@blamejs/blamejs-shop 0.3.5 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +14 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
- package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
- package/lib/vendor/blamejs/lib/a2a.js +4 -4
- package/lib/vendor/blamejs/lib/acme.js +3 -3
- package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
- package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
- package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
- package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
- package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
- package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
- package/lib/vendor/blamejs/lib/ai-input.js +4 -4
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
- package/lib/vendor/blamejs/lib/archive-read.js +25 -25
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
- package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
- package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
- package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
- package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
- package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
- package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
- package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
- package/lib/vendor/blamejs/lib/audit.js +2 -2
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
- package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
- package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
- package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
- package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
- package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/backup/index.js +7 -7
- package/lib/vendor/blamejs/lib/base32.js +8 -8
- package/lib/vendor/blamejs/lib/budr.js +2 -2
- package/lib/vendor/blamejs/lib/cache-status.js +2 -2
- package/lib/vendor/blamejs/lib/calendar.js +29 -29
- package/lib/vendor/blamejs/lib/cbor.js +12 -12
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
- package/lib/vendor/blamejs/lib/cert.js +5 -5
- package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
- package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
- package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
- package/lib/vendor/blamejs/lib/compliance.js +29 -29
- package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
- package/lib/vendor/blamejs/lib/cookies.js +1 -1
- package/lib/vendor/blamejs/lib/cose.js +13 -13
- package/lib/vendor/blamejs/lib/cra-report.js +1 -1
- package/lib/vendor/blamejs/lib/crdt.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
- package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
- package/lib/vendor/blamejs/lib/crypto.js +6 -6
- package/lib/vendor/blamejs/lib/csp.js +2 -2
- package/lib/vendor/blamejs/lib/cwt.js +4 -4
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
- package/lib/vendor/blamejs/lib/data-act.js +2 -2
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
- package/lib/vendor/blamejs/lib/db-query.js +1 -1
- package/lib/vendor/blamejs/lib/db.js +6 -6
- package/lib/vendor/blamejs/lib/dbsc.js +13 -13
- package/lib/vendor/blamejs/lib/did.js +17 -17
- package/lib/vendor/blamejs/lib/dora.js +4 -4
- package/lib/vendor/blamejs/lib/dsr.js +1 -1
- package/lib/vendor/blamejs/lib/early-hints.js +2 -2
- package/lib/vendor/blamejs/lib/eat.js +4 -4
- package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
- package/lib/vendor/blamejs/lib/external-db.js +1 -1
- package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
- package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
- package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
- package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
- package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
- package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
- package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
- package/lib/vendor/blamejs/lib/guard-email.js +19 -19
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
- package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
- package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
- package/lib/vendor/blamejs/lib/guard-html.js +7 -7
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
- package/lib/vendor/blamejs/lib/guard-image.js +4 -4
- package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
- package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
- package/lib/vendor/blamejs/lib/guard-json.js +12 -12
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
- package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
- package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
- package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
- package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
- package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
- package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
- package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
- package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
- package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
- package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-time.js +15 -15
- package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
- package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
- package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
- package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
- package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
- package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
- package/lib/vendor/blamejs/lib/http-client.js +13 -10
- package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
- package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
- package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
- package/lib/vendor/blamejs/lib/inbox.js +4 -4
- package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
- package/lib/vendor/blamejs/lib/json-path.js +3 -3
- package/lib/vendor/blamejs/lib/json-schema.js +1 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/link-header.js +1 -1
- package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
- package/lib/vendor/blamejs/lib/log.js +8 -3
- package/lib/vendor/blamejs/lib/lro.js +4 -4
- package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
- package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
- package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
- package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
- package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
- package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
- package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
- package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
- package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
- package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
- package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
- package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
- package/lib/vendor/blamejs/lib/mail-store.js +8 -8
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
- package/lib/vendor/blamejs/lib/mail.js +4 -4
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
- package/lib/vendor/blamejs/lib/mcp.js +15 -15
- package/lib/vendor/blamejs/lib/mdoc.js +2 -2
- package/lib/vendor/blamejs/lib/metrics.js +8 -8
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
- package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
- package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
- package/lib/vendor/blamejs/lib/network-dns.js +29 -29
- package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
- package/lib/vendor/blamejs/lib/network-tls.js +100 -98
- package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
- package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
- package/lib/vendor/blamejs/lib/observability.js +8 -8
- package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
- package/lib/vendor/blamejs/lib/openapi.js +1 -1
- package/lib/vendor/blamejs/lib/outbox.js +6 -6
- package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
- package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
- package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
- package/lib/vendor/blamejs/lib/problem-details.js +5 -5
- package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
- package/lib/vendor/blamejs/lib/queue.js +4 -2
- package/lib/vendor/blamejs/lib/redact.js +2 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
- package/lib/vendor/blamejs/lib/router.js +10 -10
- package/lib/vendor/blamejs/lib/safe-async.js +2 -2
- package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
- package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
- package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
- package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
- package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
- package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
- package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/lib/safe-url.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
- package/lib/vendor/blamejs/lib/sandbox.js +5 -5
- package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
- package/lib/vendor/blamejs/lib/self-update.js +3 -3
- package/lib/vendor/blamejs/lib/server-timing.js +3 -3
- package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
- package/lib/vendor/blamejs/lib/session.js +8 -8
- package/lib/vendor/blamejs/lib/sse.js +12 -5
- package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
- package/lib/vendor/blamejs/lib/storage.js +2 -2
- package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
- package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
- package/lib/vendor/blamejs/lib/subject.js +1 -1
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
- package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
- package/lib/vendor/blamejs/lib/test-harness.js +1 -1
- package/lib/vendor/blamejs/lib/tracing.js +1 -1
- package/lib/vendor/blamejs/lib/tsa.js +5 -5
- package/lib/vendor/blamejs/lib/uri-template.js +5 -5
- package/lib/vendor/blamejs/lib/vault/index.js +2 -2
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
- package/lib/vendor/blamejs/lib/vc.js +2 -2
- package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
- package/lib/vendor/blamejs/lib/watcher.js +4 -4
- package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
- package/lib/vendor/blamejs/lib/webhook.js +2 -2
- package/lib/vendor/blamejs/lib/websocket.js +5 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
- package/lib/vendor/blamejs/lib/ws-client.js +24 -24
- package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
- package/lib/vendor/blamejs/test/00-primitives.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
- package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
- package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
- package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.3.x
|
|
10
10
|
|
|
11
|
+
- v0.3.7 (2026-05-30) — **Shipping zones now apply at checkout.** The shipping zones you define in the admin console — per-region rates by destination, parcel weight, and order value — now drive the shipping options shown at checkout. When a cart's destination matches a zone, the shopper sees that zone's rates; when no zone matches, or none are defined, checkout falls back to the existing flat-rate table exactly as before, so a store that has not configured zones is entirely unaffected. A fully digital order is never quoted physical shipping. The admin screen for managing zones already shipped; this wires it through to the checkout quote. **Added:** *Zone-based shipping rates at checkout* — When a cart's destination matches a configured shipping zone, the checkout shipping quote uses that zone's rates — resolved by destination country and region, parcel weight, and order subtotal — instead of the flat-rate table. With no matching zone, or no zones defined, checkout returns the existing flat rates unchanged, so the change stays invisible until you set zones up; any lookup error degrades to the same flat fallback. A fully digital order (no shipping-requiring item) is never quoted physical shipping.
|
|
12
|
+
|
|
13
|
+
- v0.3.6 (2026-05-30) — **Update the vendored blamejs runtime to v0.14.5.** Refreshes the vendored blamejs runtime from v0.13.46 to v0.14.5, a maintenance update. The request-lifecycle security stack the storefront and admin depend on — CSRF, fetch-metadata, body-parser, cookies, and rate limiting — is unchanged across this range. The runtime's breaking changes in this window (stricter OAuth JAR request-object typing and a PGP signature return type) are in surfaces this shop does not use, so there is no behavior change and no operator action is required. **Changed:** *Vendored blamejs runtime updated to v0.14.5* — The pinned blamejs runtime moves from v0.13.46 to v0.14.5, picking up the framework's maintenance and hardening work across that range. The createApp request-lifecycle middleware the shop composes (CSRF, fetch-metadata, body-parser, cookie, and rate-limit layers) is unchanged, so this refresh carries no behavior change for the storefront or admin console.
