@blamejs/blamejs-shop 0.1.13 → 0.1.14

package/CHANGELOG.md

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 
 ## v0.1.x
 
+- v0.1.14 (2026-05-25) — **PayPal payment adapter (Orders v2).** `payment.create({ adapter: "paypal", … })` is a new native PayPal adapter alongside the Stripe one — a from-scratch Orders-v2 client over the framework's SSRF-gated HTTP client, with no PayPal SDK dependency. It exchanges an OAuth2 client-credentials token (cached until it nears expiry), creates and captures orders, fetches and refunds them, and verifies inbound webhooks through PayPal's verify-webhook-signature API. This ships the adapter only; wiring it into the checkout flow and a storefront button comes next. Card / Stripe checkout is unchanged. **Added:** *PayPal Orders-v2 adapter* — `payment.create({ adapter: "paypal", clientId, secret, sandbox?, webhookId?, apiBase? })` returns `{ createOrder, captureOrder, getOrder, refund, verifyWebhook }`. `createOrder({ amount_minor, currency, order_id?, return_url?, cancel_url? })` opens a CAPTURE-intent order (amounts converted to PayPal's decimal-string major units, including 0-decimal currencies); `captureOrder(id)` finalizes it; `refund({ capture_id, amount_minor?, currency? })` refunds full or partial; `getOrder(id)` reads status. Every call carries an OAuth2 bearer token exchanged once and cached until ~2 minutes before expiry, and a `PayPal-Request-Id` for idempotency (plus the shared idempotency cache when a `query` handle is wired). `verifyWebhook(headers, rawBody, { webhookId })` confirms an inbound event through PayPal's verify-webhook-signature API and returns `{ ok, event }`. Outbound HTTP goes through `b.httpClient` — no `paypal` npm dependency. Off until the operator supplies credentials; the Stripe adapter and existing checkout are unchanged.
+
 - v0.1.13 (2026-05-25) — **Internal: uniform framework access across the library.** An internal consistency refactor with no API or behavior change. Every library module now captures the framework once at the top — straight from the vendored tree (`var b = require("./vendor/blamejs");`) — and uses `b.*` uniformly, replacing a per-module lazy accessor and its scattered call sites. Capturing the framework directly (rather than via the composing entry point) also avoids a circular-load edge case on leaf-first imports. Two source files that embedded a raw NUL byte as a map-key separator now use the `\u0000` escape, so the whole library is plain text. New lint rules lock all of this in place. Public APIs, runtime behavior, and the published surface are unchanged. **Added:** *Lint detectors for accessor uniformity and source hygiene* — Three repository lint rules now prevent drift: one rejects the reintroduction of the per-module lazy framework accessor (capture the framework once at module top); one rejects requiring the composing entry point from a leaf module (require the vendored framework directly — entry-point requires from a leaf create a circular-load hazard); and one rejects raw C0 control bytes in source files (write `\u0000` and friends as escapes so files stay plain text — grep / diff / editors handle them correctly). **Changed:** *Framework handle captured once per module* — Library modules previously reached the vendored framework through a lazy `_b()` accessor invoked at every call site. They now capture it once at module top — `var b = require("./vendor/blamejs");`, the same object the entry point re-exports as `.framework` — and reference `b.*` directly, matching how the edge worker already accesses it. Capturing it directly from the vendored tree (instead of through the composing entry point) keeps leaf-first module imports working — requiring a single module no longer pulls the entry point's whole assembly mid-initialization. No public API or runtime behavior changes.
 
 - v0.1.12 (2026-05-25) — **Card payments now finalize the order — the Stripe webhook is handled end to end.** A confirmed Stripe payment now advances the order from pending to paid. The container now serves the `POST /api/webhooks/stripe` route the edge worker forwards to: it re-verifies the event signature over the exact raw bytes, maps the event to the order's FSM transition, and is idempotent across Stripe's re-deliveries. Previously the edge verified the webhook but nothing consumed it on the container, so a paid PaymentIntent (card, Apple Pay, or Google Pay) left the order stuck in pending — no fulfillment, no paid status. Operators running checkout should upgrade and confirm their Stripe webhook points at `/api/webhooks/stripe`. **Added:** *Raw-body capture for payment webhooks* — A small middleware preserves the exact request bytes for the webhook path before the JSON body-parser runs, so signature verification (which is computed over the raw body) is reliable. It is scoped to the webhook routes and leaves every other request untouched. **Fixed:** *Stripe webhook completes the order* — `POST /api/webhooks/stripe` is now handled on the container: the event signature is re-verified against `STRIPE_WEBHOOK_SECRET` over the raw request body (a tampered or unsigned event is rejected with 400), then `payment_intent.succeeded` / `.canceled` / `charge.refunded` drive the order FSM (`mark_paid` / `cancel` / `refund`). Re-deliveries are idempotent — an event for an order already in the target state is acknowledged with 200 and skipped. A delivery for an unknown PaymentIntent is acknowledged without effect. This closes the gap where a confirmed payment never moved the order out of `pending`.

package/lib/payment.js

@@ -43,6 +43,10 @@ var IDEMPOTENT_OPERATIONS    = {
   "subscription.create":   true,
   "subscription.update":   true,
   "subscription.cancel":   true,
+  // PayPal adapter mutating operations (Orders v2).
+  "paypal_order.create":   true,
+  "paypal_capture.create": true,
+  "paypal_refund.create":  true,
 };
 
 // ---- validation -----------------------------------------------------------
@@ -502,17 +506,261 @@ function stripe(opts) {
   };
 }
 
