@blamejs/blamejs-shop 0.1.34 → 0.1.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +2 -0
- package/lib/asset-manifest.json +7 -3
- package/lib/currency-display.js +201 -4
- package/lib/storefront.js +672 -40
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +6 -0
- package/lib/vendor/blamejs/README.md +3 -0
- package/lib/vendor/blamejs/api-snapshot.json +93 -2
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +1 -0
- package/lib/vendor/blamejs/index.js +4 -0
- package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +180 -0
- package/lib/vendor/blamejs/lib/crdt.js +453 -0
- package/lib/vendor/blamejs/lib/crypto-xwing.js +213 -0
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +23 -0
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-aedt-bias-audit.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crdt.test.js +158 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-xwing.test.js +120 -0
- package/package.json +2 -2
package/lib/vendor/MANIFEST.json
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
"_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
|
|
4
4
|
"packages": {
|
|
5
5
|
"blamejs": {
|
|
6
|
-
"version": "0.13.
|
|
7
|
-
"tag": "v0.13.
|
|
6
|
+
"version": "0.13.5",
|
|
7
|
+
"tag": "v0.13.5",
|
|
8
8
|
"license": "Apache-2.0",
|
|
9
9
|
"author": "blamejs contributors",
|
|
10
10
|
"source": "https://github.com/blamejs/blamejs",
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"server": "lib/vendor/blamejs/"
|
|
14
14
|
},
|
|
15
15
|
"bundler": "shallow git clone of release tag from github.com/blamejs/blamejs",
|
|
16
|
-
"bundledAt": "2026-05-
|
|
16
|
+
"bundledAt": "2026-05-27"
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
19
|
}
|
|
@@ -8,6 +8,12 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.13.x
|
|
10
10
|
|
|
11
|
+
- v0.13.5 (2026-05-26) — **`b.ai.aedtBiasAudit` — NYC Local Law 144 bias audit.** b.ai.aedtBiasAudit computes the bias-audit figures New York City Local Law 144 requires before an Automated Employment Decision Tool may screen candidates (NYC Admin. Code §20-870 et seq.; DCWP rules 6 RCNY §5-300). Given the per-category counts an independent auditor collected — selected/total for a pass-fail tool, or scored-above-the-overall-median/total for a continuous-score tool — it returns the selection (or scoring) rate, the impact ratio (each group's rate divided by the most-selected group's rate), and an adverse-impact flag (impact ratio below the EEOC four-fifths threshold of 0.8) for every group, across the sex, race/ethnicity, and intersectional dimensions, plus the most-selected group per dimension and an overall flag. Categories under 2% of the audited data are marked excluded per DCWP discretion. It is a pure calculation that produces exactly the figures the annual published summary must contain — the law mandates the calculation, not any particular remediation. The relevant compliance postures (nyc-ll144, and ca-tfaia for California SB 53) were already in the catalog. **Added:** *`b.ai.aedtBiasAudit` — Local Law 144 selection/scoring rates and four-fifths impact ratios* — `b.ai.aedtBiasAudit({ type, metadata, categories, minCategoryShare? })` where `type` is `"selection"` (group entries `{ selected, total }`) or `"scoring"` (`{ scoredAboveMedian, total }`). Returns per-group rate, impact ratio, and `adverseImpact` flag across the `sex`, `raceEthnicity`, and `intersectional` dimensions, plus the most-selected group per dimension and an `anyAdverseImpact` summary. Categories below `minCategoryShare` (2% default) are excluded from the impact-ratio basis. Throws `AedtBiasAuditError` on malformed input.
|
|
12
|
+
|
|
13
|
+
- v0.13.4 (2026-05-26) — **`b.crdt` — conflict-free replicated data types.** b.crdt adds state-based Conflict-free Replicated Data Types: data structures that independent replicas update without coordination and still converge to the same value once they have exchanged state. Each type's merge is a join over a semilattice — commutative, associative, and idempotent — so replicas can merge in any order, any number of times, and agree, which makes these the substrate for active/active cluster state, offline-first clients that reconcile on reconnect, and eventually-consistent counters, sets, and maps. The release ships the full state-based family: grow-only and positive-negative counters (gCounter / pnCounter), grow-only, two-phase, and observed-remove sets (gSet / twoPSet / orSet), a last-write-wins register (lwwRegister), and an observed-remove map (orMap). Every type exposes the same contract — local mutators, merge(other) that returns a converged instance without mutating either operand, value() for the materialized value, and state() / fromState() for a JSON-serializable form to snapshot via b.archive or b.backup or ship to a peer — and carries a replicaId so per-replica contributions stay distinct. **Added:** *`b.crdt` — state-based CvRDT counters, sets, register, and map* — `b.crdt.gCounter` / `pnCounter` (grow-only and increment/decrement counters), `b.crdt.gSet` / `twoPSet` / `orSet` (grow-only, two-phase, and observed-remove sets — `orSet` supports re-add and resolves a concurrent add-vs-remove as add-wins), `b.crdt.lwwRegister` (last-write-wins with a deterministic replicaId tie-break), and `b.crdt.orMap` (observed-remove keys with last-write-wins values). Each exposes `merge` / `value` / `state` / `fromState` and converges by the CvRDT laws. `orSet` and `orMap` accept `tombstoneRetention` to bound tombstone memory against a remove flood.
