@blamejs/blamejs-shop 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1220) hide show
  1. package/CHANGELOG.md +87 -0
  2. package/LICENSE +17 -0
  3. package/README.md +117 -0
  4. package/SECURITY.md +139 -0
  5. package/lib/admin.js +952 -0
  6. package/lib/analytics.js +267 -0
  7. package/lib/cart.js +279 -0
  8. package/lib/catalog-import.js +344 -0
  9. package/lib/catalog.js +769 -0
  10. package/lib/checkout.js +320 -0
  11. package/lib/config.js +151 -0
  12. package/lib/customers.js +322 -0
  13. package/lib/email.js +242 -0
  14. package/lib/externaldb-d1.js +283 -0
  15. package/lib/index.js +57 -0
  16. package/lib/inventory-alerts.js +198 -0
  17. package/lib/newsletter.js +142 -0
  18. package/lib/order.js +380 -0
  19. package/lib/payment.js +318 -0
  20. package/lib/pricing.js +185 -0
  21. package/lib/r2-bridge.js +169 -0
  22. package/lib/shipping.js +185 -0
  23. package/lib/storefront.js +2160 -0
  24. package/lib/subscriptions.js +410 -0
  25. package/lib/tax.js +161 -0
  26. package/lib/theme.js +194 -0
  27. package/lib/vendor/MANIFEST.json +19 -0
  28. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +23 -0
  29. package/lib/vendor/blamejs/.clusterfuzzlite/build.sh +34 -0
  30. package/lib/vendor/blamejs/.clusterfuzzlite/project.yaml +16 -0
  31. package/lib/vendor/blamejs/.dockerignore +45 -0
  32. package/lib/vendor/blamejs/.gitattributes +42 -0
  33. package/lib/vendor/blamejs/.github/CODEOWNERS +4 -0
  34. package/lib/vendor/blamejs/.github/FUNDING.yml +2 -0
  35. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/bug_report.md +58 -0
  36. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/config.yml +8 -0
  37. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/feature_request.md +99 -0
  38. package/lib/vendor/blamejs/.github/PULL_REQUEST_TEMPLATE.md +77 -0
  39. package/lib/vendor/blamejs/.github/dependabot.yml +37 -0
  40. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +148 -0
  41. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +107 -0
  42. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +122 -0
  43. package/lib/vendor/blamejs/.github/workflows/ci.yml +511 -0
  44. package/lib/vendor/blamejs/.github/workflows/codeql.yml +50 -0
  45. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +655 -0
  46. package/lib/vendor/blamejs/.github/workflows/release-container.yml +406 -0
  47. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +101 -0
  48. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +134 -0
  49. package/lib/vendor/blamejs/.gitignore +102 -0
  50. package/lib/vendor/blamejs/.gitleaks.toml +166 -0
  51. package/lib/vendor/blamejs/.hadolint.yaml +18 -0
  52. package/lib/vendor/blamejs/.npmrc +5 -0
  53. package/lib/vendor/blamejs/.pinact.yaml +17 -0
  54. package/lib/vendor/blamejs/ARCHITECTURE.md +158 -0
  55. package/lib/vendor/blamejs/CHANGELOG.md +1351 -0
  56. package/lib/vendor/blamejs/CODE_OF_CONDUCT.md +86 -0
  57. package/lib/vendor/blamejs/CONTRIBUTING.md +156 -0
  58. package/lib/vendor/blamejs/GOVERNANCE.md +201 -0
  59. package/lib/vendor/blamejs/LICENSE +201 -0
  60. package/lib/vendor/blamejs/LTS-CALENDAR.md +29 -0
  61. package/lib/vendor/blamejs/MIGRATING.md +29 -0
  62. package/lib/vendor/blamejs/NOTICE +81 -0
  63. package/lib/vendor/blamejs/README.md +304 -0
  64. package/lib/vendor/blamejs/SECURITY.md +432 -0
  65. package/lib/vendor/blamejs/api-snapshot.json +48709 -0
  66. package/lib/vendor/blamejs/assets/BlameJS_Logo.png +0 -0
  67. package/lib/vendor/blamejs/assets/BlameJS_Logo.svg +129 -0
  68. package/lib/vendor/blamejs/bench/README.md +77 -0
  69. package/lib/vendor/blamejs/bench/_helpers.js +70 -0
  70. package/lib/vendor/blamejs/bench/baseline.json +183 -0
  71. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +19 -0
  72. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +28 -0
  73. package/lib/vendor/blamejs/bench/run.js +140 -0
  74. package/lib/vendor/blamejs/bench/safe-json.bench.js +31 -0
  75. package/lib/vendor/blamejs/bin/blamejs.js +13 -0
  76. package/lib/vendor/blamejs/docker/caddy/Caddyfile +46 -0
  77. package/lib/vendor/blamejs/docker/coredns/Corefile +37 -0
  78. package/lib/vendor/blamejs/docker/haproxy/haproxy.cfg +52 -0
  79. package/lib/vendor/blamejs/docker/init/generate-certs.sh +118 -0
  80. package/lib/vendor/blamejs/docker/keycloak/realm-blamejs-test.json +87 -0
  81. package/lib/vendor/blamejs/docker/mitmproxy/config.yaml +16 -0
  82. package/lib/vendor/blamejs/docker/mongo/init-tls.sh +17 -0
  83. package/lib/vendor/blamejs/docker/mysql/my.cnf +12 -0
  84. package/lib/vendor/blamejs/docker/nats/nats.conf +33 -0
  85. package/lib/vendor/blamejs/docker/postgres/init-tls.sh +17 -0
  86. package/lib/vendor/blamejs/docker/postgres/postgresql.conf +18 -0
  87. package/lib/vendor/blamejs/docker/rabbitmq/rabbitmq.conf +18 -0
  88. package/lib/vendor/blamejs/docker/redis/redis.conf +15 -0
  89. package/lib/vendor/blamejs/docker/squid/squid.conf +24 -0
  90. package/lib/vendor/blamejs/docker/syslog/syslog-ng.conf +34 -0
  91. package/lib/vendor/blamejs/docker-compose.test.yml +545 -0
  92. package/lib/vendor/blamejs/docs/cis-postgres-crosswalk.md +102 -0
  93. package/lib/vendor/blamejs/docs/cis-sqlite-equivalent.md +92 -0
  94. package/lib/vendor/blamejs/eslint.config.mjs +204 -0
  95. package/lib/vendor/blamejs/examples/wiki/Caddyfile +40 -0
  96. package/lib/vendor/blamejs/examples/wiki/DEPLOY.md +218 -0
  97. package/lib/vendor/blamejs/examples/wiki/Dockerfile +120 -0
  98. package/lib/vendor/blamejs/examples/wiki/README.md +157 -0
  99. package/lib/vendor/blamejs/examples/wiki/cli-snapshot.json +250 -0
  100. package/lib/vendor/blamejs/examples/wiki/docker-compose.prod.yml +231 -0
  101. package/lib/vendor/blamejs/examples/wiki/docker-compose.yml +166 -0
  102. package/lib/vendor/blamejs/examples/wiki/env-snapshot.json +217 -0
  103. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +139 -0
  104. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +555 -0
  105. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +507 -0
  106. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +435 -0
  107. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +282 -0
  108. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +321 -0
  109. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +15 -0
  110. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +75 -0
  111. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +508 -0
  112. package/lib/vendor/blamejs/examples/wiki/lib/section.js +276 -0
  113. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +587 -0
  114. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +318 -0
  115. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +122 -0
  116. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +74 -0
  117. package/lib/vendor/blamejs/examples/wiki/package.json +18 -0
  118. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.png +0 -0
  119. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.svg +129 -0
  120. package/lib/vendor/blamejs/examples/wiki/public/robots.txt +5 -0
  121. package/lib/vendor/blamejs/examples/wiki/public/vendor/MANIFEST.json +30 -0
  122. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.css +1 -0
  123. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.js +15 -0
  124. package/lib/vendor/blamejs/examples/wiki/public/wiki.css +1250 -0
  125. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +366 -0
  126. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +230 -0
  127. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +266 -0
  128. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +214 -0
  129. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +35 -0
  130. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +34 -0
  131. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +76 -0
  132. package/lib/vendor/blamejs/examples/wiki/server.js +129 -0
  133. package/lib/vendor/blamejs/examples/wiki/site.config.js +197 -0
  134. package/lib/vendor/blamejs/examples/wiki/snippets/README.md +38 -0
  135. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +15 -0
  136. package/lib/vendor/blamejs/examples/wiki/src/editor.js +103 -0
  137. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +349 -0
  138. package/lib/vendor/blamejs/examples/wiki/test/AUDIT.md +155 -0
  139. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +594 -0
  140. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +741 -0
  141. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +254 -0
  142. package/lib/vendor/blamejs/examples/wiki/test/integration.js +391 -0
  143. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +379 -0
  144. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +346 -0
  145. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +212 -0
  146. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +252 -0
  147. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +107 -0
  148. package/lib/vendor/blamejs/examples/wiki/views/_layout.html +115 -0
  149. package/lib/vendor/blamejs/examples/wiki/views/admin/api-keys.html +51 -0
  150. package/lib/vendor/blamejs/examples/wiki/views/admin/dashboard.html +22 -0
  151. package/lib/vendor/blamejs/examples/wiki/views/admin/edit.html +17 -0
  152. package/lib/vendor/blamejs/examples/wiki/views/home.html +85 -0
  153. package/lib/vendor/blamejs/examples/wiki/views/login.html +18 -0
  154. package/lib/vendor/blamejs/examples/wiki/views/page.html +5 -0
  155. package/lib/vendor/blamejs/examples/wiki/views/partials/nav.html +13 -0
  156. package/lib/vendor/blamejs/examples/wiki/views/search.html +19 -0
  157. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +15 -0
  158. package/lib/vendor/blamejs/fuzz/README.md +137 -0
  159. package/lib/vendor/blamejs/fuzz/_expected.js +35 -0
  160. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +22 -0
  161. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +16 -0
  162. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/01-basic.csv +3 -0
  163. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/02-formula.csv +1 -0
  164. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/03-hyperlink.csv +1 -0
  165. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +22 -0
  166. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +16 -0
  167. package/lib/vendor/blamejs/fuzz/guard-email_seed_corpus/01-basic.eml +5 -0
  168. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +24 -0
  169. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +24 -0
  170. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +20 -0
  171. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +16 -0
  172. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/01-basic.html +1 -0
  173. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/02-script.html +1 -0
  174. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/03-event.html +1 -0
  175. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/04-jsurl.html +1 -0
  176. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +20 -0
  177. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +35 -0
  178. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +41 -0
  179. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +16 -0
  180. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/01-basic.json +1 -0
  181. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/02-proto.json +1 -0
  182. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/03-dupkey.json +1 -0
  183. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/04-nan.json +1 -0
  184. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/05-bom.json +1 -0
  185. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +21 -0
  186. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +25 -0
  187. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +22 -0
  188. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +22 -0
  189. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +27 -0
  190. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +23 -0
  191. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +36 -0
  192. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +26 -0
  193. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +16 -0
  194. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/01-basic.md +2 -0
  195. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/02-jsurl.md +1 -0
  196. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/03-jsimg.md +1 -0
  197. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +26 -0
  198. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +23 -0
  199. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +22 -0
  200. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +32 -0
  201. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +27 -0
  202. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +22 -0
  203. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +22 -0
  204. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +16 -0
  205. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/01-basic.svg +1 -0
  206. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/02-script.svg +1 -0
  207. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +20 -0
  208. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +30 -0
  209. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +16 -0
  210. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/01-basic.xml +1 -0
  211. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/02-xxe.xml +1 -0
  212. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +16 -0
  213. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/01-basic.yaml +2 -0
  214. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/02-anchor.yaml +2 -0
  215. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/03-norway.yaml +1 -0
  216. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/04-multidoc.yaml +4 -0
  217. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +16 -0
  218. package/lib/vendor/blamejs/fuzz/parsers__safe-ini_seed_corpus/01-basic.ini +2 -0
  219. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +16 -0
  220. package/lib/vendor/blamejs/fuzz/parsers__safe-toml_seed_corpus/01-basic.toml +4 -0
  221. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +16 -0
  222. package/lib/vendor/blamejs/fuzz/parsers__safe-xml_seed_corpus/01-basic.xml +1 -0
  223. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +16 -0
  224. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml_seed_corpus/01-basic.yaml +4 -0
  225. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +49 -0
  226. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +29 -0
  227. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +16 -0
  228. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +42 -0
  229. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +25 -0
  230. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/01-object.txt +1 -0
  231. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/02-array.txt +1 -0
  232. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/03-string.txt +1 -0
  233. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/04-proto.txt +1 -0
  234. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/05-deep.txt +1 -0
  235. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +16 -0
  236. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/01-basic.txt +1 -0
  237. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/02-filter.txt +1 -0
  238. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/03-deepscan.txt +1 -0
  239. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/04-slice.txt +1 -0
  240. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +27 -0
  241. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +33 -0
  242. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +28 -0
  243. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +64 -0
  244. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +16 -0
  245. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/01-basic.txt +1 -0
  246. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/02-userinfo.txt +1 -0
  247. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/03-dangerous.txt +1 -0
  248. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/04-data.txt +1 -0
  249. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/05-ipv6.txt +1 -0
  250. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/06-idn.txt +1 -0
  251. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +16 -0
  252. package/lib/vendor/blamejs/index.js +678 -0
  253. package/lib/vendor/blamejs/keys/release-pqc-pub.json +7 -0
  254. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +67 -0
  255. package/lib/vendor/blamejs/lib/a2a-tasks.js +598 -0
  256. package/lib/vendor/blamejs/lib/a2a.js +407 -0
  257. package/lib/vendor/blamejs/lib/acme.js +1448 -0
