@blamejs/blamejs-shop 0.3.5 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +3 -3
  4. package/lib/vendor/blamejs/CHANGELOG.md +14 -0
  5. package/lib/vendor/blamejs/api-snapshot.json +2 -2
  6. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
  7. package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
  8. package/lib/vendor/blamejs/lib/a2a.js +4 -4
  9. package/lib/vendor/blamejs/lib/acme.js +3 -3
  10. package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
  11. package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
  12. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
  13. package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
  14. package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
  15. package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
  16. package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
  17. package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
  18. package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
  19. package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
  20. package/lib/vendor/blamejs/lib/ai-input.js +4 -4
  21. package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
  22. package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
  23. package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
  24. package/lib/vendor/blamejs/lib/archive-read.js +25 -25
  25. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
  26. package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
  27. package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
  28. package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
  29. package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
  30. package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
  31. package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
  32. package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
  33. package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
  34. package/lib/vendor/blamejs/lib/audit.js +2 -2
  35. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
  36. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
  37. package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
  38. package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
  39. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
  40. package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
  41. package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
  42. package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
  43. package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
  44. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
  45. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
  46. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  47. package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
  48. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
  49. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
  50. package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
  51. package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
  52. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
  53. package/lib/vendor/blamejs/lib/backup/index.js +7 -7
  54. package/lib/vendor/blamejs/lib/base32.js +8 -8
  55. package/lib/vendor/blamejs/lib/budr.js +2 -2
  56. package/lib/vendor/blamejs/lib/cache-status.js +2 -2
  57. package/lib/vendor/blamejs/lib/calendar.js +29 -29
  58. package/lib/vendor/blamejs/lib/cbor.js +12 -12
  59. package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
  60. package/lib/vendor/blamejs/lib/cert.js +5 -5
  61. package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
  62. package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
  63. package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
  64. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
  65. package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
  66. package/lib/vendor/blamejs/lib/compliance.js +29 -29
  67. package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
  68. package/lib/vendor/blamejs/lib/cookies.js +1 -1
  69. package/lib/vendor/blamejs/lib/cose.js +13 -13
  70. package/lib/vendor/blamejs/lib/cra-report.js +1 -1
  71. package/lib/vendor/blamejs/lib/crdt.js +1 -1
  72. package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
  73. package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
  74. package/lib/vendor/blamejs/lib/crypto.js +6 -6
  75. package/lib/vendor/blamejs/lib/csp.js +2 -2
  76. package/lib/vendor/blamejs/lib/cwt.js +4 -4
  77. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
  78. package/lib/vendor/blamejs/lib/data-act.js +2 -2
  79. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
  80. package/lib/vendor/blamejs/lib/db-query.js +1 -1
  81. package/lib/vendor/blamejs/lib/db.js +6 -6
  82. package/lib/vendor/blamejs/lib/dbsc.js +13 -13
  83. package/lib/vendor/blamejs/lib/did.js +17 -17
  84. package/lib/vendor/blamejs/lib/dora.js +4 -4
  85. package/lib/vendor/blamejs/lib/dsr.js +1 -1
  86. package/lib/vendor/blamejs/lib/early-hints.js +2 -2
  87. package/lib/vendor/blamejs/lib/eat.js +4 -4
  88. package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
  89. package/lib/vendor/blamejs/lib/external-db.js +1 -1
  90. package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
  91. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
  92. package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
  93. package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
  94. package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
  95. package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
  96. package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
  97. package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
  98. package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
  99. package/lib/vendor/blamejs/lib/guard-email.js +19 -19
  100. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
  101. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
  102. package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
  103. package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
  104. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
  105. package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
  106. package/lib/vendor/blamejs/lib/guard-html.js +7 -7
  107. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
  108. package/lib/vendor/blamejs/lib/guard-image.js +4 -4
  109. package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
  110. package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
  111. package/lib/vendor/blamejs/lib/guard-json.js +12 -12
  112. package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
  113. package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
  114. package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
  115. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
  116. package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
  117. package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
  118. package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
  119. package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
  120. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
  121. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
  122. package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
  123. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
  124. package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
  125. package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
  126. package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
  127. package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
  128. package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
  129. package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
  130. package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
  131. package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
  132. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
  133. package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
  134. package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
  135. package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
  136. package/lib/vendor/blamejs/lib/guard-time.js +15 -15
  137. package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
  138. package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
  139. package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
  140. package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
  141. package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
  142. package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
  143. package/lib/vendor/blamejs/lib/http-client.js +13 -10
  144. package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
  145. package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
  146. package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
  147. package/lib/vendor/blamejs/lib/inbox.js +4 -4
  148. package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
  149. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
  150. package/lib/vendor/blamejs/lib/json-path.js +3 -3
  151. package/lib/vendor/blamejs/lib/json-schema.js +1 -1
  152. package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
  153. package/lib/vendor/blamejs/lib/jtd.js +2 -2
  154. package/lib/vendor/blamejs/lib/link-header.js +1 -1
  155. package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
  156. package/lib/vendor/blamejs/lib/log.js +8 -3
  157. package/lib/vendor/blamejs/lib/lro.js +4 -4
  158. package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
  159. package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
  160. package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
  161. package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
  162. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
  163. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
  164. package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
  165. package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
  166. package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
  167. package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
  168. package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
  169. package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
  170. package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
  171. package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
  172. package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
  173. package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
  174. package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
  175. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
  176. package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
  177. package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
  178. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
  179. package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
  180. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
  181. package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
  182. package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
  183. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
  184. package/lib/vendor/blamejs/lib/mail-store.js +8 -8
  185. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
  186. package/lib/vendor/blamejs/lib/mail.js +4 -4
  187. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
  188. package/lib/vendor/blamejs/lib/mcp.js +15 -15
  189. package/lib/vendor/blamejs/lib/mdoc.js +2 -2
  190. package/lib/vendor/blamejs/lib/metrics.js +8 -8
  191. package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
  192. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
  193. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
  194. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
  195. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
  196. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
  197. package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
  198. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
  199. package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
  200. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
  201. package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
  202. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
  203. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
  204. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
  205. package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
  206. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
  207. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
  208. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
  209. package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
  210. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
  211. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
  212. package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
  213. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
  214. package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
  215. package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
  216. package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
  217. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
  218. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
  219. package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
  220. package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
  221. package/lib/vendor/blamejs/lib/network-dns.js +29 -29
  222. package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
  223. package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
  224. package/lib/vendor/blamejs/lib/network-tls.js +100 -98
  225. package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
  226. package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
  227. package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
  228. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
  229. package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
  230. package/lib/vendor/blamejs/lib/observability.js +8 -8
  231. package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
  232. package/lib/vendor/blamejs/lib/openapi.js +1 -1
  233. package/lib/vendor/blamejs/lib/outbox.js +6 -6
  234. package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
  235. package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
  236. package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
  237. package/lib/vendor/blamejs/lib/problem-details.js +5 -5
  238. package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
  239. package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
  240. package/lib/vendor/blamejs/lib/queue.js +4 -2
  241. package/lib/vendor/blamejs/lib/redact.js +2 -2
  242. package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
  243. package/lib/vendor/blamejs/lib/router.js +10 -10
  244. package/lib/vendor/blamejs/lib/safe-async.js +2 -2
  245. package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
  246. package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
  247. package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
  248. package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
  249. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
  250. package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
  251. package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
  252. package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
  253. package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
  254. package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
  255. package/lib/vendor/blamejs/lib/safe-url.js +1 -1
  256. package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
  257. package/lib/vendor/blamejs/lib/sandbox.js +5 -5
  258. package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
  259. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
  260. package/lib/vendor/blamejs/lib/self-update.js +3 -3
  261. package/lib/vendor/blamejs/lib/server-timing.js +3 -3
  262. package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
  263. package/lib/vendor/blamejs/lib/session.js +8 -8
  264. package/lib/vendor/blamejs/lib/sse.js +12 -5
  265. package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
  266. package/lib/vendor/blamejs/lib/storage.js +2 -2
  267. package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
  268. package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
  269. package/lib/vendor/blamejs/lib/subject.js +1 -1
  270. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
  271. package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
  272. package/lib/vendor/blamejs/lib/test-harness.js +1 -1
  273. package/lib/vendor/blamejs/lib/tracing.js +1 -1
  274. package/lib/vendor/blamejs/lib/tsa.js +5 -5
  275. package/lib/vendor/blamejs/lib/uri-template.js +5 -5
  276. package/lib/vendor/blamejs/lib/vault/index.js +2 -2
  277. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
  278. package/lib/vendor/blamejs/lib/vc.js +2 -2
  279. package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
  280. package/lib/vendor/blamejs/lib/watcher.js +4 -4
  281. package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
  282. package/lib/vendor/blamejs/lib/webhook.js +2 -2
  283. package/lib/vendor/blamejs/lib/websocket.js +5 -5
  284. package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
  285. package/lib/vendor/blamejs/lib/ws-client.js +24 -24
  286. package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
  287. package/lib/vendor/blamejs/package.json +1 -1
  288. package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
  289. package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
  290. package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
  291. package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
  292. package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
  293. package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
  294. package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
  295. package/lib/vendor/blamejs/test/00-primitives.js +15 -0
  296. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
  297. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
  298. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
  299. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
  300. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
  301. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
  302. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
  303. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
  304. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
  305. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
  306. package/package.json +1 -1
  307. package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
  308. package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
  309. package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
  310. package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
  311. package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
  312. package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
  313. package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
  314. package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
  315. package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
  316. package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
  317. package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
  318. package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
  319. package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
  320. package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
  321. package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
  322. package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
  323. package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
  324. package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
  325. package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
  326. package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
  327. package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
  328. package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
  329. package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
  330. package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
  331. package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
  332. package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
  333. package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
  334. package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
  335. package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
  336. package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
  337. package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
  338. package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
  339. package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
  340. package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
  341. package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
  342. package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
  343. package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
  344. package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
  345. package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
  346. package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
  347. package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
  348. package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
  349. package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
  350. package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
  351. package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
  352. package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
  353. package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
package/CHANGELOG.md CHANGED
@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
8
8
 