|
|
14
|
+
|
|
15
|
+
- v0.13.3 (2026-05-26) — **`b.crypto.xwing` — X-Wing hybrid post-quantum KEM.** b.crypto.xwing adds the X-Wing hybrid key-encapsulation mechanism (draft-connolly-cfrg-xwing-kem): it runs ML-KEM-768 and X25519 side by side and binds their shared secrets with SHA3-256, so an encapsulated key stays secure as long as either ML-KEM-768 or X25519 holds. That is the conservative shape for moving off classical ECDH today — a harvest-now-decrypt-later attacker must break the lattice KEM, and a hypothetical ML-KEM break still leaves X25519 standing. keygen() produces a 32-byte decapsulation seed and a 1216-byte public key; encapsulate(publicKey) returns a 1120-byte ciphertext and a 32-byte shared secret; decapsulate(secretKey, ciphertext) recovers it. The X-Wing combiner is frozen, but its specification is still an IETF Internet-Draft, so this primitive is marked experimental and sits beside the existing pre-RFC post-quantum HPKE drafts; it composes the framework's vendored ML-KEM-768 and X25519 with SHA3 and adds no new cryptographic core. The combiner is known-answer-tested byte-for-byte against the draft's definition. **Added:** *`b.crypto.xwing` — X-Wing hybrid PQ/T KEM (experimental)* — `keygen(seed?)` → `{ publicKey (1216 B), secretKey (32-byte seed) }`; `encapsulate(publicKey, eseed?)` → `{ ciphertext (1120 B), sharedSecret (32 B) }`; `decapsulate(secretKey, ciphertext)` → the 32-byte shared secret. Both `keygen` and `encapsulate` accept an optional seed for deterministic operation. The combiner — `SHA3-256(ssMLKEM ‖ ssX25519 ‖ ctX25519 ‖ pkX25519 ‖ label)` — is exposed as `combiner` for advanced use. Marked `experimental` while draft-connolly-cfrg-xwing-kem remains an Internet-Draft; the algorithm itself is frozen.
|
|
16
|
+
|
|
11
17
|
- v0.13.2 (2026-05-26) — **`b.iabTcf.encode` — write TCF consent strings, and a TC-string timestamp fix.** b.iabTcf gains the encode half of its consent-string codec: b.iabTcf.encode(obj) serialises a parsed object back into an IAB TCF v2 TC string, and b.iabTcf.isValid(tcString) is a total never-throwing validity check. Vendor and purpose collections may be Sets, id arrays, or the parsed sections parseString returns; vendor sections are written with whichever of the bit-field and range forms is smaller, matching the reference CMP encoders, so a parsed string round-trips to an equivalent signal. parseString now fully decodes the Core publisher-restrictions list and the PublisherTC segment's publisher and custom purposes, where it previously reported only the segment's presence. The encoder is verified against the worked-example string in the IAB Tech Lab consent-string specification: it re-encodes that string's Core segment byte-for-byte. This release also fixes a TC-string parsing bug — the bit reader accumulated values with a 32-bit shift, so the 36-bit Created and LastUpdated timestamp fields were silently truncated for any real date; they now decode and round-trip exactly. **Added:** *`b.iabTcf.encode` / `b.iabTcf.isValid`* — `encode(obj)` serialises a TCF object (the shape `parseString` returns) into a TC string — Core plus optional DisclosedVendors, AllowedVendors, and PublisherTC segments — choosing the smaller of the bit-field and range vendor encodings. `isValid(tcString)` returns whether a string parses as a well-formed Core segment without throwing. `parseString` now fully decodes Core publisher restrictions and the PublisherTC purposes that were previously reported only as present. **Fixed:** *TC-string 36-bit timestamps were truncated on parse* — `b.iabTcf.parseString` read multi-bit fields with a 32-bit left-shift accumulation. The 36-bit Created and LastUpdated fields hold deciseconds-since-epoch, which exceeds 2^31 for any date after 1976, so those timestamps were silently corrupted. The reader now accumulates without the 32-bit truncation; timestamps decode correctly and round-trip through `encode`.