  258. package/lib/vendor/blamejs/lib/agent-audit.js +45 -0
  259. package/lib/vendor/blamejs/lib/agent-event-bus.js +382 -0
  260. package/lib/vendor/blamejs/lib/agent-idempotency.js +497 -0
  261. package/lib/vendor/blamejs/lib/agent-orchestrator.js +717 -0
  262. package/lib/vendor/blamejs/lib/agent-posture-chain.js +366 -0
  263. package/lib/vendor/blamejs/lib/agent-saga.js +321 -0
  264. package/lib/vendor/blamejs/lib/agent-snapshot.js +676 -0
  265. package/lib/vendor/blamejs/lib/agent-stream.js +269 -0
  266. package/lib/vendor/blamejs/lib/agent-tenant.js +632 -0
  267. package/lib/vendor/blamejs/lib/agent-trace.js +281 -0
  268. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +184 -0
  269. package/lib/vendor/blamejs/lib/ai-content-detect.js +268 -0
  270. package/lib/vendor/blamejs/lib/ai-input.js +201 -0
  271. package/lib/vendor/blamejs/lib/ai-model-manifest.js +363 -0
  272. package/lib/vendor/blamejs/lib/ai-pref.js +340 -0
  273. package/lib/vendor/blamejs/lib/api-key.js +721 -0
  274. package/lib/vendor/blamejs/lib/api-snapshot.js +458 -0
  275. package/lib/vendor/blamejs/lib/app-shutdown.js +557 -0
  276. package/lib/vendor/blamejs/lib/app.js +365 -0
  277. package/lib/vendor/blamejs/lib/archive.js +547 -0
  278. package/lib/vendor/blamejs/lib/arg-parser.js +697 -0
  279. package/lib/vendor/blamejs/lib/argon2-builtin.js +173 -0
  280. package/lib/vendor/blamejs/lib/asn1-der.js +424 -0
  281. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +160 -0
  282. package/lib/vendor/blamejs/lib/asyncapi-traits.js +143 -0
  283. package/lib/vendor/blamejs/lib/asyncapi.js +575 -0
  284. package/lib/vendor/blamejs/lib/atomic-file.js +1023 -0
  285. package/lib/vendor/blamejs/lib/audit-chain.js +266 -0
  286. package/lib/vendor/blamejs/lib/audit-daily-review.js +389 -0
  287. package/lib/vendor/blamejs/lib/audit-sign.js +751 -0
  288. package/lib/vendor/blamejs/lib/audit-tools.js +1113 -0
  289. package/lib/vendor/blamejs/lib/audit.js +1671 -0
  290. package/lib/vendor/blamejs/lib/auth/aal.js +169 -0
  291. package/lib/vendor/blamejs/lib/auth/access-lock.js +220 -0
  292. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +265 -0
  293. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +112 -0
  294. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +111 -0
  295. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +573 -0
  296. package/lib/vendor/blamejs/lib/auth/ciba.js +637 -0
  297. package/lib/vendor/blamejs/lib/auth/dpop.js +516 -0
  298. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +306 -0
  299. package/lib/vendor/blamejs/lib/auth/fal.js +229 -0
  300. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +681 -0
  301. package/lib/vendor/blamejs/lib/auth/jwt-external.js +519 -0
  302. package/lib/vendor/blamejs/lib/auth/jwt.js +430 -0
  303. package/lib/vendor/blamejs/lib/auth/lockout.js +449 -0
  304. package/lib/vendor/blamejs/lib/auth/oauth.js +2141 -0
  305. package/lib/vendor/blamejs/lib/auth/oid4vci.js +657 -0
  306. package/lib/vendor/blamejs/lib/auth/oid4vp.js +531 -0
  307. package/lib/vendor/blamejs/lib/auth/openid-federation.js +600 -0
  308. package/lib/vendor/blamejs/lib/auth/passkey.js +676 -0
  309. package/lib/vendor/blamejs/lib/auth/password.js +693 -0
  310. package/lib/vendor/blamejs/lib/auth/saml.js +2109 -0
  311. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +95 -0
  312. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +225 -0
  313. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +197 -0
  314. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +728 -0
  315. package/lib/vendor/blamejs/lib/auth/status-list.js +272 -0
  316. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +335 -0
  317. package/lib/vendor/blamejs/lib/auth/step-up.js +454 -0
  318. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +505 -0
  319. package/lib/vendor/blamejs/lib/auth-header.js +148 -0
  320. package/lib/vendor/blamejs/lib/backup/bundle.js +265 -0
  321. package/lib/vendor/blamejs/lib/backup/crypto.js +176 -0
  322. package/lib/vendor/blamejs/lib/backup/index.js +1001 -0
  323. package/lib/vendor/blamejs/lib/backup/manifest.js +443 -0
  324. package/lib/vendor/blamejs/lib/boot-gates.js +174 -0
  325. package/lib/vendor/blamejs/lib/breach-deadline.js +272 -0
  326. package/lib/vendor/blamejs/lib/break-glass.js +1753 -0
  327. package/lib/vendor/blamejs/lib/budr.js +205 -0
  328. package/lib/vendor/blamejs/lib/bundler.js +461 -0
  329. package/lib/vendor/blamejs/lib/cache-redis.js +256 -0
  330. package/lib/vendor/blamejs/lib/cache-status.js +288 -0
  331. package/lib/vendor/blamejs/lib/cache.js +1331 -0
  332. package/lib/vendor/blamejs/lib/calendar.js +1240 -0
  333. package/lib/vendor/blamejs/lib/canonical-json.js +143 -0
  334. package/lib/vendor/blamejs/lib/cdn-cache-control.js +473 -0
  335. package/lib/vendor/blamejs/lib/cert.js +763 -0
  336. package/lib/vendor/blamejs/lib/chain-writer.js +259 -0
  337. package/lib/vendor/blamejs/lib/circuit-breaker.js +101 -0
  338. package/lib/vendor/blamejs/lib/cli-helpers.js +237 -0
  339. package/lib/vendor/blamejs/lib/cli.js +2328 -0
  340. package/lib/vendor/blamejs/lib/client-hints.js +318 -0
  341. package/lib/vendor/blamejs/lib/cloud-events.js +277 -0
  342. package/lib/vendor/blamejs/lib/cluster-provider-db.js +317 -0
  343. package/lib/vendor/blamejs/lib/cluster-storage.js +351 -0
  344. package/lib/vendor/blamejs/lib/cluster.js +1017 -0
  345. package/lib/vendor/blamejs/lib/cms-codec.js +826 -0
  346. package/lib/vendor/blamejs/lib/codepoint-class.js +262 -0
  347. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +190 -0
  348. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +205 -0
  349. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +189 -0
  350. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +200 -0
  351. package/lib/vendor/blamejs/lib/compliance-ai-act.js +821 -0
  352. package/lib/vendor/blamejs/lib/compliance-eaa.js +204 -0
  353. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +167 -0
  354. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +206 -0
  355. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +297 -0
  356. package/lib/vendor/blamejs/lib/compliance-sanctions.js +569 -0
  357. package/lib/vendor/blamejs/lib/compliance.js +1558 -0
  358. package/lib/vendor/blamejs/lib/config-drift.js +426 -0
  359. package/lib/vendor/blamejs/lib/config.js +446 -0
  360. package/lib/vendor/blamejs/lib/consent.js +369 -0
  361. package/lib/vendor/blamejs/lib/constants.js +209 -0
  362. package/lib/vendor/blamejs/lib/content-credentials.js +704 -0
  363. package/lib/vendor/blamejs/lib/cookies.js +560 -0
  364. package/lib/vendor/blamejs/lib/cra-report.js +299 -0
  365. package/lib/vendor/blamejs/lib/credential-hash.js +394 -0
  366. package/lib/vendor/blamejs/lib/crypto-field.js +1017 -0
  367. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +187 -0
  368. package/lib/vendor/blamejs/lib/crypto-hpke.js +256 -0
  369. package/lib/vendor/blamejs/lib/crypto.js +1908 -0
  370. package/lib/vendor/blamejs/lib/csp.js +271 -0
  371. package/lib/vendor/blamejs/lib/csv.js +418 -0
  372. package/lib/vendor/blamejs/lib/daemon.js +481 -0
  373. package/lib/vendor/blamejs/lib/dark-patterns.js +488 -0
  374. package/lib/vendor/blamejs/lib/data-act.js +328 -0
  375. package/lib/vendor/blamejs/lib/db-collection.js +587 -0
  376. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +267 -0
  377. package/lib/vendor/blamejs/lib/db-declare-view.js +420 -0
  378. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +333 -0
  379. package/lib/vendor/blamejs/lib/db-query.js +802 -0
  380. package/lib/vendor/blamejs/lib/db-role-context.js +50 -0
  381. package/lib/vendor/blamejs/lib/db-schema.js +322 -0
  382. package/lib/vendor/blamejs/lib/db.js +3111 -0
  383. package/lib/vendor/blamejs/lib/dbsc.js +299 -0
  384. package/lib/vendor/blamejs/lib/ddl-change-control.js +523 -0
  385. package/lib/vendor/blamejs/lib/deprecate.js +377 -0
  386. package/lib/vendor/blamejs/lib/dev.js +405 -0
  387. package/lib/vendor/blamejs/lib/dora.js +402 -0
  388. package/lib/vendor/blamejs/lib/dr-runbook.js +368 -0
  389. package/lib/vendor/blamejs/lib/dsr.js +1188 -0
  390. package/lib/vendor/blamejs/lib/dual-control.js +526 -0
  391. package/lib/vendor/blamejs/lib/early-hints.js +212 -0
  392. package/lib/vendor/blamejs/lib/error-page.js +420 -0
  393. package/lib/vendor/blamejs/lib/events.js +214 -0
  394. package/lib/vendor/blamejs/lib/external-db-migrate.js +659 -0
  395. package/lib/vendor/blamejs/lib/external-db.js +1877 -0
  396. package/lib/vendor/blamejs/lib/fapi2.js +394 -0
  397. package/lib/vendor/blamejs/lib/fda-21cfr11.js +395 -0
  398. package/lib/vendor/blamejs/lib/fdx.js +370 -0
  399. package/lib/vendor/blamejs/lib/fedcm.js +264 -0
  400. package/lib/vendor/blamejs/lib/file-type.js +360 -0
  401. package/lib/vendor/blamejs/lib/file-upload.js +1256 -0
  402. package/lib/vendor/blamejs/lib/flag-cache.js +136 -0
  403. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +135 -0
  404. package/lib/vendor/blamejs/lib/flag-providers.js +279 -0
  405. package/lib/vendor/blamejs/lib/flag-targeting.js +210 -0
  406. package/lib/vendor/blamejs/lib/flag.js +346 -0
  407. package/lib/vendor/blamejs/lib/forms.js +525 -0
  408. package/lib/vendor/blamejs/lib/framework-error.js +724 -0
  409. package/lib/vendor/blamejs/lib/framework-schema.js +845 -0
  410. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +34 -0
  411. package/lib/vendor/blamejs/lib/fsm.js +469 -0
  412. package/lib/vendor/blamejs/lib/gate-contract.js +1661 -0
  413. package/lib/vendor/blamejs/lib/gdpr-ropa.js +261 -0
  414. package/lib/vendor/blamejs/lib/graphql-federation.js +234 -0
  415. package/lib/vendor/blamejs/lib/guard-agent-registry.js +179 -0
  416. package/lib/vendor/blamejs/lib/guard-all.js +555 -0
  417. package/lib/vendor/blamejs/lib/guard-archive.js +901 -0
  418. package/lib/vendor/blamejs/lib/guard-auth.js +451 -0
  419. package/lib/vendor/blamejs/lib/guard-cidr.js +676 -0
  420. package/lib/vendor/blamejs/lib/guard-csv.js +1176 -0
  421. package/lib/vendor/blamejs/lib/guard-domain.js +814 -0
  422. package/lib/vendor/blamejs/lib/guard-dsn.js +382 -0
  423. package/lib/vendor/blamejs/lib/guard-email.js +951 -0
  424. package/lib/vendor/blamejs/lib/guard-envelope.js +294 -0
  425. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +217 -0
  426. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +150 -0
  427. package/lib/vendor/blamejs/lib/guard-filename.js +956 -0
  428. package/lib/vendor/blamejs/lib/guard-graphql.js +731 -0
  429. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +164 -0
  430. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +144 -0
  431. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +154 -0
  432. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +44 -0
  433. package/lib/vendor/blamejs/lib/guard-html-wcag.js +470 -0
  434. package/lib/vendor/blamejs/lib/guard-html.js +1209 -0
  435. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +151 -0
  436. package/lib/vendor/blamejs/lib/guard-image.js +584 -0
  437. package/lib/vendor/blamejs/lib/guard-imap-command.js +337 -0
  438. package/lib/vendor/blamejs/lib/guard-jmap.js +321 -0
  439. package/lib/vendor/blamejs/lib/guard-json.js +935 -0
  440. package/lib/vendor/blamejs/lib/guard-jsonpath.js +512 -0
  441. package/lib/vendor/blamejs/lib/guard-jwt.js +772 -0
  442. package/lib/vendor/blamejs/lib/guard-list-id.js +318 -0
  443. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +412 -0
  444. package/lib/vendor/blamejs/lib/guard-mail-compose.js +282 -0
  445. package/lib/vendor/blamejs/lib/guard-mail-move.js +202 -0
  446. package/lib/vendor/blamejs/lib/guard-mail-query.js +310 -0
  447. package/lib/vendor/blamejs/lib/guard-mail-reply.js +172 -0
  448. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +207 -0
  449. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +566 -0
  450. package/lib/vendor/blamejs/lib/guard-markdown.js +768 -0
  451. package/lib/vendor/blamejs/lib/guard-message-id.js +267 -0
  452. package/lib/vendor/blamejs/lib/guard-mime.js +609 -0
  453. package/lib/vendor/blamejs/lib/guard-oauth.js +650 -0
  454. package/lib/vendor/blamejs/lib/guard-pdf.js +569 -0
  455. package/lib/vendor/blamejs/lib/guard-pop3-command.js +317 -0
  456. package/lib/vendor/blamejs/lib/guard-posture-chain.js +201 -0
  457. package/lib/vendor/blamejs/lib/guard-regex.js +632 -0
  458. package/lib/vendor/blamejs/lib/guard-saga-config.js +157 -0
  459. package/lib/vendor/blamejs/lib/guard-shell.js +522 -0
  460. package/lib/vendor/blamejs/lib/guard-smtp-command.js +594 -0
  461. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +168 -0
  462. package/lib/vendor/blamejs/lib/guard-stream-args.js +166 -0
  463. package/lib/vendor/blamejs/lib/guard-svg.js +1163 -0
  464. package/lib/vendor/blamejs/lib/guard-template.js +490 -0
  465. package/lib/vendor/blamejs/lib/guard-tenant-id.js +138 -0
  466. package/lib/vendor/blamejs/lib/guard-time.js +586 -0
  467. package/lib/vendor/blamejs/lib/guard-trace-context.js +172 -0
  468. package/lib/vendor/blamejs/lib/guard-uuid.js +548 -0
  469. package/lib/vendor/blamejs/lib/guard-xml.js +666 -0
  470. package/lib/vendor/blamejs/lib/guard-yaml.js +726 -0
  471. package/lib/vendor/blamejs/lib/hal.js +125 -0
  472. package/lib/vendor/blamejs/lib/handlers.js +350 -0
  473. package/lib/vendor/blamejs/lib/honeytoken.js +168 -0
  474. package/lib/vendor/blamejs/lib/html-balance.js +347 -0
  475. package/lib/vendor/blamejs/lib/http-client-cache.js +923 -0
  476. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +519 -0
  477. package/lib/vendor/blamejs/lib/http-client.js +2152 -0
  478. package/lib/vendor/blamejs/lib/http-message-signature.js +589 -0
  479. package/lib/vendor/blamejs/lib/http2-teardown.js +34 -0
  480. package/lib/vendor/blamejs/lib/i18n-messageformat.js +398 -0
  481. package/lib/vendor/blamejs/lib/i18n.js +931 -0
  482. package/lib/vendor/blamejs/lib/iab-mspa.js +257 -0
  483. package/lib/vendor/blamejs/lib/iab-tcf.js +461 -0
  484. package/lib/vendor/blamejs/lib/importmap-integrity.js +90 -0
  485. package/lib/vendor/blamejs/lib/inbox.js +435 -0
  486. package/lib/vendor/blamejs/lib/incident-report.js +314 -0
  487. package/lib/vendor/blamejs/lib/ip-utils.js +102 -0
  488. package/lib/vendor/blamejs/lib/jobs.js +185 -0
  489. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +228 -0
  490. package/lib/vendor/blamejs/lib/jsonapi.js +230 -0
  491. package/lib/vendor/blamejs/lib/keychain.js +865 -0
  492. package/lib/vendor/blamejs/lib/lazy-require.js +48 -0
  493. package/lib/vendor/blamejs/lib/legal-hold.js +374 -0
  494. package/lib/vendor/blamejs/lib/local-db-thin.js +321 -0
  495. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +369 -0
  496. package/lib/vendor/blamejs/lib/log-stream-local.js +146 -0
  497. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +410 -0
  498. package/lib/vendor/blamejs/lib/log-stream-otlp.js +286 -0
  499. package/lib/vendor/blamejs/lib/log-stream-syslog.js +310 -0
  500. package/lib/vendor/blamejs/lib/log-stream-webhook.js +199 -0
  501. package/lib/vendor/blamejs/lib/log-stream.js +584 -0
  502. package/lib/vendor/blamejs/lib/log.js +625 -0
  503. package/lib/vendor/blamejs/lib/lro.js +200 -0
  504. package/lib/vendor/blamejs/lib/mail-agent.js +786 -0
  505. package/lib/vendor/blamejs/lib/mail-arc-sign.js +417 -0
  506. package/lib/vendor/blamejs/lib/mail-arf.js +343 -0
  507. package/lib/vendor/blamejs/lib/mail-auth.js +2144 -0
  508. package/lib/vendor/blamejs/lib/mail-bimi.js +1047 -0
  509. package/lib/vendor/blamejs/lib/mail-bounce.js +955 -0
  510. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +1286 -0
  511. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +789 -0
  512. package/lib/vendor/blamejs/lib/mail-crypto.js +108 -0
  513. package/lib/vendor/blamejs/lib/mail-dav.js +1224 -0
  514. package/lib/vendor/blamejs/lib/mail-deploy.js +1119 -0
  515. package/lib/vendor/blamejs/lib/mail-dkim.js +1250 -0
  516. package/lib/vendor/blamejs/lib/mail-greylist.js +448 -0
  517. package/lib/vendor/blamejs/lib/mail-helo.js +473 -0
  518. package/lib/vendor/blamejs/lib/mail-journal.js +435 -0
  519. package/lib/vendor/blamejs/lib/mail-mdn.js +424 -0
  520. package/lib/vendor/blamejs/lib/mail-rbl.js +392 -0
  521. package/lib/vendor/blamejs/lib/mail-require-tls.js +198 -0
  522. package/lib/vendor/blamejs/lib/mail-scan.js +502 -0
  523. package/lib/vendor/blamejs/lib/mail-send-deliver.js +629 -0
  524. package/lib/vendor/blamejs/lib/mail-server-imap.js +1858 -0
  525. package/lib/vendor/blamejs/lib/mail-server-jmap.js +1565 -0
  526. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +908 -0
  527. package/lib/vendor/blamejs/lib/mail-server-mx.js +969 -0
