` `@concept` blocks. Reference pages are auto-harvested at boot from framework state by `examples/wiki/lib/harvest-{errors,env-vars,vendored-deps,cli}.js`."
+            },
+            {
+              "title": "Comment-block validators replace the legacy seeder validator",
+              "body": "`validate-source-comment-blocks.js` enforces schema, tag ordering, signature/code arity match, `@example` parses-as-JS, placeholder-pattern detectors, posture catalog, semver shape, cross-reference resolution, and metadata completeness. `validate-site-coverage.js` enforces entry/page consistency invariants. `validate-nav-coverage.js` round-trips every nav entry against the live HTTP server and asserts populated content. Discoverer `find-missing-pages.js` walks `api-snapshot.json` and surfaces namespaces still needing `@module` blocks."
+            },
+            {
+              "title": "Backfill script for bulk metadata migration",
+              "body": "`examples/wiki/scripts/backfill-module-metadata.js` populates `@nav` / `@title` / `@card` from a canonical hints table for one-shot bulk migration. ~145 lib namespaces now carry `@primitive` blocks; ~24 marked `@featured` for the home-card grid."
+            }
+          ]
+        },
+        {
+          "heading": "Removed",
+          "items": [
+            {
+              "title": "Hand-authored wiki seeders + their validator",
+              "body": "`examples/wiki/seeders/prod/pages/` (~40 files, ~13k lines) deleted. The legacy `validate-primitive-sections.js` (1264 lines) and its child runner `run-example.js` (492 lines) retired."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.safeJson.canonical(value)` — unused `_opts` parameter dropped",
+              "body": "Signature is now single-arg. The previous shape accepted an unused second parameter; the comment-block validator's signature/arity-match check surfaced it. No other primitive surface change."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.48",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.47 (additional lifecycle examples commenting)",
+      "summary": "Other primitive examples were creating lingering resources (intervals, scheduler ticks, sqlite handles, heartbeat timers, repeating loops) that prevented the example-execution sandbox from settling. Live invocations now commented out with `typeof` assertions kept as the executable check. No primitive surface change versus v0.8.47.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Lifecycle-creating wiki examples commented out",
+              "body": "Live invocations are now commented out (kept as documentation) for: `b.scheduler.create({...}).schedule(...)` (compliance-patterns retention sweep), `b.cluster.init({...})` + `b.cluster.requireLeader()` (cluster heartbeat timer), `b.scheduler.create({ cluster }).schedule(...)` + `await scheduler.start()` + `b.scheduler.nextCronFire(...)`, `b.localDb.thin({...})` (sqlite handle), `b.network.heartbeat.start({...})` + `b.network.heartbeat.status(...)`, `b.safeAsync.repeating(...)` + `loop.stop()`. Each section keeps a `typeof b.X.Y; // \"function\"` assertion as the executable check."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.47",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.46 (Wiki e2e hang on the watcher example)",
+      "summary": "The wiki primitive-section example for `b.watcher.create` invoked `fs.watch(root, { recursive: true })` and the recursive-watch handle never unblocked the Linux runner. The example is now commented out (kept as documentation, with a `typeof b.watcher.create` assertion as the executable check). No primitive surface change versus v0.8.46.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki e2e hang on the watcher example",
+              "body": "The `b.watcher.create` example in `ops-hardening.js` was live-invoking `fs.watch(root, { recursive: true })`; the recursive-watch handle blocked the host process on the runner kernel. The live invocation is now commented out (kept as documentation) and replaced with a `typeof b.watcher.create` assertion as the executable check. Same convention reused for other lifecycle-creating examples that need operator-supplied state."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.46",
+      "date": "2026-05-09",
+      "headline": "CI green-up for v0.8.45 (smoke gate)",
+      "summary": "Six fixes that unblock the npm-publish smoke gate: pqc-agent curve-name regex, opt-in postgres `application_name`, closure-in-loop in `connectFn`, lazyRequire shape in `subject.js`, audit namespaces for the v0.8.45 primitives, and codebase-pattern cleanups. No primitive surface change versus v0.8.45.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`lib/pqc-agent.js` `_validateGroupName` regex",
+              "body": "Relaxed to accept hyphen so operator-supplied curve names like `P-256` produce the framework-preference refusal error (the test message contract `\"not in the framework PQC-hybrid preference\"` was bypassed by an earlier illegal-character throw)."
+            },
+            {
+              "title": "`b.externalDb.init` `applicationName` opt-in",
+              "body": "Default leaves the SET unsubmitted so per-pool query-count tracking in operator tests / fakes isn't doubled by a connection-init `SET application_name TO 'blamejs'` against drivers that simply count tracker.query calls; the test at `external-db-hardening.test.js` updated to assert the opt-in behaviour."
+            },
+            {
+              "title": "`lib/external-db.js` postgres-dialect `connectFn` closure-in-loop",
+              "body": "Wrapped in an IIFE so the closure captures `rawConnect` / `rawQuery` per-iteration instead of sharing the var-hoisted bindings across the for-loop. Every backend's `connectFn` was previously calling the LAST iteration's `rawQuery`."
+            },
+            {
+              "title": "`lib/subject.js` `legalHold._getSingleton()` shape",
+              "body": "Corrected to `legalHold()._getSingleton()` — the lazyRequire helper returns a getter function, not the module."
+            },
+            {
+              "title": "`lib/audit.js` `FRAMEWORK_NAMESPACES` extended",
+              "body": "Registers every namespace emitted by the new v0.8.45 primitives (`http2`, `tenant`, `jwt`, `dr`, `guardfilename`, `legalhold`, `networkheartbeat`, `router`)."
+            },
+            {
+              "title": "Codebase-patterns cleanup across the new lib files",
+              "body": "Real-fix path (validateOpts helpers / safeBuffer.isHex / safeEnv.readVar / safeBuffer.boundedChunkCollector / shared regex constant) plus per-cluster KNOWN_CLUSTERS allowlist entries with structural reasons keyed on the reporter's stable cluster fingerprint."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.45",
+      "date": "2026-05-09",
+      "headline": "Wiki rebuild + 14 primitives + 9 enhancements + v0.8.44 CI recovery",
+      "summary": "v0.8.44's npm-publish workflow failed at the framework smoke gate; v0.8.45 ships the cumulative recovery on top of the v0.8.44 commit. Three CI fixes from v0.8.44, fourteen new primitives (httpClient stream helpers, OS keychain, worker pool, watcher, thin localDb, daemon glue, self-update, hash helpers, bounded mapAsync, TLS option builder, passive heartbeat, arg parser, byte quota), nine surface enhancements, and a Scorecard workflow split.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Streaming HTTP helpers",
+              "body": "`b.httpClient.downloadStream({ url, dest, hash, expected })` streams to `<dest>.tmp`, hashes while piping, atomic-renames on hash match, refuses + deletes on mismatch (returns `{ statusCode, bytesWritten, hash }`). `b.httpClient.uploadMultipartStream({ url, fields, file })` streams a file body into multipart POST without buffering."
+            },
+            {
+              "title": "`b.keychain.{ store, retrieve, remove }`",
+              "body": "OS keychain abstraction across macOS `security`, Linux `secret-tool`, Windows PowerShell, plus a 0o600 XChaCha20-Poly1305-sealed file fallback. Native paths use stdin (process-list-safe)."
+            },
+            {
+              "title": "`b.workerPool.create(scriptPath, opts)`",
+              "body": "`node:worker_threads` pool with bounded concurrency, per-task timeout, worker recycle on uncaught error, and `{ run, drain, terminate, stats }`."
+            },
+            {
+              "title": "`b.watcher.create`",
+              "body": "Recursive `fs.watch` wrapper with per-path debounce, glob-style ignore, symlink-skip, and cross-platform event normalisation."
+            },
+            {
+              "title": "`b.localDb.thin({ file, schemaSql, recovery })`",
+              "body": "Lightweight `node:sqlite` wrapper with WAL + integrity check + corrupt-rename-and-recreate recovery + prepared-statement cache. No vault encryption / audit chain — for desktop daemon-style state where `b.db` is too heavy."
+            },
+            {
+              "title": "`b.daemon.{ start, stop }`",
+              "body": "PID file write + stale-PID reap + signal handling glue around `b.appShutdown` + cross-platform detached fork via `b.processSpawn`."
+            },
+            {
+              "title": "`b.selfUpdate.{ poll, verify, swap, rollback }`",
+              "body": "GitHub-releases poll + ETag/304 + signed-asset verify (composes `b.crypto.verify` for ML-DSA-87 / Ed25519 / EC) + atomic swap with EXDEV cross-device fallback + rollback on health failure."
+            },
+            {
+              "title": "`b.crypto.hashFile` + `b.crypto.hashStream`",
+              "body": "Streaming hash from disk / arbitrary readable (default sha3-512). Uses `node:stream/promises` pipeline."
+            },
+            {
+              "title": "`b.safeAsync.parallel(items, fn, { concurrency })`",
+              "body": "Bounded-concurrency mapAsync with continuous worker queue (no Promise.all-batched chunks). Default 8, max 256, AbortSignal support."
+            },
+            {
+              "title": "`b.network.tls.buildOptions`",
+              "body": "TLS request-options builder that knows the framework's PQC group preference + TLS 1.3 floor; centralizes posture for operators that build their own `https.Agent`."
+            },
+            {
+              "title": "`b.network.heartbeat.passive`",
+              "body": "Server-pushed heartbeat consumer (inverse of the existing active probe). Caller invokes `recordPong()` on heartbeat frames; `onTimeout()` fires once if `timeoutMs` elapses without a pong."
+            },
+            {
+              "title": "`b.argParser.create`",
+              "body": "Reusable CLI arg parser extracted from `lib/cli.js`. Type coercion (string / number / boolean / list), per-command flag scoping, `--` terminator, prototype-pollution defense, `parseRaw(argv)` low-level alias. `lib/cli.js` refactored to compose the new primitive."
+            },
+            {
+              "title": "`b.network.byteQuota.create`",
+              "body": "Extracted from `b.middleware.dailyByteQuota`; exposes `{ check(key, bytes), record(key, bytes), reset(key), snapshot() }` for preflight checks before accept (when file size is known at headers-parsed time)."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.pqcAgent` accepts `SecP256r1MLKEM768`",
+              "body": "RFC 9794 codepoint shipped in v0.8.44 — now reachable. Adds `allowOperatorGroups: false` opt; when `true`, `create()` accepts any IANA-known TLS group with audit emit `pqcagent.operator_group.accepted`. `lib/constants.js` `TLS_GROUP_PREFERENCE` now `[X25519MLKEM768, SecP384r1MLKEM1024, SecP256r1MLKEM768]`."
+            },
+            {
+              "title": "`b.archive.zip().toStream(writable)` streaming archives",
+              "body": "Pipes the assembled archive directly to an operator-supplied `Writable` (or returns a `Readable` if no writable supplied). `addFile(name, Readable)` accepts streamed sources; APPNOTE 4.4.4 bit-3 data-descriptors. Atomic finalize: central directory written only after every entry resolves; on source error destination is destroyed with `archive/aborted` and EOCD never emitted. `toBuffer()` refuses streaming entries with `archive/streaming-entry`."
+            },
+            {
+              "title": "`b.guardFilename.sanitize({ mode: \"strip\" })`",
+              "body": "Replaces CR / LF / HT / VT / FF / C0 controls / bidi-override / zero-width with `_` for `Content-Disposition` use. Path-traversal / null-byte / NTFS ADS / UNC / overlong UTF-8 floor still throws at every profile level."
+            },
+            {
+              "title": "`b.middleware.rateLimit` algorithm opt-in",
+              "body": "`{ algorithm: \"fixed-window\" | \"token-bucket\" }` — fixed-window opts in alongside the existing token-bucket default."
+            },
+            {
+              "title": "`b.parsers.json` + `b.parsers.multipart` standalone helpers",
+              "body": "Standalone async helpers for handlers that lazy-parse without mounting bodyParser as middleware."
+            },
+            {
+              "title": "`b.router.create({ allowedRedirectOrigins })`",
+              "body": "Exact-match HTTPS-origin allowlist for `res.redirect` cross-origin (OAuth bounces). Off-allowlist redirects throw `RouterError(\"router/redirect-cross-origin-refused\", ...)`."
+            },
+            {
+              "title": "`b.requestHelpers.extractBearer(req)`",
+              "body": "Inbound RFC 6750 bearer extractor; case-insensitive `Bearer` prefix, refuses multiple `Authorization` headers (CWE-345), refuses control / CR / LF / NUL bytes; returns null on missing/malformed."
+            },
+            {
+              "title": "`b.crypto.namespaceHash(prefix, value)`",
+              "body": "Hex SHA3-512 of `prefix + \":\" + value` for indexable derived-hash columns. Refuses NUL / CR / LF / oversized prefix."
+            },
+            {
+              "title": "Scorecard workflow split",
+              "body": "`.github/workflows/scorecard.yml` split into a `uses:`-only `analysis` job and a separate `threshold` job that downloads the SARIF artifact; analysis no longer fails the scorecard-action workflow restriction. `SCORECARD_MIN` default lowered to 6.0 (structural floor for a < 90-day single-maintainer pre-1.0 repo)."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "v0.8.44 carry-over CI fixes",
+              "body": "`lib/backup/bundle.js` manifest-signing is now best-effort when `auditSign.init()` has not been awaited (bundle ships unsigned with a `manifest-unsigned` progress event; `restoreBundle.extract({ requireSignature: true })` continues to refuse unsigned manifests). `lib/external-db.js` `SET application_name` is now best-effort so non-Postgres test fakes shimming the postgres dialect don't fail at connection init. `b.subject.erase` accepts an explicit `opts.legalHold` instance to avoid the process-global singleton race in parallel-test runs."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.44",
+      "date": "2026-05-08",
+      "headline": "Compliance / crypto / transport additive surface + CVE sweep + wiki restructure",
+      "summary": "Adds a substantial compliance-primitive surface (21 CFR Part 11, PCI 10.4 daily review, SOX / SOC 2 SoD triggers, m-of-n DDL change control, legal-hold, WORM, dual-control + crypto-erase, per-row K_row tagging, tenant quota, DR runbook, backup-test scheduler, CADF audit envelope, JSON-Schema 2020-12 metadata, Debezium outbox, safeJsonPath, role-hardening, outbound DLP, bot challenge, device binding, sandbox, FAPI 2 / FDX / TCPA 10DLC / IAB MSPA postures). Standards-track additions: HPKE, TLS-Exporter, HTTP Message Signatures, CT v2 inclusion proofs, ACME + ARI, 0-RTT inbound posture, PQ TLS group preference. ML-DSA-65 opt-in. Closes 10+ CVE-classes. Pins Node engine to `>=24.14.1`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Compliance / regulatory primitives",
+              "body": "`b.fda21cfr11` (21 CFR Part 11 §11.10(e) audit-content + §11.50(b) e-signature shape); `b.auditDailyReview` (PCI DSS 4.0 Req 10.4.1.1 daily-review automation through `b.scheduler`); `b.audit.bindActor` + `b.audit.assertSegregation` (SOX §404 + SOC 2 CC1.3 segregation-of-duties Postgres triggers); `b.ddlChangeControl` (m-of-n approver DDL change-control with maintenance windows and ML-DSA-87 signed proposals); `b.legalHold` (FRCP Rule 26/37(e), GDPR Art 17(3)(e), SEC Rule 17a-4, HIPAA §164.530(j)(2)); `b.db.declareWorm`; `b.db.declareRequireDualControl` + `b.db.eraseHard` (dual-control delete + crypto-erase + REINDEX); `b.cryptoField.declareColumnResidency` / `declarePerRowKey` + `b.subject.eraseHard`; `b.tenantQuota`; `b.drRunbook.emit`; `b.backup.scheduleTest` + `b.backupBundle.verifyManifestSignature`; `b.db.exportCsv` (RFC 4180 strict + SHA3-512 + optional ML-DSA-87); `b.audit.export({ format: \"cadf\" })` (ISO/IEC 19395 CADF envelope); `b.db.getTableMetadata({ format: \"json-schema-2020-12\" })`; `b.outbox.create({ envelope: \"debezium\" })`; `b.safeJsonPath` (refuses filter / deep-scan / script-shape / control-char input; wired into `b.db.where` for JSONB ops); `b.externalDb.assertRoleHardening`; `b.redact.installOutboundDlp` (httpClient + mail + webhook DLP with PAN / SSN / EIN / IBAN / api-key / PEM / SSH / JWT / AWS detectors); `b.authBotChallenge`; `b.sessionDeviceBinding` (SHAKE256 fingerprint over UA + Accept-Language + Accept-Encoding + IP /24 (or /48) prefix + optional cryptographic boundKey); `b.sandbox`; `b.fapi2`, `b.fdx`, `b.tcpa10dlc`, `b.iabMspa` posture cascade entries."