|
|
12
18
|
|
|
13
19
|
- v0.13.1 (2026-05-26) — **`b.worm` — write-once-read-many retention.** Store records that cannot be altered or deleted before a retention period elapses — the immutable-storage discipline regulators require (SEC 17a-4(f), CFTC 1.31, FINRA 4511). b.worm.create(opts) returns a WORM store that enforces, on every mutating call, that a record is not overwritten or deleted while it is within its retainUntil window or under a legal hold. Two modes mirror cloud Object-Lock: compliance (the default — no one, including the operator, can delete before expiry) and governance (a privileged caller may override with an audited reason). Retention can only be extended, never shortened; every record carries a SHA3-512 digest that get verifies, so tampering with the underlying bytes is detected on read; every allow/refuse decision is audited. Storage is pluggable via a synchronous store adapter, so the policy layer sits over a sealed DB table, a filesystem, or any non-S3 backend — the store-agnostic, application-level companion to b.objectStore's S3 Object Lock, with content-integrity verification that native Object Lock does not provide. **Added:** *`b.worm.create` — write-once-read-many retention* — Returns a store with `put` / `get` / `delete` / `extendRetention` / `placeLegalHold` / `releaseLegalHold` / `list`. `put` is write-once (an overwrite of a retained or held record is refused); `delete` is gated by the retention window, legal holds, and the mode (`compliance` refuses any early delete; `governance` allows a privileged override with a required, audited reason); `extendRetention` is extend-only; `get` verifies the stored SHA3-512 digest and throws `worm/tampered` on a mismatch. Storage is a pluggable synchronous adapter (`get` / `set` / `delete` / `has` / `keys`), defaulting to in-memory for tests. Use it for SEC 17a-4 / CFTC / FINRA immutable records on backends without native Object Lock; `b.objectStore` remains the path for S3 Object Lock.
|
|
@@ -101,6 +101,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
|
|
|
101
101
|
- **AAD-bound sealed columns** — AEAD tag tied to `(table, rowId, column, schemaVersion)`; copy-paste between rows or schema-version replay surfaces as refused decrypt (`b.vault.aad`)
|
|
102
102
|
- **Signed webhooks + API encryption** — SLH-DSA-SHAKE-256f default; ML-DSA-65 opt-in; ECIES API encryption (`b.webhook`, `b.crypto`)
|
|
103
103
|
- **HPKE / HTTP signatures** — RFC 9180 HPKE with ML-KEM-1024 + HKDF-SHA3-512 + ChaCha20-Poly1305 (`b.crypto.hpke`); RFC 9421 HTTP Message Signatures with derived components and ed25519 / ML-DSA-65 (`b.crypto.httpSig`); RFC 9530 Content-Digest / Repr-Digest body-integrity fields (SHA-256 / SHA-512, legacy algorithms refused — `b.contentDigest`) to sign the digest rather than the whole body
|
|
104
|
+
- **X-Wing hybrid KEM** — `b.crypto.xwing` (draft-connolly-cfrg-xwing-kem, experimental): ML-KEM-768 + X25519 bound by SHA3-256, secure if either component holds — the conservative key-encapsulation shape for migrating off classical ECDH. `keygen` / `encapsulate` / `decapsulate` with a 1216-byte public key, 1120-byte ciphertext, and 32-byte shared secret
|
|
104
105
|
- **Link header** — RFC 8288 Web Linking codec (`b.linkHeader.parse` / `serialize`): parse and build `Link: <uri>; rel="next"` relations, the standard REST pagination mechanism; quote-aware (a comma inside a quoted parameter never splits the list)
|
|
105
106
|
- **URI Templates** — RFC 6570 expansion (`b.uriTemplate.expand` / `compile`): full Level 4 — every operator, the `:N` prefix and `*` explode modifiers — turning `{/path}{?q*}` plus variables into a concrete URI; validated against the official uritemplate-test suite. The `{var}` syntax behind OpenAPI links and HAL `_links`
