@blamejs/blamejs-shop 0.3.5 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +14 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
- package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
- package/lib/vendor/blamejs/lib/a2a.js +4 -4
- package/lib/vendor/blamejs/lib/acme.js +3 -3
- package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
- package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
- package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
- package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
- package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
- package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
- package/lib/vendor/blamejs/lib/ai-input.js +4 -4
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
- package/lib/vendor/blamejs/lib/archive-read.js +25 -25
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
- package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
- package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
- package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
- package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
- package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
- package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
- package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
- package/lib/vendor/blamejs/lib/audit.js +2 -2
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
- package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
- package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
- package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
- package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
- package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/backup/index.js +7 -7
- package/lib/vendor/blamejs/lib/base32.js +8 -8
- package/lib/vendor/blamejs/lib/budr.js +2 -2
- package/lib/vendor/blamejs/lib/cache-status.js +2 -2
- package/lib/vendor/blamejs/lib/calendar.js +29 -29
- package/lib/vendor/blamejs/lib/cbor.js +12 -12
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
- package/lib/vendor/blamejs/lib/cert.js +5 -5
- package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
- package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
- package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
- package/lib/vendor/blamejs/lib/compliance.js +29 -29
- package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
- package/lib/vendor/blamejs/lib/cookies.js +1 -1
- package/lib/vendor/blamejs/lib/cose.js +13 -13
- package/lib/vendor/blamejs/lib/cra-report.js +1 -1
- package/lib/vendor/blamejs/lib/crdt.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
- package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
- package/lib/vendor/blamejs/lib/crypto.js +6 -6
- package/lib/vendor/blamejs/lib/csp.js +2 -2
- package/lib/vendor/blamejs/lib/cwt.js +4 -4
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
- package/lib/vendor/blamejs/lib/data-act.js +2 -2
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
- package/lib/vendor/blamejs/lib/db-query.js +1 -1
- package/lib/vendor/blamejs/lib/db.js +6 -6
- package/lib/vendor/blamejs/lib/dbsc.js +13 -13
- package/lib/vendor/blamejs/lib/did.js +17 -17
- package/lib/vendor/blamejs/lib/dora.js +4 -4
- package/lib/vendor/blamejs/lib/dsr.js +1 -1
- package/lib/vendor/blamejs/lib/early-hints.js +2 -2
- package/lib/vendor/blamejs/lib/eat.js +4 -4
- package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
- package/lib/vendor/blamejs/lib/external-db.js +1 -1
- package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
- package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
- package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
- package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
- package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
- package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
- package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
- package/lib/vendor/blamejs/lib/guard-email.js +19 -19
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
- package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
- package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
- package/lib/vendor/blamejs/lib/guard-html.js +7 -7
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
- package/lib/vendor/blamejs/lib/guard-image.js +4 -4
- package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
- package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
- package/lib/vendor/blamejs/lib/guard-json.js +12 -12
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
- package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
- package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
- package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
- package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
- package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
- package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
- package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
- package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
- package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
- package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-time.js +15 -15
- package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
- package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
- package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
- package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
- package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
- package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
- package/lib/vendor/blamejs/lib/http-client.js +13 -10
- package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
- package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
- package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
- package/lib/vendor/blamejs/lib/inbox.js +4 -4
- package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
- package/lib/vendor/blamejs/lib/json-path.js +3 -3
- package/lib/vendor/blamejs/lib/json-schema.js +1 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/link-header.js +1 -1
- package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
- package/lib/vendor/blamejs/lib/log.js +8 -3
- package/lib/vendor/blamejs/lib/lro.js +4 -4
- package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
- package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
- package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
- package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
- package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
- package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
- package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
- package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
- package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
- package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
- package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
- package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
- package/lib/vendor/blamejs/lib/mail-store.js +8 -8
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
- package/lib/vendor/blamejs/lib/mail.js +4 -4
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
- package/lib/vendor/blamejs/lib/mcp.js +15 -15
- package/lib/vendor/blamejs/lib/mdoc.js +2 -2
- package/lib/vendor/blamejs/lib/metrics.js +8 -8
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
- package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
- package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
- package/lib/vendor/blamejs/lib/network-dns.js +29 -29
- package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
- package/lib/vendor/blamejs/lib/network-tls.js +100 -98
- package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
- package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
- package/lib/vendor/blamejs/lib/observability.js +8 -8
- package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
- package/lib/vendor/blamejs/lib/openapi.js +1 -1
- package/lib/vendor/blamejs/lib/outbox.js +6 -6
- package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
- package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
- package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
- package/lib/vendor/blamejs/lib/problem-details.js +5 -5
- package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
- package/lib/vendor/blamejs/lib/queue.js +4 -2
- package/lib/vendor/blamejs/lib/redact.js +2 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
- package/lib/vendor/blamejs/lib/router.js +10 -10
- package/lib/vendor/blamejs/lib/safe-async.js +2 -2
- package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
- package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
- package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
- package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
- package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
- package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
- package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/lib/safe-url.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
- package/lib/vendor/blamejs/lib/sandbox.js +5 -5
- package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
- package/lib/vendor/blamejs/lib/self-update.js +3 -3
- package/lib/vendor/blamejs/lib/server-timing.js +3 -3
- package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
- package/lib/vendor/blamejs/lib/session.js +8 -8
- package/lib/vendor/blamejs/lib/sse.js +12 -5
- package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
- package/lib/vendor/blamejs/lib/storage.js +2 -2
- package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
- package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
- package/lib/vendor/blamejs/lib/subject.js +1 -1
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
- package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
- package/lib/vendor/blamejs/lib/test-harness.js +1 -1
- package/lib/vendor/blamejs/lib/tracing.js +1 -1
- package/lib/vendor/blamejs/lib/tsa.js +5 -5
- package/lib/vendor/blamejs/lib/uri-template.js +5 -5
- package/lib/vendor/blamejs/lib/vault/index.js +2 -2
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
- package/lib/vendor/blamejs/lib/vc.js +2 -2
- package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
- package/lib/vendor/blamejs/lib/watcher.js +4 -4
- package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
- package/lib/vendor/blamejs/lib/webhook.js +2 -2
- package/lib/vendor/blamejs/lib/websocket.js +5 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
- package/lib/vendor/blamejs/lib/ws-client.js +24 -24
- package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
- package/lib/vendor/blamejs/test/00-primitives.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
- package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
- package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
- package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.0",
|
|
4
|
+
"date": "2026-05-29",
|
|
5
|
+
"headline": "Operator-configurable header and field names across SSE, request-id, rate-limit, age-gate, AI-Act disclosure, GraphQL federation, and the HTTP cache",
|
|
6
|
+
"summary": "This release makes operator-facing identifiers that were hardcoded configurable. The framework already let operators rename most names (CSRF cookie/field, cookie parser, i18n header/query/cookie, mTLS CA name, and so on); this closes the remaining gaps so a custom or framework-specific name is never frozen. Every new option defaults to the value emitted today, so upgrading changes no behavior — these are additive knobs. It also fixes a request-id asymmetry (the response header is now written on the same name the inbound id is read from) and wires an SSE proxy-buffering option whose escape hatch was documented but never implemented.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Added",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "Configurable cache-status header on the HTTP client",
|
|
13
|
+
"body": "The outbound HTTP client annotated every cached response with a hardcoded `x-blamejs-cache: HIT|MISS|STALE|REVALIDATED` header. `b.httpClient.cache.create` now takes `statusHeader` (default \"x-blamejs-cache\") — pass a custom name (e.g. \"x-cache\") to rename it, or null/false to suppress it entirely. The decision remains available programmatically on `res.cacheStatus`."
