@blamejs/blamejs-shop 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (354) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +428 -6
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +3 -3
  5. package/lib/vendor/blamejs/CHANGELOG.md +14 -0
  6. package/lib/vendor/blamejs/api-snapshot.json +2 -2
  7. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
  8. package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
  9. package/lib/vendor/blamejs/lib/a2a.js +4 -4
  10. package/lib/vendor/blamejs/lib/acme.js +3 -3
  11. package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
  12. package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
  13. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
  14. package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
  15. package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
  16. package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
  17. package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
  18. package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
  19. package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
  20. package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
  21. package/lib/vendor/blamejs/lib/ai-input.js +4 -4
  22. package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
  23. package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
  24. package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
  25. package/lib/vendor/blamejs/lib/archive-read.js +25 -25
  26. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
  27. package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
  28. package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
  29. package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
  30. package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
  31. package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
  32. package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
  33. package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
  34. package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
  35. package/lib/vendor/blamejs/lib/audit.js +2 -2
  36. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
  37. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
  38. package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
  39. package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
  40. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
  41. package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
  42. package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
  43. package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
  44. package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
  45. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
  46. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
  47. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  48. package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
  49. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
  50. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
  51. package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
  52. package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
  53. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
  54. package/lib/vendor/blamejs/lib/backup/index.js +7 -7
  55. package/lib/vendor/blamejs/lib/base32.js +8 -8
  56. package/lib/vendor/blamejs/lib/budr.js +2 -2
  57. package/lib/vendor/blamejs/lib/cache-status.js +2 -2
  58. package/lib/vendor/blamejs/lib/calendar.js +29 -29
  59. package/lib/vendor/blamejs/lib/cbor.js +12 -12
  60. package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
  61. package/lib/vendor/blamejs/lib/cert.js +5 -5
  62. package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
  63. package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
  64. package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
  65. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
  66. package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
  67. package/lib/vendor/blamejs/lib/compliance.js +29 -29
  68. package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
  69. package/lib/vendor/blamejs/lib/cookies.js +1 -1
  70. package/lib/vendor/blamejs/lib/cose.js +13 -13
  71. package/lib/vendor/blamejs/lib/cra-report.js +1 -1
  72. package/lib/vendor/blamejs/lib/crdt.js +1 -1
  73. package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
  74. package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
  75. package/lib/vendor/blamejs/lib/crypto.js +6 -6
  76. package/lib/vendor/blamejs/lib/csp.js +2 -2
  77. package/lib/vendor/blamejs/lib/cwt.js +4 -4
  78. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
  79. package/lib/vendor/blamejs/lib/data-act.js +2 -2
  80. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
  81. package/lib/vendor/blamejs/lib/db-query.js +1 -1
  82. package/lib/vendor/blamejs/lib/db.js +6 -6
  83. package/lib/vendor/blamejs/lib/dbsc.js +13 -13
  84. package/lib/vendor/blamejs/lib/did.js +17 -17
  85. package/lib/vendor/blamejs/lib/dora.js +4 -4
  86. package/lib/vendor/blamejs/lib/dsr.js +1 -1
  87. package/lib/vendor/blamejs/lib/early-hints.js +2 -2
  88. package/lib/vendor/blamejs/lib/eat.js +4 -4
  89. package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
  90. package/lib/vendor/blamejs/lib/external-db.js +1 -1
  91. package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
  92. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
  93. package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
  94. package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
  95. package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
  96. package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
  97. package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
  98. package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
  99. package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
  100. package/lib/vendor/blamejs/lib/guard-email.js +19 -19
  101. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
  102. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
  103. package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
  104. package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
  105. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
  106. package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
  107. package/lib/vendor/blamejs/lib/guard-html.js +7 -7
  108. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
  109. package/lib/vendor/blamejs/lib/guard-image.js +4 -4
  110. package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
  111. package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
  112. package/lib/vendor/blamejs/lib/guard-json.js +12 -12
  113. package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
  114. package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
  115. package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
  116. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
  117. package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
  118. package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
  119. package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
  120. package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
  121. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
  122. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
  123. package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
  124. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
  125. package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
  126. package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
  127. package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
  128. package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
  129. package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
  130. package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
  131. package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
  132. package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
  133. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
  134. package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
  135. package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
  136. package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
  137. package/lib/vendor/blamejs/lib/guard-time.js +15 -15
  138. package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
  139. package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
  140. package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
  141. package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
  142. package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
  143. package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
  144. package/lib/vendor/blamejs/lib/http-client.js +13 -10
  145. package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
  146. package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
  147. package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
  148. package/lib/vendor/blamejs/lib/inbox.js +4 -4
  149. package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
  150. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
  151. package/lib/vendor/blamejs/lib/json-path.js +3 -3
  152. package/lib/vendor/blamejs/lib/json-schema.js +1 -1
  153. package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
  154. package/lib/vendor/blamejs/lib/jtd.js +2 -2
  155. package/lib/vendor/blamejs/lib/link-header.js +1 -1
  156. package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
  157. package/lib/vendor/blamejs/lib/log.js +8 -3
  158. package/lib/vendor/blamejs/lib/lro.js +4 -4
  159. package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
  160. package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
  161. package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
  162. package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
  163. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
  164. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
  165. package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
  166. package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
  167. package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
  168. package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
  169. package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
  170. package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
  171. package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
  172. package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
  173. package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
  174. package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
  175. package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
  176. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
  177. package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
  178. package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
  179. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
  180. package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
  181. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
  182. package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
  183. package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
  184. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
  185. package/lib/vendor/blamejs/lib/mail-store.js +8 -8
  186. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
  187. package/lib/vendor/blamejs/lib/mail.js +4 -4
  188. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
  189. package/lib/vendor/blamejs/lib/mcp.js +15 -15
  190. package/lib/vendor/blamejs/lib/mdoc.js +2 -2
  191. package/lib/vendor/blamejs/lib/metrics.js +8 -8
  192. package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
  193. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
  194. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
  195. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
  196. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
  197. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
  198. package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
  199. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
  200. package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
  201. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
  202. package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
  203. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
  204. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
  205. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
  206. package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
  207. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