|
|
106
107
|
- **JSON Type Definition** — RFC 8927 validation (`b.jtd.validate` / `isValid`): portable, cross-implementation schema validation (all eight forms — type / enum / elements / properties / values / discriminator / ref / empty), returning instancePath / schemaPath errors; validated against the official 316-case suite. Interop companion to the fluent `b.safeSchema` builder
|
|
@@ -188,6 +189,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
|
|
|
188
189
|
- **Content provenance** — C2PA 2.1 + California SB-942 / AB-853 manifest builder for AI-generated media (provider, model id + version, timestamp, content ID, signed) (`b.contentCredentials`)
|
|
189
190
|
- **AI usage quotas** — per-tenant / per-model budgets metered by tokens / requests / cost-usd / compute-hours over calendar-aligned windows, with an atomic conditional reserve (no charge-then-refund race) + hard/soft/warn enforcement and an optional cross-node store; defends OWASP LLM10:2025 unbounded consumption / denial-of-wallet (`b.ai.quota`)
|
|
190
191
|
- **AI capability routing** — model-capability registry (context window / modalities / tool use / reasoning tier / cost rates) + a router that picks the cheapest model satisfying a request's requirements, refusing capability mismatches before the inference call (NIST AI RMF MAP + Model Cards); composes with `b.ai.quota` cost budgets (`b.ai.capability`)
|
|
192
|
+
- **AEDT bias audit** — NYC Local Law 144 bias-audit figures (`b.ai.aedtBiasAudit`): selection / scoring rates and EEOC four-fifths-rule impact ratios across sex, race/ethnicity, and their intersection, with the most-selected group and adverse-impact flags (impact ratio < 0.8) for the annual published summary; sub-2% categories excludable per DCWP §5-301
|
|
191
193
|
### Compliance regimes
|
|
192
194
|
|
|
193
195
|
- **Posture coordinator** — `b.compliance` cascades operator-declared regime into retention / audit / db / cryptoField via POSTURE_DEFAULTS:
|
|
@@ -231,6 +233,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
|
|
|
231
233
|
### Production
|
|
232
234
|
|
|
233
235
|
- **Cluster + scheduling** — cluster leader election with fenced leases over Postgres/SQLite (`b.cluster`); cron + interval scheduler that runs exactly-once globally (`b.scheduler`)
|
|
236
|
+
- **CRDTs** — state-based conflict-free replicated data types (`b.crdt`): grow-only / PN counters, grow-only / two-phase / observed-remove sets, a last-write-wins register, and an observed-remove map; each `merge` is commutative / associative / idempotent so replicas converge with no coordination — the substrate for active/active and offline-first state, with `state()` / `fromState()` for snapshot via `b.archive` / `b.backup`
|
|
234
237
|
- **Reliability** — retry with full-jitter backoff + circuit breaker (`b.retry`); graceful shutdown (`b.appShutdown`); NTP boot check (`b.ntpCheck`)
|
|
235
238
|
- **Transactional integration** — outbox + dedupe-on-receive inbox; exactly-once semantics across Postgres / SQLite (`b.outbox`, `b.inbox`); Debezium-shape change-event envelope on the outbox (`b.outbox.create({ envelope: "debezium" })`)
|
|
236
239
|
- **Backup + restore** — end-to-end-encrypted bundles with pre-flush fail-closed mode + ML-DSA-87 signed manifests + scheduled backup-restore drills (`b.backup`, `b.backup.scheduleTest`, `b.backupBundle.verifyManifestSignature`); restore with pulled-bundle footprint preflight (`b.restore`); disaster-recovery runbook generator (HIPAA / PCI-DSS / GDPR / SOC 2 / DORA postures) (`b.drRunbook`)
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 1,
|
|
3
|
