@blamejs/blamejs-shop 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (354) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +428 -6
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +3 -3
  5. package/lib/vendor/blamejs/CHANGELOG.md +14 -0
  6. package/lib/vendor/blamejs/api-snapshot.json +2 -2
  7. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
  8. package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
  9. package/lib/vendor/blamejs/lib/a2a.js +4 -4
  10. package/lib/vendor/blamejs/lib/acme.js +3 -3
  11. package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
  12. package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
  13. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
  14. package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
  15. package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
  16. package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
  17. package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
  18. package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
  19. package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
  20. package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
  21. package/lib/vendor/blamejs/lib/ai-input.js +4 -4
  22. package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
  23. package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
  24. package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
  25. package/lib/vendor/blamejs/lib/archive-read.js +25 -25
  26. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
  27. package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
  28. package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
  29. package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
  30. package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
  31. package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
  32. package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
  33. package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
  34. package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
  35. package/lib/vendor/blamejs/lib/audit.js +2 -2
  36. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
  37. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
  38. package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
  39. package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
  40. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
  41. package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
  42. package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
  43. package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
  44. package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
  45. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
  46. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
  47. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  48. package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
  49. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
  50. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
  51. package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
  52. package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
  53. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
  54. package/lib/vendor/blamejs/lib/backup/index.js +7 -7
  55. package/lib/vendor/blamejs/lib/base32.js +8 -8
  56. package/lib/vendor/blamejs/lib/budr.js +2 -2
  57. package/lib/vendor/blamejs/lib/cache-status.js +2 -2
  58. package/lib/vendor/blamejs/lib/calendar.js +29 -29
  59. package/lib/vendor/blamejs/lib/cbor.js +12 -12
  60. package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
  61. package/lib/vendor/blamejs/lib/cert.js +5 -5
  62. package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
  63. package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
  64. package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
  65. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
  66. package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
  67. package/lib/vendor/blamejs/lib/compliance.js +29 -29
  68. package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
  69. package/lib/vendor/blamejs/lib/cookies.js +1 -1
  70. package/lib/vendor/blamejs/lib/cose.js +13 -13
  71. package/lib/vendor/blamejs/lib/cra-report.js +1 -1
  72. package/lib/vendor/blamejs/lib/crdt.js +1 -1
  73. package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
  74. package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
  75. package/lib/vendor/blamejs/lib/crypto.js +6 -6
  76. package/lib/vendor/blamejs/lib/csp.js +2 -2
  77. package/lib/vendor/blamejs/lib/cwt.js +4 -4
  78. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
  79. package/lib/vendor/blamejs/lib/data-act.js +2 -2
  80. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
  81. package/lib/vendor/blamejs/lib/db-query.js +1 -1
  82. package/lib/vendor/blamejs/lib/db.js +6 -6
  83. package/lib/vendor/blamejs/lib/dbsc.js +13 -13
  84. package/lib/vendor/blamejs/lib/did.js +17 -17
  85. package/lib/vendor/blamejs/lib/dora.js +4 -4
  86. package/lib/vendor/blamejs/lib/dsr.js +1 -1
  87. package/lib/vendor/blamejs/lib/early-hints.js +2 -2
  88. package/lib/vendor/blamejs/lib/eat.js +4 -4
  89. package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
  90. package/lib/vendor/blamejs/lib/external-db.js +1 -1
  91. package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
  92. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
  93. package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
  94. package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
  95. package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
  96. package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
  97. package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
  98. package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
  99. package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
  100. package/lib/vendor/blamejs/lib/guard-email.js +19 -19
  101. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
  102. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
  103. package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
  104. package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
  105. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
  106. package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
  107. package/lib/vendor/blamejs/lib/guard-html.js +7 -7
  108. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
  109. package/lib/vendor/blamejs/lib/guard-image.js +4 -4
  110. package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
  111. package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
  112. package/lib/vendor/blamejs/lib/guard-json.js +12 -12
  113. package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
  114. package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
  115. package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
  116. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
  117. package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
  118. package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
  119. package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
  120. package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
  121. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
  122. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
  123. package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
  124. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
  125. package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
  126. package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
  127. package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
  128. package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
  129. package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
  130. package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
  131. package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
  132. package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
  133. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
  134. package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
  135. package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
  136. package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
  137. package/lib/vendor/blamejs/lib/guard-time.js +15 -15
  138. package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
  139. package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
  140. package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
  141. package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
  142. package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
  143. package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
  144. package/lib/vendor/blamejs/lib/http-client.js +13 -10
  145. package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
  146. package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
  147. package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
  148. package/lib/vendor/blamejs/lib/inbox.js +4 -4
  149. package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
  150. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
  151. package/lib/vendor/blamejs/lib/json-path.js +3 -3
  152. package/lib/vendor/blamejs/lib/json-schema.js +1 -1
  153. package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
  154. package/lib/vendor/blamejs/lib/jtd.js +2 -2
  155. package/lib/vendor/blamejs/lib/link-header.js +1 -1
  156. package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
  157. package/lib/vendor/blamejs/lib/log.js +8 -3
  158. package/lib/vendor/blamejs/lib/lro.js +4 -4
  159. package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
  160. package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
  161. package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
  162. package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
  163. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
  164. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
  165. package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
  166. package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
  167. package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
  168. package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
  169. package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
  170. package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
  171. package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
  172. package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
  173. package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
  174. package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
  175. package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
  176. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
  177. package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
  178. package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
  179. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
  180. package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
  181. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
  182. package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
  183. package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
  184. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
  185. package/lib/vendor/blamejs/lib/mail-store.js +8 -8
  186. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
  187. package/lib/vendor/blamejs/lib/mail.js +4 -4
  188. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
  189. package/lib/vendor/blamejs/lib/mcp.js +15 -15
  190. package/lib/vendor/blamejs/lib/mdoc.js +2 -2
  191. package/lib/vendor/blamejs/lib/metrics.js +8 -8
  192. package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
  193. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
  194. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
  195. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
  196. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
  197. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
  198. package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
  199. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
  200. package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
  201. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
  202. package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
  203. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
  204. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
  205. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
  206. package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
  207. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
  208. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
  209. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
  210. package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
  211. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
  212. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
  213. package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
  214. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
  215. package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
  216. package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
  217. package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
  218. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
  219. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
  220. package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
  221. package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
  222. package/lib/vendor/blamejs/lib/network-dns.js +29 -29
  223. package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
  224. package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
  225. package/lib/vendor/blamejs/lib/network-tls.js +100 -98
  226. package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
  227. package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
  228. package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
  229. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
  230. package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
  231. package/lib/vendor/blamejs/lib/observability.js +8 -8
  232. package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
  233. package/lib/vendor/blamejs/lib/openapi.js +1 -1
  234. package/lib/vendor/blamejs/lib/outbox.js +6 -6
  235. package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
  236. package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
  237. package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
  238. package/lib/vendor/blamejs/lib/problem-details.js +5 -5
  239. package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
  240. package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
  241. package/lib/vendor/blamejs/lib/queue.js +4 -2
  242. package/lib/vendor/blamejs/lib/redact.js +2 -2
  243. package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
  244. package/lib/vendor/blamejs/lib/router.js +10 -10
  245. package/lib/vendor/blamejs/lib/safe-async.js +2 -2
  246. package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
  247. package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
  248. package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
  249. package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
  250. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
  251. package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
  252. package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
  253. package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
  254. package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
  255. package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
  256. package/lib/vendor/blamejs/lib/safe-url.js +1 -1
  257. package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
  258. package/lib/vendor/blamejs/lib/sandbox.js +5 -5
  259. package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
  260. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
  261. package/lib/vendor/blamejs/lib/self-update.js +3 -3
  262. package/lib/vendor/blamejs/lib/server-timing.js +3 -3
  263. package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
  264. package/lib/vendor/blamejs/lib/session.js +8 -8
  265. package/lib/vendor/blamejs/lib/sse.js +12 -5
  266. package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
  267. package/lib/vendor/blamejs/lib/storage.js +2 -2
  268. package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
  269. package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
  270. package/lib/vendor/blamejs/lib/subject.js +1 -1
  271. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
  272. package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
  273. package/lib/vendor/blamejs/lib/test-harness.js +1 -1
  274. package/lib/vendor/blamejs/lib/tracing.js +1 -1
  275. package/lib/vendor/blamejs/lib/tsa.js +5 -5
  276. package/lib/vendor/blamejs/lib/uri-template.js +5 -5
  277. package/lib/vendor/blamejs/lib/vault/index.js +2 -2
  278. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
  279. package/lib/vendor/blamejs/lib/vc.js +2 -2
  280. package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
  281. package/lib/vendor/blamejs/lib/watcher.js +4 -4
  282. package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
  283. package/lib/vendor/blamejs/lib/webhook.js +2 -2
  284. package/lib/vendor/blamejs/lib/websocket.js +5 -5
  285. package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
  286. package/lib/vendor/blamejs/lib/ws-client.js +24 -24
  287. package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
  288. package/lib/vendor/blamejs/package.json +1 -1
  289. package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
  290. package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
  291. package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
  292. package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
  293. package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
  294. package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
  295. package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
  296. package/lib/vendor/blamejs/test/00-primitives.js +15 -0
  297. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
  298. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
  299. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
  300. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
  301. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
  302. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
  303. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
  304. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
  305. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
  306. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
  307. package/package.json +1 -1
  308. package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
  309. package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
  310. package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
  311. package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
  312. package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
  313. package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
  314. package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
  315. package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
  316. package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
  317. package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
  318. package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
  319. package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
  320. package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
  321. package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
  322. package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
  323. package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
  324. package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
  325. package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
  326. package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
  327. package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
  328. package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
  329. package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
  330. package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
  331. package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
  332. package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
  333. package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
  334. package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
  335. package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
  336. package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
  337. package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
  338. package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
  339. package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
  340. package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
  341. package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
  342. package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
  343. package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
  344. package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
  345. package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
  346. package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
  347. package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
  348. package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
  349. package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
  350. package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
  351. package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
  352. package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
  353. package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
  354. package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
@@ -95,16 +95,16 @@ var DEFAULT_PROFILE = "strict";
95
95
  var DEFAULT_PROTOCOL = "icap";
96
96
  var DEFAULT_ICAP_SERVICE = "srv_clamav";
97
97
 