  208. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
  209. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
  210. package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
  211. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
  212. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
  213. package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
  214. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
  215. package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
  216. package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
  217. package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
  218. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
  219. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
  220. package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
  221. package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
  222. package/lib/vendor/blamejs/lib/network-dns.js +29 -29
  223. package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
  224. package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
  225. package/lib/vendor/blamejs/lib/network-tls.js +100 -98
  226. package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
  227. package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
  228. package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
  229. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
  230. package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
  231. package/lib/vendor/blamejs/lib/observability.js +8 -8
  232. package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
  233. package/lib/vendor/blamejs/lib/openapi.js +1 -1
  234. package/lib/vendor/blamejs/lib/outbox.js +6 -6
  235. package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
  236. package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
  237. package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
  238. package/lib/vendor/blamejs/lib/problem-details.js +5 -5
  239. package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
  240. package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
  241. package/lib/vendor/blamejs/lib/queue.js +4 -2
  242. package/lib/vendor/blamejs/lib/redact.js +2 -2
  243. package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
  244. package/lib/vendor/blamejs/lib/router.js +10 -10
  245. package/lib/vendor/blamejs/lib/safe-async.js +2 -2
  246. package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
  247. package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
  248. package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
  249. package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
  250. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
  251. package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
  252. package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
  253. package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
  254. package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
  255. package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
  256. package/lib/vendor/blamejs/lib/safe-url.js +1 -1
  257. package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
  258. package/lib/vendor/blamejs/lib/sandbox.js +5 -5
  259. package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
  260. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
  261. package/lib/vendor/blamejs/lib/self-update.js +3 -3
  262. package/lib/vendor/blamejs/lib/server-timing.js +3 -3
  263. package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
  264. package/lib/vendor/blamejs/lib/session.js +8 -8
  265. package/lib/vendor/blamejs/lib/sse.js +12 -5
  266. package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
  267. package/lib/vendor/blamejs/lib/storage.js +2 -2
  268. package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
  269. package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
  270. package/lib/vendor/blamejs/lib/subject.js +1 -1
  271. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
  272. package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
  273. package/lib/vendor/blamejs/lib/test-harness.js +1 -1
  274. package/lib/vendor/blamejs/lib/tracing.js +1 -1
  275. package/lib/vendor/blamejs/lib/tsa.js +5 -5
  276. package/lib/vendor/blamejs/lib/uri-template.js +5 -5
  277. package/lib/vendor/blamejs/lib/vault/index.js +2 -2
  278. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
  279. package/lib/vendor/blamejs/lib/vc.js +2 -2
  280. package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
  281. package/lib/vendor/blamejs/lib/watcher.js +4 -4
  282. package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
  283. package/lib/vendor/blamejs/lib/webhook.js +2 -2
  284. package/lib/vendor/blamejs/lib/websocket.js +5 -5
  285. package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
  286. package/lib/vendor/blamejs/lib/ws-client.js +24 -24
  287. package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
  288. package/lib/vendor/blamejs/package.json +1 -1
  289. package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
  290. package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
  291. package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
  292. package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
  293. package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
  294. package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
  295. package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
  296. package/lib/vendor/blamejs/test/00-primitives.js +15 -0
  297. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
  298. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
  299. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
  300. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
  301. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
  302. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
  303. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
  304. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
  305. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
  306. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
  307. package/package.json +1 -1
  308. package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
  309. package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
  310. package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
  311. package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
  312. package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
  313. package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
  314. package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
  315. package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
  316. package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
  317. package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
  318. package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
  319. package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
  320. package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
  321. package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
  322. package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
  323. package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
  324. package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
  325. package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
  326. package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
  327. package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
  328. package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
  329. package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
  330. package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
  331. package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
  332. package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
  333. package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
  334. package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
  335. package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
  336. package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
  337. package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
  338. package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
  339. package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
  340. package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
  341. package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
  342. package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
  343. package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
  344. package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
  345. package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
  346. package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
  347. package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
  348. package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
  349. package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
  350. package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
  351. package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
  352. package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
  353. package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
  354. package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
@@ -0,0 +1,43 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.0",
4
+ "date": "2026-05-29",
5
+ "headline": "Operator-configurable header and field names across SSE, request-id, rate-limit, age-gate, AI-Act disclosure, GraphQL federation, and the HTTP cache",
6
+ "summary": "This release makes operator-facing identifiers that were hardcoded configurable. The framework already let operators rename most names (CSRF cookie/field, cookie parser, i18n header/query/cookie, mTLS CA name, and so on); this closes the remaining gaps so a custom or framework-specific name is never frozen. Every new option defaults to the value emitted today, so upgrading changes no behavior — these are additive knobs. It also fixes a request-id asymmetry (the response header is now written on the same name the inbound id is read from) and wires an SSE proxy-buffering option whose escape hatch was documented but never implemented.",
7
+ "sections": [
8
+ {
9
+ "heading": "Added",
10
+ "items": [
11
+ {
12
+ "title": "Configurable cache-status header on the HTTP client",
13
+ "body": "The outbound HTTP client annotated every cached response with a hardcoded `x-blamejs-cache: HIT|MISS|STALE|REVALIDATED` header. `b.httpClient.cache.create` now takes `statusHeader` (default \"x-blamejs-cache\") — pass a custom name (e.g. \"x-cache\") to rename it, or null/false to suppress it entirely. The decision remains available programmatically on `res.cacheStatus`."
14
+ },
15
+ {
16
+ "title": "Configurable rate-limit header names",
17
+ "body": "`b.middleware.rateLimit` emitted the de-facto `X-RateLimit-Limit` / `X-RateLimit-Remaining` headers (which are not RFC-pinned). It now accepts `headerPrefix` (default \"X-RateLimit-\") so operators can match the unprefixed IETF-draft `RateLimit-*` names or an upstream gateway's convention; the limit/remaining pair is always built from the same prefix."
18
+ },
19
+ {
20
+ "title": "Configurable age-gate and AI-Act disclosure header names",
21
+ "body": "`b.middleware.ageGate` now takes `privacyPostureHeader` (default \"X-Privacy-Posture\"; null/false to suppress), and `b.middleware.aiActDisclosure` takes `headerPrefix` (default \"AI-Act-\") that prefixes the emitted Notice / Article / Policy headers. The EU AI Act mandates the disclosure, not the HTTP spelling, so operators matching a downstream convention can rename these."
22
+ },
23
+ {
24
+ "title": "Configurable GraphQL-federation replay-nonce header",
25
+ "body": "`b.graphqlFederation.guardSdl` read the replay nonce from the Apollo-vendor `x-apollographql-router-nonce` header with no override. It now accepts `nonceHeader` (default unchanged) so an operator fronting the gateway with a non-Apollo router can point the replay check at their own header."
26
+ },
27
+ {
28
+ "title": "SSE proxy-buffering opt-out",
29
+ "body": "`b.sse.create` and `b.middleware.sse` set `X-Accel-Buffering: no` (the nginx hint that disables proxy buffering). They now accept `proxyBuffer` (default true) — pass false when not behind nginx, or when buffering is controlled at the load balancer, to suppress the nginx-specific header. The opt-out was previously referenced in the documentation but not implemented."
30
+ }
31
+ ]
32
+ },
33
+ {
34
+ "heading": "Fixed",
35
+ "items": [
36
+ {
37
+ "title": "Request-id middleware reflects the configured header name",
38
