@blamejs/blamejs-shop 0.4.3 → 0.4.5

package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js

@@ -1,11 +1,17 @@
 "use strict";
 /**
- * Layer 0 — b.auth.jar.parse: RFC 9101 JWT-Secured Authorization
- * Request (server side). Verifies the client-signed request object
- * via verifyExternal (mandatory alg allowlist), pins iss + client_id
- * + aud, refuses nested request / request_uri, and returns the
- * authorization parameters. Request objects are signed inline with a
- * classical key (RS256) to mirror a real OAuth client.
+ * Layer 0 — b.auth.jar: RFC 9101 JWT-Secured Authorization Request.
+ *
+ * parse (server side) verifies the client-signed request object via
+ * verifyExternal (mandatory alg allowlist), pins iss + client_id + aud,
+ * refuses nested request / request_uri, and returns the authorization
+ * parameters. Request objects are signed inline with a classical key
+ * (RS256) to mirror a real OAuth client.
+ *
+ * build (client side) mints the request object via b.auth.jws.sign and
+ * round-trips through parse as the verifying oracle across RS256 / PS256 /
+ * ES256 / EdDSA; the anti-nesting, reserved-claim, required-param,
+ * alg-key-mismatch, none-refusal, and exp-window paths are asserted.
  */
 
 var helpers = require("../helpers");
@@ -163,6 +169,212 @@ async function testTypEnforcement() {
   check("parse: absent typ refused (strict)", eAbsent && eAbsent.code === "auth-jar/bad-typ");
 }
 
+// ---- b.auth.jar.build (RFC 9101 client side) ----
+
+// Per-alg keypair generators. Public half as a JWK (kid c1) so jar.parse
+// verifies the build output against it; private half as a KeyObject for the
+// signer.
+function _ecPair(curve, alg) {
+  var kp = nodeCrypto.generateKeyPairSync("ec", { namedCurve: curve });
+  var jwk = Object.assign(kp.publicKey.export({ format: "jwk" }), { kid: "c1", use: "sig", alg: alg });
+  return { privateKey: kp.privateKey, jwk: jwk };
+}
+function _rsaSigPair(alg) {
+  var kp = nodeCrypto.generateKeyPairSync("rsa", { modulusLength: 2048 });
+  var jwk = Object.assign(kp.publicKey.export({ format: "jwk" }), { kid: "c1", use: "sig", alg: alg });
+  return { privateKey: kp.privateKey, jwk: jwk };
+}
+function _edPair() {
+  var kp = nodeCrypto.generateKeyPairSync("ed25519");
+  var jwk = Object.assign(kp.publicKey.export({ format: "jwk" }), { kid: "c1", use: "sig", alg: "EdDSA" });
+  return { privateKey: kp.privateKey, jwk: jwk };
+}
+
+function _buildParams(over) {
+  var p = {
+    response_type: "code",
+    client_id:     CLIENT,
+    redirect_uri:  "https://app.example.com/cb",
+    scope:         "openid profile",
+    state:         "xyz-state",
+    nonce:         "n-0S6_WzA2Mj",
+  };
+  if (over) { var k = Object.keys(over); for (var i = 0; i < k.length; i++) p[k[i]] = over[k[i]]; }
+  return p;
+}
+
+// build → parse round-trip across every classical alg family, using the
+// in-repo jar.parse as the verifying oracle.
+async function testBuildRoundTrip() {
+  var cases = [
+    { name: "RS256", pair: _rsaSigPair("RS256"), alg: "RS256" },
+    { name: "PS256", pair: _rsaSigPair("PS256"), alg: "PS256" },
+    { name: "ES256", pair: _ecPair("P-256", "ES256"), alg: "ES256" },
+    { name: "EdDSA", pair: _edPair(), alg: "EdDSA" },
+  ];
+  for (var i = 0; i < cases.length; i++) {
+    var c = cases[i];
+    var ro = b.auth.jar.build(_buildParams(), {
+      clientId: CLIENT, audience: AS, key: c.pair.privateKey, alg: c.alg, kid: "c1",
+    });
+    var hdr = JSON.parse(Buffer.from(ro.split(".")[0], "base64url").toString("utf8"));
+    check("build[" + c.name + "]: header typ is oauth-authz-req+jwt", hdr.typ === "oauth-authz-req+jwt");
+    check("build[" + c.name + "]: header alg matches the key", hdr.alg === c.alg);
+    check("build[" + c.name + "]: header carries kid", hdr.kid === "c1");
+    var out = await b.auth.jar.parse(ro, _parseOpts({ algorithms: [c.alg], jwks: [c.pair.jwk] }));
+    check("build[" + c.name + "]: round-trips through parse — params preserved",
+      out.params.response_type === "code" && out.params.redirect_uri === "https://app.example.com/cb" &&
+      out.params.scope === "openid profile" && out.params.state === "xyz-state");
+    check("build[" + c.name + "]: parse sees iss=clientId + aud=AS",
+      out.claims.iss === CLIENT && out.claims.aud === AS);
+    check("build[" + c.name + "]: builder minted jti + nbf + iat + exp",
+      typeof out.claims.jti === "string" && typeof out.claims.nbf === "number" &&
+      typeof out.claims.iat === "number" && typeof out.claims.exp === "number");
+  }
+}
+
+// alg inferred from the key when no explicit alg is supplied.