-function create(opts) {
+// ---- PayPal adapter -------------------------------------------------------
+//
+// PayPal Orders v2 over `b.httpClient`. Two structural differences from the
+// Stripe adapter: (1) every call needs an OAuth2 client-credentials access
+// token, exchanged up front and cached until it nears expiry; (2) webhook
+// verification is a server-to-server call to PayPal's own
+// verify-webhook-signature API — PayPal has no offline-HMAC shape like
+// Stripe's. Outbound goes through `b.httpClient` (SSRF-gated, retried); the
+// shared `_runIdempotent` cache applies when `query` is wired.
+var PAYPAL_API_BASE_LIVE    = "https://api-m.paypal.com";
+var PAYPAL_API_BASE_SANDBOX = "https://api-m.sandbox.paypal.com";
+var PAYPAL_HTTP_TIMEOUT_MS  = 15000;
+var PAYPAL_TOKEN_SKEW_MS    = C.TIME.minutes(2); // refresh this far before expiry
+
+// PayPal rejects decimal places for these currencies; everything else is
+// 2-decimal. Amounts cross the wire as decimal strings in MAJOR units.
+var PAYPAL_ZERO_DECIMAL     = { HUF: true, JPY: true, TWD: true };
+
+function _paypalApiBase(opts) {
+  if (opts.apiBase) return opts.apiBase.replace(/\/$/, "");
+  return opts.sandbox ? PAYPAL_API_BASE_SANDBOX : PAYPAL_API_BASE_LIVE;
+}
+
+function _minorToDecimalString(minor, currency) {
+  var dec = PAYPAL_ZERO_DECIMAL[currency] ? 0 : 2;
+  var neg = minor < 0;
+  var s = String(Math.abs(minor));
+  if (dec === 0) return (neg ? "-" : "") + s;
+  while (s.length <= dec) s = "0" + s;
+  return (neg ? "-" : "") + s.slice(0, s.length - dec) + "." + s.slice(s.length - dec);
+}
+
+function _headerCI(headers, name) {
+  if (!headers) return undefined;
+  if (headers[name] != null) return headers[name];
+  var lower = name.toLowerCase();
+  for (var k in headers) {
+    if (Object.prototype.hasOwnProperty.call(headers, k) && k.toLowerCase() === lower) return headers[k];
+  }
+  return undefined;
+}
+
+async function _paypalToken(opts, state) {
+  var now = state.now();
+  if (state.token && now < state.tokenExpiresAt) return state.token;
+  var httpClient = opts.httpClient || b.httpClient;
+  var basic = Buffer.from(opts.clientId + ":" + opts.secret).toString("base64");
+  var res = await httpClient.request({
+    method:  "POST",
+    url:     _paypalApiBase(opts) + "/v1/oauth2/token",
+    headers: {
+      "authorization":  "Basic " + basic,
+      "accept":         "application/json",
+      "content-type":   "application/x-www-form-urlencoded",
+      "user-agent":     "blamejs-shop (zero-dep)",
+    },
+    body:      "grant_type=client_credentials",
+    timeoutMs: opts.timeoutMs || PAYPAL_HTTP_TIMEOUT_MS,
+  });
+  var text = res.body && res.body.toString ? res.body.toString("utf8") : "";
+  var json; try { json = text.length ? JSON.parse(text) : {}; } catch (_e) { json = {}; }
+  if (res.statusCode < 200 || res.statusCode >= 300 || !json.access_token) {
+    var err = new Error("paypal: OAuth2 token exchange failed → HTTP " + res.statusCode +
+                        (json && json.error_description ? " — " + json.error_description : ""));
+    err.code = "PAYPAL_AUTH_" + res.statusCode;
+    err.statusCode = res.statusCode;
+    throw err;
+  }
+  state.token = json.access_token;
+  var ttlMs = (typeof json.expires_in === "number" ? json.expires_in : 0) * 1000; // allow:raw-time-literal — PayPal expires_in is a runtime seconds value; *1000 → ms
+  state.tokenExpiresAt = now + Math.max(0, ttlMs - PAYPAL_TOKEN_SKEW_MS);
+  return state.token;
+}
+
+async function _paypalCall(opts, state, method, path, bodyObj, requestId) {
+  var token = await _paypalToken(opts, state);
+  var headers = {
+    "authorization": "Bearer " + token,
+    "accept":        "application/json",
+    "content-type":  "application/json",
+    "user-agent":    "blamejs-shop (zero-dep)",
+  };
+  if (requestId) headers["paypal-request-id"] = requestId;
+  var body = bodyObj != null ? JSON.stringify(bodyObj) : undefined;
+  if (body) headers["content-length"] = Buffer.byteLength(body, "utf8");
+  var httpClient = opts.httpClient || b.httpClient;
+  var res = await httpClient.request({
+    method:    method,
+    url:       _paypalApiBase(opts) + path,
+    headers:   headers,
+    body:      body,
+    timeoutMs: opts.timeoutMs || PAYPAL_HTTP_TIMEOUT_MS,
+  });
+  var text = res.body && res.body.toString ? res.body.toString("utf8") : "";
+  var json; try { json = text.length ? JSON.parse(text) : {}; } catch (_e) { json = { _raw: text }; }
+  if (res.statusCode < 200 || res.statusCode >= 300) {
+    var detail = json && (json.message || (json.details && json.details[0] && json.details[0].description)) || "";
+    var err = new Error("paypal: " + method + " " + path + " → HTTP " + res.statusCode + (detail ? " — " + detail : ""));
+    err.code = (json && json.name) || "PAYPAL_HTTP_" + res.statusCode;
+    err.statusCode = res.statusCode;
+    err.paypal = json || null;
+    throw err;
+  }
+  Object.defineProperty(json, "_paypalStatus",  { value: res.statusCode, enumerable: false });
+  Object.defineProperty(json, "_paypalRawText", { value: text,           enumerable: false });
+  return json;
+}
+
+function paypal(opts) {
   opts = opts || {};
-  if (opts.adapter && opts.adapter !== "stripe") {
-    throw new TypeError("payment.create: unknown adapter " + JSON.stringify(opts.adapter) + " — only 'stripe' is supported in v1");
+  _assertSecret(opts.clientId, "clientId");
+  _assertSecret(opts.secret,   "secret");
+  if (opts.query != null && typeof opts.query !== "function") {
+    throw new TypeError("payment: query must be a function (sql, params) => Promise<{ rows }>");
+  }
+  if (opts.now != null && typeof opts.now !== "function") {
+    throw new TypeError("payment: now must be a function returning current epoch ms");
+  }
+  var state = {
+    query:          opts.query || null,
+    now:            typeof opts.now === "function" ? opts.now : function () { return Date.now(); },
+    token:          null,
+    tokenExpiresAt: 0,
+  };
+
+  function _maybeIdempotent(operation, idempotencyKey, requestObj, doCall) {
+    if (!state.query || idempotencyKey == null) return doCall();
+    return _runIdempotent(state, operation, idempotencyKey, requestObj, doCall);
   }
-  return stripe(opts);
+
+  function _amount(input, label) {
+    _positiveInt(input.amount_minor, "amount_minor");
+    if (typeof input.currency !== "string" || !/^[A-Z]{3}$/.test(input.currency)) {
+      throw new TypeError("payment." + label + ": currency must be a 3-letter uppercase ISO 4217 code");
+    }
+    return { currency_code: input.currency, value: _minorToDecimalString(input.amount_minor, input.currency) };
+  }
+
+  return {
+    name: "paypal",
+
+    // Create an Orders-v2 order (intent CAPTURE). The returned `id` is the
+    // PayPal order id the buyer approves; `captureOrder` finalizes it.
+    createOrder: function (input, idempotencyKey) {
+      if (!input || typeof input !== "object") throw new TypeError("payment.createOrder: input object required");
+      var bodyObj = {
+        intent: "CAPTURE",
+        purchase_units: [{
+          amount:     _amount(input, "createOrder"),
+          custom_id:  input.order_id || undefined,
+          invoice_id: input.invoice_id || undefined,
+        }],
+      };
+      if (input.return_url || input.cancel_url) {
+        bodyObj.payment_source = { paypal: { experience_context: {
+          return_url: input.return_url || undefined,
+          cancel_url: input.cancel_url || undefined,
+        } } };
+      }
+      var requestId = "order:" + (input.order_id || idempotencyKey || b.uuid.v7());
+      return _maybeIdempotent("paypal_order.create", idempotencyKey, { op: "createOrder", input: input }, function () {
+        return _paypalCall(opts, state, "POST", "/v2/checkout/orders", bodyObj, requestId);
+      });
+    },
+
+    // Capture an approved order. Returns the capture resource (the
+    // `purchase_units[0].payments.captures[0].id` is the capture id refunds
+    // reference).
+    captureOrder: function (orderId, idempotencyKey) {
+      if (typeof orderId !== "string" || !orderId.length) throw new TypeError("payment.captureOrder: orderId required");
+      var requestId = "capture:" + orderId + (idempotencyKey ? ":" + idempotencyKey : "");
+      return _maybeIdempotent("paypal_capture.create", idempotencyKey, { op: "captureOrder", orderId: orderId }, function () {
+        return _paypalCall(opts, state, "POST", "/v2/checkout/orders/" + encodeURIComponent(orderId) + "/capture", {}, requestId);
+      });
+    },
+
+    getOrder: function (orderId) {
+      if (typeof orderId !== "string" || !orderId.length) throw new TypeError("payment.getOrder: orderId required");
+      return _paypalCall(opts, state, "GET", "/v2/checkout/orders/" + encodeURIComponent(orderId), null, null);
+    },
+
+    // Refund a capture — full when no amount is given, partial with
+    // { amount_minor, currency }.
+    refund: function (input, idempotencyKey) {
+      if (!input || typeof input !== "object") throw new TypeError("payment.refund: input object required");
+      if (typeof input.capture_id !== "string" || !input.capture_id.length) {
+        throw new TypeError("payment.refund: capture_id required");
+      }
+      var bodyObj = {};
+      if (input.amount_minor != null) bodyObj.amount = _amount(input, "refund");
+      if (input.note_to_payer) bodyObj.note_to_payer = input.note_to_payer;
+      if (input.invoice_id)    bodyObj.invoice_id = input.invoice_id;
+      // Multiple partial refunds on the SAME capture are legitimate + distinct,
+      // so the PayPal-Request-Id (PayPal's idempotency identity) must be unique
+      // per call by default — reusing `capture_id` alone would make PayPal
+      // replay the first refund instead of executing the next. A caller that
+      // wants a retry deduplicated passes an explicit idempotencyKey (or
+      // input.idempotency_suffix); otherwise a fresh uuid keeps each refund
+      // its own request. (createOrder / captureOrder stay stable on purpose —
+      // retrying those SHOULD be idempotent.)
+      var requestId = "refund:" + input.capture_id + ":" + (idempotencyKey || input.idempotency_suffix || b.uuid.v7());
+      return _maybeIdempotent("paypal_refund.create", idempotencyKey, { op: "refund", input: input }, function () {
+        return _paypalCall(opts, state, "POST",
+          "/v2/payments/captures/" + encodeURIComponent(input.capture_id) + "/refund", bodyObj, requestId);
+      });
+    },
+
+    // Verify an inbound webhook by calling PayPal's verify-webhook-signature
+    // API with the transmission headers + the configured webhook id + the
+    // event body. Returns { ok, event } on a SUCCESS verification status,
+    // { ok:false, reason } otherwise (drop-silent — never throws).
+    verifyWebhook: async function (headers, rawBody, vOpts) {
+      var webhookId = (vOpts && vOpts.webhookId) || opts.webhookId;
+      if (!webhookId) return { ok: false, reason: "no-webhook-id" };
+      var authAlgo        = _headerCI(headers, "paypal-auth-algo");
+      var certUrl         = _headerCI(headers, "paypal-cert-url");
+      var transmissionId  = _headerCI(headers, "paypal-transmission-id");
+      var transmissionSig = _headerCI(headers, "paypal-transmission-sig");
+      var transmissionTime= _headerCI(headers, "paypal-transmission-time");
+      if (!authAlgo || !certUrl || !transmissionId || !transmissionSig || !transmissionTime) {
+        return { ok: false, reason: "missing-transmission-headers" };
+      }
+      var event;
+      try { event = typeof rawBody === "string" ? JSON.parse(rawBody) : rawBody; }
+      catch (_e) { return { ok: false, reason: "malformed-body" }; }
+      var verifyBody = {
+        auth_algo:         authAlgo,
+        cert_url:          certUrl,
+        transmission_id:   transmissionId,
+        transmission_sig:  transmissionSig,
+        transmission_time: transmissionTime,
+        webhook_id:        webhookId,
+        webhook_event:     event,
+      };
+      var res;
+      try { res = await _paypalCall(opts, state, "POST", "/v1/notifications/verify-webhook-signature", verifyBody, null); }
+      catch (e) { return { ok: false, reason: "verify-call-failed", error: e && e.message }; }
+      if (res && res.verification_status === "SUCCESS") return { ok: true, event: event };
+      return { ok: false, reason: "verification-status-" + ((res && res.verification_status) || "unknown") };
+    },
+  };
+}
+
+function create(opts) {
+  opts = opts || {};
+  var adapter = opts.adapter || "stripe";
+  if (adapter === "stripe") return stripe(opts);
+  if (adapter === "paypal") return paypal(opts);
+  throw new TypeError("payment.create: unknown adapter " + JSON.stringify(opts.adapter) + " — 'stripe' and 'paypal' are supported");
 }
 