98
- // allow:raw-byte-literal — ClamAV INSTREAM 4-byte length prefix.
98
+ // ClamAV INSTREAM 4-byte length prefix.
99
99
  var CLAMAV_LENGTH_PREFIX_BYTES = 4;
100
100
 
101
- // allow:raw-byte-literal — ClamAV INSTREAM chunk size for streaming.
101
+ // ClamAV INSTREAM chunk size for streaming.
102
102
  var CLAMAV_CHUNK_BYTES = 65536;
103
103
 
104
104
  var PROFILES = Object.freeze({
105
- strict: { timeoutMs: C.TIME.seconds(30), maxMessageBytes: C.BYTES.mib(25), maxResponseBytes: C.BYTES.mib(50) }, // allow:raw-byte-literal — operator-facing default mailbox cap
106
- balanced: { timeoutMs: C.TIME.seconds(60), maxMessageBytes: C.BYTES.mib(50), maxResponseBytes: C.BYTES.mib(100) }, // allow:raw-byte-literal — operator-facing default mailbox cap
107
- permissive: { timeoutMs: C.TIME.seconds(120), maxMessageBytes: C.BYTES.mib(150), maxResponseBytes: C.BYTES.mib(300) }, // allow:raw-byte-literal — operator-facing default mailbox cap
105
+ strict: { timeoutMs: C.TIME.seconds(30), maxMessageBytes: C.BYTES.mib(25), maxResponseBytes: C.BYTES.mib(50) }, // operator-facing default mailbox cap
106
+ balanced: { timeoutMs: C.TIME.seconds(60), maxMessageBytes: C.BYTES.mib(50), maxResponseBytes: C.BYTES.mib(100) }, // operator-facing default mailbox cap
107
+ permissive: { timeoutMs: C.TIME.seconds(120), maxMessageBytes: C.BYTES.mib(150), maxResponseBytes: C.BYTES.mib(300) }, // operator-facing default mailbox cap
108
108
  });
109
109
 
110
110
  var COMPLIANCE_POSTURES = Object.freeze({
@@ -165,7 +165,7 @@ function create(opts) {
165
165
 