|
|
14
|
+
|
|
11
15
|
- v0.3.5 (2026-05-30) — **Shipping-label management in the admin console.** The admin console gains shipping-label tools. On an order, void a purchased label — with a reason — when it needs reprinting, alongside the existing mark-as-used action. A new Shipping labels section adds cross-order visibility: a status-filtered list, the mint queue of labels awaiting a broker, and a broker-spend report that totals label costs by carrier and currency over a date range. This is bookkeeping and reporting only — nothing in the storefront, cart, or checkout changes. **Added:** *Void a shipping label from the order* — Each purchased label on an order now offers a Void action with a reason, for when a label is reprinted at a different weight or carrier. Voiding is refused once a label has been used or already voided, or once it is past the carrier's void window. · *Shipping labels admin section* — A new Shipping labels section gives cross-order visibility: a status-filtered label list, the mint queue of labels awaiting a broker, and a broker-spend report totalling label cost grouped by carrier and currency over a date range.
|
|
12
16
|
|
|
13
17
|
- v0.3.4 (2026-05-30) — **Sales-tax filings and remittance tracking in the admin console.** The admin console gains a Tax filings section for tracking sales-tax remittance across reporting periods. Open a filing period for a jurisdiction, compute the tax collected from completed orders in that window, then record the submission and the payment as you remit. Each filing carries a per-rate breakdown and an audit trail, and the list surfaces what's due soon or already overdue. A per-jurisdiction remittance report totals the tax owed across a date range. Every figure derives from completed orders — nothing in the storefront, cart, or checkout changes. **Added:** *Tax filings admin console* — A new Tax filings section tracks sales-tax remittance: open a filing period for a jurisdiction and reporting kind, compute the tax collected from completed orders in the window with a per-rate breakdown, then record submission and payment through the filing lifecycle. The list surfaces filings due soon or overdue, and a remittance report totals tax owed per jurisdiction across a date range. This is reporting only — it reads completed orders and changes nothing in checkout.
|
package/lib/asset-manifest.json
CHANGED
package/lib/vendor/MANIFEST.json
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
"_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
|
|
4
4
|
"packages": {
|
|
5
5
|
"blamejs": {
|
|
6
|
-
"version": "0.
|
|
7
|
-
"tag": "v0.
|
|
6
|
+
"version": "0.14.5",
|
|
7
|
+
"tag": "v0.14.5",
|
|
8
8
|
"license": "Apache-2.0",
|
|
9
9
|
"author": "blamejs contributors",
|
|
10
10
|
"source": "https://github.com/blamejs/blamejs",
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"server": "lib/vendor/blamejs/"
|
|
14
14
|
},
|
|
15
15
|
"bundler": "shallow git clone of release tag from github.com/blamejs/blamejs",
|
|
16
|
-
"bundledAt": "2026-05-
|
|
16
|
+
"bundledAt": "2026-05-30"
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
19
|
}
|
|
@@ -6,6 +6,20 @@ Pre-1.0 the surface is intentionally evolving — every release may
|
|
|
6
6
|
change something operators depend on. Read each entry before
|
|
7
7
|
upgrading across more than a few patches at a time.
|
|
8
8
|
|
|
9
|
+
## v0.14.x
|
|
10
|
+
|
|
11
|
+
- v0.14.5 (2026-05-30) — **Finished cleaning up the mislabeled byte-literal lint suppressions, with no API or behavior changes.** A follow-up to the byte-literal lint tightening. The remaining suppression comments that named the byte-literal check on values that are not byte sizes — JSON-RPC error codes, HTTP status codes, octet ranges, day-in-milliseconds constants — are removed, keeping their explanatory text and any correctly-named companion suppression. Every byte-literal suppression that remains is now on genuine 1024-scale byte arithmetic. Source-comment hygiene only. **Changed:** *Remaining mislabeled byte-literal suppressions removed* — The byte-literal lint was previously a check on any multiple-of-8 integer, so suppression comments naming it were scattered across non-byte values. The last of those (in a handful of files, in mixed comment formats) are now removed — their explanatory text is retained as plain comments, and any correctly-named companion suppression is kept. The only byte-literal suppressions that remain are on genuine 1024-scale byte arithmetic. No change to any exported API, error code, wire format, or runtime behavior.
|
|
12
|
+
|
|
13
|
+
- v0.14.4 (2026-05-30) — **Removed three pieces of dead code from the SAML, TLS, and JMAP surfaces; no API or behavior changes.** Cleanup of unreachable code. A reverse signature-algorithm lookup in the SAML verifier was never called — the actual verification path resolves the algorithm through the supported-signature table — so it is removed and a stale comment that referenced it is corrected. A leftover no-op placeholder in the TLS certificate re-encode path (a zero-length slice that was assigned and discarded) is removed, leaving the verbatim extension re-encode it sat next to. An unused JMAP well-known-path constant that existed only to be discarded is removed. None of this changes any exported API, error code, wire format, or runtime behavior. **Removed:** *Unreachable code in SAML, TLS, and JMAP* — Removed `_sigAlgFromUri` from the SAML module (a reverse alg lookup that was never called — the embedded XML-DSig verifier resolves the algorithm via the supported-signature table, and the redirect-binding path uses the forward `_sigAlgUrn`), a discarded zero-length-slice placeholder in the TLS certificate extension re-encode path, and an unused well-known-path constant in the JMAP server. Internal cleanup only — no change to any exported API, error code, wire format, or runtime behavior.
|
|
14
|
+
|
|
15
|
+
- v0.14.3 (2026-05-30) — **A codebase check now ensures every lint-suppression marker names a real check, so a typo can't silently disable a guard.** Source files suppress an individual lint with an `// allow:<class>` comment. If the class is mistyped or stale, the comment suppresses nothing — the check it names does not exist — so the issue it was meant to explain ships unflagged. A new codebase check now verifies every `// allow:<class>` marker names a registered check class and fails if it does not, with the full set of valid classes maintained as an explicit registry. Two markers that named a non-kebab class were corrected as part of this. No runtime, API, or wire-format changes. **Detectors:** *Lint-suppression markers must name a registered check* — A new check flags any `// allow:<class>` suppression comment whose class is not one of the registered check classes — catching typos and stale markers (for example a marker that named a check which was later renamed) that would otherwise silently disable the guard they appear to explain. The valid classes are kept as an explicit registry, so adding a check with a new allow-class is a one-line registration. Source-comment hygiene only — no change to any exported API, error code, wire format, or runtime behavior.
|
|
16
|
+
|
|
17
|
+
- v0.14.2 (2026-05-29) — **Internal lint hygiene: the byte-literal check now flags only genuine byte-scale arithmetic, with no API or behavior changes.** A no-behavior-change cleanup of the source tree's internal lint markers. The byte-literal lint previously flagged every integer that was a multiple of 8 — which is most numbers — so the source carried a large number of suppression comments on values that were not byte sizes at all (status codes, counts, lengths, radixes, opcodes). The lint now flags only 1024-scale byte arithmetic (the case the C.BYTES.kib/mib/gib helpers exist to replace), and the now-unnecessary suppression comments have been removed while keeping their explanatory text. Several lint-suppression markers that named a check that does not exist were also corrected. None of this changes any API, wire format, or runtime behavior. **Changed:** *Source-tree lint markers cleaned up* — The internal byte-literal lint was tightened to flag only genuine byte-scale (`* 1024`) arithmetic, and the suppression comments it previously required on non-byte integers were removed (their explanatory text is retained as plain comments). A handful of suppression markers that referenced a non-existent check were pointed at the correct one or removed. This is source-comment hygiene only — there is no change to any exported API, error code, wire format, or runtime behavior.