 module.exports = {
   create:                    create,
   stripe:                    stripe,
+  paypal:                    paypal,
   STRIPE_WEBHOOK_TOLERANCE:  STRIPE_WEBHOOK_TOLERANCE,
   IDEMPOTENCY_TTL_MS:        IDEMPOTENCY_TTL_MS,
   // Exposed for tests + Worker to share form-encoding shape.

package/lib/vendor/MANIFEST.json

@@ -3,8 +3,8 @@
   "_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
   "packages": {
     "blamejs": {
-      "version": "0.12.53",
-      "tag": "v0.12.53",
+      "version": "0.12.54",
+      "tag": "v0.12.54",
       "license": "Apache-2.0",
       "author": "blamejs contributors",
       "source": "https://github.com/blamejs/blamejs",

package/lib/vendor/blamejs/CHANGELOG.md

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 
 ## v0.12.x
 
+- v0.12.54 (2026-05-25) — **`b.structuredFields.parse` / `serialize` — full RFC 8941 Structured Fields codec.** The structured-fields module gains a complete RFC 8941 parser and serializer alongside its existing quote-aware helpers. b.structuredFields.parse reads an Item, List, or Dictionary into a typed value model — items are { value, params }, lists are arrays of items / inner lists, dictionaries are Maps — with Tokens and byte sequences returned as distinct SfToken / SfByteSequence instances. It enforces the grammar strictly: integer and decimal digit caps, printable-ASCII strings, canonical base64 byte sequences, valid token and key grammar, and no trailing characters. b.structuredFields.serialize is the exact inverse. This is the real parser the framework's Content-Digest, Client Hints, Web Push, and HTTP Message Signature surfaces can build on instead of open-coding each field. Validated against the official httpwg structured-field-tests conformance vectors. **Added:** *`b.structuredFields.parse(input, type, opts?)` / `serialize(value, type, opts?)` / `Token` / `ByteSequence`* — `parse` accepts `type` of `"item"`, `"list"`, or `"dictionary"` and returns the value model (items as `{ value, params }` with a `Map` of parameters; lists as arrays of items or inner lists; dictionaries as `Map`s). Bare items are JS numbers (Integer / Decimal), strings, booleans, `SfToken`, or `SfByteSequence`. Malformed input is rejected — out-of-range integers, over-long decimals, non-printable string bytes, non-canonical base64, invalid tokens / keys, and any trailing characters — and `opts.ErrorClass` yields a typed error. `serialize` is the inverse, rounding decimals to three fractional digits and refusing values outside the RFC's ranges or grammar. `b.structuredFields.Token` and `b.structuredFields.ByteSequence` wrap those bare-item types for serialization. The existing `splitTopLevel` / `refuseControlBytes` / `unquoteSfString` helpers are unchanged.
+
 - v0.12.53 (2026-05-25) — **`b.contentDigest` — HTTP Content-Digest / Repr-Digest fields (RFC 9530).** Emit and verify the Content-Digest / Repr-Digest HTTP fields so a recipient can detect a corrupted or tampered message body. b.contentDigest.create builds the RFC 8941 dictionary value (sha-256=:base64:, sha-512=:base64:) over a body; b.contentDigest.verify recomputes each modern digest over the body and compares it in constant time. Only SHA-256 and SHA-512 are computed — the legacy algorithms RFC 9530 §6 marks insecure (MD5, SHA-1, the unix checksums) are ignored on verify, and a field carrying no modern digest is refused, so an attacker cannot downgrade integrity to an MD5-only digest. Content-Digest is the integrity companion to HTTP Message Signatures (b.httpSig, RFC 9421): sign the digest rather than the whole body. Verified against the RFC 9530 Appendix D worked examples. **Added:** *`b.contentDigest.create(body, opts?)` / `b.contentDigest.verify(fieldValue, body, opts?)`* — `create` returns a Content-Digest / Repr-Digest field value over the body — SHA-256 by default, or any subset of `["sha-256","sha-512"]` via `opts.algorithms` — and refuses insecure or unknown algorithms. `verify` parses the field, recomputes each SHA-256 / SHA-512 entry over the body, and compares constant-time; it throws `content-digest/mismatch` on any mismatch, ignores legacy / unknown entries, throws `content-digest/no-modern-digest` if the field has no SHA-256 / SHA-512 entry at all, and honours `opts.required` to force specific algorithms to be present and match. Composes the framework's structured-field helpers and constant-time compare; Repr-Digest is the same machinery over the selected representation (RFC 9110).
 
