@blamejs/blamejs-shop 0.0.83 → 0.0.98

package/lib/vendor/blamejs/release-notes/v0.12.8.json

@@ -0,0 +1,81 @@
+{
+  "$schema": "../scripts/release-notes-schema.json",
+  "version": "0.12.8",
+  "date": "2026-05-23",
+  "headline": "`b.archive.tar` + `b.archive.read.tar` — POSIX pax tar format end-to-end + `b.guardArchive.tarEntryPolicy` + `b.backup` tar bundle default",
+  "summary": "Tar lands as the second format in the archive family. `b.archive.tar()` builds POSIX pax archives (ustar magic + pax extended headers for >100-char names, >8 GiB sizes, nanosecond mtime); `b.archive.read.tar(adapter)` walks the 512-byte block sequence with the same bomb-cap + path-traversal + entry-type defenses that ZIP read shipped at v0.12.7. Tar's natively-streamable shape means `b.archive.adapters.trustedStream(readable)` is a first-class extract path here (no CD-walk required since tar has no central directory; sequential header-by-header is the canonical adversarial-safe path). `b.guardArchive.tarEntryPolicy` ships as the tar-specific entry-shape policy beyond `entryTypePolicy` — handles typeflag 0/5 (regular/directory) by default, refuses 1/2 (hardlink/symlink) unless `allowDangerous` is set with the realpath-on-link-target dual-check, and refuses 3/4/6/7 (char-device/block-device/FIFO/contiguous-file) unconditionally. `b.backup.bundleAdapterStorage({ format: \"tar\" })` becomes the default for new bundles — directory-tree format stays available via `format: \"directory\"` for back-compat with v0.12.7 bundles. `b.backup.migrate(from, to)` one-shot helper converts v0.12.7 directory bundles to v0.12.8 tar bundles transparently. `b.safeArchive.extract({ source, destination, format: \"auto\" })` now sniffs ustar magic at offset 257 inside the first 512-byte block and dispatches to the tar reader automatically. CVE coverage extends to the tar class: CVE-2026-23745 / 2026-24842 (node-tar symlink+hardlink path resolution), CVE-2025-4517 PATH_MAX TOCTOU (the v0.12.7 dual-check carries through), CVE-2025-11001/11002 (symlink TOCTOU on extract), CVE-2024-12905 / 2025-48387 (tar-fs traversal), CVE-2025-4138/4330 (Python tarfile data filter bypass).",
+  "sections": [
+    {
+      "heading": "Added",
+      "items": [
+        {
+          "title": "`b.archive.tar()` — POSIX pax write builder",
+          "body": "Mirrors `b.archive.zip()`'s contract: `addFile(name, content, opts?)` + `addDirectory(name, opts?)` + `toBuffer()` + `toStream(writable)` + `toAdapter(adapter)` + `digest()`. Emits ustar-magic 512-byte header blocks with the standard 11-field prefix (name / mode / uid / gid / size / mtime / chksum / typeflag / linkname / magic / version / uname / gname / devmajor / devminor / prefix). Names >100 chars + sizes >8 GiB + mtime with nanosecond precision get a pax extended header (typeflag=x) preceding the entry; the extended header records (per POSIX.1-2001 §4.18) carry the `path` / `size` / `mtime` / `atime` / `ctime` fields that overflow ustar's fixed widths. Determinism opts: `{ fixedMtime: 0, ignoreOrder: false }` for reproducible builds (matches the ZIP write side)."
+        },
+        {
+          "title": "`b.archive.read.tar(adapter, opts)` — sequential + random-access tar reader",
+          "body": "Walks 512-byte header blocks in order. `inspect()` enumerates entries without decompressing; `extract({ destination })` decompresses entry-by-entry with the same bomb-cap + path-traversal + entry-type defenses as ZIP read. Trusted-stream adapters are first-class here — tar has no central directory, so sequential header-by-header walk IS the canonical adversarial-safe path (`b.archive.adapters.trustedStream(readable)` and `b.archive.adapters.fs/buffer/objectStore/http` all flow through the same reader). Per-entry path safety routes through `b.guardFilename.verifyExtractionPath` (the v0.12.7 dual-check). Refuses to overwrite pre-existing destination files (carries the v0.12.7 atomic-rollback contract)."
