@blamejs/blamejs-shop 0.4.30 → 0.4.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/checkout.js +8 -0
- package/lib/order.js +71 -11
- package/lib/vendor/MANIFEST.json +392 -278
- package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -3
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +21 -4
- package/lib/vendor/blamejs/.gitignore +6 -0
- package/lib/vendor/blamejs/CHANGELOG.md +26 -0
- package/lib/vendor/blamejs/MIGRATING.md +43 -0
- package/lib/vendor/blamejs/README.md +8 -6
- package/lib/vendor/blamejs/SECURITY.md +19 -3
- package/lib/vendor/blamejs/api-snapshot.json +2190 -664
- package/lib/vendor/blamejs/docker/caddy/localstack.Caddyfile +19 -0
- package/lib/vendor/blamejs/docker/init/generate-certs.sh +1 -1
- package/lib/vendor/blamejs/docker/otel/config.yaml +42 -0
- package/lib/vendor/blamejs/docker/otel/export/.gitkeep +0 -0
- package/lib/vendor/blamejs/docker/postgres/initdb/10-replication.sh +15 -0
- package/lib/vendor/blamejs/docker/postgres/replica-entrypoint.sh +38 -0
- package/lib/vendor/blamejs/docker/toxiproxy/toxiproxy.json +14 -0
- package/lib/vendor/blamejs/docker-compose.test.yml +209 -0
- package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +132 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +221 -61
- package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +144 -9
- package/lib/vendor/blamejs/examples/wiki/test/e2e.js +99 -0
- package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +36 -0
- package/lib/vendor/blamejs/index.js +4 -0
- package/lib/vendor/blamejs/lib/agent-envelope-mac.js +104 -0
- package/lib/vendor/blamejs/lib/agent-event-bus.js +105 -4
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +8 -42
- package/lib/vendor/blamejs/lib/ai-content-detect.js +9 -10
- package/lib/vendor/blamejs/lib/api-key.js +158 -77
- package/lib/vendor/blamejs/lib/atomic-file.js +62 -4
- package/lib/vendor/blamejs/lib/audit-chain.js +47 -11
- package/lib/vendor/blamejs/lib/audit-sign.js +77 -2
- package/lib/vendor/blamejs/lib/audit-tools.js +79 -51
- package/lib/vendor/blamejs/lib/audit.js +259 -123
- package/lib/vendor/blamejs/lib/auth/oauth.js +53 -9
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +108 -47
- package/lib/vendor/blamejs/lib/auth/saml.js +6 -8
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +31 -5
- package/lib/vendor/blamejs/lib/backup/index.js +45 -10
- package/lib/vendor/blamejs/lib/break-glass.js +355 -147
- package/lib/vendor/blamejs/lib/cache.js +174 -105
- package/lib/vendor/blamejs/lib/chain-writer.js +38 -16
- package/lib/vendor/blamejs/lib/cli.js +19 -14
- package/lib/vendor/blamejs/lib/cluster-provider-db.js +130 -104
- package/lib/vendor/blamejs/lib/cluster-storage.js +119 -22
- package/lib/vendor/blamejs/lib/cluster.js +119 -71
- package/lib/vendor/blamejs/lib/codepoint-class.js +23 -0
- package/lib/vendor/blamejs/lib/compliance.js +206 -4
- package/lib/vendor/blamejs/lib/consent.js +82 -29
- package/lib/vendor/blamejs/lib/constants.js +27 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +916 -156
- package/lib/vendor/blamejs/lib/db-declare-row-policy.js +35 -22
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +3 -2
- package/lib/vendor/blamejs/lib/db-query.js +882 -260
- package/lib/vendor/blamejs/lib/db-schema.js +228 -44
- package/lib/vendor/blamejs/lib/db.js +249 -99
- package/lib/vendor/blamejs/lib/dsr.js +385 -55
- package/lib/vendor/blamejs/lib/error-page.js +14 -1
- package/lib/vendor/blamejs/lib/external-db-migrate.js +239 -137
- package/lib/vendor/blamejs/lib/external-db.js +549 -34
- package/lib/vendor/blamejs/lib/file-upload.js +52 -7
- package/lib/vendor/blamejs/lib/framework-error.js +20 -1
- package/lib/vendor/blamejs/lib/framework-files.js +73 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +695 -394
- package/lib/vendor/blamejs/lib/gate-contract.js +659 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +26 -44
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-auth.js +42 -112
- package/lib/vendor/blamejs/lib/guard-cidr.js +33 -154
- package/lib/vendor/blamejs/lib/guard-csv.js +46 -113
- package/lib/vendor/blamejs/lib/guard-domain.js +34 -157
- package/lib/vendor/blamejs/lib/guard-dsn.js +27 -43
- package/lib/vendor/blamejs/lib/guard-email.js +47 -69
- package/lib/vendor/blamejs/lib/guard-envelope.js +19 -32
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +24 -42
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +25 -43
- package/lib/vendor/blamejs/lib/guard-filename.js +42 -106
- package/lib/vendor/blamejs/lib/guard-graphql.js +42 -123
- package/lib/vendor/blamejs/lib/guard-html.js +53 -108
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +24 -42
- package/lib/vendor/blamejs/lib/guard-image.js +46 -103
- package/lib/vendor/blamejs/lib/guard-imap-command.js +18 -32
- package/lib/vendor/blamejs/lib/guard-jmap.js +16 -30
- package/lib/vendor/blamejs/lib/guard-json.js +38 -108
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +38 -171
- package/lib/vendor/blamejs/lib/guard-jwt.js +49 -179
- package/lib/vendor/blamejs/lib/guard-list-id.js +25 -41
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +27 -43