|
|
18
|
+
|
|
19
|
+
- v0.14.1 (2026-05-29) — **Correctness fixes: JAR request-object typ enforcement, byte-faithful PGP multipart/signed, and SAML InResponseTo binding.** A set of correctness fixes across the auth, mail-crypto, TLS, and encoder surfaces. The most important: JWT-secured authorization requests (RFC 9101) now require the request object to carry the registered `oauth-authz-req+jwt` typ, closing a cross-JWT-confusion vector; the PGP multipart/signed wrapper is now assembled byte-faithfully so non-ASCII signed content can't be corrupted; and SAML response verification now returns the InResponseTo of the SubjectConfirmation that actually validated. Two of these change behavior — see Changed — and are bug fixes rather than new features. **Changed:** *JAR parsing rejects untyped request objects (breaking)* — Following the typ enforcement above, a request object whose header omits `typ` is now refused. An authorization server whose clients sign request objects without the `oauth-authz-req+jwt` typ must update those clients to set it. · *PGP sign() returns multipartSigned as a Buffer (breaking)* — `b.mail.crypto.pgp.sign(...).multipartSigned` is now a Buffer instead of a string. The OpenPGP signature covers the signed-part bytes exactly, and a JS-string round trip through latin1/utf8 could corrupt non-ASCII signed content and break verification, so the RFC 3156 multipart/signed wrapper is now assembled as bytes. Code that wrote the previous string to the wire works unchanged when it writes the Buffer; code that did string operations on the value should treat it as a Buffer (its `indexOf` / `toString` still work). **Fixed:** *SAML response verification binds InResponseTo to the validated confirmation* — `verifyResponse` returned the InResponseTo of the first SubjectConfirmationData in the assertion rather than of the SubjectConfirmation that actually passed bearer validation. When a response carried more than one SubjectConfirmation, the returned value could come from a non-validated confirmation. It is now the InResponseTo of the confirmation that validated. · *checkServerIdentity9525 emits the documented CN-fallback audit code* — A CN-only legacy certificate (a Common Name present, no subjectAltName) is now refused by the exported `b.network.tls.checkServerIdentity9525` with the distinct `tls/pkix-cn-fallback-refused` code its documentation promised, so audit logs can tell a CN-only certificate apart from one carrying neither a SAN nor a CN (which still yields `tls/pkix-san-required`). The accept/refuse outcome is unchanged — both are refused; only the audit granularity improved. · *OIDC back-channel logout / JARM no longer accept dead override parameters* — `verifyBackchannelLogoutToken` and `parseJarmResponse` passed `acceptedAlgs` / `jwksUri` / `maxClockSkewMs` through to the ID-token verifier, which ignored them and applied the configured (create()-time) values. The pass-throughs are removed so the code no longer reads as if those can be overridden per call; the configured trust anchor was — and remains — what applies. · *Queue lease failures are logged* — The consumer loop's lease-acquisition error path swallowed the backend error silently; it now logs at debug so a flapping backend that has not yet tripped the circuit breaker is visible. · *Protobuf and ASN.1 encoders reject out-of-range tags* — The protobuf tag encoder rejected nothing and would have emitted a wrong tag for field numbers at or above 2^28 (where the 32-bit shift overflows); the ASN.1 context-tag writers silently truncated tag numbers above 30 (which require the multi-byte high-tag-number form). Both now throw a RangeError rather than encode silently-wrong output. The values these encoders serve are well within range, so no current caller is affected. · *oid4vci proofAlgorithms default documented accurately* — The documented default proof-algorithm list now matches the code (`["ES256", "ES384", "EdDSA"]`); the doc previously omitted EdDSA, which the runtime has always accepted by default. **Security:** *JAR request objects must carry the registered typ (RFC 9101)* — `b.auth.jar.parse` now requires the request-object JWS header to carry `typ: "oauth-authz-req+jwt"` (with or without the `application/` prefix); a request object with an absent or different typ is refused with `auth-jar/bad-typ`. RFC 9101 §10.8 specifies this media type precisely to stop a JWT minted for another purpose (an ID token, an access token, a logout token) and signed by the same client key from being replayed as a request object. The existing `iss` / `aud` / `client_id` bindings already constrained that; this restores the explicit type check as well. This is stricter than before — see Changed.
|
|
20
|
+
|
|
21
|
+
- v0.14.0 (2026-05-29) — **Operator-configurable header and field names across SSE, request-id, rate-limit, age-gate, AI-Act disclosure, GraphQL federation, and the HTTP cache.** This release makes operator-facing identifiers that were hardcoded configurable. The framework already let operators rename most names (CSRF cookie/field, cookie parser, i18n header/query/cookie, mTLS CA name, and so on); this closes the remaining gaps so a custom or framework-specific name is never frozen. Every new option defaults to the value emitted today, so upgrading changes no behavior — these are additive knobs. It also fixes a request-id asymmetry (the response header is now written on the same name the inbound id is read from) and wires an SSE proxy-buffering option whose escape hatch was documented but never implemented. **Added:** *Configurable cache-status header on the HTTP client* — The outbound HTTP client annotated every cached response with a hardcoded `x-blamejs-cache: HIT|MISS|STALE|REVALIDATED` header. `b.httpClient.cache.create` now takes `statusHeader` (default "x-blamejs-cache") — pass a custom name (e.g. "x-cache") to rename it, or null/false to suppress it entirely. The decision remains available programmatically on `res.cacheStatus`. · *Configurable rate-limit header names* — `b.middleware.rateLimit` emitted the de-facto `X-RateLimit-Limit` / `X-RateLimit-Remaining` headers (which are not RFC-pinned). It now accepts `headerPrefix` (default "X-RateLimit-") so operators can match the unprefixed IETF-draft `RateLimit-*` names or an upstream gateway's convention; the limit/remaining pair is always built from the same prefix. · *Configurable age-gate and AI-Act disclosure header names* — `b.middleware.ageGate` now takes `privacyPostureHeader` (default "X-Privacy-Posture"; null/false to suppress), and `b.middleware.aiActDisclosure` takes `headerPrefix` (default "AI-Act-") that prefixes the emitted Notice / Article / Policy headers. The EU AI Act mandates the disclosure, not the HTTP spelling, so operators matching a downstream convention can rename these. · *Configurable GraphQL-federation replay-nonce header* — `b.graphqlFederation.guardSdl` read the replay nonce from the Apollo-vendor `x-apollographql-router-nonce` header with no override. It now accepts `nonceHeader` (default unchanged) so an operator fronting the gateway with a non-Apollo router can point the replay check at their own header. · *SSE proxy-buffering opt-out* — `b.sse.create` and `b.middleware.sse` set `X-Accel-Buffering: no` (the nginx hint that disables proxy buffering). They now accept `proxyBuffer` (default true) — pass false when not behind nginx, or when buffering is controlled at the load balancer, to suppress the nginx-specific header. The opt-out was previously referenced in the documentation but not implemented. **Fixed:** *Request-id middleware reflects the configured header name* — `b.log.middleware` read the inbound request id from a configurable `headerName` but always wrote the response on the literal `X-Request-Id`. An operator who set a custom `headerName` (e.g. `X-Correlation-Id`) therefore read from one header and emitted another. The response is now written on the same configured name; the default remains `X-Request-Id`, so deployments that did not set `headerName` are unaffected.