+ "body": "`b.log.middleware` read the inbound request id from a configurable `headerName` but always wrote the response on the literal `X-Request-Id`. An operator who set a custom `headerName` (e.g. `X-Correlation-Id`) therefore read from one header and emitted another. The response is now written on the same configured name; the default remains `X-Request-Id`, so deployments that did not set `headerName` are unaffected."
39
+ }
40
+ ]
41
+ }
42
+ ]
43
+ }
@@ -0,0 +1,60 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.1",
4
+ "date": "2026-05-29",
5
+ "headline": "Correctness fixes: JAR request-object typ enforcement, byte-faithful PGP multipart/signed, and SAML InResponseTo binding",
6
+ "summary": "A set of correctness fixes across the auth, mail-crypto, TLS, and encoder surfaces. The most important: JWT-secured authorization requests (RFC 9101) now require the request object to carry the registered `oauth-authz-req+jwt` typ, closing a cross-JWT-confusion vector; the PGP multipart/signed wrapper is now assembled byte-faithfully so non-ASCII signed content can't be corrupted; and SAML response verification now returns the InResponseTo of the SubjectConfirmation that actually validated. Two of these change behavior — see Changed — and are bug fixes rather than new features.",
7
+ "sections": [
8
+ {
9
+ "heading": "Security",
10
+ "items": [
11
+ {
12
+ "title": "JAR request objects must carry the registered typ (RFC 9101)",
13
+ "body": "`b.auth.jar.parse` now requires the request-object JWS header to carry `typ: \"oauth-authz-req+jwt\"` (with or without the `application/` prefix); a request object with an absent or different typ is refused with `auth-jar/bad-typ`. RFC 9101 §10.8 specifies this media type precisely to stop a JWT minted for another purpose (an ID token, an access token, a logout token) and signed by the same client key from being replayed as a request object. The existing `iss` / `aud` / `client_id` bindings already constrained that; this restores the explicit type check as well. This is stricter than before — see Changed."
14
+ }
15
+ ]
16
+ },
17
+ {
18
+ "heading": "Changed",
19
+ "items": [
20
+ {
21
+ "title": "JAR parsing rejects untyped request objects (breaking)",
22
+ "body": "Following the typ enforcement above, a request object whose header omits `typ` is now refused. An authorization server whose clients sign request objects without the `oauth-authz-req+jwt` typ must update those clients to set it."
23
+ },
24
+ {
25
+ "title": "PGP sign() returns multipartSigned as a Buffer (breaking)",
26
+ "body": "`b.mail.crypto.pgp.sign(...).multipartSigned` is now a Buffer instead of a string. The OpenPGP signature covers the signed-part bytes exactly, and a JS-string round trip through latin1/utf8 could corrupt non-ASCII signed content and break verification, so the RFC 3156 multipart/signed wrapper is now assembled as bytes. Code that wrote the previous string to the wire works unchanged when it writes the Buffer; code that did string operations on the value should treat it as a Buffer (its `indexOf` / `toString` still work)."
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ "heading": "Fixed",
32
+ "items": [
33
+ {
34
+ "title": "SAML response verification binds InResponseTo to the validated confirmation",
35
+ "body": "`verifyResponse` returned the InResponseTo of the first SubjectConfirmationData in the assertion rather than of the SubjectConfirmation that actually passed bearer validation. When a response carried more than one SubjectConfirmation, the returned value could come from a non-validated confirmation. It is now the InResponseTo of the confirmation that validated."
36
+ },
37
+ {
38
+ "title": "checkServerIdentity9525 emits the documented CN-fallback audit code",
39
+ "body": "A CN-only legacy certificate (a Common Name present, no subjectAltName) is now refused by the exported `b.network.tls.checkServerIdentity9525` with the distinct `tls/pkix-cn-fallback-refused` code its documentation promised, so audit logs can tell a CN-only certificate apart from one carrying neither a SAN nor a CN (which still yields `tls/pkix-san-required`). The accept/refuse outcome is unchanged — both are refused; only the audit granularity improved."
40
+ },
41
+ {
42
+ "title": "OIDC back-channel logout / JARM no longer accept dead override parameters",
43
+ "body": "`verifyBackchannelLogoutToken` and `parseJarmResponse` passed `acceptedAlgs` / `jwksUri` / `maxClockSkewMs` through to the ID-token verifier, which ignored them and applied the configured (create()-time) values. The pass-throughs are removed so the code no longer reads as if those can be overridden per call; the configured trust anchor was — and remains — what applies."
44
+ },
45
+ {
46
+ "title": "Queue lease failures are logged",
47
+ "body": "The consumer loop's lease-acquisition error path swallowed the backend error silently; it now logs at debug so a flapping backend that has not yet tripped the circuit breaker is visible."
48
+ },
49
+ {
50
+ "title": "Protobuf and ASN.1 encoders reject out-of-range tags",
51
+ "body": "The protobuf tag encoder rejected nothing and would have emitted a wrong tag for field numbers at or above 2^28 (where the 32-bit shift overflows); the ASN.1 context-tag writers silently truncated tag numbers above 30 (which require the multi-byte high-tag-number form). Both now throw a RangeError rather than encode silently-wrong output. The values these encoders serve are well within range, so no current caller is affected."
52
+ },
53
+ {
54
+ "title": "oid4vci proofAlgorithms default documented accurately",
55
+ "body": "The documented default proof-algorithm list now matches the code (`[\"ES256\", \"ES384\", \"EdDSA\"]`); the doc previously omitted EdDSA, which the runtime has always accepted by default."
56
+ }
57
+ ]
58
+ }
59
+ ]
60
+ }
@@ -0,0 +1,18 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.2",
4
+ "date": "2026-05-29",
5
+ "headline": "Internal lint hygiene: the byte-literal check now flags only genuine byte-scale arithmetic, with no API or behavior changes",
6
+ "summary": "A no-behavior-change cleanup of the source tree's internal lint markers. The byte-literal lint previously flagged every integer that was a multiple of 8 — which is most numbers — so the source carried a large number of suppression comments on values that were not byte sizes at all (status codes, counts, lengths, radixes, opcodes). The lint now flags only 1024-scale byte arithmetic (the case the C.BYTES.kib/mib/gib helpers exist to replace), and the now-unnecessary suppression comments have been removed while keeping their explanatory text. Several lint-suppression markers that named a check that does not exist were also corrected. None of this changes any API, wire format, or runtime behavior.",
7
+ "sections": [
8
+ {
9
+ "heading": "Changed",
10
+ "items": [
11
+ {
12
+ "title": "Source-tree lint markers cleaned up",
13
+ "body": "The internal byte-literal lint was tightened to flag only genuine byte-scale (`* 1024`) arithmetic, and the suppression comments it previously required on non-byte integers were removed (their explanatory text is retained as plain comments). A handful of suppression markers that referenced a non-existent check were pointed at the correct one or removed. This is source-comment hygiene only — there is no change to any exported API, error code, wire format, or runtime behavior."
14
+ }
15
+ ]
16
+ }
17
+ ]
18
+ }
@@ -0,0 +1,18 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.3",
4
+ "date": "2026-05-30",
5
+ "headline": "A codebase check now ensures every lint-suppression marker names a real check, so a typo can't silently disable a guard",
6
+ "summary": "Source files suppress an individual lint with an `// allow:<class>` comment. If the class is mistyped or stale, the comment suppresses nothing — the check it names does not exist — so the issue it was meant to explain ships unflagged. A new codebase check now verifies every `// allow:<class>` marker names a registered check class and fails if it does not, with the full set of valid classes maintained as an explicit registry. Two markers that named a non-kebab class were corrected as part of this. No runtime, API, or wire-format changes.",
7
+ "sections": [
8
+ {
9
+ "heading": "Detectors",
10
+ "items": [
11
+ {
12
+ "title": "Lint-suppression markers must name a registered check",
13
+ "body": "A new check flags any `// allow:<class>` suppression comment whose class is not one of the registered check classes — catching typos and stale markers (for example a marker that named a check which was later renamed) that would otherwise silently disable the guard they appear to explain. The valid classes are kept as an explicit registry, so adding a check with a new allow-class is a one-line registration. Source-comment hygiene only — no change to any exported API, error code, wire format, or runtime behavior."
14
+ }
15
+ ]
16
+ }
17
+ ]
18
+ }
@@ -0,0 +1,18 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.4",
4
+ "date": "2026-05-30",
5
+ "headline": "Removed three pieces of dead code from the SAML, TLS, and JMAP surfaces; no API or behavior changes",
6
+ "summary": "Cleanup of unreachable code. A reverse signature-algorithm lookup in the SAML verifier was never called — the actual verification path resolves the algorithm through the supported-signature table — so it is removed and a stale comment that referenced it is corrected. A leftover no-op placeholder in the TLS certificate re-encode path (a zero-length slice that was assigned and discarded) is removed, leaving the verbatim extension re-encode it sat next to. An unused JMAP well-known-path constant that existed only to be discarded is removed. None of this changes any exported API, error code, wire format, or runtime behavior.",
7
+ "sections": [
8
+ {
9
+ "heading": "Removed",
10
+ "items": [
11
+ {
12
+ "title": "Unreachable code in SAML, TLS, and JMAP",
13
+ "body": "Removed `_sigAlgFromUri` from the SAML module (a reverse alg lookup that was never called — the embedded XML-DSig verifier resolves the algorithm via the supported-signature table, and the redirect-binding path uses the forward `_sigAlgUrn`), a discarded zero-length-slice placeholder in the TLS certificate extension re-encode path, and an unused well-known-path constant in the JMAP server. Internal cleanup only — no change to any exported API, error code, wire format, or runtime behavior."
14
+ }
15
+ ]
16
+ }
17
+ ]
18
+ }
@@ -0,0 +1,18 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.14.5",
4
+ "date": "2026-05-30",
5
+ "headline": "Finished cleaning up the mislabeled byte-literal lint suppressions, with no API or behavior changes",
6
+ "summary": "A follow-up to the byte-literal lint tightening. The remaining suppression comments that named the byte-literal check on values that are not byte sizes — JSON-RPC error codes, HTTP status codes, octet ranges, day-in-milliseconds constants — are removed, keeping their explanatory text and any correctly-named companion suppression. Every byte-literal suppression that remains is now on genuine 1024-scale byte arithmetic. Source-comment hygiene only.",
7
+ "sections": [
8
+ {
9
+ "heading": "Changed",
10
+ "items": [
11
+ {
12
+ "title": "Remaining mislabeled byte-literal suppressions removed",
13
+ "body": "The byte-literal lint was previously a check on any multiple-of-8 integer, so suppression comments naming it were scattered across non-byte values. The last of those (in a handful of files, in mixed comment formats) are now removed — their explanatory text is retained as plain comments, and any correctly-named companion suppression is kept. The only byte-literal suppressions that remain are on genuine 1024-scale byte arithmetic. No change to any exported API, error code, wire format, or runtime behavior."
14
+ }
15
+ ]
16
+ }
17
+ ]
18
+ }
@@ -12563,6 +12563,21 @@ async function testLogMiddlewareSetsRequestId() {
12563
12563
  mw(req3, res3, function () { t.log.info("during req3"); resolve(); });
12564
12564
  });
12565
12565
  check("middleware strips CRLF from inbound id", req3.id === "evil");
12566
+
12567
+ // Custom headerName: the response is written on the SAME configured
12568
+ // header the inbound id is read from (read/write symmetry).
12569
+ var customMw = t.log.middleware({ headerName: "X-Correlation-Id" });
12570
+ var setHeaderCalls4 = [];
12571
+ var req4 = { headers: { "x-correlation-id": "corr-123" } };
12572
+ var res4 = { setHeader: function (k, v) { setHeaderCalls4.push([k, v]); } };
12573
+ await new Promise(function (resolve) {
12574
+ customMw(req4, res4, function () { resolve(); });
12575
+ });
12576
+ check("custom headerName reads inbound id", req4.id === "corr-123");
12577
+ check("custom headerName writes the same header",
12578
+ setHeaderCalls4.length === 1 &&
12579
+ setHeaderCalls4[0][0] === "X-Correlation-Id" &&
12580
+ setHeaderCalls4[0][1] === "corr-123");
12566
12581
  }
12567
12582
 