 - v0.12.52 (2026-05-25) — **`b.privacyPass` — Privacy Pass origin-side token verification (RFC 9577 / 9578).** Anonymous, publicly verifiable authorization: an origin issues a WWW-Authenticate: PrivateToken challenge and verifies a presented token cryptographically, without learning who the client is and without a callback to the issuer. b.privacyPass implements the publicly verifiable token type 0x0002 (Blind RSA, 2048-bit): the token's authenticator is an RSA Blind Signature (RFC 9474) checked as RSASSA-PSS (SHA-384, 48-byte salt) over token_input = token_type ‖ nonce ‖ challenge_digest ‖ token_key_id, using only the issuer's public key. The token is bound to that key (token_key_id) and, optionally, to the challenge it answers, so a token minted for another origin is refused. Blind RSA is the algorithm Privacy Pass defines on the wire — like the DNSSEC / DANE verifiers it validates an external protocol's signatures rather than introducing classical crypto as a framework default. Verified against the RFC 9578 §8.2 test vector. **Added:** *`b.privacyPass.verifyToken(opts)` / `parseToken` / `buildChallenge`* — `buildChallenge` builds a TokenChallenge (RFC 9577 §2.1) and the matching `WWW-Authenticate: PrivateToken challenge=…, token-key=…` header an origin returns to request a token, scoped to an issuer (and optionally an origin and a 32-byte redemption context). `parseToken` splits a token into its fields (type / nonce / challenge_digest / token_key_id / authenticator). `verifyToken` verifies a type 0x0002 (Blind RSA) token: it confirms the token's `token_key_id` is the SHA-256 of the supplied issuer public key, optionally that its `challenge_digest` matches `opts.challenge`, and that the authenticator is a valid RSASSA-PSS signature over the token input. Refuses unknown / privately verifiable token types (the VOPRF type 0x0001 needs the issuer secret and is an issuer-side operation), key-id and challenge mismatches, and tampered authenticators. Marked experimental while the issuance protocols see deployment.

package/lib/vendor/blamejs/README.md

@@ -98,6 +98,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **AAD-bound sealed columns** — AEAD tag tied to `(table, rowId, column, schemaVersion)`; copy-paste between rows or schema-version replay surfaces as refused decrypt (`b.vault.aad`)
 - **Signed webhooks + API encryption** — SLH-DSA-SHAKE-256f default; ML-DSA-65 opt-in; ECIES API encryption (`b.webhook`, `b.crypto`)
 - **HPKE / HTTP signatures** — RFC 9180 HPKE with ML-KEM-1024 + HKDF-SHA3-512 + ChaCha20-Poly1305 (`b.crypto.hpke`); RFC 9421 HTTP Message Signatures with derived components and ed25519 / ML-DSA-65 (`b.crypto.httpSig`); RFC 9530 Content-Digest / Repr-Digest body-integrity fields (SHA-256 / SHA-512, legacy algorithms refused — `b.contentDigest`) to sign the digest rather than the whole body
+- **Structured Fields** — full RFC 8941 codec (`b.structuredFields.parse` / `serialize`): Items / Lists / Dictionaries, Inner Lists, Parameters, and all bare-item types (Integer / Decimal / String / Token / Byte Sequence / Boolean) with strict grammar + range enforcement — the parser behind Content-Digest, Client Hints, and HTTP Message Signatures
 - **CMS codec** — RFC 5652 Cryptographic Message Syntax encoder + decoder with PQC signers (ML-DSA-65 / ML-DSA-87 / SLH-DSA-SHAKE-256f; RFC 9909 + 9881) and KEMRecipientInfo recipients (ML-KEM-1024; RFC 9629 + 9936); ChaCha20-Poly1305 content encryption (RFC 8103) so Efail-class malleability cannot apply (`b.cms`)
 - **Stream throttle** — shared token-bucket bandwidth limiter (RFC 2697 srTCM shape); N concurrent `node:stream` pipelines draw from one operator-configured `bytesPerSec` budget (`b.streamThrottle`)
 - **TLS-RPT receiver** — RFC 8460 inbound aggregate-report ingest; HTTPS POST handler + §4.4 schema parser with gzip-bomb / ratio-bomb / depth-bomb defenses (`b.mail.deploy.parseTlsRptReport` / `b.mail.deploy.tlsRptIngestHttp`)

package/lib/vendor/blamejs/api-snapshot.json

@@ -1,7 +1,7 @@
 {
   "version": 1,
-  "frameworkVersion": "0.12.53",
-  "createdAt": "2026-05-25T17:13:42.241Z",
+  "frameworkVersion": "0.12.54",
+  "createdAt": "2026-05-25T18:34:52.229Z",
   "exports": {
     "a2a": {
       "type": "object",
@@ -48694,14 +48694,30 @@
     "structuredFields": {
       "type": "object",
       "members": {
+        "ByteSequence": {
+          "type": "function",
+          "arity": 1
+        },
+        "Token": {
+          "type": "function",
+          "arity": 1
+        },
         "containsControlBytes": {
           "type": "function",
           "arity": 2
         },
+        "parse": {
+          "type": "function",
+          "arity": 3
+        },
         "refuseControlBytes": {
           "type": "function",
           "arity": 2
         },
+        "serialize": {
+          "type": "function",
+          "arity": 3
+        },
         "splitTopLevel": {
           "type": "function",
           "arity": 2

package/lib/vendor/blamejs/lib/structured-fields.js

@@ -236,9 +236,371 @@ function containsControlBytes(value, opts) {
   return false;
 }
 