  528. package/lib/vendor/blamejs/lib/mail-server-pop3.js +915 -0
  529. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +315 -0
  530. package/lib/vendor/blamejs/lib/mail-server-registry.js +378 -0
  531. package/lib/vendor/blamejs/lib/mail-server-submission.js +1396 -0
  532. package/lib/vendor/blamejs/lib/mail-server-tls.js +445 -0
  533. package/lib/vendor/blamejs/lib/mail-sieve.js +557 -0
  534. package/lib/vendor/blamejs/lib/mail-spam-score.js +284 -0
  535. package/lib/vendor/blamejs/lib/mail-srs.js +248 -0
  536. package/lib/vendor/blamejs/lib/mail-store-fts.js +394 -0
  537. package/lib/vendor/blamejs/lib/mail-store.js +929 -0
  538. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +400 -0
  539. package/lib/vendor/blamejs/lib/mail.js +1971 -0
  540. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +473 -0
  541. package/lib/vendor/blamejs/lib/mcp.js +950 -0
  542. package/lib/vendor/blamejs/lib/metrics.js +1503 -0
  543. package/lib/vendor/blamejs/lib/middleware/age-gate.js +177 -0
  544. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +203 -0
  545. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +981 -0
  546. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +137 -0
  547. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +171 -0
  548. package/lib/vendor/blamejs/lib/middleware/attach-user.js +220 -0
  549. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +293 -0
  550. package/lib/vendor/blamejs/lib/middleware/body-parser.js +1519 -0
  551. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +183 -0
  552. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +217 -0
  553. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +122 -0
  554. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +355 -0
  555. package/lib/vendor/blamejs/lib/middleware/compression.js +489 -0
  556. package/lib/vendor/blamejs/lib/middleware/cookies.js +130 -0
  557. package/lib/vendor/blamejs/lib/middleware/cors.js +386 -0
  558. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +388 -0
  559. package/lib/vendor/blamejs/lib/middleware/csp-report.js +167 -0
  560. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +499 -0
  561. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +243 -0
  562. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +304 -0
  563. package/lib/vendor/blamejs/lib/middleware/dpop.js +402 -0
  564. package/lib/vendor/blamejs/lib/middleware/error-handler.js +69 -0
  565. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +168 -0
  566. package/lib/vendor/blamejs/lib/middleware/flag-context.js +110 -0
  567. package/lib/vendor/blamejs/lib/middleware/gpc.js +153 -0
  568. package/lib/vendor/blamejs/lib/middleware/headers.js +242 -0
  569. package/lib/vendor/blamejs/lib/middleware/health.js +438 -0
  570. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +189 -0
  571. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +964 -0
  572. package/lib/vendor/blamejs/lib/middleware/index.js +183 -0
  573. package/lib/vendor/blamejs/lib/middleware/nel.js +214 -0
  574. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +237 -0
  575. package/lib/vendor/blamejs/lib/middleware/no-cache.js +106 -0
  576. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +177 -0
  577. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +277 -0
  578. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +556 -0
  579. package/lib/vendor/blamejs/lib/middleware/request-id.js +79 -0
  580. package/lib/vendor/blamejs/lib/middleware/request-log.js +205 -0
  581. package/lib/vendor/blamejs/lib/middleware/require-aal.js +138 -0
  582. package/lib/vendor/blamejs/lib/middleware/require-auth.js +144 -0
  583. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +290 -0
  584. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +113 -0
  585. package/lib/vendor/blamejs/lib/middleware/require-methods.js +97 -0
  586. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +212 -0
  587. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +226 -0
  588. package/lib/vendor/blamejs/lib/middleware/scim-server.js +375 -0
  589. package/lib/vendor/blamejs/lib/middleware/security-headers.js +285 -0
  590. package/lib/vendor/blamejs/lib/middleware/security-txt.js +170 -0
  591. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +280 -0
  592. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +323 -0
  593. package/lib/vendor/blamejs/lib/middleware/sse.js +200 -0
  594. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +167 -0
  595. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +148 -0
  596. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +749 -0
  597. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +164 -0
  598. package/lib/vendor/blamejs/lib/migration-files.js +37 -0
  599. package/lib/vendor/blamejs/lib/migrations.js +385 -0
  600. package/lib/vendor/blamejs/lib/mime-parse.js +198 -0
  601. package/lib/vendor/blamejs/lib/money.js +699 -0
  602. package/lib/vendor/blamejs/lib/mtls-ca.js +572 -0
  603. package/lib/vendor/blamejs/lib/mtls-engine-default.js +501 -0
  604. package/lib/vendor/blamejs/lib/network-byte-quota.js +308 -0
  605. package/lib/vendor/blamejs/lib/network-dns-resolver.js +533 -0
  606. package/lib/vendor/blamejs/lib/network-dns.js +1930 -0
  607. package/lib/vendor/blamejs/lib/network-heartbeat.js +425 -0
  608. package/lib/vendor/blamejs/lib/network-nts.js +574 -0
  609. package/lib/vendor/blamejs/lib/network-proxy.js +265 -0
  610. package/lib/vendor/blamejs/lib/network-smtp-policy.js +836 -0
  611. package/lib/vendor/blamejs/lib/network-tls.js +3126 -0
  612. package/lib/vendor/blamejs/lib/network.js +346 -0
  613. package/lib/vendor/blamejs/lib/nis2-report.js +181 -0
  614. package/lib/vendor/blamejs/lib/nist-crosswalk.js +293 -0
  615. package/lib/vendor/blamejs/lib/nonce-store.js +177 -0
  616. package/lib/vendor/blamejs/lib/notify.js +683 -0
  617. package/lib/vendor/blamejs/lib/ntp-check.js +458 -0
  618. package/lib/vendor/blamejs/lib/numeric-bounds.js +111 -0
  619. package/lib/vendor/blamejs/lib/numeric-checks.js +40 -0
  620. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +349 -0
  621. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +488 -0
  622. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +351 -0
  623. package/lib/vendor/blamejs/lib/object-store/gcs.js +515 -0
  624. package/lib/vendor/blamejs/lib/object-store/http-put.js +153 -0
  625. package/lib/vendor/blamejs/lib/object-store/http-request.js +38 -0
  626. package/lib/vendor/blamejs/lib/object-store/index.js +197 -0
  627. package/lib/vendor/blamejs/lib/object-store/local.js +163 -0
  628. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +1133 -0
  629. package/lib/vendor/blamejs/lib/object-store/sigv4.js +957 -0
  630. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +420 -0
  631. package/lib/vendor/blamejs/lib/observability-tracer.js +395 -0
  632. package/lib/vendor/blamejs/lib/observability.js +720 -0
  633. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +248 -0
  634. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +192 -0
  635. package/lib/vendor/blamejs/lib/openapi-security.js +169 -0
  636. package/lib/vendor/blamejs/lib/openapi-yaml.js +154 -0
  637. package/lib/vendor/blamejs/lib/openapi.js +489 -0
  638. package/lib/vendor/blamejs/lib/otel-export.js +278 -0
  639. package/lib/vendor/blamejs/lib/outbox.js +547 -0
  640. package/lib/vendor/blamejs/lib/pagination.js +542 -0
  641. package/lib/vendor/blamejs/lib/parsers/index.js +91 -0
  642. package/lib/vendor/blamejs/lib/parsers/safe-env.js +642 -0
  643. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +293 -0
  644. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +784 -0
  645. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +390 -0
  646. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +1015 -0
  647. package/lib/vendor/blamejs/lib/permissions.js +793 -0
  648. package/lib/vendor/blamejs/lib/pick.js +105 -0
  649. package/lib/vendor/blamejs/lib/pqc-agent.js +351 -0
  650. package/lib/vendor/blamejs/lib/pqc-gate.js +279 -0
  651. package/lib/vendor/blamejs/lib/pqc-software.js +271 -0
  652. package/lib/vendor/blamejs/lib/problem-details.js +482 -0
  653. package/lib/vendor/blamejs/lib/process-spawn.js +196 -0
  654. package/lib/vendor/blamejs/lib/promise-pool.js +162 -0
  655. package/lib/vendor/blamejs/lib/protobuf-encoder.js +190 -0
  656. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +161 -0
  657. package/lib/vendor/blamejs/lib/public-suffix.js +403 -0
  658. package/lib/vendor/blamejs/lib/pubsub-cluster.js +154 -0
  659. package/lib/vendor/blamejs/lib/pubsub-redis.js +167 -0
  660. package/lib/vendor/blamejs/lib/pubsub.js +463 -0
  661. package/lib/vendor/blamejs/lib/queue-local.js +476 -0
  662. package/lib/vendor/blamejs/lib/queue-redis.js +745 -0
  663. package/lib/vendor/blamejs/lib/queue-sqs.js +319 -0
  664. package/lib/vendor/blamejs/lib/queue.js +1016 -0
  665. package/lib/vendor/blamejs/lib/redact.js +1007 -0
  666. package/lib/vendor/blamejs/lib/redis-client.js +520 -0
  667. package/lib/vendor/blamejs/lib/render.js +285 -0
  668. package/lib/vendor/blamejs/lib/request-helpers.js +767 -0
  669. package/lib/vendor/blamejs/lib/resource-access-lock.js +116 -0
  670. package/lib/vendor/blamejs/lib/restore-bundle.js +340 -0
  671. package/lib/vendor/blamejs/lib/restore-rollback.js +365 -0
  672. package/lib/vendor/blamejs/lib/restore.js +409 -0
  673. package/lib/vendor/blamejs/lib/retention.js +640 -0
  674. package/lib/vendor/blamejs/lib/retry.js +523 -0
  675. package/lib/vendor/blamejs/lib/router.js +1289 -0
  676. package/lib/vendor/blamejs/lib/safe-async.js +1184 -0
  677. package/lib/vendor/blamejs/lib/safe-buffer.js +562 -0
  678. package/lib/vendor/blamejs/lib/safe-decompress.js +297 -0
  679. package/lib/vendor/blamejs/lib/safe-dns.js +665 -0
  680. package/lib/vendor/blamejs/lib/safe-ical.js +634 -0
  681. package/lib/vendor/blamejs/lib/safe-icap.js +502 -0
  682. package/lib/vendor/blamejs/lib/safe-json.js +946 -0
  683. package/lib/vendor/blamejs/lib/safe-jsonpath.js +285 -0
  684. package/lib/vendor/blamejs/lib/safe-mime.js +831 -0
  685. package/lib/vendor/blamejs/lib/safe-mount-info.js +306 -0
  686. package/lib/vendor/blamejs/lib/safe-path.js +254 -0
  687. package/lib/vendor/blamejs/lib/safe-redirect.js +106 -0
  688. package/lib/vendor/blamejs/lib/safe-schema.js +1810 -0
  689. package/lib/vendor/blamejs/lib/safe-sieve.js +684 -0
  690. package/lib/vendor/blamejs/lib/safe-smtp.js +185 -0
  691. package/lib/vendor/blamejs/lib/safe-sql.js +363 -0
  692. package/lib/vendor/blamejs/lib/safe-url.js +428 -0
  693. package/lib/vendor/blamejs/lib/safe-vcard.js +473 -0
  694. package/lib/vendor/blamejs/lib/sandbox-worker.js +135 -0
  695. package/lib/vendor/blamejs/lib/sandbox.js +358 -0
  696. package/lib/vendor/blamejs/lib/scheduler.js +827 -0
  697. package/lib/vendor/blamejs/lib/sd-notify.js +269 -0
  698. package/lib/vendor/blamejs/lib/sec-cyber.js +214 -0
  699. package/lib/vendor/blamejs/lib/security-assert.js +395 -0
  700. package/lib/vendor/blamejs/lib/seeders.js +620 -0
  701. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +309 -0
  702. package/lib/vendor/blamejs/lib/self-update.js +804 -0
  703. package/lib/vendor/blamejs/lib/server-timing.js +174 -0
  704. package/lib/vendor/blamejs/lib/session-device-binding.js +431 -0
  705. package/lib/vendor/blamejs/lib/session-stores.js +138 -0
  706. package/lib/vendor/blamejs/lib/session.js +1162 -0
  707. package/lib/vendor/blamejs/lib/slug.js +381 -0
  708. package/lib/vendor/blamejs/lib/sse.js +349 -0
  709. package/lib/vendor/blamejs/lib/ssrf-guard.js +792 -0
  710. package/lib/vendor/blamejs/lib/standard-webhooks.js +183 -0
  711. package/lib/vendor/blamejs/lib/static.js +1249 -0
  712. package/lib/vendor/blamejs/lib/storage.js +1272 -0
  713. package/lib/vendor/blamejs/lib/stream-throttle.js +235 -0
  714. package/lib/vendor/blamejs/lib/structured-fields.js +244 -0
  715. package/lib/vendor/blamejs/lib/subject.js +667 -0
  716. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +175 -0
  717. package/lib/vendor/blamejs/lib/template.js +931 -0
  718. package/lib/vendor/blamejs/lib/tenant-quota.js +545 -0
  719. package/lib/vendor/blamejs/lib/test-harness.js +275 -0
  720. package/lib/vendor/blamejs/lib/testing.js +1185 -0
  721. package/lib/vendor/blamejs/lib/time.js +578 -0
  722. package/lib/vendor/blamejs/lib/tls-exporter.js +239 -0
  723. package/lib/vendor/blamejs/lib/totp.js +318 -0
  724. package/lib/vendor/blamejs/lib/tracing.js +546 -0
  725. package/lib/vendor/blamejs/lib/uuid.js +207 -0
  726. package/lib/vendor/blamejs/lib/validate-opts.js +381 -0
  727. package/lib/vendor/blamejs/lib/vault/index.js +638 -0
  728. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +311 -0
  729. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +198 -0
  730. package/lib/vendor/blamejs/lib/vault/rotate.js +803 -0
  731. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +471 -0
  732. package/lib/vendor/blamejs/lib/vault/wrap.js +296 -0
  733. package/lib/vendor/blamejs/lib/vault-aad.js +259 -0
  734. package/lib/vendor/blamejs/lib/vendor/.vendor-data-pubkey +4 -0
  735. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +161 -0
  736. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.data.js +68 -0
  737. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.pem +33 -0
  738. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.data.js +1325 -0
  739. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.txt +10002 -0
  740. package/lib/vendor/blamejs/lib/vendor/noble-ciphers.cjs +9 -0
  741. package/lib/vendor/blamejs/lib/vendor/noble-post-quantum.cjs +18 -0
  742. package/lib/vendor/blamejs/lib/vendor/pki.cjs +181 -0
  743. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +16382 -0
  744. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +5881 -0
  745. package/lib/vendor/blamejs/lib/vendor/simplewebauthn-server.cjs +328 -0
  746. package/lib/vendor/blamejs/lib/vendor/vendor-data-pubkey.js +16 -0
  747. package/lib/vendor/blamejs/lib/vendor-data.js +520 -0
  748. package/lib/vendor/blamejs/lib/vex.js +630 -0
  749. package/lib/vendor/blamejs/lib/watcher.js +608 -0
  750. package/lib/vendor/blamejs/lib/web-push-vapid.js +322 -0
  751. package/lib/vendor/blamejs/lib/webhook.js +977 -0
  752. package/lib/vendor/blamejs/lib/websocket-channels.js +327 -0
  753. package/lib/vendor/blamejs/lib/websocket.js +1561 -0
  754. package/lib/vendor/blamejs/lib/wiki-concepts.js +338 -0
  755. package/lib/vendor/blamejs/lib/worker-pool.js +464 -0
  756. package/lib/vendor/blamejs/lib/ws-client.js +978 -0
  757. package/lib/vendor/blamejs/lib/xml-c14n.js +506 -0
  758. package/lib/vendor/blamejs/memory/specs/node-26-map-getorinsert-migration.md +164 -0
  759. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +19 -0
  760. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/README.md +88 -0
  761. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/build.sh +26 -0
  762. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/project.yaml +28 -0
  763. package/lib/vendor/blamejs/package.json +81 -0
  764. package/lib/vendor/blamejs/release-notes/v0.0.x.json +310 -0
  765. package/lib/vendor/blamejs/release-notes/v0.1.x.json +1798 -0
  766. package/lib/vendor/blamejs/release-notes/v0.10.x.json +1288 -0
  767. package/lib/vendor/blamejs/release-notes/v0.11.x.json +2551 -0
  768. package/lib/vendor/blamejs/release-notes/v0.12.0.json +64 -0
  769. package/lib/vendor/blamejs/release-notes/v0.12.1.json +32 -0
  770. package/lib/vendor/blamejs/release-notes/v0.12.2.json +45 -0
  771. package/lib/vendor/blamejs/release-notes/v0.2.x.json +706 -0
  772. package/lib/vendor/blamejs/release-notes/v0.3.x.json +786 -0
  773. package/lib/vendor/blamejs/release-notes/v0.4.x.json +588 -0
  774. package/lib/vendor/blamejs/release-notes/v0.5.x.json +390 -0
  775. package/lib/vendor/blamejs/release-notes/v0.6.x.json +1947 -0
  776. package/lib/vendor/blamejs/release-notes/v0.7.x.json +3811 -0
  777. package/lib/vendor/blamejs/release-notes/v0.8.x.json +3318 -0
  778. package/lib/vendor/blamejs/release-notes/v0.9.x.json +2257 -0
  779. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +325 -0
  780. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +62 -0
  781. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +108 -0
  782. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +83 -0
  783. package/lib/vendor/blamejs/scripts/check-services.js +483 -0
  784. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +349 -0
  785. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +216 -0
  786. package/lib/vendor/blamejs/scripts/gen-migrating.js +275 -0
  787. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +577 -0
  788. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +79 -0