+async function testBuildAlgInference() {
+  var ed = _edPair();
+  var ro = b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ed.privateKey, kid: "c1" });
+  var hdr = JSON.parse(Buffer.from(ro.split(".")[0], "base64url").toString("utf8"));
+  check("build: Ed25519 key infers EdDSA alg (no explicit alg)", hdr.alg === "EdDSA");
+  var out = await b.auth.jar.parse(ro, _parseOpts({ algorithms: ["EdDSA"], jwks: [ed.jwk] }));
+  check("build: inferred-alg object verifies", out.params.response_type === "code");
+}
+
+// anti-nesting — params carrying request / request_uri refused at build.
+async function testBuildAntiNesting() {
+  var ec = _ecPair("P-256", "ES256");
+  var e1 = null;
+  try { b.auth.jar.build(_buildParams({ request: "ey.x.y" }), { clientId: CLIENT, audience: AS, key: ec.privateKey }); }
+  catch (e) { e1 = e; }
+  check("build: nested request refused (RFC 9101 §4)", e1 && e1.code === "auth-jar/nested-request");
+  var e2 = null;
+  try { b.auth.jar.build(_buildParams({ request_uri: "https://evil/ro" }), { clientId: CLIENT, audience: AS, key: ec.privateKey }); }
+  catch (e) { e2 = e; }
+  check("build: nested request_uri refused", e2 && e2.code === "auth-jar/nested-request");
+}
+
+// reserved-collision + required-param + client_id agreement refusals.
+async function testBuildClaimRules() {
+  var ec = _ecPair("P-256", "ES256");
+  var opts = { clientId: CLIENT, audience: AS, key: ec.privateKey };
+  var e1 = null;
+  try { b.auth.jar.build(_buildParams({ iss: "evil" }), opts); } catch (e) { e1 = e; }
+  check("build: params.iss collision refused (builder owns iss)", e1 && e1.code === "auth-jar/reserved-claim");
+  var e2 = null;
+  try { b.auth.jar.build(_buildParams({ exp: 123 }), opts); } catch (e) { e2 = e; }
+  check("build: params.exp collision refused (builder mints exp)", e2 && e2.code === "auth-jar/reserved-claim");
+  var e3 = null;
+  var noRt = _buildParams(); delete noRt.response_type;
+  try { b.auth.jar.build(noRt, opts); } catch (e) { e3 = e; }
+  check("build: missing response_type refused (RFC 9101 §4)", e3 && e3.code === "auth-jar/missing-required-param");
+  var e4 = null;
+  try { b.auth.jar.build(_buildParams({ client_id: "different" }), opts); } catch (e) { e4 = e; }
+  check("build: params.client_id != opts.clientId refused", e4 && e4.code === "auth-jar/client-id-mismatch");
+}
+
+// alg-key mismatch + `none` refusal (delegated to the jws signer).
+async function testBuildAlgRefusals() {
+  var ec = _ecPair("P-256", "ES256");
+  var e1 = null;
+  // a P-256 key cannot produce an RS256 signature.
+  try { b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey, alg: "RS256" }); }
+  catch (e) { e1 = e; }
+  check("build: alg incompatible with key refused (ES key + RS256)",
+    e1 && e1.code === "auth-jwt-external/sign-alg-key-mismatch");
+  var e2 = null;
+  try { b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey, alg: "none" }); }
+  catch (e) { e2 = e; }
+  check("build: alg 'none' refused", e2 && e2.code === "auth-jwt-external/sign-alg-refused");
+  var e3 = null;
+  try { b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey, alg: "HS256" }); }
+  catch (e) { e3 = e; }
+  check("build: HMAC alg refused", e3 && e3.code === "auth-jwt-external/sign-alg-refused");
+}
+
+// exp window honored — default 5m, operator override respected, and an
+// already-expired window is refused by parse.