+            },
+            {
+              "title": "Standards-track crypto + transport",
+              "body": "`b.crypto.hpke` (RFC 9180 with ML-KEM-1024 + HKDF-SHA3-512 + ChaCha20-Poly1305); `b.tlsExporter` (RFC 9266 channel binding); `b.crypto.httpSig` (RFC 9421 HTTP Message Signatures, ed25519 + ML-DSA-65); `b.network.tls.ct.verifyInclusion` (RFC 9162 CT v2 inclusion proofs); `b.acme` (RFC 8555 + RFC 9773 ARI for the CA/B Forum 47-day cert lifetime); `b.router.create({ tls0Rtt })` (RFC 8470 0-RTT inbound posture, default `refuse`); `b.network.tls.preferredGroups.{set,get,reset}` (default `X25519MLKEM768`, `SecP256r1MLKEM768`, `SecP384r1MLKEM1024`, `X25519`)."
+            },
+            {
+              "title": "ML-DSA-65 opt-in on `b.audit-sign` and `b.webhook`",
+              "body": "`lib/audit-sign.js` and `lib/webhook.js` accept `algorithm: \"ML-DSA-65\"` for smaller signatures + faster verify; default remains SLH-DSA-SHAKE-256f."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "CVE sweep",
+              "body": "CVE-2026-21712 (codebase-patterns refuses `url.format(`). CVE-2026-21714 (h2 GOAWAY tracking refuses post-GOAWAY stream activity). CVE-2026-21717 (`b.safeJson` `maxKeys` cap, default 10000, ABSOLUTE_MAX 1000000). CVE-2026-33870 (body-parser differentiates `HPE_CHUNK_EXTENSIONS_OVERFLOW` and emits `http.chunked.extension.refused`). CVE-2026-29000 / 23993 / 22817 / 34950 (auth-jwt-external refuses 5-segment JWE tokens with `auth-jwt-external/jwe-refused` audit). CVE-2026-25639 / 42033 / 42041 / 40175 (vendor-deny gate refuses `axios`, `xml-crypto`, `samlify`, `xml2js`). SECURITY.md gains entries for CVE-2026-21715 / 21716 (Permission Model + symlink defenses), CVE-2026-23918 / CVE-2026-33555 (Apache + HAProxy reverse-proxy floors), CVE-2026-26996 / 33671 / 27904 (pubsub `_MAX_CHANNEL_LEN`), CVE-2026-25922 / 23687 / 34840 (SAML signed-bytes invariant), CVE-2026-34511 (oauth audited clean)."
+            },
+            {
+              "title": "Node engine floor lifted to `>=24.14.1`",
+              "body": "CVE-2026-21713 non-constant-time HMAC compare."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Wiki restructure: 25 `guard-*` pages consolidated into 7 grouped pages",
+              "body": "`guard-overview`, `guard-content`, `guard-structured-data`, `guard-identifiers`, `guard-protocols`, `guard-execution`, `guard-binary`, `guard-aggregate`. New pages `ai-governance`, `api-contracts`, `ops-hardening`, `regulatory-reporting`. Wiki seeder text corrected to describe Argon2id routing through Node 24+'s built-in `crypto.argon2*` API (no vendored native module)."
+            },
+            {
+              "title": "New compliance postures cascade through `POSTURE_DEFAULTS`",
+              "body": "`sox-404`, `soc2-cc1.3`, `fda-21cfr11`, `fda-annex-11`, `sec-17a-4`, `finra-4511`, `dpdp`, `pipl-cn`, `lgpd-br`, `appi-jp`, `pdpa-sg`, `staterramp`, `irap`, `bsi-c5`, `ens-es`, `uk-g-cloud`. Cascade through retention / audit / db / cryptoField."
+            },
+            {
+              "title": "Workflow-level `permissions: contents: read` + SHA-pinned 40 actions",
+              "body": "`ci.yml` / `npm-publish.yml` / `release-container.yml` declare least-privilege at workflow level; per-job blocks elevate only where needed. Forty GitHub Actions are SHA-pinned (zero `@master` / floating refs). Scorecard threshold gate reads aggregate score from `results.sarif` and fails when below `vars.SCORECARD_MIN` (default 7.0; fails-open with warning when SARIF shape changes). Dependabot extended to root npm `devDependencies`. `npm-publish.yml` build-summary refactored from `${{ steps.* }}` direct interpolation to `env:` block + `${VAR}` substitution."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 9180 HPKE",
+          "url": "https://www.rfc-editor.org/rfc/rfc9180.html"
+        },
+        {
+          "label": "RFC 9421 HTTP Message Signatures",
+          "url": "https://www.rfc-editor.org/rfc/rfc9421.html"
+        },
+        {
+          "label": "RFC 9162 Certificate Transparency v2",
+          "url": "https://www.rfc-editor.org/rfc/rfc9162.html"
+        },
+        {
+          "label": "RFC 8555 ACME",
+          "url": "https://www.rfc-editor.org/rfc/rfc8555.html"
+        },
+        {
+          "label": "RFC 9773 ACME ARI",
+          "url": "https://www.rfc-editor.org/rfc/rfc9773.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.43",
+      "date": "2026-05-07",
+      "headline": "Explicit `USER 65532:65532` in `examples/wiki/Dockerfile` runtime stage",
+      "summary": "Chainguard's `cgr.dev/chainguard/node:latest` already runs as `nonroot` (UID 65532) by default, but Trivy's static Dockerfile checker (DS-0002) flags any image without a literal `USER` line regardless of base-image default. Behavior unchanged.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`examples/wiki/Dockerfile` runtime stage declares `USER 65532:65532`",
+              "body": "Trivy DS-0002 was flagging the image despite the base-image default running as nonroot. Adding the literal directive clears the static-Dockerfile check."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.42",
+      "date": "2026-05-07",
+      "headline": "DB hardening + vault-PEM hardening + OWASP secrets-in-env hygiene + statement-cache + vacuum-after-erase",
+      "summary": "Per-deployment salt for derived hashes (HIPAA Safe Harbor), sealed break-glass kwGrantHalf, Postgres transaction timeouts with deadlock retries, SQLite tmpfs path advisory, prepared-statement LRU, post-erase VACUUM helper, coarse-bucketed `__erasedAt`, ISO-8601 surfacing on audit reads, env-strip on child spawn, and three vault.sealPemFile sub-fixes.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.db.vacuumAfterErase({ mode, pages })`",
+              "body": "Runs `VACUUM` / `PRAGMA incremental_vacuum` after large erasures (right-to-be-forgotten support)."
+            },
+            {
+              "title": "`b.processSpawn.spawn(command, args, { allowEnv })`",
+              "body": "Strips `DATABASE_URL` / `PG*` / `AWS_*` / `*_API_KEY` / `*_SECRET` / `*_TOKEN` etc. from the child env by default (OWASP secrets-in-env hygiene)."
+            },
+            {
+              "title": "`b.auditTools.withRecordedAtIso(row)`",
+              "body": "Surfaces ISO-8601 alongside Unix-ms without disturbing the chain-hash canonical form."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Per-deployment derived-hash salt",
+              "body": "`b.cryptoField.derivedHashes` binds a per-deployment 32-byte salt (persisted at `<dataDir>/vault.derived-hash-salt`) so the same plaintext produces different hashes across deployments — defends against rainbow-table reuse and supports HIPAA Safe Harbor §164.514(b)(2)(i)."
+            },
+            {
+              "title": "Sealed break-glass `kwGrantHalf`",
+              "body": "`_blamejs_break_glass_grants.kwGrantHalf` is now sealed under the vault key."
+            },
+            {
+              "title": "Postgres transaction timeouts + deadlock retries",
+              "body": "`b.externalDb.transaction({ statementTimeoutMs, idleInTransactionTimeoutMs, deadlockRetries })` enforces SET-LOCAL Postgres timeouts and auto-retries 40P01 / 40001 with jittered backoff."
+            },
+            {
+              "title": "SQLite tmpfs path advisory",
+              "body": "Boot-time warning when the SQLite tmpfs path doesn't resolve under `/dev/shm` / `/run/shm` / `/run/user` / `/tmp`."
+            },
+            {
+              "title": "`b.db.prepare` Statement-handle LRU cache",
+              "body": "Caches Statement handles (LRU 256, cleared on init/close) so long-running daemons don't leak fds."
+            },
+            {
+              "title": "`__erasedAt` coarse-bucketed to 1-day floor",
+              "body": "Removes the sub-day forensic timing fingerprint on right-to-be-forgotten rows."
+            },
+            {
+              "title": "`b.vault.sealPemFile` parent-dir + fsync + watch cadence",
+              "body": "Asserts parent-dir mode 0o755 or stricter, fsyncs the destination directory after rename, and reduces `fs.watchFile` cadence from 2s to 500ms."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.41",
+      "date": "2026-05-07",
+      "headline": "Breaking envelope wire-format bump (0xE2 magic) + new audit, password, KAT, lock, config, backup, KEM primitives",
+      "summary": "`b.crypto.encrypt` now produces 0xE2-magic envelopes that bind NIST SP 800-56C r2 / RFC 9180 FixedInfo (kemId/cipherId/kdfId + `blamejs/v1` label) into the SHAKE256 KDF input AND the 4-byte envelope header into the XChaCha20-Poly1305 AAD; legacy 0xE1 envelopes are refused. Operators with framework-sealed data must regenerate it. Ships `b.canonicalJson.stringifyJcs`, `b.auth.password.gate(n)`, `b.pqcSoftware.runKnownAnswerTest`, `b.resourceAccessLock`, `b.config.loadDbBacked`, `b.backup.runInWorker`, `b.config.create.reload/subscribe`. Tightens ARC / A-R / MTA-STS / CT spec-conformance. Detects release-named test files at gate time.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.canonicalJson.stringifyJcs`",
+              "body": "RFC 8785 JSON Canonicalization Scheme strict mode."
+            },
+            {
+              "title": "`b.auth.password.gate(n)`",
+              "body": "Process-global Argon2id concurrency semaphore."
+            },
+            {
+              "title": "`b.pqcSoftware.runKnownAnswerTest`",
+              "body": "Boot-time KAT for the vendored PQC primitives."
+            },
+            {
+              "title": "`b.resourceAccessLock`",
+              "body": "Three-mode lock for non-HTTP resources (counterpart to `b.auth.accessLock`)."
+            },
+            {
+              "title": "`b.config.loadDbBacked`",
+              "body": "DB-row-backed hot-reload config baseline + overlay."
+            },
+            {
+              "title": "`b.backup.runInWorker`",
+              "body": "Worker_threads dispatch for the backup pipeline."
+            },
+            {
+              "title": "`b.config.create({...}).reload/subscribe`",
+              "body": "Reactive reload + subscription on the config handle."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "BREAKING: `b.crypto.encrypt` envelope wire-format bump to 0xE2 magic",
+              "body": "Binds NIST SP 800-56C r2 / RFC 9180 FixedInfo (kemId/cipherId/kdfId + `blamejs/v1` label) into the SHAKE256 KDF input AND the 4-byte envelope header into the XChaCha20-Poly1305 AAD. Legacy 0xE1 envelopes are refused — operators with framework-sealed data must regenerate it."
+            },
+            {
+              "title": "Spec-conformance tightenings",
+              "body": "ARC hop-instance regex bounded per RFC 8617 §4.2.1. Authentication-Results pvalue ABNF tightened per RFC 8601 §2.3. MTA-STS HTTPS cert validation against `mta-sts.<domain>` per RFC 8461 §3.3. CT `verifyScts` algorithm-OID scope cross-checked against the log key per RFC 6962 §2.1.4."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "Release-named test-file detector",
+              "body": "New `codebase-patterns.test.js` + `smoke.js` entry refuses release-bucket and slot-bucket test filenames."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "NIST SP 800-56C r2",
+          "url": "https://csrc.nist.gov/pubs/sp/800/56/c/r2/final"
+        },
+        {
+          "label": "RFC 9180 HPKE",
+          "url": "https://www.rfc-editor.org/rfc/rfc9180.html"
+        },
+        {
+          "label": "RFC 8785 JCS",
+          "url": "https://www.rfc-editor.org/rfc/rfc8785.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.40",
+      "date": "2026-05-07",
+      "headline": "`b.honeytoken` + `b.middleware.cspReport` + `b.auditTools.forensicSnapshot` + `b.network.tls.pinsetDriftMonitor` + Scorecard CI",
+      "summary": "Adds four operator-facing primitives plus the OpenSSF Scorecard workflow. Defers operator-supplied transform sandbox, chaos drills, and exploit replay corpus with re-open conditions (operator demand or CVE replay needing a vendored harness).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.honeytoken.create({ audit })`",
+              "body": "Issues canary api-key / session / URL / row-id values that emit `honeytoken.tripped` audit on any positive lookup."
+            },
+            {
+              "title": "`b.middleware.cspReport.create({ onReport })`",
+              "body": "Reporting-API endpoint that ingests CSP / COEP / COOP violations as `csp.violation` audit rows."
+            },
+            {
+              "title": "`b.auditTools.forensicSnapshot({ out, since, passphrase, reason })`",
+              "body": "Composes an audit-export slice + IR context manifest into one tamper-evident bundle for legal / regulator handover."
+            },
+            {
+              "title": "`b.network.tls.pinsetDriftMonitor({ intervalMs })`",
+              "body": "Periodically compares the trust-store fingerprint set to the captured baseline and emits `network.tls.pinset.drifted` when CAs are added or removed."
+            },
+            {
+              "title": "OpenSSF Scorecard CI workflow",
+              "body": "Adds `.github/workflows/scorecard.yml` for continuous repo-posture scoring."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.39",
+      "date": "2026-05-07",
+      "headline": "`b.configDrift.verifyVendorIntegrity` + `b.network.allowlist` + `b.auth.atoKillSwitch`",
+      "summary": "Three operator enhancements: boot-time vendored-bundle integrity re-hash, a per-call outbound URL gate over `b.ssrfGuard`, and a composite ATO incident-response workflow that destroys sessions + applies lockout + flips access-lock mode in one audited call.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.configDrift.verifyVendorIntegrity()`",
+              "body": "Re-hashes every file listed in `lib/vendor/MANIFEST.json` at boot and refuses on mismatch."