+        },
+        {
+          "title": "`b.guardArchive.tarEntryPolicy(opts)` — tar-specific entry-type policy",
+          "body": "Defaults: typeflag 0 (regular file) + 5 (directory) extract; typeflag 1 (hardlink) + 2 (symlink) refused unless `allowDangerous: { symlinks: true, hardlinks: true }` is set; typeflag 3 (char-device) + 4 (block-device) + 6 (FIFO) + 7 (contiguous-file) refused unconditionally. When `allowDangerous` is set, link target is routed through `b.guardFilename.verifyExtractionPath` against the extraction root — the realpath-on-link-target check defends the CVE-2026-23745 / 24842 node-tar class where the safety check and creation logic diverged on path resolution. Pax extended-header (x) + global-header (g) entries consumed by the reader (merged into the following entry's metadata); operators never see them as standalone entries."
+        },
+        {
+          "title": "`b.backup.bundleAdapterStorage({ format: \"tar\" })` — tar bundle becomes default",
+          "body": "New bundles ship as a single tar archive instead of a directory tree. Restore via `b.archive.read.tar` (with the operator-supplied adapter routing the bytes). `format: \"directory\"` opts back into the v0.12.7 layout for operators with existing bundles. `format: \"tar\"` is the new default; `b.backup.diskStorage` stays back-compat at the legacy directory-tree format."
+        },
+        {
+          "title": "`b.backup.migrate(opts)` — directory → tar bundle migration",
+          "body": "One-shot helper that walks an operator's directory-tree-format bundle (v0.12.7 layout) and writes the same content as a tar-format bundle via the v0.12.8 bundleAdapterStorage. Idempotent: re-running on an already-migrated bundle is a no-op. Source bundle stays in place until the migrate succeeds; operators with explicit transition windows pass `{ deleteSourceOnSuccess: true }` to opt into the inline replace."
+        },
+        {
+          "title": "`b.safeArchive.extract({ format: \"auto\" })` recognizes tar",
+          "body": "Format auto-sniff now dispatches `ustar` magic at offset 257 inside the first 512-byte header block to the tar reader. ZIP magic + tar magic + GZIP magic (v0.12.9) live in the same sniff path; operators with mixed-format pipelines pass `format: \"auto\"` once + the orchestrator picks the right reader."
+        }
+      ]
+    },
+    {
+      "heading": "Security",
+      "items": [
+        {
+          "title": "Symlink + hardlink path resolution (CVE-2026-23745 / CVE-2026-24842 node-tar class)",
+          "body": "node-tar < 7.5.7 / ≤ 7.5.2 shipped a divergence between its hardlink safety check (which used one path resolution) and its hardlink creation logic (which used another). When `allowDangerous: { hardlinks: true }` is set, blamejs routes the link target through `b.guardFilename.verifyExtractionPath` — the SAME primitive that the eventual `link()` call resolves against — so check + create agree by construction. Symlink targets same shape."
+        },
+        {
+          "title": "Path traversal (CVE-2024-12905 / CVE-2025-48387 tar-fs + CVE-2025-4138 / 4330 Python tarfile data filter bypass)",
+          "body": "Every entry name passes through `b.guardFilename.verifyExtractionPath` — the v0.12.7 dual-check that refuses pre-resolve names > PATH_MAX (4096 bytes) AND verifies the string-normalize + `fs.realpath` resolutions agree on the same final path. Defends the CVE-2025-4517 / 4138 / 4330 class where the operator's path resolution and the kernel's diverge silently past PATH_MAX."
+        },
+        {
+          "title": "Symlink TOCTOU on extract (CVE-2025-11001 / CVE-2025-11002 7-Zip class)",
+          "body": "When `allowDangerous: { symlinks: true }` opts symlinks in, the reader resolves the link target via `verifyExtractionPath` against the extraction root BEFORE calling `fs.symlink` — so the resolved target is inside the trust boundary by construction. The v0.12.7 atomic-rollback contract carries through: any single entry failure aborts the whole extract + cleans up only newly-created files (pre-existing destination files refused at the pre-write check)."
+        }
+      ]
+    },
+    {
+      "heading": "Detectors",
+      "items": [
+        {
+          "title": "`tar-extract-allow-dangerous-without-link-target-check`",
+          "body": "Flags any `b.archive.read.tar(adapter).extract({ allowDangerous: ... })` call site in `lib/` that doesn't route the link target through `b.guardFilename.verifyExtractionPath` against the extraction root. Forces the dual-check discipline at every allow-dangerous opt-in — operators with hardlink / symlink extract needs see the realpath check at the call site."
+        },
+        {
+          "title": "`tar-entry-typeflag-without-policy`",
+          "body": "Flags `lib/archive-tar.js` extract code paths that switch on typeflag without composing `b.guardArchive.tarEntryPolicy` for the type-allowlist decision. Locks the shape: every typeflag dispatch goes through the policy, never inline."