|
|
22
|
+
|
|
9
23
|
## v0.13.x
|
|
10
24
|
|
|
11
25
|
- v0.13.46 (2026-05-29) — **`createApp` now wires the documented security middleware ON by default — CSRF, CSP nonce, cookie parser, fetch-metadata, and body parser.** The README has long described a security middleware stack as "wired by createApp", but createApp only mounted request-ID, security-headers, and bot-guard by default — CSRF protection, the CSP nonce, the threat-aware cookie parser, the fetch-metadata guard, and the body parser were documented but not actually wired. This release closes that gap: createApp now mounts all of them by default, in dependency order (cookies, CSP nonce, fetch-metadata, then body parser, then CSRF last so it can read a body-field token). This is a behavior change — apps built with createApp now enforce CSRF on state-changing requests by default. Each layer is configurable via opts.middleware.<name> (operator cookie and field names flow straight through — nothing is hardcoded) or can be turned off with false, and disabling a security default now emits an app.middleware.disabled audit event. Every layer is idempotent: an operator who also mounts one of these inside opts.routes gets a no-op second mount rather than a double-apply. The default CSRF is a double-submit cookie that auto-skips requests carrying an Authorization header or no cookies at all, which are not CSRF-able, so token-authenticated API clients are not rejected. The README middleware list is now an accurate description of what createApp wires. **Added:** *Idempotent security middleware* — The cookie parser, CSP nonce, fetch-metadata, and CSRF middleware are now idempotent within a request: if one has already run (because createApp wired it and an operator also mounted it), the second instance is a no-op rather than re-parsing, re-generating a nonce, or issuing a second CSRF cookie. This lets an application compose its own middleware order on top of createApp's defaults without double-applying. The body parser already had this behavior. **Changed:** *createApp wires CSRF, CSP nonce, cookie parser, fetch-metadata, and body parser by default (breaking)* — Applications constructed with b.createApp now mount, in order: the threat-aware cookie parser, the CSP nonce generator, the fetch-metadata resource-isolation guard, the body parser (JSON / urlencoded / text / multipart), and CSRF protection — in addition to the request-ID, security-headers, and bot-guard layers already wired. The ordering guarantees CSRF runs after the body parser so a body-field token is available. This is a behavior change: state-changing requests (POST / PUT / DELETE / PATCH) that carry a session cookie are now CSRF-validated by default. Each layer is configured through opts.middleware.<name> (an object passes operator options straight through; cookie and field names are not hardcoded) or disabled with false. Operators who were mounting these middleware themselves inside opts.routes do not need to change anything — the second mount is now a no-op (see idempotency below). · *Default CSRF auto-skips token-authenticated and cookieless requests* — The CSRF middleware gains a skipStateless option (default false; createApp's default wiring sets it true). When on, token validation is skipped for requests that carry an Authorization header or no Cookie header at all — such requests are not CSRF-able, because CSRF abuses a victim's ambient cookie credential and these have none. The token is still issued on safe methods so a later cookie-authenticated browser flow works. Cross-site form CSRF is unaffected: the browser auto-sends the victim's cookies, so an attack request always carries a Cookie header and is validated. · *Disabling a default security middleware is audited* — Passing false for one of the security-on-by-default middleware (for example middleware: { csrf: false }) now emits an app.middleware.disabled audit event naming the middleware, so a weakened posture leaves a trace in the audit chain rather than being silent.
|
|
@@ -47,15 +47,15 @@ function mintLegacyEnvelope0xE1(plaintext, recipient) {
|
|
|
47
47
|
var nonce = bCrypto.generateBytes(C.BYTES.bytes(24));
|
|
48
48
|
// Legacy 0xE1 envelope header — 4 bytes: magic, kemId, cipherId, kdfId.
|
|
49
49
|
var headerAad = Buffer.from([
|
|
50
|
-
0xE1, //
|
|
50
|
+
0xE1, // legacy 0xE1 envelope magic byte
|
|
51
51
|
C.KEM_IDS.ML_KEM_1024_P384,
|
|
52
52
|
C.CIPHER_IDS.XCHACHA20_POLY1305,
|
|
53
53
|
C.KDF_IDS.SHAKE256,
|
|
54
54
|
]);
|
|
55
55
|
var ct = xchacha20poly1305(key, nonce, headerAad).encrypt(Buffer.from(plaintext, "utf8"));
|
|
56
|
-
var kemCtLen = Buffer.alloc(2); kemCtLen.writeUInt16BE(kem.ciphertext.length); //
|
|
56
|
+
var kemCtLen = Buffer.alloc(2); kemCtLen.writeUInt16BE(kem.ciphertext.length); // 16-bit length-prefix field
|
|
57
57
|
var ecEphDer = ephEc.publicKey;
|
|
58
|
-
var ecEphLen = Buffer.alloc(2); ecEphLen.writeUInt16BE(ecEphDer.length); //
|
|
58
|
+
var ecEphLen = Buffer.alloc(2); ecEphLen.writeUInt16BE(ecEphDer.length); // 16-bit length-prefix field
|
|
59
59
|
return Buffer.concat([
|
|
60
60
|
headerAad,
|
|
61
61
|
kemCtLen, kem.ciphertext, ecEphLen, ecEphDer, nonce, Buffer.from(ct),
|
|
@@ -62,17 +62,17 @@ var A2aTasksError = defineClass("A2aTasksError", { alwaysPermanent: true });
|
|
|
62
62
|
var JSONRPC_VERSION = "2.0";
|
|
63
63
|
|
|
64
64
|
// JSON-RPC 2.0 fixed error codes — A2A inherits these.
|
|
65
|
-
var JSONRPC_PARSE_ERROR = -32700; // allow:raw-
|
|
66
|
-
var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-
|
|
67
|
-
var JSONRPC_METHOD_NOT_FOUND = -32601; // allow:raw-
|
|
68
|
-
var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-
|
|
69
|
-
var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-
|
|
65
|
+
var JSONRPC_PARSE_ERROR = -32700; // allow:raw-time-literal — not seconds
|
|
66
|
+
var JSONRPC_INVALID_REQUEST = -32600; // allow:raw-time-literal — not seconds
|
|
67
|
+
var JSONRPC_METHOD_NOT_FOUND = -32601; // allow:raw-time-literal — not seconds
|
|
68
|
+
var JSONRPC_INVALID_PARAMS = -32602; // allow:raw-time-literal — not seconds
|
|
69
|
+
var JSONRPC_INTERNAL_ERROR = -32603; // allow:raw-time-literal — not seconds
|
|
70
70
|
|
|
71
71
|
// A2A-specific error codes per the spec's task-error vocabulary.
|
|
72
72
|
// A2A_TASK_NOT_FOUND (-32002) + A2A_TASK_NOT_CANCELABLE (-32003) are
|
|
73
73
|
// raised by operator handlers — they're reserved here for documentation
|
|
74
74
|
// purposes only.
|
|
75
|
-
var A2A_SCOPE_DENIED = -32001; // allow:raw-
|
|
75
|
+
var A2A_SCOPE_DENIED = -32001; // allow:raw-time-literal — not seconds
|
|
76
76
|
|
|
77
77
|
var ALLOWED_METHODS = Object.freeze(["tasks/send", "tasks/get", "tasks/cancel"]);
|
|
78
78
|
|
|
@@ -80,7 +80,7 @@ var TASK_ID_RE = /^[A-Za-z0-9_-]{1,64}$/;
|
|
|
80
80
|
// Same identifier shape as MCP tool-name; consolidating would couple
|
|
81
81
|
// MCP + A2A protocol identifiers into a single primitive.
|
|
82
82
|
var SKILL_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._-]{0,63}$/; // allow:duplicate-regex — RFC-3986-unreserved identifier shape, shared across mcp.js + mcp-tool-registry.js
|
|
83
|
-
//
|
|
83
|
+
// RFC-3986-unreserved identifier shape (length cap inside regex), not a byte count
|
|
84
84
|
|
|
85
85
|
function _emitAudit(action, metadata, outcome) {
|
|
86
86
|
try {
|
|
@@ -99,7 +99,7 @@ var bCrypto = lazyRequire(function () { return require("./crypto"); });
|
|
|
99
99
|
// satisfies the framework's unused-var policy so the helper stays
|
|
100
100
|
// available without an explicit disable directive.