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
"title": "Configurable rate-limit header names",
|
|
17
|
+
"body": "`b.middleware.rateLimit` emitted the de-facto `X-RateLimit-Limit` / `X-RateLimit-Remaining` headers (which are not RFC-pinned). It now accepts `headerPrefix` (default \"X-RateLimit-\") so operators can match the unprefixed IETF-draft `RateLimit-*` names or an upstream gateway's convention; the limit/remaining pair is always built from the same prefix."
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
"title": "Configurable age-gate and AI-Act disclosure header names",
|
|
21
|
+
"body": "`b.middleware.ageGate` now takes `privacyPostureHeader` (default \"X-Privacy-Posture\"; null/false to suppress), and `b.middleware.aiActDisclosure` takes `headerPrefix` (default \"AI-Act-\") that prefixes the emitted Notice / Article / Policy headers. The EU AI Act mandates the disclosure, not the HTTP spelling, so operators matching a downstream convention can rename these."
|
|
22
|
+
},
|
|
23
|
+
{
|
|
24
|
+
"title": "Configurable GraphQL-federation replay-nonce header",
|
|
25
|
+
"body": "`b.graphqlFederation.guardSdl` read the replay nonce from the Apollo-vendor `x-apollographql-router-nonce` header with no override. It now accepts `nonceHeader` (default unchanged) so an operator fronting the gateway with a non-Apollo router can point the replay check at their own header."
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"title": "SSE proxy-buffering opt-out",
|
|
29
|
+
"body": "`b.sse.create` and `b.middleware.sse` set `X-Accel-Buffering: no` (the nginx hint that disables proxy buffering). They now accept `proxyBuffer` (default true) — pass false when not behind nginx, or when buffering is controlled at the load balancer, to suppress the nginx-specific header. The opt-out was previously referenced in the documentation but not implemented."
|
|
30
|
+
}
|
|
31
|
+
]
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"heading": "Fixed",
|
|
35
|
+
"items": [
|
|
36
|
+
{
|
|
37
|
+
"title": "Request-id middleware reflects the configured header name",
|
|
38
|
+
"body": "`b.log.middleware` read the inbound request id from a configurable `headerName` but always wrote the response on the literal `X-Request-Id`. An operator who set a custom `headerName` (e.g. `X-Correlation-Id`) therefore read from one header and emitted another. The response is now written on the same configured name; the default remains `X-Request-Id`, so deployments that did not set `headerName` are unaffected."
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
]
|
|
43
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.1",
|
|
4
|
+
"date": "2026-05-29",
|
|
5
|
+
"headline": "Correctness fixes: JAR request-object typ enforcement, byte-faithful PGP multipart/signed, and SAML InResponseTo binding",
|
|
6
|
+
"summary": "A set of correctness fixes across the auth, mail-crypto, TLS, and encoder surfaces. The most important: JWT-secured authorization requests (RFC 9101) now require the request object to carry the registered `oauth-authz-req+jwt` typ, closing a cross-JWT-confusion vector; the PGP multipart/signed wrapper is now assembled byte-faithfully so non-ASCII signed content can't be corrupted; and SAML response verification now returns the InResponseTo of the SubjectConfirmation that actually validated. Two of these change behavior — see Changed — and are bug fixes rather than new features.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Security",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "JAR request objects must carry the registered typ (RFC 9101)",
|
|
13
|
+
"body": "`b.auth.jar.parse` now requires the request-object JWS header to carry `typ: \"oauth-authz-req+jwt\"` (with or without the `application/` prefix); a request object with an absent or different typ is refused with `auth-jar/bad-typ`. RFC 9101 §10.8 specifies this media type precisely to stop a JWT minted for another purpose (an ID token, an access token, a logout token) and signed by the same client key from being replayed as a request object. The existing `iss` / `aud` / `client_id` bindings already constrained that; this restores the explicit type check as well. This is stricter than before — see Changed."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"heading": "Changed",
|
|
19
|
+
"items": [
|
|
20
|
+
{
|
|
21
|
+
"title": "JAR parsing rejects untyped request objects (breaking)",
|
|
22
|
+
"body": "Following the typ enforcement above, a request object whose header omits `typ` is now refused. An authorization server whose clients sign request objects without the `oauth-authz-req+jwt` typ must update those clients to set it."
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"title": "PGP sign() returns multipartSigned as a Buffer (breaking)",
|
|
26
|
+
"body": "`b.mail.crypto.pgp.sign(...).multipartSigned` is now a Buffer instead of a string. The OpenPGP signature covers the signed-part bytes exactly, and a JS-string round trip through latin1/utf8 could corrupt non-ASCII signed content and break verification, so the RFC 3156 multipart/signed wrapper is now assembled as bytes. Code that wrote the previous string to the wire works unchanged when it writes the Buffer; code that did string operations on the value should treat it as a Buffer (its `indexOf` / `toString` still work)."
|
|
27
|
+
}
|
|
28
|
+
]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"heading": "Fixed",
|
|
32
|
+
"items": [
|
|
33
|
+
{
|
|
34
|
+
"title": "SAML response verification binds InResponseTo to the validated confirmation",
|
|
35
|
+
"body": "`verifyResponse` returned the InResponseTo of the first SubjectConfirmationData in the assertion rather than of the SubjectConfirmation that actually passed bearer validation. When a response carried more than one SubjectConfirmation, the returned value could come from a non-validated confirmation. It is now the InResponseTo of the confirmation that validated."