  789. package/lib/vendor/blamejs/scripts/publish-dep-confusion-placeholder.sh +101 -0
  790. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +31 -0
  791. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +132 -0
  792. package/lib/vendor/blamejs/scripts/release.js +652 -0
  793. package/lib/vendor/blamejs/scripts/sha3-digest.js +62 -0
  794. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +92 -0
  795. package/lib/vendor/blamejs/scripts/test-integration.js +181 -0
  796. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +126 -0
  797. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +77 -0
  798. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +186 -0
  799. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +101 -0
  800. package/lib/vendor/blamejs/scripts/vendor-update.sh +278 -0
  801. package/lib/vendor/blamejs/test/00-primitives.js +19075 -0
  802. package/lib/vendor/blamejs/test/10-state.js +622 -0
  803. package/lib/vendor/blamejs/test/20-db.js +561 -0
  804. package/lib/vendor/blamejs/test/30-chain.js +2110 -0
  805. package/lib/vendor/blamejs/test/40-consumers.js +2453 -0
  806. package/lib/vendor/blamejs/test/50-integration.js +486 -0
  807. package/lib/vendor/blamejs/test/_helpers.js +10 -0
  808. package/lib/vendor/blamejs/test/_smoke-worker.js +69 -0
  809. package/lib/vendor/blamejs/test/fixtures/exploit-corpus/corpus.json +368 -0
  810. package/lib/vendor/blamejs/test/fixtures/http-client-stream-payload.txt +2 -0
  811. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +52 -0
  812. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +24 -0
  813. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +203 -0
  814. package/lib/vendor/blamejs/test/helpers/_shape-match.js +513 -0
  815. package/lib/vendor/blamejs/test/helpers/check.js +36 -0
  816. package/lib/vendor/blamejs/test/helpers/cluster.js +70 -0
  817. package/lib/vendor/blamejs/test/helpers/db.js +143 -0
  818. package/lib/vendor/blamejs/test/helpers/drivers.js +207 -0
  819. package/lib/vendor/blamejs/test/helpers/fs-watch.js +101 -0
  820. package/lib/vendor/blamejs/test/helpers/http.js +14 -0
  821. package/lib/vendor/blamejs/test/helpers/index.js +93 -0
  822. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +120 -0
  823. package/lib/vendor/blamejs/test/helpers/mocks.js +20 -0
  824. package/lib/vendor/blamejs/test/helpers/otel.js +13 -0
  825. package/lib/vendor/blamejs/test/helpers/services.js +380 -0
  826. package/lib/vendor/blamejs/test/helpers/wait.js +206 -0
  827. package/lib/vendor/blamejs/test/integration/cache.test.js +235 -0
  828. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +174 -0
  829. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +611 -0
  830. package/lib/vendor/blamejs/test/integration/http-client.test.js +129 -0
  831. package/lib/vendor/blamejs/test/integration/log-stream.test.js +219 -0
  832. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +181 -0
  833. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +152 -0
  834. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +161 -0
  835. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +289 -0
  836. package/lib/vendor/blamejs/test/integration/network-dns.test.js +123 -0
  837. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +101 -0
  838. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +89 -0
  839. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +403 -0
  840. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +271 -0
  841. package/lib/vendor/blamejs/test/integration/pubsub.test.js +137 -0
  842. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +352 -0
  843. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +96 -0
  844. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +98 -0
  845. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +261 -0
  846. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +230 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +211 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +59 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +136 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +219 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +69 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +266 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +262 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +390 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +174 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +279 -0
  857. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +322 -0
  858. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +227 -0
  859. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +302 -0
  860. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +150 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +44 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +150 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +50 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +96 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +76 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +1080 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +311 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +291 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +140 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +267 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +108 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +929 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +80 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +176 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +132 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +97 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +141 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +115 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +163 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +246 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +485 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +331 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +352 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +572 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +61 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +258 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +105 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +34 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +107 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +131 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +118 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +85 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +38 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +861 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +55 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +209 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +129 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +871 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +891 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +43 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +243 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +550 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +107 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +147 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +104 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +135 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +67 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +75 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +98 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +145 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +133 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +97 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +160 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +84 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +69 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +142 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +133 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +237 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +9600 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +575 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +89 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +36 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +712 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +278 -0
  925. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +97 -0
  926. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +424 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +94 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +357 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +31 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +226 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +86 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +85 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +193 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +98 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +132 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +155 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +129 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +72 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +96 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +401 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +34 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +180 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +210 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +153 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +66 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +74 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +226 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +136 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +165 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +150 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +191 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +228 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +55 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +89 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +184 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +203 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +303 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +163 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +39 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +165 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +59 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +55 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +786 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +105 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +147 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +105 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +243 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +181 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +190 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +531 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +118 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +89 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +156 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +79 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +216 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +434 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +432 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +81 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +887 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +51 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +375 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +321 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +41 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +32 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +87 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +328 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +339 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +694 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +296 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +234 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +192 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +89 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +71 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +386 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +859 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +357 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +92 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +174 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +317 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +199 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +214 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +111 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +110 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +112 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +86 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +92 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +301 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +265 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +161 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +100 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +79 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +269 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +89 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +78 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +288 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +69 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +102 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +202 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +203 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +51 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +50 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +37 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +692 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +280 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +225 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +203 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +991 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +63 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +73 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +612 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +56 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +166 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +29 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +121 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +58 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +110 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +159 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +118 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +150 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +489 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +207 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +283 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +65 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +417 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +208 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +910 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +502 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +680 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +128 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +149 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +323 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +297 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +514 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +369 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +199 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +627 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +56 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +217 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +283 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +217 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +334 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +271 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +128 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +215 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +336 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +732 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +840 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +130 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +285 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +74 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +112 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +229 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +394 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +147 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +151 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +204 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +152 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +279 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +323 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +165 -0