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +24 -42
- package/lib/vendor/blamejs/lib/guard-mail-move.js +26 -44
- package/lib/vendor/blamejs/lib/guard-mail-query.js +28 -46
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +24 -42
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +24 -42
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +17 -31
- package/lib/vendor/blamejs/lib/guard-markdown.js +37 -104
- package/lib/vendor/blamejs/lib/guard-message-id.js +26 -45
- package/lib/vendor/blamejs/lib/guard-mime.js +39 -151
- package/lib/vendor/blamejs/lib/guard-oauth.js +54 -135
- package/lib/vendor/blamejs/lib/guard-pdf.js +45 -101
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +21 -31
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +24 -42
- package/lib/vendor/blamejs/lib/guard-regex.js +33 -107
- package/lib/vendor/blamejs/lib/guard-saga-config.js +24 -42
- package/lib/vendor/blamejs/lib/guard-shell.js +42 -172
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +48 -54
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +24 -42
- package/lib/vendor/blamejs/lib/guard-sql.js +1491 -0
- package/lib/vendor/blamejs/lib/guard-stream-args.js +24 -43
- package/lib/vendor/blamejs/lib/guard-svg.js +47 -65
- package/lib/vendor/blamejs/lib/guard-template.js +35 -172
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +26 -45
- package/lib/vendor/blamejs/lib/guard-time.js +32 -154
- package/lib/vendor/blamejs/lib/guard-trace-context.js +25 -44
- package/lib/vendor/blamejs/lib/guard-uuid.js +32 -153
- package/lib/vendor/blamejs/lib/guard-xml.js +38 -113
- package/lib/vendor/blamejs/lib/guard-yaml.js +51 -163
- package/lib/vendor/blamejs/lib/http-client.js +37 -9
- package/lib/vendor/blamejs/lib/inbox.js +120 -107
- package/lib/vendor/blamejs/lib/legal-hold.js +121 -50
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +47 -31
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +32 -18
- package/lib/vendor/blamejs/lib/mail-auth.js +236 -0
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -6
- package/lib/vendor/blamejs/lib/mail-dkim.js +1 -0
- package/lib/vendor/blamejs/lib/mail-greylist.js +2 -6
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -6
- package/lib/vendor/blamejs/lib/mail-journal.js +85 -64
- package/lib/vendor/blamejs/lib/mail-rbl.js +2 -6
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -6
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +117 -12
- package/lib/vendor/blamejs/lib/mail-server-mx.js +276 -7
- package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -6
- package/lib/vendor/blamejs/lib/mail-store.js +293 -154
- package/lib/vendor/blamejs/lib/mail.js +8 -4
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +71 -25
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +19 -8
- package/lib/vendor/blamejs/lib/middleware/dpop.js +10 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +17 -7
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +75 -51
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +102 -32
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +21 -5
- package/lib/vendor/blamejs/lib/migrations.js +108 -66
- package/lib/vendor/blamejs/lib/network-heartbeat.js +7 -0
- package/lib/vendor/blamejs/lib/network-proxy.js +24 -1
- package/lib/vendor/blamejs/lib/nonce-store.js +31 -9
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +9 -4
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +57 -3
- package/lib/vendor/blamejs/lib/object-store/gcs.js +4 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +5 -2
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +38 -6
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -1
- package/lib/vendor/blamejs/lib/observability.js +124 -0
- package/lib/vendor/blamejs/lib/otel-export.js +12 -3
- package/lib/vendor/blamejs/lib/outbox.js +184 -83
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +47 -7
- package/lib/vendor/blamejs/lib/pqc-agent.js +44 -0
- package/lib/vendor/blamejs/lib/pubsub-cluster.js +42 -20
- package/lib/vendor/blamejs/lib/queue-local.js +225 -140
- package/lib/vendor/blamejs/lib/queue-redis.js +9 -1
- package/lib/vendor/blamejs/lib/queue-sqs.js +6 -0
- package/lib/vendor/blamejs/lib/queue.js +7 -0
- package/lib/vendor/blamejs/lib/redact.js +68 -11
- package/lib/vendor/blamejs/lib/redis-client.js +160 -31
- package/lib/vendor/blamejs/lib/request-helpers.js +7 -0
- package/lib/vendor/blamejs/lib/retention.js +101 -40
- package/lib/vendor/blamejs/lib/router.js +212 -5
- package/lib/vendor/blamejs/lib/safe-dns.js +29 -45
- package/lib/vendor/blamejs/lib/safe-ical.js +18 -33
- package/lib/vendor/blamejs/lib/safe-icap.js +27 -43
- package/lib/vendor/blamejs/lib/safe-sieve.js +21 -40
- package/lib/vendor/blamejs/lib/safe-sql.js +212 -3
- package/lib/vendor/blamejs/lib/safe-url.js +170 -3
- package/lib/vendor/blamejs/lib/safe-vcard.js +18 -33
- package/lib/vendor/blamejs/lib/scheduler.js +35 -12
- package/lib/vendor/blamejs/lib/seeders.js +122 -74
- package/lib/vendor/blamejs/lib/session-stores.js +42 -14
- package/lib/vendor/blamejs/lib/session.js +175 -77
- package/lib/vendor/blamejs/lib/sql.js +3842 -0
- package/lib/vendor/blamejs/lib/sse.js +26 -0