+            },
+            {
+              "title": "`b.network.allowlist.create({ allow, deny })`",
+              "body": "Composes on `b.ssrfGuard` to gate per-call outbound URLs against an operator CIDR / host allow set."
+            },
+            {
+              "title": "`b.auth.atoKillSwitch.trigger({ userId, reason })`",
+              "body": "Composite ATO incident-response workflow that destroys every session for the user, applies `b.auth.lockout`, and optionally flips `b.auth.accessLock` mode in one audited call."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.38",
+      "date": "2026-05-07",
+      "headline": "Multipart parser refuses obsolete line folding + adds RFC 5987 / 8187 extended-parameter support",
+      "summary": "Refuses obsolete line folding per RFC 9112 §5.2 and CR / LF / NUL bytes in part-header values per RFC 9110 §5.5. Adds RFC 5987 / 8187 `filename*=UTF-8''…` extended-parameter support — the decoded value takes precedence over a legacy `filename=` companion.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Multipart parser refuses `obs-fold` + CR / LF / NUL in part-header values",
+              "body": "RFC 9112 §5.2 obsolete line folding is now refused. CR / LF / NUL bytes in part-header values are refused per RFC 9110 §5.5."
+            }
+          ]
+        },
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "RFC 5987 / 8187 extended-parameter filename support",
+              "body": "Adds `filename*=UTF-8''…` extended-parameter decoding to multipart. The decoded value takes precedence over a legacy `filename=` companion."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.37",
+      "date": "2026-05-08",
+      "headline": "Audit-purge anchor CHECK constraint + `personalDataCategories` vocabulary validation",
+      "summary": "Closes a silent typo class on the audit-purge anchor scope and validates operator-supplied personal-data categories against the GDPR Article 9 special-category vocabulary plus framework general categories.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`_blamejs_audit_purge_anchor.scope` CHECK constraint",
+              "body": "Constrains `scope IN ('audit', 'consent')`. Pre-v0.8.37 a typo silently created a parallel anchor; the chain verifier walked the wrong anchor and missed tampering."
+            },
+            {
+              "title": "`personalDataCategories` vocabulary validation at `db.init`",
+              "body": "Operator-supplied categories validated against the GDPR Article 9 special-category vocabulary + the framework's general categories. Unknown categories don't refuse (operators have legitimate custom labels) but emit a `db.personal_data_category_unknown` audit row so typos surface in regulator reviews. Allowed: `name`, `email`, `phone`, `address`, `ip`, `id-document`, `biometric`, `health`, `genetic`, `sexual-orientation`, `racial-or-ethnic-origin`, `political-opinion`, `religious-belief`, `trade-union-membership`, `criminal-record`, `financial`, `location`, `behavioral`, `device-id`, `child-data`, `education`, `employment`, `operator-defined`."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.36",
+      "date": "2026-05-08",
+      "headline": "HTTP / web cleanup — WebSocket handshake, Permissions-Policy, scope-aware bearer challenge",
+      "summary": "Refinements against the WebSocket handshake key validator, the Permissions-Policy default for `fullscreen`, the bearer-auth `insufficient_scope` challenge surface, list-header token grammar, and multipart boundary validation.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.bearerAuth` insufficient_scope (RFC 6750 §3)",
+              "body": "New `requiredScopes: [\"scope1\", \"scope2\"]` opt enforces operator-declared scopes. The token's `user.scope` (space-separated string) or `user.scopes` (array) is checked; missing scopes refuse with HTTP 403 + `WWW-Authenticate: Bearer error=\"insufficient_scope\", scope=\"...\"`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.requestHelpers.parseListHeader({ strictToken: true })`",
+              "body": "RFC 9110 §5.6.2 token-grammar enforcement. Refuses non-token entries (anything outside `!#$%&'*+-.^_`|~` plus alphanumerics)."
+            },
+            {
+              "title": "Permissions-Policy `fullscreen` flipped to deny by default",
+              "body": "`b.middleware.securityHeaders` now emits `fullscreen=()` (deny) instead of `fullscreen=(self)`. Operators wanting fullscreen pass an explicit override."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "WebSocket handshake `Sec-WebSocket-Key` validated (RFC 6455 §4.1)",
+              "body": "The handshake key is now validated as base64 of 16 random bytes (`/^[A-Za-z0-9+/]{22}==$/`). Previously only presence was checked; truncated and arbitrary-token values flowed through."
+            },
+            {
+              "title": "Multipart boundary validation (RFC 2046 §5.1.1)",
+              "body": "`_parseMultipart` refuses boundaries longer than 70 chars or violating the `bcharsnospace` grammar. Closes the quadratic-match risk on pathological boundaries."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6750 OAuth 2.0 Bearer Token Usage",
+          "url": "https://www.rfc-editor.org/rfc/rfc6750.html"
+        },
+        {
+          "label": "RFC 6455 WebSocket",
+          "url": "https://www.rfc-editor.org/rfc/rfc6455.html"
+        },
+        {
+          "label": "RFC 9110 HTTP Semantics",
+          "url": "https://www.rfc-editor.org/rfc/rfc9110.html"
+        },
+        {
+          "label": "RFC 2046 MIME Media Types",
+          "url": "https://www.rfc-editor.org/rfc/rfc2046.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.35",
+      "date": "2026-05-08",
+      "headline": "`b.tcpa10dlc` + `b.iabMspa` — TCPA 10DLC consent + IAB MSPA / GPP opt-out signals",
+      "summary": "Two new compliance primitives. `b.tcpa10dlc` records the carrier-required consent fields for SMS / call campaigns at $500-$1,500 per-violation exposure. `b.iabMspa` decodes the IAB Multi-State Privacy Agreement / Global Privacy Platform universal opt-out signal so operators can refuse processing at the same point a CCPA \"do-not-sell\" header would.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.tcpa10dlc.recordConsent` / `lookup` / `revoke`",
+              "body": "TCPA 10DLC consent-record audit (47 USC §227 + 47 CFR §64.1200 + FCC 1:1 disclosure rule). `recordConsent({ phoneE164, brand, disclosureText, disclosurePartyKind, formUrl, ip, userAgent })` writes a tamper-evident audit row with the carrier-required fields; `lookup(phoneE164)` serves the carrier produce-on-demand workflow; `revoke(phoneE164, reason)` records consumer-initiated opt-out with audit trail."
+            },
+            {
+              "title": "`b.iabMspa.parseGpp` / `checkOptOut` / `refuseProcessing`",
+              "body": "Decodes the IAB Multi-State Privacy Agreement / Global Privacy Platform string framing (header + per-section payloads, section-id mapping for usnat / usca / usva / usco / usct / usut / usnv / usia / usde / usnj / ustx / usor / usmt / usnh). `checkOptOut(parsed, { dataUse, state })` returns `{ mustHonor, signals }` against operator-decoded section opt-outs (sale / sharing / targeted-ads / sensitive / child-data). `refuseProcessing(parsed, opts)` throws `IabMspaError` to halt the operator's data-flow."
+            },
+            {
+              "title": "`b.iabMspa.gpcFromHeaders(req)`",
+              "body": "Reads the W3C `Sec-GPC: 1` browser signal — universal opt-out per CCPA / CPRA §1798.135(b)(1) and similar state laws."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "47 USC §227 TCPA",
+          "url": "https://www.law.cornell.edu/uscode/text/47/227"
+        },
+        {
+          "label": "47 CFR §64.1200",
+          "url": "https://www.ecfr.gov/current/title-47/chapter-I/subchapter-B/part-64/subpart-L/section-64.1200"
+        },
+        {
+          "label": "IAB Global Privacy Platform (GPP)",
+          "url": "https://iabtechlab.com/gpp/"
+        },
+        {
+          "label": "W3C Global Privacy Control",
+          "url": "https://privacycg.github.io/gpc-spec/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.34",
+      "date": "2026-05-08",
+      "headline": "BiDi-strip regex rewritten in Unicode-escape form",
+      "summary": "Cumulative republish of the v0.8.33 fixes. The v0.8.33 publish workflow blocked on ESLint `no-irregular-whitespace`; v0.8.34 rewrites the body-parser BiDi-strip regex in Unicode-escape form so the source no longer carries literal BiDi codepoints. The v0.8.33 tag exists in git but never reached npm.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Body-parser BiDi-strip regex uses Unicode-escape form",
+              "body": "`lib/middleware/body-parser.js` now expresses the BiDi-formatting codepoint set in `\\u202A`-style escapes instead of literal codepoints, so ESLint's `no-irregular-whitespace` rule passes during the publish workflow's lint gate."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.33",
+      "date": "2026-05-08",
+      "headline": "HTTP / web cleanup across WebSocket, Permissions-Policy, JWT, body-parser, OAuth",
+      "summary": "Six RFC-cited refinements against shipped WebSocket, Permissions-Policy, JWT, body-parser, and OAuth surfaces.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "WebSocket close-frame validation against RFC 6455 §5.5.1 + §7.4.2",
+              "body": "`_handleClose` now refuses 1-byte close-frame payloads (previously silently accepted as clean close, evading anomaly detection) and validates the close-code against the §7.4.2 vocabulary (1000-1011 + 3000-4999 valid; 1004 / 1005 / 1006 / 1015 reserved or forbidden; everything else refused)."
+            },
+            {
+              "title": "JWT typ assertion (RFC 8725 §3.11)",
+              "body": "`b.auth.jwt.verify({ expectedTyp })` refuses tokens whose `header.typ` doesn't match (typ-confusion class). Case-insensitive match per RFC 8725; unset `expectedTyp` skips the check for legacy token compatibility."
+            },
+            {
+              "title": "Multipart filename BiDi / RTL strip (CVE-2021-42574)",
+              "body": "`_sanitizeFilename` now drops Trojan Source BiDi formatting and zero-width codepoints from uploaded filenames before the basename hits the filesystem."
+            },
+            {
+              "title": "OAuth `redirect_uri` localhost exception (RFC 9700 §4.1.1)",
+              "body": "`b.auth.oauth.create({ redirectUri })` now accepts `http://localhost`, `http://127.0.0.1`, and `http://[::1]` without requiring `allowHttp: true` (which would loosen every operator-supplied URL). HTTPS still required for non-loopback hosts."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Permissions-Policy default expansion",
+              "body": "`b.middleware.securityHeaders` deny-by-default now covers `interest-cohort`, `attribution-reporting`, `bluetooth`, `hid`, `serial`, `idle-detection`, `local-fonts`, `compute-pressure`, `window-management`, `private-state-token-issuance`, and `private-state-token-redemption`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6455 WebSocket",
+          "url": "https://www.rfc-editor.org/rfc/rfc6455.html"
+        },
+        {
+          "label": "RFC 8725 JWT BCP",
+          "url": "https://www.rfc-editor.org/rfc/rfc8725.html"
+        },
+        {
+          "label": "RFC 9700 OAuth 2.0 Security BCP",
+          "url": "https://www.rfc-editor.org/rfc/rfc9700.html"
+        },
+        {
+          "label": "CVE-2021-42574 Trojan Source",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42574"
+        }
+      ]
+    },
+    {
+      "version": "0.8.32",
+      "date": "2026-05-08",
+      "headline": "Email / DNS impl-vs-spec cleanup across DKIM, SPF, DMARC, A-R, TLS-RPT, DoH",
+      "summary": "Eight RFC-cited refinements against shipped DKIM, SPF, DMARC, Authentication-Results, TLS-RPT, and DoH primitives. No new surface — each item closes a wire-format gap surfaced by re-reading the source RFCs.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "DKIM verifier enforces `x=` expiration and `t=` future-date sanity",
+              "body": "`b.mail.dkim` now permerrors signatures past their `x=` expiration (RFC 6376 §3.5) and refuses signatures more than 24h ahead of `now`; it also rejects `x= < t=` malformation. Operator-tunable `clockSkewMs` (default 5 min)."
+            },
+            {
+              "title": "SPF distinguishes mechanisms from modifiers",
+              "body": "`_parseSpfRecord` in `b.mail.spf` separates mechanisms from modifiers per RFC 7208 §4.6 — `redirect=` and `exp=` are modifiers, not mechanisms. Pre-release versions triggered the generic \"out of scope\" permerror; modifiers are now surfaced under `mechanisms.modifiers`."
+            },
+            {
+              "title": "SPF IPv6 CIDR matching uses real bitwise check",
+              "body": "`_ipv6Expand` plus group-by-group bit-mask comparison replaces the prior string-prefix heuristic that mishandled `::` shorthand. Aligns with RFC 7208's IPv6 mechanism semantics."
+            },
+            {
+              "title": "DMARC consults `pct=` for sampled disposition",
+              "body": "`b.mail.dmarc` `recommendedAction` now applies one-step-less-strict disposition when `pct < 100` per RFC 7489 §6.6.4 (reject → quarantine; quarantine → none) on the sampled fraction."
+            },
+            {
+              "title": "Authentication-Results `reason=` escape preserves backslash",
+              "body": "`b.mail.authResults` now serializes the quoted-string `reason=` using RFC 8601 §2.2 `\\\"` escape for lossless round-trip instead of the prior `\"`-to-`'` collapse."
+            },
+            {
+              "title": "TLS-RPT validates `mailto:` rua before forwarding",
+              "body": "`b.network.smtp.tlsRpt.submit` now RFC 5322 addr-spec-validates `mailto:` rua entries before forwarding to `b.mail`. Invalid mailto targets previously crashed at submit-time with opaque transport errors."
+            },
+            {
+              "title": "DoH host validated label-by-label",
+              "body": "`b.network.dns.resolveSecure` enforces the RFC 1035 §2.3.4 LDH rule (letters / digits / hyphen, no leading or trailing hyphen, label length 1..63). Underscore, colon, and space hosts previously flowed through to opaque DoH errors."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6376 DKIM",
+          "url": "https://www.rfc-editor.org/rfc/rfc6376.html"
+        },
+        {
+          "label": "RFC 7208 SPF",
+          "url": "https://www.rfc-editor.org/rfc/rfc7208.html"
+        },
+        {
+          "label": "RFC 7489 DMARC",
+          "url": "https://www.rfc-editor.org/rfc/rfc7489.html"
+        },
+        {
+          "label": "RFC 8601 Authentication-Results",
+          "url": "https://www.rfc-editor.org/rfc/rfc8601.html"
+        },
+        {
+          "label": "RFC 8460 TLS-RPT",
+          "url": "https://www.rfc-editor.org/rfc/rfc8460.html"
+        },
+        {
+          "label": "RFC 1035 DNS",
+          "url": "https://www.rfc-editor.org/rfc/rfc1035.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.31",
+      "date": "2026-05-08",
+      "headline": "`b.fdx` — CFPB §1033 / Financial Data Exchange consumer-financial-data wrapper",
+      "summary": "CFPB §1033 (12 CFR §1033.121-461, final rule 2024-10-22) gives US consumers the right to authorize a third party to access their financial data through the data provider's developer interface. The compliance deadline for $250B+ asset-size banks has already passed (2026-04-01). The new `b.fdx` primitive composes onto `b.fapi2` (the §1033.351 security requirements track FAPI 2.0) and the FDX 6.0 minimum schema.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.fdx.bind({ authServer, resources })`",
+              "body": "Binds the operator's authorization server config to the FAPI 2.0 profile; refuses if PKCE / DPoP / PAR are misconfigured per `b.fapi2.assertOAuthConfig`. The §1033.351 security requirements track FAPI 2.0."