+        },
+        {
+          "title": "`backup-migrate-without-source-preserve`",
+          "body": "Flags `b.backup.migrate(opts)` call sites that pass `deleteSourceOnSuccess: true` without an operator-stated justification comment. Default is preserve-source; deletes need an explicit reason."
+        }
+      ]
+    }
+  ],
+  "references": [
+    { "label": "POSIX.1-2001 pax extended format (IEEE 1003.1)",                "url": "https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html" },
+    { "label": "CVE-2026-23745 — node-tar symlink+hardlink path resolution",    "url": "https://www.sentinelone.com/vulnerability-database/cve-2026-23745/" },
+    { "label": "CVE-2026-24842 — node-tar hardlink path resolution",            "url": "https://github.com/advisories/GHSA-34x7-hfp2-rc4v" },
+    { "label": "CVE-2025-4517 — Python tarfile PATH_MAX bypass (CVSS 9.4)",     "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517" },
+    { "label": "CVE-2025-4138 / CVE-2025-4330 — Python tarfile data filter",    "url": "https://github.com/0xDTC/CVE-2025-4138-4517-POC" },
+    { "label": "CVE-2025-11001 / CVE-2025-11002 — 7-Zip symlink TOCTOU on extract", "url": "https://www.sentinelone.com/vulnerability-database/cve-2025-11001/" },
+    { "label": "CVE-2024-12905 / CVE-2025-48387 — node-tar-fs path traversal",   "url": "https://vulert.com/vuln-db/debian-11-node-tar-fs-193050" }
+  ]
+}

package/lib/vendor/blamejs/release-notes/v0.12.9.json

@@ -0,0 +1,61 @@
+{
+  "$schema": "../scripts/release-notes-schema.json",
+  "version": "0.12.9",
+  "date": "2026-05-23",
+  "headline": "`b.archive.gz` + `b.archive.read.gz` — gzip composition with `b.safeDecompress` bomb caps + `b.backup` `tar.gz` bundle format + `sha-to-tag verify` fetches `origin/main`",
+  "summary": "gzip lands as the composition layer over the archive family. `b.archive.gz(bytes)` produces an RFC 1952 gzip stream with the same `toBuffer()` / `toAdapter(adapter)` / `digest()` shape every archive builder ships, and `b.archive.read.gz(adapter, opts)` reads it back through `b.safeDecompress` so a malicious `tar.gz` fails the gzip-layer bomb cap (1 GiB output / 100× ratio defaults) before the tar walker ever sees a decompressed byte. The reader exposes `toBuffer()` / `asTar(opts)` / `asZip(opts)` so operators can hand the decompressed bytes directly to a downstream archive reader without a round-trip through disk. `b.archive.tar().toGzip(adapter, opts)` is the write-side convenience for the most common combination. `b.backup.bundleAdapterStorage({ format: \"tar.gz\" })` adds gzip compression on the wire — bundle sizes drop ~3-5× on text-heavy backups (databases, JSON exports, mail spools); the readback path detects the format from the storage key suffix and composes `b.safeDecompress` automatically. The `sha-to-tag verify` workflow now explicitly fetches `origin/main` before walking the first-parent history, fixing a stale-ref bug that silently failed v0.12.6 through v0.12.8 tag verifications (the publish workflow itself was unaffected; the gate is independent).",
+  "sections": [
+    {
+      "heading": "Added",
+      "items": [
+        {
+          "title": "`b.archive.gz(bytes)` — standalone gzip write builder",
+          "body": "RFC 1952 gzip envelope with the standard archive-builder shape. `toBuffer()` returns the compressed bytes; `toAdapter(adapter)` writes through any writable adapter (fs / object-store / http) that exposes `.write(bytes)` + optional `.close()`; `digest()` returns a SHA3-512 hex hash of the compressed payload for operator integrity logs. `opts.level` accepts 0-9 (zlib default 6). Composes cleanly under `b.archive.tar().toGzip(adapter)` / `b.archive.zip()` for tar.gz / zip.gz convenience."
+        },
+        {
+          "title": "`b.archive.read.gz(adapter, opts)` — gunzip reader with `b.safeDecompress` bomb caps",
+          "body": "Every decompression routes through `b.safeDecompress({ algorithm: \"gzip\", maxOutputBytes, maxRatio })` so a hostile gzip stream fails the bomb gate before any downstream parsing happens. Defaults: `maxDecompressedBytes` = 1 GiB, `maxExpansionRatio` = 100×. The reader exposes three downstream entry points: `toBuffer()` returns the raw decompressed bytes; `asTar(opts)` returns a `b.archive.read.tar` reader over the decompressed payload; `asZip(opts)` returns a `b.archive.read.zip` reader. `fromGzip` is the documented alias the spec uses (operators may reach for either). Refuses non-gzip input upfront via the `0x1f 0x8b` magic check (`archive-gz/bad-magic`)."