+async function testBuildExpWindow() {
+  var ec = _ecPair("P-256", "ES256");
+  var defaultRo = b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey });
+  var defaultClaims = JSON.parse(Buffer.from(defaultRo.split(".")[1], "base64url").toString("utf8"));
+  var defaultTtl = defaultClaims.exp - defaultClaims.iat;
+  check("build: default exp window is 5 minutes", defaultTtl === 300);
+
+  var shortRo = b.auth.jar.build(_buildParams(), {
+    clientId: CLIENT, audience: AS, key: ec.privateKey, kid: "c1", expiresInMs: 60 * 1000 });
+  var shortClaims = JSON.parse(Buffer.from(shortRo.split(".")[1], "base64url").toString("utf8"));
+  check("build: expiresInMs override honored (60s)", shortClaims.exp - shortClaims.iat === 60);
+
+  // The minted window is a live exp parse enforces: a fresh object inside
+  // the window verifies, and the same object handed to parse with a NEGATIVE
+  // skew that pushes "now" past the exp is refused on the expired path —
+  // proves the builder's exp reaches the verifier and is checked, not cosmetic.
+  var liveRo = b.auth.jar.build(_buildParams(), {
+    clientId: CLIENT, audience: AS, key: ec.privateKey, kid: "c1", expiresInMs: 60 * 1000 });
+  var liveOut = await b.auth.jar.parse(liveRo, _parseOpts({ algorithms: ["ES256"], jwks: [ec.jwk], clockSkewMs: 0 }));
+  check("build: object inside its exp window verifies", liveOut.params.response_type === "code");
+  var eExp = null;
+  try {
+    await b.auth.jar.parse(liveRo, _parseOpts({ algorithms: ["ES256"], jwks: [ec.jwk], clockSkewMs: -120 * 1000 }));
+  } catch (e) { eExp = e; }
+  check("build: exp is enforced by parse (skew past exp refuses)", eExp && /expired/.test(eExp.code || ""));
+}
+
+// config-time opt validation.
+async function testBuildValidation() {
+  var ec = _ecPair("P-256", "ES256");
+  var bads = [
+    [function () { return b.auth.jar.build(null, { clientId: CLIENT, audience: AS, key: ec.privateKey }); }, "auth-jar/bad-params"],
+    [function () { return b.auth.jar.build(_buildParams(), { audience: AS, key: ec.privateKey }); }, "auth-jar/bad-client-id"],
+    [function () { return b.auth.jar.build(_buildParams(), { clientId: CLIENT, key: ec.privateKey }); }, "auth-jar/bad-audience"],
+    [function () { return b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS }); }, "auth-jar/no-key"],
+    [function () { return b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey, bogus: 1 }); }, null],
+    [function () { return b.auth.jar.build(_buildParams(), { clientId: CLIENT, audience: AS, key: ec.privateKey, expiresInMs: -5 }); }, "auth-jar/bad-expiry"],
+  ];
+  var ok = true;
+  for (var i = 0; i < bads.length; i++) {
+    var caught = null;
+    try { bads[i][0](); } catch (e) { caught = e; }
+    var expected = bads[i][1];
+    var pass = expected === null ? (caught !== null) : (caught && caught.code === expected);
+    if (!pass) { ok = false; check("build validation case " + i + " expected " + expected + " got " + (caught && caught.code), false); }
+  }
+  check("build: malformed args throw the right codes", ok);
+}
+
+// A verified-but-hostile request object carrying a `__proto__` claim
+// (JSON.parse materializes it as an own key; JSON.stringify round-trips
+// it) must not graft onto the returned params object's prototype chain
+// (CWE-1321). The signature is the client's own — signing hostile claim
+// names is exactly what a malicious-but-registered client would do.