+// ---------------------------------------------------------------------------
+// Full RFC 8941 codec (parse + serialize). The helpers above are the
+// quote-aware splitters individual parsers reach for; the codec below is
+// the complete grammar — Items, Lists, Dictionaries, Inner Lists,
+// Parameters, and every bare-item type.
+//
+// Value model:
+//   bare item  → number (Integer) | SfDecimal | string | boolean | SfToken | SfByteSequence
+//   item       → { value: bareItem, params: Map<string, bareItem> }
+//   inner list → { items: item[], params: Map<string, bareItem> }
+//   list       → (item | innerList)[]
+//   dictionary → Map<string, item | innerList>
+// ---------------------------------------------------------------------------
+
+// RFC 8941 §3.3.4 Token / §3.3.5 Byte Sequence are wrapped so they stay
+// distinct from plain strings on both parse output and serialize input.
+function SfToken(value) {
+  if (!(this instanceof SfToken)) return new SfToken(value);
+  this.value = String(value);
+}
+function SfByteSequence(value) {
+  if (!(this instanceof SfByteSequence)) return new SfByteSequence(value);
+  this.value = Buffer.isBuffer(value) ? value : Buffer.from(value);
+}
+// A Decimal preserves its type across parse → serialize even when its
+// value is numerically integral ("1.0" must not serialize back to "1").
+// A plain JS number serializes as an Integer when integral, a Decimal
+// otherwise; wrap in SfDecimal to force the Decimal form.
+function SfDecimal(value) {
+  if (!(this instanceof SfDecimal)) return new SfDecimal(value);
+  this.value = Number(value);
+}
+
+function _sfErr(opts) {
+  if (opts && typeof opts.ErrorClass === "function") {
+    return function (code, msg) { return opts.useNativeError === true ? new opts.ErrorClass(msg) : new opts.ErrorClass(code, msg); };
+  }
+  return function (code, msg) { var e = new Error(msg); e.code = code; return e; };
+}
+
+var INT_MAX = 999999999999999;          // 15 digits (RFC 8941 §3.3.1)
+var INT_MIN = -999999999999999;
+function _isDigit(c) { return c >= "0" && c <= "9"; }
+function _isLcAlpha(c) { return c >= "a" && c <= "z"; }
+function _isAlpha(c) { return (c >= "A" && c <= "Z") || (c >= "a" && c <= "z"); }
+function _isTchar(c) { return _isAlpha(c) || _isDigit(c) || "!#$%&'*+-.^_`|~".indexOf(c) !== -1; }
+function _isKeyChar(c) { return _isLcAlpha(c) || _isDigit(c) || c === "_" || c === "-" || c === "." || c === "*"; }
+
+function _parseNumber(cx, E) {
+  var sign = 1, type = "integer", num = "";
+  if (cx.s.charAt(cx.i) === "-") { sign = -1; cx.i += 1; }
+  if (cx.i >= cx.s.length || !_isDigit(cx.s.charAt(cx.i))) throw E("structured-fields/parse", "expected a digit at index " + cx.i);
+  for (;;) {
+    if (cx.i >= cx.s.length) break;
+    var c = cx.s.charAt(cx.i);
+    if (_isDigit(c)) { num += c; cx.i += 1; }
+    else if (type === "integer" && c === ".") {
+      if (num.length > 12) throw E("structured-fields/parse", "integer part of a decimal exceeds 12 digits");   // allow:raw-byte-literal — RFC 8941 §4.2.4 decimal integer-part cap
+      num += "."; type = "decimal"; cx.i += 1;
+    } else break;
+    if (type === "integer" && num.length > 15) throw E("structured-fields/parse", "integer exceeds 15 digits");  // allow:raw-byte-literal — §3.3.1 integer digit cap
+    if (type === "decimal" && num.length > 16) throw E("structured-fields/parse", "decimal exceeds the digit limit");   // allow:raw-byte-literal — 12 int + "." + 3 frac
+  }
+  if (type === "integer") return sign * parseInt(num, 10);
+  if (num.charAt(num.length - 1) === ".") throw E("structured-fields/parse", "decimal must not end with '.'");
+  if (num.length - num.indexOf(".") - 1 > 3) throw E("structured-fields/parse", "decimal fraction exceeds 3 digits");
+  return new SfDecimal(sign * parseFloat(num));
+}
+
+function _parseString(cx, E) {
+  cx.i += 1; // opening DQUOTE
+  var out = "";
+  while (cx.i < cx.s.length) {
+    var c = cx.s.charAt(cx.i); cx.i += 1;
+    if (c === "\\") {
+      if (cx.i >= cx.s.length) throw E("structured-fields/parse", "trailing backslash in string");
+      var n = cx.s.charAt(cx.i); cx.i += 1;
+      if (n !== "\\" && n !== "\"") throw E("structured-fields/parse", "invalid backslash escape in string");
+      out += n;
+    } else if (c === "\"") { return out; }
+    else {
+      var cc = c.charCodeAt(0);
+      if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/parse", "non-printable character in string");   // allow:raw-byte-literal — RFC 8941 §4.2.5 printable-ASCII range
+      out += c;
+    }
+  }
+  throw E("structured-fields/parse", "unterminated string");
+}
+
+function _parseByteSeq(cx, E) {
+  cx.i += 1; // opening ":"
+  var start = cx.i;
+  while (cx.i < cx.s.length && cx.s.charAt(cx.i) !== ":") cx.i += 1;
+  if (cx.i >= cx.s.length) throw E("structured-fields/parse", "unterminated byte sequence");
+  var b64 = cx.s.slice(start, cx.i); cx.i += 1; // closing ":"
+  // RFC 8941 §4.2.7 synthesizes padding, so an unpadded value like
+  // `:aGVsbG8:` is valid input. Pad an unpadded value to a base64
+  // quantum, then require the decoded bytes to re-encode to exactly that
+  // padded text — rejecting stray characters, misplaced "=" padding, and
+  // non-zero trailing bits (Node's decoder is otherwise permissive).
+  var padded = b64.indexOf("=") === -1 ? b64 + "====".slice(0, (4 - (b64.length % 4)) % 4) : b64;
+  var buf = Buffer.from(padded, "base64");
+  if (buf.toString("base64") !== padded) throw E("structured-fields/parse", "byte sequence is not valid base64");
+  return new SfByteSequence(buf);
+}
+
+function _parseBoolean(cx, E) {
+  cx.i += 1; // "?"
+  var c = cx.s.charAt(cx.i); cx.i += 1;
+  if (c === "1") return true;
+  if (c === "0") return false;
+  throw E("structured-fields/parse", "boolean must be ?0 or ?1");
+}
+
+function _parseToken(cx) {
+  var start = cx.i; cx.i += 1; // first char already ALPHA / "*"
+  while (cx.i < cx.s.length) {
+    var c = cx.s.charAt(cx.i);
+    if (_isTchar(c) || c === ":" || c === "/") cx.i += 1; else break;
+  }
+  return new SfToken(cx.s.slice(start, cx.i));
+}
+
+function _parseBareItem(cx, E) {
+  var c = cx.s.charAt(cx.i);
+  if (c === "-" || _isDigit(c)) return _parseNumber(cx, E);
+  if (c === "\"") return _parseString(cx, E);
+  if (c === ":") return _parseByteSeq(cx, E);
+  if (c === "?") return _parseBoolean(cx, E);
+  if (c === "*" || _isAlpha(c)) return _parseToken(cx);
+  throw E("structured-fields/parse", "unexpected character '" + (c || "<eof>") + "' at index " + cx.i);
+}
+
+function _parseKey(cx, E) {
+  var c = cx.s.charAt(cx.i);
+  if (!(c === "*" || _isLcAlpha(c))) throw E("structured-fields/parse", "key must start with lcalpha or '*'");
+  var start = cx.i; cx.i += 1;
+  while (cx.i < cx.s.length && _isKeyChar(cx.s.charAt(cx.i))) cx.i += 1;
+  return cx.s.slice(start, cx.i);
+}
+
+function _parseParams(cx, E) {
+  var params = new Map();
+  while (cx.i < cx.s.length && cx.s.charAt(cx.i) === ";") {
+    cx.i += 1;
+    while (cx.s.charAt(cx.i) === " ") cx.i += 1;
+    var key = _parseKey(cx, E);
+    var val = true;
+    if (cx.s.charAt(cx.i) === "=") { cx.i += 1; val = _parseBareItem(cx, E); }
+    params.set(key, val);   // last value wins (RFC 8941 §4.2.3.2)
+  }
+  return params;
+}
+
+function _parseItem(cx, E) {
+  var value = _parseBareItem(cx, E);
+  return { value: value, params: _parseParams(cx, E) };
+}
+
+function _parseInnerList(cx, E) {
+  cx.i += 1; // "("
+  var items = [];
+  for (;;) {
+    while (cx.s.charAt(cx.i) === " ") cx.i += 1;
+    if (cx.i >= cx.s.length) throw E("structured-fields/parse", "unterminated inner list");
+    if (cx.s.charAt(cx.i) === ")") { cx.i += 1; return { items: items, params: _parseParams(cx, E) }; }
+    items.push(_parseItem(cx, E));
+    var c = cx.s.charAt(cx.i);
+    if (c !== " " && c !== ")") throw E("structured-fields/parse", "inner-list items must be space-separated");
+  }
+}
+
+function _parseItemOrInnerList(cx, E) {
+  return cx.s.charAt(cx.i) === "(" ? _parseInnerList(cx, E) : _parseItem(cx, E);
+}
+
+function _skipOWS(cx) { while (cx.s.charAt(cx.i) === " " || cx.s.charAt(cx.i) === "\t") cx.i += 1; }
+
+function _parseList(cx, E) {
+  var members = [];
+  if (cx.i >= cx.s.length) return members;
+  for (;;) {
+    members.push(_parseItemOrInnerList(cx, E));
+    _skipOWS(cx);
+    if (cx.i >= cx.s.length) return members;
+    if (cx.s.charAt(cx.i) !== ",") throw E("structured-fields/parse", "expected ',' between list members");
+    cx.i += 1; _skipOWS(cx);