+        },
+        {
+          "title": "`b.archive.tar().toGzip(adapter, opts)` — tar.gz write convenience",
+          "body": "Pipes the tar builder's `toBuffer()` through `b.archive.gz()` and writes the resulting gzip envelope to a writable adapter. Equivalent to `b.archive.gz(t.toBuffer()).toAdapter(adapter)` but lets the operator stay in the tar-builder fluent chain when composing under fs / object-store / http adapters."
+        },
+        {
+          "title": "`b.backup.bundleAdapterStorage({ format: \"tar.gz\" })` — compressed-on-the-wire bundles",
+          "body": "Adds gzip compression to the v0.12.8 tar bundle format. Bundle sizes drop ~3-5× on text-heavy backups (databases, JSON exports, mail spools); binary-heavy backups (compressed databases, encrypted archives) see ~1.0-1.1×. Read paths auto-detect via the `<bundleId>/bundle.tar.gz` storage key suffix and route through `b.safeDecompress` on readback. The v0.12.8 `maxBundleBytes` cap continues to gate against pathological projected-uncompressed sizes; `tar.gz` does not bypass it."
+        },
+        {
+          "title": "`b.safeArchive.extract({ format: \"tar.gz\" })` — explicit tar.gz dispatch",
+          "body": "Operators handed a `.tar.gz` upload pass `format: \"tar.gz\"` explicitly; the orchestrator composes `b.archive.read.gz` → `.asTar()` and feeds the standard tar bomb-policy + entry-type-policy + guardProfile through. Defer-with-condition: auto-sniff for tar.gz (peek inside the gzip envelope for ustar magic at offset 257 of the decompressed prefix) lands when operator demand surfaces; today operators with `auto` mode on a `.tar.gz` payload get `format-unsupported gzip` with the explicit-format hint in the error message."
+        }
+      ]
+    },
+    {
+      "heading": "Security",
+      "items": [
+        {
+          "title": "Bomb caps ride at the gz layer, not the tar/zip layer",
+          "body": "The decompression gate is enforced BEFORE the downstream archive reader sees any bytes — a hostile `tar.gz` that would decompress to 10 GiB of zero-filled tar entries fails the 1 GiB `maxDecompressedBytes` default cap during gunzip, never reaching the tar walker. Operators with legitimately large compressed archives pass `maxDecompressedBytes` higher; the framework refuses without an explicit opt-in. RFC 1952 §2.3.1 magic enforcement prevents content-type confusion (gzip-pretending-to-be-something-else inputs)."
+        }
+      ]
+    },
+    {
+      "heading": "Fixed",
+      "items": [
+        {
+          "title": "`sha-to-tag verify` workflow fetches `origin/main` before first-parent walk",
+          "body": "The release-tag integrity gate runs on every `v*` tag push and verifies the tag's commit SHA appears on `main`'s first-parent history. `actions/checkout` was being asked for full history of the tag ref alone — `origin/main` wasn't fetched as a side effect, so `git rev-list --first-parent origin/main | grep -qx \"$SHA\"` walked a stale (or absent) ref and falsely refused. The check now explicitly fetches `origin/main` after checkout so the walk sees the current squash-merge HEAD. Affected releases (v0.12.6 / v0.12.7 / v0.12.8) had publish workflows that completed normally — `sha-to-tag verify` is an independent gate that was silently failing alongside successful publishes; nothing about the published artifacts was wrong."
+        }
+      ]
+    },
+    {
+      "heading": "Detectors",
+      "items": [
+        {
+          "title": "`archive-gz-without-safedecompress` — direct `node:zlib` gunzip in `lib/` must compose `b.safeDecompress`",
+          "body": "Mirrors the v0.11.5 must-compose pattern: any `lib/` call to `zlib.gunzipSync` / `zlib.createGunzip` / `gunzip` outside `lib/archive-gz.js` (which IS the canonical gunzip site, with `b.safeDecompress` wired in) must carry an `allow:archive-gz-without-safedecompress` marker explaining why the bomb gate is bypassed. The detector locks the contract so v0.13+ work that touches a gzip-handling primitive can't quietly drop the cap."
+        }
+      ]
+    }
+  ]
+}

package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js

@@ -0,0 +1,159 @@
+"use strict";
+/**
+ * Layer 0 — b.archive.gz write + b.archive.read.gz read +
+ * tar.gz composition + bundleAdapterStorage tar.gz format.