+async function testProtoPollutionClaimInert() {
+  var payload = JSON.parse(JSON.stringify({
+    iss:           CLIENT,
+    aud:           AS,
+    client_id:     CLIENT,
+    response_type: "code",
+    iat:           _nowSec(),
+    exp:           _nowSec() + 120,
+  }).replace("\"response_type\"", "\"__proto__\":{\"polluted\":true},\"response_type\""));
+  check("fixture: payload carries __proto__ as an own key",
+        Object.prototype.hasOwnProperty.call(payload, "__proto__"));
+  var jar = _signRs256(KEYS.privateKey,
+    { alg: "RS256", typ: "oauth-authz-req+jwt", kid: "c1" }, payload);
+  var out = await b.auth.jar.parse(jar, _parseOpts());
+  check("parse: __proto__ claim does not graft onto params' prototype",
+        Object.getPrototypeOf(out.params) === Object.prototype &&
+        out.params.polluted === undefined);
+  check("parse: __proto__ not copied as an own params key",
+        !Object.prototype.hasOwnProperty.call(out.params, "__proto__"));
+  check("parse: Object.prototype untouched",
+        Object.prototype.polluted === undefined);
+  check("parse: legitimate params still returned",
+        out.params.response_type === "code");
+}
+
 async function run() {
   await testRoundTrip();
   await testAntiNesting();
@@ -170,6 +382,14 @@ async function run() {
   await testAlgConfusionDelegated();
   await testValidation();
   await testTypEnforcement();
+  await testBuildRoundTrip();
+  await testBuildAlgInference();
+  await testBuildAntiNesting();
+  await testBuildClaimRules();
+  await testBuildAlgRefusals();
+  await testBuildExpWindow();
+  await testBuildValidation();
+  await testProtoPollutionClaimInert();
 }
 
 module.exports = { run: run };

package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js

@@ -2618,12 +2618,48 @@ async function testNoDuplicateCodeBlocks() {
     {
       mode:  "family-subset",
       files: [
-        "lib/auth/oauth.js:buildClientAttestation",
         "lib/guard-filename.js:verifyExtractionPath",
         "lib/hal.js:resource",
+        "lib/validate-opts.js:assignOwnEnumerable",
         "lib/vault-aad.js:_canonicalize",
       ],
-      reason: "v0.13.13 — coincidental token shingle of the generic split-then-walk-segments / walk-own-keys idiom (`x.split(sep)` or `Object.keys(x)` then `for (...) { var seg = ...; if (...) throw/continue }`). guard-filename verifyExtractionPath walks path components refusing per-segment Windows-extraction hazards (reserved names / NTFS-ADS / trailing-dot); hal.js:resource builds a HAL resource by walking link/embedded keys; vault-aad.js:_canonicalize canonicalizes AAD key-value segments; oauth.js:buildClientAttestation merges operator extra-claims by walking Object.keys with a prototype-pollution + spec-field-collision guard before signing. Unrelated domains (path safety / hypermedia link assembly / crypto AAD canonicalization / attestation claim merge) — no shared behaviour to extract; the only commonality is the universal walk-and-loop control-flow shape.",
+      reason: "v0.13.13, membership refreshed v0.14.22 — coincidental token shingle of the generic split-then-walk-segments / walk-own-keys idiom (`x.split(sep)` or `Object.keys(x)` then `for (...) { var seg = ...; if (...) throw/continue }`). guard-filename verifyExtractionPath walks path components refusing per-segment Windows-extraction hazards (reserved names / NTFS-ADS / trailing-dot); hal.js:resource builds a HAL resource by walking link/embedded keys; vault-aad.js:_canonicalize canonicalizes AAD key-value segments; validate-opts.js:assignOwnEnumerable IS the extraction of the proto-safe claim-merge shape (oauth.buildClientAttestation / jar.build / jws sign all compose it now) — its own body necessarily carries the walk shape the family shares. Unrelated remaining domains (path safety / hypermedia link assembly / crypto AAD canonicalization / the shared merge helper itself) — nothing further to extract.",
+    },
+    {
+      mode:  "family-subset",
+      files: [
+        "lib/api-key.js:_validateIssueOpts",
+        "lib/audit-daily-review.js:create",
+        "lib/auth/jar.js:build",
+        "lib/compliance-sanctions-fetcher.js:create",
+        "lib/fdx.js:consentReceipt",
+        "lib/http-client-cache.js:create",
+        "lib/http-client.js:_validateDownloadOpts",
+        "lib/mail-arc-sign.js:sign",
+        "lib/middleware/dpop.js:create",
+        "lib/outbox.js:create",
+        "lib/self-update.js:_validateVerifyOpts",
+        "lib/static.js:_validateCreateOpts",
+        "lib/tcpa-10dlc.js:recordConsent",
+        "lib/vault/seal-pem-file.js:sealPemFile",
+        "lib/vex.js:document",
+        "lib/watcher.js:_validateOpts",
+        "lib/web-push-vapid.js:buildVapidAuthHeader",
+      ],
+      reason: "Config-time validateOpts cascade family — `validateOpts(opts, KEYS, label)` followed by per-field requireNonEmptyString / optionalPositiveInt / optionalFunction checks at a factory or builder entry point. jar.js:build joined in v0.14.22 (the RFC 9101 request-object builder validates clientId / audience / key / expiresInMs before minting). Each member emits its own error class and code namespace over a different opts vocabulary; the shared helper (validateOpts) is the extraction, and consolidating the cascades past the call boundary would surface the wrong error code for operator typos.",
+    },
+    {
+      mode:  "family-subset",
+      files: [
+        "lib/auth/dpop.js:buildProof",
+        "lib/auth/dpop.js:verify",
+        "lib/auth/fido-mds3.js:_verifyJws",
+        "lib/auth/jwt-external.js:_signCompactJws",
+        "lib/auth/jwt-external.js:verifyExternal",
+        "lib/auth/oauth.js:_verifyAttestationJws",
+        "lib/auth/oauth.js:verifyIdToken",
+      ],
+      reason: "Compact-JWS assemble/verify family — the three-segment base64url split/join + alg-params dispatch + nodeCrypto sign/verify shape shared by every classical JOSE touchpoint. jwt-external.js:_signCompactJws joined in v0.14.22 as the PROMOTED canonical signer (oauth's attestation signer now composes it; dpop keeps its own RFC 9449-specific proof assembly with htm/htu/ath claims, and the verify members each pin different header gates — typ/jwk/x5c/kid — that the spec assigns per protocol). The residual shingle is the irreducible JWS wire format itself; further consolidation would couple per-protocol header policy into one function with a mode flag, which the gate-contract discipline forbids.",
     },
     {
       mode:  "family-subset",
@@ -6157,10 +6193,10 @@ var KNOWN_ANTIPATTERNS = [
     //      converts each call site, drops the allowlist entries, and
     //      flips the detector from "documentation" to "enforce".