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"title": "checkServerIdentity9525 emits the documented CN-fallback audit code",
|
|
39
|
+
"body": "A CN-only legacy certificate (a Common Name present, no subjectAltName) is now refused by the exported `b.network.tls.checkServerIdentity9525` with the distinct `tls/pkix-cn-fallback-refused` code its documentation promised, so audit logs can tell a CN-only certificate apart from one carrying neither a SAN nor a CN (which still yields `tls/pkix-san-required`). The accept/refuse outcome is unchanged — both are refused; only the audit granularity improved."
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
"title": "OIDC back-channel logout / JARM no longer accept dead override parameters",
|
|
43
|
+
"body": "`verifyBackchannelLogoutToken` and `parseJarmResponse` passed `acceptedAlgs` / `jwksUri` / `maxClockSkewMs` through to the ID-token verifier, which ignored them and applied the configured (create()-time) values. The pass-throughs are removed so the code no longer reads as if those can be overridden per call; the configured trust anchor was — and remains — what applies."
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
"title": "Queue lease failures are logged",
|
|
47
|
+
"body": "The consumer loop's lease-acquisition error path swallowed the backend error silently; it now logs at debug so a flapping backend that has not yet tripped the circuit breaker is visible."
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
"title": "Protobuf and ASN.1 encoders reject out-of-range tags",
|
|
51
|
+
"body": "The protobuf tag encoder rejected nothing and would have emitted a wrong tag for field numbers at or above 2^28 (where the 32-bit shift overflows); the ASN.1 context-tag writers silently truncated tag numbers above 30 (which require the multi-byte high-tag-number form). Both now throw a RangeError rather than encode silently-wrong output. The values these encoders serve are well within range, so no current caller is affected."
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"title": "oid4vci proofAlgorithms default documented accurately",
|
|
55
|
+
"body": "The documented default proof-algorithm list now matches the code (`[\"ES256\", \"ES384\", \"EdDSA\"]`); the doc previously omitted EdDSA, which the runtime has always accepted by default."
|
|
56
|
+
}
|
|
57
|
+
]
|
|
58
|
+
}
|
|
59
|
+
]
|
|
60
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.2",
|
|
4
|
+
"date": "2026-05-29",
|
|
5
|
+
"headline": "Internal lint hygiene: the byte-literal check now flags only genuine byte-scale arithmetic, with no API or behavior changes",
|
|
6
|
+
"summary": "A no-behavior-change cleanup of the source tree's internal lint markers. The byte-literal lint previously flagged every integer that was a multiple of 8 — which is most numbers — so the source carried a large number of suppression comments on values that were not byte sizes at all (status codes, counts, lengths, radixes, opcodes). The lint now flags only 1024-scale byte arithmetic (the case the C.BYTES.kib/mib/gib helpers exist to replace), and the now-unnecessary suppression comments have been removed while keeping their explanatory text. Several lint-suppression markers that named a check that does not exist were also corrected. None of this changes any API, wire format, or runtime behavior.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Changed",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "Source-tree lint markers cleaned up",
|
|
13
|
+
"body": "The internal byte-literal lint was tightened to flag only genuine byte-scale (`* 1024`) arithmetic, and the suppression comments it previously required on non-byte integers were removed (their explanatory text is retained as plain comments). A handful of suppression markers that referenced a non-existent check were pointed at the correct one or removed. This is source-comment hygiene only — there is no change to any exported API, error code, wire format, or runtime behavior."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
17
|
+
]
|
|
18
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.3",
|
|
4
|
+
"date": "2026-05-30",
|
|
5
|
+
"headline": "A codebase check now ensures every lint-suppression marker names a real check, so a typo can't silently disable a guard",
|
|
6
|
+
"summary": "Source files suppress an individual lint with an `// allow:<class>` comment. If the class is mistyped or stale, the comment suppresses nothing — the check it names does not exist — so the issue it was meant to explain ships unflagged. A new codebase check now verifies every `// allow:<class>` marker names a registered check class and fails if it does not, with the full set of valid classes maintained as an explicit registry. Two markers that named a non-kebab class were corrected as part of this. No runtime, API, or wire-format changes.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Detectors",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "Lint-suppression markers must name a registered check",
|
|
13
|
+
"body": "A new check flags any `// allow:<class>` suppression comment whose class is not one of the registered check classes — catching typos and stale markers (for example a marker that named a check which was later renamed) that would otherwise silently disable the guard they appear to explain. The valid classes are kept as an explicit registry, so adding a check with a new allow-class is a one-line registration. Source-comment hygiene only — no change to any exported API, error code, wire format, or runtime behavior."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
17
|
+
]
|
|
18
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.4",
|
|
4
|
+
"date": "2026-05-30",
|
|
5
|
+
"headline": "Removed three pieces of dead code from the SAML, TLS, and JMAP surfaces; no API or behavior changes",
|
|
6
|
+
"summary": "Cleanup of unreachable code. A reverse signature-algorithm lookup in the SAML verifier was never called — the actual verification path resolves the algorithm through the supported-signature table — so it is removed and a stale comment that referenced it is corrected. A leftover no-op placeholder in the TLS certificate re-encode path (a zero-length slice that was assigned and discarded) is removed, leaving the verbatim extension re-encode it sat next to. An unused JMAP well-known-path constant that existed only to be discarded is removed. None of this changes any exported API, error code, wire format, or runtime behavior.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Removed",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "Unreachable code in SAML, TLS, and JMAP",
|
|
13
|
+
"body": "Removed `_sigAlgFromUri` from the SAML module (a reverse alg lookup that was never called — the embedded XML-DSig verifier resolves the algorithm via the supported-signature table, and the redirect-binding path uses the forward `_sigAlgUrn`), a discarded zero-length-slice placeholder in the TLS certificate extension re-encode path, and an unused well-known-path constant in the JMAP server. Internal cleanup only — no change to any exported API, error code, wire format, or runtime behavior."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
17
|
+
]
|
|
18
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.14.5",
|
|
4
|
+
"date": "2026-05-30",
|
|
5
|
+
"headline": "Finished cleaning up the mislabeled byte-literal lint suppressions, with no API or behavior changes",
|
|
6
|
+
"summary": "A follow-up to the byte-literal lint tightening. The remaining suppression comments that named the byte-literal check on values that are not byte sizes — JSON-RPC error codes, HTTP status codes, octet ranges, day-in-milliseconds constants — are removed, keeping their explanatory text and any correctly-named companion suppression. Every byte-literal suppression that remains is now on genuine 1024-scale byte arithmetic. Source-comment hygiene only.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Changed",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "Remaining mislabeled byte-literal suppressions removed",
|
|
13
|
+
"body": "The byte-literal lint was previously a check on any multiple-of-8 integer, so suppression comments naming it were scattered across non-byte values. The last of those (in a handful of files, in mixed comment formats) are now removed — their explanatory text is retained as plain comments, and any correctly-named companion suppression is kept. The only byte-literal suppressions that remain are on genuine 1024-scale byte arithmetic. No change to any exported API, error code, wire format, or runtime behavior."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
17
|
+
]
|
|
18
|
+
}
|
|
@@ -12563,6 +12563,21 @@ async function testLogMiddlewareSetsRequestId() {
|
|
|
12563
12563
|
mw(req3, res3, function () { t.log.info("during req3"); resolve(); });
|
|
12564
12564
|
});
|
|
12565
12565
|
check("middleware strips CRLF from inbound id", req3.id === "evil");
|
|
12566
|
+
|
|
12567
|
+
// Custom headerName: the response is written on the SAME configured
|
|
12568
|
+
// header the inbound id is read from (read/write symmetry).