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +439 -0
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +202 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +155 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +112 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +224 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +278 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +376 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +89 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +200 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +106 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +133 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +372 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +635 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +128 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +130 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +179 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +447 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +369 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +21 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +42 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +98 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +707 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +142 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +72 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +597 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +190 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +877 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +257 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +522 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +216 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +324 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +546 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +153 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +94 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +195 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +62 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +93 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +68 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +138 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +174 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +197 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +232 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +178 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +322 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +266 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +300 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +338 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +75 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +246 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +130 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +335 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +170 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +93 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +34 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +52 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +67 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +535 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +128 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +163 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +170 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +248 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +451 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +289 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +206 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +104 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +339 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +180 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +78 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +123 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +95 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +77 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +257 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +249 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +228 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +238 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +92 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +700 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +67 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +85 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +107 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +175 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +816 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +168 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +302 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +93 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +247 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +295 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +142 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +952 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +441 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +330 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +233 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +105 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +319 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +148 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +283 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +67 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +266 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +487 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +773 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +173 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +180 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +66 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +89 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +571 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +190 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +119 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +522 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +151 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +168 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +275 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +105 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +35 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +81 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +280 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +93 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +277 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +252 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +149 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +92 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +661 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +308 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +144 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +674 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +360 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +302 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +349 -0
  1214. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +717 -0
  1215. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +444 -0
  1216. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +597 -0
  1217. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +308 -0
  1218. package/lib/vendor/blamejs/test/smoke.js +431 -0
  1219. package/lib/webhooks.js +305 -0
  1220. package/package.json +43 -0
package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js ADDED
@@ -0,0 +1,1080 @@
1
+ "use strict";
2
+ /**
3
+ * api-encrypt — end-to-end PQC payload encryption middleware.
4
+ *
5
+ * Covers nonce-store backends (memory, cluster, custom), the round-
6
+ * trip request/response shape, replay rejection, stale-timestamp
7
+ * rejection, AEAD tampering rejection, exempt-path bypass, and the
8
+ * client helper.
9
+ *
10
+ * Run standalone: `node test/layer-0-primitives/api-encrypt.test.js`
11
+ * Or via smoke: `node test/smoke.js`
12
+ */
13
+
14
+ var helpers = require("../helpers");
15
+ var b = helpers.b;
16
+ var fs = helpers.fs;
17
+ var os = helpers.os;
18
+ var path = helpers.path;
19
+ var check = helpers.check;
20
+ var setupTestDb = helpers.setupTestDb;
21
+ var teardownTestDb = helpers.teardownTestDb;
22
+ var _bodyReq = helpers._bodyReq;
23
+ var _bodyRes = helpers._bodyRes;
24
+
25
+ // Register the finish listener BEFORE the middleware runs, otherwise
26
+ // res.end() fires synchronously inside the route handler and the
27
+ // listener attached afterward never sees it.
28
+ function _newFinish(res) {
29
+ return new Promise(function (resolve) { res.on("finish", resolve); });
30
+ }
31
+
32
+ function _mkRes() {
33
+ var res = _bodyRes();
34
+ // Mirror the router's res.json convention so api-encrypt's wrap
35
+ // chains correctly. The router would normally install this.
36
+ res.json = function (data) {
37
+ res.writeHead(res.statusCode || 200, { "Content-Type": "application/json" });
38
+ res.end(JSON.stringify(data));
39
+ };
40
+ res.statusCode = 200;
41
+ return res;
42
+ }
43
+
44
+ function _serverKeypair() {
45
+ return b.crypto.generateEncryptionKeyPair();
46
+ }
47
+
48
+ // ---- Nonce-store ----
49
+
50
+ async function testNonceStoreSurface() {
51
+ check("b.nonceStore exposed", typeof b.nonceStore === "object");
52
+ check("b.nonceStore.create is fn", typeof b.nonceStore.create === "function");
53
+ check("NonceStoreError is a class", typeof b.nonceStore.NonceStoreError === "function");
54
+ }
55
+
56
+ async function testNonceStoreMemoryBasics() {
57
+ var store = b.nonceStore.create({ backend: "memory" });
58
+ check("memory backend reports name", store.name === "memory");
59
+ var expireAt = Date.now() + 60_000;
60
+ check("first sighting returns true", (await store.checkAndInsert("a", expireAt)) === true);
61
+ check("repeat returns false (replay)", (await store.checkAndInsert("a", expireAt)) === false);
62
+ check("different nonce returns true", (await store.checkAndInsert("b", expireAt)) === true);
63
+ store.close();
64
+ }
65
+
66
+ async function testNonceStoreMemoryRejectsBadInput() {
67
+ var store = b.nonceStore.create({ backend: "memory" });
68
+ var threw = null;
69
+ try { await store.checkAndInsert("", Date.now() + 60_000); } catch (e) { threw = e; }
70
+ check("empty nonce rejected", threw && threw.code === "INVALID_NONCE");
71
+ threw = null;
72
+ try { await store.checkAndInsert("x", "later"); } catch (e) { threw = e; }
73
+ check("non-number expireAt rejected", threw && threw.code === "INVALID_EXPIRE");
74
+ store.close();
75
+ }
76
+
77
+ async function testNonceStoreMemoryPurge() {
78
+ var store = b.nonceStore.create({ backend: "memory" });
79
+ var now = Date.now();
80
+ await store.checkAndInsert("expiredA", now - 1000);
81
+ await store.checkAndInsert("expiredB", now - 1);
82
+ await store.checkAndInsert("fresh", now + 60_000);
83
+ check("size before purge: 3", store._size() === 3);
84
+ var removed = await store.purgeExpired();
85
+ check("purgeExpired returned 2", removed === 2);
86
+ check("size after purge: 1", store._size() === 1);
87
+ // Expired nonce becomes reusable after purge — the framework
88
+ // refuses replay only WITHIN the window.
89
+ check("post-purge insert returns true", (await store.checkAndInsert("expiredA", now + 60_000)) === true);
90
+ store.close();
91
+ }
92
+
93
+ async function testNonceStoreClusterBasics() {
94
+ var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-ns-"));
95
+ try {
96
+ await setupTestDb(tmpDir);
97
+ var store = b.nonceStore.create({ backend: "cluster" });
98
+ check("cluster backend reports name", store.name === "cluster");
99
+ var expireAt = Date.now() + 60_000;
100
+ check("cluster first sighting true", (await store.checkAndInsert("c1", expireAt)) === true);
101
+ check("cluster replay false", (await store.checkAndInsert("c1", expireAt)) === false);
102
+
103
+ // A SECOND cluster store talking to the same DB sees the row too —
104
+ // that's the whole point of cluster mode.
105
+ var store2 = b.nonceStore.create({ backend: "cluster" });
106
+ check("second instance sees the same row", (await store2.checkAndInsert("c1", expireAt)) === false);
107
+ check("second instance accepts new nonce", (await store2.checkAndInsert("c2", expireAt)) === true);
108
+
109
+ // Purge respects expireAt
110
+ await store.checkAndInsert("oldA", Date.now() - 5000);
111
+ var removed = await store.purgeExpired();
112
+ check("cluster purgeExpired removed >= 1", removed >= 1);
113
+
114
+ store.close();
115
+ store2.close();
116
+ } finally {
117
+ await teardownTestDb(tmpDir);
118
+ }
119
+ }
120
+
121
+ async function testNonceStoreCustomBackend() {
122
+ var calls = [];
123
+ var custom = {
124
+ checkAndInsert: function (n, e) {
125
+ calls.push({ nonce: n, expireAt: e });
126
+ return Promise.resolve(calls.length === 1);
127
+ },
128
+ };
129
+ var store = b.nonceStore.create({ backend: custom });
130
+ check("custom backend name='custom'", store.name === "custom");
131
+ check("first call returns true", (await store.checkAndInsert("x", Date.now() + 60_000)) === true);
132
+ check("second call returns false", (await store.checkAndInsert("x", Date.now() + 60_000)) === false);
133
+ check("custom backend got both calls", calls.length === 2);
134
+ // Default purgeExpired stub returns 0
135
+ check("default purgeExpired returns 0", (await store.purgeExpired()) === 0);
136
+ store.close();
137
+ }
138
+
139
+ async function testNonceStoreUnknownBackend() {
140
+ var threw = null;
141
+ try { b.nonceStore.create({ backend: "memcached" }); } catch (e) { threw = e; }
142
+ check("unknown backend rejected", threw && threw.code === "UNKNOWN_BACKEND");
143
+ }
144
+
145
+ // ---- api-encrypt middleware ----
146
+
147
+ async function testApiEncryptKeypairValidated() {
148
+ var threw = null;
149
+ try { b.middleware.apiEncrypt({}); } catch (e) { threw = e; }
150
+ check("missing keypair rejected at create", threw && threw.code === "INVALID_KEYPAIR");
151
+ threw = null;
152
+ try {
153
+ b.middleware.apiEncrypt({ keypair: { publicKey: "pem", privateKey: "pem" } });
154
+ } catch (e) { threw = e; }
155
+ check("non-hybrid keypair rejected", threw && threw.code === "INVALID_KEYPAIR");
156
+ threw = null;
157
+ try { b.middleware.apiEncrypt({ keypairs: [] }); } catch (e) { threw = e; }
158
+ check("empty keypairs array rejected", threw && threw.code === "INVALID_KEYPAIR");
159
+ }
160
+
161
+ async function testApiEncryptMultiKeypairRotation() {
162
+ // Build two server keypairs. The "active" keypair encrypts new
163
+ // bootstraps; the previous one stays in the array so in-flight
164
+ // requests still encrypted to it continue to decrypt.
165
+ var prevKp = _serverKeypair();
166
+ var newKp = _serverKeypair();
167
+
168
+ // Old client was bootstrapped against prevKp. Its outbound request
169
+ // will encrypt _ek to prevKp's pubkey.
170
+ var oldClient = b.middleware.apiEncrypt.client({ pubkey: prevKp });
171
+
172
+ // Server middleware in rotation overlap: keypairs = [new, prev].
173
+ var mw = b.middleware.apiEncrypt({
174
+ keypairs: [newKp, prevKp],
175
+ audit: false,
176
+ });
177
+
178
+ var oldCall = oldClient.encryptRequest({ from: "old client" });
179
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
180
+ req.body = oldCall.body;
181
+ var res = _mkRes();
182
+ var fin = _newFinish(res);
183
+
184
+ await mw(req, res, function () {
185
+ check("rotation: req.body decrypted via prevKp", req.body.from === "old client");
186
+ res.json({ ok: true });
187
+ });
188
+ await fin;
189
+
190
+ check("rotation: 200 from server", res._endedStatus === 200);
191
+ var responseBody = JSON.parse(res._captured);
192
+ // Old client decrypts the response with the session key it generated;
193
+ // session key derives from prevKp encapsulation but the response is
194
+ // wrapped with the same session key, so it round-trips.