-
"frameworkVersion": "0.13.
|
|
4
|
-
"createdAt": "2026-05-
|
|
3
|
+
"frameworkVersion": "0.13.5",
|
|
4
|
+
"createdAt": "2026-05-27T01:38:32.776Z",
|
|
5
5
|
"exports": {
|
|
6
6
|
"a2a": {
|
|
7
7
|
"type": "object",
|
|
@@ -1388,6 +1388,10 @@
|
|
|
1388
1388
|
}
|
|
1389
1389
|
}
|
|
1390
1390
|
},
|
|
1391
|
+
"aedtBiasAudit": {
|
|
1392
|
+
"type": "function",
|
|
1393
|
+
"arity": 1
|
|
1394
|
+
},
|
|
1391
1395
|
"aiContentDetect": {
|
|
1392
1396
|
"type": "object",
|
|
1393
1397
|
"members": {
|
|
@@ -13699,6 +13703,43 @@
|
|
|
13699
13703
|
}
|
|
13700
13704
|
}
|
|
13701
13705
|
},
|
|
13706
|
+
"crdt": {
|
|
13707
|
+
"type": "object",
|
|
13708
|
+
"members": {
|
|
13709
|
+
"CrdtError": {
|
|
13710
|
+
"type": "function",
|
|
13711
|
+
"arity": 4
|
|
13712
|
+
},
|
|
13713
|
+
"gCounter": {
|
|
13714
|
+
"type": "function",
|
|
13715
|
+
"arity": 1
|
|
13716
|
+
},
|
|
13717
|
+
"gSet": {
|
|
13718
|
+
"type": "function",
|
|
13719
|
+
"arity": 1
|
|
13720
|
+
},
|
|
13721
|
+
"lwwRegister": {
|
|
13722
|
+
"type": "function",
|
|
13723
|
+
"arity": 1
|
|
13724
|
+
},
|
|
13725
|
+
"orMap": {
|
|
13726
|
+
"type": "function",
|
|
13727
|
+
"arity": 1
|
|
13728
|
+
},
|
|
13729
|
+
"orSet": {
|
|
13730
|
+
"type": "function",
|
|
13731
|
+
"arity": 1
|
|
13732
|
+
},
|
|
13733
|
+
"pnCounter": {
|
|
13734
|
+
"type": "function",
|
|
13735
|
+
"arity": 1
|
|
13736
|
+
},
|
|
13737
|
+
"twoPSet": {
|
|
13738
|
+
"type": "function",
|
|
13739
|
+
"arity": 1
|
|
13740
|
+
}
|
|
13741
|
+
}
|
|
13742
|
+
},
|
|
13702
13743
|
"createApp": {
|
|
13703
13744
|
"type": "function",
|
|
13704
13745
|
"arity": 1
|
|
@@ -13999,6 +14040,56 @@
|
|
|
13999
14040
|
"verify": {
|
|
14000
14041
|
"type": "function",
|
|
14001
14042
|
"arity": 3
|
|
14043
|
+
},
|
|
14044
|
+
"xwing": {
|
|
14045
|
+
"type": "object",
|
|
14046
|
+
"members": {
|
|
14047
|
+
"NAME": {
|
|
14048
|
+
"type": "primitive",
|
|
14049
|
+
"valueType": "string"
|
|
14050
|
+
},
|
|
14051
|
+
"SIZES": {
|
|
14052
|
+
"type": "object",
|
|
14053
|
+
"members": {
|
|
14054
|
+
"ciphertext": {
|
|
14055
|
+
"type": "primitive",
|
|
14056
|
+
"valueType": "number"
|
|
14057
|
+
},
|
|
14058
|
+
"publicKey": {
|
|
14059
|
+
"type": "primitive",
|
|
14060
|
+
"valueType": "number"
|
|
14061
|
+
},
|
|
14062
|
+
"secretKey": {
|
|
14063
|
+
"type": "primitive",
|
|
14064
|
+
"valueType": "number"
|
|
14065
|
+
},
|
|
14066
|
+
"sharedSecret": {
|
|
14067
|
+
"type": "primitive",
|
|
14068
|
+
"valueType": "number"
|
|
14069
|
+
}
|
|
14070
|
+
}
|
|
14071
|
+
},
|
|
14072
|
+
"XWingError": {
|
|
14073
|
+
"type": "function",
|
|
14074
|
+
"arity": 4
|
|
14075
|
+
},
|
|
14076
|
+
"combiner": {
|
|
14077
|
+
"type": "function",
|
|
14078
|
+
"arity": 4
|
|
14079
|
+
},
|
|
14080
|
+
"decapsulate": {
|
|
14081
|
+
"type": "function",
|
|
14082
|
+
"arity": 2
|
|
14083
|
+
},
|
|
14084
|
+
"encapsulate": {
|
|
14085
|
+
"type": "function",
|
|
14086
|
+
"arity": 2
|
|
14087
|
+
},
|
|
14088
|
+
"keygen": {
|
|
14089
|
+
"type": "function",
|
|
14090
|
+
"arity": 1
|
|
14091
|
+
}
|
|
14092
|
+
}
|
|
14002
14093
|
}
|
|
14003
14094
|
}
|
|
14004
14095
|
},
|
|
@@ -55,6 +55,7 @@ var KNOWN_POSTURES = {
|
|
|
55
55
|
// v0.10.8 — EU AI Act Art. 50 + Art. 11 + AB-853 + CAC + AI governance
|
|
56
56
|
"eu-ai-act-art-50": 1, "eu-ai-act-art-11": 1,
|
|
57
57
|
"ca-ab-853": 1, "ca-sb-942": 1,
|
|
58
|
+
"nyc-ll144": 1, "ca-tfaia": 1,
|
|
58
59
|
"cac-genai-label": 1,
|
|
59
60
|
"nist-ai-600-1": 1, "nist-ai-rmf": 1,
|
|
60
61
|
"iso-42001": 1, "iso-23894": 1,
|
|
@@ -58,6 +58,7 @@ var crypto = require("./lib/crypto");
|
|
|
58
58
|
// the dedicated lib files; these are thin aliases.