|
|
12569
|
+
var customMw = t.log.middleware({ headerName: "X-Correlation-Id" });
|
|
12570
|
+
var setHeaderCalls4 = [];
|
|
12571
|
+
var req4 = { headers: { "x-correlation-id": "corr-123" } };
|
|
12572
|
+
var res4 = { setHeader: function (k, v) { setHeaderCalls4.push([k, v]); } };
|
|
12573
|
+
await new Promise(function (resolve) {
|
|
12574
|
+
customMw(req4, res4, function () { resolve(); });
|
|
12575
|
+
});
|
|
12576
|
+
check("custom headerName reads inbound id", req4.id === "corr-123");
|
|
12577
|
+
check("custom headerName writes the same header",
|
|
12578
|
+
setHeaderCalls4.length === 1 &&
|
|
12579
|
+
setHeaderCalls4[0][0] === "X-Correlation-Id" &&
|
|
12580
|
+
setHeaderCalls4[0][1] === "corr-123");
|
|
12566
12581
|
}
|
|
12567
12582
|
|
|
12568
12583
|
function testLogRedactsExtras() {
|
|
@@ -32,6 +32,28 @@ function _mockRes() {
|
|
|
32
32
|
ag(_mockReq({ user: { age: 12 } }), belowRes, function () {});
|
|
33
33
|
check("below-threshold sets X-Privacy-Posture", belowRes._captured.headers["X-Privacy-Posture"] === "below-threshold");
|
|
34
34
|
|
|
35
|
+
// privacyPostureHeader override + suppression
|
|
36
|
+
var customHdr = b.middleware.ageGate({
|
|
37
|
+
audit: false,
|
|
38
|
+
getAge: function (req) { return req.user && req.user.age; },
|
|
39
|
+
consentRequired: 18,
|
|
40
|
+
privacyPostureHeader: "X-Age-Band",
|
|
41
|
+
});
|
|
42
|
+
var customRes = _mockRes();
|
|
43
|
+
customHdr(_mockReq({ user: { age: 12 } }), customRes, function () {});
|
|
44
|
+
check("custom privacyPostureHeader used", customRes._captured.headers["X-Age-Band"] === "below-threshold");
|
|
45
|
+
check("custom privacyPostureHeader replaces default", customRes._captured.headers["X-Privacy-Posture"] === undefined);
|
|
46
|
+
|
|
47
|
+
var suppressed = b.middleware.ageGate({
|
|
48
|
+
audit: false,
|
|
49
|
+
getAge: function (req) { return req.user && req.user.age; },
|
|
50
|
+
consentRequired: 18,
|
|
51
|
+
privacyPostureHeader: false,
|
|
52
|
+
});
|
|
53
|
+
var suppressedRes = _mockRes();
|
|
54
|
+
suppressed(_mockReq({ user: { age: 12 } }), suppressedRes, function () {});
|
|
55
|
+
check("privacyPostureHeader:false suppresses the header", suppressedRes._captured.headers["X-Privacy-Posture"] === undefined);
|
|
56
|
+
|
|
35
57
|
// requireAge gate
|
|
36
58
|
var hardGate = b.middleware.ageGate({
|
|
37
59
|
audit: false,
|
|
@@ -135,12 +135,41 @@ async function testValidation() {
|
|
|
135
135
|
check("parse: missing algorithms refused (verifyExternal — no alg defaults)", noAlg !== null);
|
|
136
136
|
}
|
|
137
137
|
|
|
138
|
+
// RFC 9101 §10.8 — the request object MUST be typed so a same-client JWT
|
|
139
|
+
// minted for another purpose can't be replayed as a request object.