195
+ var plain = oldCall.decryptResponse(responseBody);
196
+ check("rotation: old client decrypts response", plain.ok === true);
197
+
198
+ // After rotation completes, dropping prevKp from the array means
199
+ // old-client requests stop decrypting.
200
+ var mwPostRotation = b.middleware.apiEncrypt({
201
+ keypairs: [newKp],
202
+ audit: false,
203
+ });
204
+ var oldCall2 = oldClient.encryptRequest({ from: "post-rotation" });
205
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
206
+ req2.body = oldCall2.body;
207
+ var res2 = _mkRes();
208
+ var fin2 = _newFinish(res2);
209
+ await mwPostRotation(req2, res2, function () {
210
+ check("post-rotation: should not have called next", false);
211
+ });
212
+ await fin2;
213
+ check("post-rotation: request rejected", res2._endedStatus === 400);
214
+ }
215
+
216
+ async function testApiEncryptPublishesActiveKeypair() {
217
+ var prevKp = _serverKeypair();
218
+ var newKp = _serverKeypair();
219
+ var mw = b.middleware.apiEncrypt({
220
+ keypairs: [newKp, prevKp],
221
+ audit: false,
222
+ });
223
+ var handler = mw.publishPublicKey();
224
+ var req = _bodyReq("GET", {}, "");
225
+ var res = _mkRes();
226
+ handler(req, res);
227
+ var body = JSON.parse(res._captured);
228
+ check("publishes the active (first) keypair", body.publicKey === newKp.publicKey);
229
+ check("does not publish previous keypair", body.publicKey !== prevKp.publicKey);
230
+ }
231
+
232
+ async function testApiEncryptRoundTrip() {
233
+ var keypair = _serverKeypair();
234
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
235
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
236
+
237
+ var clientCall = clientCtx.encryptRequest({ user: "alice", action: "ping" });
238
+ check("client.body has _ek/_ct/_ts/_nonce",
239
+ typeof clientCall.body._ek === "string" &&
240
+ typeof clientCall.body._ct === "string" &&
241
+ typeof clientCall.body._ts === "number" &&
242
+ typeof clientCall.body._nonce === "string");
243
+
244
+ // Simulate a request that bodyParser already parsed.
245
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
246
+ req.body = clientCall.body;
247
+ var res = _mkRes();
248
+ var fin = _newFinish(res);
249
+
250
+ var nextCalled = false;
251
+ await mw(req, res, function () {
252
+ nextCalled = true;
253
+ check("middleware: req.body replaced with cleartext",
254
+ req.body && req.body.user === "alice" && req.body.action === "ping");
255
+ check("middleware: req.apiEncryptSessionKey stashed",
256
+ Buffer.isBuffer(req.apiEncryptSessionKey) &&
257
+ req.apiEncryptSessionKey.length === 32);
258
+ res.json({ ok: true, echo: req.body });
259
+ });
260
+ await fin;
261
+
262
+ check("middleware called next()", nextCalled === true);
263
+ check("response status 200", res._endedStatus === 200);
264
+
265
+ var responseBody = JSON.parse(res._captured);
266
+ check("response body has _ct only", typeof responseBody._ct === "string" && !responseBody._ek);
267
+ var plain = clientCall.decryptResponse(responseBody);
268
+ check("client decrypted response", plain && plain.ok === true && plain.echo.user === "alice");
269
+ }
270
+
271
+ async function testApiEncryptRejectsMissingShape() {
272
+ var keypair = _serverKeypair();
273
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
274
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
275
+ req.body = { msg: "not encrypted" };
276
+ var res = _mkRes();
277
+ var fin = _newFinish(res);
278
+ await mw(req, res, function () {
279
+ check("middleware did NOT call next on missing shape", false);
280
+ });
281
+ await fin;
282
+ check("missing-shape returns 400", res._endedStatus === 400);
283
+ check("missing-shape body says 'required'", /encrypted-payload-required/.test(res._captured));
284
+ }
285
+
286
+ async function testApiEncryptRejectsStaleTimestamp() {
287
+ var keypair = _serverKeypair();
288
+ var mw = b.middleware.apiEncrypt({
289
+ keypair: keypair,
290
+ audit: false,
291
+ replayWindowMs: 1000, // 1 second window
292
+ });
293
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
294
+ var clientCall = clientCtx.encryptRequest({ x: 1 });
295
+ // Backdate the timestamp past the window
296
+ clientCall.body._ts = Date.now() - 10_000;
297
+
298
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
299
+ req.body = clientCall.body;
300
+ var res = _mkRes();
301
+ var fin = _newFinish(res);
302
+ await mw(req, res, function () { check("should not have called next", false); });
303
+ await fin;
304
+ check("stale ts returns 400", res._endedStatus === 400);
305
+ check("stale ts uses generic rejection body", /encrypted-payload-rejected/.test(res._captured));
306
+ }
307
+
308
+ async function testApiEncryptRejectsReplay() {
309
+ var keypair = _serverKeypair();
310
+ var nonceStore = b.nonceStore.create({ backend: "memory" });
311
+ var mw = b.middleware.apiEncrypt({
312
+ keypair: keypair,
313
+ audit: false,
314
+ nonceStore: nonceStore,
315
+ });
316
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
317
+ var clientCall = clientCtx.encryptRequest({ x: 1 });
318
+
319
+ // First request: succeeds.
320
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
321
+ req1.body = clientCall.body;
322
+ var res1 = _mkRes();
323
+ var fin1 = _newFinish(res1);
324
+ await mw(req1, res1, function () { res1.json({ ok: true }); });
325
+ await fin1;
326
+ check("first request: 200", res1._endedStatus === 200);
327
+
328
+ // Replay the same body (same _ek, _ct, _ts, _nonce) → rejected.
329
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
330
+ req2.body = clientCall.body;
331
+ var res2 = _mkRes();
332
+ var fin2 = _newFinish(res2);
333
+ await mw(req2, res2, function () { check("replay should not call next", false); });
334
+ await fin2;
335
+ check("replay: 400", res2._endedStatus === 400);
336
+ check("replay uses generic rejection body", /encrypted-payload-rejected/.test(res2._captured));
337
+
338
+ nonceStore.close();
339
+ mw.close();
340
+ }
341
+
342
+ async function testApiEncryptRejectsTamperedCiphertext() {
343
+ var keypair = _serverKeypair();
344
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
345
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
346
+ var clientCall = clientCtx.encryptRequest({ x: 1 });
347
+
348
+ // Flip a byte deep inside the ciphertext.
349
+ var ctBuf = Buffer.from(clientCall.body._ct, "base64");
350
+ ctBuf[ctBuf.length - 5] ^= 0xff;
351
+ clientCall.body._ct = ctBuf.toString("base64");
352
+
353
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
354
+ req.body = clientCall.body;
355
+ var res = _mkRes();
356
+ var fin = _newFinish(res);
357
+ await mw(req, res, function () { check("tampered ct should not reach handler", false); });
358
+ await fin;
359
+ check("tampered ct: 400", res._endedStatus === 400);
360
+ }
361
+
362
+ async function testApiEncryptExemptPathBypass() {
363
+ var keypair = _serverKeypair();
364
+ var mw = b.middleware.apiEncrypt({
365
+ keypair: keypair,
366
+ audit: false,
367
+ exemptPaths: ["/healthz", "/.well-known"],
368
+ });
369
+ var req = _bodyReq("GET", {}, "");
370
+ req.url = "/healthz";
371
+ req.pathname = "/healthz";
372
+ req.body = undefined;
373
+ var res = _mkRes();
374
+ var nextCalled = false;
375
+ await mw(req, res, function () { nextCalled = true; });
376
+ check("exempt path: next called", nextCalled === true);
377
+
378
+ // /.well-known/blamejs-pubkey is also exempt because of the prefix rule.
379
+ var req2 = _bodyReq("GET", {}, "");
380
+ req2.url = "/.well-known/blamejs-pubkey";
381
+ req2.pathname = "/.well-known/blamejs-pubkey";
382
+ var res2 = _mkRes();
383
+ var nextCalled2 = false;
384
+ await mw(req2, res2, function () { nextCalled2 = true; });
385
+ check("exempt prefix: next called", nextCalled2 === true);
386
+ }
387
+
388
+ async function testApiEncryptPublishPublicKey() {
389
+ var keypair = _serverKeypair();
390
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
391
+ var handler = mw.publishPublicKey();
392
+ check("publishPublicKey returns a fn", typeof handler === "function");
393
+
394
+ var req = _bodyReq("GET", {}, "");
395
+ var res = _mkRes();
396
+ handler(req, res);
397
+ // res.json is sync in our mock — read what it wrote.
398
+ var body = JSON.parse(res._captured);
399
+ check("published publicKey matches", body.publicKey === keypair.publicKey);
400
+ check("published ecPublicKey matches", body.ecPublicKey === keypair.ecPublicKey);
401
+ check("published kemId is hybrid", body.kemId === b.constants.ACTIVE.KEM);
402
+ check("private keys NOT published",
403
+ !("privateKey" in body) && !("ecPrivateKey" in body));
404
+ }
405
+
406
+ async function testApiEncryptEventOnFailure() {
407
+ var keypair = _serverKeypair();
408
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
409
+ var captured = [];
410
+ var listener = function (info) { captured.push(info); };
411
+ b.events.on(b.events.EVENTS.API_ENCRYPT_FAILURE, listener);
412
+ try {
413
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
414
+ req.body = { msg: "oops" };
415
+ req.url = "/api/x";
416
+ req.pathname = "/api/x";
417
+ var res = _mkRes();
418
+ var fin = _newFinish(res);
419
+ await mw(req, res, function () {});
420
+ await fin;
421
+ check("event fired on failure", captured.length === 1);
422
+ check("event payload carries reason", captured[0].reason === "shape");
423
+ check("event payload carries path", captured[0].path === "/api/x");
424
+ } finally {
425
+ b.events.off(b.events.EVENTS.API_ENCRYPT_FAILURE, listener);
426
+ }
427
+ }
428
+
429
+ async function testApiEncryptAuditEmit() {
430
+ var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-ae-"));
431
+ try {
432
+ await setupTestDb(tmpDir);
433
+ var keypair = _serverKeypair();
434
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: true });
435
+
436
+ // Tampered ct → audit emits failure
437
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
438
+ var call = clientCtx.encryptRequest({ x: 1 });
439
+ var ctBuf = Buffer.from(call.body._ct, "base64");
440
+ ctBuf[ctBuf.length - 1] ^= 0xff;
441
+ call.body._ct = ctBuf.toString("base64");
442
+
443
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
444
+ req.body = call.body;
445
+ req.url = "/api/y";
446
+ req.pathname = "/api/y";
447
+ var res = _mkRes();
448
+ var fin = _newFinish(res);
449
+ await mw(req, res, function () {});
450
+ await fin;
451
+
452
+ await b.audit.flush();
453
+ var rows = await b.audit.query({ action: "system.api_encrypt.failure" });
454
+ check("audit row written for failure", rows.length === 1);
455
+ var meta = typeof rows[0].metadata === "string"
456
+ ? JSON.parse(rows[0].metadata) : rows[0].metadata;
457
+ check("audit metadata carries reason=tag", meta.reason === "tag");
458
+ check("audit metadata carries path", meta.path === "/api/y");
459
+ } finally {
460
+ await teardownTestDb(tmpDir);
461
+ }
462
+ }
463
+
464
+ async function testApiEncryptClientRejectsBadPubkey() {
465
+ var threw = null;
466
+ try { b.middleware.apiEncrypt.client({ pubkey: null }); } catch (e) { threw = e; }
467
+ check("client rejects null pubkey", threw && threw.code === "CLIENT_INVALID_PUBKEY");
468
+ threw = null;
469
+ try { b.middleware.apiEncrypt.client({ pubkey: { publicKey: "pem" } }); } catch (e) { threw = e; }
470
+ check("client rejects non-hybrid pubkey", threw && threw.code === "CLIENT_INVALID_PUBKEY");
471
+ }
472
+
473
+ async function testApiEncryptContentTypeScoping() {
474
+ // Default contentTypes = ["application/json"]. Requests with a
475
+ // non-JSON Content-Type bypass the middleware entirely (they're
476
+ // treated as a public route the operator chose to expose).
477
+ var keypair = _serverKeypair();
478
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
479
+ var req = _bodyReq("POST", { "content-type": "multipart/form-data; boundary=---x" }, "");
480
+ req.body = { not: "encrypted" };
481
+ var res = _mkRes();
482
+ var nextCalled = false;
483
+ await mw(req, res, function () { nextCalled = true; });
484
+ check("non-JSON Content-Type bypasses middleware", nextCalled === true);
485
+ check("body not replaced", req.body && req.body.not === "encrypted");
486
+
487
+ // Explicit null disables the filter — every non-exempt request is
488
+ // treated as encrypted regardless of Content-Type.
489
+ var mwAll = b.middleware.apiEncrypt({
490
+ keypair: keypair,
491
+ audit: false,
492
+ contentTypes: null,
493
+ });
494
+ var req2 = _bodyReq("POST", { "content-type": "text/plain" }, "");
495
+ req2.body = { not: "encrypted" };
496
+ var res2 = _mkRes();
497
+ var fin2 = _newFinish(res2);
498
+ await mwAll(req2, res2, function () { check("contentTypes:null should not allow non-encrypted bodies through", false); });
499
+ await fin2;
500
+ check("contentTypes:null rejects raw body without _ek", res2._endedStatus === 400);
501
+
502
+ // Custom list — operator wired form-encoded clients too.