+ *
+ * Coverage: round-trip standalone gzip, safeDecompress bomb caps,
+ * magic refusal, asTar/asZip composition, backup tar.gz end-to-end.
+ */
+
+var fs = require("node:fs");
+var path = require("node:path");
+var os = require("node:os");
+var b = require("../../index");
+var helpers = require("../helpers");
+var check = helpers.check;
+
+async function testGzRoundTrip() {
+  var src = Buffer.from("hello world ".repeat(100));
+  var compressed = b.archive.gz(src).toBuffer();
+  check("archive.gz: compressed shorter than source",
+    compressed.length < src.length);
+  check("archive.gz: gzip magic 0x1f 0x8b",
+    compressed[0] === 0x1f && compressed[1] === 0x8b);
+  var reader = b.archive.read.gz(b.archive.adapters.buffer(compressed));
+  var roundTrip = await reader.toBuffer();
+  check("archive.read.gz: round-trip preserves bytes",
+    roundTrip.equals(src));
+}
+
+async function testGzBadMagicRefused() {
+  var notGzip = Buffer.from("this is not gzipped content at all");
+  var refused = null;
+  try {
+    var reader = b.archive.read.gz(b.archive.adapters.buffer(notGzip));
+    await reader.toBuffer();
+  } catch (e) { refused = e; }
+  check("archive.read.gz: non-gzip input refused with typed error",
+    refused && /bad-magic/.test(refused.code || refused.message));
+  check("archive.read.gz: refusal is a b.archive.ArchiveGzError",
+    refused instanceof b.archive.ArchiveGzError);
+}
+
+async function testGzBombCapRefused() {
+  // Build a 64 KiB gzip stream of all-zeros (high compression ratio).
+  // Cap the decompressed size to 16 KiB → must refuse.
+  var src = Buffer.alloc(64 * 1024);
+  var compressed = b.archive.gz(src).toBuffer();
+  var reader = b.archive.read.gz(b.archive.adapters.buffer(compressed), {
+    maxDecompressedBytes: 16 * 1024,
+  });
+  var refused = null;
+  try { await reader.toBuffer(); } catch (e) { refused = e; }
+  check("archive.read.gz: maxDecompressedBytes cap refuses bomb",
+    refused !== null);
+}
+
+async function testTarToGzip() {
+  var t = b.archive.tar();
+  t.addFile("payload.txt", "hello world");
+  // toAdapter expects an archive-adapter shape: write(bytes) + close().
+  var chunks = [];
+  var adapter = {
+    write: async function (bytes) { chunks.push(bytes); },
+    close: async function () { /* noop */ },
+  };
+  await t.toGzip(adapter);
+  var assembled = Buffer.concat(chunks);
+  check("archive.tar().toGzip: produces gzip magic",
+    assembled[0] === 0x1f && assembled[1] === 0x8b);
+  // Round-trip through read.gz.asTar
+  var reader = b.archive.read.gz(b.archive.adapters.buffer(assembled));
+  var tarReader = reader.asTar();
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "bjs-tgz-"));
+  try {
+    await tarReader.extract({ destination: dest });
+    check("archive.tar().toGzip → read.gz.asTar.extract: file restored",
+      fs.readFileSync(path.join(dest, "payload.txt"), "utf-8") === "hello world");
+  } finally {
+    try { fs.rmSync(dest, { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+  }
+}
+
+async function testBackupTarGzHighRatioRoundTrip() {
+  // Codex P1 on v0.12.9 PR #160 — a zero-filled file compresses
+  // at >100× ratio; the default safeDecompress ratio cap was
+  // refusing legitimate self-authored bundles on read.
+  var src = fs.mkdtempSync(path.join(os.tmpdir(), "bjs-tgzr-src-"));
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "bjs-tgzr-dest-"));
+  var verify = path.join(os.tmpdir(), "bjs-tgzr-verify-" + Date.now());
+  try {
+    // 1 MiB of zeros — gzip should compress this to a few hundred
+    // bytes (ratio ~ 5000×), well past the 100× default.