12568
12583
  function testLogRedactsExtras() {
@@ -32,6 +32,28 @@ function _mockRes() {
32
32
  ag(_mockReq({ user: { age: 12 } }), belowRes, function () {});
33
33
  check("below-threshold sets X-Privacy-Posture", belowRes._captured.headers["X-Privacy-Posture"] === "below-threshold");
34
34
 
35
+ // privacyPostureHeader override + suppression
36
+ var customHdr = b.middleware.ageGate({
37
+ audit: false,
38
+ getAge: function (req) { return req.user && req.user.age; },
39
+ consentRequired: 18,
40
+ privacyPostureHeader: "X-Age-Band",
41
+ });
42
+ var customRes = _mockRes();
43
+ customHdr(_mockReq({ user: { age: 12 } }), customRes, function () {});
44
+ check("custom privacyPostureHeader used", customRes._captured.headers["X-Age-Band"] === "below-threshold");
45
+ check("custom privacyPostureHeader replaces default", customRes._captured.headers["X-Privacy-Posture"] === undefined);
46
+
47
+ var suppressed = b.middleware.ageGate({
48
+ audit: false,
49
+ getAge: function (req) { return req.user && req.user.age; },
50
+ consentRequired: 18,
51
+ privacyPostureHeader: false,
52
+ });
53
+ var suppressedRes = _mockRes();
54
+ suppressed(_mockReq({ user: { age: 12 } }), suppressedRes, function () {});
55
+ check("privacyPostureHeader:false suppresses the header", suppressedRes._captured.headers["X-Privacy-Posture"] === undefined);
56
+
35
57
  // requireAge gate
36
58
  var hardGate = b.middleware.ageGate({
37
59
  audit: false,
@@ -135,12 +135,41 @@ async function testValidation() {
135
135
  check("parse: missing algorithms refused (verifyExternal — no alg defaults)", noAlg !== null);
136
136
  }
137
137
 