503
+ var mwForm = b.middleware.apiEncrypt({
504
+ keypair: keypair,
505
+ audit: false,
506
+ contentTypes: ["application/json", "application/x-www-form-urlencoded"],
507
+ });
508
+ var req3 = _bodyReq("POST", { "content-type": "application/x-www-form-urlencoded" }, "");
509
+ req3.body = { not: "encrypted" };
510
+ var res3 = _mkRes();
511
+ var fin3 = _newFinish(res3);
512
+ await mwForm(req3, res3, function () { check("custom contentTypes should reject non-encrypted body", false); });
513
+ await fin3;
514
+ check("custom contentTypes catches form-encoded request", res3._endedStatus === 400);
515
+ }
516
+
517
+ async function testApiEncryptNonceHashedBeforeStorage() {
518
+ // The cluster nonce store should never see the raw client nonce —
519
+ // the middleware hashes via sha3 before passing to checkAndInsert.
520
+ // Verify by pinning the cluster store and reading the table.
521
+ var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-ae-"));
522
+ try {
523
+ await setupTestDb(tmpDir);
524
+ var keypair = _serverKeypair();
525
+ var nonceStore = b.nonceStore.create({ backend: "cluster" });
526
+ var mw = b.middleware.apiEncrypt({
527
+ keypair: keypair,
528
+ nonceStore: nonceStore,
529
+ audit: false,
530
+ });
531
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
532
+ var call = clientCtx.encryptRequest({ x: 1 });
533
+ var rawNonce = call.body._nonce;
534
+
535
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
536
+ req.body = call.body;
537
+ var res = _mkRes();
538
+ var fin = _newFinish(res);
539
+ await mw(req, res, function () { res.json({ ok: true }); });
540
+ await fin;
541
+ check("hashed nonce: 200 first request", res._endedStatus === 200);
542
+
543
+ // The DB row's PRIMARY KEY is the SHA3 hash, not the raw nonce.
544
+ var rows = b.db.prepare(
545
+ "SELECT nonceHash FROM _blamejs_api_encrypt_nonces"
546
+ ).all();
547
+ check("hashed nonce: exactly one row stored", rows.length === 1);
548
+ check("hashed nonce: row holds hash, not raw",
549
+ rows[0].nonceHash !== rawNonce);
550
+ check("hashed nonce: hash is sha3 of raw",
551
+ rows[0].nonceHash === b.crypto.sha3Hash(rawNonce, "hex"));
552
+
553
+ nonceStore.close();
554
+ } finally {
555
+ await teardownTestDb(tmpDir);
556
+ }
557
+ }
558
+
559
+ async function testApiEncryptDerivedPruneInterval() {
560
+ // pruneIntervalMs defaults to max(30s, replayWindowMs / 2) — derived
561
+ // from replayWindowMs so tight-window deploys get correct cadence
562
+ // automatically. Verify by calling the middleware twice; pruneExpired
563
+ // should fire on the second call when (now - lastPruneAt) crosses the
564
+ // half-window threshold.
565
+ var keypair = _serverKeypair();
566
+ var pruneCalls = 0;
567
+ var fakeStore = {
568
+ name: "fake",
569
+ checkAndInsert: function () { return Promise.resolve(true); },
570
+ purgeExpired: function () { pruneCalls++; return Promise.resolve(0); },
571
+ close: function () {},
572
+ };
573
+ var mw = b.middleware.apiEncrypt({
574
+ keypair: keypair,
575
+ nonceStore: fakeStore,
576
+ replayWindowMs: 60_000, // 1 min window
577
+ // pruneIntervalMs defaults to 30_000 (max(30s, 60000/2))
578
+ audit: false,
579
+ });
580
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
581
+
582
+ // First request — lastPruneAt is 0, so prune fires.
583
+ var c1 = clientCtx.encryptRequest({ n: 1 });
584
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
585
+ req1.body = c1.body;
586
+ var res1 = _mkRes();
587
+ var fin1 = _newFinish(res1);
588
+ await mw(req1, res1, function () { res1.json({ ok: 1 }); });
589
+ await fin1;
590
+
591
+ // Second request immediately after — lastPruneAt is ~now, prune skipped.
592
+ var c2 = clientCtx.encryptRequest({ n: 2 });
593
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
594
+ req2.body = c2.body;
595
+ var res2 = _mkRes();
596
+ var fin2 = _newFinish(res2);
597
+ await mw(req2, res2, function () { res2.json({ ok: 2 }); });
598
+ await fin2;
599
+
600
+ // Allow microtasks for the .catch chain
601
+ await new Promise(function (r) { setImmediate(r); });
602
+ check("derived prune: fires once across two close-together requests",
603
+ pruneCalls === 1);
604
+ }
605
+
606
+ async function testApiEncryptHttpClientHelperShape() {
607
+ var pub = _serverKeypair();
608
+ var enc = b.httpClient.encrypted({ pubkey: pub });
609
+ check("httpClient.encrypted returns request fn", typeof enc.request === "function");
610
+
611
+ // Reject missing url + path
612
+ var threw = null;
613
+ try { await enc.request({ method: "POST", body: { x: 1 } }); }
614
+ catch (e) { threw = e; }
615
+ check("rejects request without url or path", threw && threw.code === "CLIENT_INVALID_URL");
616
+
617
+ // Reject path without baseUrl
618
+ threw = null;
619
+ try { await enc.request({ path: "/foo", body: { x: 1 } }); }
620
+ catch (e) { threw = e; }
621
+ check("rejects path without baseUrl", threw && threw.code === "CLIENT_INVALID_URL");
622
+ }
623
+
624
+ async function testApiEncryptHttpClientRoundTrip() {
625
+ // End-to-end: a real http server with the middleware mounted, and
626
+ // b.httpClient.encrypted as the caller. Demonstrates the full
627
+ // server-to-server flow.
628
+ var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-aeh-"));
629
+ try {
630
+ await setupTestDb(tmpDir);
631
+
632
+ var http = require("http");
633
+ var keypair = _serverKeypair();
634
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
635
+
636
+ // Tiny server: only POST /api/echo, body parsed manually then
637
+ // handed to the middleware.
638
+ var server = http.createServer(function (req, res) {
639
+ // Mirror the router's res.json convention.
640
+ res.json = function (data) {
641
+ res.writeHead(res.statusCode || 200, { "Content-Type": "application/json" });
642
+ res.end(JSON.stringify(data));
643
+ };
644
+ req.pathname = req.url.split("?")[0];
645
+ var chunks = [];
646
+ req.on("data", function (c) { chunks.push(c); });
647
+ req.on("end", function () {
648
+ try { req.body = JSON.parse(Buffer.concat(chunks).toString("utf8")); }
649
+ catch (_e) { req.body = null; }
650
+ mw(req, res, function () {
651
+ res.json({ echo: req.body, server: "ok" });
652
+ });
653
+ });
654
+ });
655
+ var port = await helpers.listenOnRandomPort(server);
656
+
657
+ var enc = b.httpClient.encrypted({
658
+ pubkey: keypair, // operators normally fetch from /.well-known
659
+ baseUrl: "http://127.0.0.1:" + port,
660
+ // Allow http for the test fixture (production uses https).
661
+ method: "POST",
662
+ });
663
+ var resp = await enc.request({
664
+ path: "/api/echo",
665
+ body: { user: "alice", n: 42 },
666
+ allowedProtocols: b.safeUrl.ALLOW_HTTP_ALL,
667
+ allowInternal: true,
668
+ });
669
+ check("httpClient.encrypted: 200", resp.statusCode === 200);
670
+ check("httpClient.encrypted: body decrypted", resp.body && resp.body.echo &&
671
+ resp.body.echo.user === "alice" &&
672
+ resp.body.echo.n === 42);
673
+ check("httpClient.encrypted: server tag present", resp.body && resp.body.server === "ok");
674
+
675
+ server.close();
676
+ mw.close();
677
+ } finally {
678
+ await teardownTestDb(tmpDir);
679
+ }
680
+ }
681
+
682
+ async function testApiEncryptClientRejectsBadResponse() {
683
+ var keypair = _serverKeypair();
684
+ var clientCtx = b.middleware.apiEncrypt.client({ pubkey: keypair });
685
+ var call = clientCtx.encryptRequest({ x: 1 });
686
+ var threw = null;
687
+ try { call.decryptResponse({}); } catch (e) { threw = e; }
688
+ check("client rejects response missing _ct", threw && threw.code === "CLIENT_RESPONSE_SHAPE");
689
+ }
690
+
691
+ // ---- per-session keying mode (v0.7.3) ----
692
+
693
+ async function testApiEncryptPerSessionDefaultIsPerRequest() {
694
+ var keypair = _serverKeypair();
695
+ var mw = b.middleware.apiEncrypt({ keypair: keypair, audit: false });
696
+ check("apiEncrypt: default keying is per-request", mw.keying === "per-request");
697
+ check("apiEncrypt: per-request mode has no sessionStore", mw.sessionStore === null);
698
+ }
699
+
700
+ async function testApiEncryptPerSessionRejectsBadKeyingValue() {
701
+ var keypair = _serverKeypair();
702
+ var threw = null;
703
+ try {
704
+ b.middleware.apiEncrypt({ keypair: keypair, audit: false, keying: "every-second" });
705
+ } catch (e) { threw = e; }
706
+ check("apiEncrypt: rejects keying='every-second' at create-time",
707
+ threw && /keying must be 'per-request' .* or 'per-session'/.test(threw.message));
708
+ }
709
+
710
+ async function testApiEncryptPerSessionRejectsBadTtl() {
711
+ var keypair = _serverKeypair();
712
+ var threw = null;
713
+ try {
714
+ b.middleware.apiEncrypt({
715
+ keypair: keypair, audit: false,
716
+ keying: "per-session", sessionTtlMs: -1,
717
+ });
718
+ } catch (e) { threw = e; }
719
+ check("apiEncrypt: rejects negative sessionTtlMs",
720
+ threw && /sessionTtlMs/.test(threw.message));
721
+ }
722
+
723
+ async function testApiEncryptPerSessionRejectsBadStore() {
724
+ var keypair = _serverKeypair();
725
+ var threw = null;
726
+ try {
727
+ b.middleware.apiEncrypt({
728
+ keypair: keypair, audit: false,
729
+ keying: "per-session",
730
+ sessionStore: { get: function () {} }, // missing set / delete
731
+ });
732
+ } catch (e) { threw = e; }
733
+ check("apiEncrypt: rejects sessionStore missing set/delete",
734
+ threw && /sessionStore must expose/.test(threw.message));
735
+ }
736
+
737
+ async function testApiEncryptPerSessionBootstrapAndReuse() {
738
+ var keypair = _serverKeypair();
739
+ var mw = b.middleware.apiEncrypt({
740
+ keypair: keypair,
741
+ audit: false,
742
+ keying: "per-session",
743
+ sessionTtlMs: 60_000,
744
+ });
745
+ var clientCtx = b.middleware.apiEncrypt.client({
746
+ pubkey: keypair, keying: "per-session",
747
+ });
748
+
749
+ // First request — bootstrap envelope
750
+ var first = clientCtx.encryptRequest({ user: "alice" });
751
+ check("per-session first req: has _ek", typeof first.body._ek === "string");
752
+ check("per-session first req: has _sid (UUID)",
753
+ typeof first.body._sid === "string" &&
754
+ /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(first.body._sid));
755
+ check("per-session first req: _ctr starts at 1", first.body._ctr === 1);
756
+
757
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
758
+ req1.body = first.body;
759
+ var res1 = _mkRes();
760
+ var fin1 = _newFinish(res1);
761
+ await mw(req1, res1, function () { res1.json({ ok: true, n: 1 }); });
762
+ await fin1;
763
+ check("per-session first req: 200", res1._endedStatus === 200);
764
+
765
+ var resp1 = JSON.parse(res1._captured);
766
+ check("per-session response: has _sid", resp1._sid === first.body._sid);
767
+ check("per-session response: has _ctr=1", resp1._ctr === 1);
768
+ check("per-session response: no _ek (response is session-keyed)", !resp1._ek);
769
+ var plain1 = first.decryptResponse(resp1);
770
+ check("per-session response decrypts: ok=true n=1", plain1.ok === true && plain1.n === 1);
771
+
772
+ // Second request — reuse session, no _ek
773
+ var second = clientCtx.encryptRequest({ user: "alice", action: "ping" });
774
+ check("per-session second req: NO _ek (KEM amortized)", !second.body._ek);
775
+ check("per-session second req: NO _nonce (counter replaces nonce)", !second.body._nonce);
776
+ check("per-session second req: same _sid as first", second.body._sid === first.body._sid);
777
+ check("per-session second req: _ctr=2", second.body._ctr === 2);
778
+
779
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
780
+ req2.body = second.body;
781
+ var res2 = _mkRes();
782
+ var fin2 = _newFinish(res2);
783
+ await mw(req2, res2, function () {
784
+ check("per-session second req: req.body decrypted",
785
+ req2.body.user === "alice" && req2.body.action === "ping");
786
+ res2.json({ ok: true, n: 2 });
787
+ });
788
+ await fin2;
789
+ check("per-session second req: 200", res2._endedStatus === 200);
790
+ var resp2 = JSON.parse(res2._captured);
791
+ check("per-session response 2: _ctr=2 (monotonic)", resp2._ctr === 2);
792
+ var plain2 = second.decryptResponse(resp2);
793
+ check("per-session response 2 decrypts", plain2.n === 2);
794
+ }
795
+
796
+ async function testApiEncryptPerSessionUnknownSid() {
797
+ var keypair = _serverKeypair();
798
+ var mw = b.middleware.apiEncrypt({
799
+ keypair: keypair, audit: false, keying: "per-session",
800
+ });
801
+ // Subsequent-shape request with sid the server has never seen.