+    fs.writeFileSync(path.join(src, "zeros.bin"), Buffer.alloc(1024 * 1024));
+    var storage = b.backup.bundleAdapterStorage({
+      adapter: b.backup.bundleAdapterStorage.fsAdapter({ root: dest }),
+      format:  "tar.gz",
+    });
+    var bundleId = "2026-05-23T17-30-00-000Z-11223344";
+    await storage.writeBundle(bundleId, src);
+    await storage.readBundle(bundleId, verify);
+    check("backup tar.gz: high-ratio bundle restores past the 100× default",
+      fs.readFileSync(path.join(verify, "zeros.bin")).length === 1024 * 1024);
+  } finally {
+    try { fs.rmSync(src,    { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(dest,   { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(verify, { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+  }
+}
+
+async function testBackupTarGzRoundTrip() {
+  var src = fs.mkdtempSync(path.join(os.tmpdir(), "bjs-tgz-src-"));
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "bjs-tgz-dest-"));
+  var verify = path.join(os.tmpdir(), "bjs-tgz-verify-" + Date.now());
+  try {
+    fs.writeFileSync(path.join(src, "a.txt"), "hello world ".repeat(100));
+    fs.writeFileSync(path.join(src, "b.txt"), "goodbye ".repeat(50));
+    var storage = b.backup.bundleAdapterStorage({
+      adapter: b.backup.bundleAdapterStorage.fsAdapter({ root: dest }),
+      format:  "tar.gz",
+    });
+    var bundleId = "2026-05-23T17-00-00-000Z-aabbccdd";
+    await storage.writeBundle(bundleId, src);
+    var bundleDir = path.join(dest, bundleId);
+    check("backup tar.gz: bundle.tar.gz key written",
+      fs.existsSync(path.join(bundleDir, "bundle.tar.gz")));
+    var gzBytes = fs.readFileSync(path.join(bundleDir, "bundle.tar.gz"));
+    check("backup tar.gz: payload carries gzip magic",
+      gzBytes[0] === 0x1f && gzBytes[1] === 0x8b);
+    check("backup tar.gz: hasBundle true for tar.gz format",
+      await storage.hasBundle(bundleId));
+    await storage.readBundle(bundleId, verify);
+    check("backup tar.gz: a.txt round-trips",
+      fs.readFileSync(path.join(verify, "a.txt"), "utf-8") === "hello world ".repeat(100));
+    check("backup tar.gz: b.txt round-trips",
+      fs.readFileSync(path.join(verify, "b.txt"), "utf-8") === "goodbye ".repeat(50));
+  } finally {
+    try { fs.rmSync(src,    { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(dest,   { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(verify, { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+  }
+}
+
+async function run() {
+  await testGzRoundTrip();
+  await testGzBadMagicRefused();
+  await testGzBombCapRefused();
+  await testTarToGzip();
+  await testBackupTarGzRoundTrip();
+  await testBackupTarGzHighRatioRoundTrip();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[archive-gz] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}

package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js

@@ -0,0 +1,247 @@
+"use strict";
+/**
+ * Layer 0 — b.archive read substrate + safe-extract orchestrator +
+ * guard-archive policy builders + b.guardFilename.verifyExtractionPath
+ * + b.backup.bundleAdapterStorage.
+ *
+ * Round-trip coverage: write a ZIP via the existing write side, read
+ * it back via b.archive.read.zip (random-access buffer adapter), extract
+ * via b.safeArchive.extract into a quarantine directory, verify file
+ * contents. Refusal coverage: zip-slip entry name, oversize entries,
+ * NUL byte, PATH_MAX overflow.
+ */
+
+var helpers = require("../helpers");
+var check = helpers.check;
+var b = helpers.b;
+var os = require("node:os");
+var path = require("node:path");
+var fs = require("node:fs");
+
+async function testRoundTripExtract() {
+  var z = b.archive.zip();
+  z.addFile("readme.txt", "Hello, archive-read!\n");
+  z.addFile("data/numbers.csv", "n,sq\n1,1\n2,4\n3,9\n");
+  z.addFile("docs/nested/deep.txt", Buffer.from("payload\n"));
+  var bytes = z.toBuffer();
+
+  // Inspect via buffer adapter — verifies adapter contract + EOCD walk +
+  // CD-walk + LFH/CD skew check.
+  var reader = b.archive.read.zip(b.archive.adapters.buffer(bytes));
+  var entries = await reader.inspect();
+  check("archive.read.zip.inspect: 3 entries",         entries.length === 3);
+  check("archive.read.zip.inspect: name + size",        entries[0].name === "readme.txt" && entries[0].size === 21);
+  check("archive.read.zip.inspect: nested name",        entries[2].name === "docs/nested/deep.txt");
+
+  // Extract via safeArchive orchestrator.