|
|
101
101
|
function _newTaskId() {
|
|
102
|
-
return bCrypto().generateToken(12); //
|
|
102
|
+
return bCrypto().generateToken(12); // 96-bit task id, not byte arithmetic on payload
|
|
103
103
|
}
|
|
104
104
|
|
|
105
105
|
function _validateTaskShape(task, where) {
|
|
@@ -108,7 +108,7 @@ function _validateTaskShape(task, where) {
|
|
|
108
108
|
where + ": task must be a non-null object", true);
|
|
109
109
|
}
|
|
110
110
|
validateOpts.requireNonEmptyString(task.skill, where + ".skill", A2aTasksError, "a2a-tasks/bad-skill");
|
|
111
|
-
if (task.skill.length > 64 || !SKILL_NAME_RE.test(task.skill)) { //
|
|
111
|
+
if (task.skill.length > 64 || !SKILL_NAME_RE.test(task.skill)) { // A2A skill-name length cap, not byte count
|
|
112
112
|
|
|
113
113
|
throw new A2aTasksError("a2a-tasks/bad-skill",
|
|
114
114
|
where + ".skill '" + task.skill + "' must match " + SKILL_NAME_RE);
|
|
@@ -196,7 +196,7 @@ async function get(opts) {
|
|
|
196
196
|
}
|
|
197
197
|
validateOpts.requireNonEmptyString(opts.peerUrl, "tasks.get.peerUrl", A2aTasksError, "a2a-tasks/bad-peer-url");
|
|
198
198
|
validateOpts.requireNonEmptyString(opts.taskId, "tasks.get.taskId", A2aTasksError, "a2a-tasks/bad-task-id");
|
|
199
|
-
if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { //
|
|
199
|
+
if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // A2A task-id length cap, not byte count
|
|
200
200
|
throw new A2aTasksError("a2a-tasks/bad-task-id",
|
|
201
201
|
"tasks.get: taskId must match " + TASK_ID_RE);
|
|
202
202
|
}
|
|
@@ -239,7 +239,7 @@ async function cancel(opts) {
|
|
|
239
239
|
}
|
|
240
240
|
validateOpts.requireNonEmptyString(opts.peerUrl, "tasks.cancel.peerUrl", A2aTasksError, "a2a-tasks/bad-peer-url");
|
|
241
241
|
validateOpts.requireNonEmptyString(opts.taskId, "tasks.cancel.taskId", A2aTasksError, "a2a-tasks/bad-task-id");
|
|
242
|
-
if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { //
|
|
242
|
+
if (opts.taskId.length > 64 || !TASK_ID_RE.test(opts.taskId)) { // A2A task-id length cap, not byte count
|
|
243
243
|
throw new A2aTasksError("a2a-tasks/bad-task-id",
|
|
244
244
|
"tasks.cancel: taskId must match " + TASK_ID_RE);
|
|
245
245
|
}
|
|
@@ -280,7 +280,7 @@ async function _jsonRpc(url, method, params, opts) {
|
|
|
280
280
|
throw new A2aTasksError("a2a-tasks/transport",
|
|
281
281
|
"tasks." + method.split("/")[1] + ": transport error: " + (transportErr.message || transportErr));
|
|
282
282
|
}
|
|
283
|
-
if (rsp.statusCode < 200 || rsp.statusCode >= 300) { //
|
|
283
|
+
if (rsp.statusCode < 200 || rsp.statusCode >= 300) { // HTTP status class boundaries
|
|
284
284
|
if (opts.audit) {
|
|
285
285
|
_emitAudit("a2a.tasks.http_error",
|
|
286
286
|
{ method: method, url: url, statusCode: rsp.statusCode, elapsedMs: Date.now() - startMs },
|
|
@@ -395,7 +395,7 @@ function middlewareTasks(opts) {
|
|
|
395
395
|
|
|
396
396
|
return function a2aTasksMiddleware(req, res) {
|
|
397
397
|
if ((req.method || "").toUpperCase() !== "POST") {
|
|
398
|
-
res.statusCode = 405; //
|
|
398
|
+
res.statusCode = 405; // HTTP 405 Method Not Allowed
|
|
399
399
|
res.setHeader("Content-Type", "application/json");
|
|
400
400
|
res.setHeader("Allow", "POST");
|
|
401
401
|
res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_INVALID_REQUEST, "method must be POST")));
|
|
@@ -403,7 +403,7 @@ function middlewareTasks(opts) {
|
|
|
403
403
|
}
|
|
404
404
|
var ctype = (req.headers && (req.headers["content-type"] || req.headers["Content-Type"])) || "";
|
|
405
405
|
if (typeof ctype === "string" && ctype.indexOf("application/json") !== 0 && ctype.indexOf("application/json") === -1) {
|
|
406
|
-
res.statusCode = 415; //
|
|
406
|
+
res.statusCode = 415; // HTTP 415 Unsupported Media Type
|
|
407
407
|
res.setHeader("Content-Type", "application/json");
|
|
408
408
|
res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_INVALID_REQUEST, "Content-Type must be application/json")));
|
|
409
409
|
return;
|
|
@@ -414,14 +414,14 @@ function middlewareTasks(opts) {
|
|
|
414
414
|
try {
|
|
415
415
|
body = safeJson.parse(rawBytes.toString("utf8"), { maxBytes: maxBytes });
|
|
416
416
|
} catch (_parseErr) {
|
|
417
|
-
res.statusCode = 400; //
|
|
417
|
+
res.statusCode = 400; // HTTP 400 Bad Request
|
|
418
418
|
res.setHeader("Content-Type", "application/json");
|
|
419
419
|
res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_PARSE_ERROR, "invalid JSON body")));
|
|
420
420
|
return;
|
|
421
421
|
}
|
|
422
422
|
if (!body || typeof body !== "object" || body.jsonrpc !== JSONRPC_VERSION ||
|
|
423
423
|
typeof body.method !== "string") {
|
|
424
|
-
res.statusCode = 400; //
|
|
424
|
+
res.statusCode = 400; // HTTP 400 Bad Request
|
|
425
425
|
res.setHeader("Content-Type", "application/json");
|
|
426
426
|
res.end(JSON.stringify(_jsonRpcError(body && body.id, JSONRPC_INVALID_REQUEST,
|
|
427
427
|
"expected JSON-RPC 2.0 envelope { jsonrpc, id?, method, params? }")));
|
|
@@ -429,7 +429,7 @@ function middlewareTasks(opts) {
|
|
|
429
429
|
}
|
|
430
430
|
var reqId = body.id !== undefined ? body.id : null;
|
|
431
431
|
if (ALLOWED_METHODS.indexOf(body.method) === -1) {
|
|
432
|
-
res.statusCode = 200; //
|
|
432
|
+
res.statusCode = 200; // JSON-RPC errors return 200 with error envelope
|
|
433
433
|
res.setHeader("Content-Type", "application/json");
|
|
434
434
|
res.end(JSON.stringify(_jsonRpcError(reqId, JSONRPC_METHOD_NOT_FOUND,
|
|
435
435
|
"method '" + body.method + "' not in [" + ALLOWED_METHODS.join(", ") + "]")));
|
|
@@ -440,7 +440,7 @@ function middlewareTasks(opts) {
|
|
|
440
440
|
// Scope enforcement for tasks/send (task references a skill).