138
+ // RFC 9101 §10.8 — the request object MUST be typed so a same-client JWT
139
+ // minted for another purpose can't be replayed as a request object.
140
+ async function testTypEnforcement() {
141
+ function _withTyp(typ) {
142
+ var payload = {
143
+ iss: CLIENT, aud: AS, client_id: CLIENT, response_type: "code",
144
+ redirect_uri: "https://app.example.com/cb",
145
+ iat: _nowSec(), exp: _nowSec() + 120,
146
+ };
147
+ var header = { alg: "RS256", kid: "c1" };
148
+ if (typ !== undefined) header.typ = typ;
149
+ return _signRs256(KEYS.privateKey, header, payload);
150
+ }
151
+ var okBare = await b.auth.jar.parse(_withTyp("oauth-authz-req+jwt"), _parseOpts());
152
+ check("parse: typ 'oauth-authz-req+jwt' accepted", okBare.params.response_type === "code");
153
+ var okPrefixed = await b.auth.jar.parse(_withTyp("application/oauth-authz-req+jwt"), _parseOpts());
154
+ check("parse: typ 'application/oauth-authz-req+jwt' accepted", okPrefixed.params.response_type === "code");
155
+
156
+ var eWrong = null;
157
+ try { await b.auth.jar.parse(_withTyp("JWT"), _parseOpts()); } catch (e) { eWrong = e; }
158
+ check("parse: wrong typ refused (cross-JWT confusion, RFC 9101 §10.8)",
159
+ eWrong && eWrong.code === "auth-jar/bad-typ");
160
+
161
+ var eAbsent = null;
162
+ try { await b.auth.jar.parse(_withTyp(undefined), _parseOpts()); } catch (e) { eAbsent = e; }
163
+ check("parse: absent typ refused (strict)", eAbsent && eAbsent.code === "auth-jar/bad-typ");
164
+ }
165
+
138
166
  async function run() {
139
167
  await testRoundTrip();
140
168
  await testAntiNesting();
141
169
  await testClientIdBinding();
142
170
  await testAlgConfusionDelegated();
143
171
  await testValidation();
172
+ await testTypEnforcement();
144
173
  }
145
174
 