|
|
59
59
|
crypto.hpke = require("./lib/crypto-hpke");
|
|
60
60
|
crypto.oprf = require("./lib/crypto-oprf");
|
|
61
|
+
crypto.xwing = require("./lib/crypto-xwing");
|
|
61
62
|
// Both PQ-HPKE drafts behind one opt-in sub-namespace — see
|
|
62
63
|
// lib/crypto-hpke-pq.js. Operators that need a draft-codepoint
|
|
63
64
|
// shape reach for b.crypto.hpke.pq.connolly / .wg explicitly; the
|
|
@@ -373,6 +374,7 @@ var dualControl = require("./lib/dual-control");
|
|
|
373
374
|
var retention = require("./lib/retention");
|
|
374
375
|
var legalHold = require("./lib/legal-hold");
|
|
375
376
|
var worm = require("./lib/worm");
|
|
377
|
+
var crdt = require("./lib/crdt");
|
|
376
378
|
var network = require("./lib/network");
|
|
377
379
|
var cloudEvents = require("./lib/cloud-events");
|
|
378
380
|
var dsr = require("./lib/dsr");
|
|
@@ -475,6 +477,7 @@ module.exports = {
|
|
|
475
477
|
quota: require("./lib/ai-quota"),
|
|
476
478
|
capability: require("./lib/ai-capability"),
|
|
477
479
|
dp: require("./lib/ai-dp"),
|
|
480
|
+
aedtBiasAudit: require("./lib/ai-aedt-bias-audit"),
|
|
478
481
|
},
|
|
479
482
|
promisePool: require("./lib/promise-pool"),
|
|
480
483
|
sdNotify: require("./lib/sd-notify"),
|
|
@@ -712,6 +715,7 @@ module.exports = {
|
|
|
712
715
|
retention: retention,
|
|
713
716
|
legalHold: legalHold,
|
|
714
717
|
worm: worm,
|
|
718
|
+
crdt: crdt,
|
|
715
719
|
network: network,
|
|
716
720
|
cloudEvents: cloudEvents,
|
|
717
721
|
dsr: dsr,
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @module b.ai.aedtBiasAudit
|
|
4
|
+
* @nav Compliance
|
|
5
|
+
* @title AEDT Bias Audit
|
|
6
|
+
*
|
|
7
|
+
* @intro
|
|
8
|
+
* Compute the bias-audit statistics New York City Local Law 144 requires
|
|
9
|
+
* before an Automated Employment Decision Tool (AEDT) may be used to screen
|
|
10
|
+
* candidates or employees. The law (NYC Admin. Code §20-870 et seq., in force
|
|
11
|
+
* since 2023-07-05; DCWP rules 6 RCNY §5-300 et seq.) requires an independent
|
|
12
|
+
* annual audit that reports, for each demographic category, the rate at which
|
|
13
|
+
* the tool selects (or scores above the median for) that group and the
|
|
14
|
+
* <em>impact ratio</em> — that group's rate divided by the rate of the
|
|
15
|
+
* most-selected group. An impact ratio below the four-fifths (0.8) threshold
|
|
16
|
+
* from the EEOC Uniform Guidelines flags potential adverse impact; the law
|
|
17
|
+
* requires the number to be calculated and published, not any particular
|
|
18
|
+
* remediation.
|
|
19
|
+
*
|
|
20
|
+
* The audit is computed across three dimensions: sex, race/ethnicity, and
|
|
21
|
+
* the intersection of the two, using the EEOC categories. Categories that
|
|
22
|
+
* make up less than 2% of the audited data may be excluded from the impact-
|
|
23
|
+
* ratio calculation at the auditor's discretion (DCWP §5-301). This primitive
|
|
24
|
+
* takes the per-category counts — selected/total for a pass-fail tool, or
|
|
25
|
+
* scored-above-the-overall-median/total for a continuous-score tool — and
|
|
26
|
+
* returns the selection (or scoring) rate, impact ratio, and adverse-impact
|
|
27
|
+
* flag per group, plus the most-selected group and an overall flag. It is a
|
|
28
|
+
* pure calculation: the operator supplies the data an independent auditor
|
|
29
|
+
* collected, and gets back the figures the published summary must contain.
|
|
30
|
+
*
|
|
31
|
+
* @card
|
|
32
|
+
* NYC Local Law 144 AEDT bias audit (`b.ai.aedtBiasAudit`) — selection /
|
|
33
|
+
* scoring rates and four-fifths-rule impact ratios across sex, race/ethnicity,
|
|
34
|
+
* and their intersection, with the most-selected group and adverse-impact
|
|
35
|
+
* flags for the published audit summary.
|
|
36
|
+
*/
|
|
37
|
+
|
|
38
|
+
var validateOpts = require("./validate-opts");
|
|
39
|
+
var { defineClass } = require("./framework-error");
|
|
40
|
+
|
|
41
|
+
var AedtBiasAuditError = defineClass("AedtBiasAuditError", { alwaysPermanent: true });
|
|
42
|
+
|
|
43
|
+
var FOUR_FIFTHS = 4 / 5; // EEOC Uniform Guidelines four-fifths adverse-impact threshold
|
|
44
|
+
var DEFAULT_MIN_SHARE = 0.02; // DCWP §5-301 — categories under 2% may be excluded
|
|
45
|
+
var DIMENSIONS = ["sex", "raceEthnicity", "intersectional"];
|
|
46
|
+
|
|
47
|
+
function _str(v, label) {
|
|
48
|
+
if (typeof v !== "string" || v.length === 0) throw new AedtBiasAuditError("aedt/bad-metadata", "aedtBiasAudit: metadata." + label + " must be a non-empty string");
|
|
49
|
+
return v;
|
|
50
|
+
}
|
|
51
|
+
function _count(v, label) {
|
|
52
|
+
if (typeof v !== "number" || !isFinite(v) || v < 0 || Math.floor(v) !== v) throw new AedtBiasAuditError("aedt/bad-count", "aedtBiasAudit: " + label + " must be a non-negative integer");
|
|
53
|
+
return v;
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// Reduce one dimension's per-group counts to the LL-144 figures.