9
9
  ## v0.3.x
10
10
 
11
+ - v0.3.6 (2026-05-30) — **Update the vendored blamejs runtime to v0.14.5.** Refreshes the vendored blamejs runtime from v0.13.46 to v0.14.5, a maintenance update. The request-lifecycle security stack the storefront and admin depend on — CSRF, fetch-metadata, body-parser, cookies, and rate limiting — is unchanged across this range. The runtime's breaking changes in this window (stricter OAuth JAR request-object typing and a PGP signature return type) are in surfaces this shop does not use, so there is no behavior change and no operator action is required. **Changed:** *Vendored blamejs runtime updated to v0.14.5* — The pinned blamejs runtime moves from v0.13.46 to v0.14.5, picking up the framework's maintenance and hardening work across that range. The createApp request-lifecycle middleware the shop composes (CSRF, fetch-metadata, body-parser, cookie, and rate-limit layers) is unchanged, so this refresh carries no behavior change for the storefront or admin console.
12
+
11
13
  - v0.3.5 (2026-05-30) — **Shipping-label management in the admin console.** The admin console gains shipping-label tools. On an order, void a purchased label — with a reason — when it needs reprinting, alongside the existing mark-as-used action. A new Shipping labels section adds cross-order visibility: a status-filtered list, the mint queue of labels awaiting a broker, and a broker-spend report that totals label costs by carrier and currency over a date range. This is bookkeeping and reporting only — nothing in the storefront, cart, or checkout changes. **Added:** *Void a shipping label from the order* — Each purchased label on an order now offers a Void action with a reason, for when a label is reprinted at a different weight or carrier. Voiding is refused once a label has been used or already voided, or once it is past the carrier's void window. · *Shipping labels admin section* — A new Shipping labels section gives cross-order visibility: a status-filtered label list, the mint queue of labels awaiting a broker, and a broker-spend report totalling label cost grouped by carrier and currency over a date range.
12
14
 
13
15
  - v0.3.4 (2026-05-30) — **Sales-tax filings and remittance tracking in the admin console.** The admin console gains a Tax filings section for tracking sales-tax remittance across reporting periods. Open a filing period for a jurisdiction, compute the tax collected from completed orders in that window, then record the submission and the payment as you remit. Each filing carries a per-rate breakdown and an audit trail, and the list surfaces what's due soon or already overdue. A per-jurisdiction remittance report totals the tax owed across a date range. Every figure derives from completed orders — nothing in the storefront, cart, or checkout changes. **Added:** *Tax filings admin console* — A new Tax filings section tracks sales-tax remittance: open a filing period for a jurisdiction and reporting kind, compute the tax collected from completed orders in the window with a per-rate breakdown, then record submission and payment through the filing lifecycle. The list surfaces filings due soon or overdue, and a remittance report totals tax owed per jurisdiction across a date range. This is reporting only — it reads completed orders and changes nothing in checkout.
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "0.3.5",
2
+ "version": "0.3.6",
3
3
  "assets": {
4
4
  "css/admin.css": {
5
5
  "integrity": "sha384-1SIn6oAf1DjECbRfKENZasdKHJiywGdXR58wn0hsFGcdVHzUmvfgMkEz5ANIAZJ3",
@@ -3,8 +3,8 @@
3
3
  "_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
4
4
  "packages": {
5
5
  "blamejs": {
6
- "version": "0.13.46",
7
- "tag": "v0.13.46",
6
+ "version": "0.14.5",
7
+ "tag": "v0.14.5",
8
8
  "license": "Apache-2.0",
9
9
  "author": "blamejs contributors",
10
10
  "source": "https://github.com/blamejs/blamejs",
@@ -13,7 +13,7 @@
13
13
  "server": "lib/vendor/blamejs/"
14
14
  },
15
15
  "bundler": "shallow git clone of release tag from github.com/blamejs/blamejs",
16
- "bundledAt": "2026-05-29"
16
+ "bundledAt": "2026-05-30"
17
17
  }
18
18
  }
19
19
  }
@@ -6,6 +6,20 @@ Pre-1.0 the surface is intentionally evolving — every release may
6
6
  change something operators depend on. Read each entry before
7
7
  upgrading across more than a few patches at a time.
8
8
 