146
175
  module.exports = { run: run };
@@ -279,15 +279,105 @@ function _report(label, matches) {
279
279
  // Adding a marker at a violation line allowlists that one specific
280
280
  // occurrence; the reason follows the marker on the same comment line.
281
281
 
282
+ // Every `// allow:<class>` suppression marker must name a REGISTERED detector
283
+ // allow-class. A typo'd or stale class (e.g. the historical `setinterval-unref`
284
+ // when the real check is `timer-no-unref`, or `protocol-constant` which names
285
+ // no detector at all) suppresses NOTHING — the detector it claims to silence
286
+ // does not exist — so the underlying violation it was meant to explain ships
287
+ // unflagged. When you add a detector with a new allow-class, register it here.
288
+ var VALID_ALLOW_CLASSES = {
289
+ "ai-disclosure-on-request-without-requested-gate": 1,
290
+ "archive-gz-without-safedecompress": 1,
291
+ "archive-wrap-partial-recipient": 1,
292
+ "backup-adapter-storage-without-posture-check": 1,
293
+ "bare-canonicalize-walk": 1,
294
+ "bare-error-throw": 1,
295
+ "bare-json-parse": 1,
296
+ "bare-split-on-quoted-header": 1,
297
+ "console-direct": 1,
298
+ "duplicate-regex": 1,
299
+ "dynamic-regex": 1,
300
+ "dynamic-require": 1,
301
+ "from-base64url-untrapped": 1,
302
+ "fs-path-from-operator-identifier-without-traversal-refusal": 1,
303
+ "gitleaks-entropy": 1,
304
+ "handrolled-buffer-collect": 1,
305
+ "handrolled-debounce": 1,
306
+ "hostname-compare-trailing-dot": 1,
307
+ "inline-numeric-bounds-cascade": 1,
308
+ "inline-require": 1,
309
+ "inline-require-non-empty-string-validation": 1,
310
+ "internal-binding-in-prose": 1,
311
+ "list-without-pagination": 1,
312
+ "math-random-noncrypto": 1,
313
+ "no-number-money-arithmetic": 1,
314
+ "numeric-opt-Infinity": 1,
315
+ "numeric-opt-no-bounds-check": 1,
316
+ "process-exit": 1,
317
+ "raw-byte-literal": 1,
318
+ "raw-hash-compare": 1,
319
+ "raw-new-url": 1,
320
+ "raw-outbound-http": 1,
321
+ "raw-process-env": 1,
322
+ "raw-randombytes-token": 1,
323
+ "raw-time-literal": 1,
324
+ "raw-timing-safe-equal": 1,
325
+ "regex-no-length-cap": 1,
326
+ "seal-without-aad": 1,
327
+ "silent-catch": 1,
328
+ "slsa-framework-action-not-sha-pinned": 1,
329
+ "timer-no-unref": 1,
330
+ "wildcard-suffix-match-without-single-label-check": 1,
331
+ };
332
+
333
+ function testNoOrphanAllowClass() {
334
+ // scanScope: lib + test (every shipped + test source).
335
+ var files = _libFiles().concat(_testFiles());
336
+ var bad = [];
337
+ var re = /\ballow:([a-z][a-zA-Z0-9-]*)/g;
338
+ for (var fi = 0; fi < files.length; fi++) {
339
+ var rel = _relPath(files[fi]);
340
+ // Skip THIS file: it holds the marker machinery + the registry itself,
341
+ // where `allow:` appears in regexes and the VALID_ALLOW_CLASSES keys.
342
+ if (rel === "test/layer-0-primitives/codebase-patterns.test.js") continue;
343
+ var content;
344
+ try { content = fs.readFileSync(files[fi], "utf8"); }
345
+ catch (_e) { continue; }
346
+ var lines = content.split(/\r?\n/);
347
+ for (var li = 0; li < lines.length; li++) {
348
+ // Only inspect the `//` line-comment portion — markers are always
349
+ // comments, never string literals.
350
+ var hashIdx = lines[li].indexOf("//");
351
+ if (hashIdx === -1) continue;
352
+ var comment = lines[li].slice(hashIdx);
353
+ var m;
354
+ re.lastIndex = 0;
355
+ while ((m = re.exec(comment)) !== null) {
356
+ var cls = m[1];
357
+ if (!Object.prototype.hasOwnProperty.call(VALID_ALLOW_CLASSES, cls)) {
358
+ bad.push({
359
+ file: rel,
360
+ line: li + 1,
361
+ content: "unregistered allow-class '" + cls + "' — names no detector " +
362
+ "(fix the typo, or register it in VALID_ALLOW_CLASSES)",
363
+ });
364
+ }
365
+ }
366
+ }
367
+ }
368
+ _report("every // allow:<class> marker names a registered detector class", bad);
369
+ }
370
+
282
371
  function testNoRawByteLiterals() {
283
372
  // class: raw-byte-literal
284
- // Systemic detection: any integer literal `n >= 8 && n % 8 === 0` is
285
- // a byte-shape candidate (8-bit alignment is the universal byte unit).
286
- // Use C.BYTES.kib / mib / gib (n) so the framework's byte math has a
287
- // single source of truth.
288
- // Strings, regex literals, and hex constants are excluded. HTTP
289
- // status comparisons, year literals (which can also be multiples of
290
- // 8), and lines already routed through C.BYTES.* are skipped.
373
+ // Byte-SCALE arithmetic `n * 1024` (KiB), `* 1024 * 1024` (MiB),
374
+ // `* 1024 * 1024 * 1024` (GiB) must route through C.BYTES.kib / mib /
375
+ // gib(n) so the framework's byte math has a single source of truth.
376
+ // That 1024-scale is exactly what the C.BYTES helpers replace; a bare
377
+ // multiple-of-8 in any other context (an HTTP status, a radix, a count,
378
+ // a length, an opcode, an octet, a field width …) is NOT a byte size and
379
+ // is deliberately NOT flagged. Strings, regex, hex, and C.BYTES-wrapped
380
+ // lines are excluded.
291
381
  var files = _libFiles();
292
382
  var bad = [];
293
383
  for (var fi = 0; fi < files.length; fi++) {
@@ -312,6 +402,11 @@ function testNoRawByteLiterals() {
312
402
  // byte literal (`C.BYTES.mib(64)`, `C.TIME.seconds(8)`) and the
313
403
  // wrapping primitive is the single source of truth.
314
404
  if (/\bC\.(BYTES|TIME)\.\w+\(/.test(stripped)) continue;
405
+ // NARROWED: only 1024-scale byte arithmetic is a real byte size that
406
+ // C.BYTES.kib / mib / gib replaces. Skip every line that is not
407
+ // byte-scale `* 1024` math — a bare multiple-of-8 elsewhere is not a
408
+ // byte literal and no longer needs a marker.
409
+ if (!/\*\s*1024\b/.test(stripped)) continue;
315
410
  // Skip lines whose left-hand side explicitly names a non-byte
316
411
  // unit. Match the unit token at any position in a SCREAMING_SNAKE
317
412
  // identifier (start, middle, or end). Examples:
@@ -383,8 +478,8 @@ function testNoRawByteLiterals() {
383
478
  }
384
479
  }
385
480
  bad = _filterMarkers(bad, "raw-byte-literal");
386
- _report("no raw byte-shaped literals (n >= 8 && n % 8 === 0; use " +
387
- "C.BYTES.kib / mib / gib or name as protocol constant)",
481
+ _report("no raw byte-scale literals (1024-scale `* 1024` arithmetic; " +
482
+ "use C.BYTES.kib / mib / gib)",
388
483
  bad);
389
484
  }
390
485
 
@@ -10380,6 +10475,7 @@ function testSafeGuardHasMustComposeDetector() {
10380
10475
  }
10381
10476
 
10382
10477
  async function run() {
10478
+ testNoOrphanAllowClass();
10383
10479
  testNoRawByteLiterals();
10384
10480
  testNoRawTimeLiterals();
10385
10481
  testNumericOptsValidate();
@@ -374,6 +374,21 @@ function run() {
374
374
  res4.writeHead(404, {});
375
375
  check("middleware: no inject on 4xx", res4._headers["AI-Act-Notice"] == null);
376
376
 