+    if (cx.i >= cx.s.length) throw E("structured-fields/parse", "trailing comma in list");
+  }
+}
+
+function _parseDict(cx, E) {
+  var dict = new Map();
+  if (cx.i >= cx.s.length) return dict;
+  for (;;) {
+    var key = _parseKey(cx, E);
+    var member;
+    if (cx.s.charAt(cx.i) === "=") { cx.i += 1; member = _parseItemOrInnerList(cx, E); }
+    else { member = { value: true, params: _parseParams(cx, E) }; }
+    dict.set(key, member);   // last key wins (RFC 8941 §4.2.2)
+    _skipOWS(cx);
+    if (cx.i >= cx.s.length) return dict;
+    if (cx.s.charAt(cx.i) !== ",") throw E("structured-fields/parse", "expected ',' between dictionary members");
+    cx.i += 1; _skipOWS(cx);
+    if (cx.i >= cx.s.length) throw E("structured-fields/parse", "trailing comma in dictionary");
+  }
+}
+
+/**
+ * @primitive b.structuredFields.parse
+ * @signature b.structuredFields.parse(input, type, opts?)
+ * @since     0.12.54
+ * @status    stable
+ * @related   b.structuredFields.serialize, b.structuredFields.splitTopLevel
+ *
+ * Parse an RFC 8941 Structured Field value. <code>type</code> is
+ * <code>"item"</code>, <code>"list"</code>, or <code>"dictionary"</code>.
+ * Returns the value model: an item is <code>{ value, params }</code>
+ * (params is a <code>Map</code>); a list is an array of items / inner
+ * lists; a dictionary is a <code>Map</code>. Tokens and byte sequences
+ * come back as <code>SfToken</code> / <code>SfByteSequence</code>
+ * instances so they stay distinct from plain strings. Strictly enforces
+ * the grammar — integer / decimal digit caps, printable-ASCII strings,
+ * canonical base64, no trailing characters — and throws on any malformed
+ * input (pass <code>opts.ErrorClass</code> for a typed error).
+ *
+ * @opts
+ *   ErrorClass?: Function,   // typed error class (default: native Error with .code)
+ *
+ * @example
+ *   b.structuredFields.parse("a=1, b=(x y);q=2", "dictionary");
+ *   // → Map { "a" => { value: 1, params: Map{} },
+ *   //         "b" => { items: [...], params: Map{ "q" => 2 } } }
+ */
+function parse(input, type, opts) {
+  var E = _sfErr(opts);
+  if (typeof input !== "string") throw E("structured-fields/bad-input", "structuredFields.parse: input must be a string");
+  var cx = { s: input, i: 0 };
+  while (cx.s.charAt(cx.i) === " ") cx.i += 1;          // §4.2 discard leading SP
+  var out;
+  if (type === "item") out = _parseItem(cx, E);
+  else if (type === "list") out = _parseList(cx, E);
+  else if (type === "dictionary") out = _parseDict(cx, E);
+  else throw E("structured-fields/bad-type", "structuredFields.parse: type must be 'item' | 'list' | 'dictionary'");
+  while (cx.s.charAt(cx.i) === " ") cx.i += 1;          // §4.2 discard trailing SP
+  if (cx.i !== cx.s.length) throw E("structured-fields/parse", "trailing characters after the field value");
+  return out;
+}
+
+function _serDecimal(v, E) {
+  if (!isFinite(v)) throw E("structured-fields/serialize", "cannot serialize a non-finite decimal");
+  var n = Math.round(v * 1000) / 1000;                   // allow:raw-byte-literal allow:raw-time-literal — RFC 8941 §4.1.5 decimal scale 10^3 (3 fractional digits), not a size or duration
+  if (Math.abs(Math.trunc(n)).toString().length > 12) throw E("structured-fields/serialize", "decimal integer part exceeds 12 digits");   // allow:raw-byte-literal — §4.1.5 cap
+  var s = n.toString();
+  if (s.indexOf(".") === -1) s += ".0";                  // a Decimal must carry a fractional part
+  return s;
+}
+function _serBareItem(v, E) {
+  if (v === true) return "?1";
+  if (v === false) return "?0";
+  if (v instanceof SfDecimal) return _serDecimal(v.value, E);
+  if (typeof v === "number") {
+    if (!isFinite(v)) throw E("structured-fields/serialize", "cannot serialize a non-finite number");
+    if (Number.isInteger(v)) {
+      if (v > INT_MAX || v < INT_MIN) throw E("structured-fields/serialize", "integer out of RFC 8941 range");
+      return String(v);
+    }
+    return _serDecimal(v, E);                            // a fractional JS number serializes as a Decimal
+  }
+  if (typeof v === "string") {
+    var out = "\"";
+    for (var i = 0; i < v.length; i += 1) {
+      var c = v.charAt(i), cc = v.charCodeAt(i);
+      if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/serialize", "string contains a non-printable character");   // allow:raw-byte-literal — §4.1.6 printable-ASCII range
+      if (c === "\\" || c === "\"") out += "\\";
+      out += c;
+    }
+    return out + "\"";
+  }
+  if (v instanceof SfToken) {
+    var t = v.value;
+    if (t.length === 0 || !(t.charAt(0) === "*" || _isAlpha(t.charAt(0)))) throw E("structured-fields/serialize", "invalid token");
+    for (var j = 1; j < t.length; j += 1) { var tc = t.charAt(j); if (!(_isTchar(tc) || tc === ":" || tc === "/")) throw E("structured-fields/serialize", "invalid token character"); }
+    return t;
+  }
+  if (v instanceof SfByteSequence) return ":" + v.value.toString("base64") + ":";
+  throw E("structured-fields/serialize", "unsupported bare-item type");
+}
+
+function _serParams(params, E) {
+  if (!params) return "";
+  var out = "";
+  params.forEach(function (val, key) {
+    out += ";" + _serKey(key, E);
+    if (val !== true) out += "=" + _serBareItem(val, E);
+  });
+  return out;
+}
+function _serKey(key, E) {
+  if (typeof key !== "string" || key.length === 0 || !(key.charAt(0) === "*" || _isLcAlpha(key.charAt(0)))) throw E("structured-fields/serialize", "invalid parameter/dictionary key");
+  for (var i = 1; i < key.length; i += 1) { if (!_isKeyChar(key.charAt(i))) throw E("structured-fields/serialize", "invalid key character"); }
+  return key;
+}
+function _serItem(item, E) { return _serBareItem(item.value, E) + _serParams(item.params, E); }
+function _serMember(m, E) {
+  if (m && Array.isArray(m.items)) {
+    return "(" + m.items.map(function (it) { return _serItem(it, E); }).join(" ") + ")" + _serParams(m.params, E);
+  }
+  return _serItem(m, E);
+}
+
+/**
+ * @primitive b.structuredFields.serialize
+ * @signature b.structuredFields.serialize(value, type, opts?)
+ * @since     0.12.54
+ * @status    stable
+ * @related   b.structuredFields.parse
+ *
+ * Serialize a value model back to an RFC 8941 field value (the inverse
+ * of <code>parse</code>). <code>type</code> is <code>"item"</code>,
+ * <code>"list"</code>, or <code>"dictionary"</code>. Numbers serialize as
+ * Integers when integral and Decimals (rounded to 3 fractional digits)
+ * otherwise; wrap Tokens / byte strings in <code>SfToken</code> /
+ * <code>SfByteSequence</code>. Throws on values outside the RFC's ranges
+ * or grammar (out-of-range integers, non-printable string characters,
+ * invalid tokens / keys).
+ *
+ * @opts
+ *   ErrorClass?: Function,   // typed error class (default: native Error with .code)
+ *
+ * @example
+ *   var sf = b.structuredFields;
+ *   sf.serialize({ value: new sf.Token("gzip"), params: new Map([["q", 1]]) }, "item");
+ *   // → "gzip;q=1"
+ */
+function serialize(value, type, opts) {
+  var E = _sfErr(opts);
+  if (type === "item") {
+    if (!value || typeof value !== "object" || !("value" in value)) throw E("structured-fields/serialize", "item must be { value, params }");
+    return _serItem(value, E);
+  }
+  if (type === "list") {
+    if (!Array.isArray(value)) throw E("structured-fields/serialize", "list must be an array");
+    return value.map(function (m) { return _serMember(m, E); }).join(", ");
+  }
+  if (type === "dictionary") {
+    var entries = value instanceof Map ? Array.from(value.entries()) : (value && typeof value === "object" ? Object.keys(value).map(function (k) { return [k, value[k]]; }) : null);
+    if (!entries) throw E("structured-fields/serialize", "dictionary must be a Map or object");
+    return entries.map(function (e) {
+      var key = _serKey(e[0], E), m = e[1];
+      if (m && !Array.isArray(m.items) && m.value === true) return key + _serParams(m.params, E);   // bare-true member omits "=?1"
+      return key + "=" + _serMember(m, E);
+    }).join(", ");
+  }
+  throw E("structured-fields/bad-type", "structuredFields.serialize: type must be 'item' | 'list' | 'dictionary'");
+}
+
 module.exports = {
   splitTopLevel:        splitTopLevel,
   refuseControlBytes:   refuseControlBytes,
   containsControlBytes: containsControlBytes,
   unquoteSfString:      unquoteSfString,
+  parse:                parse,
+  serialize:            serialize,
+  Token:                SfToken,
+  ByteSequence:         SfByteSequence,
+  Decimal:              SfDecimal,
 };