|
|
441
441
|
if (body.method === "tasks/send" && scopes) {
|
|
442
442
|
if (!params.task || typeof params.task !== "object" || typeof params.task.skill !== "string") {
|
|
443
|
-
res.statusCode = 200; //
|
|
443
|
+
res.statusCode = 200; // JSON-RPC error envelope returns 200
|
|
444
444
|
res.setHeader("Content-Type", "application/json");
|
|
445
445
|
res.end(JSON.stringify(_jsonRpcError(reqId, JSONRPC_INVALID_PARAMS,
|
|
446
446
|
"tasks/send: params.task.skill required")));
|
|
@@ -454,7 +454,7 @@ function middlewareTasks(opts) {
|
|
|
454
454
|
_emitAudit("a2a.tasks.scope_denied",
|
|
455
455
|
{ skill: params.task.skill, requiredScope: requiredScope }, "denied");
|
|
456
456
|
}
|
|
457
|
-
res.statusCode = 200; //
|
|
457
|
+
res.statusCode = 200; // JSON-RPC error envelope returns 200
|
|
458
458
|
res.setHeader("Content-Type", "application/json");
|
|
459
459
|
res.end(JSON.stringify(_jsonRpcError(reqId, A2A_SCOPE_DENIED,
|
|
460
460
|
"scope '" + requiredScope + "' required for skill '" + params.task.skill + "'")));
|
|
@@ -476,7 +476,7 @@ function middlewareTasks(opts) {
|
|
|
476
476
|
_emitAudit("a2a.tasks.handled",
|
|
477
477
|
{ method: body.method, skill: params.task && params.task.skill, taskId: params.taskId });
|
|
478
478
|
}
|
|
479
|
-
res.statusCode = 200; //
|
|
479
|
+
res.statusCode = 200; // JSON-RPC 200 with result envelope
|
|
480
480
|
res.setHeader("Content-Type", "application/json");
|
|
481
481
|
res.end(JSON.stringify({
|
|
482
482
|
jsonrpc: JSONRPC_VERSION,
|
|
@@ -491,12 +491,12 @@ function middlewareTasks(opts) {
|
|
|
491
491
|
_emitAudit("a2a.tasks.handler_error",
|
|
492
492
|
{ method: body.method, errorMessage: msg, errorCode: code }, "warning");
|
|
493
493
|
}
|
|
494
|
-
res.statusCode = 200; //
|
|
494
|
+
res.statusCode = 200; // JSON-RPC error envelope returns 200
|
|
495
495
|
res.setHeader("Content-Type", "application/json");
|
|
496
496
|
res.end(JSON.stringify(_jsonRpcError(reqId, code, msg)));
|
|
497
497
|
});
|
|
498
498
|
}).catch(function (readErr) {
|
|
499
|
-
res.statusCode = 400; //
|
|
499
|
+
res.statusCode = 400; // HTTP 400 Bad Request
|
|
500
500
|
res.setHeader("Content-Type", "application/json");
|
|
501
501
|
res.end(JSON.stringify(_jsonRpcError(null, JSONRPC_PARSE_ERROR,
|
|
502
502
|
"could not read request body: " + (readErr.message || readErr))));
|
|
@@ -573,12 +573,12 @@ function middlewareAgentCard(opts) {
|
|
|
573
573
|
var cardJson = JSON.stringify(opts.card);
|
|
574
574
|
return function a2aAgentCardMiddleware(req, res) {
|
|
575
575
|
if ((req.method || "").toUpperCase() !== "GET") {
|
|
576
|
-
res.statusCode = 405; //
|
|
576
|
+
res.statusCode = 405; // HTTP 405 Method Not Allowed
|
|
577
577
|
res.setHeader("Allow", "GET");
|
|
578
578
|
res.end();
|
|
579
579
|
return;
|
|
580
580
|
}
|
|
581
|
-
res.statusCode = 200; //
|
|
581
|
+
res.statusCode = 200; // HTTP 200 OK
|
|
582
582
|
res.setHeader("Content-Type", "application/json");
|
|
583
583
|
res.setHeader("Cache-Control", "public, max-age=" + maxAgeSec);
|
|
584
584
|
res.end(cardJson);
|
|
@@ -39,10 +39,10 @@ var audit = require("./audit");
|
|
|
39
39
|
var { A2aError } = require("./framework-error");
|
|
40
40
|
|
|
41
41
|
var REQUIRED_CARD_FIELDS = ["issuer", "agentId", "capabilities", "version"];
|
|
42
|
-
var ID_MAX = 256; //
|
|
43
|
-
var SEMVER_MAX = 64; //
|
|
44
|
-
var CAP_NAME_MAX = 128; //
|
|
45
|
-
var SHAKE256_BYTES = 64; //
|
|
42
|
+
var ID_MAX = 256; // string-length cap, not bytes
|
|
43
|
+
var SEMVER_MAX = 64; // string-length cap, not bytes
|
|
44
|
+
var CAP_NAME_MAX = 128; // string-length cap, not bytes
|
|
45
|
+
var SHAKE256_BYTES = 64; // SHA3-512 output is 64 bytes (FIPS 202)
|
|
46
46
|
var ID_RE = /^[a-zA-Z0-9._:/-]{1,256}$/;
|
|
47
47
|
var SEMVER_RE = /^[0-9]+\.[0-9]+(?:\.[0-9]+)?(?:-[A-Za-z0-9.-]+)?$/;
|
|
48
48
|
|
|
@@ -138,7 +138,7 @@ function _signJws(privateKey, protectedHeader, payload) {
|
|
|
138
138
|
// ECDSA from node:crypto returns DER-encoded (r,s); RFC 7515 requires
|
|
139
139
|
// raw concatenation of r||s, each padded to the curve byte size (32
|
|
140
140
|
// for P-256).
|
|
141
|
-
var rawSig = _ecdsaDerToRaw(derSig, 32); //
|
|
141
|
+
var rawSig = _ecdsaDerToRaw(derSig, 32); // RFC 7518 §3.4 ES256 signature half-length (P-256 byte size)
|
|
142
142
|
return {
|
|
143
143
|
protected: protB64,
|
|
144
144
|
payload: payloadB64,
|
|
@@ -1432,8 +1432,8 @@ function _base32lc(buf) {
|
|
|
1432
1432
|
var bits = 0;
|
|
1433
1433
|
var value = 0;
|
|
1434
1434
|
for (var i = 0; i < buf.length; i += 1) {
|
|
1435
|
-
value = (value << 8) | buf[i]; //
|
|
1436
|
-
bits += 8; //
|
|
1435
|
+
value = (value << 8) | buf[i]; // bit-shift count, byte boundary
|
|
1436
|
+
bits += 8; // bits-per-byte constant
|
|
1437
1437
|
while (bits >= 5) {
|
|
1438
1438
|
out += alphabet[(value >>> (bits - 5)) & 31];
|
|
1439
1439
|
bits -= 5;
|
|
@@ -430,7 +430,7 @@ function _actorIdHash(actorId) {
|
|
|
430
430
|
|
|
431
431
|
function _truncHash(hash) {
|
|
432
432
|
if (typeof hash !== "string") return "";
|
|
433
|
-
return hash.slice(0, 16); //
|
|
433
|
+
return hash.slice(0, 16); // audit-log truncation length, not a size cap
|
|
434
434
|
}
|
|
435
435
|
|
|
436
436
|
function _fingerprintArgs(args) {
|
|
@@ -117,7 +117,7 @@ function _unsealRegistryRow(row) {
|
|
|
117
117
|
}
|
|
118
118
|
|
|
119
119
|
var DEFAULT_DRAIN_TIMEOUT_MS = C.TIME.minutes(2);
|
|
120
|
-
var STREAM_ID_RAND_BYTES = 8; //
|
|
120
|
+
var STREAM_ID_RAND_BYTES = 8; // stream-id random-suffix byte length, not a size cap
|
|
121
121
|
var DEFAULT_PER_CONSUMER_STOP_MS = C.TIME.seconds(5);
|
|
122
122
|
// SUBSTRATE-20 — FNV-1a offset basis salted with the first 32 bits of
|
|
123
123
|
// SHA3-512(vault master). Attackers who don't have read access to the
|
|
@@ -428,7 +428,7 @@ function _spawnConsumers(ctx, args) {
|
|
|
428
428
|
"spawnConsumers: queue with .consume() required");
|
|
429
429
|
}
|
|
430
430
|
var shards = typeof args.shards === "number" ? args.shards : 1;
|
|
431
|
-
if (!Number.isInteger(shards) || shards < 1 || shards > 256) { //
|
|
431
|
+
if (!Number.isInteger(shards) || shards < 1 || shards > 256) { // shard cap
|
|
432
432
|
throw new AgentOrchestratorError("agent-orchestrator/bad-shard-count",
|
|
433
433
|
"spawnConsumers: shards must be an integer in 1..256");
|
|
434
434
|
}
|
|
@@ -508,21 +508,21 @@ function _saltedFnvBasis() {
|
|
|
508
508
|
var v;
|
|
509
509
|
try { v = vault(); } catch (_e) { v = null; }
|
|
510
510
|
if (!v || typeof v.getKeysJson !== "function") {
|
|
511
|
-
_saltedFnvBasisCache = 2166136261; //
|
|
511
|
+
_saltedFnvBasisCache = 2166136261; // FNV-1a offset basis (vault-less fallback)
|
|
512
512
|
return _saltedFnvBasisCache;
|
|
513
513
|
}
|
|
514
514
|
var keysJson;
|
|
515
515
|
try { keysJson = v.getKeysJson(); }
|
|
516
516
|
catch (_e) {
|
|
517
|
-
_saltedFnvBasisCache = 2166136261; //
|
|
517
|
+
_saltedFnvBasisCache = 2166136261; // FNV-1a offset basis (vault-init-pending fallback)
|
|
518
518
|
return _saltedFnvBasisCache;
|
|
519
519
|
}
|
|
520
520
|
var hashHex = bCrypto.sha3Hash(keysJson);
|
|
521
521
|
// Read the first 32 bits as the salt; mix into the offset basis via
|
|
522
522
|
// XOR so the distribution properties of FNV are preserved.
|
|
523
|
-
var saltBuf = Buffer.from(hashHex.slice(0, 8), "hex"); //
|
|
523
|
+
var saltBuf = Buffer.from(hashHex.slice(0, 8), "hex"); // 32-bit prefix of SHA3-512 hex (4 bytes = 8 hex chars)
|
|
524
524
|
var salt = saltBuf.readUInt32BE(0);
|
|
525
|
-
_saltedFnvBasisCache = ((2166136261 ^ salt) >>> 0); //
|
|
525
|
+
_saltedFnvBasisCache = ((2166136261 ^ salt) >>> 0); // FNV-1a offset basis (vault-salted)
|
|
526
526
|
return _saltedFnvBasisCache;
|
|
527
527
|
}
|
|
528
528
|
|
|
@@ -535,7 +535,7 @@ function shardFor(shardKey, shards) {
|
|
|
535
535
|
var h = _saltedFnvBasis();
|
|
536
536
|
for (var i = 0; i < shardKey.length; i += 1) {
|
|
537
537
|
h ^= shardKey.charCodeAt(i);
|
|
538
|
-
h = (h * 16777619) >>> 0; //
|
|
538
|
+
h = (h * 16777619) >>> 0; // FNV-1a prime
|
|
539
539
|
}
|
|
540
540
|
return h % shards;
|
|
541
541
|
}
|
|
@@ -710,7 +710,7 @@ async function _quiesceInFlight(ctx, startedAt, timeoutMs) {
|
|
|
710
710
|
}
|
|
711
711
|
if (!anyInFlight) return true;
|
|
712
712
|
await new Promise(function (r) {
|
|
713
|
-
var t = setTimeout(r, 50); //
|
|
713
|
+
var t = setTimeout(r, 50); // 50ms in-flight poll interval
|
|
714
714
|
if (t && typeof t.unref === "function") t.unref();
|
|
715
715
|
});
|
|
716
716
|
}
|
|
@@ -72,12 +72,12 @@ var BUILTIN_REGIMES = Object.freeze(["hipaa", "pci-dss", "gdpr", "soc2"]);
|
|
|
72
72
|
// SHAPE, not authenticity). Defense is a keyed MAC over the canonical
|
|
73
73
|
// envelope bytes, computed at appendHop and verified at validate.
|
|
74
74
|
var ENVELOPE_MAC_LABEL = "blamejs.agent.postureChain/v1";
|
|
75
|
-
var ENVELOPE_MAC_KEY_BYTES = 32; //
|
|
75
|
+
var ENVELOPE_MAC_KEY_BYTES = 32; // HMAC-SHA3-512 keyed bytes
|
|
76
76
|
// SUBSTRATE-21 — hop count cap defends infinite recursion across
|
|
77
77
|
// agent delegation. 16 is the spec default; operators can lower via
|
|
78
78
|
// opts.maxHopCount but never raise (audit fan-out without a cap is a
|
|
79
79
|
// DoS class).
|
|
80
|
-
var DEFAULT_MAX_HOP_COUNT = 16; //
|
|
80
|
+
var DEFAULT_MAX_HOP_COUNT = 16; // hop count cap
|
|
81
81
|
var _macKeyCache = null; // memoized per-vault-master key
|
|
82
82
|
|
|
83
83
|
function _resolveMacKey() {
|
|
@@ -80,7 +80,7 @@ var audit = lazyRequire(function () { return require("./audit"); })
|
|
|
80
80
|
|
|
81
81
|
var AgentSagaError = defineClass("AgentSagaError", { alwaysPermanent: true });
|
|
82
82
|
|
|
83
|
-
var SAGA_ID_RAND_BYTES = 8; //
|
|
83
|
+
var SAGA_ID_RAND_BYTES = 8; // saga-id random-suffix byte length
|
|
84
84
|
|
|
85
85
|
/**
|
|
86
86
|
* @primitive b.agent.saga.create
|
|
@@ -71,7 +71,7 @@ var DEFAULT_DRAIN_TIMEOUT_MS = C.TIME.minutes(2);
|
|
|
71
71
|
var DEFAULT_SNAPSHOT_INTERVAL_MS = C.TIME.minutes(5);
|
|
72
72
|
var DEFAULT_MAX_SNAPSHOT_BYTES = C.BYTES.mib(50);
|
|
73
73
|
var SCHEMA_VERSION = 1;
|
|
74
|
-
var SNAPSHOT_ID_RAND_BYTES = 8; //
|
|
74
|
+
var SNAPSHOT_ID_RAND_BYTES = 8; // snapshot-id random suffix
|
|
75
75
|
|
|
76
76
|
/**
|
|
77
77
|
* @primitive b.agent.snapshot.create
|
|
@@ -66,7 +66,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
|
|
|
66
66
|
|
|
67
67
|
var AgentStreamError = defineClass("AgentStreamError", { alwaysPermanent: true });
|
|
68
68
|
|
|
69
|
-
var DEFAULT_BATCH_SIZE = 256; //
|
|
69
|
+
var DEFAULT_BATCH_SIZE = 256; // cursor batch row count, not bytes
|
|
70
70
|
|
|
71
71
|
/**
|
|
72
72
|
* @primitive b.agent.stream.create
|
|
@@ -121,7 +121,7 @@ var TENANT_KDF_LABEL = "blamejs.agent.tenant/v1";
|
|
|
121
121
|
// 32 bytes — XChaCha20-Poly1305 key length. Distinct from the audit
|
|
122
122
|
// truncation buffer so future key-length bumps don't have to chase a
|
|
123
123
|
// magic constant.
|
|
124
|
-
var TENANT_KEY_BYTES = 32; //
|
|
124
|
+
var TENANT_KEY_BYTES = 32; // XChaCha20-Poly1305 key length (256 bits)
|
|
125
125
|
|
|
126
126
|
/**
|
|
127
127
|
* @primitive b.agent.tenant.create
|
|
@@ -78,7 +78,7 @@ function _emitFirstFailureAudit(auditImpl, kind, message) {
|
|
|
78
78
|
if (_failureAuditEmittedFor[kind]) return;
|
|
79
79
|
_failureAuditEmittedFor[kind] = true;
|
|
80
80
|
agentAudit.safeAudit(auditImpl, "agent.trace.tracer_failure", null, {
|
|
81
|
-
kind: kind, message: message ? String(message).slice(0, 256) : "", //
|
|
81
|
+
kind: kind, message: message ? String(message).slice(0, 256) : "", // audit-message char cap
|
|
82
82
|
rateLimited: "first-occurrence-only",
|
|
83
83
|
});
|
|
84
84
|
}
|
|
@@ -249,8 +249,8 @@ function _shouldSample(globalRate, perMethod, method, traceId) {
|
|
|
249
249
|
// Use the low 32 bits of the trace-id as the sampling roll
|
|
250
250
|
// (W3C-compatible). Hash modulo 1e9 → divide by 1e9 puts the
|
|
251
251
|
// result in [0,1) deterministically.