- package/lib/vendor/blamejs/lib/ssrf-guard.js +151 -4
- package/lib/vendor/blamejs/lib/static.js +177 -34
- package/lib/vendor/blamejs/lib/subject.js +96 -49
- package/lib/vendor/blamejs/lib/vault/index.js +3 -2
- package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +3 -2
- package/lib/vendor/blamejs/lib/vault/rotate.js +168 -108
- package/lib/vendor/blamejs/lib/vault-aad.js +6 -0
- package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
- package/lib/vendor/blamejs/lib/websocket.js +35 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +11 -0
- package/lib/vendor/blamejs/package.json +2 -2
- package/lib/vendor/blamejs/release-notes/v0.14.x.json +1503 -0
- package/lib/vendor/blamejs/release-notes/v0.15.0.json +77 -0
- package/lib/vendor/blamejs/release-notes/v0.15.1.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.2.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.3.json +39 -0
- package/lib/vendor/blamejs/release-notes/v0.15.4.json +39 -0
- package/lib/vendor/blamejs/release-notes/v0.15.5.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.6.json +59 -0
- package/lib/vendor/blamejs/scripts/check-services.js +21 -0
- package/lib/vendor/blamejs/scripts/gen-migrating.js +51 -0
- package/lib/vendor/blamejs/scripts/release.js +398 -38
- package/lib/vendor/blamejs/test/00-primitives.js +117 -0
- package/lib/vendor/blamejs/test/10-state.js +140 -14
- package/lib/vendor/blamejs/test/20-db.js +65 -2
- package/lib/vendor/blamejs/test/helpers/db.js +9 -0
- package/lib/vendor/blamejs/test/helpers/drivers.js +27 -15
- package/lib/vendor/blamejs/test/helpers/services.js +21 -0
- package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +246 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +517 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +639 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +832 -0
- package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +453 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +649 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +770 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +630 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +610 -0
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +577 -0
- package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +771 -0
- package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +549 -0
- package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +598 -0
- package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +602 -0
- package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +576 -0
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +353 -0
- package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +224 -0
- package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +142 -17
- package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +25 -10
- package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +101 -0
- package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +239 -0
- package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +35 -16
- package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +291 -0
- package/lib/vendor/blamejs/test/integration/pubsub.test.js +14 -0
- package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +322 -0
- package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +300 -0
- package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +154 -0
- package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +71 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +175 -12
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +216 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +203 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +126 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +196 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +197 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +209 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +121 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +168 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +318 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +233 -7
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +1120 -14
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +229 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +24 -7
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +165 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +350 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +27 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +392 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +159 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +180 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +128 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +38 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +127 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +267 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +150 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +30 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +46 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +218 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +210 