166
166
  validateOpts.requireNonEmptyString(opts.host, "mail.scan.create.host",
167
167
  MailScanError, "mail-scan/bad-host");
168
- if (!numericBounds.isPositiveFiniteInt(opts.port) || opts.port > 65535) { // allow:raw-byte-literal — TCP port-number range cap
168
+ if (!numericBounds.isPositiveFiniteInt(opts.port) || opts.port > 65535) { // TCP port-number range cap
169
169
  throw new MailScanError("mail-scan/bad-port",
170
170
  "mail.scan.create.port must be a positive integer in [1,65535]; got " +
171
171
  numericBounds.shape(opts.port));
@@ -329,7 +329,7 @@ function create(opts) {
329
329
  // RFC 3507 §4.4.3 — body is chunked-transfer; we write a single
330
330
  // chunk + terminator for simplicity. The wire format is the same
331
331
  // as HTTP/1.1 chunked: `<hex-length>\r\n<bytes>\r\n0\r\n\r\n`.
332
- var lenHex = messageBytes.length.toString(16); // allow:raw-byte-literal — hex radix
332
+ var lenHex = messageBytes.length.toString(16); // hex radix
333
333
  sock.write(lenHex + "\r\n");
334
334
  sock.write(messageBytes);
335
335
  sock.write("\r\n0\r\n\r\n");
@@ -73,7 +73,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
73
73
 
74
74
  var DeliverError = defineClass("DeliverError");
75
75
 
76
- var DEFAULT_PORT_SMTP = 25; // allow:raw-byte-literal — IANA SMTP port, not a byte literal
76
+ var DEFAULT_PORT_SMTP = 25; // IANA SMTP port, not a byte literal
77
77
  var DEFAULT_RETRY_BACKOFF_MS = Object.freeze([
78
78
  C.TIME.minutes(1),
79
79
  C.TIME.minutes(5),
@@ -83,7 +83,7 @@ var DEFAULT_RETRY_BACKOFF_MS = Object.freeze([
83
83
  ]);
84
84
  var DEFAULT_MX_LOOKUP_TIMEOUT_MS = C.TIME.seconds(10);
85
85
  var DEFAULT_PER_HOST_TIMEOUT_MS = C.TIME.seconds(60);
86
- var MAX_RECIPIENTS_PER_CALL = 1000; // allow:raw-byte-literal — manifest-size cap, not byte count
86
+ var MAX_RECIPIENTS_PER_CALL = 1000; // manifest-size cap, not byte count
87
87
 
88
88
  // ---- Outcome classifier ----
89
89
 
@@ -140,10 +140,10 @@ var DEFAULT_GREETING_VENDOR = "blamejs IMAP4rev2";
140
140
  var pkgVersion = require("../package.json").version;
141
141
 
142
142
  // Error-message clamp bytes — protocol-string clamp, not a byte count.
143
- // Centralized so the allow:raw-byte-literal marker lives in one place
143
+ // Centralized so the marker lives in one place
144
144
  // and the per-call sites read cleanly.
145
- var ERR_CLAMP = 200; // allow:raw-byte-literal — protocol-reply error-message clamp
146
- var LINE_PREVIEW = 80; // allow:raw-byte-literal — audit-line preview clamp
145
+ var ERR_CLAMP = 200; // protocol-reply error-message clamp
146
+ var LINE_PREVIEW = 80; // audit-line preview clamp
147
147
 
148
148
  // RFC 9051 §6.3.12 + RFC 5322 §3.3 date-time parser for IMAP APPEND.
149
149
  // Format: `DD-Mon-YYYY HH:MM:SS ±HHMM` where Mon is the 3-letter
@@ -152,8 +152,8 @@ var LINE_PREVIEW = 80;
152
152
  // millisecond epoch, or null on any parse failure — the caller emits
153
153
  // `BAD` rather than silently using `Date.now()`.
154
154
  var IMAP_MONTHS = Object.freeze({
155
- jan: 0, feb: 1, mar: 2, apr: 3, may: 4, jun: 5, // allow:raw-byte-literal — month-index table (0-5)
156
- jul: 6, aug: 7, sep: 8, oct: 9, nov: 10, dec: 11, // allow:raw-byte-literal — month-index table (6-11)
155
+ jan: 0, feb: 1, mar: 2, apr: 3, may: 4, jun: 5, // month-index table (0-5)
156
+ jul: 6, aug: 7, sep: 8, oct: 9, nov: 10, dec: 11, // month-index table (6-11)
157
157
  });
158
158
  var IMAP_DT_RE = /^\s*(\d{1,2})-([A-Za-z]{3})-(\d{4})\s+(\d{2}):(\d{2}):(\d{2})\s+([+-])(\d{2})(\d{2})\s*$/;
159
159
  function _parseImapDateTime(s) {
@@ -195,10 +195,10 @@ function _parseImapDateTime(s) {
195
195
  // oversize.
196
196
  function _validateMailboxName(name, opts) {
197
197
  if (typeof name !== "string" || name.length === 0) return false;
198
- if (name.length > 1024) return false; // allow:raw-byte-literal — mailbox name cap
198
+ if (name.length > 1024) return false; // mailbox name cap
199
199
  for (var i = 0; i < name.length; i += 1) {
200
200
  var c = name.charCodeAt(i);
201
- if (c < 0x20 || c === 0x7F) return false; // allow:raw-byte-literal — control-byte refusal
201
+ if (c < 0x20 || c === 0x7F) return false; // control-byte refusal
202
202
  }
203
203
  if (name.indexOf("..") !== -1) return false;
204
204
  if (name === "/" || name[0] === "/" || name[name.length - 1] === "/") return false;
@@ -311,7 +311,7 @@ function create(opts) {
311
311
  }
312
312
  rawSocket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
313
313
 
314
- var connectionId = "imapconn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
314
+ var connectionId = "imapconn-" + bCrypto.generateToken(8); // connection-id length
315
315
  var socket = rawSocket;
316
316
  connections.add(socket);
317
317
 