     //
-    // The allowlist below is the survey ground truth from
-    // memory/specs/node-26-map-getorinsert-migration.md. Adding a new
-    // file here pre-floor-bump requires updating that spec in the same
-    // patch so the sweep stays mechanical.
+    // The allowlist below is the survey ground truth — each entry
+    // names the map and the on-miss factory it covers. Adding a new
+    // file here pre-floor-bump requires the same per-site annotation
+    // so the sweep stays mechanical.
     //
     // The catalog catches both variants via a pair of sibling entries:
     //   A. `var X = M.get(k); if (!X) { ... .set(k, ...) ... }` — this
@@ -6179,7 +6215,7 @@ var KNOWN_ANTIPATTERNS = [
     // where the `.get(...)` and `.set(...)` name DIFFERENT maps is
     // covered by the allowlist + reason.
     id: "map-get-or-insert-pre-node-26",
-    primitive: "Map.prototype.getOrInsertComputed(key, factory) (Node 26+); pre-floor-bump call sites are allowlisted with a documented migration target in memory/specs/node-26-map-getorinsert-migration.md",
+    primitive: "Map.prototype.getOrInsertComputed(key, factory) (Node 26+); pre-floor-bump call sites are allowlisted below with per-site map+factory annotations — the floor-bump sweep walks the allowlist",
     // Variant A only — `var X = M.get(k); if (!X) { ... M.set(k, ...) ... }`.
     // Variant B (`if (!M.has(k)) { ... M.set(k, ...) ... }`) is caught
     // by the sibling `map-has-then-set-pre-node-26` entry below; one
@@ -6204,16 +6240,15 @@ var KNOWN_ANTIPATTERNS = [
     ],
     // Strong-dup allowlists added with v0.12.7 archive substrate
     // — see KNOWN_CLUSTERS additions below for structural reasons.
-    reason: "Node 26 ships Map.prototype.getOrInsertComputed(key, factory) — a single-lookup get-or-insert that replaces the two-step `var v = m.get(k); if (!v) { v = factory(); m.set(k, v); }` pattern. The sweep is deferred to the Node 26 floor-bump (eligible Oct 2026); engines.node is `>=24` today. Allowlist above is the survey ground truth from memory/specs/node-26-map-getorinsert-migration.md. New code post-this-patch trips the detector — either wait for the floor bump, or add the call site to BOTH the allowlist AND the migration spec in the same patch. When the floor moves, the bump commit walks the allowlist, rewrites each call site, drops the allowlist + flips the detector to enforce.",
+    reason: "Node 26 ships Map.prototype.getOrInsertComputed(key, factory) — a single-lookup get-or-insert that replaces the two-step `var v = m.get(k); if (!v) { v = factory(); m.set(k, v); }` pattern. The sweep is deferred to the Node 26 floor-bump (eligible Oct 2026); engines.node is `>=24` today. Allowlist above is the survey ground truth (map + factory annotated per entry). New code post-this-patch trips the detector — either wait for the floor bump, or add the call site to the allowlist with the same per-site annotation in the same patch. When the floor moves, the bump commit walks the allowlist, rewrites each call site, drops the allowlist + flips the detector to enforce.",
   },
   {
     // Companion to `map-get-or-insert-pre-node-26` — same Node-26
     // migration target, different syntactic variant. Catches the
     // `if (!M.has(k)) { ... M.set(k, factory); ... }` shape (no
-    // intermediate `var X = M.get(k)` binding). See the sibling entry
-    // and memory/specs/node-26-map-getorinsert-migration.md.