+            },
+            {
+              "title": "`b.fdx.validateResponse(resourceType, body)`",
+              "body": "Validates a response shape against the FDX 6.0 minimum schema for accounts, transactions, statements, payment-networks, rewards, and tax-forms — refuses missing-required fields."
+            },
+            {
+              "title": "`b.fdx.consentReceipt(opts)`",
+              "body": "Generates the §1033.401(b) consent receipt the authorization server gives the consumer at authorization time (data provider, consumer, third-party recipient, scopes, revocation URL, issued and expires timestamps)."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CFPB §1033 Final Rule (12 CFR §1033.121-461)",
+          "url": "https://www.consumerfinance.gov/rules-policy/final-rules/required-rulemaking-on-personal-financial-data-rights/"
+        },
+        {
+          "label": "Financial Data Exchange (FDX)",
+          "url": "https://financialdataexchange.org/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.30",
+      "date": "2026-05-08",
+      "headline": "`b.aiPref` — AIPREF Content-Usage + Cloudflare Content Signals + Pay-Per-Crawl",
+      "summary": "New primitive emits and parses the IETF AIPREF `Content-Usage` response header alongside Cloudflare's Content Signals Policy header, and serves HTTP 402 Payment Required for paid-crawl surfaces. Operators get a machine-readable channel to signal AI-training, AI-inference, and AI-snippet preferences ahead of the IETF spec finalizing.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.aiPref.middleware({ train, infer, snippet, price? })`",
+              "body": "Emits the `Content-Usage` header per request and (default-on) the Cloudflare-compatible `CF-Content-Signals` header alongside. Values: `allow` / `deny` / `paid` for train and infer; `allow` / `deny` for snippet."
+            },
+            {
+              "title": "`b.aiPref.serializeHeader(opts)` and `b.aiPref.parseHeader(value)`",
+              "body": "Round-trip codec for the `Content-Usage` header so operators can parse incoming crawler-stated preferences or serialize their own emit-side header outside the middleware path."
+            },
+            {
+              "title": "`b.aiPref.robotsBlock(opts)`",
+              "body": "Emits an AIPREF-compliant `User-agent: <bot>\\nContent-Usage: ...` block for inclusion in `robots.txt`, matching the working group's robots-side preference channel."
+            },
+            {
+              "title": "`b.aiPref.refusePaidCrawl(req, res, { price })`",
+              "body": "Emits HTTP 402 Payment Required with the price manifest in JSON for crawlers that hit a paid surface without a Pay-Per-Crawl token. Refused-crawl events emit an audit row."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "draft-ietf-aipref-attach-04",
+          "url": "https://datatracker.ietf.org/doc/draft-ietf-aipref-attach/"
+        },
+        {
+          "label": "Cloudflare Content Signals Policy",
+          "url": "https://blog.cloudflare.com/content-signals-policy/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.29",
+      "date": "2026-05-08",
+      "headline": "CI smoke heap bump for macOS-arm64 OOM",
+      "summary": "The duplicate-block detector still accumulated roughly four million shingle-fingerprint entries across the `lib/` corpus, peaking above the Node default 2 GB heap on macOS-arm64 runners. The smoke gate is now configured with a higher heap ceiling; operators on memory-constrained machines have an explicit single-threaded fallback.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Smoke job heap ceiling raised to 4 GB",
+              "body": "`.github/workflows/ci.yml` sets `NODE_OPTIONS: --max-old-space-size=4096` on the smoke step so the parallel-shingle-pass peak no longer trips the OOM killer on macOS-arm64 runners."
+            },
+            {
+              "title": "Single-threaded fallback for memory-constrained hosts",
+              "body": "Operators running the smoke suite locally on machines that can't afford the worker fan-out's peak set `HS_PATTERNS_NO_THREADS=1` to fall back to the single-threaded scan path."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Hash-fingerprint duplicate-cluster experiment reverted",
+              "body": "The in-progress hash-fingerprint experiment surfaced previously-grouped-by-shape duplicates as distinct hash-bucketed clusters that broke the existing `KNOWN_CLUSTERS` allowlist matching; the detector reverted to the join-on-space form."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.28",
+      "date": "2026-05-08",
+      "headline": "`b.contentCredentials` California SB-942 / AB-853 + C2PA 2.1 content-provenance manifest builder",
+      "summary": "California Bus. & Prof. Code §22757 (effective 2026-08-02) requires providers of generative AI systems to embed a latent (machine-readable) provenance disclosure in every synthetic image / video / audio asset distributed in California. The disclosure MUST carry provider + system identifier + system version + content timestamp + unique content ID. SB-942 cites C2PA 2.1+ as an acceptable disclosure format.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.contentCredentials.build(...)` builds an SB-942-shaped C2PA manifest",
+              "body": "`b.contentCredentials.build({provider, system, systemVersion, contentId, contentType?, contentSha3?})` returns a frozen C2PA-shaped manifest with the SB-942 required fields, statutory citations, and an ISO-8601 generated timestamp. Operators feed the manifest into their existing muxer for embedding."
+            },
+            {
+              "title": "`b.contentCredentials.sign(manifest, ...)` signs the canonical-JSON serialization",
+              "body": "Signs over the canonical-JSON serialization of the manifest with the operator's audit-sign keypair (ML-DSA-87 by default). The signed envelope carries the manifest, signature, and algorithm metadata."
+            },
+            {
+              "title": "`b.contentCredentials.verify(envelope, publicKeyPem)` validates signature + required fields",
+              "body": "Validates the signature and refuses on any missing required field per SB-942 (provider / system / systemVersion / contentId / contentTimestamp). Returns the parsed manifest only when both checks pass."
+            },
+            {
+              "title": "`b.contentCredentials.required(opts)` preflight helper",
+              "body": "Returns the set of missing required-field tags for operator-side preflight before signing — surfaces gaps at integration time rather than at verify time."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Format embedding stays with the operator's muxer",
+              "body": "The framework deliberately does NOT embed the manifest into image / video / audio bytes — the operator's muxer handles JPEG XMP / PNG iTXt / MP4 ContentBoxes per format. The framework owns manifest construction, signing, and verification only."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "California Bus. & Prof. Code §22757 (SB-942 / AB-853)",
+          "url": "https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240SB942"
+        },
+        {
+          "label": "C2PA 2.1 specification",
+          "url": "https://c2pa.org/specifications/specifications/2.1/index.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.27",
+      "date": "2026-05-08",
+      "headline": "`b.fapi2` Financial-grade API 2.0 Final conformance posture",
+      "summary": "Composes existing primitives (PAR / DPoP / OAuth 2.1 / mTLS) into a single boot-time conformance check against the FAPI 2.0 Final profile. No new crypto, no new HTTP endpoints — pure coordination of already-shipped surface.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.fapi2.assertConformance({ senderConstraint })`",
+              "body": "Returns `{ conformant, findings }` against the FAPI 2.0 Final profile: PAR required (§5.3.2.2), PKCE S256 (§5.3.1.1), sender-constrained tokens via DPoP OR mTLS (§5.3.2.5), issuer-in-callback per RFC 9207, JAR for signed-request envelopes. Operators run it at boot to refuse a misconfigured deployment fast."
+            },
+            {
+              "title": "`b.fapi2.assertOAuthConfig(oauthOpts)`",
+              "body": "Refuses to start a FAPI-bound deployment with PKCE disabled, with both DPoP and mTLS enabled (the profile requires exactly one sender-constraint), with neither DPoP nor mTLS enabled, or with PAR disabled. Refusal is at config time so the misconfig never reaches a live request."
+            },
+            {
+              "title": "`fapi-2.0` posture registered with `b.compliance.set`",
+              "body": "Operators activate the conformance posture via `b.compliance.set(\"fapi-2.0\")` (the posture identifier was registered alongside the broader compliance-posture catalog expansion in the previous release) and run `assertConformance` at boot. The posture lights up audit metadata and compliance dashboards without further wiring."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "FAPI 2.0 Final — Security Profile",
+          "url": "https://openid.net/specs/fapi-2_0-security-02.html"
+        },
+        {
+          "label": "RFC 9207 OAuth 2.0 Authorization Server Issuer Identification",
+          "url": "https://www.rfc-editor.org/rfc/rfc9207.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.26",
+      "date": "2026-05-08",
+      "headline": "`b.iabTcf` IAB TCF v2.3 consent-string parser + disclosedVendors validator",
+      "summary": "Operators feed inbound TC strings (from the `IAB-TC-String` cookie or query parameter) and gate ad-request paths. The framework refuses v2.2 strings that Google + DSPs already reject, and the codebase-patterns worker fan-out gains a memory-safe cap for macOS-arm64 CI runners.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.iabTcf.parseString(tcString)`",
+              "body": "Base64url-decoded segment-aware parse of an IAB TCF consent string. Returns `{ core, disclosedVendors, allowedVendors, publisherTC, errors }`. `core` carries `version`, `cmpId`, `vendorListVersion`, `policyVersion`, `vendorConsents` (Set of vendor IDs), `vendorLIs`, language, publisher country code, and created / lastUpdated timestamps. `disclosedVendors.vendorIds` is the Set of every vendor disclosed regardless of consent — REQUIRED by TCF Policy v2.3 §III.B.5 since 2026-02-28."
+            },
+            {
+              "title": "`b.iabTcf.requireV23Disclosed(tcString)`",
+              "body": "Refuses with `IabTcfError` on missing DisclosedVendors segment, wrong core version, or wrong policy version. Emits `iabtcf.refused` audit on rejection and `iabtcf.accepted` audit on pass, so the operator's compliance dashboard surfaces v2.2 stragglers without bespoke wiring."
+            },
+            {
+              "title": "`b.iabTcf.checkVendor(parsed, vendorId)`",
+              "body": "Returns `{ consented, legitimate, disclosed }` for a vendor id — operators gate per-vendor ad-request paths against a parsed TC string without re-walking the bitfield each call."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "codebase-patterns worker fan-out capped at 4 to fix macOS-arm64 OOM",
+              "body": "Pre-0.8.26 the duplicate-block detector spawned `os.cpus().length` workers, each holding its per-shard fingerprint map in heap until message-resolve. macOS-arm64 CI runners (2 GB Node default heap) OOMed mid-scan starting v0.8.15 (every release since failed the macOS smoke job). Now capped at 4 workers; speedup preserved (5× single-threaded), peak memory bounded under 2 GB. Operators with bigger machines override via `HS_PATTERNS_WORKERS=N`."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "IAB TCF v2.3 Policies",
+          "url": "https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/"
+        },
+        {
+          "label": "IAB TCF Technical Specifications v2.3",
+          "url": "https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/tree/main/TCFv2.3"
+        }
+      ]
+    },
+    {
+      "version": "0.8.25",
+      "date": "2026-05-08",
+      "headline": "`b.secCyber.eightKArtifact` SEC Form 8-K Item 1.05 artifact generator",
+      "summary": "Required by 17 CFR §229.106 / Form 8-K Item 1.05 (final rule effective 2023-12-18). When a registrant determines a cybersecurity incident is material, it MUST file a Form 8-K within 4 business days describing material aspects (nature / scope / timing) and material impact. The framework can't decide materiality but does structure the operator's materiality finding for filing.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Materiality finding captured as a tamper-evident audit row",
+              "body": "The operator's materiality determination is structured into a tamper-evident audit-chain row so the basis-for-filing is preserved for regulator and SOX-control review. The framework does NOT make the materiality call — that remains a fact-and-circumstances judgment owned by counsel."
+            },
+            {
+              "title": "Form 8-K Item 1.05 narrative skeleton generator",
+              "body": "Generates a markdown + JSON narrative skeleton matching the Item 1.05 required elements (nature / scope / timing / material impact) for downstream EDGAR filing. Operators flow it into their existing filer-attorney workflow; the framework does NOT submit to EDGAR."
+            },
+            {
+              "title": "Four-business-day deadline computer",
+              "body": "Computes the 4-business-day deadline from the materiality determination date so the operator's filing system can gate on it directly — the deadline becomes a queryable field rather than a calendar reminder."
+            },
+            {
+              "title": "AG delay-request artifact under §229.106(c)(1)(ii)",
+              "body": "Emits a US-AG delay-request artifact when the operator asserts national-security / public-safety risk under §229.106(c)(1)(ii). The artifact is operator-attested and audited; the framework does not transmit it."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "17 CFR §229.106 / Form 8-K Item 1.05",
+          "url": "https://www.ecfr.gov/current/title-17/chapter-II/part-229/subpart-229.100/section-229.106"
+        },
+        {
+          "label": "SEC Final Rule — Cybersecurity Risk Management Disclosure",
+          "url": "https://www.sec.gov/files/rules/final/2023/33-11216.pdf"
+        }
+      ]
+    },
+    {
+      "version": "0.8.24",
+      "date": "2026-05-08",
+      "headline": "`b.budr` RTO/RPO declaration primitive + compliance posture registry expansion + literal-NUL detector",
+      "summary": "Operator-attested business-continuity declarations land in the audit chain; the compliance-posture registry gains 19 new posture identifiers so operators can drive them through the framework's vocabulary; and a new codebase-patterns gate refuses any `lib/` source file containing a literal NUL byte — the failure class that blocked five previous releases at tag-push time.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.budr.declare(opts)` RTO/RPO per-service declaration",
+              "body": "Captures operator-attested Recovery Time Objective + Recovery Point Objective per service into a tamper-evident audit chain row. Required by DORA Article 11(1)(d) / ISO 22301:2019 / NIST SP 800-34. Tier vocabulary platinum / gold / silver / bronze; criticality critical / high / medium / low. `b.budr.list()` + `b.budr.get(service)` for dashboards."