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-archive-test-"));
+  try {
+    var result = await b.safeArchive.extract({
+      source:       bytes,
+      destination:  dest,
+      guardProfile: "balanced",
+    });
+    check("safeArchive.extract: 3 entries written",      result.entries.length === 3);
+    check("safeArchive.extract: format=zip",             result.format === "zip");
+    var readme = fs.readFileSync(path.join(dest, "readme.txt"), "utf8");
+    check("safeArchive.extract: readme contents match",  readme === "Hello, archive-read!\n");
+    var nested = fs.readFileSync(path.join(dest, "docs/nested/deep.txt"), "utf8");
+    check("safeArchive.extract: nested file restored",   nested === "payload\n");
+  } finally {
+    fs.rmSync(dest, { recursive: true, force: true });
+  }
+}
+
+function testSafeArchiveErrorClass() {
+  // Sanity-check that the typed-error class is exported + an instance
+  // can be constructed with a code + message.
+  var err = new b.safeArchive.SafeArchiveError("safe-archive/test", "test instance");
+  check("SafeArchiveError: code carried",     err.code === "safe-archive/test");
+  check("SafeArchiveError: is Error subclass", err instanceof Error);
+}
+
+async function testSafeArchiveInspect() {
+  var z = b.archive.zip();
+  z.addFile("a.txt", "alpha");
+  z.addFile("b.txt", "beta");
+  var bytes = z.toBuffer();
+  var summary = await b.safeArchive.inspect({ source: bytes });
+  check("safeArchive.inspect: format=zip",                summary.format === "zip");
+  check("safeArchive.inspect: 2 entries",                 summary.entries.length === 2);
+  check("safeArchive.inspect: totalUncompressedBytes",    summary.totalUncompressedBytes === 9);
+}
+
+async function testZipBombPolicy() {
+  var policy = b.guardArchive.zipBombPolicy({
+    maxTotalDecompressedBytes: 8,
+    maxExpansionRatio:         100,
+  });
+  check("zipBombPolicy: maxTotalDecompressedBytes carries",  policy.maxTotalDecompressedBytes === 8);
+  check("zipBombPolicy: defaults applied",                   policy.maxEntries === 65535);
+  // 9-byte archive payload exceeds the 8-byte total cap.
+  var z = b.archive.zip();
+  z.addFile("big.txt", "123456789");
+  var bytes = z.toBuffer();
+  var refused = null;
+  try {
+    var reader = b.archive.read.zip(b.archive.adapters.buffer(bytes), {
+      bombPolicy: policy,
+    });
+    await reader.inspect();
+  } catch (e) { refused = e; }
+  check("bombPolicy: maxTotalDecompressedBytes trips",
+    refused && /total-too-large|entry-too-large/.test(refused.code || refused.message));
+}
+
+function testEntryTypePolicy() {
+  var p = b.guardArchive.entryTypePolicy({ symlinks: true });
+  check("entryTypePolicy: symlinks opted in",   p.symlinks === true);
+  check("entryTypePolicy: hardlinks default off", p.hardlinks === false);
+  check("entryTypePolicy: devices default off",   p.devices === false);
+}
+
+function testVerifyExtractionPathHappy() {
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-verifyx-"));
+  try {
+    var resolved = b.guardFilename.verifyExtractionPath("docs/readme.txt", dest);
+    check("verifyExtractionPath: ok resolved", resolved.indexOf(dest) === 0);
+  } finally {
+    fs.rmSync(dest, { recursive: true, force: true });
+  }
+}
+
+function testVerifyExtractionPathRefusals() {
+  var refusals = 0;
+  function r(name, root) {
+    try { b.guardFilename.verifyExtractionPath(name, root); }
+    catch (_e) { refusals += 1; }
+  }
+  r("../etc/passwd", "/tmp");                       // zip slip
+  r("/etc/passwd", "/tmp");                         // absolute
+  r("docs/../../etc/passwd", "/tmp");               // mid-segment ..
+  // PATH_MAX overflow (4097 chars).
+  var oversize = new Array(4098).join("a");
+  r(oversize, "/tmp");
+  check("verifyExtractionPath: 4 refusals", refusals === 4);
+}
+
+async function testExtractRefusesOverwrite() {
+  // Codex P1 on v0.12.7 PR #158 — the catch-block cleanup deleted
+  // PRE-EXISTING destination files on abort because the rename-onto-
+  // canonical-path path overwrote them first, then `written[].path`
+  // got rm'd. Fix is to refuse overwrite up front; this regression
+  // test verifies the new refusal fires + that the pre-existing file
+  // is left untouched.