377
+ // headerPrefix override — the disclosure headers carry a custom prefix
378
+ var mwPfx = b.middleware.aiActDisclosure({
379
+ kind: "ai-interaction",
380
+ policyUri: "https://myco.example.com/ai-policy",
381
+ headerPrefix: "X-AI-",
382
+ audit: false,
383
+ });
384
+ var req5 = { headers: {}, url: "/pfx" };
385
+ var res5 = _mockRes();
386
+ mwPfx(req5, res5, function () {});
387
+ res5.writeHead(200, {});
388
+ check("middleware: custom headerPrefix on Notice", res5._headers["X-AI-Notice"] === "ai-interaction");
389
+ check("middleware: custom headerPrefix on Article", res5._headers["X-AI-Article"] === "Art. 50(1)");
390
+ check("middleware: custom headerPrefix replaces default", res5._headers["AI-Act-Notice"] == null);
391
+
377
392
  // ---- expanded prohibited classifier ----
378
393
  var hits7 = aiAct.prohibited.classify({
379
394
  purpose: "predictive-policing", usesProfileOnly: true,
@@ -27,6 +27,16 @@ async function run() {
27
27
 
28
28
  var pub = b.graphqlFederation.guardSdl({ publicSchemaOk: true });
29
29
  check("guardSdl: public schema", typeof pub === "function");
30
+
31
+ // nonceHeader override — the replay nonce can be read from a custom
32
+ // request header (not just the Apollo-vendor default), for operators
33
+ // fronting the gateway with a non-Apollo router.
34
+ var withNonce = b.graphqlFederation.guardSdl({
35
+ routerToken: "a".repeat(64),
36
+ nonceStore: { has: function () { return false; }, remember: function () {} },
37
+ nonceHeader: "x-my-nonce",
38
+ });
39
+ check("guardSdl: accepts custom nonceHeader", typeof withNonce === "function");
30
40
  }
31
41
 
32
42
  module.exports = { run: run };
@@ -98,6 +98,18 @@ function testCreateBadOpts() {
98
98
  try { b.httpClient.cache.memoryStore({ evictionPolicy: "fifo" }); }
99
99
  catch (_e) { threw = true; }
100
100
  check("memoryStore: throws on unknown evictionPolicy", threw);
101
+
102
+ // statusHeader: default / custom / suppress / bad
103
+ check("cache.create: default statusHeader is x-blamejs-cache",
104
+ b.httpClient.cache.create({ store: _newCache().store }).statusHeader === "x-blamejs-cache");
105
+ check("cache.create: custom statusHeader honored",
106
+ b.httpClient.cache.create({ store: _newCache().store, statusHeader: "X-Cache" }).statusHeader === "x-cache");
107
+ check("cache.create: statusHeader null suppresses",
108
+ b.httpClient.cache.create({ store: _newCache().store, statusHeader: null }).statusHeader === null);
109
+ threw = false;
110
+ try { b.httpClient.cache.create({ store: _newCache().store, statusHeader: 123 }); }
111
+ catch (_e) { threw = true; }
112
+ check("cache.create: throws on non-string statusHeader", threw);
101
113
  }
102
114
 
103
115
  // ---- Hit / miss / store ---------------------------------------------
@@ -116,6 +116,13 @@ function testPgpEd25519RoundTrip() {
116
116
  check("ed25519 multipart wrapper present", rv.multipartSigned.indexOf("multipart/signed") !== -1);
117
117
  check("ed25519 multipart protocol is pgp", rv.multipartSigned.indexOf('protocol="application/pgp-signature"') !== -1);
118
118
  check("ed25519 micalg is pgp-sha512", rv.multipartSigned.indexOf('micalg="pgp-sha512"') !== -1);
119
+ check("ed25519 multipartSigned is a Buffer", Buffer.isBuffer(rv.multipartSigned));
120
+ // Byte-fidelity: a UTF-8 multibyte signed part must appear verbatim in the
121
+ // wrapper (a latin1 string round-trip would corrupt it and break the sig).
122
+ var utf8Part = Buffer.from("Subject: éè 中文\r\n\r\nbody\r\n", "utf8");
123
+ var rvU = pgp.sign({ message: utf8Part, privateKeyPem: kp.privateKey, creationTime: t0 });
124
+ check("ed25519 multipartSigned preserves UTF-8 signed bytes verbatim",
125
+ rvU.multipartSigned.indexOf(utf8Part) !== -1);
119
126
 
120
127
  var verify = pgp.verify({
121
128
  message: message,
@@ -276,13 +276,19 @@ function testPkixSanRequiredWhenAbsent() {
276
276
  }
277
277
 
278
278
  function testPkixCnFallbackRefused() {
279
- // Legacy CN-only cert (no SAN, but has CN) -> distinct code.
279
+ // Legacy CN-only cert (no SAN, but has CN) -> distinct CN-fallback code,
280
+ // emitted by the exported drop-in itself (RFC 9525 §6.4.4; matches the
281
+ // @primitive doc which promises operators can grep the distinct shape).
280
282
  var err = b.network.tls.checkServerIdentity9525("foo.example.com",
281
283
  _cert(undefined, "foo.example.com"));
282
- check("CN-only cert refuses with tls/pkix-san-required (CN-fallback inferred)",
283
- err && err.code === "tls/pkix-san-required");
284
- // The internal _checkServerIdentityStrict surfaces the more specific
285
- // CN-fallback-refused code:
284
+ check("CN-only cert refuses with tls/pkix-cn-fallback-refused",
285
+ err && err.code === "tls/pkix-cn-fallback-refused");
286
+ // No SAN AND no CN still falls through to the generic san-required code.
287
+ var sanErr = b.network.tls.checkServerIdentity9525("foo.example.com",
288
+ _cert(undefined));
289
+ check("no-SAN no-CN cert still refuses with tls/pkix-san-required",
290
+ sanErr && sanErr.code === "tls/pkix-san-required");
291
+ // The internal _checkServerIdentityStrict surfaces the same code:
286
292
  var strictErr = b.network.tls._checkServerIdentityStrict("foo.example.com",
287
293
  _cert(undefined, "foo.example.com"));
288
294
  check("internal strict combiner surfaces tls/pkix-cn-fallback-refused",
@@ -37,6 +37,40 @@ async function run() {
37
37
  check("instances() entries expose .resetAll",
38
38
  typeof mwA.resetAll === "function");
39
39
 