+            },
+            {
+              "title": "Compliance posture registry expanded",
+              "body": "`b.compliance.set` now accepts `fapi-2.0`, `cfpb-1033`, `iab-tcf-v2.3`, `iab-mspa`, `tcpa-10dlc`, `fda-21cfr11`, `fda-annex-11`, `sec-1.05`, `ny-2-d`, `il-soppa`, `ca-sopipa`, `ct-pa-5-2`, `tx-hb-4504`, `va-sb-1376`, `staterramp`, `irap`, `bsi-c5`, `ens-es`, `uk-g-cloud`. Operators that previously hand-rolled posture identifiers in their app code now drive them through the framework's vocabulary and get the standard `compliance.posture.set` audit row."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "literal-NUL byte in `lib/` source refused at authoring time",
+              "body": "New codebase-patterns gate refuses any `lib/` source file containing a literal NUL (0x00) byte. CI ESLint catches `no-control-regex` violations from a NUL byte inside a regex literal, but Windows local lint silently passed through (encoding-related). The new detector closes the v0.8.19–v0.8.23 publish-failure class where the npm-publish workflow blocked five releases on a NUL byte introduced by tooling-decoded JSON escapes. Operators and agents now see the failure at authoring time instead of at tag-push time."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "DORA Article 11 — ICT business continuity policy",
+          "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj"
+        },
+        {
+          "label": "ISO 22301:2019 — Business continuity management",
+          "url": "https://www.iso.org/standard/75106.html"
+        },
+        {
+          "label": "NIST SP 800-34 Rev. 1 — Contingency Planning",
+          "url": "https://csrc.nist.gov/pubs/sp/800/34/r1/upd1/final"
+        }
+      ]
+    },
+    {
+      "version": "0.8.23",
+      "date": "2026-05-08",
+      "headline": "`b.compliance.set` emits a TZ posture warning when `TZ` is not UTC",
+      "summary": "When the operator activates a regulated posture (`hipaa` / `pci-dss` / `sox` / `gdpr` / `soc2` / `fda-21cfr11`) and `process.env.TZ` is set to a non-UTC value, the framework now emits a `compliance.posture.tz_warning` audit event with the recommendation to set `TZ=UTC`. Pure signal — no behavior change.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`compliance.posture.tz_warning` audit event",
+              "body": "Auditors expect timestamps in UTC; a non-UTC `TZ` doesn't break any framework primitive (the audit chain stores Unix-ms, and ISO-8601 emits use `toISOString()` which is always UTC). But operator code that calls `new Date(ts).toString()` or formats with non-UTC formatters can render confusing rows. The warning surfaces the configuration mismatch before the auditor finds it."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.22",
+      "date": "2026-05-08",
+      "headline": "`b.crypto.encrypt` deduplicates the hybrid-disabled audit emission",
+      "summary": "Pre-0.8.22 every plain-KEM `encrypt()` call (operator passed `mlkemPub` only, no `ecPublicKey`) emitted a `system.crypto.hybrid_disabled` audit row — high-volume KEM-only deployments pegged the audit bus with redundant signal.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`system.crypto.hybrid_disabled` audited once per process",
+              "body": "Now emitted ONCE per process. Operators who genuinely run KEM-only should call `b.crypto.encryptMlkemOnly` directly (which emits no audit on the hybrid leg); operators surprised by the absent hybrid leg still see the per-process signal so the misconfig is still surfaced."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.21",
+      "date": "2026-05-08",
+      "headline": "DB DDL audit + OTel `db.*` semantic conventions in audit metadata",
+      "summary": "Schema mutations issued via `b.db.runSql` / `b.db.exec` now produce structured audit events with OTel-canonical attributes, so forensic review of framework-emitted DDL is no longer dependent on a custom wrapper.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.db.runSql` / `b.db.exec` DDL audit emission",
+              "body": "Every framework-emitted DDL statement (`CREATE` / `DROP` / `ALTER` / `TRUNCATE` / `RENAME` / `ATTACH` / `DETACH` / `REINDEX`) now records a `db.ddl.executed` audit event with success/failure outcome, statement-prefix preview (truncated 256 chars), and operation classifier. Pre-0.8.21 a `b.db.runSql(\"DROP TABLE users\")` produced zero audit signal — schema mutations were invisible to forensic review unless caught by a custom higher-level wrapper."
+            },
+            {
+              "title": "OTel `db.*` semantic conventions in audit metadata",
+              "body": "DDL audit metadata now emits `db.system: \"sqlite\"`, `db.operation: \"<KEYWORD>\"`, `db.statement: \"<truncated>\"` per the OpenTelemetry Spec semconv. Operators with OTel collectors see framework DDL events under the canonical attribute namespace without an adapter."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "OpenTelemetry semconv — Database",
+          "url": "https://opentelemetry.io/docs/specs/semconv/database/"
+        }
+      ]
+    },
+    {
+      "version": "0.8.20",
+      "date": "2026-05-08",
+      "headline": "`b.vault.sealPemFile` hardening pass — size cap, TOCTOU defense, plaintext zero, callback audits, actor capture",
+      "summary": "Five sub-class fixes against the auto-resealing PEM-file primitive shipped in v0.8.14. Adds a bounded source read, defeats a symlink TOCTOU window, zeroes plaintext after seal, audits operator-callback throws, and captures a forensic actor on `forceReseal`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`opts.maxSourceBytes` (default 1 MiB) caps source size",
+              "body": "`lstat` runs first and refuses the source if its size exceeds `opts.maxSourceBytes` (default 1 MiB). Replaces the unbounded `fs.readFileSync(source)` — an operator with write access to the source path could previously present a 10 GiB file and OOM the host."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Symlink TOCTOU between `lstat` and read closed",
+              "body": "Symlink sources are now refused outright. The seal path then `open`s the file, runs `fstat`, and confirms the fd points at the same inode `lstat` saw — rejecting any mutation that lands between the `lstat` and the read."
+            },
+            {
+              "title": "Plaintext PEM bytes zeroed on every code path",
+              "body": "`safeBuffer.secureZero(plaintext)` now runs in a `finally` block so the operator-visible PEM bytes don't linger in the V8 heap after seal completes (or after a throw mid-seal)."
+            },
+            {
+              "title": "Operator callback throws now audited instead of dropped",
+              "body": "`onResealed` / `onError` callbacks that throw now emit `vault.seal_pem_file.on_resealed_callback_failed` / `on_error_callback_failed` audit events instead of being silently swallowed. The seal itself still completes; the operator's downstream wiring is no longer invisible when it fails."
+            },
+            {
+              "title": "`forceReseal` captures forensic actor",
+              "body": "`watcher.forceReseal({ actorId, reason })` now records the actor in the audit row — pre-0.8.20 the call was anonymous, a SOC 2 forensic-evidence gap. Watcher-driven resealings continue to record `actor: null` (kernel-event, no operator)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.19",
+      "date": "2026-05-08",
+      "headline": "DB at-rest + Postgres connection hardening (SQLite PRAGMA defenses, connectAs validation, migrate-lock takeover audit)",
+      "summary": "Sets `PRAGMA trusted_schema=OFF` + `PRAGMA cell_size_check=ON` for at-rest SQLite, validates Postgres GUC values for `Infinity` / `NaN` / NUL / CR / LF, and emits a tamper-evident takeover-audit event when the migrate runner force-replaces a stale lock.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "SQLite PRAGMAs at boot",
+              "body": "`b.db` boot sets `PRAGMA trusted_schema=OFF` (defends CVE-2018-8740 family — refuses to call functions / virtual-table modules from a malicious shadow schema; the attack vector is operator-supplied DB files: backups, restores from untrusted source) and `PRAGMA cell_size_check=ON` (refuses pages with corrupted cell sizes at parse time; cheap defense against malformed-page attacks). Both PRAGMAs are framework-default; operators don't wire them."
+            },
+            {
+              "title": "`b.externalDb.adapters.connectAs` GUC validation",
+              "body": "Numeric GUC values must now be `isFinite` (refuses `Infinity` / `NaN` at config time rather than emitting them in a SET that some Postgres builds parse-error on after the connection is already half-set). String GUC values now refuse embedded NUL / CR / LF (no legitimate use; would terminate the SET statement early in some drivers)."
+            }
+          ]
+        },
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.externalDb.migrate.up/down` lock takeover audit",
+              "body": "When the migrate runner force-replaces a stale lock (per `staleAfterMs`), the framework now emits an `externaldb.migrate.lock.takeover` audit event with the prior holder ID, takeover age, and the new holder. Pre-v0.8.19 the takeover happened silently — SOC2 forensic-evidence gap. The plain `lock.acquired` event still fires for non-takeover paths."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.18",
+      "date": "2026-05-08",
+      "headline": "Database query-builder hardening on `b.db.from(...).where|whereRaw` and `b.safeSql`",
+      "summary": "Closes column-disclosure via LIKE-metachar leakage, array binding in IN, placeholder counting in raw SQL, and SQLite-specific PRAGMA / ATTACH escape vectors. Refuses `_blamejs_`-prefixed app schema names.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`Query.where(field, \"LIKE\", value)` escapes wildcards",
+              "body": "Now escapes SQL `%` and `_` wildcard metacharacters in operator-supplied values and emits `LIKE ? ESCAPE '\\\\'`. Closes the column-disclosure class where `q=%@%` enumerated the entire table. Operators who deliberately want LIKE wildcards bypass via `whereRaw()`."
+            },
+            {
+              "title": "`Query.where(field, \"IN\", [...])` array binding",
+              "body": "Expands an array to `IN (?, ?, ?)` and binds each value separately. Pre-v0.8.18 the array bound to a single placeholder and silently matched zero rows (`node:sqlite` `?` doesn't support array-binding). Refuses non-array / empty-array inputs."
+            },
+            {
+              "title": "`Query.whereRaw(sql, params)` placeholder counting",
+              "body": "Now skips `?` characters inside SQL string literals (single + double quoted, including `''`-doubled escapes), line comments (`-- ...`), and block comments (`/* ... */`). Pre-v0.8.18 the naive regex counted literal-`?` and either threw on count mismatch OR let through fragments with masked missing real placeholders."
+            },
+            {
+              "title": "`b.safeSql.BANNED_IDENTIFIERS` extension",
+              "body": "Refuses `pragma` / `attach` / `detach` / `analyze` / `vacuum` / `reindex` as bare identifiers. Closes the SQLite-specific escape-the-parameterized-model surface (PRAGMAs disable security-relevant protections; ATTACH mounts external databases)."
+            },
+            {
+              "title": "`b.db.declareTable` framework-prefix collision",
+              "body": "Refuses any app schema name that begins with the framework's `_blamejs_` prefix (was an exact-match Set; an app schema entry like `_blamejs_audit_log_archive` slipped past the gate and could shadow / look-alike framework tables)."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.17",
+      "date": "2026-05-08",
+      "headline": "Email auth + DANE / TLS-RPT spec-conformance fixes (ARC / DMARC / SPF / A-R / DANE / TLS-RPT)",
+      "summary": "Ten more RFC-cited gaps closed against shipped ARC (RFC 8617), DMARC (RFC 7489), SPF (RFC 7208), Authentication-Results (RFC 8601), DANE (RFC 6698 / 7672), and TLS-RPT (RFC 8460). Bug fixes only — no new operator-facing primitives.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "ARC (`b.mail.arc`) AAR canonicalization + time-window enforcement",
+              "body": "Signer's AMS canonicalization now includes the current hop's `ARC-Authentication-Results` per RFC 8617 §5.1.1 (auto-prepends to `h=` unless operator passes `excludeAarFromAms: true`). Microsoft + Google receivers DO include AAR in `h=`; the prior framework default produced chains those receivers couldn't verify. Verifier counterpart: when reconstructing the AMS canonical input, only the CURRENT hop's AAR is kept (prior-hop AARs stripped). Verifier now enforces `t=` (signing time) + `x=` (expiration) time windows per §5.2 with operator-tunable `clockSkewMs` (default 5 min) — pre-v0.8.17 the verifier parsed but never enforced."
+            },
+            {
+              "title": "DMARC (`b.mail.dmarc`) multi-record + subdomain `sp=` fallback",
+              "body": "Multiple `v=DMARC1` records on a domain now treated as having no DMARC record per RFC 7489 §6.6.3. Subdomain `sp=` fallback wired: when `_dmarc.<from-domain>` returns no record, the verifier walks one label up to the (heuristic) organizational domain and applies its `sp=` — falls back to `p=` when `sp=` absent. Result includes `policyOriginDomain` + `orgDomainPolicyApplied: true`. Heuristic only — operators with PSL needs supply their own `dnsLookup` for full Public Suffix List walk."
+            },
+            {
+              "title": "SPF (`b.mail.spf`) initial-query lookup count",
+              "body": "Initial query for the sender's SPF record no longer counts toward the 10-lookup limit per RFC 7208 §4.6.4. Pre-v0.8.17 was off-by-one — senders at the spec ceiling got false `permerror`."
+            },
+            {
+              "title": "Authentication-Results (`b.mail.authResults`) method-specific vocabulary",
+              "body": "Result vocabulary is now METHOD-SPECIFIC per RFC 8601 §2.7 (per-method `AR_RESULTS_BY_METHOD` map). The flat `AR_VALID_RESULTS` table previously accepted `hardfail` for DKIM (only valid for DMARC §2.7.4) and accepted `temperror` / `permerror` for methods that don't recognize them."
+            },
+            {
+              "title": "DANE (`b.network.smtp.dane`) DNSSEC + chain-order enforcement",
+              "body": "`daneTlsa()` refuses to return records unless the caller passes `opts.dnssecValidated: true` per RFC 7672 §1.3 (TLSA records that are not DNSSEC-validated MUST NOT be used). `daneVerifyChain` enforces RFC 6698 §2.1.4 + RFC 7672 §3.1.1 chain-order: a DANE-TA match at chain position `i` is accepted only when its DER Subject equals the DER Issuer of cert at position `i-1`. Chain-order is best-effort — synthetic test fixtures without ASN.1-parseable DER fall through with `chainOrderUnverified: true` flagged on the match."
+            },
+            {
+              "title": "TLS-RPT (`b.network.smtp.tlsRpt.fetchPolicy`) `rua=` requirement",
+              "body": "Record without `rua=` now returns `null` (record ignored) per RFC 8460 §3. Pre-v0.8.17 returned `{ version: \"TLSRPTv1\", rua: [] }` which operators incorrectly treated as a valid record with no destinations."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8617 ARC",
+          "url": "https://www.rfc-editor.org/rfc/rfc8617.html"
+        },
+        {
+          "label": "RFC 7489 DMARC",
+          "url": "https://www.rfc-editor.org/rfc/rfc7489.html"
+        },
+        {
+          "label": "RFC 8601 Authentication-Results",
+          "url": "https://www.rfc-editor.org/rfc/rfc8601.html"
+        },
+        {
+          "label": "RFC 6698 DANE",
+          "url": "https://www.rfc-editor.org/rfc/rfc6698.html"
+        },
+        {
+          "label": "RFC 7672 SMTP / DANE",
+          "url": "https://www.rfc-editor.org/rfc/rfc7672.html"
+        },
+        {
+          "label": "RFC 8460 TLS-RPT",
+          "url": "https://www.rfc-editor.org/rfc/rfc8460.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.16",
+      "date": "2026-05-08",
+      "headline": "Email auth + transport spec-conformance fixes (DKIM / SPF / MTA-STS / OCSP)",
+      "summary": "Closes ten RFC-cited gaps against shipped DKIM (RFC 6376), SPF (RFC 7208), MTA-STS (RFC 8461), and OCSP (RFC 6960) primitives. Bug fixes only — no new operator-facing primitives, no surface change beyond the additional refusals.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "DKIM verifier (`b.mail.dkim`)",
+              "body": "Refuses any signature whose `h=` tag does not include `from` (RFC 6376 §3.5 cornerstone bypass — without From-coverage the signature does not bind to the visible sender). Refuses unrecognized `v=` tag values per §3.5 (only `v=1` accepted). Enforces empty `p=` as explicit key revocation per §3.6.1 (verdict `fail`, not `permerror`). Enforces `k=` algorithm-family tag agreement with the signature's `a=` family (e.g. `k=rsa` paired with `a=ed25519-sha256` permerrors per §3.6.1). Selector validator accepts multi-label selectors per §3.1 ABNF (common for time-rotated keys like `2024.s1`)."
+            },
+            {
+              "title": "SPF (`b.mail.spf`)",
+              "body": "Refuses domains that publish multiple `v=spf1` TXT records with `permerror` per RFC 7208 §4.5 (most operators don't realize multi-record SPF was always invalid). `include:` mechanism now permerrors when the included domain has no SPF record per §5.2 (closes the silent-authorization class where `include:gone-domain.example` followed by `+all` would silently allow)."
+            },
+            {
+              "title": "MTA-STS (`b.smtpPolicy.mtaSts.fetch`)",
+              "body": "Requires the `_mta-sts.<domain>` TXT precondition record per RFC 8461 §3.1 before fetching the HTTPS policy (closes the silent-escalation class). Cache TTL is now bounded by the policy's `max_age` value per §3.2 (clamped between 1 hour floor and 1 year ceiling) instead of the framework's hardcoded 60-min default."