@@ -655,8 +655,8 @@ function create(opts) {
655
655
  // exercise them; each handler refuses gracefully when the operator
656
656
  // backend doesn't supply the corresponding hook).
657
657
  caps.push("NOTIFY"); // RFC 5465
658
- caps.push("METADATA"); // RFC 5464 — per-mailbox annotations // allow:raw-byte-literal — RFC number in comment
659
- caps.push("METADATA-SERVER"); // RFC 5464 §3.1 — server-wide annotations // allow:raw-byte-literal — RFC number in comment
658
+ caps.push("METADATA"); // RFC 5464 — per-mailbox annotations // RFC number in comment
659
+ caps.push("METADATA-SERVER"); // RFC 5464 §3.1 — server-wide annotations // RFC number in comment
660
660
  caps.push("CATENATE"); // RFC 4469 — APPEND from existing parts
661
661
  // NB: COMPRESS=DEFLATE (RFC 4978) intentionally NOT advertised —
662
662
  // CRIME-class compression-oracle attack on the encrypted IMAP
@@ -1369,7 +1369,7 @@ function create(opts) {
1369
1369
  while (pi < partsBody.length && /\s/.test(partsBody[pi])) pi += 1;
1370
1370
  if (pi >= partsBody.length) break;
1371
1371
  if (/^URL\b/i.test(partsBody.slice(pi))) {
1372
- pi += 3; // allow:raw-byte-literal — length of literal "URL" keyword
1372
+ pi += 3; // length of literal "URL" keyword
1373
1373
  while (pi < partsBody.length && /\s/.test(partsBody[pi])) pi += 1;
1374
1374
  if (partsBody[pi] !== "\"") {
1375
1375
  _writeTagged(socket, tag, "BAD APPEND CATENATE URL value must be quoted-string");
@@ -1818,7 +1818,7 @@ function create(opts) {
1818
1818
  throw new MailServerImapError("mail-server-imap/already-listening",
1819
1819
  "listen: already listening");
1820
1820
  }
1821
- var port = listenOpts.port === undefined ? 143 : listenOpts.port; // allow:raw-byte-literal — RFC 9051 IMAP port (IANA)
1821
+ var port = listenOpts.port === undefined ? 143 : listenOpts.port; // RFC 9051 IMAP port (IANA)
1822
1822
  var address = listenOpts.address || "0.0.0.0";
1823
1823
  tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
1824
1824
  return new Promise(function (resolve, reject) {
@@ -133,9 +133,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
133
133
  var MailServerJmapError = defineClass("MailServerJmapError", { alwaysPermanent: true });
134
134
 
135
135
  var DEFAULT_PROFILE = "strict";
136
- var WELL_KNOWN_PATH = "/.well-known/jmap";
137
136
  void C; // reserved for future cap constants
138
- void WELL_KNOWN_PATH;
139
137
 
140
138
  /**
141
139
  * @primitive b.mail.server.jmap.create
@@ -232,7 +230,7 @@ function create(opts) {
232
230
  tenantScope: opts.tenantScope || null,
233
231
  agentTenantId: opts.agentTenantId || null,
234
232
  });
235
- var sessionState = bCrypto.generateToken(16); // allow:raw-byte-literal — opaque session-state token length
233
+ var sessionState = bCrypto.generateToken(16); // opaque session-state token length
236
234
 
237
235
  function _emit(action, metadata, outcome) {
238
236
  try {
@@ -262,7 +260,7 @@ function create(opts) {
262
260
  for (var k = 0; k < keys.length; k += 1) {
263
261
  var key = keys[k];
264
262
  var val = args[key];
265
- if (key.charCodeAt(0) === 0x23) { // allow:raw-byte-literal — `#` (0x23) is the JMAP back-ref-key prefix
263
+ if (key.charCodeAt(0) === 0x23) { // `#` (0x23) is the JMAP back-ref-key prefix
266
264
  // `#<srcClientId>` → key strips the `#`; value is { resultOf, name, path }
267
265
  var targetKey = key.slice(1);
268
266
  if (!val || typeof val !== "object" || Array.isArray(val) ||
@@ -443,11 +441,11 @@ function create(opts) {
443
441
  // re-auth flow (a 400 looks like a malformed request, which it
444
442
  // isn't). Everything else stays 400 per RFC 8620 §3.6.1.
445
443
  if (response && response.type === "urn:ietf:params:jmap:error:forbidden") {
446
- res.statusCode = 401; // allow:raw-byte-literal — HTTP status codes
444
+ res.statusCode = 401; // HTTP status codes
447
445
  } else if (response && response.type) {
448
- res.statusCode = 400; // allow:raw-byte-literal — HTTP status codes
446
+ res.statusCode = 400; // HTTP status codes
449
447
  } else {
450
- res.statusCode = 200; // allow:raw-byte-literal — HTTP status codes
448
+ res.statusCode = 200; // HTTP status codes
451
449
  }
452
450
  res.setHeader("Content-Type", "application/json; charset=utf-8");
453
451
  res.end(JSON.stringify(response));
@@ -596,8 +594,8 @@ function create(opts) {
596
594
  pingN = 0;
597
595
  } else {
598
596
  pingN = parseInt(params.ping, 10);
599
- if (!isFinite(pingN) || pingN < 5) pingN = 30; // allow:raw-byte-literal — RFC 8620 §7.3 default ping seconds
600
- if (pingN > 900) pingN = 900; // allow:raw-byte-literal — operator-supplied ping seconds, not bytes // allow:raw-time-literal — explicit max-ping cap (15 minutes)
597
+ if (!isFinite(pingN) || pingN < 5) pingN = 30; // RFC 8620 §7.3 default ping seconds
598
+ if (pingN > 900) pingN = 900; // allow:raw-time-literal — explicit max-ping cap (15 minutes)
601
599
  }
602
600
 
603
601
  // SSE wire headers per the HTML5 spec § "Server-sent events"
@@ -613,7 +611,7 @@ function create(opts) {
613
611
  // the current session state so a fresh subscriber can compare
614
612
  // against its cached `state` to know whether a missed update
615
613
  // happened during the (re)connect.
616
- res.write("retry: 5000\n\n"); // allow:raw-byte-literal — SSE reconnect-after hint (5s)
614
+ res.write("retry: 5000\n\n"); // SSE reconnect-after hint (5s)
617
615
  res.write(": connected\n\n");
618
616
 
619
617
  var closed = false;
@@ -678,7 +676,7 @@ function create(opts) {
678
676
  }
679
677
  unsubscribe = typeof unsub === "function" ? unsub : null;
680
678
  if (!pingDisabled) {
681
- pingTimer = setInterval(_pingTick, pingN * 1000); // allow:raw-time-literal — seconds → ms conversion // allow:raw-byte-literal — not bytes, time conversion
679
+ pingTimer = setInterval(_pingTick, pingN * 1000); // allow:raw-time-literal — seconds → ms conversion
682
680
  if (pingTimer && typeof pingTimer.unref === "function") pingTimer.unref();
683
681
  }
684
682
  })
@@ -709,12 +707,12 @@ function create(opts) {
709
707
  // RFC 8620 §1.2 — JMAP `Id` is a non-empty string of < 256 octets in
710
708
  // `[A-Za-z0-9_-]`. The earlier shape capped at 64 chars which refused
711
709
  // legitimate-shape accounts; widen to the full spec maximum.
712
- var MAX_JMAP_ID_LEN = 255; // allow:raw-byte-literal — RFC 8620 §1.2 Id max length
710
+ var MAX_JMAP_ID_LEN = 255; // RFC 8620 §1.2 Id max length
713
711
  var JMAP_ID_RE = /^[A-Za-z0-9_-]{1,255}$/;
714
712
  // Anti-polynomial: bound the URL length BEFORE any regex / split runs
715
713
  // (CodeQL flags `\/+` on uncontrolled input). Headers + URL paths in
716
714
  // practice stay well under 8 KiB; over-long URLs refuse outright.
717
- var MAX_URL_LEN = 8192; // allow:raw-byte-literal — 8 KiB URL cap
715
+ var MAX_URL_LEN = 8192; // 8 KiB URL cap
718
716
 