|
|
140
|
+
async function testTypEnforcement() {
|
|
141
|
+
function _withTyp(typ) {
|
|
142
|
+
var payload = {
|
|
143
|
+
iss: CLIENT, aud: AS, client_id: CLIENT, response_type: "code",
|
|
144
|
+
redirect_uri: "https://app.example.com/cb",
|
|
145
|
+
iat: _nowSec(), exp: _nowSec() + 120,
|
|
146
|
+
};
|
|
147
|
+
var header = { alg: "RS256", kid: "c1" };
|
|
148
|
+
if (typ !== undefined) header.typ = typ;
|
|
149
|
+
return _signRs256(KEYS.privateKey, header, payload);
|
|
150
|
+
}
|
|
151
|
+
var okBare = await b.auth.jar.parse(_withTyp("oauth-authz-req+jwt"), _parseOpts());
|
|
152
|
+
check("parse: typ 'oauth-authz-req+jwt' accepted", okBare.params.response_type === "code");
|
|
153
|
+
var okPrefixed = await b.auth.jar.parse(_withTyp("application/oauth-authz-req+jwt"), _parseOpts());
|
|
154
|
+
check("parse: typ 'application/oauth-authz-req+jwt' accepted", okPrefixed.params.response_type === "code");
|
|
155
|
+
|
|
156
|
+
var eWrong = null;
|
|
157
|
+
try { await b.auth.jar.parse(_withTyp("JWT"), _parseOpts()); } catch (e) { eWrong = e; }
|
|
158
|
+
check("parse: wrong typ refused (cross-JWT confusion, RFC 9101 §10.8)",
|
|
159
|
+
eWrong && eWrong.code === "auth-jar/bad-typ");
|
|
160
|
+
|
|
161
|
+
var eAbsent = null;
|
|
162
|
+
try { await b.auth.jar.parse(_withTyp(undefined), _parseOpts()); } catch (e) { eAbsent = e; }
|
|
163
|
+
check("parse: absent typ refused (strict)", eAbsent && eAbsent.code === "auth-jar/bad-typ");
|
|
164
|
+
}
|
|
165
|
+
|
|
138
166
|
async function run() {
|
|
139
167
|
await testRoundTrip();
|
|
140
168
|
await testAntiNesting();
|
|
141
169
|
await testClientIdBinding();
|
|
142
170
|
await testAlgConfusionDelegated();
|
|
143
171
|
await testValidation();
|
|
172
|
+
await testTypEnforcement();
|
|
144
173
|
}
|
|
145
174
|
|
|
146
175
|
module.exports = { run: run };
|
|
@@ -279,15 +279,105 @@ function _report(label, matches) {
|
|
|
279
279
|
// Adding a marker at a violation line allowlists that one specific
|
|
280
280
|
// occurrence; the reason follows the marker on the same comment line.
|
|
281
281
|
|
|
282
|
+
// Every `// allow:<class>` suppression marker must name a REGISTERED detector
|
|
283
|
+
// allow-class. A typo'd or stale class (e.g. the historical `setinterval-unref`
|
|
284
|
+
// when the real check is `timer-no-unref`, or `protocol-constant` which names
|
|
285
|
+
// no detector at all) suppresses NOTHING — the detector it claims to silence
|
|
286
|
+
// does not exist — so the underlying violation it was meant to explain ships
|
|
287
|
+
// unflagged. When you add a detector with a new allow-class, register it here.
|
|
288
|
+
var VALID_ALLOW_CLASSES = {
|
|
289
|
+
"ai-disclosure-on-request-without-requested-gate": 1,
|
|
290
|
+
"archive-gz-without-safedecompress": 1,
|
|
291
|
+
"archive-wrap-partial-recipient": 1,
|
|
292
|
+
"backup-adapter-storage-without-posture-check": 1,
|
|
293
|
+
"bare-canonicalize-walk": 1,
|
|
294
|
+
"bare-error-throw": 1,
|
|
295
|
+
"bare-json-parse": 1,
|
|
296
|
+
"bare-split-on-quoted-header": 1,
|
|
297
|
+
"console-direct": 1,
|
|
298
|
+
"duplicate-regex": 1,
|
|
299
|
+
"dynamic-regex": 1,
|
|
300
|
+
"dynamic-require": 1,
|
|
301
|
+
"from-base64url-untrapped": 1,
|
|
302
|
+
"fs-path-from-operator-identifier-without-traversal-refusal": 1,
|
|
303
|
+
"gitleaks-entropy": 1,
|
|
304
|
+
"handrolled-buffer-collect": 1,
|
|
305
|
+
"handrolled-debounce": 1,
|
|
306
|
+
"hostname-compare-trailing-dot": 1,
|
|
307
|
+
"inline-numeric-bounds-cascade": 1,
|
|
308
|
+
"inline-require": 1,
|
|
309
|
+
"inline-require-non-empty-string-validation": 1,
|
|
310
|
+
"internal-binding-in-prose": 1,
|
|
311
|
+
"list-without-pagination": 1,
|
|
312
|
+
"math-random-noncrypto": 1,
|
|
313
|
+
"no-number-money-arithmetic": 1,
|
|
314
|
+
"numeric-opt-Infinity": 1,
|
|
315
|
+
"numeric-opt-no-bounds-check": 1,
|
|
316
|
+
"process-exit": 1,
|
|
317
|
+
"raw-byte-literal": 1,
|
|
318
|
+
"raw-hash-compare": 1,
|
|
319
|
+
"raw-new-url": 1,
|
|
320
|
+
"raw-outbound-http": 1,
|
|
321
|
+
"raw-process-env": 1,
|
|
322
|
+
"raw-randombytes-token": 1,
|
|
323
|
+
"raw-time-literal": 1,
|
|
324
|
+
"raw-timing-safe-equal": 1,
|
|
325
|
+
"regex-no-length-cap": 1,
|
|
326
|
+
"seal-without-aad": 1,
|
|
327
|
+
"silent-catch": 1,
|
|
328
|
+
"slsa-framework-action-not-sha-pinned": 1,
|
|
329
|
+
"timer-no-unref": 1,
|
|
330
|
+
"wildcard-suffix-match-without-single-label-check": 1,
|
|
331
|
+
};
|
|
332
|
+
|
|
333
|
+
function testNoOrphanAllowClass() {
|
|
334
|
+
// scanScope: lib + test (every shipped + test source).
|
|
335
|
+
var files = _libFiles().concat(_testFiles());
|
|
336
|
+
var bad = [];
|
|
337
|
+
var re = /\ballow:([a-z][a-zA-Z0-9-]*)/g;
|
|
338
|
+
for (var fi = 0; fi < files.length; fi++) {
|
|
339
|
+
var rel = _relPath(files[fi]);
|
|
340
|
+
// Skip THIS file: it holds the marker machinery + the registry itself,
|
|
341
|
+
// where `allow:` appears in regexes and the VALID_ALLOW_CLASSES keys.
|
|
342
|
+
if (rel === "test/layer-0-primitives/codebase-patterns.test.js") continue;
|
|
343
|
+
var content;
|
|
344
|
+
try { content = fs.readFileSync(files[fi], "utf8"); }
|
|
345
|
+
catch (_e) { continue; }
|
|
346
|
+
var lines = content.split(/\r?\n/);
|
|
347
|
+
for (var li = 0; li < lines.length; li++) {
|
|
348
|
+
// Only inspect the `//` line-comment portion — markers are always
|
|
349
|
+
// comments, never string literals.