|
|
252
|
-
var lo = parseInt(traceId.slice(-8), 16); //
|
|
253
|
-
var roll = (lo >>> 0) / 0x100000000; //
|
|
252
|
+
var lo = parseInt(traceId.slice(-8), 16); // low 32 bits of trace-id hex
|
|
253
|
+
var roll = (lo >>> 0) / 0x100000000; // 2^32 normalization divisor
|
|
254
254
|
return roll < rate;
|
|
255
255
|
}
|
|
256
256
|
// No trace-id supplied — start of a new trace. Operators wire
|
|
@@ -74,7 +74,7 @@ var REASONING_TIERS = ["none", "basic", "standard", "advanced"];
|
|
|
74
74
|
// descriptor fields are costPer1kInputTokens / costPer1kOutputTokens).
|
|
75
75
|
// Dividing a token count by this rate unit converts a per-1k rate into
|
|
76
76
|
// the per-token multiplier — a rate denominator, not a byte size.
|
|
77
|
-
var COST_RATE_TOKEN_UNIT = 1000; //
|
|
77
|
+
var COST_RATE_TOKEN_UNIT = 1000; // per-1k-token cost-rate denominator, not a byte count
|
|
78
78
|
|
|
79
79
|
var DESCRIPTOR_KEYS = [
|
|
80
80
|
"maxContextTokens", "maxOutputTokens", "modalitiesIn", "modalitiesOut",
|
|
@@ -73,7 +73,7 @@ var ACCOUNTINGS = ["basic", "rdp"];
|
|
|
73
73
|
// integer-exact discrete-Gaussian sampler. 2^32 keeps the deviation
|
|
74
74
|
// from the target σ² below 2^-32 — far under the noise scale — while
|
|
75
75
|
// keeping the BigInt denominators bounded.
|
|
76
|
-
var SIGMA2_RATIONAL_DEN = 4294967296; //
|
|
76
|
+
var SIGMA2_RATIONAL_DEN = 4294967296; // 2^32 rational-approx denominator, not a byte size
|
|
77
77
|
|
|
78
78
|
// ---- Minimal exact rational (BigInt num / den, den > 0) ----
|
|
79
79
|
|
|
@@ -105,7 +105,7 @@ function _uniformBelow(m) {
|
|
|
105
105
|
if (m <= 0n) throw new AiDpError("ai-dp/internal", "ai.dp: _uniformBelow needs m > 0");
|
|
106
106
|
if (m === 1n) return 0n;
|
|
107
107
|
var bits = m.toString(2).length;
|
|
108
|
-
var bytes = Math.ceil(bits / 8); //
|
|
108
|
+
var bytes = Math.ceil(bits / 8); // bits-per-byte divisor, not a size
|
|
109
109
|
var mask = (1n << BigInt(bits)) - 1n;
|
|
110
110
|
for (;;) {
|
|
111
111
|
var buf = bCrypto.generateBytes(bytes);
|
|
@@ -121,7 +121,7 @@ function _uniformBelow(m) {
|
|
|
121
121
|
// the BigInt rejection sampler (accumulating 53 bits in a JS Number
|
|
122
122
|
// would overflow the 2^53 safe-integer range and skew the draw), then
|
|
123
123
|
// mapped (val + 1) / 2^53 → (0, 1].
|
|
124
|
-
var TWO_POW_53 = 9007199254740992; //
|
|
124
|
+
var TWO_POW_53 = 9007199254740992; // 2^53 mantissa range, not a byte size
|
|
125
125
|
function _uniformOpen() {
|
|
126
126
|
var v = Number(_uniformBelow(9007199254740992n)); // [0, 2^53) exact
|
|
127
127
|
return (v + 1) / TWO_POW_53; // (0, 1]
|
|
@@ -231,7 +231,7 @@ function _snappingLaplace(value, scale, bound) {
|
|
|
231
231
|
|
|
232
232
|
// ---- Rényi-DP costs (Mironov 2017) ----
|
|
233
233
|
|
|
234
|
-
var RDP_ORDERS = [1.25, 1.5, 1.75, 2, 2.5, 3, 4, 5, 6, 8, 12, 16, 24, 32, 48, 64, 128, 256]; //
|
|
234
|
+
var RDP_ORDERS = [1.25, 1.5, 1.75, 2, 2.5, 3, 4, 5, 6, 8, 12, 16, 24, 32, 48, 64, 128, 256]; // Rényi DP orders (α), not byte sizes
|
|
235
235
|
|
|
236
236
|
// Gaussian mechanism with noise-to-sensitivity z = sigma / sensitivity:
|
|
237
237
|
// RDP(alpha) = alpha / (2 z^2).
|
|
@@ -25,8 +25,8 @@ var numericBounds = require("./numeric-bounds");
|
|
|
25
25
|
var audit = require("./audit");
|
|
26
26
|
var { AiInputError } = require("./framework-error");
|
|
27
27
|
|
|
28
|
-
var SAMPLE_TRUNC = 80; //
|
|
29
|
-
var CONFIDENCE_BASE = 60; // allow:raw-
|
|
28
|
+
var SAMPLE_TRUNC = 80; // sample truncation length, not bytes
|
|
29
|
+
var CONFIDENCE_BASE = 60; // allow:raw-time-literal — not seconds
|
|
30
30
|
|
|
31
31
|
var PATTERNS = [
|
|
32
32
|
{ id: "ignore-prior-instructions", severity: 3, re:
|
|
@@ -44,7 +44,7 @@ var PATTERNS = [
|
|
|
44
44
|
{ id: "exfil-callback", severity: 3, re:
|
|
45
45
|
/\b(?:send|post|fetch|exfil|leak|paste|forward)\b[\s\S]{0,40}(?:secret|key|token|password|cred|env|\.ssh|private)/i },
|
|
46
46
|
{ id: "base64-marker-around-instructions", severity: 2, re:
|
|
47
|
-
/(?:[A-Za-z0-9+/]{40,}={0,2})\s+(?:means|decodes?\s+to|=)/i }, //
|
|
47
|
+
/(?:[A-Za-z0-9+/]{40,}={0,2})\s+(?:means|decodes?\s+to|=)/i }, // regex repetition floor, not bytes
|
|
48
48
|
{ id: "rot13-shape", severity: 2, re:
|
|
49
49
|
/\b(?:rot13|rotcipher|cipher|caesar)\s*[:=]\s*[a-zA-Z]{20,}/i },
|
|
50
50
|
{ id: "markdown-injection", severity: 2, re:
|
|
@@ -138,7 +138,7 @@ function classify(input, opts) {
|
|
|
138
138
|
else if (signals[j].severity === 2) sev2++;
|
|
139
139
|
}
|
|
140
140
|
var verdict = sev3 > 0 ? "malicious" : (sev2 >= 2 ? "suspicious" : "clean");
|
|
141
|
-
var confidence = sev3 === 0 && sev2 === 0 ? 0 : Math.min(100, CONFIDENCE_BASE + sev3 * 15 + sev2 * 5); //
|
|
141
|
+
var confidence = sev3 === 0 && sev2 === 0 ? 0 : Math.min(100, CONFIDENCE_BASE + sev3 * 15 + sev2 * 5); // confidence ceiling 100, not bytes/seconds
|
|
142
142
|
|
|
143
143
|
if (auditOn && verdict !== "clean") {
|
|
144
144
|
audit.safeEmit({
|