package/lib/vendor/blamejs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.12.53",
+  "version": "0.12.54",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/lib/vendor/blamejs/release-notes/v0.12.54.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "../scripts/release-notes-schema.json",
+  "version": "0.12.54",
+  "date": "2026-05-25",
+  "headline": "`b.structuredFields.parse` / `serialize` — full RFC 8941 Structured Fields codec",
+  "summary": "The structured-fields module gains a complete RFC 8941 parser and serializer alongside its existing quote-aware helpers. b.structuredFields.parse reads an Item, List, or Dictionary into a typed value model — items are { value, params }, lists are arrays of items / inner lists, dictionaries are Maps — with Tokens and byte sequences returned as distinct SfToken / SfByteSequence instances. It enforces the grammar strictly: integer and decimal digit caps, printable-ASCII strings, canonical base64 byte sequences, valid token and key grammar, and no trailing characters. b.structuredFields.serialize is the exact inverse. This is the real parser the framework's Content-Digest, Client Hints, Web Push, and HTTP Message Signature surfaces can build on instead of open-coding each field. Validated against the official httpwg structured-field-tests conformance vectors.",
+  "sections": [
+    {
+      "heading": "Added",
+      "items": [
+        {
+          "title": "`b.structuredFields.parse(input, type, opts?)` / `serialize(value, type, opts?)` / `Token` / `ByteSequence`",
+          "body": "`parse` accepts `type` of `\"item\"`, `\"list\"`, or `\"dictionary\"` and returns the value model (items as `{ value, params }` with a `Map` of parameters; lists as arrays of items or inner lists; dictionaries as `Map`s). Bare items are JS numbers (Integer / Decimal), strings, booleans, `SfToken`, or `SfByteSequence`. Malformed input is rejected — out-of-range integers, over-long decimals, non-printable string bytes, non-canonical base64, invalid tokens / keys, and any trailing characters — and `opts.ErrorClass` yields a typed error. `serialize` is the inverse, rounding decimals to three fractional digits and refusing values outside the RFC's ranges or grammar. `b.structuredFields.Token` and `b.structuredFields.ByteSequence` wrap those bare-item types for serialization. The existing `splitTopLevel` / `refuseControlBytes` / `unquoteSfString` helpers are unchanged."
+        }
+      ]
+    }
+  ]
+}