+            },
+            {
+              "title": "OCSP (`b.network.tls.ocsp.evaluate`)",
+              "body": "`evaluateOcspResponse` enforces the `thisUpdate` / `nextUpdate` time window per RFC 6960 §4.2.2.1, rejecting responses whose validity window has expired or hasn't started yet (with operator-tunable `clockSkewMs`, default 5 min). Pre-v0.8.16 a captured \"good\" response could replay forever even after the cert was revoked; this defeats `requireGood` posture."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6376 DKIM",
+          "url": "https://www.rfc-editor.org/rfc/rfc6376.html"
+        },
+        {
+          "label": "RFC 7208 SPF",
+          "url": "https://www.rfc-editor.org/rfc/rfc7208.html"
+        },
+        {
+          "label": "RFC 8461 MTA-STS",
+          "url": "https://www.rfc-editor.org/rfc/rfc8461.html"
+        },
+        {
+          "label": "RFC 6960 OCSP",
+          "url": "https://www.rfc-editor.org/rfc/rfc6960.html"
+        }
+      ]
+    },
+    {
+      "version": "0.8.15",
+      "date": "2026-05-08",
+      "headline": "Transport-layer CVE absorption + AI-protocol primitives + WebSocket / TLS / httpClient hardening",
+      "summary": "Ships SSE / MCP / GraphQL-federation / `b.ai.input.classify` / A2A / dark-patterns primitives, closes a WebSocket control-frame amplification class (RFC 6455 §5.5), absorbs Node CVE-2026-21710 / 21637 via defensive accessors, lifts the inbound TLS default to TLS 1.3, defaults httpClient to `Accept-Encoding: identity`, and lifts the Node engine pin to 24.4.0 for the undici fix.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.sse` — Server-Sent Events transport",
+              "body": "Newline-injection refusal in `event:` / `id:` / `data:` fields and the `Last-Event-ID` reconnect header (CVE-2026-33128 h3, CVE-2026-29085 Hono, CVE-2026-44217 sse-channel). `channel.send({event, id, data, retry})` validates each field, refuses LF/CR/NUL, splits multi-line `data` into per-spec multiple `data:` lines, drives a `:keepalive` heartbeat with operator-tunable interval. `b.sse.serializeEvent({...})` exposes the encoder for buffered pipelines."
+            },
+            {
+              "title": "`b.mcp.serverGuard` — Model Context Protocol hardening",
+              "body": "Bearer auth required by default (CVE-2026-33032 nginx-ui auth-bypass class). `redirect_uri` exact-match allowlist enforced per OAuth 2.1 / RFC 9700 §4.1.1 (CVE-2025-6514 mcp-remote OAuth RCE class). Dynamic client-registration refused unless `allowDynamicRegister: true` with operator-supplied registration allowlist (confused-deputy class). Tool/resource name allowlists at the guard layer. JSON-RPC 2.0 envelope validator."
+            },
+            {
+              "title": "`b.graphqlFederation.guardSdl`",
+              "body": "Refuses `_service.sdl` / `_entities` probes without a router-token Bearer + optional single-use nonce; closes the schema-leak class where operators disable introspection thinking the schema is hidden."
+            },
+            {
+              "title": "`b.ai.input.classify` — pattern-based prompt-injection classifier",
+              "body": "Covers OWASP LLM01:2025 + NIST COSAIS RFI shapes: instruction-override / persona-jailbreak / role-reset markers / vendor system-tag templates / tool-call injection / exfil-callback / encoded-bypass (base64/rot13) / markdown+HTML smuggling / BIDI / zero-width / control char density. Severity-3 hits → `verdict: \"malicious\"`; 2+ severity-2 hits → `\"suspicious\"`; otherwise `\"clean\"`. Inline-on-every-request perf cost — no model call, no network."
+            },
+            {
+              "title": "`b.a2a` — signed agent-card primitive",
+              "body": "A2A (Linux Foundation Agentic AI Foundation) v1.x. `signCard` produces an envelope with a detached ML-DSA-87 signature over the SHA3-512 of the canonical-JSON serialization (RFC 8785-aligned); `verifyCard` validates signature + expiry + issuer match. Endpoints HTTPS-only (or localhost) at validation time."
+            },
+            {
+              "title": "`b.darkPatterns` — FTC click-to-cancel parity attestation",
+              "body": "`recordSignupFlow` / `recordCancelFlow` capture operator-attested click counts, CTA contrast / font weight, channel, confirmation steps; `assertParity` returns `{ ok, breaches }` against `ftc-2024` / `ca-sb942` / `strict` postures. `middleware({lookupAttestation, resourceIdFromReq})` refuses cancel-endpoint requests with HTTP 451 if no parity attestation is on file."
+            },
+            {
+              "title": "`b.requestHelpers.safeHeadersDistinct(req)`",
+              "body": "Defensive accessor for `req.headersDistinct` that bypasses Node's faulty getter (Node CVE-2026-21710 — reading `__proto__` on the underlying header bag throws synchronously inside the getter, escaping handler-level try/catch). Computes the same null-prototype shape directly from `req.rawHeaders`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Inbound TLS default lifted to TLS 1.3",
+              "body": "`router.listen()` now defaults to `minVersion: \"TLSv1.3\"` when the operator's `tlsOptions` doesn't pin one (closes the gap where bare `{key, cert}` inherited Node's TLSv1.2 default)."
+            },
+            {
+              "title": "`router.listen()` wraps SNICallback",
+              "body": "Synchronous throws (Node CVE-2026-21637) become a clean async `(err, null)` callback rather than crashing the listener."
+            },
+            {
+              "title": "`b.httpClient` defaults to `Accept-Encoding: identity`",
+              "body": "Refuses compressed responses unless the operator explicitly opts in. Closes the undici unbounded-decompression amplification class (CVE-2026-22036). Operators that need compressed responses pass an explicit `Accept-Encoding` header."
+            },
+            {
+              "title": "`engines.node` raised from `>=24.0.0` to `>=24.4.0`",
+              "body": "Ensures the undici fix is bundled."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "WebSocket control-frame size cap (RFC 6455 §5.5)",
+              "body": "`lib/websocket.js` `_handleFrame` refuses any control frame (opcodes ≥ 0x8: CLOSE/PING/PONG) with payload length > 125 or `fin = false`. Closes the 2× outbound-bandwidth amplification class where a 1 MiB PING was echoed verbatim as PONG."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "CVE-2026-33128 h3",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33128"
+        },
+        {
+          "label": "CVE-2026-29085 Hono",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29085"
+        },
+        {
+          "label": "CVE-2026-22036 undici",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22036"
+        },
+        {
+          "label": "CVE-2026-21710 Node",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
+        },
+        {
+          "label": "CVE-2026-21637 Node SNI",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
+        }
+      ]
+    },
+    {
+      "version": "0.8.14",
+      "date": "2026-05-07",
+      "headline": "`b.vault.sealPemFile` — auto-resealing wrapper for at-rest PEM files",
+      "summary": "Closes the cleartext-PEM window between ACME / Let's Encrypt renewals and manual re-seal. Watches the source via `fs.watchFile`, atomically re-seals on mtime change, and exposes a crash-recovery marker so a half-written reseal completes idempotently on restart.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.vault.sealPemFile({ source, destination })`",
+              "body": "Operators with ACME / Let's Encrypt renewals get fresh certs every 30-60 days; the renewal writes plaintext PEM to disk, signals the application to reload, and leaves the cleartext file unencrypted between the renewal write and the next manual re-seal. `sealPemFile` reads the source, vault-seals it, atomically writes `<destination>` (`.tmp` + `fsync` + `rename` + `fsyncDir`), and registers an `fs.watchFile` poll on the source. Every mtime change triggers an automatic re-seal — the operator-visible `<destination>.rewriting` marker is created before the rename and removed after, giving crash recovery a signal: when `sealPemFile()` starts and the marker is present, it re-seals from source idempotently. Returns `{ stop, generation, lastResealedAt, lastError, watching, forceReseal }`. `pollInterval` defaults to 2s — ACME renewal cadence is days, so polling latency is irrelevant against the renewal interval. `fs.watchFile` (the polling backend) is used instead of `fs.watch` (inotify / kqueue) because watchFile is consistent across platforms — Linux fires multiple change events per rename, macOS doesn't fire on renamed-into files, and the polling cadence is acceptable here."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.13",
+      "date": "2026-05-07",
+      "headline": "Streaming multipart uploads + `onChunk` response hook on `b.httpClient`",
+      "summary": "Closes the `Buffer.concat` OOM class on large uploads via three new entry shapes (in-memory, disk-stream, operator-stream) and adds an `onChunk(chunk)` hook that fires for each response chunk in both buffer and stream modes — hash bytes while piping without an extra Transform pass.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Streaming multipart on `b.httpClient.request({ multipart: { files: [...] } })`",
+              "body": "Three file-entry shapes: existing `{ field, content: Buffer | string }` (in-memory), new `{ field, filePath: string }` (stream-from-disk via `fs.createReadStream`), and `{ field, stream: Readable, size?: number }` (operator-supplied stream). When every entry's size is statically resolvable (Buffer length / `fs.statSync().size` / explicit `opts.size`), the framework sets `Content-Length` and uses identity transfer; otherwise the framework omits the header and Node's HTTP layer falls back to chunked transfer. Body is materialized one chunk at a time through a `Readable.from(asyncIterator)` that yields boundary headers, source bytes, and CRLF in order. Fast-path preserved: when no streaming source is involved, `_buildMultipartBody` still returns a single Buffer with a known `Content-Length`."
+            },
+            {
+              "title": "`onChunk(chunk)` response hook",
+              "body": "Fires for each response data chunk in BOTH `responseMode: \"buffer\"` and `responseMode: \"stream\"`. Use case: hash bytes during pipe-to-disk without an extra Transform pass (`onChunk: (c) => hasher.update(c)`). Throws inside the hook are caught and dropped — a hash-mismatch detector can raise without breaking the pipe; callers surface the error through their own pipe handler."
+            }
+          ]
+        },
+        {
+          "heading": "Security",
+          "items": [
+            {
+              "title": "Verified shipped: `b.httpClient` + `b.cryptoField` + `b.config` redaction",
+              "body": "Re-verified during the framework-gap audit: `b.httpClient` `responseMode: \"always-resolve\"`, `onRedirect({from, to, hop, headersStripped, statusCode})` hook, `body: Readable` upload path; `b.cryptoField` derived-hash domain separation (`bj-<table>-<field>:` per-field namespace prefix matches the indexed-lookup requirement); `b.config` `redactKeys` allowlist + `redacted()` view."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.12",
+      "date": "2026-05-07",
+      "headline": "WebSocket upgrade refuses credential-shaped query parameters by default",
+      "summary": "URL query strings leak through access logs, browser history, Referer to third-party CDN / analytics, in-process / proxy captures, and crash dumps — RFC 6750 §2.3 explicitly cautions against bearer tokens in URI query parameters. `validateUpgradeRequest` now refuses upgrades carrying a credential-shaped query parameter; operators with a legitimate non-credential collision opt out per route.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`validateUpgradeRequest(req, opts)` credential-query refusal",
+              "body": "Scans the request URL for the credential-leak names `access_token`, `bearer`, `bearer_token`, `apikey`, `api_key`, `api-key`, `authorization` (case-insensitive, with percent-decoding) and refuses the upgrade with HTTP 400 when one is present. Operators with a non-credential parameter that happens to share a credential-shaped name opt out per route via `opts.allowQueryAuthParams: true` with an audited operator reason. The refused list is deliberately narrow: overloaded names (`token`, `auth`, `key`, `session`) have non-credential meanings (CSRF tokens, file-share tokens, session-resume identifiers) and are NOT refused."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 6750 §2.3 Bearer Tokens in URI Queries",
+          "url": "https://www.rfc-editor.org/rfc/rfc6750.html#section-2.3"
+        }
+      ]
+    },
+    {
+      "version": "0.8.11",
+      "date": "2026-05-07",
+      "headline": "All-50-states breach-deadline registry + adverse-decision wrapper + age-gate + per-primitive test-coverage gate",
+      "summary": "Adds `b.breach.deadline` + `b.breach.report` for multi-state data-breach notification, `b.ai.adverseDecision` for GDPR-22 / EU AI Act / ECOA / Colorado / NYC-144 / FCRA consumer-rights wrapping, `b.middleware.ageGate` for COPPA / AADC postures, and a release gate that refuses operator-facing primitives without at least one test reference.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.breach.deadline` + `b.breach.report`",
+              "body": "All-50-states data-breach-notification deadline registry. `b.breach.deadline.forStates(states, detectedAt)` returns per-state `{ state, kind, dueBy, citation }` records (`kind: \"as-soon-as-possible\"` for AS-OF / `\"hard-deadline\"` for fixed-day deadlines like Texas / Florida / Maine). `b.breach.report.create()` opens a multi-state breach with a single record, tracks per-state filings via `fileNotice(id, state, ...)`, exposes `pending(id)` for dashboards, and auto-closes once every affected state has filed. Statutory citations + day counts wired in `lib/breach-deadline.js` per-state."
+            },
+            {
+              "title": "`b.ai.adverseDecision`",
+              "body": "Wraps an operator-supplied `decide(subject)` predicate; automatically attaches a consumer-rights notice when the outcome is `\"adverse\"` / `\"denied\"` / `\"rejected\"`. Built-in regulation templates for `gdpr-22`, `ai-act-86`, `ecoa-1002.9`, `colorado-ai-act`, `nyc-ll-144`, `fcra-615`, `operator-defined`. Notice carries `principalReasons` + `consumerRights: { requestData, requestExplanation, contestDecision, requestHumanReview }` shaped per regime."
+            },
+            {
+              "title": "`b.middleware.ageGate`",
+              "body": "Request-level age-classification middleware. Operator-supplied `getAge(req)` returns the subject age (or null/undefined when unknown); middleware classifies as `\"above-threshold\"` / `\"below-threshold\"` / `\"unknown\"` against `consentRequired`, sets `X-Privacy-Posture` header, and refuses with 451 + audited reason when `requireAge` is set and `hasParentalConsent(req)` is unmet. Composes upstream of session / authn for COPPA / AADC / UK Children's Code postures."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "Per-primitive test-coverage gate",
+              "body": "New `test/layer-0-primitives/test-coverage.test.js` walks every operator-facing `b.*` primitive and refuses release unless the primitive has at least one test reference (or an explicit `UNTESTED_BACKLOG` entry naming the reason). Closes the drift class where a primitive landed on `b.*` but never gained a unit test."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.10",
+      "date": "2026-05-07",
+      "headline": "Five compliance / regulatory primitives composing on `b.incident.report`",
+      "summary": "Adds CRA Article 14 + NIS2 Article 23 incident wrappers, a GDPR Article 30 RoPA registry + exporter, an EU Accessibility Act conformance generator, and a California SB 1001 bot-disclosure middleware.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.cra.report` — EU Cyber Resilience Act Article 14 wrapper",
+              "body": "Three-stage statutory deadlines: 24h early warning / 72h incident notification / 14d final report. Required `productId` + `manufacturer` per Annex VII §1. Optional ENISA submission via `opts.enisaEndpoint` + `b.httpClient`; submission is operator-opt-in per stage call (regulators uniformly require operator review before filing)."