802
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
803
+ req.body = {
804
+ _ct: Buffer.from("nope").toString("base64"),
805
+ _ts: Date.now(),
806
+ _sid: "12345678-1234-4234-8234-123456789012",
807
+ _ctr: 5,
808
+ };
809
+ var res = _mkRes();
810
+ var fin = _newFinish(res);
811
+ await mw(req, res, function () {
812
+ check("middleware did NOT call next on unknown sid", false);
813
+ });
814
+ await fin;
815
+ check("per-session unknown-sid: 401", res._endedStatus === 401);
816
+ check("per-session unknown-sid: body says session-unknown",
817
+ /session-unknown/.test(res._captured));
818
+ }
819
+
820
+ async function testApiEncryptPerSessionCounterReplay() {
821
+ var keypair = _serverKeypair();
822
+ var mw = b.middleware.apiEncrypt({
823
+ keypair: keypair, audit: false, keying: "per-session",
824
+ });
825
+ var clientCtx = b.middleware.apiEncrypt.client({
826
+ pubkey: keypair, keying: "per-session",
827
+ });
828
+
829
+ // Bootstrap + valid second request bring server's lastReqCtr to 2
830
+ var first = clientCtx.encryptRequest({ n: 1 });
831
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
832
+ req1.body = first.body;
833
+ var res1 = _mkRes();
834
+ var fin1 = _newFinish(res1);
835
+ await mw(req1, res1, function () { res1.json({ ok: 1 }); });
836
+ await fin1;
837
+
838
+ var second = clientCtx.encryptRequest({ n: 2 });
839
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
840
+ req2.body = second.body;
841
+ var res2 = _mkRes();
842
+ var fin2 = _newFinish(res2);
843
+ await mw(req2, res2, function () { res2.json({ ok: 2 }); });
844
+ await fin2;
845
+
846
+ // Replay the SECOND request — same _ctr=2 as already-seen.
847
+ var req3 = _bodyReq("POST", { "content-type": "application/json" }, "");
848
+ req3.body = second.body;
849
+ var res3 = _mkRes();
850
+ var fin3 = _newFinish(res3);
851
+ await mw(req3, res3, function () {
852
+ check("replay should NOT reach next()", false);
853
+ });
854
+ await fin3;
855
+ check("per-session replayed counter: 400", res3._endedStatus === 400);
856
+ }
857
+
858
+ async function testApiEncryptPerSessionExpiry() {
859
+ var keypair = _serverKeypair();
860
+ var mw = b.middleware.apiEncrypt({
861
+ keypair: keypair, audit: false,
862
+ keying: "per-session",
863
+ sessionTtlMs: 1, // 1ms — expires immediately
864
+ });
865
+ var clientCtx = b.middleware.apiEncrypt.client({
866
+ pubkey: keypair, keying: "per-session",
867
+ });
868
+
869
+ var first = clientCtx.encryptRequest({ n: 1 });
870
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
871
+ req1.body = first.body;
872
+ var res1 = _mkRes();
873
+ var fin1 = _newFinish(res1);
874
+ await mw(req1, res1, function () { res1.json({ ok: 1 }); });
875
+ await fin1;
876
+
877
+ // Wait so the session row is past expiresAt (sessionTtlMs is 1).
878
+ await helpers.passiveObserve(20, "apiEncrypt: sessionTtlMs=1 row past expiresAt");
879
+
880
+ var second = clientCtx.encryptRequest({ n: 2 });
881
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
882
+ req2.body = second.body;
883
+ var res2 = _mkRes();
884
+ var fin2 = _newFinish(res2);
885
+ await mw(req2, res2, function () {
886
+ check("expired session should NOT reach next()", false);
887
+ });
888
+ await fin2;
889
+ check("per-session expired: 401", res2._endedStatus === 401);
890
+ check("per-session expired: body says session-expired or session-unknown",
891
+ /session-expired|session-unknown/.test(res2._captured));
892
+ }
893
+
894
+ async function testApiEncryptPerSessionMaxResponses() {
895
+ var keypair = _serverKeypair();
896
+ var mw = b.middleware.apiEncrypt({
897
+ keypair: keypair,
898
+ audit: false,
899
+ keying: "per-session",
900
+ sessionMaxResponses: 1, // session ends after 1 response
901
+ });
902
+ var clientCtx = b.middleware.apiEncrypt.client({
903
+ pubkey: keypair, keying: "per-session",
904
+ });
905
+
906
+ var first = clientCtx.encryptRequest({ n: 1 });
907
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
908
+ req1.body = first.body;
909
+ var res1 = _mkRes();
910
+ var fin1 = _newFinish(res1);
911
+ await mw(req1, res1, function () { res1.json({ ok: 1 }); });
912
+ await fin1;
913
+ check("per-session maxResponses first req: 200", res1._endedStatus === 200);
914
+
915
+ // Second request exceeds the cap.
916
+ var second = clientCtx.encryptRequest({ n: 2 });
917
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
918
+ req2.body = second.body;
919
+ var res2 = _mkRes();
920
+ var fin2 = _newFinish(res2);
921
+ await mw(req2, res2, function () {
922
+ check("rotated session should NOT reach next()", false);
923
+ });
924
+ await fin2;
925
+ check("per-session maxResponses exceeded: 401", res2._endedStatus === 401);
926
+ check("per-session maxResponses exceeded: body says rotation-required",
927
+ /session-rotation-required/.test(res2._captured));
928
+ }
929
+
930
+ async function testApiEncryptPerSessionResponseCounterMonotonic() {
931
+ var keypair = _serverKeypair();
932
+ var mw = b.middleware.apiEncrypt({
933
+ keypair: keypair, audit: false, keying: "per-session",
934
+ });
935
+ var clientCtx = b.middleware.apiEncrypt.client({
936
+ pubkey: keypair, keying: "per-session",
937
+ });
938
+
939
+ var first = clientCtx.encryptRequest({ n: 1 });
940
+ var req1 = _bodyReq("POST", { "content-type": "application/json" }, "");
941
+ req1.body = first.body;
942
+ var res1 = _mkRes();
943
+ var fin1 = _newFinish(res1);
944
+ await mw(req1, res1, function () { res1.json({ ok: 1 }); });
945
+ await fin1;
946
+ var resp1 = JSON.parse(res1._captured);
947
+ // Client tampers: replays the same response (same _ctr).
948
+ var threw = null;
949
+ try { first.decryptResponse(resp1); }
950
+ catch (_e) { /* first decrypt fine */ }
951
+
952
+ // Now submit the second request and feed back response 1 again — client
953
+ // helper rejects because counter is not strictly increasing.
954
+ var second = clientCtx.encryptRequest({ n: 2 });
955
+ var req2 = _bodyReq("POST", { "content-type": "application/json" }, "");
956
+ req2.body = second.body;
957
+ var res2 = _mkRes();
958
+ var fin2 = _newFinish(res2);
959
+ await mw(req2, res2, function () { res2.json({ ok: 2 }); });
960
+ await fin2;
961
+ threw = null;
962
+ try { second.decryptResponse(resp1); } catch (e) { threw = e; }
963
+ check("client rejects replayed response (counter not strictly increasing)",
964
+ threw && threw.code === "CLIENT_RESPONSE_REPLAY");
965
+ }
966
+
967
+ async function testApiEncryptPerSessionSessionInfo() {
968
+ var keypair = _serverKeypair();
969
+ var clientCtx = b.middleware.apiEncrypt.client({
970
+ pubkey: keypair, keying: "per-session",
971
+ });
972
+ var info0 = clientCtx.sessionInfo();
973
+ check("sessionInfo before any request: sid is null", info0.sid === null);
974
+ check("sessionInfo before any request: reqCtr=0", info0.reqCtr === 0);
975
+ clientCtx.encryptRequest({ x: 1 });
976
+ var info1 = clientCtx.sessionInfo();
977
+ check("sessionInfo after first req: sid populated", typeof info1.sid === "string");
978
+ check("sessionInfo after first req: reqCtr=1", info1.reqCtr === 1);
979
+ clientCtx.encryptRequest({ x: 2 });
980
+ var info2 = clientCtx.sessionInfo();
981
+ check("sessionInfo after second req: reqCtr=2", info2.reqCtr === 2);
982
+ check("sessionInfo: sid stable across requests", info1.sid === info2.sid);
983
+ }
984
+
985
+ async function testApiEncryptPerSessionResetRotates() {
986
+ var keypair = _serverKeypair();
987
+ var clientCtx = b.middleware.apiEncrypt.client({
988
+ pubkey: keypair, keying: "per-session",
989
+ });
990
+ var first = clientCtx.encryptRequest({ n: 1 });
991
+ var sid1 = first.body._sid;
992
+ clientCtx.resetSession();
993
+ var second = clientCtx.encryptRequest({ n: 2 });
994
+ check("client resetSession rotates sid", second.body._sid !== sid1);
995
+ check("client resetSession resets ctr to 1", second.body._ctr === 1);
996
+ check("client resetSession: bootstrap envelope again", typeof second.body._ek === "string");
997
+ }
998
+
999
+ async function testApiEncryptObservabilityCounters() {
1000
+ var keypair = _serverKeypair();
1001
+ var emitted = [];
1002
+ var fakeObs = {
1003
+ safeEvent: function (name, value, labels) {
1004
+ emitted.push({ name: name, value: value, labels: labels });
1005
+ },
1006
+ event: function () {},
1007
+ };
1008
+ var mw = b.middleware.apiEncrypt({
1009
+ keypair: keypair,
1010
+ audit: false,
1011
+ keying: "per-session",
1012
+ observability: fakeObs,
1013
+ });
1014
+ var clientCtx = b.middleware.apiEncrypt.client({
1015
+ pubkey: keypair, keying: "per-session",
1016
+ });
1017
+ var first = clientCtx.encryptRequest({ n: 1 });
1018
+ var req = _bodyReq("POST", { "content-type": "application/json" }, "");
1019
+ req.body = first.body;
1020
+ var res = _mkRes();
1021
+ var fin = _newFinish(res);
1022
+ await mw(req, res, function () { res.json({ ok: 1 }); });
1023
+ await fin;
1024
+ var hasCreated = emitted.some(function (e) { return e.name === "apiEncrypt.session.created"; });
1025
+ check("observability emits apiEncrypt.session.created on bootstrap", hasCreated);
1026
+ }
1027
+
1028
+ async function run() {
1029
+ await testNonceStoreSurface();
1030
+ await testNonceStoreMemoryBasics();
1031
+ await testNonceStoreMemoryRejectsBadInput();
1032
+ await testNonceStoreMemoryPurge();
1033
+ await testNonceStoreClusterBasics();
1034
+ await testNonceStoreCustomBackend();
1035
+ await testNonceStoreUnknownBackend();
1036
+
1037
+ await testApiEncryptKeypairValidated();
1038
+ await testApiEncryptRoundTrip();
1039
+ await testApiEncryptRejectsMissingShape();
1040
+ await testApiEncryptRejectsStaleTimestamp();
1041
+ await testApiEncryptRejectsReplay();
1042
+ await testApiEncryptRejectsTamperedCiphertext();
1043
+ await testApiEncryptExemptPathBypass();
1044
+ await testApiEncryptPublishPublicKey();
1045
+ await testApiEncryptEventOnFailure();
1046
+ await testApiEncryptAuditEmit();
1047
+ await testApiEncryptClientRejectsBadPubkey();
1048
+ await testApiEncryptClientRejectsBadResponse();
1049
+ await testApiEncryptMultiKeypairRotation();
1050
+ await testApiEncryptPublishesActiveKeypair();
1051
+ await testApiEncryptContentTypeScoping();
1052
+ await testApiEncryptNonceHashedBeforeStorage();
1053
+ await testApiEncryptDerivedPruneInterval();
1054
+ await testApiEncryptHttpClientHelperShape();
1055
+ await testApiEncryptHttpClientRoundTrip();
1056
+
1057
+ // v0.7.3 — per-session keying mode
1058
+ await testApiEncryptPerSessionDefaultIsPerRequest();
1059
+ await testApiEncryptPerSessionRejectsBadKeyingValue();
1060
+ await testApiEncryptPerSessionRejectsBadTtl();
1061
+ await testApiEncryptPerSessionRejectsBadStore();
1062
+ await testApiEncryptPerSessionBootstrapAndReuse();
1063
+ await testApiEncryptPerSessionUnknownSid();
1064
+ await testApiEncryptPerSessionCounterReplay();
1065
+ await testApiEncryptPerSessionExpiry();
1066
+ await testApiEncryptPerSessionMaxResponses();
1067
+ await testApiEncryptPerSessionResponseCounterMonotonic();
1068
+ await testApiEncryptPerSessionSessionInfo();
1069
+ await testApiEncryptPerSessionResetRotates();
1070
+ await testApiEncryptObservabilityCounters();
1071
+ }
1072
+
1073
+ module.exports = { run: run };
1074
+
1075
+ if (require.main === module) {
1076
+ run().then(
1077
+ function () { console.log("OK — " + helpers.getChecks() + " checks passed"); },
1078
+ function (e) { console.error("FAIL:", e.message); console.error(e.stack); process.exit(1); }
1079
+ );
1080
+ }