+    // intermediate `var X = M.get(k)` binding). See the sibling entry.
     id: "map-has-then-set-pre-node-26",
-    primitive: "Map.prototype.getOrInsertComputed(key, factory) (Node 26+); pre-floor-bump call sites are allowlisted with a documented migration target in memory/specs/node-26-map-getorinsert-migration.md",
+    primitive: "Map.prototype.getOrInsertComputed(key, factory) (Node 26+); pre-floor-bump call sites are allowlisted below with per-site map+factory annotations — the floor-bump sweep walks the allowlist",
     regex: /if\s*\(\s*!\s*\w+\.has\s*\([^)]+\)\s*\)\s*\{[\s\S]{0,300}?\.set\s*\(/,
     allowlist: [
       "lib/websocket-channels.js",             // channelToConns (Map<channel, Set<conn>>) — Set factory; cluster-shared race window
@@ -6222,9 +6257,9 @@ var KNOWN_ANTIPATTERNS = [
       //
       //   - mail-greylist.js memoryStore.put runs `data.set(key, ...)`
       //     unconditionally (always overwrites the value); the if-block
-      //     manages an evict-oldest sidecar `insertionOrder`. The
-      //     migration spec marks it "manual review — does NOT replace
-      //     cleanly" (sidecar logic stays).
+      //     manages an evict-oldest sidecar `insertionOrder`.
+      //     getOrInsertComputed only runs the factory on miss — wrong
+      //     semantics for an always-write; the sidecar logic stays.
       //   - dsr.js memoryTicketStore.update is a presence assertion:
       //     `if (!byId.has(id)) throw new DsrError(...)` followed by
       //     `byId.set(id, ...)` outside the if-block (it's an UPDATE,
@@ -6349,6 +6384,53 @@ var KNOWN_ANTIPATTERNS = [
     allowlist: [],
     reason: "Codex P2 on v0.14.21 PR #301 — bulkId cross-references appear in operation paths as well as operation data (RFC 7644 §3.7.2); a planner that scans only data leaves path-referencing operations unordered and lets the literal bulkId:<id> token reach the resource adapter. Any file collecting data refs must collect and substitute path refs too.",
   },
+  {
+    // Copying keys from one object to another with a raw bracket-assign
+    // loop (`out[keys[i]] = src[keys[i]]`) writes attacker-chosen
+    // property names when the source is parsed input: an own
+    // `__proto__` key (JSON.parse materializes one) hits the
+    // Object.prototype setter and grafts onto the target's prototype
+    // chain (CWE-1321). validate-opts.assignOwnEnumerable is the
+    // composing primitive — it skips __proto__/constructor/prototype
+    // and takes a reserved-keys array, which also expresses the
+    // filtered-copy variants (build the skip list, then copy).
+    id: "raw-key-copy-loop-bypasses-assign-own-enumerable",
+    primitive: "validateOpts.assignOwnEnumerable(target, source, reservedKeys) — prototype-safe own-enumerable key copy",
+    regex: /\[\s*keys\[\w+\]\s*\]\s*=\s*[\w$.]+\[\s*keys\[\w+\]\s*\]/,
+    skipCommentLines: true,
+    allowlist: [
+      // canonicalize() builds the hash input for persisted rowHash
+      // chains — altering which keys are copied (sentinel skips) would
+      // change historical hash inputs and break verifyChain on existing
+      // rows. Row keys are schema-fixed audit columns, not parsed
+      // remote input.
+      "lib/audit-chain.js",
+      // omit()/partial() are schema-shape transforms that map values
+      // (`.optional()`) and track key arrays in the same pass; shapes
+      // are boot-time operator literals, not parsed input.
+      "lib/safe-schema.js",
+    ],
+    reason: "CodeQL js/remote-property-injection (high) on v0.14.22 PR #302 — jar.parse copied verified-JWT claim keys into the returned params object with a raw bracket-assign loop; a hostile request object carrying a `__proto__` claim grafts onto params' prototype chain. Every key-copy loop in lib/ composes assignOwnEnumerable; genuinely-different bodies carry an allowlist entry with the structural reason.",
+  },
+  {
+    // A JWS/JWT builder that accepts caller-supplied extra
+    // protected-header members must refuse the two members that change
+    // what the signature is computed over: `b64` (RFC 7797 — unencoded
+    // payload changes the signing input) and `crit` (RFC 7515 §4.1.11 —
+    // promises the producer implements every extension it names). A
+    // builder that copies them through while base64url-encoding the
+    // payload mints a self-inconsistent JWS: a compliant verifier
+    // derives a different signing input or refuses the critical header.
+    // The `requires` companion is satisfied by the refusal branch
+    // naming 'b64' somewhere in the same file.