+            },
+            {
+              "title": "`b.nis2.report` — NIS2 Article 23 wrapper",
+              "body": "Three-stage deadlines: 24h / 72h / 1 month. Annex I (essential) / Annex II (important) entity classification + sector codes (`I.6` drinking water / `II.6` digital providers / etc.)."
+            },
+            {
+              "title": "`b.gdpr.ropa` — GDPR Article 30 RoPA registry + exporter",
+              "body": "Validates required fields per Article 30 §1; legal-basis enum per Article 6(1); produces a regulator-friendly RoPA document for the operator's DPO to file. JSON / CSV / Markdown export."
+            },
+            {
+              "title": "`b.compliance.eaa` — EU Accessibility Act Article 13",
+              "body": "Declared-conformance generator. Operators declare per-criterion conformance against WCAG 2.1/2.2 AA / EN 301 549; non-conformances ship with reason + mitigation. JSON / Markdown export for the operator's accessibility statement."
+            },
+            {
+              "title": "`b.middleware.botDisclose` — California SB 1001",
+              "body": "Cal. Bus. & Prof. Code §17941 bot-disclosure middleware. Injects a disclosure banner into HTML responses, sets `X-Bot-Disclosure` header for API consumers, and audits every conversation-initiating request. Operators wire `mountPaths` to scope and `bannerHtml` for visual customization."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "EU Cyber Resilience Act (Regulation 2024/2847)",
+          "url": "https://eur-lex.europa.eu/eli/reg/2024/2847/oj"
+        },
+        {
+          "label": "NIS2 Directive (Directive 2022/2555)",
+          "url": "https://eur-lex.europa.eu/eli/dir/2022/2555/oj"
+        },
+        {
+          "label": "EU Accessibility Act (Directive 2019/882)",
+          "url": "https://eur-lex.europa.eu/eli/dir/2019/882/oj"
+        }
+      ]
+    },
+    {
+      "version": "0.8.9",
+      "date": "2026-05-07",
+      "headline": "`b.incident.report` — generic 3-stage incident-reporting primitive",
+      "summary": "Composes the three deadline pattern that recurs across regulatory regimes (initial / intermediate / final report) with built-in per-regime deadlines for GDPR Art. 33, NIS2 Art. 23, DORA Art. 19, CRA Art. 14, and HIPAA Breach Notification, plus `late: bool` + `lateBy: ms` on every record.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.incident.report`",
+              "body": "Three stages mirror the deadline pattern across regulatory regimes: initial / early-warning notification (within 24h of detection), intermediate / status update (within 72h), final report (within 30d or per-regime deadline). Built-in per-regime deadlines for `gdpr` (Article 33), `nis2` (Article 23), `dora` (Article 19), `cra` (Article 14), `hipaa` (Breach Notification Rule); operators select via `regime: \"gdpr\"` and `opts.deadlines` can override per-stage. Each stage records a tamper-evident audit event (`incident.report.stage_recorded`) with a `late: bool` + `lateBy: ms` flag — late filings get `outcome: \"late\"` so regulator audits can distinguish on-time from late-but-eventually filings. Operator-supplied `persist(record)` writes to a DB / SIEM / SOAR system; `onStage(event)` fires for synchronous routing. `status()` returns aggregate counts (open / closed / late-per-stage) for dashboards."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "GDPR Article 33",
+          "url": "https://gdpr-info.eu/art-33-gdpr/"
+        },
+        {
+          "label": "NIS2 Directive Article 23",
+          "url": "https://eur-lex.europa.eu/eli/dir/2022/2555/oj"
+        },
+        {
+          "label": "DORA Article 19",
+          "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj"
+        }
+      ]
+    },
+    {
+      "version": "0.8.8",
+      "date": "2026-05-07",
+      "headline": "`b.middleware.requireBoundKey` + audit-signing rotation + `b.circuitBreaker` + `b.htmlBalance.checkSafe` + FIPS boundary docs",
+      "summary": "Ships three-axis bearer-API-key binding, operator-callable audit-signing rotation with historical re-sign, a top-level circuit-breaker re-export, an HTML balance + guard composite, a permissions predicate-shape warning, and FIPS 140-3 boundary documentation in SECURITY.md. ESLint pinned to 10.3.0 across CI workflows.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.requireBoundKey`",
+              "body": "Bearer-API-key middleware with three-axis binding: required scopes, bound-field equality (operator pulls values from headers / query / body via `getBoundField` getters; bound-fields registered on the key are checked with constant-time match), and peer-cert fingerprint allowlist (composes with v0.8.4's `b.crypto.hashCertFingerprint` / `isCertRevoked`). Operator-supplied async `resolver(apiKey)` returns the registered record or `null` when revoked. Refusals carry structured reasons (`no-bearer-token`, `key-unknown-or-revoked`, `missing-scope`, `bound-field-missing`, `bound-field-mismatch`, `peer-cert-required`, `peer-cert-not-pinned`); audit chain captures the keyId + reason on every refusal."
+            },
+            {
+              "title": "`b.audit.rotateSigningKey` + `reSignAll(iter)`",
+              "body": "Operator-callable rotation of the audit-signing keypair. Generates (or accepts BYO) a new keypair, copies the existing sealed file to a timestamped history path so historical signatures remain verifiable, re-seals with the operator's passphrase, and atomic-swaps the in-memory keys. Companion `reSignAll(iter)` walks an operator-supplied async iterable of `{ payload, signature, oldPublicKeyPem }` and re-signs each entry with the new key — the audit module's checkpoint store calls this to re-stamp historical checkpoints after a rotation."
+            },
+            {
+              "title": "`b.circuitBreaker` top-level re-export",
+              "body": "Top-level re-export of `b.retry.CircuitBreaker` so operators discover it alongside `b.retry`; same state machine, same `wrap()` API, ergonomic `create(opts)` factory."
+            },
+            {
+              "title": "`b.htmlBalance.checkSafe(html, opts)`",
+              "body": "Combines structural `balance()` check with a `b.guardHtml.gate` security pass under the same `{ profile, posture }` opt shape used by `b.fileUpload({ contentSafety })` / `b.staticServe({ contentSafety })`."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.permissions.policy(scope, predicate)` shape warning",
+              "body": "Emits `permissions.policy_predicate_shape_warning` audit on register-time when the predicate's `.length < 2` (operators commonly forget the `context` argument and ship a predicate that's always-true on the actor parameter)."
+            },
+            {
+              "title": "`SECURITY.md` FIPS 140-3 cryptographic boundary section",
+              "body": "New section explaining the dual boundary — Node.js OpenSSL FIPS provider for classical primitives, vendored noble-* implementations for PQ algorithms. The latter implement FIPS-published algorithms but the implementations themselves are not CMVP-validated. Operator path for FIPS-mandated environments documented."
+            },
+            {
+              "title": "ESLint pinned to 10.3.0 across CI workflows",
+              "body": "Pinned across `ci.yml` / `npm-publish.yml` / `release-container.yml`. `eslint@latest` was silently letting new rule additions break the publish gate on releases that had passed the day before. The pin moves on operator-confirmed bumps."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.7",
+      "date": "2026-05-06",
+      "headline": "`b.auth.accessLock` three-mode access-lock primitive",
+      "summary": "Ships an operator-intervention lock with `open` / `read-only` / `locked` modes for stop-the-world, idempotent-only, and full-deny operator windows during incident response, schema migrations, or break-glass review.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.auth.accessLock`",
+              "body": "Three modes: `\"open\"` is normal operation; `\"read-only\"` refuses non-idempotent methods (POST/PUT/PATCH/DELETE) with 503 + `Retry-After` while letting GET/HEAD/OPTIONS pass; `\"locked\"` refuses everything except an operator-supplied `passthroughPaths` allowlist (status / health / unlock endpoint). Operators flip modes via `lock.set(\"locked\", { actor, reason })`; the transition emits `auth.access_lock.mode_changed` audit + metric. `unlockRoles: [\"sre\", ...]` lets a privileged role bypass all three modes via `getRole(req)` so a break-glass operator can always reach the unlock endpoint. The boot-time mode emits `auth.access_lock.boot` so the audit chain captures the deploy posture."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.6",
+      "date": "2026-05-06",
+      "headline": "`b.middleware.dailyByteQuota` + `b.appShutdown` extensions + OIDC sub-claim cross-check",
+      "summary": "Ships per-IP daily byte budgeting, lifecycle extensions (`onUncaught`, custom signal list, `pidLock`), `b.observability.otlpExporter` audit / metrics refinements, and a token-substitution defense on `b.auth.oauth.fetchUserInfo`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.middleware.dailyByteQuota`",
+              "body": "Per-IP rolling 24-hour byte budget (24 hourly bins, slides per-second so a peer can't reset by waiting past midnight). Memory backend single-node by default; `opts.cache` wires `b.cache` for cluster-shared accounting. Refuses with 429 + `Retry-After` when peers exceed the quota; emits `middleware.daily_byte_quota.refused` audit + metric. Inbound + outbound bytes counted. Fail-open on cache backend errors with audited reason — a flaky cache no longer takes the framework down."
+            },
+            {
+              "title": "`b.appShutdown` lifecycle extensions",
+              "body": "`onUncaught` hook fires on `uncaughtException` / `unhandledRejection`; default is graceful-shutdown with `exitCode=1`. Operators can wire a hook for relay to PagerDuty / observability before exit. `opts.signals` now accepts a custom signal list (defaults to `[\"SIGTERM\",\"SIGINT\"]`); operators add `SIGUSR2` (nodemon restart), `SIGHUP` (terminal disconnect), `SIGQUIT` (`kill -3`) without subclassing. `b.appShutdown.pidLock(lockPath)` — single-instance file lock that writes `process.pid`, refuses to acquire when another live process holds the lock, reaps stale lock files (PID gone), and releases on shutdown."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.observability.otlpExporter` audit + metrics surface",
+              "body": "New `system.observability.otlp_exporter.post_failed` audit emission distinguishes timeout / abort from generic network failure (operators can route timeout-rooted exporter degradation to a different alert channel). `stats()` now reports `droppedTotal` (queue overflow + export failed) and emits a `dropped_total` metric on every call so dashboards chart the running drop count."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`b.auth.oauth.fetchUserInfo` OIDC sub-claim cross-check",
+              "body": "Refuses on OIDC IdPs unless the caller threads `ufiOpts.idTokenSub` (the verified `sub` claim from `exchangeCode`'s `id_token`); cross-checks userinfo `sub === idTokenSub` to defend against token-substitution where a hostile IdP returns a different user's profile. Non-OIDC OAuth 2.0 deployments mis-flagged as `isOidc` opt out via `{ skipSubCheck: true }` with audited reason."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.5",
+      "date": "2026-05-06",
+      "headline": "Vendor-currency CI gate + `b.middleware.requireMtls`",
+      "summary": "Adds a CI check that every vendored bundle in `lib/vendor/MANIFEST.json` matches the latest published version on npm (or the upstream default-branch HEAD for master-branch corpora), and ships `b.middleware.requireMtls` for soft mTLS enforcement composed with the v0.8.4 cert-fingerprint helpers.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "Vendor-currency CI gate",
+              "body": "`scripts/check-vendor-currency.js` + a new CI job in `ci.yml` assert every npm-mapped vendored bundle in `lib/vendor/MANIFEST.json` matches the latest published version on the npm registry. Per-component check on meta-bundles (e.g. `peculiar-pki` → `@peculiar/x509` + `pkijs`). Master-branch corpus entries (`SecLists`) are checked against the GitHub Commits API for the bundled file's path on the source repo's default branch — if the upstream has commits newer than the manifest's `bundledAt` date, the gate fails. Registry errors stay advisory unless `BLAMEJS_VENDOR_CURRENCY_STRICT=1`. Operators run locally via `npm run check:vendor-currency`."
+            },
+            {
+              "title": "`b.middleware.requireMtls`",
+              "body": "New soft-enforcement middleware that rejects requests without an authenticated client certificate. Composes with `b.crypto.hashCertFingerprint` / `isCertRevoked` (added in v0.8.4) so operators pass `fingerprintAllowList: [...]` and `denyList: [...]` and the middleware does the constant-time match. `req.peerCert` + `req.peerFingerprint` are attached for downstream handlers. Audits `mtls.required.allowed` / `mtls.required.refused` with reason metadata."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.4",
+      "date": "2026-05-06",
+      "headline": "Supply-chain scanner findings + outbound HTTP posture + npm-publish unblock",
+      "summary": "Routes the OTLP exporter through `b.httpClient` for PQC-hybrid + cert-pinning posture, lazy-loads `child_process` in `b.dev`, adds `responseMode` / `onRedirect` to `b.httpClient`, adds per-dial overrides to `b.wsClient`, ships new crypto + scheduler helpers, and corrects an SD-JWT default-alg test that blocked four prior publishes.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.crypto.hashCertFingerprint(pem|der)` + `b.crypto.isCertRevoked(pemOrDer, denyList)`",
+              "body": "Returns `{ hex, colon }` SHA3-512 digests and a constant-time deny-list match for cert-fingerprint pinning."
+            },
+            {
+              "title": "`b.scheduler.register(name, intervalMs, fn)` + `b.scheduler.getStatus()`",
+              "body": "Shorthand for the every-N-ms registration shape; `getStatus()` returns an aggregate health surface for probes / dashboards (started flag, isLeader, per-task list, totals)."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.observability.otlpExporter` default transport",
+              "body": "No longer defaults to `globalThis.fetch`; the default transport is now `b.httpClient` (`node:https` through the framework's PQC-hybrid agent + cert-pinning + SSRF guard). The prior default leaked an outbound network surface that supply-chain scanners flagged. Operators on fetch-only edge runtimes still override via `opts.fetchImpl`."
+            },
+            {
+              "title": "`b.dev.create()` lazy-requires `child_process` + refuses production by default",
+              "body": "Lazy-requires `child_process` (was top-level — flagged on every install regardless of whether `b.dev` was used) and refuses to construct when `NODE_ENV=production` unless the operator passes `opts.allowProduction: true` with an audited reason. A misconfigured production deploy that accidentally wires the dev-mode restart loop now crashes loudly at boot rather than spawning shells on every save."
+            },
+            {
+              "title": "`b.httpClient.request` adds `responseMode` + `onRedirect`",
+              "body": "`responseMode: \"always-resolve\"` makes every response resolve with `{ statusCode, headers, body }` regardless of HTTP status. `onRedirect({ from, to, hop, headersStripped, statusCode, method })` lets operators throw to abort or rewrite the redirect chain."
+            },
+            {
+              "title": "`b.wsClient.connect` per-dial overrides",
+              "body": "Adds `urlFor(attempt)` and `tlsOptsFor(attempt)` for between-reconnect URL / TLS rotation; the new URL is re-validated through `ssrfGuard` so a hostile upstream can't redirect a reconnecting client at a private address. Post-`close()` `ECONNRESET` / `EPIPE` swallowed cleanly."