|
|
57
|
+
function _auditDimension(groups, type, minShare) {
|
|
58
|
+
var names = Object.keys(groups);
|
|
59
|
+
var rows = [];
|
|
60
|
+
var dimensionTotal = 0;
|
|
61
|
+
var numeratorKey = type === "scoring" ? "scoredAboveMedian" : "selected";
|
|
62
|
+
|
|
63
|
+
names.forEach(function (name) {
|
|
64
|
+
var g = groups[name];
|
|
65
|
+
if (!g || typeof g !== "object") throw new AedtBiasAuditError("aedt/bad-count", "aedtBiasAudit: group '" + name + "' must be an object with " + numeratorKey + " + total");
|
|
66
|
+
var total = _count(g.total, name + ".total");
|
|
67
|
+
var num = _count(g[numeratorKey], name + "." + numeratorKey);
|
|
68
|
+
if (num > total) throw new AedtBiasAuditError("aedt/bad-count", "aedtBiasAudit: " + name + "." + numeratorKey + " (" + num + ") exceeds total (" + total + ")");
|
|
69
|
+
dimensionTotal += total;
|
|
70
|
+
rows.push({ category: name, total: total, _num: num, rate: total === 0 ? 0 : num / total });
|
|
71
|
+
});
|
|
72
|
+
|
|
73
|
+
// Exclude sub-threshold categories (auditor discretion), then find the
|
|
74
|
+
// most-selected group among those that remain.
|
|
75
|
+
var maxRate = 0;
|
|
76
|
+
var mostSelected = null;
|
|
77
|
+
rows.forEach(function (r) {
|
|
78
|
+
r.share = dimensionTotal === 0 ? 0 : r.total / dimensionTotal;
|
|
79
|
+
r.excluded = dimensionTotal > 0 && r.share < minShare;
|
|
80
|
+
if (!r.excluded && r.rate > maxRate) { maxRate = r.rate; mostSelected = r.category; }
|
|
81
|
+
});
|
|
82
|
+
|
|
83
|
+
rows.forEach(function (r) {
|
|
84
|
+
r.impactRatio = (r.excluded || maxRate === 0) ? null : r.rate / maxRate;
|
|
85
|
+
r.adverseImpact = r.impactRatio !== null && r.impactRatio < FOUR_FIFTHS;
|
|
86
|
+
delete r._num;
|
|
87
|
+
});
|
|
88
|
+
// Stable order: highest rate first, then category name.
|
|
89
|
+
rows.sort(function (a, b) { return b.rate - a.rate || (a.category < b.category ? -1 : a.category > b.category ? 1 : 0); });
|
|
90
|
+
return { rows: rows, mostSelected: mostSelected };
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* @primitive b.ai.aedtBiasAudit
|
|
95
|
+
* @signature b.ai.aedtBiasAudit(opts)
|
|
96
|
+
* @since 0.13.5
|
|
97
|
+
* @status stable
|
|
98
|
+
* @compliance nyc-ll144, soc2
|
|
99
|
+
* @related b.ai.disclosure.applyAll, b.ai.disclosure.chatbot
|
|
100
|
+
*
|
|
101
|
+
* Compute the NYC Local Law 144 bias-audit figures from per-category counts.
|
|
102
|
+
* <code>type</code> is <code>"selection"</code> for a pass-fail tool (each
|
|
103
|
+
* group entry is <code>{ selected, total }</code>) or <code>"scoring"</code>
|
|
104
|
+
* for a continuous-score tool (<code>{ scoredAboveMedian, total }</code>, where
|
|
105
|
+
* the count is candidates scoring above the <em>overall</em> median). Returns
|
|
106
|
+
* the selection/scoring rate, impact ratio (group rate ÷ most-selected group's
|
|
107
|
+
* rate), and an <code>adverseImpact</code> flag (impact ratio < 0.8) per
|
|
108
|
+
* group, across the <code>sex</code>, <code>raceEthnicity</code>, and
|
|
109
|
+
* <code>intersectional</code> dimensions, plus the most-selected group per
|
|
110
|
+
* dimension. Categories under <code>minCategoryShare</code> (2% by default) are
|
|
111
|
+
* marked <code>excluded</code> and left out of the impact-ratio basis. Throws
|
|
112
|
+
* <code>AedtBiasAuditError</code> on malformed input. The result is the data an
|
|
113
|
+
* employer must publish; the law mandates the calculation, not any remediation.