719
717
  // Strip a query string + walk the path producing non-empty segments,
720
718
  // WITHOUT any unbounded regex. Returns an empty array when the URL
@@ -729,7 +727,7 @@ function create(opts) {
729
727
  var cur = "";
730
728
  for (var i = 0; i < pathOnly.length; i += 1) {
731
729
  var ch = pathOnly.charCodeAt(i);
732
- if (ch === 0x2f) { // allow:raw-byte-literal — '/' (0x2f)
730
+ if (ch === 0x2f) { // '/' (0x2f)
733
731
  if (cur.length > 0) { out.push(cur); cur = ""; }
734
732
  } else {
735
733
  cur += pathOnly[i];
@@ -821,7 +819,7 @@ function create(opts) {
821
819
  throw new MailServerJmapError("mail-server-jmap/bad-upload-result",
822
820
  "uploadBlob backend MUST return { blobId, type?, size? }");
823
821
  }
824
- res.statusCode = 201; // allow:raw-byte-literal — HTTP 201 Created
822
+ res.statusCode = 201; // HTTP 201 Created
825
823
  res.setHeader("Content-Type", "application/json; charset=utf-8");
826
824
  res.end(JSON.stringify({
827
825
  accountId: accountId,
@@ -844,7 +842,7 @@ function create(opts) {
844
842
  req.on("error", function () {
845
843
  if (!refused) {
846
844
  refused = true;
847
- try { res.statusCode = 400; res.end(); } // allow:raw-byte-literal — HTTP 400
845
+ try { res.statusCode = 400; res.end(); } // HTTP 400
848
846
  catch (_e) { /* silent-catch: socket already torn down */ }
849
847
  }
850
848
  });
@@ -1019,7 +1017,7 @@ function create(opts) {
1019
1017
  // RFC 8887 §3.1 — server MUST select `jmap` if offered. Refuse the
1020
1018
  // connection cleanly if subprotocol negotiation came back null.
1021
1019
  if (conn.subprotocol !== "jmap") {
1022
- try { conn.close(1002, "RFC 8887 requires Sec-WebSocket-Protocol: jmap"); } // allow:raw-byte-literal — RFC 6455 protocol-error close code
1020
+ try { conn.close(1002, "RFC 8887 requires Sec-WebSocket-Protocol: jmap"); } // RFC 6455 protocol-error close code
1023
1021
  catch (_e) { /* silent-catch: closed */ }
1024
1022
  return null;
1025
1023
  }
@@ -1302,7 +1300,7 @@ function emailSubmissionSetHandler(opts) {
1302
1300
  throw new MailServerJmapError("mail-server-jmap/no-identities",
1303
1301
  "emailSubmissionSetHandler: opts.identities(accountId) function is required (returns Array<{id,email}>)");
1304
1302
  }
1305
- var maxRecipients = opts.maxRecipients || 1000; // allow:raw-byte-literal — recipient cap mirrors b.mail.send.deliver
1303
+ var maxRecipients = opts.maxRecipients || 1000; // recipient cap mirrors b.mail.send.deliver
1306
1304
  if (typeof maxRecipients !== "number" || !isFinite(maxRecipients) || maxRecipients < 1) {
1307
1305
  throw new MailServerJmapError("mail-server-jmap/bad-max-recipients",
1308
1306
  "emailSubmissionSetHandler: opts.maxRecipients MUST be a positive integer");
@@ -1422,7 +1420,7 @@ function emailSubmissionSetHandler(opts) {
1422
1420
  return {
1423
1421
  accountId: accountId,
1424
1422
  oldState: args.ifInState || null,
1425
- newState: bCrypto.generateToken(16), // allow:raw-byte-literal — opaque state token length
1423
+ newState: bCrypto.generateToken(16), // opaque state token length
1426
1424
  created: Object.keys(created).length > 0 ? created : null,
1427
1425
  notCreated: Object.keys(notCreated).length > 0 ? notCreated : null,
1428
1426
  updated: Object.keys(updated).length > 0 ? updated : null,
@@ -1519,7 +1517,7 @@ function emailSubmissionSetHandler(opts) {
1519
1517
  };
1520
1518
  }
1521
1519
 
1522
- var newId = bCrypto.generateToken(12); // allow:raw-byte-literal — JMAP-server-assigned id
1520
+ var newId = bCrypto.generateToken(12); // JMAP-server-assigned id
1523
1521
  return {
1524
1522
  id: newId,
1525
1523
  identityId: sub.identityId,
@@ -145,12 +145,12 @@ var MailServerManageSieveError = defineClass("MailServerManageSieveError",
145
145
  { alwaysPermanent: true });
146
146
 
147
147
  // RFC 5804 §1 default port (IANA-assigned).
148
- var DEFAULT_PORT = 4190; // allow:raw-byte-literal — RFC 5804 §1 / IANA managesieve port
149
- var DEFAULT_MAX_LINE_BYTES = 8192; // allow:raw-byte-literal — matches guardManageSieveCommand strict cap
148
+ var DEFAULT_PORT = 4190; // RFC 5804 §1 / IANA managesieve port
149
+ var DEFAULT_MAX_LINE_BYTES = 8192; // matches guardManageSieveCommand strict cap
150
150
  var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
151
151
  var DEFAULT_GREETING_VENDOR = "blamejs ManageSieve";
152
152
 
153
- var ERR_CLAMP = 200; // allow:raw-byte-literal — protocol-reply error-message clamp
153
+ var ERR_CLAMP = 200; // protocol-reply error-message clamp
154
154
 
155
155
  /**
156
156
  * @primitive b.mail.server.managesieve.create
@@ -260,7 +260,7 @@ function create(opts) {
260
260
  try { rawSocket.destroy(); } catch (_e2) { /* idempotent */ }
261
261
  return;
262
262
  }
263
- var connectionId = "msvconn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
263
+ var connectionId = "msvconn-" + bCrypto.generateToken(8); // connection-id length
264
264
  var socket = rawSocket;
265
265
  connections.add(socket);
266
266
  // Single close handler covers BOTH operator-driven `_close(socket)`
@@ -150,7 +150,7 @@ var MailServerMxError = defineClass("MailServerMxError", { alwaysPermanent: true
150
150
  // RFC 5321 §4.5.3.1 — wire-protocol limits.
151
151
  var DEFAULT_MAX_LINE_BYTES = C.BYTES.kib(1);
152
152
  var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
153
- var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // allow:raw-byte-literal — RFC 5321 §4.5.3.1.8 recipient cap
153
+ var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // RFC 5321 §4.5.3.1.8 recipient cap
154
154
  var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
155
155
  var DEFAULT_GREETING = "blamejs ESMTP";
156
156
 