+            },
+            {
+              "title": "`b.pqcAgent.create({ ecdhCurve })` accepts a caller-supplied stricter list",
+              "body": "Operators can drop a group from the framework default but cannot widen with non-PQ groups (the prior hardcoded value blocked legitimate per-deployment narrowing)."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "npm-publish unblock: SD-JWT default-alg test",
+              "body": "`test/layer-0-primitives/sd-jwt-vc.test.js` was asserting `DEFAULT_ALG === \"ES256\"` after v0.8.1 flipped the default to `ML-DSA-87`; the assertion now matches the lib (and `DEFAULT_HASH_ALG` for `sha3-512`). v0.8.1 / v0.8.2 / v0.8.3 all failed the npm-publish gate on this single test."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.3",
+      "date": "2026-05-06",
+      "headline": "Release-gate fixes + post-v0.8.2 hardening",
+      "summary": "Closes the wiki opts-drift gate for the v0.8.1 `requireOrigin` opt, a gitleaks false-positive on KEM-envelope shapes, and ships two functional additions on `b.httpClient` and `b.wsClient`.",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.httpClient.request({ responseMode: \"always-resolve\" })`",
+              "body": "Every request resolves with `{ statusCode, headers, body }` regardless of HTTP status — operators using the framework as an inbound-proxy upstream no longer have to wrap each call in a try/catch to recover the body of a 4xx/5xx."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Wiki primitive-section opts-key drift on `b.middleware.csrfProtect`",
+              "body": "The `requireOrigin` opt added in v0.8.1 was not documented in the wiki seeder; now listed alongside `checkOrigin` / `allowedOrigins`."
+            },
+            {
+              "title": "gitleaks secret-scan false positives on KEM-envelope shapes",
+              "body": "Findings against `{ privateKey, cipherText }` parameter-name shapes in `lib/crypto.js` error messages and the v0.8.0 CHANGELOG entry are now allowlisted via `.gitleaks.toml` (parameter-name shape allowlist + pinned commit fingerprints for the v0.8.0 entry)."
+            },
+            {
+              "title": "`b.wsClient` post-close error noise",
+              "body": "Swallows post-`close()` `ECONNRESET` / `EPIPE` errors so a clean shutdown doesn't surface a noisy unhandled-error event when the kernel races the FIN with an in-flight write."
+            },
+            {
+              "title": "`SECURITY.md` documents the `allowInternal: true` test-pattern",
+              "body": "Legitimate same-host integration tests opt in explicitly with audited reason — never as a production default."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.2",
+      "date": "2026-05-06",
+      "headline": "ESLint fixes for the v0.8.1 npm-publish gate",
+      "summary": "Two no-op lint fixes that unblock the publish workflow; functional behaviour unchanged from v0.8.1.",
+      "sections": [
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "`lib/guard-csv.js` bidi-prefix regex",
+              "body": "Now uses explicit `\\uXXXX` escapes (was tripping `no-irregular-whitespace` + `no-misleading-character-class` on the literal-codepoint form)."
+            },
+            {
+              "title": "`lib/redact.js` URL-bearer-query detector",
+              "body": "Drops a redundant `\\-` escape inside a character class flagged by ESLint."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.1",
+      "date": "2026-05-06",
+      "headline": "Hardening sweep across audit emission, crypto defaults, auth bypass closure, storage, HTTP, and observability",
+      "summary": "Defense-in-depth fixes across audit emission canonicalisation, PQC-first crypto defaults, auth bypass closure (break-glass, mfaWindowMs, fingerprint-drift, bearer 401 shape, jti minting, OIDC nonce), storage SQLi closures, HTTP and outbound transport posture, content-safety bypasses, and redaction coverage. No new operator-facing primitives.",
+      "sections": [
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "Audit emission canonicalisation",
+              "body": "`audit.safeEmit` now normalises non-canonical outcomes (`ok` / `fail` / `warning` / `duplicate` / `skip` → `success` / `failure`) and replaces hyphens in action-name segments with underscores. The strict regex enforced by `audit.record` was silently dropping events from `b.flag` / `b.outbox` / `b.inbox` / `b.session` (idle / absolute / fingerprint-drift) / `b.db` (integrity-check) / `b.compliance.aiAct` / `b.config-drift` / `b.log-stream` / `b.pubsub` (and fixes a positional-signature bug at the publish call site). Chain-write integrity failures now emit `system.audit.chain_write_dropped` to observability so operators alerting on rate-drop still see a signal when audit itself is the broken sink."
+            },
+            {
+              "title": "PQC-first crypto defaults tightened",
+              "body": "`b.mtlsCa` `caKeySealedMode` default flipped from `\"auto\"` to `\"required\"`; legacy `\"auto\"` (load whichever exists, fall back to plaintext) is removed. Operators opt back to plaintext explicitly via `\"disabled\"` with audited reason. `b.network.tls` default key-share preference list now leads with `SecP384r1MLKEM1024` (highest-PQ hybrid registered in `TLS_GROUP_PREFERENCE`) and drops `secp256r1`. `b.auth.sdJwtVc` defaults to `ML-DSA-87` + `sha3-512` (was `ES256` + `sha-256`). `b.crypto.encrypt` emits `system.crypto.hybrid_disabled` audit when called with only an ML-KEM public key. `b.auth.totp` emits `auth.totp.algorithm_downgraded` audit on every SHA-256 enrolment / verification."
+            }
+          ]
+        },
+        {
+          "heading": "Fixed",
+          "items": [
+            {
+              "title": "Auth bypass closures across break-glass, MFA, sessions, bearer, OIDC nonce",
+              "body": "`b.breakGlass` `policy.requireScope` is now enforced at `grant()` time (was accepted, persisted, and surfaced via `policyGet` but never consulted). `b.permissions` `requireMfa: true` defaults to a 15-minute `mfaWindowMs` floor when neither route nor role supplies one. `b.middleware.attachUser` threads `req` through `session.verify` so the documented fingerprint-drift / IP-UA pin / anomaly-score defenses fire on the standard middleware path. `b.middleware.bearerAuth` returns 401 with `WWW-Authenticate: Bearer error=\"invalid_request\"` when an `Authorization` header is present but doesn't parse against the configured scheme (was falling through to cookie-session); `realm` is CRLF-validated at create-time. `b.bearerAuth` sets `req._bearerAuthHandled` after success so `b.middleware.attachUser` skips re-reading the same header. `b.breakGlass.unsealRow` SELECTs the target row before incrementing `rowsConsumed` so a typo'd row id no longer exhausts a `maxRowsPerGrant: 1` grant. `b.auth.password` HIBP path fail-closes when more than half the response lines are unparseable (poisoned-mirror defense). `b.auth.jwt.sign` auto-mints a `jti` when `expiresInSec` is set and the operator didn't supply one. `b.auth.oauth.exchangeCode` requires `nonce` on OIDC flows when `authorizationUrl()` produced one (explicit `skipNonceCheck: true` for legacy IdPs). `b.auth.lockout` cache-error signal now also rides the audit chain. `b.middleware.csrfProtect` cookie regex tightened from `{2,}` to `{64}` hex chars (matches `forms.generateCsrfToken` output) so a sibling-subdomain XSS can't plant `csrf=ab` and submit matching `X-CSRF-Token`; new `requireOrigin: true` opt for browser-only routes; `csrf.bad_cookie_value` audit on planted-short-cookie refusals."
+            },
+            {
+              "title": "Storage / SQLi closures",
+              "body": "`b.retention` calls `safeSql.validateIdentifier` on every operator-supplied table name, age field, soft-delete field, legal-hold field, and cascade FK before reaching SQL string concatenation. `b.db` at-rest `db.enc` envelope binds `(data dir, node identity)` AAD so two deployments sharing the operator passphrase can't swap `db.enc` files; old envelopes still decrypt via a one-release backwards-compat fallback. `b.externalDb` `SET LOCAL` GUC values capped at 4 KiB. `b.cache` set path swapped from `JSON.stringify` to `safeJson.stringify` (refuses Buffer / circular / Date round-trip ambiguity). `b.objectStore.setObjectRetention` does a `getObjectRetention` pre-check and refuses client-side when existing retention mode is `COMPLIANCE` and the caller tries to shorten it or pass `bypassGovernance: true`. `b.inbox` rejects NUL + C0 controls in `messageId` / `source` (closes the dedupe-collision attack on truncating drivers)."
+            },
+            {
+              "title": "HTTP / network posture",
+              "body": "`b.wsClient.connect` wires `b.ssrfGuard` symmetric to `b.httpClient` (cloud-metadata / private / loopback / link-local / reserved IPs hard-denied; `allowInternal: true` opts in). `b.wsClient` outbound `tls.connect` pins `minVersion: \"TLSv1.3\"`. `b.app` HTTP/2 server pins `maxOutstandingPings: 10` (CVE-2019-9512 ping-flood class). `b.middleware.cors` always appends `Vary: Origin` when the request carried an Origin. `b.staticServe` adds `maxRangeBytes` cap (default 64 MiB) — refuses single-range requests larger than the cap with 416 (slowloris-range defense). `b.middleware.bodyParser` per-part header bytes now count toward `totalSize` (closes a 120 × 16 KiB amplification surface). `b.ssrfGuard` `_ipv4ToInt` strict octet validation refuses non-numeric segments instead of silently coercing to 0. `b.cluster` heartbeat picks up ±20% per-tick jitter on followers; `MIN_LEASE_TTL` bumped from 5s to 10s."
+            },
+            {
+              "title": "Content-safety bypasses + observability redaction",
+              "body": "`b.guardHtml._extractScheme` + `b.guardSvg._extractScheme` decode HTML5 named entities (`&Tab;` / `&NewLine;` / `&colon;` / `&sol;` / etc.) before scheme-allowlist matching (closes the `java&Tab;script:` bypass class). `b.guardCsv` strips ZWSP / RTLO / LRM / RLM / BOM at cell-start before the formula-prefix scan. `b.guardAll._verifyParity` walks `STANDALONE_GUARDS` too (filename / domain / uuid / cidr / time / mime / jwt / oauth / graphql / shell / regex / jsonpath / template / image / pdf / auth). `b.fileUpload._checkAllowedFileType` cross-checks operator-supplied claimed MIME against magic-byte detection and refuses on family mismatch. `b.mail` attachment validation wires `b.guardFilename.validate({ profile: \"strict\" })` + magic-byte / claimed-MIME cross-check. `b.redact` SENSITIVE_FIELDS now covers `x-api-key` / `x-apikey` / `x_api_key` / `api-key` plus DPoP / OAuth 2.1 fields (`jwk`, `dpop`, `proof`, `assertion`, `client_assertion`, `id_token_hint`, `code_verifier`, `client_secret`, `refresh_token`, `access_token`); new value-shape detector redacts query-string `?token=` / `?access_token=` / `?api_key=` patterns inside URL fields. `b.logStream` syslog sink strips CR / LF from MSG content per RFC 5424 §6.4. `b.compliance.set` rejection emits `compliance.posture.set_rejected` audit on `unknown-posture` and `already-set` paths."
+            },
+            {
+              "title": "Supply chain hygiene",
+              "body": "`scripts/vendor-update.sh` auto-runs `scripts/refresh-vendor-manifest.js` so `MANIFEST.json` sha256 hashes track the on-disk bundle without a separate operator step."
+            }
+          ]
+        },
+        {
+          "heading": "Detectors",
+          "items": [
+            {
+              "title": "`audit-action-with-hyphen` + `non-canonical-audit-outcome`",
+              "body": "Two new `codebase-patterns` detectors catch new sites at gate time that emit hyphenated audit-action segments or non-canonical outcome strings."
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "version": "0.8.0",
+      "date": "2026-05-06",
+      "headline": "ARC chain construction + transactional inbox + API spec parsers + wsClient hardening",
+      "summary": "Minor bump landing relay-side ARC signing, transactional dedupe-on-receive inbox, OpenAPI/AsyncAPI parsers, a named ML-KEM-768 + X25519 decrypt helper, and substantial outbound WebSocket-client hardening (decompression-bomb cap, UTF-8 fatal validation, control-frame caps, permanent-error classifier, audit-metadata enrichment).",
+      "sections": [
+        {
+          "heading": "Added",
+          "items": [
+            {
+              "title": "`b.mail.arc.sign` relay-side RFC 8617 ARC chain construction",
+              "body": "Companion to the existing `b.mail.arc.verify`. Produces AAR + AMS + AS headers, prepends them in RFC-recommended order, enforces cv= rules (`i=1` requires `cv=none`, `i>=2` requires `cv=pass` / `cv=fail`), and emits chain-gap detection (`i=N` requires N-1 prior hops). Supports rsa-sha256 and ed25519-sha256; CRLF-injection refused on operator-supplied authResults. Emits `dkim.arc.signed` audit on success."
+            },
+            {
+              "title": "`b.inbox.create` transactional dedupe-on-receive",
+              "body": "Companion to `b.outbox`. Guarantees exactly-once handling by recording every `(source, messageId)` pair in the same transaction as the business state change — duplicate delivery short-circuits via the `(source, message_id)` PRIMARY KEY. High-level `handle(opts, fn)` wraps `externalDb.transaction`; low-level `recordReceive` / `markProcessed` for operators managing transactions directly. Includes `declareSchema` / `sweep(retentionDays)` / `getStats` / `isFresh`; postgres + sqlite dialect support; audit emissions `inbox.received` / `handled` / `handle_failed` / `swept`."
+            },
+            {
+              "title": "`b.openapi.parse` + `b.asyncapi.parse`",
+              "body": "Validate external specs (only the build path existed previously). Returns `{ doc, errors[], valid }` covering version, info, paths / channels / operations, response.description, path-parameter `required:true`, and dangling security references."
+            },
+            {
+              "title": "`b.crypto.decryptMlkem768X25519` named decrypt helper",
+              "body": "Symmetric counterpart to the existing `encryptMlkem768X25519`. Rejects ciphertexts under any other KEM id at the head with a clear error rather than falling through the generic dispatch path."
+            },
+            {
+              "title": "`b.wsClient.cancelReconnect()` operator API",
+              "body": "Stops in-flight reconnect timers. `close()` mid-reconnect now also cancels the pending timer rather than returning early on the closed state."
+            }
+          ]
+        },
+        {
+          "heading": "Changed",
+          "items": [
+            {
+              "title": "`b.wsClient` hardening + extensions",
+              "body": "Adds `handshakeGuid` opt mirroring the server (operators with non-RFC-6455 GUIDs). Decompression-bomb defense via `zlib.inflateRawSync` `maxOutputLength` cap closes the small-frame-to-GB expansion. Fatal UTF-8 validation on text frames + close-frame reasons (RFC 6455 §5.6). Control-frame ≤125-byte cap + FIN=1 enforcement (RFC 6455 §5.5). RSV1-on-continuation rejection (RFC 7692 §6.1). Permanent-error classifier so 4xx handshake responses / accept-mismatch / bad-subprotocol / bad-upgrade / bad-status-line / message-too-big skip reconnect (no auth-failure hammering). `close(code, reason)` truncates >123-byte UTF-8 reasons at codepoint boundaries. `permessage-deflate` `server_max_window_bits` parsing with [8, 15] range enforcement. Audit metadata enriched with `bytesSent` / `bytesReceived` / `attempt` / `peerCertFingerprint` / `serverWindowBits` / `tls` / `permanent`. CRLF validation on the operator-supplied `Origin:` header matches the existing custom-header validation."
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "label": "RFC 8617 ARC",
+          "url": "https://www.rfc-editor.org/rfc/rfc8617.html"
+        },
+        {
+          "label": "RFC 6455 WebSocket",
+          "url": "https://www.rfc-editor.org/rfc/rfc6455.html"
+        },
+        {
+          "label": "RFC 7692 WebSocket permessage-deflate",
+          "url": "https://www.rfc-editor.org/rfc/rfc7692.html"
+        }
+      ]
+    }
+  ]
+}