|
|
114
|
+
*
|
|
115
|
+
* @opts
|
|
116
|
+
* type: string, // "selection" | "scoring" (required)
|
|
117
|
+
* metadata: object, // { tool, auditor, auditDate, distributionDate? } (tool/auditor/auditDate required)
|
|
118
|
+
* categories: object, // { sex?, raceEthnicity?, intersectional? } → { <group>: { selected|scoredAboveMedian, total } }
|
|
119
|
+
* minCategoryShare: number, // default: 0.02 (DCWP §5-301 — sub-2% categories may be excluded)
|
|
120
|
+
*
|
|
121
|
+
* @example
|
|
122
|
+
* var report = b.ai.aedtBiasAudit({
|
|
123
|
+
* type: "selection",
|
|
124
|
+
* metadata: { tool: "ResumeRanker v3", auditor: "Acme Audit LLC", auditDate: "2026-05-26" },
|
|
125
|
+
* categories: { sex: { Male: { selected: 60, total: 100 }, Female: { selected: 42, total: 100 } } },
|
|
126
|
+
* });
|
|
127
|
+
* report.results.sex[1].impactRatio; // → 0.7 (Female: 42% / 60%)
|
|
128
|
+
* report.results.sex[1].adverseImpact; // → true (below the 0.8 four-fifths threshold)
|
|
129
|
+
*/
|
|
130
|
+
function aedtBiasAudit(opts) {
|
|
131
|
+
opts = opts || {};
|
|
132
|
+
// Surface an unknown/typoed option as this primitive's own error type rather
|
|
133
|
+
// than the generic Error validateOpts throws, so the malformed-input contract
|
|
134
|
+
// (AedtBiasAuditError / e.code) holds for every bad-config path.
|
|
135
|
+
try { validateOpts(opts, ["type", "metadata", "categories", "minCategoryShare"], "aedtBiasAudit"); }
|
|
136
|
+
catch (e) { throw new AedtBiasAuditError("aedt/bad-opts", e && e.message || "aedtBiasAudit: invalid options"); }
|
|
137
|
+
if (opts.type !== "selection" && opts.type !== "scoring") throw new AedtBiasAuditError("aedt/bad-type", "aedtBiasAudit: type must be 'selection' or 'scoring'");
|
|
138
|
+
|
|
139
|
+
var md = opts.metadata || {};
|
|
140
|
+
var metadata = {
|
|
141
|
+
tool: _str(md.tool, "tool"),
|
|
142
|
+
auditor: _str(md.auditor, "auditor"),
|
|
143
|
+
auditDate: _str(md.auditDate, "auditDate"),
|
|
144
|
+
distributionDate: md.distributionDate != null ? _str(md.distributionDate, "distributionDate") : null,
|
|
145
|
+
};
|
|
146
|
+
|
|
147
|
+
var minShare = opts.minCategoryShare != null ? opts.minCategoryShare : DEFAULT_MIN_SHARE;
|
|
148
|
+
if (typeof minShare !== "number" || !isFinite(minShare) || minShare < 0 || minShare >= 1) throw new AedtBiasAuditError("aedt/bad-share", "aedtBiasAudit: minCategoryShare must be a number in [0, 1)");
|
|
149
|
+
|
|
150
|
+
var cats = opts.categories || {};
|
|
151
|
+
var present = DIMENSIONS.filter(function (d) { return cats[d] && typeof cats[d] === "object" && Object.keys(cats[d]).length > 0; });
|
|
152
|
+
if (present.length === 0) throw new AedtBiasAuditError("aedt/no-categories", "aedtBiasAudit: at least one of sex / raceEthnicity / intersectional must carry group counts");
|
|
153
|
+
|
|
154
|
+
var results = {};
|
|
155
|
+
var mostSelected = {};
|
|
156
|
+
var adverseImpactGroups = [];
|
|
157
|
+
present.forEach(function (dim) {
|
|
158
|
+
var out = _auditDimension(cats[dim], opts.type, minShare);
|
|
159
|
+
results[dim] = out.rows;
|
|
160
|
+
mostSelected[dim] = out.mostSelected;
|
|
161
|
+
out.rows.forEach(function (r) { if (r.adverseImpact) adverseImpactGroups.push({ dimension: dim, category: r.category, impactRatio: r.impactRatio }); });
|
|
162
|
+
});
|
|
163
|
+
|
|
164
|
+
return {
|
|
165
|
+
type: opts.type,
|
|
166
|
+
metadata: metadata,
|
|
167
|
+
results: results,
|
|
168
|
+
summary: {
|
|
169
|
+
mostSelected: mostSelected,
|
|
170
|
+
adverseImpactGroups: adverseImpactGroups,
|
|
171
|
+
anyAdverseImpact: adverseImpactGroups.length > 0,
|
|
172
|
+
fourFifthsThreshold: FOUR_FIFTHS,
|
|
173
|
+
},
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
aedtBiasAudit.FOUR_FIFTHS = FOUR_FIFTHS;
|
|
178
|
+
aedtBiasAudit.AedtBiasAuditError = AedtBiasAuditError;
|
|
179
|
+
|
|
180
|
+
module.exports = aedtBiasAudit;
|