@@ -161,18 +161,18 @@ var REPLY_220_READY = "220";
161
161
  var REPLY_221_BYE = "221";
162
162
  var REPLY_250_OK = "250";
163
163
  var REPLY_354_START_INPUT = "354";
164
- var REPLY_421_SERVICE_NOT_AVAIL = "421"; // allow:raw-byte-literal — SMTP transient code
165
- var REPLY_450_MAILBOX_BUSY = "450"; // allow:raw-byte-literal — SMTP transient code (greylist tempfail)
166
- var REPLY_451_LOCAL_ERROR = "451"; // allow:raw-byte-literal — SMTP transient code
167
- var REPLY_452_INSUFFICIENT_STG = "452"; // allow:raw-byte-literal — SMTP transient code
168
- var REPLY_500_SYNTAX = "500"; // allow:raw-byte-literal — SMTP permanent code
169
- var REPLY_501_BAD_ARGS = "501"; // allow:raw-byte-literal — SMTP permanent code
170
- var REPLY_502_NOT_IMPLEMENTED = "502"; // allow:raw-byte-literal — SMTP permanent code
171
- var REPLY_503_BAD_SEQUENCE = "503"; // allow:raw-byte-literal — SMTP permanent code
172
- var REPLY_530_AUTH_REQUIRED = "530"; // allow:raw-byte-literal — SMTP permanent code
173
- var REPLY_550_MAILBOX_UNAVAIL = "550"; // allow:raw-byte-literal — SMTP permanent code
174
- var REPLY_552_SIZE_EXCEEDED = "552"; // allow:raw-byte-literal — SMTP permanent code
175
- var REPLY_554_TRANSACTION_FAILED = "554"; // allow:raw-byte-literal — SMTP permanent code
164
+ var REPLY_421_SERVICE_NOT_AVAIL = "421"; // SMTP transient code
165
+ var REPLY_450_MAILBOX_BUSY = "450"; // SMTP transient code (greylist tempfail)
166
+ var REPLY_451_LOCAL_ERROR = "451"; // SMTP transient code
167
+ var REPLY_452_INSUFFICIENT_STG = "452"; // SMTP transient code
168
+ var REPLY_500_SYNTAX = "500"; // SMTP permanent code
169
+ var REPLY_501_BAD_ARGS = "501"; // SMTP permanent code
170
+ var REPLY_502_NOT_IMPLEMENTED = "502"; // SMTP permanent code
171
+ var REPLY_503_BAD_SEQUENCE = "503"; // SMTP permanent code
172
+ var REPLY_530_AUTH_REQUIRED = "530"; // SMTP permanent code
173
+ var REPLY_550_MAILBOX_UNAVAIL = "550"; // SMTP permanent code
174
+ var REPLY_552_SIZE_EXCEEDED = "552"; // SMTP permanent code
175
+ var REPLY_554_TRANSACTION_FAILED = "554"; // SMTP permanent code
176
176
 
177
177
  var RE_MAIL_FROM = /^MAIL\s+FROM:\s*<([^>]*)>(?:\s+(.*))?$/i;
178
178
  var RE_RCPT_TO = /^RCPT\s+TO:\s*<([^>]+)>(?:\s+.*)?$/i;
@@ -346,7 +346,7 @@ function create(opts) {
346
346
  }
347
347
  socket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
348
348
 
349
- var connectionId = "mxconn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
349
+ var connectionId = "mxconn-" + bCrypto.generateToken(8); // connection-id length
350
350
  connections.add(socket);
351
351
 
352
352
  // Backpressure observer — `_writeReply` flips `_bpEmitted` after
@@ -520,7 +520,7 @@ function create(opts) {
520
520
  err.code === "guard-smtp-command/bare-cr" ||
521
521
  err.code === "guard-smtp-command/nul-byte") {
522
522
  _emit("mail.server.mx.smtp_smuggling_detected",
523
- { connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // allow:raw-byte-literal — audit-log line truncation
523
+ { connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // audit-log line truncation
524
524
  "denied");
525
525
  }
526
526
  _writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Syntax error (" + (err.code || "bad-line") + ")");
@@ -936,7 +936,7 @@ function create(opts) {
936
936
  // for observability. Bounded to keep the audit metadata size
937
937
  // predictable; the per-IP recipient-failure rate-limit elsewhere
938
938
  // bounds long-run scanner damage.
939
- var MAX_REFUSED_RCPTS_PER_TXN = 32; // allow:raw-byte-literal — bounded audit-metadata list cap
939
+ var MAX_REFUSED_RCPTS_PER_TXN = 32; // bounded audit-metadata list cap
940
940
  function _trackRefusedRcpt(state, rcpt, reason) {
941
941
  if (!Array.isArray(state.refusedRcpts)) state.refusedRcpts = [];
942
942
  if (state.refusedRcpts.length >= MAX_REFUSED_RCPTS_PER_TXN) return;
@@ -968,7 +968,7 @@ function create(opts) {
968
968
  }
969
969
  // Port 0 (ephemeral, test mode) must NOT fall back to 25 — the
970
970
  // `|| 25` short-circuit was a footgun on the test path.
971
- var port = listenOpts.port === undefined ? 25 : listenOpts.port; // allow:raw-byte-literal — SMTP MX port (IANA)
971
+ var port = listenOpts.port === undefined ? 25 : listenOpts.port; // SMTP MX port (IANA)
972
972
  var address = listenOpts.address || "0.0.0.0";
973
973
  tcpServer = net.createServer(function (socket) {
974
974
  _handleConnection(socket);
@@ -119,7 +119,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
119
119
 
120
120
  var MailServerPop3Error = defineClass("MailServerPop3Error", { alwaysPermanent: true });
121
121
 