+    id: "jose-header-passthrough-without-b64-crit-refusal",
+    primitive: "refuse own 'b64'/'crit' members on any caller-supplied JOSE protected-header object before signing",
+    regex: /assignOwnEnumerable\s*\(\s*\{\s*\}\s*,\s*opts\.header/,
+    requires: /["']b64["']/,
+    skipCommentLines: true,
+    allowlist: [],
+    reason: "Codex P2 on v0.14.22 PR #302 — jws.sign reserved alg/typ/kid but passed every other caller header member into the protected header; `{ b64: false, crit: [\"b64\"] }` produced a compact JWS whose payload was base64url-encoded and signed as such while the header claimed RFC 7797 unencoded-payload semantics. Any caller-header pass-through must name-refuse b64/crit until those semantics are actually implemented.",
+  },
   {
     // v0.10.15 — `zlib.gunzipSync` / `zlib.createGunzip` /
     // `zlib.brotliDecompress` without an output-size cap is the
@@ -10792,6 +10874,31 @@ function testCompliancePostureCoverage() {
 // container-build smoke workflow: if WIKI_PORT is set to X in
 // examples/wiki/Dockerfile, the workflow's `-p host:container` map +
 // curl host MUST also reference X.
+// Internal working notes (planning documents, scratch output, session
+// residue) live outside the repository — a tracked file under memory/,
+// notes/, or a .scratch* path ships internal planning narrative to
+// everyone who clones the repo. v0.14.22 removed the one such file that
+// had been committed (a migration planning note, added v0.11.2); this
+// gate refuses any recurrence at commit time instead of at code review.
+function testNoTrackedInternalNotes() {
+  var out;
+  try {
+    // Local require mirrors the bootstrap wrapper at the top of this
+    // file — child_process is only touched on the two paths that talk
+    // to the host (re-exec + this git query).
+    out = require("node:child_process").execFileSync(
+      "git", ["ls-files", "memory", "notes", ".scratch", ".scratch-*"],
+      { stdio: ["ignore", "pipe", "ignore"] }
+    ).toString().trim();
+  } catch (_e) {
+    // Not a git checkout (npm tarball / exported tree) — nothing to gate.
+    return;
+  }
+  check("no tracked internal-notes files (memory/ notes/ .scratch*)" +
+        (out ? " — found: " + out.split("\n").join(", ") : ""),
+        out === "");
+}
+
 function testWikiPortAgreesAcrossArtifacts() {
   var bad = [];
   var dockerfile;
@@ -11787,6 +11894,7 @@ async function run() {
   // WIKI_PORT default must match the release-container.yml smoke
   // step's port mapping + curl host.
   testWikiPortAgreesAcrossArtifacts();
+  testNoTrackedInternalNotes();
   testWikiStopGraceExceedsShutdownBudget();
   testOrchestratorRegistryReadsTenantScoped();
   testErrorCodesNamespacedKebab();

package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js

@@ -1,11 +1,18 @@
 "use strict";
 /**
- * b.auth.jwt.verifyExternal — classical-alg JWT verifier.
+ * b.auth.jwt.verifyExternal — classical-alg JWT verifier — and
+ * b.auth.jws.sign, its signer counterpart.
  *
- * Covers: surface; algorithms required (no defaults — alg-confusion
+ * Covers verify: surface; algorithms required (no defaults — alg-confusion
  * defense); HMAC/none refused; alg-not-allowed rejected; missing
  * key-source rejected; conflicting key-source rejected; valid RS256
  * round-trip with kid match; aud/iss/exp claim validation.
+ *
+ * Covers sign: ES256 / EdDSA / RS256 round-trip back through verifyExternal;
+ * alg derived from the key; none/HMAC/alg-key-mismatch refused; a
+ * caller-supplied header.alg cannot override the signer-derived alg;
+ * header.b64 / header.crit refused (RFC 7797 / RFC 7515 §4.1.11 —
+ * semantics-changing members the signer does not implement).
  */
 
 var helpers = require("../helpers");
@@ -140,6 +147,96 @@ async function testExpired() {
         threw && /expired/.test(threw.code || ""));
 }
 
+// b.auth.jws.sign — the classical-JWS signer (inverse of verifyExternal).
+// A token it mints must round-trip back through verifyExternal across the
+// alg families, the alg must be derived from the key, and `none`/HMAC/
+// alg-key-mismatch are refused.