9
+ ## v0.14.x
10
+
11
+ - v0.14.5 (2026-05-30) — **Finished cleaning up the mislabeled byte-literal lint suppressions, with no API or behavior changes.** A follow-up to the byte-literal lint tightening. The remaining suppression comments that named the byte-literal check on values that are not byte sizes — JSON-RPC error codes, HTTP status codes, octet ranges, day-in-milliseconds constants — are removed, keeping their explanatory text and any correctly-named companion suppression. Every byte-literal suppression that remains is now on genuine 1024-scale byte arithmetic. Source-comment hygiene only. **Changed:** *Remaining mislabeled byte-literal suppressions removed* — The byte-literal lint was previously a check on any multiple-of-8 integer, so suppression comments naming it were scattered across non-byte values. The last of those (in a handful of files, in mixed comment formats) are now removed — their explanatory text is retained as plain comments, and any correctly-named companion suppression is kept. The only byte-literal suppressions that remain are on genuine 1024-scale byte arithmetic. No change to any exported API, error code, wire format, or runtime behavior.
12
+
13
+ - v0.14.4 (2026-05-30) — **Removed three pieces of dead code from the SAML, TLS, and JMAP surfaces; no API or behavior changes.** Cleanup of unreachable code. A reverse signature-algorithm lookup in the SAML verifier was never called — the actual verification path resolves the algorithm through the supported-signature table — so it is removed and a stale comment that referenced it is corrected. A leftover no-op placeholder in the TLS certificate re-encode path (a zero-length slice that was assigned and discarded) is removed, leaving the verbatim extension re-encode it sat next to. An unused JMAP well-known-path constant that existed only to be discarded is removed. None of this changes any exported API, error code, wire format, or runtime behavior. **Removed:** *Unreachable code in SAML, TLS, and JMAP* — Removed `_sigAlgFromUri` from the SAML module (a reverse alg lookup that was never called — the embedded XML-DSig verifier resolves the algorithm via the supported-signature table, and the redirect-binding path uses the forward `_sigAlgUrn`), a discarded zero-length-slice placeholder in the TLS certificate extension re-encode path, and an unused well-known-path constant in the JMAP server. Internal cleanup only — no change to any exported API, error code, wire format, or runtime behavior.
14
+
15
+ - v0.14.3 (2026-05-30) — **A codebase check now ensures every lint-suppression marker names a real check, so a typo can't silently disable a guard.** Source files suppress an individual lint with an `// allow:<class>` comment. If the class is mistyped or stale, the comment suppresses nothing — the check it names does not exist — so the issue it was meant to explain ships unflagged. A new codebase check now verifies every `// allow:<class>` marker names a registered check class and fails if it does not, with the full set of valid classes maintained as an explicit registry. Two markers that named a non-kebab class were corrected as part of this. No runtime, API, or wire-format changes. **Detectors:** *Lint-suppression markers must name a registered check* — A new check flags any `// allow:<class>` suppression comment whose class is not one of the registered check classes — catching typos and stale markers (for example a marker that named a check which was later renamed) that would otherwise silently disable the guard they appear to explain. The valid classes are kept as an explicit registry, so adding a check with a new allow-class is a one-line registration. Source-comment hygiene only — no change to any exported API, error code, wire format, or runtime behavior.
16
+
17
+ - v0.14.2 (2026-05-29) — **Internal lint hygiene: the byte-literal check now flags only genuine byte-scale arithmetic, with no API or behavior changes.** A no-behavior-change cleanup of the source tree's internal lint markers. The byte-literal lint previously flagged every integer that was a multiple of 8 — which is most numbers — so the source carried a large number of suppression comments on values that were not byte sizes at all (status codes, counts, lengths, radixes, opcodes). The lint now flags only 1024-scale byte arithmetic (the case the C.BYTES.kib/mib/gib helpers exist to replace), and the now-unnecessary suppression comments have been removed while keeping their explanatory text. Several lint-suppression markers that named a check that does not exist were also corrected. None of this changes any API, wire format, or runtime behavior. **Changed:** *Source-tree lint markers cleaned up* — The internal byte-literal lint was tightened to flag only genuine byte-scale (`* 1024`) arithmetic, and the suppression comments it previously required on non-byte integers were removed (their explanatory text is retained as plain comments). A handful of suppression markers that referenced a non-existent check were pointed at the correct one or removed. This is source-comment hygiene only — there is no change to any exported API, error code, wire format, or runtime behavior.
18
+
19
+ - v0.14.1 (2026-05-29) — **Correctness fixes: JAR request-object typ enforcement, byte-faithful PGP multipart/signed, and SAML InResponseTo binding.** A set of correctness fixes across the auth, mail-crypto, TLS, and encoder surfaces. The most important: JWT-secured authorization requests (RFC 9101) now require the request object to carry the registered `oauth-authz-req+jwt` typ, closing a cross-JWT-confusion vector; the PGP multipart/signed wrapper is now assembled byte-faithfully so non-ASCII signed content can't be corrupted; and SAML response verification now returns the InResponseTo of the SubjectConfirmation that actually validated. Two of these change behavior — see Changed — and are bug fixes rather than new features. **Changed:** *JAR parsing rejects untyped request objects (breaking)* — Following the typ enforcement above, a request object whose header omits `typ` is now refused. An authorization server whose clients sign request objects without the `oauth-authz-req+jwt` typ must update those clients to set it. · *PGP sign() returns multipartSigned as a Buffer (breaking)* — `b.mail.crypto.pgp.sign(...).multipartSigned` is now a Buffer instead of a string. The OpenPGP signature covers the signed-part bytes exactly, and a JS-string round trip through latin1/utf8 could corrupt non-ASCII signed content and break verification, so the RFC 3156 multipart/signed wrapper is now assembled as bytes. Code that wrote the previous string to the wire works unchanged when it writes the Buffer; code that did string operations on the value should treat it as a Buffer (its `indexOf` / `toString` still work). **Fixed:** *SAML response verification binds InResponseTo to the validated confirmation* — `verifyResponse` returned the InResponseTo of the first SubjectConfirmationData in the assertion rather than of the SubjectConfirmation that actually passed bearer validation. When a response carried more than one SubjectConfirmation, the returned value could come from a non-validated confirmation. It is now the InResponseTo of the confirmation that validated. · *checkServerIdentity9525 emits the documented CN-fallback audit code* — A CN-only legacy certificate (a Common Name present, no subjectAltName) is now refused by the exported `b.network.tls.checkServerIdentity9525` with the distinct `tls/pkix-cn-fallback-refused` code its documentation promised, so audit logs can tell a CN-only certificate apart from one carrying neither a SAN nor a CN (which still yields `tls/pkix-san-required`). The accept/refuse outcome is unchanged — both are refused; only the audit granularity improved. · *OIDC back-channel logout / JARM no longer accept dead override parameters* — `verifyBackchannelLogoutToken` and `parseJarmResponse` passed `acceptedAlgs` / `jwksUri` / `maxClockSkewMs` through to the ID-token verifier, which ignored them and applied the configured (create()-time) values. The pass-throughs are removed so the code no longer reads as if those can be overridden per call; the configured trust anchor was — and remains — what applies. · *Queue lease failures are logged* — The consumer loop's lease-acquisition error path swallowed the backend error silently; it now logs at debug so a flapping backend that has not yet tripped the circuit breaker is visible. · *Protobuf and ASN.1 encoders reject out-of-range tags* — The protobuf tag encoder rejected nothing and would have emitted a wrong tag for field numbers at or above 2^28 (where the 32-bit shift overflows); the ASN.1 context-tag writers silently truncated tag numbers above 30 (which require the multi-byte high-tag-number form). Both now throw a RangeError rather than encode silently-wrong output. The values these encoders serve are well within range, so no current caller is affected. · *oid4vci proofAlgorithms default documented accurately* — The documented default proof-algorithm list now matches the code (`["ES256", "ES384", "EdDSA"]`); the doc previously omitted EdDSA, which the runtime has always accepted by default. **Security:** *JAR request objects must carry the registered typ (RFC 9101)* — `b.auth.jar.parse` now requires the request-object JWS header to carry `typ: "oauth-authz-req+jwt"` (with or without the `application/` prefix); a request object with an absent or different typ is refused with `auth-jar/bad-typ`. RFC 9101 §10.8 specifies this media type precisely to stop a JWT minted for another purpose (an ID token, an access token, a logout token) and signed by the same client key from being replayed as a request object. The existing `iss` / `aud` / `client_id` bindings already constrained that; this restores the explicit type check as well. This is stricter than before — see Changed.
20
+
21
+ - v0.14.0 (2026-05-29) — **Operator-configurable header and field names across SSE, request-id, rate-limit, age-gate, AI-Act disclosure, GraphQL federation, and the HTTP cache.** This release makes operator-facing identifiers that were hardcoded configurable. The framework already let operators rename most names (CSRF cookie/field, cookie parser, i18n header/query/cookie, mTLS CA name, and so on); this closes the remaining gaps so a custom or framework-specific name is never frozen. Every new option defaults to the value emitted today, so upgrading changes no behavior — these are additive knobs. It also fixes a request-id asymmetry (the response header is now written on the same name the inbound id is read from) and wires an SSE proxy-buffering option whose escape hatch was documented but never implemented. **Added:** *Configurable cache-status header on the HTTP client* — The outbound HTTP client annotated every cached response with a hardcoded `x-blamejs-cache: HIT|MISS|STALE|REVALIDATED` header. `b.httpClient.cache.create` now takes `statusHeader` (default "x-blamejs-cache") — pass a custom name (e.g. "x-cache") to rename it, or null/false to suppress it entirely. The decision remains available programmatically on `res.cacheStatus`. · *Configurable rate-limit header names* — `b.middleware.rateLimit` emitted the de-facto `X-RateLimit-Limit` / `X-RateLimit-Remaining` headers (which are not RFC-pinned). It now accepts `headerPrefix` (default "X-RateLimit-") so operators can match the unprefixed IETF-draft `RateLimit-*` names or an upstream gateway's convention; the limit/remaining pair is always built from the same prefix. · *Configurable age-gate and AI-Act disclosure header names* — `b.middleware.ageGate` now takes `privacyPostureHeader` (default "X-Privacy-Posture"; null/false to suppress), and `b.middleware.aiActDisclosure` takes `headerPrefix` (default "AI-Act-") that prefixes the emitted Notice / Article / Policy headers. The EU AI Act mandates the disclosure, not the HTTP spelling, so operators matching a downstream convention can rename these. · *Configurable GraphQL-federation replay-nonce header* — `b.graphqlFederation.guardSdl` read the replay nonce from the Apollo-vendor `x-apollographql-router-nonce` header with no override. It now accepts `nonceHeader` (default unchanged) so an operator fronting the gateway with a non-Apollo router can point the replay check at their own header. · *SSE proxy-buffering opt-out* — `b.sse.create` and `b.middleware.sse` set `X-Accel-Buffering: no` (the nginx hint that disables proxy buffering). They now accept `proxyBuffer` (default true) — pass false when not behind nginx, or when buffering is controlled at the load balancer, to suppress the nginx-specific header. The opt-out was previously referenced in the documentation but not implemented. **Fixed:** *Request-id middleware reflects the configured header name* — `b.log.middleware` read the inbound request id from a configurable `headerName` but always wrote the response on the literal `X-Request-Id`. An operator who set a custom `headerName` (e.g. `X-Correlation-Id`) therefore read from one header and emitted another. The response is now written on the same configured name; the default remains `X-Request-Id`, so deployments that did not set `headerName` are unaffected.
22
+
9
23
  ## v0.13.x
10
24
 