122
- var DEFAULT_MAX_LINE_BYTES = 1024; // allow:raw-byte-literal — RFC 2449 §4 line cap (permissive)
122
+ var DEFAULT_MAX_LINE_BYTES = 1024; // RFC 2449 §4 line cap (permissive)
123
123
  var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(10);
124
124
  // RFC 1939 §6 — UPDATE-state commit (the actual delete on QUIT) is
125
125
  // the only place the backend writes; a hung commitPop3Drop leaves
@@ -130,7 +130,7 @@ var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(10);
130
130
  var DEFAULT_COMMIT_TIMEOUT_MS = C.TIME.seconds(30);
131
131
  var DEFAULT_GREETING_VENDOR = "blamejs POP3";
132
132
 
133
- var ERR_CLAMP = 200; // allow:raw-byte-literal — protocol-reply error-message clamp
133
+ var ERR_CLAMP = 200; // protocol-reply error-message clamp
134
134
 
135
135
  /**
136
136
  * @primitive b.mail.server.pop3.create
@@ -263,7 +263,7 @@ function create(opts) {
263
263
  try { rawSocket.destroy(); } catch (_e2) { /* idempotent */ }
264
264
  return;
265
265
  }
266
- var connectionId = "pop3conn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
266
+ var connectionId = "pop3conn-" + bCrypto.generateToken(8); // connection-id length
267
267
  var socket = rawSocket;
268
268
  connections.add(socket);
269
269
  // Single close handler covers BOTH operator-driven `_close(socket)`
@@ -876,7 +876,7 @@ function create(opts) {
876
876
  throw new MailServerPop3Error("mail-server-pop3/already-listening",
877
877
  "listen: already listening");
878
878
  }
879
- var port = listenOpts.port === undefined ? 110 : listenOpts.port; // allow:raw-byte-literal — RFC 1939 POP3 port (IANA)
879
+ var port = listenOpts.port === undefined ? 110 : listenOpts.port; // RFC 1939 POP3 port (IANA)
880
880
  var address = listenOpts.address || "0.0.0.0";
881
881
  tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
882
882
  return new Promise(function (resolve, reject) {
@@ -98,7 +98,7 @@ var DEFAULTS = Object.freeze({
98
98
  maxConcurrentConnectionsPerIp: 10,
99
99
  connectionsPerIpPerMinute: 60, // allow:raw-time-literal — connection count, not a time value
100
100
  authFailuresPerIpPer15Min: 10,
101
- minBytesPerSecond: 100, // allow:raw-byte-literal — slow-loris byte-rate floor
101
+ minBytesPerSecond: 100, // slow-loris byte-rate floor
102
102
  // RCPT-TO recipient-failure cap defends against the 550-vs-250
103
103
  // enumeration shape (RFC 5321 §3.5 — RCPT-TO surfaces the
104
104
  // mailbox-exists oracle; an attacker that hammers RCPT TO can
@@ -106,7 +106,7 @@ var DEFAULTS = Object.freeze({
106
106
  // Per-IP, per-minute. Tuned higher than auth-failure since
107
107
  // legitimate senders can RCPT-TO multiple recipients per message;
108
108
  // operator overrides via `rcptFailuresPerIpPerMinute`.
109
- rcptFailuresPerIpPerMinute: 50, // allow:raw-byte-literal — RCPT enumeration bound
109
+ rcptFailuresPerIpPerMinute: 50, // RCPT enumeration bound
110
110
  disabled: false,
111
111
  });
112
112
 
@@ -123,31 +123,31 @@ var MailServerSubmissionError = defineClass("MailServerSubmissionError", { alway
123
123
 
124
124
  var DEFAULT_MAX_LINE_BYTES = C.BYTES.kib(1);
125
125
  var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
126
- var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // allow:raw-byte-literal — RFC 5321 §4.5.3.1.8 recipient cap
126
+ var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // RFC 5321 §4.5.3.1.8 recipient cap
127
127
  var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
128
128
  var DEFAULT_GREETING = "blamejs Submission";
129
129
  var DEFAULT_AUTH_MECHANISMS = Object.freeze(["PLAIN", "LOGIN"]);
130
130
 
131
131
  var REPLY_220_READY = "220";
132
132
  var REPLY_221_BYE = "221";
133
- var REPLY_235_AUTH_OK = "235"; // allow:raw-byte-literal — SMTP AUTH success code
133
+ var REPLY_235_AUTH_OK = "235"; // SMTP AUTH success code
134
134
  var REPLY_250_OK = "250";
135
- var REPLY_334_AUTH_CHALLENGE = "334"; // allow:raw-byte-literal — SMTP AUTH challenge code
135
+ var REPLY_334_AUTH_CHALLENGE = "334"; // SMTP AUTH challenge code
136
136
  var REPLY_354_START_INPUT = "354";
137
- var REPLY_421_SERVICE_NOT_AVAIL = "421"; // allow:raw-byte-literal — SMTP transient code
138
- var REPLY_451_LOCAL_ERROR = "451"; // allow:raw-byte-literal — SMTP transient code
139
- var REPLY_452_INSUFFICIENT_STG = "452"; // allow:raw-byte-literal — SMTP transient code
140
- var REPLY_500_SYNTAX = "500"; // allow:raw-byte-literal — SMTP permanent code
141
- var REPLY_501_BAD_ARGS = "501"; // allow:raw-byte-literal — SMTP permanent code
142
- var REPLY_502_NOT_IMPLEMENTED = "502"; // allow:raw-byte-literal — SMTP permanent code
143
- var REPLY_503_BAD_SEQUENCE = "503"; // allow:raw-byte-literal — SMTP permanent code
144
- var REPLY_530_AUTH_REQUIRED = "530"; // allow:raw-byte-literal — SMTP permanent code
145
- var REPLY_535_AUTH_FAILED = "535"; // allow:raw-byte-literal — RFC 4954 §6 AUTH refusal
146
- var REPLY_538_AUTH_NEEDS_TLS = "538"; // allow:raw-byte-literal — RFC 4954 §4 AUTH-needs-TLS
147
- var REPLY_550_MAILBOX_UNAVAIL = "550"; // allow:raw-byte-literal — SMTP permanent code (recipient-policy refusal shape)
148
- var REPLY_552_SIZE_EXCEEDED = "552"; // allow:raw-byte-literal — SMTP permanent code
149
- var REPLY_553_SENDER_REJECTED = "553"; // allow:raw-byte-literal — identity-binding mismatch
150
- var REPLY_554_TRANSACTION_FAILED = "554"; // allow:raw-byte-literal — SMTP permanent code
137
+ var REPLY_421_SERVICE_NOT_AVAIL = "421"; // SMTP transient code
138
+ var REPLY_451_LOCAL_ERROR = "451"; // SMTP transient code
139
+ var REPLY_452_INSUFFICIENT_STG = "452"; // SMTP transient code
140
+ var REPLY_500_SYNTAX = "500"; // SMTP permanent code
141
+ var REPLY_501_BAD_ARGS = "501"; // SMTP permanent code
142
+ var REPLY_502_NOT_IMPLEMENTED = "502"; // SMTP permanent code
143
+ var REPLY_503_BAD_SEQUENCE = "503"; // SMTP permanent code
144
+ var REPLY_530_AUTH_REQUIRED = "530"; // SMTP permanent code
145
+ var REPLY_535_AUTH_FAILED = "535"; // RFC 4954 §6 AUTH refusal
146
+ var REPLY_538_AUTH_NEEDS_TLS = "538"; // RFC 4954 §4 AUTH-needs-TLS
147
+ var REPLY_550_MAILBOX_UNAVAIL = "550"; // SMTP permanent code (recipient-policy refusal shape)
148
+ var REPLY_552_SIZE_EXCEEDED = "552"; // SMTP permanent code
149
+ var REPLY_553_SENDER_REJECTED = "553"; // identity-binding mismatch
150
+ var REPLY_554_TRANSACTION_FAILED = "554"; // SMTP permanent code
151
151
 