+async function testJwsSignSurface() {
+  check("auth.jws.sign exposed", typeof b.auth.jws.sign === "function");
+}
+
+async function testJwsSignRoundTrip() {
+  var nowSec = Math.floor(Date.now() / 1000);                                    // allow:raw-byte-literal — seconds-per-ms
+  // (key generator, public JWK with kid, expected alg)
+  var ec = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var ed = nodeCrypto.generateKeyPairSync("ed25519");
+  var rsa = _rsaPair();
+  var cases = [
+    { name: "ES256", priv: ec.privateKey,  jwk: ec.publicKey.export({ format: "jwk" }),  alg: "ES256" },
+    { name: "EdDSA", priv: ed.privateKey,  jwk: ed.publicKey.export({ format: "jwk" }),  alg: "EdDSA" },
+    { name: "RS256", priv: rsa.privateKey, jwk: rsa.publicKey,                            alg: "RS256" },
+  ];
+  for (var i = 0; i < cases.length; i++) {
+    var c = cases[i];
+    var jwk = Object.assign({}, c.jwk, { kid: "k1", use: "sig", alg: c.alg });
+    var token = b.auth.jws.sign(
+      { sub: "u1", iss: "client", aud: "https://as.example.com", exp: nowSec + 300, iat: nowSec },  // allow:raw-byte-literal — 5min
+      { privateKey: c.priv, kid: "k1", typ: "JWT" });
+    var hdr = JSON.parse(Buffer.from(token.split(".")[0], "base64url").toString("utf8"));
+    check("jws.sign[" + c.name + "]: alg inferred from key", hdr.alg === c.alg);
+    check("jws.sign[" + c.name + "]: typ + kid set", hdr.typ === "JWT" && hdr.kid === "k1");
+    var rv = await b.auth.jwt.verifyExternal(token, {
+      algorithms: [c.alg], jwks: [jwk], audience: "https://as.example.com", issuer: "client" });
+    check("jws.sign[" + c.name + "]: round-trips through verifyExternal", rv.claims.sub === "u1");
+  }
+}
+
+async function testJwsSignRefusals() {
+  var ec = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var e1 = null;
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, alg: "none" }); } catch (e) { e1 = e; }
+  check("jws.sign: alg 'none' refused", e1 && /sign-alg-refused/.test(e1.code || ""));
+  var e2 = null;
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, alg: "HS256" }); } catch (e) { e2 = e; }
+  check("jws.sign: HMAC alg refused", e2 && /sign-alg-refused/.test(e2.code || ""));
+  var e3 = null;
+  // a P-256 key cannot produce RS256.
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, alg: "RS256" }); } catch (e) { e3 = e; }
+  check("jws.sign: alg incompatible with key refused", e3 && /sign-alg-key-mismatch/.test(e3.code || ""));
+  var e4 = null;
+  try { b.auth.jws.sign("not-an-object", { privateKey: ec.privateKey }); } catch (e) { e4 = e; }
+  check("jws.sign: non-object claims refused", e4 && /sign-bad-claims/.test(e4.code || ""));
+  var e5 = null;
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, bogus: 1 }); } catch (e) { e5 = e; }
+  check("jws.sign: unknown opt refused (config-time)", e5 !== null);
+}
+
+// A caller-supplied header.alg can never override the signer-derived alg —
+// the canonical alg-substitution shape is closed.
+async function testJwsSignHeaderCannotOverrideAlg() {
+  var ec = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var token = b.auth.jws.sign({ sub: "u" }, {
+    privateKey: ec.privateKey, header: { alg: "HS256", foo: "bar" } });
+  var hdr = JSON.parse(Buffer.from(token.split(".")[0], "base64url").toString("utf8"));
+  check("jws.sign: header.alg override ignored (signer sets ES256)", hdr.alg === "ES256");
+  check("jws.sign: extra header members pass through", hdr.foo === "bar");
+}
+
+// `b64` (RFC 7797 unencoded payload) changes the signing input and `crit`
+// (RFC 7515 §4.1.11) promises extension semantics the signer does not
+// implement — passing either through would mint a JWS whose header claims
+// semantics its signature was not computed under. Both refused.
+async function testJwsSignB64CritRefused() {
+  var ec = nodeCrypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
+  var e1 = null;
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, header: { b64: false } }); }
+  catch (e) { e1 = e; }
+  check("jws.sign: header.b64 refused (RFC 7797 not implemented)",
+        e1 && /sign-unsupported-header/.test(e1.code || ""));
+  var e2 = null;
+  try { b.auth.jws.sign({ sub: "u" }, { privateKey: ec.privateKey, header: { crit: ["exp"] } }); }
+  catch (e) { e2 = e; }
+  check("jws.sign: header.crit refused (no critical extensions implemented)",
+        e2 && /sign-unsupported-header/.test(e2.code || ""));
+  var e3 = null;
+  try {
+    b.auth.jws.sign({ sub: "u" }, {
+      privateKey: ec.privateKey, header: { b64: true, crit: ["b64"] } });
+  } catch (e) { e3 = e; }
+  check("jws.sign: b64:true + crit:['b64'] refused too (no silent pass on the 'harmless' spelling)",
+        e3 && /sign-unsupported-header/.test(e3.code || ""));
+}
+
 async function run() {
   testSurface();
   await testAlgorithmsRequired();
@@ -149,6 +246,11 @@ async function run() {
   await testRoundTripRs256();
   await testAudMismatch();
   await testExpired();
+  await testJwsSignSurface();
+  await testJwsSignRoundTrip();
+  await testJwsSignRefusals();
+  await testJwsSignHeaderCannotOverrideAlg();
+  await testJwsSignB64CritRefused();
 }
 
 module.exports = { run: run };