40
+ // headerPrefix: the X-RateLimit-* response header names are configurable
41
+ // (default "X-RateLimit-", or e.g. the unprefixed IETF-draft "RateLimit-").
42
+ function _mkRes() {
43
+ var h = {};
44
+ return { _h: h, setHeader: function (k, v) { h[k] = v; }, writeHead: function () {}, end: function () {} };
45
+ }
46
+ function _runRl(mw, key) {
47
+ return new Promise(function (resolve) {
48
+ var res = _mkRes();
49
+ mw({ headers: {}, url: "/", method: "GET", socket: { remoteAddress: "127.0.0.1" } },
50
+ res, function () { resolve(res); });
51
+ });
52
+ }
53
+ var rlDefault = b.middleware.rateLimit({
54
+ backend: "memory", burst: 5, refillPerSecond: 1, keyFn: function () { return "hp-d"; },
55
+ });
56
+ var rlDefaultRes = await _runRl(rlDefault);
57
+ check("rateLimit default emits X-RateLimit-Limit",
58
+ rlDefaultRes._h["X-RateLimit-Limit"] !== undefined);
59
+ var rlCustom = b.middleware.rateLimit({
60
+ backend: "memory", burst: 5, refillPerSecond: 1, headerPrefix: "RateLimit-",
61
+ keyFn: function () { return "hp-c"; },
62
+ });
63
+ var rlCustomRes = await _runRl(rlCustom);
64
+ check("rateLimit custom headerPrefix on limit",
65
+ rlCustomRes._h["RateLimit-Limit"] !== undefined);
66
+ check("rateLimit custom headerPrefix on remaining",
67
+ rlCustomRes._h["RateLimit-Remaining"] !== undefined);
68
+ check("rateLimit custom headerPrefix replaces default",
69
+ rlCustomRes._h["X-RateLimit-Limit"] === undefined);
70
+ // Deregister so the registry-count assertions below stay exact.
71
+ rlDefault.close();
72
+ rlCustom.close();
73
+
40
74
  // Seed each backend so resetAll has observable state to flush.
41
75
  // Drive .take() through the middleware function via a fake req/res.
42
76
  var fakeReq = { socket: { remoteAddress: "1.2.3.4" }, method: "GET", url: "/" };
@@ -118,6 +118,18 @@ async function run() {
118
118
  /data: plain\n\n/.test(captured.body));
119
119
  check("sse: handler ran fully", sent.length === 2);
120
120
  check("sse: stream closed", captured.ended === true);
121
+ check("sse: default sets X-Accel-Buffering: no",
122
+ captured.headers["X-Accel-Buffering"] === "no");
123
+
124
+ // ---- proxyBuffer: false suppresses the nginx hint ----
125
+ var mwNB = b.middleware.sse(async function (channel) {
126
+ channel.send({ data: "x" });
127
+ channel.close();
128
+ }, { heartbeatMs: false, proxyBuffer: false });
129
+ var resNB = _mockRes();
130
+ await mwNB(_mockReq(), resNB);
131
+ check("sse: proxyBuffer:false suppresses X-Accel-Buffering",
132
+ resNB._captured().headers["X-Accel-Buffering"] === undefined);
121
133
 
122
134
  // ---- onAbort runs on res close ----
123
135
  var aborted = false;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blamejs/blamejs-shop",
3
- "version": "0.3.4",
3
+ "version": "0.3.6",
4
4
  "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
5
5
  "main": "lib/index.js",
6
6
  "scripts": {
@@ -1,22 +0,0 @@
1
- {
2
- "$schema": "../scripts/release-notes-schema.json",
3
- "version": "0.13.0",
4
- "date": "2026-05-26",
5
- "headline": "`b.crypto.oprf` — RFC 9497 Oblivious PRFs",
6
- "summary": "Compute F(serverKey, input) without the server learning the input and without the client learning the key — the Oblivious PRF primitive behind password hardening (the server peppers a password it never sees), private set intersection, and Privacy Pass. b.crypto.oprf.suite(name) returns an RFC 9497 ciphersuite — ristretto255-sha512, p256-sha256, p384-sha384, or p521-sha512 — each exposing the base oprf mode and the verifiable voprf mode (a DLEQ proof lets the client confirm the server used the key committed in its public key). The client blinds its input, the server blind-evaluates with its secret key, and the client finalizes by un-blinding and hashing; because un-blinding cancels the blind, the output depends only on key and input. Validated byte-for-byte against the RFC 9497 Appendix-A test vectors. Group and hash-to-curve operations come from the newly vendored @noble/curves (Paul Miller, MIT) — the same maintainer as the framework's existing vendored @noble/post-quantum and @noble/ciphers, with no added npm runtime dependency.",
7
- "sections": [
8
- {
9
- "heading": "Added",
10
- "items": [
11
- {
12
- "title": "`b.crypto.oprf` — RFC 9497 OPRF / VOPRF",
13
- "body": "`suite(name)` returns `{ name, oprf, voprf }` for one of the four RFC 9497 ciphersuites (ristretto255-SHA512 / P-256-SHA256 / P-384-SHA384 / P-521-SHA512). The `oprf` (base) mode provides `deriveKeyPair` / `generateKeyPair` / `blind` / `blindEvaluate` / `finalize` / `evaluate`; `voprf` (verifiable) adds a DLEQ proof so the client can prove the server used the committed key. Use it for password hardening, private set intersection, and OPRF-based tokens. Verified against the RFC 9497 Appendix-A vectors. The partially-oblivious `poprf` mode is not yet exposed (the vendored `@noble/curves` does not implement it) and will follow upstream."
14
- },
15
- {
16
- "title": "Vendored `@noble/curves`",
17
- "body": "`@noble/curves` 2.2.0 (Paul Miller, MIT) is vendored under `lib/vendor/` (no npm runtime dependency), supplying the ristretto255 / NIST-curve group and hash-to-curve operations behind `b.crypto.oprf`. It joins the existing vendored `@noble/post-quantum` and `@noble/ciphers` from the same maintainer; tracked in the SBOM and the vendor-currency gate."
18
- }
19
- ]
20
- }
21
- ]
22
- }