152
152
  var RE_MAIL_FROM = /^MAIL\s+FROM:\s*<([^>]*)>(?:\s+(.*))?$/i;
153
153
  var RE_RCPT_TO = /^RCPT\s+TO:\s*<([^>]+)>(?:\s+.*)?$/i;
@@ -159,7 +159,7 @@ var RE_AUTH = /^AUTH\s+([A-Za-z0-9_-]{1,32})(?:\s+(.*))?$/i;
159
159
  // SIMD-accelerated needle scan over the haystack without an
160
160
  // interpreter-level char-by-char walk, and the 4-byte literal
161
161
  // `_CRLF_CRLF` is a module-level singleton so the JIT folds it.
162
- var _CRLF_CRLF = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a]); // allow:raw-byte-literal — RFC 5322 §2.1 header/body separator
162
+ var _CRLF_CRLF = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a]); // RFC 5322 §2.1 header/body separator
163
163
  function _findHeaderEnd(buf) {
164
164
  return buf.indexOf(_CRLF_CRLF);
165
165
  }
@@ -408,7 +408,7 @@ function create(opts) {
408
408
  }
409
409
  rawSocket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
410
410
 
411
- var connectionId = "submitconn-" + bCrypto.generateToken(8); // allow:raw-byte-literal — connection-id length
411
+ var connectionId = "submitconn-" + bCrypto.generateToken(8); // connection-id length
412
412
  var socket = implicitTls
413
413
  ? new nodeTls.TLSSocket(rawSocket, { isServer: true, secureContext: opts.tlsContext })
414
414
  : rawSocket;
@@ -623,7 +623,7 @@ function create(opts) {
623
623
  err.code === "guard-smtp-command/bare-cr" ||
624
624
  err.code === "guard-smtp-command/nul-byte") {
625
625
  _emit("mail.server.submission.smtp_smuggling_detected",
626
- { connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // allow:raw-byte-literal — audit-log line truncation
626
+ { connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // audit-log line truncation
627
627
  "denied");
628
628
  }
629
629
  _writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Syntax error (" + (err.code || "bad-line") + ")");
@@ -1319,7 +1319,7 @@ function create(opts) {
1319
1319
  // Port 0 (ephemeral, test mode) must NOT fall back to the protocol
1320
1320
  // default — the `|| <default>` short-circuit was a footgun on the
1321
1321
  // test path.
1322
- var defaultPort = implicitTls ? 465 : 587; // allow:raw-byte-literal — RFC 8314 implicit-TLS / RFC 6409 submission ports
1322
+ var defaultPort = implicitTls ? 465 : 587; // RFC 8314 implicit-TLS / RFC 6409 submission ports
1323
1323
  var port = listenOpts.port === undefined ? defaultPort : listenOpts.port;
1324
1324
  var address = listenOpts.address || "0.0.0.0";
1325
1325
  tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
@@ -64,8 +64,8 @@ var validateOpts = require("./validate-opts");
64
64
 
65
65
  var MailSieveError = defineClass("MailSieveError", { alwaysPermanent: true });
66
66
 
67
- var DEFAULT_GAS_UNITS = 10000; // allow:raw-byte-literal — operation cap
68
- var MAX_GAS_UNITS = 1_000_000; // allow:raw-byte-literal — operator opt-up cap
67
+ var DEFAULT_GAS_UNITS = 10000; // operation cap
68
+ var MAX_GAS_UNITS = 1_000_000; // operator opt-up cap
69
69
 
70
70
  // ---- env helpers ---------------------------------------------------------
71
71
 
@@ -77,15 +77,15 @@ var MailSpamScoreError = defineClass("MailSpamScoreError", { alwaysPermanent: tr
77
77
 
78
78
  var DEFAULT_PROFILE = "strict";
79
79
 
80
- // allow:raw-byte-literal — reason-tag length cap defends outbound
80
+ // reason-tag length cap defends outbound
81
81
  // header / audit-store from hostile expansion via compromised scorer.
82
82
  var MAX_REASON_BYTES = 256;
83
83
 
84
- // allow:raw-byte-literal — reason-list count cap, defends audit volume.
84
+ // reason-list count cap, defends audit volume.
85
85
  var MAX_REASONS = 32;
86
86
 
87
87
  var PROFILES = Object.freeze({
88
- strict: { threshold: 5.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES }, // allow:raw-byte-literal — matches SpamAssassin default required_score
88
+ strict: { threshold: 5.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES }, // matches SpamAssassin default required_score
89
89
  balanced: { threshold: 7.5, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES },
90
90
  permissive: { threshold: 10.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES },
91
91
  });
@@ -256,10 +256,10 @@ function _sanitizeReasons(reasons, caps) {
256
256
  // header.
257
257
  for (var c = 0; c < r.length; c += 1) {
258
258
  var cc = r.charCodeAt(c);
259
- if (cc < 0x20 || cc === 0x7f) { // allow:raw-byte-literal — RFC 5234 CTL refusal range
259
+ if (cc < 0x20 || cc === 0x7f) { // RFC 5234 CTL refusal range
260
260
  throw new MailSpamScoreError("mail-spam-score/control-byte",
261
261
  "mail.spamScore.score: reasons[" + i + "] contains control byte 0x" +
262
- cc.toString(16)); // allow:raw-byte-literal — hex radix
262
+ cc.toString(16)); // hex radix
263
263
  }
264
264
  }
265
265
  out.push(r);