|
|
350
|
+
var hashIdx = lines[li].indexOf("//");
|
|
351
|
+
if (hashIdx === -1) continue;
|
|
352
|
+
var comment = lines[li].slice(hashIdx);
|
|
353
|
+
var m;
|
|
354
|
+
re.lastIndex = 0;
|
|
355
|
+
while ((m = re.exec(comment)) !== null) {
|
|
356
|
+
var cls = m[1];
|
|
357
|
+
if (!Object.prototype.hasOwnProperty.call(VALID_ALLOW_CLASSES, cls)) {
|
|
358
|
+
bad.push({
|
|
359
|
+
file: rel,
|
|
360
|
+
line: li + 1,
|
|
361
|
+
content: "unregistered allow-class '" + cls + "' — names no detector " +
|
|
362
|
+
"(fix the typo, or register it in VALID_ALLOW_CLASSES)",
|
|
363
|
+
});
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
_report("every // allow:<class> marker names a registered detector class", bad);
|
|
369
|
+
}
|
|
370
|
+
|
|
282
371
|
function testNoRawByteLiterals() {
|
|
283
372
|
// class: raw-byte-literal
|
|
284
|
-
//
|
|
285
|
-
//
|
|
286
|
-
//
|
|
287
|
-
//
|
|
288
|
-
//
|
|
289
|
-
//
|
|
290
|
-
//
|
|
373
|
+
// Byte-SCALE arithmetic — `n * 1024` (KiB), `* 1024 * 1024` (MiB),
|
|
374
|
+
// `* 1024 * 1024 * 1024` (GiB) — must route through C.BYTES.kib / mib /
|
|
375
|
+
// gib(n) so the framework's byte math has a single source of truth.
|
|
376
|
+
// That 1024-scale is exactly what the C.BYTES helpers replace; a bare
|
|
377
|
+
// multiple-of-8 in any other context (an HTTP status, a radix, a count,
|
|
378
|
+
// a length, an opcode, an octet, a field width …) is NOT a byte size and
|
|
379
|
+
// is deliberately NOT flagged. Strings, regex, hex, and C.BYTES-wrapped
|
|
380
|
+
// lines are excluded.
|
|
291
381
|
var files = _libFiles();
|
|
292
382
|
var bad = [];
|
|
293
383
|
for (var fi = 0; fi < files.length; fi++) {
|
|
@@ -312,6 +402,11 @@ function testNoRawByteLiterals() {
|
|
|
312
402
|
// byte literal (`C.BYTES.mib(64)`, `C.TIME.seconds(8)`) and the
|
|
313
403
|
// wrapping primitive is the single source of truth.
|
|
314
404
|
if (/\bC\.(BYTES|TIME)\.\w+\(/.test(stripped)) continue;
|
|
405
|
+
// NARROWED: only 1024-scale byte arithmetic is a real byte size that
|
|
406
|
+
// C.BYTES.kib / mib / gib replaces. Skip every line that is not
|
|
407
|
+
// byte-scale `* 1024` math — a bare multiple-of-8 elsewhere is not a
|
|
408
|
+
// byte literal and no longer needs a marker.
|
|
409
|
+
if (!/\*\s*1024\b/.test(stripped)) continue;
|
|
315
410
|
// Skip lines whose left-hand side explicitly names a non-byte
|
|
316
411
|
// unit. Match the unit token at any position in a SCREAMING_SNAKE
|
|
317
412
|
// identifier (start, middle, or end). Examples:
|
|
@@ -383,8 +478,8 @@ function testNoRawByteLiterals() {
|
|
|
383
478
|
}
|
|
384
479
|
}
|
|
385
480
|
bad = _filterMarkers(bad, "raw-byte-literal");
|
|
386
|
-
_report("no raw byte-
|
|
387
|
-
"C.BYTES.kib / mib / gib
|
|
481
|
+
_report("no raw byte-scale literals (1024-scale `* 1024` arithmetic; " +
|
|
482
|
+
"use C.BYTES.kib / mib / gib)",
|
|
388
483
|
bad);
|
|
389
484
|
}
|
|
390
485
|
|
|
@@ -10380,6 +10475,7 @@ function testSafeGuardHasMustComposeDetector() {
|
|
|
10380
10475
|
}
|
|
10381
10476
|
|
|
10382
10477
|
async function run() {
|
|
10478
|
+
testNoOrphanAllowClass();
|
|
10383
10479
|
testNoRawByteLiterals();
|
|
10384
10480
|
testNoRawTimeLiterals();
|
|
10385
10481
|
testNumericOptsValidate();
|
|
@@ -374,6 +374,21 @@ function run() {
|
|
|
374
374
|
res4.writeHead(404, {});
|
|
375
375
|
check("middleware: no inject on 4xx", res4._headers["AI-Act-Notice"] == null);
|
|
376
376
|
|
|
377
|
+
// headerPrefix override — the disclosure headers carry a custom prefix
|
|
378
|
+
var mwPfx = b.middleware.aiActDisclosure({
|
|
379
|
+
kind: "ai-interaction",
|
|
380
|
+
policyUri: "https://myco.example.com/ai-policy",
|
|
381
|
+
headerPrefix: "X-AI-",
|
|
382
|
+
audit: false,
|
|
383
|
+
});
|
|
384
|
+
var req5 = { headers: {}, url: "/pfx" };
|
|
385
|
+
var res5 = _mockRes();
|
|
386
|
+
mwPfx(req5, res5, function () {});
|
|
387
|
+
res5.writeHead(200, {});
|
|
388
|
+
check("middleware: custom headerPrefix on Notice", res5._headers["X-AI-Notice"] === "ai-interaction");
|
|
389
|
+
check("middleware: custom headerPrefix on Article", res5._headers["X-AI-Article"] === "Art. 50(1)");
|
|
390
|
+
check("middleware: custom headerPrefix replaces default", res5._headers["AI-Act-Notice"] == null);
|
|
391
|
+
|
|
377
392
|
// ---- expanded prohibited classifier ----
|
|
378
393
|
var hits7 = aiAct.prohibited.classify({
|
|
379
394
|
purpose: "predictive-policing", usesProfileOnly: true,
|
|
@@ -27,6 +27,16 @@ async function run() {
|
|
|
27
27
|
|
|
28
28
|
var pub = b.graphqlFederation.guardSdl({ publicSchemaOk: true });
|
|
29
29
|
check("guardSdl: public schema", typeof pub === "function");
|
|
30
|
+
|
|
31
|
+
// nonceHeader override — the replay nonce can be read from a custom
|
|
32
|
+
// request header (not just the Apollo-vendor default), for operators
|
|
33
|
+
// fronting the gateway with a non-Apollo router.