11
25
  - v0.13.46 (2026-05-29) — **`createApp` now wires the documented security middleware ON by default — CSRF, CSP nonce, cookie parser, fetch-metadata, and body parser.** The README has long described a security middleware stack as "wired by createApp", but createApp only mounted request-ID, security-headers, and bot-guard by default — CSRF protection, the CSP nonce, the threat-aware cookie parser, the fetch-metadata guard, and the body parser were documented but not actually wired. This release closes that gap: createApp now mounts all of them by default, in dependency order (cookies, CSP nonce, fetch-metadata, then body parser, then CSRF last so it can read a body-field token). This is a behavior change — apps built with createApp now enforce CSRF on state-changing requests by default. Each layer is configurable via opts.middleware.<name> (operator cookie and field names flow straight through — nothing is hardcoded) or can be turned off with false, and disabling a security default now emits an app.middleware.disabled audit event. Every layer is idempotent: an operator who also mounts one of these inside opts.routes gets a no-op second mount rather than a double-apply. The default CSRF is a double-submit cookie that auto-skips requests carrying an Authorization header or no cookies at all, which are not CSRF-able, so token-authenticated API clients are not rejected. The README middleware list is now an accurate description of what createApp wires. **Added:** *Idempotent security middleware* — The cookie parser, CSP nonce, fetch-metadata, and CSRF middleware are now idempotent within a request: if one has already run (because createApp wired it and an operator also mounted it), the second instance is a no-op rather than re-parsing, re-generating a nonce, or issuing a second CSRF cookie. This lets an application compose its own middleware order on top of createApp's defaults without double-applying. The body parser already had this behavior. **Changed:** *createApp wires CSRF, CSP nonce, cookie parser, fetch-metadata, and body parser by default (breaking)* — Applications constructed with b.createApp now mount, in order: the threat-aware cookie parser, the CSP nonce generator, the fetch-metadata resource-isolation guard, the body parser (JSON / urlencoded / text / multipart), and CSRF protection — in addition to the request-ID, security-headers, and bot-guard layers already wired. The ordering guarantees CSRF runs after the body parser so a body-field token is available. This is a behavior change: state-changing requests (POST / PUT / DELETE / PATCH) that carry a session cookie are now CSRF-validated by default. Each layer is configured through opts.middleware.<name> (an object passes operator options straight through; cookie and field names are not hardcoded) or disabled with false. Operators who were mounting these middleware themselves inside opts.routes do not need to change anything — the second mount is now a no-op (see idempotency below). · *Default CSRF auto-skips token-authenticated and cookieless requests* — The CSRF middleware gains a skipStateless option (default false; createApp's default wiring sets it true). When on, token validation is skipped for requests that carry an Authorization header or no Cookie header at all — such requests are not CSRF-able, because CSRF abuses a victim's ambient cookie credential and these have none. The token is still issued on safe methods so a later cookie-authenticated browser flow works. Cross-site form CSRF is unaffected: the browser auto-sends the victim's cookies, so an attack request always carries a Cookie header and is validated. · *Disabling a default security middleware is audited* — Passing false for one of the security-on-by-default middleware (for example middleware: { csrf: false }) now emits an app.middleware.disabled audit event naming the middleware, so a weakened posture leaves a trace in the audit chain rather than being silent.
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 1,
3
- "frameworkVersion": "0.13.46",
4
- "createdAt": "2026-05-30T02:15:44.237Z",
3
+ "frameworkVersion": "0.14.5",
4
+ "createdAt": "2026-05-30T14:33:33.657Z",
5
5
  "exports": {
6
6
  "a2a": {
7
7
  "type": "object",
@@ -47,15 +47,15 @@ function mintLegacyEnvelope0xE1(plaintext, recipient) {
47
47
  var nonce = bCrypto.generateBytes(C.BYTES.bytes(24));
48
48
  // Legacy 0xE1 envelope header — 4 bytes: magic, kemId, cipherId, kdfId.
49
49
  var headerAad = Buffer.from([
50
- 0xE1, // allow:raw-byte-literal — legacy 0xE1 envelope magic byte
50
+ 0xE1, // legacy 0xE1 envelope magic byte
51
51
  C.KEM_IDS.ML_KEM_1024_P384,
52
52
  C.CIPHER_IDS.XCHACHA20_POLY1305,
53
53
  C.KDF_IDS.SHAKE256,
54
54
  ]);
55
55
  var ct = xchacha20poly1305(key, nonce, headerAad).encrypt(Buffer.from(plaintext, "utf8"));
56
- var kemCtLen = Buffer.alloc(2); kemCtLen.writeUInt16BE(kem.ciphertext.length); // allow:raw-byte-literal — 16-bit length-prefix field
56
+ var kemCtLen = Buffer.alloc(2); kemCtLen.writeUInt16BE(kem.ciphertext.length); // 16-bit length-prefix field
57
57
  var ecEphDer = ephEc.publicKey;
58
- var ecEphLen = Buffer.alloc(2); ecEphLen.writeUInt16BE(ecEphDer.length); // allow:raw-byte-literal — 16-bit length-prefix field
58
+ var ecEphLen = Buffer.alloc(2); ecEphLen.writeUInt16BE(ecEphDer.length); // 16-bit length-prefix field
59
59
  return Buffer.concat([
60
60
  headerAad,
61
61
  kemCtLen, kem.ciphertext, ecEphLen, ecEphDer, nonce, Buffer.from(ct),
@@ -62,17 +62,17 @@ var A2aTasksError = defineClass("A2aTasksError", { alwaysPermanent: true });
62
62
  var JSONRPC_VERSION = "2.0";
63
63
 
64
64
  // JSON-RPC 2.0 fixed error codes — A2A inherits these.
65
- var JSONRPC_PARSE_ERROR = -32700; // allow:raw-byte-literal — JSON-RPC fixed code / allow:raw-time-literal — not seconds
66
- var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-byte-literal — JSON-RPC fixed code / allow:raw-time-literal — not seconds
67
- var JSONRPC_METHOD_NOT_FOUND = -32601; // allow:raw-byte-literal — JSON-RPC fixed code / allow:raw-time-literal — not seconds
68
- var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-byte-literal — JSON-RPC fixed code / allow:raw-time-literal — not seconds
69
- var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-byte-literal — JSON-RPC fixed code / allow:raw-time-literal — not seconds
65
+ var JSONRPC_PARSE_ERROR = -32700; // allow:raw-time-literal — not seconds
66
+ var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-time-literal — not seconds
67
+ var JSONRPC_METHOD_NOT_FOUND = -32601; // allow:raw-time-literal — not seconds
68
+ var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-time-literal — not seconds
69
+ var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-time-literal — not seconds
70
70
 
71
71
  // A2A-specific error codes per the spec's task-error vocabulary.
72
72
  // A2A_TASK_NOT_FOUND (-32002) + A2A_TASK_NOT_CANCELABLE (-32003) are
73
73
  // raised by operator handlers — they're reserved here for documentation
74
74
  // purposes only.
75
- var A2A_SCOPE_DENIED = -32001; // allow:raw-byte-literal — JSON-RPC server-error range / allow:raw-time-literal — not seconds
75
+ var A2A_SCOPE_DENIED = -32001; // allow:raw-time-literal — not seconds
76
76
 
77
77
  var ALLOWED_METHODS = Object.freeze(["tasks/send", "tasks/get", "tasks/cancel"]);
78
78
 
@@ -80,7 +80,7 @@ var TASK_ID_RE = /^[A-Za-z0-9_-]{1,64}$/;
80
80
  // Same identifier shape as MCP tool-name; consolidating would couple
81
81
  // MCP + A2A protocol identifiers into a single primitive.
82
82
  var SKILL_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._-]{0,63}$/; // allow:duplicate-regex — RFC-3986-unreserved identifier shape, shared across mcp.js + mcp-tool-registry.js
83
- // allow:raw-byte-literal — RFC-3986-unreserved identifier shape (length cap inside regex), not a byte count
83
+ // RFC-3986-unreserved identifier shape (length cap inside regex), not a byte count
84
84
 
85
85
  function _emitAudit(action, metadata, outcome) {
86
86
  try {
@@ -99,7 +99,7 @@ var bCrypto = lazyRequire(function () { return require("./crypto"); });
99
99
  // satisfies the framework's unused-var policy so the helper stays
100
100
  // available without an explicit disable directive.
101
101
  function _newTaskId() {
102
- return bCrypto().generateToken(12); // allow:raw-byte-literal — 96-bit task id, not byte arithmetic on payload
102
+ return bCrypto().generateToken(12); // 96-bit task id, not byte arithmetic on payload
103
103
  }
104
104
 
105
105
  function _validateTaskShape(task, where) {
@@ -108,7 +108,7 @@ function _validateTaskShape(task, where) {
108
108
  where + ": task must be a non-null object", true);
109
109
  }
110
110
  validateOpts.requireNonEmptyString(task.skill, where + ".skill", A2aTasksError, "a2a-tasks/bad-skill");
111
- if (task.skill.length > 64 || !SKILL_NAME_RE.test(task.skill)) { // allow:raw-byte-literal — A2A skill-name length cap, not byte count
111
+ if (task.skill.length > 64 || !SKILL_NAME_RE.test(task.skill)) { // A2A skill-name length cap, not byte count
112
112
 
113
113
  throw new A2aTasksError("a2a-tasks/bad-skill",
114
114
  where + ".skill '" + task.skill + "' must match " + SKILL_NAME_RE);
@@ -196,7 +196,7 @@ async function get(opts) {
196
196
  }
197
197
  validateOpts.requireNonEmptyString(opts.peerUrl, "tasks.get.peerUrl", A2aTasksError, "a2a-tasks/bad-peer-url");
198
198
  validateOpts.requireNonEmptyString(opts.taskId, "tasks.get.taskId", A2aTasksError, "a2a-tasks/bad-task-id");
199
- if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // allow:raw-byte-literal — A2A task-id length cap, not byte count
199
+ if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // A2A task-id length cap, not byte count
200
200
  throw new A2aTasksError("a2a-tasks/bad-task-id",
201
201
  "tasks.get: taskId must match " + TASK_ID_RE);
202
202
  }
@@ -239,7 +239,7 @@ async function cancel(opts) {
239
239
  }
240
240
  validateOpts.requireNonEmptyString(opts.peerUrl, "tasks.cancel.peerUrl", A2aTasksError, "a2a-tasks/bad-peer-url");
241
241
  validateOpts.requireNonEmptyString(opts.taskId, "tasks.cancel.taskId", A2aTasksError, "a2a-tasks/bad-task-id");
242
- if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // allow:raw-byte-literal — A2A task-id length cap, not byte count
242
+ if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // A2A task-id length cap, not byte count
243
243
  throw new A2aTasksError("a2a-tasks/bad-task-id",
244
244
  "tasks.cancel: taskId must match " + TASK_ID_RE);
245
245
  }
@@ -280,7 +280,7 @@ async function _jsonRpc(url, method, params, opts) {
280
280
  throw new A2aTasksError("a2a-tasks/transport",
281
281
  "tasks." + method.split("/")[1] + ": transport error: " + (transportErr.message || transportErr));
282
282
  }
283
- if (rsp.statusCode < 200 || rsp.statusCode >= 300) { // allow:raw-byte-literal — HTTP status class boundaries
283
+ if (rsp.statusCode < 200 || rsp.statusCode >= 300) { // HTTP status class boundaries
284
284
  if (opts.audit) {
285
285
  _emitAudit("a2a.tasks.http_error",
286
286
  { method: method, url: url, statusCode: rsp.statusCode, elapsedMs: Date.now() - startMs },
@@ -395,7 +395,7 @@ function middlewareTasks(opts) {
395
395
 
396
396
  return function a2aTasksMiddleware(req, res) {
397
397
  if ((req.method || "").toUpperCase() !== "POST") {
398
- res.statusCode = 405; // allow:raw-byte-literal — HTTP 405 Method Not Allowed
398
+ res.statusCode = 405; // HTTP 405 Method Not Allowed
399
399
  res.setHeader("Content-Type", "application/json");
400
400
  res.setHeader("Allow", "POST");
401
401
  res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_INVALID_REQUEST, "method must be POST")));
@@ -403,7 +403,7 @@ function middlewareTasks(opts) {
403
403
  }
404
404
  var ctype = (req.headers && (req.headers["content-type"] || req.headers["Content-Type"])) || "";
405
405
  if (typeof ctype === "string" && ctype.indexOf("application/json") !== 0 && ctype.indexOf("application/json") === -1) {
406
- res.statusCode = 415; // allow:raw-byte-literal — HTTP 415 Unsupported Media Type
406
+ res.statusCode = 415; // HTTP 415 Unsupported Media Type
407
407
  res.setHeader("Content-Type", "application/json");
408
408
  res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_INVALID_REQUEST, "Content-Type must be application/json")));
409
409
  return;
@@ -414,14 +414,14 @@ function middlewareTasks(opts) {
414
414
  try {
415
415
  body = safeJson.parse(rawBytes.toString("utf8"), { maxBytes: maxBytes });
416
416
  } catch (_parseErr) {
417
- res.statusCode = 400; // allow:raw-byte-literal — HTTP 400 Bad Request
417
+ res.statusCode = 400; // HTTP 400 Bad Request
418
418
  res.setHeader("Content-Type", "application/json");
419
419
  res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_PARSE_ERROR, "invalid JSON body")));
420
420
  return;
421
421
  }
422
422
  if (!body || typeof body !== "object" || body.jsonrpc !== JSONRPC_VERSION ||
423
423
  typeof body.method !== "string") {
424
- res.statusCode = 400; // allow:raw-byte-literal — HTTP 400 Bad Request
424
+ res.statusCode = 400; // HTTP 400 Bad Request
425
425
  res.setHeader("Content-Type", "application/json");
426
426
  res.end(JSON.stringify(_jsonRpcError(body && body.id, JSONRPC_INVALID_REQUEST,
427
427
  "expected JSON-RPC 2.0 envelope { jsonrpc, id?, method, params? }")));
@@ -429,7 +429,7 @@ function middlewareTasks(opts) {
429
429
  }
430
430
  var reqId = body.id !== undefined ? body.id : null;
431
431
  if (ALLOWED_METHODS.indexOf(body.method) === -1) {
432
- res.statusCode = 200; // allow:raw-byte-literal — JSON-RPC errors return 200 with error envelope
432
+ res.statusCode = 200; // JSON-RPC errors return 200 with error envelope
433
433
  res.setHeader("Content-Type", "application/json");
434
434
  res.end(JSON.stringify(_jsonRpcError(reqId, JSONRPC_METHOD_NOT_FOUND,
435
435
  "method '" + body.method + "' not in [" + ALLOWED_METHODS.join(", ") + "]")));
@@ -440,7 +440,7 @@ function middlewareTasks(opts) {
440
440
  // Scope enforcement for tasks/send (task references a skill).
441
441
  if (body.method === "tasks/send" && scopes) {
442
442
  if (!params.task || typeof params.task !== "object" || typeof params.task.skill !== "string") {
443
- res.statusCode = 200; // allow:raw-byte-literal — JSON-RPC error envelope returns 200
443
+ res.statusCode = 200; // JSON-RPC error envelope returns 200
444
444
  res.setHeader("Content-Type", "application/json");
445
445
  res.end(JSON.stringify(_jsonRpcError(reqId, JSONRPC_INVALID_PARAMS,
446
446
  "tasks/send: params.task.skill required")));
@@ -454,7 +454,7 @@ function middlewareTasks(opts) {
454
454
  _emitAudit("a2a.tasks.scope_denied",
455
455
  { skill: params.task.skill, requiredScope: requiredScope }, "denied");
456
456
  }
457
- res.statusCode = 200; // allow:raw-byte-literal — JSON-RPC error envelope returns 200
457
+ res.statusCode = 200; // JSON-RPC error envelope returns 200
458
458
  res.setHeader("Content-Type", "application/json");
459
459
  res.end(JSON.stringify(_jsonRpcError(reqId, A2A_SCOPE_DENIED,
460
460
  "scope '" + requiredScope + "' required for skill '" + params.task.skill + "'")));
@@ -476,7 +476,7 @@ function middlewareTasks(opts) {
476
476
  _emitAudit("a2a.tasks.handled",
477
477
  { method: body.method, skill: params.task && params.task.skill, taskId: params.taskId });
478
478
  }
479
- res.statusCode = 200; // allow:raw-byte-literal — JSON-RPC 200 with result envelope
479
+ res.statusCode = 200; // JSON-RPC 200 with result envelope
480
480
  res.setHeader("Content-Type", "application/json");
481
481
  res.end(JSON.stringify({
482
482
  jsonrpc: JSONRPC_VERSION,
@@ -491,12 +491,12 @@ function middlewareTasks(opts) {
491
491
  _emitAudit("a2a.tasks.handler_error",
492
492
  { method: body.method, errorMessage: msg, errorCode: code }, "warning");
493
493
  }
494
- res.statusCode = 200; // allow:raw-byte-literal — JSON-RPC error envelope returns 200
494
+ res.statusCode = 200; // JSON-RPC error envelope returns 200
495
495
  res.setHeader("Content-Type", "application/json");
496
496
  res.end(JSON.stringify(_jsonRpcError(reqId, code, msg)));
497
497
  });
498
498
  }).catch(function (readErr) {
499
- res.statusCode = 400; // allow:raw-byte-literal — HTTP 400 Bad Request
499
+ res.statusCode = 400; // HTTP 400 Bad Request
500
500
  res.setHeader("Content-Type", "application/json");
501
501
  res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_PARSE_ERROR,
502
502
  "could not read request body: " + (readErr.message || readErr))));
@@ -573,12 +573,12 @@ function middlewareAgentCard(opts) {
573
573
  var cardJson = JSON.stringify(opts.card);
574
574
  return function a2aAgentCardMiddleware(req, res) {
575
575
  if ((req.method || "").toUpperCase() !== "GET") {
576
- res.statusCode = 405; // allow:raw-byte-literal — HTTP 405 Method Not Allowed
576
+ res.statusCode = 405; // HTTP 405 Method Not Allowed
577
577
  res.setHeader("Allow", "GET");
578
578
  res.end();
579
579
  return;
580
580
  }
581
- res.statusCode = 200; // allow:raw-byte-literal — HTTP 200 OK
581
+ res.statusCode = 200; // HTTP 200 OK
582
582
  res.setHeader("Content-Type", "application/json");
583
583
  res.setHeader("Cache-Control", "public, max-age=" + maxAgeSec);
584
584
  res.end(cardJson);
@@ -39,10 +39,10 @@ var audit = require("./audit");
39
39
  var { A2aError } = require("./framework-error");
40
40
 
41
41
  var REQUIRED_CARD_FIELDS = ["issuer", "agentId", "capabilities", "version"];
42
- var ID_MAX = 256; // allow:raw-byte-literal — string-length cap, not bytes
43
- var SEMVER_MAX = 64; // allow:raw-byte-literal — string-length cap, not bytes
44
- var CAP_NAME_MAX = 128; // allow:raw-byte-literal — string-length cap, not bytes
45
- var SHAKE256_BYTES = 64; // allow:raw-byte-literal — SHA3-512 output is 64 bytes (FIPS 202)
42
+ var ID_MAX = 256; // string-length cap, not bytes
43
+ var SEMVER_MAX = 64; // string-length cap, not bytes
44
+ var CAP_NAME_MAX = 128; // string-length cap, not bytes
45
+ var SHAKE256_BYTES = 64; // SHA3-512 output is 64 bytes (FIPS 202)
46
46
  var ID_RE = /^[a-zA-Z0-9._:/-]{1,256}$/;
47
47
  var SEMVER_RE = /^[0-9]+\.[0-9]+(?:\.[0-9]+)?(?:-[A-Za-z0-9.-]+)?$/;
48
48
 
@@ -138,7 +138,7 @@ function _signJws(privateKey, protectedHeader, payload) {
138
138
  // ECDSA from node:crypto returns DER-encoded (r,s); RFC 7515 requires
139
139
  // raw concatenation of r||s, each padded to the curve byte size (32
140
140
  // for P-256).
141
- var rawSig = _ecdsaDerToRaw(derSig, 32); // allow:raw-byte-literal — RFC 7518 §3.4 ES256 signature half-length (P-256 byte size)
141
+ var rawSig = _ecdsaDerToRaw(derSig, 32); // RFC 7518 §3.4 ES256 signature half-length (P-256 byte size)
142
142
  return {
143
143
  protected: protB64,
144
144
  payload: payloadB64,
@@ -1432,8 +1432,8 @@ function _base32lc(buf) {
1432
1432
  var bits = 0;
1433
1433
  var value = 0;
1434
1434
  for (var i = 0; i < buf.length; i += 1) {
1435
- value = (value << 8) | buf[i]; // allow:raw-byte-literal — bit-shift count, byte boundary
1436
- bits += 8; // allow:raw-byte-literal — bits-per-byte constant
1435
+ value = (value << 8) | buf[i]; // bit-shift count, byte boundary
1436
+ bits += 8; // bits-per-byte constant
1437
1437
  while (bits >= 5) {
1438
1438
  out += alphabet[(value >>> (bits - 5)) & 31];
1439
1439
  bits -= 5;
@@ -430,7 +430,7 @@ function _actorIdHash(actorId) {
430
430
 
431
431
  function _truncHash(hash) {
432
432
  if (typeof hash !== "string") return "";
433
- return hash.slice(0, 16); // allow:raw-byte-literal — audit-log truncation length, not a size cap
433
+ return hash.slice(0, 16); // audit-log truncation length, not a size cap
434
434
  }
435
435
 
436
436
  function _fingerprintArgs(args) {
@@ -117,7 +117,7 @@ function _unsealRegistryRow(row) {
117
117
  }
118
118
 
119
119
  var DEFAULT_DRAIN_TIMEOUT_MS = C.TIME.minutes(2);
120
- var STREAM_ID_RAND_BYTES = 8; // allow:raw-byte-literal — stream-id random-suffix byte length, not a size cap
120
+ var STREAM_ID_RAND_BYTES = 8; // stream-id random-suffix byte length, not a size cap
121
121
  var DEFAULT_PER_CONSUMER_STOP_MS = C.TIME.seconds(5);
122
122
  // SUBSTRATE-20 — FNV-1a offset basis salted with the first 32 bits of
123
123
  // SHA3-512(vault master). Attackers who don't have read access to the
@@ -428,7 +428,7 @@ function _spawnConsumers(ctx, args) {
428
428
  "spawnConsumers: queue with .consume() required");
429
429
  }
430
430
  var shards = typeof args.shards === "number" ? args.shards : 1;
431
- if (!Number.isInteger(shards) || shards < 1 || shards > 256) { // allow:raw-byte-literal — shard cap
431
+ if (!Number.isInteger(shards) || shards < 1 || shards > 256) { // shard cap
432
432
  throw new AgentOrchestratorError("agent-orchestrator/bad-shard-count",
433
433
  "spawnConsumers: shards must be an integer in 1..256");
434
434
  }
@@ -508,21 +508,21 @@ function _saltedFnvBasis() {
508
508
  var v;
509
509
  try { v = vault(); } catch (_e) { v = null; }
510
510
  if (!v || typeof v.getKeysJson !== "function") {
511
- _saltedFnvBasisCache = 2166136261; // allow:raw-byte-literal — FNV-1a offset basis (vault-less fallback)
511
+ _saltedFnvBasisCache = 2166136261; // FNV-1a offset basis (vault-less fallback)
512
512
  return _saltedFnvBasisCache;
513
513
  }
514
514
  var keysJson;
515
515
  try { keysJson = v.getKeysJson(); }
516
516
  catch (_e) {
517
- _saltedFnvBasisCache = 2166136261; // allow:raw-byte-literal — FNV-1a offset basis (vault-init-pending fallback)
517
+ _saltedFnvBasisCache = 2166136261; // FNV-1a offset basis (vault-init-pending fallback)
518
518
  return _saltedFnvBasisCache;
519
519
  }
520
520
  var hashHex = bCrypto.sha3Hash(keysJson);
521
521
  // Read the first 32 bits as the salt; mix into the offset basis via
522
522
  // XOR so the distribution properties of FNV are preserved.
523
- var saltBuf = Buffer.from(hashHex.slice(0, 8), "hex"); // allow:raw-byte-literal — 32-bit prefix of SHA3-512 hex (4 bytes = 8 hex chars)
523
+ var saltBuf = Buffer.from(hashHex.slice(0, 8), "hex"); // 32-bit prefix of SHA3-512 hex (4 bytes = 8 hex chars)
524
524
  var salt = saltBuf.readUInt32BE(0);
525
- _saltedFnvBasisCache = ((2166136261 ^ salt) >>> 0); // allow:raw-byte-literal — FNV-1a offset basis (vault-salted)
525
+ _saltedFnvBasisCache = ((2166136261 ^ salt) >>> 0); // FNV-1a offset basis (vault-salted)
526
526
  return _saltedFnvBasisCache;
527
527
  }
528
528
 
@@ -535,7 +535,7 @@ function shardFor(shardKey, shards) {
535
535
  var h = _saltedFnvBasis();
536
536
  for (var i = 0; i < shardKey.length; i += 1) {
537
537
  h ^= shardKey.charCodeAt(i);
538
- h = (h * 16777619) >>> 0; // allow:raw-byte-literal — FNV-1a prime
538
+ h = (h * 16777619) >>> 0; // FNV-1a prime
539
539
  }
540
540
  return h % shards;
541
541
  }
@@ -710,7 +710,7 @@ async function _quiesceInFlight(ctx, startedAt, timeoutMs) {
710
710
  }
711
711
  if (!anyInFlight) return true;
712
712
  await new Promise(function (r) {
713
- var t = setTimeout(r, 50); // allow:raw-byte-literal — 50ms in-flight poll interval
713
+ var t = setTimeout(r, 50); // 50ms in-flight poll interval
714
714
  if (t && typeof t.unref === "function") t.unref();
715
715
  });
716
716
  }
@@ -72,12 +72,12 @@ var BUILTIN_REGIMES = Object.freeze(["hipaa", "pci-dss", "gdpr", "soc2"]);
72
72
  // SHAPE, not authenticity). Defense is a keyed MAC over the canonical
73
73
  // envelope bytes, computed at appendHop and verified at validate.
74
74
  var ENVELOPE_MAC_LABEL = "blamejs.agent.postureChain/v1";
75
- var ENVELOPE_MAC_KEY_BYTES = 32; // allow:raw-byte-literal — HMAC-SHA3-512 keyed bytes
75
+ var ENVELOPE_MAC_KEY_BYTES = 32; // HMAC-SHA3-512 keyed bytes
76
76
  // SUBSTRATE-21 — hop count cap defends infinite recursion across
77
77
  // agent delegation. 16 is the spec default; operators can lower via
78
78
  // opts.maxHopCount but never raise (audit fan-out without a cap is a
79
79
  // DoS class).
80
- var DEFAULT_MAX_HOP_COUNT = 16; // allow:raw-byte-literal — hop count cap
80
+ var DEFAULT_MAX_HOP_COUNT = 16; // hop count cap
81
81
  var _macKeyCache = null; // memoized per-vault-master key
82
82
 
83
83
  function _resolveMacKey() {
@@ -80,7 +80,7 @@ var audit = lazyRequire(function () { return require("./audit"); })
80
80
 
81
81
  var AgentSagaError = defineClass("AgentSagaError", { alwaysPermanent: true });
82
82
 
83
- var SAGA_ID_RAND_BYTES = 8; // allow:raw-byte-literal — saga-id random-suffix byte length
83
+ var SAGA_ID_RAND_BYTES = 8; // saga-id random-suffix byte length
84
84
 
85
85
  /**
86
86
  * @primitive b.agent.saga.create
@@ -71,7 +71,7 @@ var DEFAULT_DRAIN_TIMEOUT_MS = C.TIME.minutes(2);
71
71
  var DEFAULT_SNAPSHOT_INTERVAL_MS = C.TIME.minutes(5);
72
72
  var DEFAULT_MAX_SNAPSHOT_BYTES = C.BYTES.mib(50);
73
73
  var SCHEMA_VERSION = 1;
74
- var SNAPSHOT_ID_RAND_BYTES = 8; // allow:raw-byte-literal — snapshot-id random suffix
74
+ var SNAPSHOT_ID_RAND_BYTES = 8; // snapshot-id random suffix
75
75
 
76
76
  /**
77
77
  * @primitive b.agent.snapshot.create
@@ -66,7 +66,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
66
66
 
67
67
  var AgentStreamError = defineClass("AgentStreamError", { alwaysPermanent: true });
68
68
 
69
- var DEFAULT_BATCH_SIZE = 256; // allow:raw-byte-literal — cursor batch row count, not bytes
69
+ var DEFAULT_BATCH_SIZE = 256; // cursor batch row count, not bytes
70
70
 
71
71
  /**
72
72
  * @primitive b.agent.stream.create
@@ -121,7 +121,7 @@ var TENANT_KDF_LABEL = "blamejs.agent.tenant/v1";
121
121
  // 32 bytes — XChaCha20-Poly1305 key length. Distinct from the audit
122
122
  // truncation buffer so future key-length bumps don't have to chase a
123
123
  // magic constant.
124
- var TENANT_KEY_BYTES = 32; // allow:raw-byte-literal — XChaCha20-Poly1305 key length (256 bits)
124
+ var TENANT_KEY_BYTES = 32; // XChaCha20-Poly1305 key length (256 bits)
125
125
 
126
126
  /**
127
127
  * @primitive b.agent.tenant.create
@@ -78,7 +78,7 @@ function _emitFirstFailureAudit(auditImpl, kind, message) {
78
78
  if (_failureAuditEmittedFor[kind]) return;
79
79
  _failureAuditEmittedFor[kind] = true;
80
80
  agentAudit.safeAudit(auditImpl, "agent.trace.tracer_failure", null, {
81
- kind: kind, message: message ? String(message).slice(0, 256) : "", // allow:raw-byte-literal — audit-message char cap
81
+ kind: kind, message: message ? String(message).slice(0, 256) : "", // audit-message char cap
82
82
  rateLimited: "first-occurrence-only",
83
83
  });
84
84
  }
@@ -249,8 +249,8 @@ function _shouldSample(globalRate, perMethod, method, traceId) {
249
249
  // Use the low 32 bits of the trace-id as the sampling roll
250
250
  // (W3C-compatible). Hash modulo 1e9 → divide by 1e9 puts the
251
251
  // result in [0,1) deterministically.
252
- var lo = parseInt(traceId.slice(-8), 16); // allow:raw-byte-literal — low 32 bits of trace-id hex
253
- var roll = (lo >>> 0) / 0x100000000; // allow:raw-byte-literal — 2^32 normalization divisor
252
+ var lo = parseInt(traceId.slice(-8), 16); // low 32 bits of trace-id hex
253
+ var roll = (lo >>> 0) / 0x100000000; // 2^32 normalization divisor
254
254
  return roll < rate;
255
255
  }
256
256
  // No trace-id supplied — start of a new trace. Operators wire
@@ -74,7 +74,7 @@ var REASONING_TIERS = ["none", "basic", "standard", "advanced"];
74
74
  // descriptor fields are costPer1kInputTokens / costPer1kOutputTokens).
75
75
  // Dividing a token count by this rate unit converts a per-1k rate into
76
76
  // the per-token multiplier — a rate denominator, not a byte size.
77
- var COST_RATE_TOKEN_UNIT = 1000; // allow:raw-byte-literal — per-1k-token cost-rate denominator, not a byte count
77
+ var COST_RATE_TOKEN_UNIT = 1000; // per-1k-token cost-rate denominator, not a byte count
78
78
 
79
79
  var DESCRIPTOR_KEYS = [
80
80
  "maxContextTokens", "maxOutputTokens", "modalitiesIn", "modalitiesOut",
@@ -73,7 +73,7 @@ var ACCOUNTINGS = ["basic", "rdp"];
73
73
  // integer-exact discrete-Gaussian sampler. 2^32 keeps the deviation
74
74
  // from the target σ² below 2^-32 — far under the noise scale — while
75
75
  // keeping the BigInt denominators bounded.
76
- var SIGMA2_RATIONAL_DEN = 4294967296; // allow:raw-byte-literal — 2^32 rational-approx denominator, not a byte size
76
+ var SIGMA2_RATIONAL_DEN = 4294967296; // 2^32 rational-approx denominator, not a byte size
77
77
 
78
78
  // ---- Minimal exact rational (BigInt num / den, den > 0) ----
79
79
 
@@ -105,7 +105,7 @@ function _uniformBelow(m) {
105
105
  if (m <= 0n) throw new AiDpError("ai-dp/internal", "ai.dp: _uniformBelow needs m > 0");
106
106
  if (m === 1n) return 0n;
107
107
  var bits = m.toString(2).length;
108
- var bytes = Math.ceil(bits / 8); // allow:raw-byte-literal — bits-per-byte divisor, not a size
108
+ var bytes = Math.ceil(bits / 8); // bits-per-byte divisor, not a size
109
109
  var mask = (1n << BigInt(bits)) - 1n;
110
110
  for (;;) {
111
111
  var buf = bCrypto.generateBytes(bytes);
@@ -121,7 +121,7 @@ function _uniformBelow(m) {
121
121
  // the BigInt rejection sampler (accumulating 53 bits in a JS Number
122
122
  // would overflow the 2^53 safe-integer range and skew the draw), then
123
123
  // mapped (val + 1) / 2^53 → (0, 1].
124
- var TWO_POW_53 = 9007199254740992; // allow:raw-byte-literal — 2^53 mantissa range, not a byte size
124
+ var TWO_POW_53 = 9007199254740992; // 2^53 mantissa range, not a byte size
125
125
  function _uniformOpen() {
126
126
  var v = Number(_uniformBelow(9007199254740992n)); // [0, 2^53) exact
127
127
  return (v + 1) / TWO_POW_53; // (0, 1]
@@ -231,7 +231,7 @@ function _snappingLaplace(value, scale, bound) {
231
231
 
232
232
  // ---- Rényi-DP costs (Mironov 2017) ----
233
233
 
234
- var RDP_ORDERS = [1.25, 1.5, 1.75, 2, 2.5, 3, 4, 5, 6, 8, 12, 16, 24, 32, 48, 64, 128, 256]; // allow:raw-byte-literal — Rényi DP orders (α), not byte sizes
234
+ var RDP_ORDERS = [1.25, 1.5, 1.75, 2, 2.5, 3, 4, 5, 6, 8, 12, 16, 24, 32, 48, 64, 128, 256]; // Rényi DP orders (α), not byte sizes
235
235
 
236
236
  // Gaussian mechanism with noise-to-sensitivity z = sigma / sensitivity:
237
237
  // RDP(alpha) = alpha / (2 z^2).
@@ -25,8 +25,8 @@ var numericBounds = require("./numeric-bounds");
25
25
  var audit = require("./audit");
26
26
  var { AiInputError } = require("./framework-error");
27
27
 
28
- var SAMPLE_TRUNC = 80; // allow:raw-byte-literal — sample truncation length, not bytes
29
- var CONFIDENCE_BASE = 60; // allow:raw-byte-literal — confidence percentage base / allow:raw-time-literal — not seconds
28
+ var SAMPLE_TRUNC = 80; // sample truncation length, not bytes
29
+ var CONFIDENCE_BASE = 60; // allow:raw-time-literal — not seconds
30
30
 
31
31
  var PATTERNS = [
32
32
  { id: "ignore-prior-instructions", severity: 3, re:
@@ -44,7 +44,7 @@ var PATTERNS = [
44
44
  { id: "exfil-callback", severity: 3, re:
45
45
  /\b(?:send|post|fetch|exfil|leak|paste|forward)\b[\s\S]{0,40}(?:secret|key|token|password|cred|env|\.ssh|private)/i },
46
46
  { id: "base64-marker-around-instructions", severity: 2, re:
47
- /(?:[A-Za-z0-9+/]{40,}={0,2})\s+(?:means|decodes?\s+to|=)/i }, // allow:raw-byte-literal — regex repetition floor, not bytes
47
+ /(?:[A-Za-z0-9+/]{40,}={0,2})\s+(?:means|decodes?\s+to|=)/i }, // regex repetition floor, not bytes
48
48
  { id: "rot13-shape", severity: 2, re:
49
49
  /\b(?:rot13|rotcipher|cipher|caesar)\s*[:=]\s*[a-zA-Z]{20,}/i },
50
50
  { id: "markdown-injection", severity: 2, re:
@@ -138,7 +138,7 @@ function classify(input, opts) {
138
138
  else if (signals[j].severity === 2) sev2++;
139
139
  }
140
140
  var verdict = sev3 > 0 ? "malicious" : (sev2 >= 2 ? "suspicious" : "clean");
141
- var confidence = sev3 === 0 && sev2 === 0 ? 0 : Math.min(100, CONFIDENCE_BASE + sev3 * 15 + sev2 * 5); // allow:raw-byte-literal — confidence ceiling 100, not bytes/seconds
141
+ var confidence = sev3 === 0 && sev2 === 0 ? 0 : Math.min(100, CONFIDENCE_BASE + sev3 * 15 + sev2 * 5); // confidence ceiling 100, not bytes/seconds
142
142
 
143
143
  if (auditOn && verdict !== "clean") {
144
144
  audit.safeEmit({