+  var z = b.archive.zip();
+  z.addFile("readme.txt", "from-archive\n");
+  var bytes = z.toBuffer();
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-overwrite-test-"));
+  try {
+    var collidePath = path.join(dest, "readme.txt");
+    fs.writeFileSync(collidePath, "operator's pre-existing file\n");
+    var refused = null;
+    try {
+      await b.safeArchive.extract({ source: bytes, destination: dest });
+    } catch (e) { refused = e; }
+    check("extract: refuses pre-existing destination file",
+      refused && /destination-exists/.test(refused.code || refused.message));
+    var stillThere = fs.readFileSync(collidePath, "utf8");
+    check("extract: pre-existing file untouched on refusal",
+      stillThere === "operator's pre-existing file\n");
+  } finally {
+    fs.rmSync(dest, { recursive: true, force: true });
+  }
+}
+
+async function testSafeArchiveRefusesTrustedStreamSource() {
+  // Codex P2 on v0.12.7 PR #158 — safeArchive.extract accepted
+  // trusted-stream adapters via the input-shape validator but the
+  // implementation called the random-access reader, which threw the
+  // wrong-entry-point error. Fix is to refuse trusted-stream sources
+  // upfront with a typed safe-archive code.
+  var nodeStream = require("node:stream");
+  var fakeReadable = new nodeStream.Readable({ read: function () {} });
+  var adapter = b.archive.adapters.trustedStream(fakeReadable);
+  var dest = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-trusted-refusal-"));
+  try {
+    var refused = null;
+    try {
+      await b.safeArchive.extract({
+        source:      adapter,
+        destination: dest,
+      });
+    } catch (e) { refused = e; }
+    check("safeArchive.extract: trusted-stream upfront refused",
+      refused && /trusted-stream-unsupported/.test(refused.code || refused.message));
+  } finally {
+    fakeReadable.destroy();
+    fs.rmSync(dest, { recursive: true, force: true });
+  }
+}
+
+async function testGuardArchiveInspect() {
+  var z = b.archive.zip();
+  z.addFile("safe.txt", "safe");
+  var bytes = z.toBuffer();
+  var summary = await b.guardArchive.inspect(b.archive.adapters.buffer(bytes), {
+    profile: "balanced",
+  });
+  check("guardArchive.inspect: 1 entry",       summary.entries.length === 1);
+  check("guardArchive.inspect: issues array",   Array.isArray(summary.issues));
+}
+
+async function testBundleAdapterStorageRoundTrip() {
+  var rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-backup-adapter-root-"));
+  var srcDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-backup-adapter-src-"));
+  var destDir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-backup-adapter-dest-"));
+  try {
+    // Populate a small bundle source.
+    fs.writeFileSync(path.join(srcDir, "manifest.json"), JSON.stringify({ v: 1 }));
+    fs.mkdirSync(path.join(srcDir, "files"));
+    fs.writeFileSync(path.join(srcDir, "files", "blob.bin"), Buffer.from([1, 2, 3]));
+
+    var storage = b.backup.bundleAdapterStorage({
+      adapter: b.backup.bundleAdapterStorage.fsAdapter({ root: rootDir }),
+    });
+    check("bundleAdapterStorage: name=adapter", storage.name === "adapter");
+
+    var bundleId = "2026-05-23T07-00-00-000Z-deadbeef";
+    await storage.writeBundle(bundleId, srcDir);
+    check("bundleAdapterStorage: hasBundle after write", await storage.hasBundle(bundleId));
+    fs.rmSync(destDir, { recursive: true });
+    await storage.readBundle(bundleId, destDir);
+    var restored = fs.readFileSync(path.join(destDir, "files", "blob.bin"));
+    check("bundleAdapterStorage: roundtrip bytes match", restored[0] === 1 && restored.length === 3);
+    var list = await storage.listBundles();
+    check("bundleAdapterStorage: listBundles returns the bundle", list.length === 1 && list[0].bundleId === bundleId);
+    await storage.deleteBundle(bundleId);
+    check("bundleAdapterStorage: hasBundle false after delete", !(await storage.hasBundle(bundleId)));
+  } finally {
+    try { fs.rmSync(rootDir, { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(srcDir,  { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+    try { fs.rmSync(destDir, { recursive: true, force: true }); } catch (_e) { /* ignore */ }
+  }
+}
+
+async function run() {
+  await testRoundTripExtract();
+  testSafeArchiveErrorClass();
+  await testSafeArchiveInspect();
+  await testZipBombPolicy();
+  testEntryTypePolicy();
+  testVerifyExtractionPathHappy();
+  testVerifyExtractionPathRefusals();
+  await testExtractRefusesOverwrite();
+  await testSafeArchiveRefusesTrustedStreamSource();
+  await testGuardArchiveInspect();
+  await testBundleAdapterStorageRoundTrip();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[archive-read] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}