|
|
34
|
+
var withNonce = b.graphqlFederation.guardSdl({
|
|
35
|
+
routerToken: "a".repeat(64),
|
|
36
|
+
nonceStore: { has: function () { return false; }, remember: function () {} },
|
|
37
|
+
nonceHeader: "x-my-nonce",
|
|
38
|
+
});
|
|
39
|
+
check("guardSdl: accepts custom nonceHeader", typeof withNonce === "function");
|
|
30
40
|
}
|
|
31
41
|
|
|
32
42
|
module.exports = { run: run };
|
|
@@ -98,6 +98,18 @@ function testCreateBadOpts() {
|
|
|
98
98
|
try { b.httpClient.cache.memoryStore({ evictionPolicy: "fifo" }); }
|
|
99
99
|
catch (_e) { threw = true; }
|
|
100
100
|
check("memoryStore: throws on unknown evictionPolicy", threw);
|
|
101
|
+
|
|
102
|
+
// statusHeader: default / custom / suppress / bad
|
|
103
|
+
check("cache.create: default statusHeader is x-blamejs-cache",
|
|
104
|
+
b.httpClient.cache.create({ store: _newCache().store }).statusHeader === "x-blamejs-cache");
|
|
105
|
+
check("cache.create: custom statusHeader honored",
|
|
106
|
+
b.httpClient.cache.create({ store: _newCache().store, statusHeader: "X-Cache" }).statusHeader === "x-cache");
|
|
107
|
+
check("cache.create: statusHeader null suppresses",
|
|
108
|
+
b.httpClient.cache.create({ store: _newCache().store, statusHeader: null }).statusHeader === null);
|
|
109
|
+
threw = false;
|
|
110
|
+
try { b.httpClient.cache.create({ store: _newCache().store, statusHeader: 123 }); }
|
|
111
|
+
catch (_e) { threw = true; }
|
|
112
|
+
check("cache.create: throws on non-string statusHeader", threw);
|
|
101
113
|
}
|
|
102
114
|
|
|
103
115
|
// ---- Hit / miss / store ---------------------------------------------
|
|
@@ -116,6 +116,13 @@ function testPgpEd25519RoundTrip() {
|
|
|
116
116
|
check("ed25519 multipart wrapper present", rv.multipartSigned.indexOf("multipart/signed") !== -1);
|
|
117
117
|
check("ed25519 multipart protocol is pgp", rv.multipartSigned.indexOf('protocol="application/pgp-signature"') !== -1);
|
|
118
118
|
check("ed25519 micalg is pgp-sha512", rv.multipartSigned.indexOf('micalg="pgp-sha512"') !== -1);
|
|
119
|
+
check("ed25519 multipartSigned is a Buffer", Buffer.isBuffer(rv.multipartSigned));
|
|
120
|
+
// Byte-fidelity: a UTF-8 multibyte signed part must appear verbatim in the
|
|
121
|
+
// wrapper (a latin1 string round-trip would corrupt it and break the sig).
|
|
122
|
+
var utf8Part = Buffer.from("Subject: éè 中文\r\n\r\nbody\r\n", "utf8");
|
|
123
|
+
var rvU = pgp.sign({ message: utf8Part, privateKeyPem: kp.privateKey, creationTime: t0 });
|
|
124
|
+
check("ed25519 multipartSigned preserves UTF-8 signed bytes verbatim",
|
|
125
|
+
rvU.multipartSigned.indexOf(utf8Part) !== -1);
|
|
119
126
|
|
|
120
127
|
var verify = pgp.verify({
|
|
121
128
|
message: message,
|
|
@@ -276,13 +276,19 @@ function testPkixSanRequiredWhenAbsent() {
|
|
|
276
276
|
}
|
|
277
277
|
|
|
278
278
|
function testPkixCnFallbackRefused() {
|
|
279
|
-
// Legacy CN-only cert (no SAN, but has CN) -> distinct code
|
|
279
|
+
// Legacy CN-only cert (no SAN, but has CN) -> distinct CN-fallback code,
|
|
280
|
+
// emitted by the exported drop-in itself (RFC 9525 §6.4.4; matches the
|
|
281
|
+
// @primitive doc which promises operators can grep the distinct shape).
|
|
280
282
|
var err = b.network.tls.checkServerIdentity9525("foo.example.com",
|
|
281
283
|
_cert(undefined, "foo.example.com"));
|
|
282
|
-
check("CN-only cert refuses with tls/pkix-
|
|
283
|
-
err && err.code === "tls/pkix-
|
|
284
|
-
//
|
|
285
|
-
|
|
284
|
+
check("CN-only cert refuses with tls/pkix-cn-fallback-refused",
|
|
285
|
+
err && err.code === "tls/pkix-cn-fallback-refused");
|
|
286
|
+
// No SAN AND no CN still falls through to the generic san-required code.
|
|
287
|
+
var sanErr = b.network.tls.checkServerIdentity9525("foo.example.com",
|
|
288
|
+
_cert(undefined));
|
|
289
|
+
check("no-SAN no-CN cert still refuses with tls/pkix-san-required",
|
|
290
|
+
sanErr && sanErr.code === "tls/pkix-san-required");
|
|
291
|
+
// The internal _checkServerIdentityStrict surfaces the same code:
|
|
286
292
|
var strictErr = b.network.tls._checkServerIdentityStrict("foo.example.com",
|
|
287
293
|
_cert(undefined, "foo.example.com"));
|
|
288
294
|
check("internal strict combiner surfaces tls/pkix-cn-fallback-refused",
|
|
@@ -37,6 +37,40 @@ async function run() {
|
|
|
37
37
|
check("instances() entries expose .resetAll",
|
|
38
38
|
typeof mwA.resetAll === "function");
|
|
39
39
|
|
|
40
|
+
// headerPrefix: the X-RateLimit-* response header names are configurable
|
|
41
|
+
// (default "X-RateLimit-", or e.g. the unprefixed IETF-draft "RateLimit-").