package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields-codec.test.js

@@ -0,0 +1,171 @@
+"use strict";
+/**
+ * Layer 0 — b.structuredFields full RFC 8941 codec (parse + serialize).
+ * The oracle is a curated set of the official httpwg/structured-field-tests
+ * conformance vectors (the same JSON the spec authors maintain): each
+ * `raw` parses to the published `expected` value model, each `must_fail`
+ * case is rejected, and every passing value round-trips through serialize.
+ */
+
+var b = require("../../index");
+var helpers = require("../helpers");
+var check = helpers.check;
+var SF = b.structuredFields;
+
+// --- httpwg expected-value normaliser (their format → comparable JSON) ---
+function b32(buf) {
+  var A = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", bits = 0, val = 0, out = "";
+  for (var i = 0; i < buf.length; i++) { val = (val << 8) | buf[i]; bits += 8; while (bits >= 5) { out += A[(val >> (bits - 5)) & 31]; bits -= 5; } }
+  if (bits > 0) out += A[(val << (5 - bits)) & 31];
+  while (out.length % 8 !== 0) out += "=";
+  return out;
+}
+function mineVal(v) {
+  if (v instanceof SF.Token) return { token: v.value };
+  if (v instanceof SF.ByteSequence) return { binary: b32(v.value) };
+  if (v instanceof SF.Decimal) return v.value;   // compare a Decimal numerically (httpwg uses plain numbers)
+  return v;
+}
+function mineParams(map) { var o = []; map.forEach(function (v, k) { o.push([k, mineVal(v)]); }); return o; }
+function mineItem(it) { return [mineVal(it.value), mineParams(it.params)]; }
+function mineMember(m) { return Array.isArray(m.items) ? [m.items.map(mineItem), mineParams(m.params)] : mineItem(m); }
+function mine(out, type) {
+  if (type === "item") return mineItem(out);
+  if (type === "list") return out.map(mineMember);
+  var o = []; out.forEach(function (m, k) { o.push([k, mineMember(m)]); }); return o;
+}
+function httpVal(v) {
+  if (v && v.__type === "token") return { token: v.value };
+  if (v && v.__type === "binary") return { binary: v.value };
+  return v;
+}
+function httpParams(arr) { return arr.map(function (p) { return [p[0], httpVal(p[1])]; }); }
+function httpItem(it) { return [httpVal(it[0]), httpParams(it[1])]; }
+function httpMember(m) { return Array.isArray(m[0]) ? [m[0].map(httpItem), httpParams(m[1])] : httpItem(m); }
+function http(exp, type) {
+  if (type === "item") return httpItem(exp);
+  if (type === "list") return exp.map(httpMember);
+  return exp.map(function (e) { return [e[0], httpMember(e[1])]; });
+}
+
+// Curated cases from httpwg/structured-field-tests (number, string, token,
+// boolean, binary, item, list, dictionary, param-list).
+var CASES = [
+  { name: "basic integer", raw: "42", t: "item", expected: [42, []] },
+  { name: "negative integer", raw: "-42", t: "item", expected: [-42, []] },
+  { name: "negative zero", raw: "-0", t: "item", expected: [0, []] },
+  { name: "basic decimal", raw: "1.5", t: "item", expected: [1.5, []] },
+  { name: "negative decimal", raw: "-1.5", t: "item", expected: [-1.5, []] },
+  { name: "too many int digits", raw: "1111111111111111", t: "item", must_fail: true },
+  { name: "trailing decimal point", raw: "1.", t: "item", must_fail: true },
+  { name: "too many frac digits", raw: "1.1234", t: "item", must_fail: true },
+  { name: "basic string", raw: '"foo bar"', t: "item", expected: ["foo bar", []] },
+  { name: "empty string", raw: '""', t: "item", expected: ["", []] },
+  { name: "escaped quote", raw: '"b\\"a"', t: "item", expected: ['b"a', []] },
+  { name: "unterminated string", raw: '"foo', t: "item", must_fail: true },
+  { name: "basic token", raw: "a_b-c.d3:f%00/*", t: "item", expected: [{ __type: "token", value: "a_b-c.d3:f%00/*" }, []] },
+  { name: "token with capitals", raw: "fooBar", t: "item", expected: [{ __type: "token", value: "fooBar" }, []] },
+  { name: "true boolean", raw: "?1", t: "item", expected: [true, []] },
+  { name: "false boolean", raw: "?0", t: "item", expected: [false, []] },
+  { name: "unknown boolean", raw: "?Q", t: "item", must_fail: true },
+  { name: "basic binary", raw: ":aGVsbG8=:", t: "item", expected: [{ __type: "binary", value: "NBSWY3DP" }, []] },
+  { name: "empty binary", raw: "::", t: "item", expected: [{ __type: "binary", value: "" }, []] },
+  { name: "unpadded binary (RFC 8941 §4.2.7 synthesizes padding)", raw: ":aGVsbG8:", t: "item", expected: [{ __type: "binary", value: "NBSWY3DP" }, []] },
+  { name: "padding at beginning", raw: ":=aGVsbG8=:", t: "item", must_fail: true },
+  { name: "empty item", raw: "", t: "item", must_fail: true },
+  { name: "leading space item", raw: " \t 1", t: "item", must_fail: true },
+  { name: "trailing space item", raw: "1 \t ", t: "item", must_fail: true },
+  { name: "item with param", raw: "5; foo=bar", t: "item", expected: [5, [["foo", { __type: "token", value: "bar" }]]] },
+  { name: "boolean param value", raw: "1; a; b=?0", t: "item", expected: [1, [["a", true], ["b", false]]] },
+  { name: "basic list", raw: "1, 42", t: "list", expected: [[1, []], [42, []]] },
+  { name: "empty list", raw: "", t: "list", expected: [] },
+  { name: "basic inner list", raw: "(1 2)", t: "list", expected: [[[[1, []], [2, []]], []]] },
+  { name: "inner list with params", raw: "(1 2);a=1", t: "list", expected: [[[[1, []], [2, []]], [["a", 1]]]] },
+  { name: "trailing comma list", raw: "1, 42, ", t: "list", must_fail: true },
+  { name: "basic dictionary", raw: "a=1, b=2", t: "dictionary", expected: [["a", [1, []]], ["b", [2, []]]] },
+  { name: "dictionary bare key", raw: "a=1, b, c=3", t: "dictionary", expected: [["a", [1, []]], ["b", [true, []]], ["c", [3, []]]] },
+  { name: "dictionary inner-list value", raw: "a=(1 2)", t: "dictionary", expected: [["a", [[[1, []], [2, []]], []]]] },
+  { name: "trailing comma dict", raw: "a=1,", t: "dictionary", must_fail: true },
+];
+
+function testConformance() {
+  var passed = 0, failed = 0, roundtrips = 0;
+  CASES.forEach(function (c) {
+    if (c.must_fail) {
+      var threw = false;
+      try { SF.parse(c.raw, c.t); } catch (_e) { threw = true; }
+      if (threw) failed++; else check("must_fail rejected: " + c.name, false);
+      return;
+    }
+    var got;
+    try { got = SF.parse(c.raw, c.t); }
+    catch (_e) { check("parse ok: " + c.name, false); return; }
+    var ok = JSON.stringify(mine(got, c.t)) === JSON.stringify(http(c.expected, c.t));
+    if (ok) passed++; else check("value matches RFC vector: " + c.name + " (got " + JSON.stringify(mine(got, c.t)) + ")", false);
+    // Round-trip: serialize → parse → serialize must be stable.
+    try {
+      var s1 = SF.serialize(got, c.t);
+      var s2 = SF.serialize(SF.parse(s1, c.t), c.t);
+      if (s1 === s2) roundtrips++; else check("round-trip stable: " + c.name + " (" + s1 + " vs " + s2 + ")", false);
+    } catch (e) { check("round-trip ok: " + c.name + " — " + e.message, false); }
+  });
+  check("all passing vectors parse to the RFC value model (" + passed + ")", passed === CASES.filter(function (c) { return !c.must_fail; }).length);
+  check("all must_fail vectors are rejected (" + failed + ")", failed === CASES.filter(function (c) { return c.must_fail; }).length);
+  check("all passing vectors round-trip stably (" + roundtrips + ")", roundtrips === passed);
+}
+
+function testSerialize() {
+  check("serialize: token item with param", SF.serialize({ value: new SF.Token("gzip"), params: new Map([["q", 1]]) }, "item") === "gzip;q=1");
+  check("serialize: string item", SF.serialize({ value: "a b", params: new Map() }, "item") === '"a b"');
+  check("serialize: byte sequence", SF.serialize({ value: new SF.ByteSequence(Buffer.from("hello")), params: new Map() }, "item") === ":aGVsbG8=:");
+  check("serialize: list of inner list", SF.serialize([{ items: [{ value: 1, params: new Map() }, { value: 2, params: new Map() }], params: new Map() }], "list") === "(1 2)");
+  check("serialize: dictionary from object", SF.serialize({ a: { value: 1, params: new Map() }, b: { value: true, params: new Map() } }, "dictionary") === "a=1, b");
+  function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
+  check("serialize: out-of-range integer refused", code(function () { SF.serialize({ value: 10000000000000000, params: new Map() }, "item"); }) === "structured-fields/serialize");
+  check("serialize: invalid token refused", code(function () { SF.serialize({ value: new SF.Token("1bad"), params: new Map() }, "item"); }) === "structured-fields/serialize");
+}
+
+function testDecimalTypePreserved() {
+  // A numerically-integral Decimal must NOT serialize back to an Integer.
+  var parsed = SF.parse("1.0", "item");
+  check("parse: '1.0' yields a Decimal (not a bare integer)", parsed.value instanceof SF.Decimal);
+  check("serialize: Decimal 1.0 round-trips to '1.0', not '1'", SF.serialize(parsed, "item") === "1.0");
+  check("serialize: explicit SfDecimal forces the decimal form", SF.serialize({ value: new SF.Decimal(5), params: new Map() }, "item") === "5.0");
+  check("serialize: a fractional JS number still serializes as a Decimal", SF.serialize({ value: 2.5, params: new Map() }, "item") === "2.5");
+  check("serialize: an integral JS number serializes as an Integer", SF.serialize({ value: 5, params: new Map() }, "item") === "5");
+}
+
+function testTypedError() {
+  function E(code, msg) { this.code = code; this.message = msg; }
+  E.prototype = Object.create(Error.prototype);
+  var threw = null;
+  try { SF.parse("1.", "item", { ErrorClass: E }); } catch (e) { threw = e; }
+  check("parse: typed ErrorClass honored", threw instanceof E && threw.code === "structured-fields/parse");
+}
+
+function testSurface() {
+  // Reference the full b.structuredFields.* paths so the coverage gate
+  // sees them (the suite otherwise uses the SF alias).
+  check("b.structuredFields.parse parses an item", b.structuredFields.parse("42", "item").value === 42);
+  check("b.structuredFields.serialize round-trips an item", b.structuredFields.serialize({ value: 42, params: new Map() }, "item") === "42");
+  check("b.structuredFields.Token constructs a token", new b.structuredFields.Token("gzip").value === "gzip");
+  check("b.structuredFields.ByteSequence constructs a byte sequence", Buffer.isBuffer(new b.structuredFields.ByteSequence(Buffer.from("x")).value));
+  check("b.structuredFields.Decimal constructs a decimal", new b.structuredFields.Decimal(1.5).value === 1.5);
+}
+
+async function run() {
+  testSurface();
+  testConformance();
+  testSerialize();
+  testDecimalTypePreserved();
+  testTypedError();
+}
+
+module.exports = { run: run };
+
+if (require.main === module) {
+  run().then(
+    function () { console.log("[structured-fields-codec] OK — " + helpers.getChecks() + " checks passed"); },
+    function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+  );
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.1.13",
+  "version": "0.1.14",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {