@blamejs/blamejs-shop 0.3.5 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +14 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
- package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
- package/lib/vendor/blamejs/lib/a2a.js +4 -4
- package/lib/vendor/blamejs/lib/acme.js +3 -3
- package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
- package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
- package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
- package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
- package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
- package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
- package/lib/vendor/blamejs/lib/ai-input.js +4 -4
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
- package/lib/vendor/blamejs/lib/archive-read.js +25 -25
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
- package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
- package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
- package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
- package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
- package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
- package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
- package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
- package/lib/vendor/blamejs/lib/audit.js +2 -2
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
- package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
- package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
- package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
- package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
- package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/backup/index.js +7 -7
- package/lib/vendor/blamejs/lib/base32.js +8 -8
- package/lib/vendor/blamejs/lib/budr.js +2 -2
- package/lib/vendor/blamejs/lib/cache-status.js +2 -2
- package/lib/vendor/blamejs/lib/calendar.js +29 -29
- package/lib/vendor/blamejs/lib/cbor.js +12 -12
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
- package/lib/vendor/blamejs/lib/cert.js +5 -5
- package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
- package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
- package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
- package/lib/vendor/blamejs/lib/compliance.js +29 -29
- package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
- package/lib/vendor/blamejs/lib/cookies.js +1 -1
- package/lib/vendor/blamejs/lib/cose.js +13 -13
- package/lib/vendor/blamejs/lib/cra-report.js +1 -1
- package/lib/vendor/blamejs/lib/crdt.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
- package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
- package/lib/vendor/blamejs/lib/crypto.js +6 -6
- package/lib/vendor/blamejs/lib/csp.js +2 -2
- package/lib/vendor/blamejs/lib/cwt.js +4 -4
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
- package/lib/vendor/blamejs/lib/data-act.js +2 -2
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
- package/lib/vendor/blamejs/lib/db-query.js +1 -1
- package/lib/vendor/blamejs/lib/db.js +6 -6
- package/lib/vendor/blamejs/lib/dbsc.js +13 -13
- package/lib/vendor/blamejs/lib/did.js +17 -17
- package/lib/vendor/blamejs/lib/dora.js +4 -4
- package/lib/vendor/blamejs/lib/dsr.js +1 -1
- package/lib/vendor/blamejs/lib/early-hints.js +2 -2
- package/lib/vendor/blamejs/lib/eat.js +4 -4
- package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
- package/lib/vendor/blamejs/lib/external-db.js +1 -1
- package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
- package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
- package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
- package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
- package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
- package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
- package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
- package/lib/vendor/blamejs/lib/guard-email.js +19 -19
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
- package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
- package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
- package/lib/vendor/blamejs/lib/guard-html.js +7 -7
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
- package/lib/vendor/blamejs/lib/guard-image.js +4 -4
- package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
- package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
- package/lib/vendor/blamejs/lib/guard-json.js +12 -12
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
- package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
- package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
- package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
- package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
- package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
- package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
- package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
- package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
- package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
- package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-time.js +15 -15
- package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
- package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
- package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
- package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
- package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
- package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
- package/lib/vendor/blamejs/lib/http-client.js +13 -10
- package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
- package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
- package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
- package/lib/vendor/blamejs/lib/inbox.js +4 -4
- package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
- package/lib/vendor/blamejs/lib/json-path.js +3 -3
- package/lib/vendor/blamejs/lib/json-schema.js +1 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/link-header.js +1 -1
- package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
- package/lib/vendor/blamejs/lib/log.js +8 -3
- package/lib/vendor/blamejs/lib/lro.js +4 -4
- package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
- package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
- package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
- package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
- package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
- package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
- package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
- package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
- package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
- package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
- package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
- package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
- package/lib/vendor/blamejs/lib/mail-store.js +8 -8
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
- package/lib/vendor/blamejs/lib/mail.js +4 -4
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
- package/lib/vendor/blamejs/lib/mcp.js +15 -15
- package/lib/vendor/blamejs/lib/mdoc.js +2 -2
- package/lib/vendor/blamejs/lib/metrics.js +8 -8
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
- package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
- package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
- package/lib/vendor/blamejs/lib/network-dns.js +29 -29
- package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
- package/lib/vendor/blamejs/lib/network-tls.js +100 -98
- package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
- package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
- package/lib/vendor/blamejs/lib/observability.js +8 -8
- package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
- package/lib/vendor/blamejs/lib/openapi.js +1 -1
- package/lib/vendor/blamejs/lib/outbox.js +6 -6
- package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
- package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
- package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
- package/lib/vendor/blamejs/lib/problem-details.js +5 -5
- package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
- package/lib/vendor/blamejs/lib/queue.js +4 -2
- package/lib/vendor/blamejs/lib/redact.js +2 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
- package/lib/vendor/blamejs/lib/router.js +10 -10
- package/lib/vendor/blamejs/lib/safe-async.js +2 -2
- package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
- package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
- package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
- package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
- package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
- package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
- package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/lib/safe-url.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
- package/lib/vendor/blamejs/lib/sandbox.js +5 -5
- package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
- package/lib/vendor/blamejs/lib/self-update.js +3 -3
- package/lib/vendor/blamejs/lib/server-timing.js +3 -3
- package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
- package/lib/vendor/blamejs/lib/session.js +8 -8
- package/lib/vendor/blamejs/lib/sse.js +12 -5
- package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
- package/lib/vendor/blamejs/lib/storage.js +2 -2
- package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
- package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
- package/lib/vendor/blamejs/lib/subject.js +1 -1
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
- package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
- package/lib/vendor/blamejs/lib/test-harness.js +1 -1
- package/lib/vendor/blamejs/lib/tracing.js +1 -1
- package/lib/vendor/blamejs/lib/tsa.js +5 -5
- package/lib/vendor/blamejs/lib/uri-template.js +5 -5
- package/lib/vendor/blamejs/lib/vault/index.js +2 -2
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
- package/lib/vendor/blamejs/lib/vc.js +2 -2
- package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
- package/lib/vendor/blamejs/lib/watcher.js +4 -4
- package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
- package/lib/vendor/blamejs/lib/webhook.js +2 -2
- package/lib/vendor/blamejs/lib/websocket.js +5 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
- package/lib/vendor/blamejs/lib/ws-client.js +24 -24
- package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
- package/lib/vendor/blamejs/test/00-primitives.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
- package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
- package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
- package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
|
@@ -59,8 +59,8 @@ function _base32Encode(buf) {
|
|
|
59
59
|
var bits = 0;
|
|
60
60
|
var value = 0;
|
|
61
61
|
for (var i = 0; i < buf.length; i += 1) {
|
|
62
|
-
value = (value << 8) | buf[i]; //
|
|
63
|
-
bits += 8; //
|
|
62
|
+
value = (value << 8) | buf[i]; // byte-aligned shift
|
|
63
|
+
bits += 8; // bits-per-byte constant
|
|
64
64
|
while (bits >= 5) {
|
|
65
65
|
out += BASE32.charAt((value >>> (bits - 5)) & 31);
|
|
66
66
|
bits -= 5;
|
|
@@ -72,13 +72,13 @@ function _base32Encode(buf) {
|
|
|
72
72
|
|
|
73
73
|
function _hashTag(secret, hashInput) {
|
|
74
74
|
var mac = nodeCrypto.createHmac("sha256", secret).update(hashInput.toLowerCase(), "utf8").digest();
|
|
75
|
-
return _base32Encode(mac.subarray(0, 4)).slice(0, 4); //
|
|
75
|
+
return _base32Encode(mac.subarray(0, 4)).slice(0, 4); // SRS spec 4-char short-tag
|
|
76
76
|
}
|
|
77
77
|
|
|
78
78
|
function _dayStamp(nowMs) {
|
|
79
79
|
// Days since epoch, mod 1024. Two-char base32 = 1024 possible values.
|
|
80
|
-
var days = Math.floor(nowMs / 86400000) % 1024; //
|
|
81
|
-
return BASE32.charAt(days >>> 5) + BASE32.charAt(days & 31); //
|
|
80
|
+
var days = Math.floor(nowMs / 86400000) % 1024; // ms-per-day + mod-1024 SRS rotation
|
|
81
|
+
return BASE32.charAt(days >>> 5) + BASE32.charAt(days & 31); // 5-bit base32 split
|
|
82
82
|
}
|
|
83
83
|
|
|
84
84
|
function _dayDiff(stamp, nowMs) {
|
|
@@ -86,11 +86,11 @@ function _dayDiff(stamp, nowMs) {
|
|
|
86
86
|
var hi = BASE32.indexOf(stamp.charAt(0));
|
|
87
87
|
var lo = BASE32.indexOf(stamp.charAt(1));
|
|
88
88
|
if (hi < 0 || lo < 0) return Infinity;
|
|
89
|
-
var stampVal = (hi << 5) | lo; //
|
|
90
|
-
var nowVal = Math.floor(nowMs / 86400000) % 1024; //
|
|
89
|
+
var stampVal = (hi << 5) | lo; // 5-bit base32 split
|
|
90
|
+
var nowVal = Math.floor(nowMs / 86400000) % 1024; // ms-per-day + mod-1024 rotation
|
|
91
91
|
// Modular distance — assume positive (rewrites in the future are
|
|
92
92
|
// refused via _dayDiff > 0 callers).
|
|
93
|
-
var diff = (nowVal - stampVal + 1024) % 1024; //
|
|
93
|
+
var diff = (nowVal - stampVal + 1024) % 1024; // mod-1024 rotation
|
|
94
94
|
return diff;
|
|
95
95
|
}
|
|
96
96
|
|
|
@@ -131,13 +131,13 @@ function create(opts) {
|
|
|
131
131
|
opts.secret, "srs.create.secret", SrsError, "srs/bad-secret");
|
|
132
132
|
validateOpts.requireNonEmptyString(
|
|
133
133
|
opts.forwarderDomain, "srs.create.forwarderDomain", SrsError, "srs/bad-forwarder");
|
|
134
|
-
if (opts.secret.length < 16) { //
|
|
134
|
+
if (opts.secret.length < 16) { // minimum HMAC secret length
|
|
135
135
|
throw new SrsError("srs/bad-secret",
|
|
136
136
|
"srs.create: secret must be >= 16 chars (operator-supplied entropy floor)");
|
|
137
137
|
}
|
|
138
|
-
var expiryDays = opts.expiryDays !== undefined ? opts.expiryDays : 30; //
|
|
138
|
+
var expiryDays = opts.expiryDays !== undefined ? opts.expiryDays : 30; // default expiry window in days
|
|
139
139
|
if (typeof expiryDays !== "number" || !Number.isInteger(expiryDays) ||
|
|
140
|
-
expiryDays < 1 || expiryDays > 1024) { //
|
|
140
|
+
expiryDays < 1 || expiryDays > 1024) { // SRS rotation cycle cap
|
|
141
141
|
throw new SrsError("srs/bad-expiry",
|
|
142
142
|
"srs.create: expiryDays must be an integer 1..1024 (SRS rotation cycle)");
|
|
143
143
|
}
|
|
@@ -154,7 +154,7 @@ function create(opts) {
|
|
|
154
154
|
}
|
|
155
155
|
var localPart = originalAddress.slice(0, at);
|
|
156
156
|
var domain = originalAddress.slice(at + 1);
|
|
157
|
-
if (localPart.length > 64 || domain.length > 253) { //
|
|
157
|
+
if (localPart.length > 64 || domain.length > 253) { // RFC 5321 local-part / domain caps
|
|
158
158
|
throw new SrsError("srs/bad-address",
|
|
159
159
|
"srs.rewrite: localPart / domain exceeds RFC 5321 length cap");
|
|
160
160
|
}
|
|
@@ -77,7 +77,7 @@ var MAX_TOKEN_LEN = 64;
|
|
|
77
77
|
// millions of tokens; FTS5 row insert + index update must stay
|
|
78
78
|
// bounded. The cap is applied AFTER stopword + length filter so the
|
|
79
79
|
// surviving tokens are the highest-signal subset.
|
|
80
|
-
var MAX_TOKENS_PER_FIELD = 8192; //
|
|
80
|
+
var MAX_TOKENS_PER_FIELD = 8192; // token-count cap, not bytes
|
|
81
81
|
|
|
82
82
|
// Per-field FTS column names. Kept symmetric with the messages table
|
|
83
83
|
// columns so callers can reason about which FTS column corresponds
|
|
@@ -187,7 +187,7 @@ function hashToken(table, field, token) {
|
|
|
187
187
|
var ns = "bj-" + table + "-" + field + ":fts:";
|
|
188
188
|
var salt = vault.getDerivedHashSalt();
|
|
189
189
|
var saltHex = (salt && typeof salt.toString === "function") ? salt.toString("hex") : "";
|
|
190
|
-
return bCrypto.sha3Hash(saltHex + ns + token).slice(0, 16); //
|
|
190
|
+
return bCrypto.sha3Hash(saltHex + ns + token).slice(0, 16); // 16-char hex prefix length, not bytes
|
|
191
191
|
}
|
|
192
192
|
|
|
193
193
|
// Hash a token array → space-separated string suitable for FTS5
|
|
@@ -275,7 +275,7 @@ function create(opts) {
|
|
|
275
275
|
var f = filter || {};
|
|
276
276
|
var sinceModseq = f.sinceModseq || 0;
|
|
277
277
|
var limit = f.limit || 100;
|
|
278
|
-
if (limit > 1000) limit = 1000; //
|
|
278
|
+
if (limit > 1000) limit = 1000; // query row cap, not bytes
|
|
279
279
|
|
|
280
280
|
var matchClauses = [];
|
|
281
281
|
function addMatch(filterKey, term) {
|
|
@@ -342,7 +342,7 @@ function create(opts) {
|
|
|
342
342
|
"queryByModseq: folder '" + folderName + "' not found");
|
|
343
343
|
}
|
|
344
344
|
var sinceModseq = (queryOpts && queryOpts.sinceModseq) || 0;
|
|
345
|
-
var limit = (queryOpts && queryOpts.limit) || 1000; //
|
|
345
|
+
var limit = (queryOpts && queryOpts.limit) || 1000; // query row cap, not bytes
|
|
346
346
|
var rows = stmtQueryByModseq.all(folder.id, sinceModseq, limit);
|
|
347
347
|
return rows.map(function (r) {
|
|
348
348
|
return {
|
|
@@ -373,7 +373,7 @@ function create(opts) {
|
|
|
373
373
|
var fo = folderOpts || {};
|
|
374
374
|
var role = fo.role || null;
|
|
375
375
|
var parentId = fo.parentId || null;
|
|
376
|
-
var uidvalidity = Math.floor(Date.now() / 1000); //
|
|
376
|
+
var uidvalidity = Math.floor(Date.now() / 1000); // Unix timestamp, not bytes
|
|
377
377
|
stmtInsertFolder.run(name, role, parentId, uidvalidity);
|
|
378
378
|
return stmtGetFolderByName.get(name);
|
|
379
379
|
},
|
|
@@ -406,7 +406,7 @@ function create(opts) {
|
|
|
406
406
|
});
|
|
407
407
|
},
|
|
408
408
|
setLegalHold: function (objectids, holdOpts) {
|
|
409
|
-
var hold = (holdOpts && holdOpts.hold) ? 1 : 0; //
|
|
409
|
+
var hold = (holdOpts && holdOpts.hold) ? 1 : 0; // boolean cast for sqlite INTEGER column
|
|
410
410
|
objectids.forEach(function (oid) { stmtLegalHold.run(hold, oid); });
|
|
411
411
|
return { changed: objectids.length };
|
|
412
412
|
},
|
|
@@ -591,7 +591,7 @@ function _appendMessage(args) {
|
|
|
591
591
|
// token = 32-char hex = 128 bits, well above the birthday bound
|
|
592
592
|
// for any plausible message corpus. The prior `.slice(0, 24)` cut
|
|
593
593
|
// entropy to 96 bits; removed.
|
|
594
|
-
var objectid = "obj_" + bCrypto.generateToken(16); //
|
|
594
|
+
var objectid = "obj_" + bCrypto.generateToken(16); // 16-byte token, 32-char hex JMAP objectid (RFC 8474 §1.5.1)
|
|
595
595
|
var modseq = (folder.modseq_max || 0) + 1;
|
|
596
596
|
if (!threadRootId) threadRootId = objectid; // root of new thread
|
|
597
597
|
|
|
@@ -675,7 +675,7 @@ function _fetchByObjectId(args) {
|
|
|
675
675
|
bodyText: unsealed.body_text,
|
|
676
676
|
bodyHtml: unsealed.body_html,
|
|
677
677
|
flags: flags,
|
|
678
|
-
legalHold: row.legal_hold === 1, //
|
|
678
|
+
legalHold: row.legal_hold === 1, // sqlite INTEGER column 0|1
|
|
679
679
|
};
|
|
680
680
|
}
|
|
681
681
|
|
|
@@ -763,7 +763,7 @@ function _setFlags(args) {
|
|
|
763
763
|
// which both leaks a prepared-statement handle per chunk and
|
|
764
764
|
// doubles the SQL parse cost. Hold the stmt on a local + invoke
|
|
765
765
|
// .run() directly with the bound argument list.
|
|
766
|
-
var CHUNK = 500; //
|
|
766
|
+
var CHUNK = 500; // IN-clause chunk size, not bytes
|
|
767
767
|
for (var i = 0; i < args.objectids.length; i += CHUNK) {
|
|
768
768
|
var chunk = args.objectids.slice(i, i + CHUNK);
|
|
769
769
|
var placeholders = chunk.map(function () { return "?"; }).join(",");
|
|
@@ -915,7 +915,7 @@ function _ensureSchema(db, qMsgs, qFolders, qFlags, qQuota, qFts) {
|
|
|
915
915
|
function _ensureDefaultFolders(db, qFolders) {
|
|
916
916
|
var stmt = db.prepare("INSERT OR IGNORE INTO " + qFolders +
|
|
917
917
|
" (name, role, parent_id, modseq_max, uidvalidity) VALUES (?, ?, NULL, 0, ?)");
|
|
918
|
-
var uv = Math.floor(Date.now() / 1000); //
|
|
918
|
+
var uv = Math.floor(Date.now() / 1000); // Unix timestamp, not bytes
|
|
919
919
|
DEFAULT_FOLDERS.forEach(function (f) { stmt.run(f.name, f.role, uv); });
|
|
920
920
|
}
|
|
921
921
|
|
|
@@ -75,7 +75,7 @@ var HEADER_VALUE_MAX_BYTES = C.BYTES.kib(2);
|
|
|
75
75
|
function _isLdhListLabel(label) {
|
|
76
76
|
if (typeof label !== "string" || label.length === 0) return false;
|
|
77
77
|
// RFC 1035 §2.3.4 — labels bounded at 63 octets.
|
|
78
|
-
if (label.length > 63) return false; //
|
|
78
|
+
if (label.length > 63) return false; // RFC 1035 §2.3.4 hostname-label limit
|
|
79
79
|
var n = label.length;
|
|
80
80
|
for (var i = 0; i < n; i += 1) {
|
|
81
81
|
var c = label.charCodeAt(i);
|
|
@@ -108,7 +108,7 @@ function _validateListId(value, label) {
|
|
|
108
108
|
if (bracket) inner = bracket[1];
|
|
109
109
|
// Inner is dot-separated labels; each label LDH per RFC 2919 §3.
|
|
110
110
|
var labels = inner.split(".");
|
|
111
|
-
if (labels.length < 2) { //
|
|
111
|
+
if (labels.length < 2) { // RFC 2919 §3 requires >= 2 labels
|
|
112
112
|
throw new MailUnsubscribeError("mailunsubscribe/invalid-list-header-shape",
|
|
113
113
|
label + " '" + value + "' must contain at least two dot-separated labels (RFC 2919 §3)");
|
|
114
114
|
}
|
|
@@ -144,13 +144,13 @@ function _validateHttpsUrl(value, label) {
|
|
|
144
144
|
} catch (e) {
|
|
145
145
|
throw new MailUnsubscribeError("mailunsubscribe/invalid-list-header-shape",
|
|
146
146
|
label + " must be a valid https URL (got " +
|
|
147
|
-
JSON.stringify(value).slice(0, 200) + "): " + //
|
|
147
|
+
JSON.stringify(value).slice(0, 200) + "): " + // diagnostic clamp characters
|
|
148
148
|
((e && e.message) || String(e)));
|
|
149
149
|
}
|
|
150
150
|
if (!parsed) {
|
|
151
151
|
throw new MailUnsubscribeError("mailunsubscribe/invalid-list-header-shape",
|
|
152
152
|
label + " must be a valid https URL (got " +
|
|
153
|
-
JSON.stringify(value).slice(0, 200) + ")"); //
|
|
153
|
+
JSON.stringify(value).slice(0, 200) + ")"); // diagnostic clamp characters
|
|
154
154
|
}
|
|
155
155
|
return parsed.href;
|
|
156
156
|
}
|
|
@@ -1003,7 +1003,7 @@ function _smtpSend(message, cfg) {
|
|
|
1003
1003
|
var peerSupportsSmtpUtf8 = false; // RFC 6531 — set from EHLO response
|
|
1004
1004
|
var peerSupportsChunking = false; // RFC 3030 §2 CHUNKING
|
|
1005
1005
|
var peerSupportsBinaryMime = false; // RFC 3030 §3 BINARYMIME
|
|
1006
|
-
var peerSupports8BitMime = false; // RFC 6152 (eight-bit MIME) //
|
|
1006
|
+
var peerSupports8BitMime = false; // RFC 6152 (eight-bit MIME) // RFC number, not a byte literal
|
|
1007
1007
|
var peerSizeCap = -1; // RFC 1870 SIZE — -1 unset, 0 = no cap, >0 = byte limit
|
|
1008
1008
|
var upgradedToTLS = false;
|
|
1009
1009
|
var settled = false;
|
|
@@ -1688,7 +1688,7 @@ function create(opts) {
|
|
|
1688
1688
|
if (country && footerHtml.indexOf(country) === -1) {
|
|
1689
1689
|
throw new MailError("mail/bad-footer-html",
|
|
1690
1690
|
"mail.create({ footerHtml }): override must contain the postalAddress.country '" +
|
|
1691
|
-
country + "' (CAN-SPAM §7704(a)(5)). Got: " + footerHtml.slice(0, 200), //
|
|
1691
|
+
country + "' (CAN-SPAM §7704(a)(5)). Got: " + footerHtml.slice(0, 200), // diagnostic clamp characters, not bytes
|
|
1692
1692
|
true);
|
|
1693
1693
|
}
|
|
1694
1694
|
if (postalCode && footerHtml.indexOf(postalCode) === -1) {
|
|
@@ -1896,7 +1896,7 @@ function feedbackId(opts) {
|
|
|
1896
1896
|
throw new MailError("mail/bad-feedback-id-field",
|
|
1897
1897
|
"feedbackId: " + f.key + " must be a non-empty string");
|
|
1898
1898
|
}
|
|
1899
|
-
if (f.value.length > 64) { //
|
|
1899
|
+
if (f.value.length > 64) { // Gmail FBL per-field cap, not byte arithmetic
|
|
1900
1900
|
throw new MailError("mail/bad-feedback-id-field",
|
|
1901
1901
|
"feedbackId: " + f.key + " exceeds 64 chars (Gmail FBL truncation threshold)");
|
|
1902
1902
|
}
|
|
@@ -1909,7 +1909,7 @@ function feedbackId(opts) {
|
|
|
1909
1909
|
// ranges in regex literals regardless of escape form.
|
|
1910
1910
|
for (var ci = 0; ci < f.value.length; ci += 1) {
|
|
1911
1911
|
var code = f.value.charCodeAt(ci);
|
|
1912
|
-
if (code < 32 || code === 127) { //
|
|
1912
|
+
if (code < 32 || code === 127) { // C0 + DEL codepoint range
|
|
1913
1913
|
throw new MailError("mail/bad-feedback-id-field",
|
|
1914
1914
|
"feedbackId: " + f.key + " contains control characters");
|
|
1915
1915
|
}
|
|
@@ -114,7 +114,7 @@ function _validateTool(tool, where) {
|
|
|
114
114
|
where + ": tool must be a non-null object", true);
|
|
115
115
|
}
|
|
116
116
|
validateOpts.requireNonEmptyString(tool.name, where + ".name", McpError, "mcp/bad-tool-name");
|
|
117
|
-
if (tool.name.length > 64 || !TOOL_NAME_RE.test(tool.name)) { //
|
|
117
|
+
if (tool.name.length > 64 || !TOOL_NAME_RE.test(tool.name)) { // MCP tool-name length cap, not byte count
|
|
118
118
|
throw new McpError("mcp/bad-tool-name",
|
|
119
119
|
where + ".name '" + tool.name + "' must match " + TOOL_NAME_RE);
|
|
120
120
|
}
|
|
@@ -185,7 +185,7 @@ function create(opts) {
|
|
|
185
185
|
opts.verifyingKey, "toolRegistry.create.verifyingKey", McpError, "mcp/bad-verifying-key");
|
|
186
186
|
var alg = _validateAlg(opts.alg, "toolRegistry.create.alg");
|
|
187
187
|
var defaultTtlMs = opts.ttlMs !== undefined ? opts.ttlMs : C.TIME.minutes(5);
|
|
188
|
-
if (typeof defaultTtlMs !== "number" || !isFinite(defaultTtlMs) || defaultTtlMs < 1000) { //
|
|
188
|
+
if (typeof defaultTtlMs !== "number" || !isFinite(defaultTtlMs) || defaultTtlMs < 1000) { // minimum-ttl threshold (1 second), not bytes
|
|
189
189
|
throw new McpError("mcp/bad-ttl",
|
|
190
190
|
"toolRegistry.create.ttlMs must be >= 1000 ms", true);
|
|
191
191
|
}
|
|
@@ -303,13 +303,13 @@ function create(opts) {
|
|
|
303
303
|
"signCall: tool '" + callOpts.toolName + "' not registered", true);
|
|
304
304
|
}
|
|
305
305
|
var ttlMs = callOpts.ttlMs !== undefined ? callOpts.ttlMs : defaultTtlMs;
|
|
306
|
-
if (typeof ttlMs !== "number" || !isFinite(ttlMs) || ttlMs < 1000) { //
|
|
306
|
+
if (typeof ttlMs !== "number" || !isFinite(ttlMs) || ttlMs < 1000) { // minimum-ttl threshold (1 second), not bytes
|
|
307
307
|
throw new McpError("mcp/bad-ttl",
|
|
308
308
|
"signCall: ttlMs must be >= 1000 ms", true);
|
|
309
309
|
}
|
|
310
310
|
var nonce = typeof callOpts.nonce === "string" && callOpts.nonce.length > 0
|
|
311
311
|
? callOpts.nonce
|
|
312
|
-
: bCrypto().generateToken(16); //
|
|
312
|
+
: bCrypto().generateToken(16); // 128-bit nonce, not byte arithmetic on a payload
|
|
313
313
|
var iat = new Date();
|
|
314
314
|
var exp = new Date(iat.getTime() + ttlMs);
|
|
315
315
|
var envelope = {
|
|
@@ -39,18 +39,18 @@ var requestHelpers = require("./request-helpers");
|
|
|
39
39
|
var audit = require("./audit");
|
|
40
40
|
var { McpError } = require("./framework-error");
|
|
41
41
|
|
|
42
|
-
var TOOL_NAME_MAX = 64; //
|
|
43
|
-
var RESOURCE_NAME_MAX = 256; //
|
|
44
|
-
var METHOD_NAME_MAX = 256; //
|
|
42
|
+
var TOOL_NAME_MAX = 64; // string-length cap, not bytes
|
|
43
|
+
var RESOURCE_NAME_MAX = 256; // string-length cap, not bytes
|
|
44
|
+
var METHOD_NAME_MAX = 256; // string-length cap, not bytes
|
|
45
45
|
// JSON-RPC 2.0 error codes (https://www.jsonrpc.org/specification#error_object).
|
|
46
46
|
// Negative numerics by spec; mapped to HTTP status for the framework's
|
|
47
47
|
// HTTP-shaped reply envelope.
|
|
48
|
-
var JSONRPC_PARSE_ERROR = -32700; // allow:raw-
|
|
49
|
-
var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-
|
|
50
|
-
var JSONRPC_METHOD_NOT_FOUND= -32601; // allow:raw-
|
|
51
|
-
var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-
|
|
52
|
-
var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-
|
|
53
|
-
var JSONRPC_AUTH_REQUIRED = -32001; // allow:raw-
|
|
48
|
+
var JSONRPC_PARSE_ERROR = -32700; // allow:raw-time-literal — not seconds
|
|
49
|
+
var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-time-literal — not seconds
|
|
50
|
+
var JSONRPC_METHOD_NOT_FOUND= -32601; // allow:raw-time-literal — not seconds
|
|
51
|
+
var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-time-literal — not seconds
|
|
52
|
+
var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-time-literal — not seconds
|
|
53
|
+
var JSONRPC_AUTH_REQUIRED = -32001; // allow:raw-time-literal — not seconds
|
|
54
54
|
var TOOL_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._-]{0,63}$/;
|
|
55
55
|
var RESOURCE_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._/-]{0,255}$/;
|
|
56
56
|
|
|
@@ -79,7 +79,7 @@ function parseRequest(body, opts) {
|
|
|
79
79
|
var errorClass = opts.errorClass || McpError;
|
|
80
80
|
var parsed;
|
|
81
81
|
try {
|
|
82
|
-
parsed = typeof body === "string" ? safeJson.parse(body, { maxBytes: C.BYTES.mib(1) }) : body; //
|
|
82
|
+
parsed = typeof body === "string" ? safeJson.parse(body, { maxBytes: C.BYTES.mib(1) }) : body; // routed via safeJson.parse
|
|
83
83
|
} catch (_e) {
|
|
84
84
|
throw errorClass.factory("mcp/bad-json",
|
|
85
85
|
"mcp.parseRequest: body is not valid JSON");
|
|
@@ -143,9 +143,9 @@ function refuse(res, code, message, id) {
|
|
|
143
143
|
res.setHeader("Content-Type", "application/json");
|
|
144
144
|
}
|
|
145
145
|
// HTTP status mapping for the JSON-RPC error code we reply with.
|
|
146
|
-
res.statusCode = code === JSONRPC_PARSE_ERROR || code === JSONRPC_INVALID_REQUEST ? 400 : //
|
|
147
|
-
code === JSONRPC_METHOD_NOT_FOUND ? 404 : //
|
|
148
|
-
code === JSONRPC_INTERNAL_ERROR ? 500 : 400; //
|
|
146
|
+
res.statusCode = code === JSONRPC_PARSE_ERROR || code === JSONRPC_INVALID_REQUEST ? 400 : // HTTP status code (RFC 9110)
|
|
147
|
+
code === JSONRPC_METHOD_NOT_FOUND ? 404 : // HTTP status code (RFC 9110)
|
|
148
|
+
code === JSONRPC_INTERNAL_ERROR ? 500 : 400; // HTTP status code (RFC 9110)
|
|
149
149
|
res.end(body);
|
|
150
150
|
}
|
|
151
151
|
|
|
@@ -617,7 +617,7 @@ function _validateValueAgainstSchema(value, schema, path) {
|
|
|
617
617
|
// time, not request-controlled. Cap value length first per the
|
|
618
618
|
// codebase-patterns regex-bound rule so a 10MB string doesn't
|
|
619
619
|
// ReDoS the validator.
|
|
620
|
-
if (value.length > 4096) return path + ": value exceeds 4 KiB cap before regex test"; //
|
|
620
|
+
if (value.length > 4096) return path + ": value exceeds 4 KiB cap before regex test"; // 4 KiB regex-input cap
|
|
621
621
|
try {
|
|
622
622
|
var pat = new RegExp(schema.pattern); // allow:dynamic-regex — schema.pattern from registered tool author, not request input; bounded above
|
|
623
623
|
if (!pat.test(value)) return path + ": does not match pattern";
|
|
@@ -752,7 +752,7 @@ function _assertProtocolVersion(req, opts) {
|
|
|
752
752
|
var SAMPLING_DEFAULTS = {
|
|
753
753
|
maxRequestsPerSession: 10,
|
|
754
754
|
maxMessagesPerRequest: 20,
|
|
755
|
-
maxTokensPerRequest: 4096, //
|
|
755
|
+
maxTokensPerRequest: 4096, // LLM token count, not bytes
|
|
756
756
|
allowedModelHint: null, // null = allow all
|
|
757
757
|
refuseStopSequences: false,
|
|
758
758
|
};
|
|
@@ -58,8 +58,8 @@ var { defineClass } = require("./framework-error");
|
|
|
58
58
|
|
|
59
59
|
var MdocError = defineClass("MdocError", { alwaysPermanent: true });
|
|
60
60
|
|
|
61
|
-
var HDR_X5CHAIN = 33; // allow:raw-
|
|
62
|
-
var TAG_ENCODED_CBOR = 24; //
|
|
61
|
+
var HDR_X5CHAIN = 33; // allow:raw-time-literal — x5chain COSE header label (RFC 9360 is a spec number, not a size/duration)
|
|
62
|
+
var TAG_ENCODED_CBOR = 24; // RFC 8949 §3.4.5.1 embedded-CBOR tag
|
|
63
63
|
// Tags ISO 18013-5 uses in issuer data: tdate(0), epoch(1), embedded
|
|
64
64
|
// CBOR(24), full-date(1004, RFC 8943). Bounded — others are refused.
|
|
65
65
|
var ALLOWED_TAGS = [0, 1, TAG_ENCODED_CBOR, 1004];
|
|
@@ -161,8 +161,8 @@ function _normalizeLabelArg(callLabels, value, defaultValue) {
|
|
|
161
161
|
// a heuristic fallback so unknown-issuer tokens still get caught
|
|
162
162
|
var _CRED_PREFIX_RE = /^(?:Bearer|Basic|Negotiate|Token|Digest)\s+\S/i;
|
|
163
163
|
var _CRED_ISSUER_RE = /^(?:sk-|pk-|rk-|ghp_|ghs_|gho_|github_pat_|xoxb-|xoxa-|xoxp-|xoxr-|xapp-)/;
|
|
164
|
-
var _CRED_JWT_RE = /^[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}$/; //
|
|
165
|
-
var _CRED_ENTROPY_RE = /^[A-Za-z0-9_+/=-]{40,}$/; //
|
|
164
|
+
var _CRED_JWT_RE = /^[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}$/; // JWT segment min length
|
|
165
|
+
var _CRED_ENTROPY_RE = /^[A-Za-z0-9_+/=-]{40,}$/; // high-entropy length floor
|
|
166
166
|
|
|
167
167
|
// CRED_MAX_SCAN — upper bound on the byte slice the credential
|
|
168
168
|
// detector inspects. Operator-supplied label values longer than this
|
|
@@ -170,11 +170,11 @@ var _CRED_ENTROPY_RE = /^[A-Za-z0-9_+/=-]{40,}$/;
|
|
|
170
170
|
// still a credential), but the regex tests run on the prefix slice so
|
|
171
171
|
// a 1 GB string can't ReDoS the scanner. Counter cardinality stays
|
|
172
172
|
// stable: the same long string always maps to the same prefix slice.
|
|
173
|
-
var CRED_MAX_SCAN = 256; //
|
|
173
|
+
var CRED_MAX_SCAN = 256; // prefix-scan length cap
|
|
174
174
|
|
|
175
175
|
function _looksLikeCredential(str) {
|
|
176
176
|
if (typeof str !== "string") return false;
|
|
177
|
-
if (str.length < 8) return false; //
|
|
177
|
+
if (str.length < 8) return false; // minimum credential length floor
|
|
178
178
|
// Clamp to the prefix slice so a hostile label value can't push the
|
|
179
179
|
// regex into superlinear time. All four credential shapes have
|
|
180
180
|
// signature in the first ~256 bytes; Stripe / GitHub / OpenAI tokens
|
|
@@ -185,7 +185,7 @@ function _looksLikeCredential(str) {
|
|
|
185
185
|
// enough entropy to be real tokens; hoisted to a named constant so
|
|
186
186
|
// every test() has its length floor visible at the call site
|
|
187
187
|
// (testFormatValidatorLengthCap convention).
|
|
188
|
-
var CRED_MIN_LEN = 8; //
|
|
188
|
+
var CRED_MIN_LEN = 8; // minimum credential length floor
|
|
189
189
|
if (clamped.length >= CRED_MIN_LEN && _CRED_PREFIX_RE.test(clamped)) return true;
|
|
190
190
|
if (clamped.length >= CRED_MIN_LEN && _CRED_ISSUER_RE.test(clamped)) return true;
|
|
191
191
|
if (clamped.length >= CRED_MIN_LEN && _CRED_JWT_RE.test(clamped)) return true;
|
|
@@ -990,7 +990,7 @@ function snapshotStartWriter(opts) {
|
|
|
990
990
|
// (owner rw, group r, world none). Operators with a sidecar
|
|
991
991
|
// reader in a different group override to 0o644; multi-tenant
|
|
992
992
|
// hosts may even tighten to 0o600.
|
|
993
|
-
var fileMode = opts.fileMode !== undefined ? opts.fileMode : 0o640; //
|
|
993
|
+
var fileMode = opts.fileMode !== undefined ? opts.fileMode : 0o640; // POSIX file mode octal
|
|
994
994
|
if (typeof fileMode !== "number" || !isFinite(fileMode) ||
|
|
995
995
|
fileMode < 0 || fileMode > 0o777 || Math.floor(fileMode) !== fileMode) {
|
|
996
996
|
throw new MetricsError("metrics-snapshot/bad-file-mode",
|
|
@@ -1263,7 +1263,7 @@ function snapshotRender(snap, opts) {
|
|
|
1263
1263
|
var kd = keys2[jd];
|
|
1264
1264
|
var vd = fields[kd];
|
|
1265
1265
|
if (typeof vd !== "string") continue;
|
|
1266
|
-
if (vd.length > 64) continue; //
|
|
1266
|
+
if (vd.length > 64) continue; // ISO 8601 max length cap, not bytes
|
|
1267
1267
|
if (!ISO_DATE_RE.test(vd)) continue; // allow:regex-no-length-cap — length-bounded immediately above
|
|
1268
1268
|
if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(kd)) continue; // allow:regex-no-length-cap — field-name shape, length-bounded by snap field naming
|
|
1269
1269
|
var ms = Date.parse(vd);
|
|
@@ -1311,7 +1311,7 @@ function snapshotRender(snap, opts) {
|
|
|
1311
1311
|
* shadow.set("queue_depth", 42);
|
|
1312
1312
|
* shadow.snapshot();
|
|
1313
1313
|
*/
|
|
1314
|
-
var SHADOW_DEFAULT_CARDINALITY = 10000; //
|
|
1314
|
+
var SHADOW_DEFAULT_CARDINALITY = 10000; // cardinality cap, not bytes
|
|
1315
1315
|
function shadowRegistry(opts) {
|
|
1316
1316
|
if (!opts || typeof opts !== "object") {
|
|
1317
1317
|
throw new MetricsError("metrics-shadow/bad-opts",
|
|
@@ -70,6 +70,7 @@ var AgeGateError = defineClass("AgeGateError", { alwaysPermanent: true });
|
|
|
70
70
|
* hasParentalConsent: function(req): boolean,
|
|
71
71
|
* skipPaths: string[],
|
|
72
72
|
* errorMessage: string,
|
|
73
|
+
* privacyPostureHeader: string, // default "X-Privacy-Posture"; null/false to suppress
|
|
73
74
|
* audit: boolean, // default true
|
|
74
75
|
* }
|
|
75
76
|
*
|
|
@@ -87,7 +88,7 @@ function create(opts) {
|
|
|
87
88
|
opts = opts || {};
|
|
88
89
|
validateOpts(opts, [
|
|
89
90
|
"audit", "getAge", "requireAge", "consentRequired",
|
|
90
|
-
"hasParentalConsent", "skipPaths", "errorMessage",
|
|
91
|
+
"hasParentalConsent", "skipPaths", "errorMessage", "privacyPostureHeader",
|
|
91
92
|
], "middleware.ageGate");
|
|
92
93
|
|
|
93
94
|
if (typeof opts.getAge !== "function") {
|
|
@@ -104,6 +105,17 @@ function create(opts) {
|
|
|
104
105
|
var auditOn = opts.audit !== false;
|
|
105
106
|
var errorMessage = typeof opts.errorMessage === "string" && opts.errorMessage.length > 0
|
|
106
107
|
? opts.errorMessage : "service unavailable without parental consent";
|
|
108
|
+
// privacyPostureHeader (default "X-Privacy-Posture") names the response
|
|
109
|
+
// header carrying the below-threshold classification. Pass null/false to
|
|
110
|
+
// suppress it, or a string to rename it for a downstream convention.
|
|
111
|
+
var privacyPostureHeader;
|
|
112
|
+
if (opts.privacyPostureHeader === null || opts.privacyPostureHeader === false) {
|
|
113
|
+
privacyPostureHeader = null;
|
|
114
|
+
} else if (typeof opts.privacyPostureHeader === "string" && opts.privacyPostureHeader.length > 0) {
|
|
115
|
+
privacyPostureHeader = opts.privacyPostureHeader;
|
|
116
|
+
} else {
|
|
117
|
+
privacyPostureHeader = "X-Privacy-Posture";
|
|
118
|
+
}
|
|
107
119
|
|
|
108
120
|
function _shouldSkip(req) {
|
|
109
121
|
if (skipPaths.length === 0) return false;
|
|
@@ -148,7 +160,7 @@ function create(opts) {
|
|
|
148
160
|
if (typeof res.setHeader === "function") {
|
|
149
161
|
res.setHeader("Cache-Control", "private, no-store");
|
|
150
162
|
res.setHeader("Referrer-Policy", "no-referrer");
|
|
151
|
-
res.setHeader(
|
|
163
|
+
if (privacyPostureHeader) res.setHeader(privacyPostureHeader, classification);
|
|
152
164
|
}
|
|
153
165
|
}
|
|
154
166
|
|
|
@@ -157,7 +169,7 @@ function create(opts) {
|
|
|
157
169
|
if (!hasConsent) {
|
|
158
170
|
_emitAudit("refused", "denied", { age: age, classification: classification, requireAge: requireAge });
|
|
159
171
|
if (!res.writableEnded && typeof res.writeHead === "function") {
|
|
160
|
-
res.writeHead(451, { //
|
|
172
|
+
res.writeHead(451, { // HTTP 451 Unavailable For Legal Reasons
|
|
161
173
|
"Content-Type": "application/json; charset=utf-8",
|
|
162
174
|
"Cache-Control": "no-store, private",
|
|
163
175
|
});
|
|
@@ -66,6 +66,7 @@ var audit = lazyRequire(function () { return require("../audit"); });
|
|
|
66
66
|
* mode: "header"|"html", // default "header"
|
|
67
67
|
* lang: string, // default "en"
|
|
68
68
|
* skipHeader: string, // default "x-skip-ai-act"
|
|
69
|
+
* headerPrefix: string, // default "AI-Act-" — prefixes the Notice/Article/Policy disclosure headers
|
|
69
70
|
* audit: boolean, // default true
|
|
70
71
|
* }
|
|
71
72
|
*
|
|
@@ -83,7 +84,7 @@ function create(opts) {
|
|
|
83
84
|
opts = opts || {};
|
|
84
85
|
validateOpts(opts, [
|
|
85
86
|
"kind", "deployerName", "policyUri", "mode",
|
|
86
|
-
"audit", "lang", "skipHeader",
|
|
87
|
+
"audit", "lang", "skipHeader", "headerPrefix",
|
|
87
88
|
], "middleware.aiActDisclosure");
|
|
88
89
|
|
|
89
90
|
var mode = (opts.mode === "html") ? "html" : "header";
|
|
@@ -99,6 +100,12 @@ function create(opts) {
|
|
|
99
100
|
var skipHeader = (typeof opts.skipHeader === "string" && opts.skipHeader.length > 0)
|
|
100
101
|
? opts.skipHeader.toLowerCase()
|
|
101
102
|
: "x-skip-ai-act";
|
|
103
|
+
// headerPrefix (default "AI-Act-") names the emitted disclosure headers as
|
|
104
|
+
// <prefix>Notice / <prefix>Article / <prefix>Policy. The EU AI Act mandates
|
|
105
|
+
// the disclosure, not the HTTP spelling — operators matching a downstream
|
|
106
|
+
// convention pass their own prefix (e.g. "X-AI-").
|
|
107
|
+
var headerPrefix = (typeof opts.headerPrefix === "string" && opts.headerPrefix.length > 0)
|
|
108
|
+
? opts.headerPrefix : "AI-Act-";
|
|
102
109
|
|
|
103
110
|
return function aiActDisclosureMiddleware(req, res, next) {
|
|
104
111
|
var headers = req.headers || {};
|
|
@@ -118,10 +125,10 @@ function create(opts) {
|
|
|
118
125
|
return origWriteHead.apply(res, arguments);
|
|
119
126
|
}
|
|
120
127
|
var article = _articleFor(opts.kind || "ai-interaction");
|
|
121
|
-
_setHeader(res, "
|
|
122
|
-
_setHeader(res, "
|
|
128
|
+
_setHeader(res, headerPrefix + "Notice", opts.kind || "ai-interaction");
|
|
129
|
+
_setHeader(res, headerPrefix + "Article", article);
|
|
123
130
|
if (typeof opts.policyUri === "string" && opts.policyUri.length > 0) {
|
|
124
|
-
_setHeader(res, "
|
|
131
|
+
_setHeader(res, headerPrefix + "Policy", opts.policyUri);
|
|
125
132
|
}
|
|
126
133
|
injected = true;
|
|
127
134
|
return origWriteHead.apply(res, arguments);
|
|
@@ -855,18 +855,18 @@ function client(opts) {
|
|
|
855
855
|
// _generateUuidV4 — UUID v4 from 16 random bytes, formatted dash-separated.
|
|
856
856
|
// Used for client-side session-id generation in per-session keying.
|
|
857
857
|
// Slice offsets are RFC 4122 UUID hex-byte boundaries (`xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx`)
|
|
858
|
-
// — protocol-fixed values, not byte sizes.
|
|
858
|
+
// — protocol-fixed values, not byte sizes.
|
|
859
859
|
function _generateUuidV4() {
|
|
860
|
-
var b = bCrypto.generateBytes(16); //
|
|
860
|
+
var b = bCrypto.generateBytes(16); // UUID is exactly 16 bytes
|
|
861
861
|
// Set version (4) and variant (10x) bits per RFC 4122.
|
|
862
862
|
b[6] = (b[6] & 0x0f) | 0x40;
|
|
863
863
|
b[8] = (b[8] & 0x3f) | 0x80;
|
|
864
864
|
var hex = b.toString("hex");
|
|
865
|
-
return hex.slice(0, 8) + "-" + //
|
|
866
|
-
hex.slice(8, 12) + "-" +
|
|
867
|
-
hex.slice(12, 16) + "-" +
|
|
868
|
-
hex.slice(16, 20) + "-" +
|
|
869
|
-
hex.slice(20, 32);
|
|
865
|
+
return hex.slice(0, 8) + "-" + // RFC 4122 hex offsets
|
|
866
|
+
hex.slice(8, 12) + "-" +
|
|
867
|
+
hex.slice(12, 16) + "-" +
|
|
868
|
+
hex.slice(16, 20) + "-" +
|
|
869
|
+
hex.slice(20, 32);
|
|
870
870
|
}
|
|
871
871
|
|
|
872
872
|
// ---- Server-to-server convenience ----
|
|
@@ -109,7 +109,7 @@ function create(opts) {
|
|
|
109
109
|
if (path !== "/.well-known/assetlinks.json") return next();
|
|
110
110
|
if (req.method !== "GET" && req.method !== "HEAD") {
|
|
111
111
|
var bodyMsg = "Method Not Allowed";
|
|
112
|
-
res.writeHead(405, { //
|
|
112
|
+
res.writeHead(405, { // HTTP 405 status
|
|
113
113
|
"Allow": "GET, HEAD",
|
|
114
114
|
"Content-Type": "text/plain; charset=utf-8",
|
|
115
115
|
"Content-Length": Buffer.byteLength(bodyMsg),
|
|
@@ -117,7 +117,7 @@ function create(opts) {
|
|
|
117
117
|
res.end(bodyMsg);
|
|
118
118
|
return;
|
|
119
119
|
}
|
|
120
|
-
res.writeHead(200, { //
|
|
120
|
+
res.writeHead(200, { // HTTP 200 status
|
|
121
121
|
"Content-Type": "application/json; charset=utf-8",
|
|
122
122
|
"Content-Length": bodyBuf.length,
|
|
123
123
|
"Cache-Control": "public, max-age=86400",
|
|
@@ -107,7 +107,7 @@ function create(opts) {
|
|
|
107
107
|
function _writeBody(req, res, body, etag, contentType) {
|
|
108
108
|
var requestEtag = (req.headers && req.headers["if-none-match"]) || null;
|
|
109
109
|
if (requestEtag && requestEtag === etag) {
|
|
110
|
-
res.writeHead(304, { "ETag": etag, "Cache-Control": cacheControl }); //
|
|
110
|
+
res.writeHead(304, { "ETag": etag, "Cache-Control": cacheControl }); // HTTP 304
|
|
111
111
|
res.end();
|
|
112
112
|
return;
|
|
113
113
|
}
|
|
@@ -120,7 +120,7 @@ function create(opts) {
|
|
|
120
120
|
if (accessControl === "public") {
|
|
121
121
|
headers["Access-Control-Allow-Origin"] = "*";
|
|
122
122
|
}
|
|
123
|
-
res.writeHead(200, headers); //
|
|
123
|
+
res.writeHead(200, headers); // HTTP 200
|
|
124
124
|
res.end(body);
|
|
125
125
|
}
|
|
126
126
|
|
|
@@ -46,7 +46,7 @@ function _writeUnauthorized(res, scheme, message, realm) {
|
|
|
46
46
|
if (res.headersSent) return;
|
|
47
47
|
var body = JSON.stringify({ error: message });
|
|
48
48
|
var challenge = scheme + (realm ? ' realm="' + realm + '"' : "");
|
|
49
|
-
res.writeHead(401, { //
|
|
49
|
+
res.writeHead(401, { // HTTP 401 status
|
|
50
50
|
"Content-Type": "application/json; charset=utf-8",
|
|
51
51
|
"Content-Length": Buffer.byteLength(body),
|
|
52
52
|
"WWW-Authenticate": challenge,
|
|
@@ -146,7 +146,7 @@ function create(opts) {
|
|
|
146
146
|
}
|
|
147
147
|
for (var ri = 0; ri < realm.length; ri += 1) {
|
|
148
148
|
var rcode = realm.charCodeAt(ri);
|
|
149
|
-
if (rcode < 32 || rcode === 127) { //
|
|
149
|
+
if (rcode < 32 || rcode === 127) { // ASCII control codepoints
|
|
150
150
|
throw new AuthError("auth-bearer/bad-realm",
|
|
151
151
|
"realm contains control character at index " + ri);
|
|
152
152
|
}
|
|
@@ -198,7 +198,7 @@ function create(opts) {
|
|
|
198
198
|
var malformedChallenge = scheme + ' error="invalid_request"' +
|
|
199
199
|
(realm ? ', realm="' + realm + '"' : "");
|
|
200
200
|
var malformedBody = JSON.stringify({ error: errorMessage });
|
|
201
|
-
res.writeHead(401, { //
|
|
201
|
+
res.writeHead(401, { // HTTP 401 status
|
|
202
202
|
"Content-Type": "application/json; charset=utf-8",
|
|
203
203
|
"Content-Length": Buffer.byteLength(malformedBody),
|
|
204
204
|
"WWW-Authenticate": malformedChallenge,
|
|
@@ -222,7 +222,7 @@ function create(opts) {
|
|
|
222
222
|
(realm ? ', realm="' + realm + '"' : "");
|
|
223
223
|
if (!res.headersSent) {
|
|
224
224
|
var body = JSON.stringify({ error: errorMessage });
|
|
225
|
-
res.writeHead(401, { //
|
|
225
|
+
res.writeHead(401, { // HTTP 401 status
|
|
226
226
|
"Content-Type": "application/json; charset=utf-8",
|
|
227
227
|
"Content-Length": Buffer.byteLength(body),
|
|
228
228
|
"WWW-Authenticate": challenge,
|
|
@@ -264,7 +264,7 @@ function create(opts) {
|
|
|
264
264
|
error: "insufficient_scope",
|
|
265
265
|
required: opts.requiredScopes.slice(),
|
|
266
266
|
});
|
|
267
|
-
res.writeHead(403, { //
|
|
267
|
+
res.writeHead(403, { // HTTP 403 status
|
|
268
268
|
"Content-Type": "application/json; charset=utf-8",
|
|
269
269
|
"Content-Length": Buffer.byteLength(scopeBody),
|
|
270
270
|
"WWW-Authenticate": scopeChallenge,
|