|
|
42
|
+
function _mkRes() {
|
|
43
|
+
var h = {};
|
|
44
|
+
return { _h: h, setHeader: function (k, v) { h[k] = v; }, writeHead: function () {}, end: function () {} };
|
|
45
|
+
}
|
|
46
|
+
function _runRl(mw, key) {
|
|
47
|
+
return new Promise(function (resolve) {
|
|
48
|
+
var res = _mkRes();
|
|
49
|
+
mw({ headers: {}, url: "/", method: "GET", socket: { remoteAddress: "127.0.0.1" } },
|
|
50
|
+
res, function () { resolve(res); });
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
var rlDefault = b.middleware.rateLimit({
|
|
54
|
+
backend: "memory", burst: 5, refillPerSecond: 1, keyFn: function () { return "hp-d"; },
|
|
55
|
+
});
|
|
56
|
+
var rlDefaultRes = await _runRl(rlDefault);
|
|
57
|
+
check("rateLimit default emits X-RateLimit-Limit",
|
|
58
|
+
rlDefaultRes._h["X-RateLimit-Limit"] !== undefined);
|
|
59
|
+
var rlCustom = b.middleware.rateLimit({
|
|
60
|
+
backend: "memory", burst: 5, refillPerSecond: 1, headerPrefix: "RateLimit-",
|
|
61
|
+
keyFn: function () { return "hp-c"; },
|
|
62
|
+
});
|
|
63
|
+
var rlCustomRes = await _runRl(rlCustom);
|
|
64
|
+
check("rateLimit custom headerPrefix on limit",
|
|
65
|
+
rlCustomRes._h["RateLimit-Limit"] !== undefined);
|
|
66
|
+
check("rateLimit custom headerPrefix on remaining",
|
|
67
|
+
rlCustomRes._h["RateLimit-Remaining"] !== undefined);
|
|
68
|
+
check("rateLimit custom headerPrefix replaces default",
|
|
69
|
+
rlCustomRes._h["X-RateLimit-Limit"] === undefined);
|
|
70
|
+
// Deregister so the registry-count assertions below stay exact.
|
|
71
|
+
rlDefault.close();
|
|
72
|
+
rlCustom.close();
|
|
73
|
+
|
|
40
74
|
// Seed each backend so resetAll has observable state to flush.
|
|
41
75
|
// Drive .take() through the middleware function via a fake req/res.
|
|
42
76
|
var fakeReq = { socket: { remoteAddress: "1.2.3.4" }, method: "GET", url: "/" };
|
|
@@ -118,6 +118,18 @@ async function run() {
|
|
|
118
118
|
/data: plain\n\n/.test(captured.body));
|
|
119
119
|
check("sse: handler ran fully", sent.length === 2);
|
|
120
120
|
check("sse: stream closed", captured.ended === true);
|
|
121
|
+
check("sse: default sets X-Accel-Buffering: no",
|
|
122
|
+
captured.headers["X-Accel-Buffering"] === "no");
|
|
123
|
+
|
|
124
|
+
// ---- proxyBuffer: false suppresses the nginx hint ----
|
|
125
|
+
var mwNB = b.middleware.sse(async function (channel) {
|
|
126
|
+
channel.send({ data: "x" });
|
|
127
|
+
channel.close();
|
|
128
|
+
}, { heartbeatMs: false, proxyBuffer: false });
|
|
129
|
+
var resNB = _mockRes();
|
|
130
|
+
await mwNB(_mockReq(), resNB);
|
|
131
|
+
check("sse: proxyBuffer:false suppresses X-Accel-Buffering",
|
|
132
|
+
resNB._captured().headers["X-Accel-Buffering"] === undefined);
|
|
121
133
|
|
|
122
134
|
// ---- onAbort runs on res close ----
|
|
123
135
|
var aborted = false;
|
package/package.json
CHANGED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
-
"version": "0.13.0",
|
|
4
|
-
"date": "2026-05-26",
|
|
5
|
-
"headline": "`b.crypto.oprf` — RFC 9497 Oblivious PRFs",
|
|
6
|
-
"summary": "Compute F(serverKey, input) without the server learning the input and without the client learning the key — the Oblivious PRF primitive behind password hardening (the server peppers a password it never sees), private set intersection, and Privacy Pass. b.crypto.oprf.suite(name) returns an RFC 9497 ciphersuite — ristretto255-sha512, p256-sha256, p384-sha384, or p521-sha512 — each exposing the base oprf mode and the verifiable voprf mode (a DLEQ proof lets the client confirm the server used the key committed in its public key). The client blinds its input, the server blind-evaluates with its secret key, and the client finalizes by un-blinding and hashing; because un-blinding cancels the blind, the output depends only on key and input. Validated byte-for-byte against the RFC 9497 Appendix-A test vectors. Group and hash-to-curve operations come from the newly vendored @noble/curves (Paul Miller, MIT) — the same maintainer as the framework's existing vendored @noble/post-quantum and @noble/ciphers, with no added npm runtime dependency.",
|
|
7
|
-
"sections": [
|
|
8
|
-
{
|
|
9
|
-
"heading": "Added",
|
|
10
|
-
"items": [
|
|
11
|
-
{
|
|
12
|
-
"title": "`b.crypto.oprf` — RFC 9497 OPRF / VOPRF",
|
|
13
|
-
"body": "`suite(name)` returns `{ name, oprf, voprf }` for one of the four RFC 9497 ciphersuites (ristretto255-SHA512 / P-256-SHA256 / P-384-SHA384 / P-521-SHA512). The `oprf` (base) mode provides `deriveKeyPair` / `generateKeyPair` / `blind` / `blindEvaluate` / `finalize` / `evaluate`; `voprf` (verifiable) adds a DLEQ proof so the client can prove the server used the committed key. Use it for password hardening, private set intersection, and OPRF-based tokens. Verified against the RFC 9497 Appendix-A vectors. The partially-oblivious `poprf` mode is not yet exposed (the vendored `@noble/curves` does not implement it) and will follow upstream."
|
|
14
|
-
},
|
|
15
|
-
{
|
|
16
|
-
"title": "Vendored `@noble/curves`",
|
|
17
|
-
"body": "`@noble/curves` 2.2.0 (Paul Miller, MIT) is vendored under `lib/vendor/` (no npm runtime dependency), supplying the ristretto255 / NIST-curve group and hash-to-curve operations behind `b.crypto.oprf`. It joins the existing vendored `@noble/post-quantum` and `@noble/ciphers` from the same maintainer; tracked in the SBOM and the vendor-currency gate."
|
|
18
|
-
}
|
|
19
|
-
]
|
|
20
|
-
}
|
|
21
|
-
]
|
|
22
|
-
}
|