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +4 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +48 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +237 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +20 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +193 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +90 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +85 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +10 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +146 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +189 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +3 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +123 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +207 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +74 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +43 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +133 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +136 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +429 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +21 -11
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +113 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +99 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +255 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +309 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +143 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +287 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +79 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +31 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +49 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +595 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +91 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +69 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +194 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +66 -0
- package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +638 -0
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +21 -0
- package/lib/vendor/blamejs/test/smoke.js +79 -21
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +0 -43
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +0 -60
- package/lib/vendor/blamejs/release-notes/v0.14.10.json +0 -54
- package/lib/vendor/blamejs/release-notes/v0.14.11.json +0 -72
- package/lib/vendor/blamejs/release-notes/v0.14.12.json +0 -95
- package/lib/vendor/blamejs/release-notes/v0.14.13.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.14.14.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.14.16.json +0 -45
- package/lib/vendor/blamejs/release-notes/v0.14.17.json +0 -57
- package/lib/vendor/blamejs/release-notes/v0.14.18.json +0 -127
- package/lib/vendor/blamejs/release-notes/v0.14.19.json +0 -61
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.20.json +0 -73
- package/lib/vendor/blamejs/release-notes/v0.14.21.json +0 -98
- package/lib/vendor/blamejs/release-notes/v0.14.22.json +0 -91
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.6.json +0 -60
- package/lib/vendor/blamejs/release-notes/v0.14.7.json +0 -77
- package/lib/vendor/blamejs/release-notes/v0.14.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.14.9.json +0 -40
|
@@ -22,8 +22,12 @@
|
|
|
22
22
|
* content gate inspects the reassembled buffer, so it runs on uploads
|
|
23
23
|
* up to `maxStreamReassemblyBytes` (default 64 MiB); a larger upload
|
|
24
24
|
* is handed to `onFinalize` as a stream and the byte-content gate is
|
|
25
|
-
* skipped (MIME-sniff + filename gates still run
|
|
26
|
-
*
|
|
25
|
+
* skipped (MIME-sniff + filename gates still run). Every skip path —
|
|
26
|
+
* the upload streamed past the reassembly cap, no gate is registered
|
|
27
|
+
* for the file's extension, or `contentSafety: null` disabled scanning
|
|
28
|
+
* — emits a `fileUpload.content_safety_skipped` audit whose `reason`
|
|
29
|
+
* names the cause, so a security review of the audit log can tell which
|
|
30
|
+
* uploads reached storage without a content scan and why. To guarantee
|
|
27
31
|
* content-gating of a type, cap `maxFileBytes` at or below
|
|
28
32
|
* `maxStreamReassemblyBytes`. Per-chunk hooks
|
|
29
33
|
* (`onChunk`) are the integration point for virus scanners and
|
|
@@ -475,6 +479,32 @@ function create(opts) {
|
|
|
475
479
|
if (opts.observability) opts.observability.safeEvent(name, value, labels || {});
|
|
476
480
|
}
|
|
477
481
|
|
|
482
|
+
// Emit an audit row whenever the byte-level content-safety scan is
|
|
483
|
+
// SKIPPED for a finalized upload — so a security review of the audit
|
|
484
|
+
// log can tell that bytes reached storage without passing the
|
|
485
|
+
// content gate, and WHY. Without this, every skip path (operator
|
|
486
|
+
// opt-out, no gate registered for the file's extension, or the upload
|
|
487
|
+
// streamed past maxStreamReassemblyBytes) was silent: the audit log
|
|
488
|
+
// showed a clean `fileUpload.finalize` success indistinguishable from
|
|
489
|
+
// a scanned upload. `reason` names the skip cause so operators can
|
|
490
|
+
// alert / lower maxStreamReassemblyBytes / register the missing gate.
|
|
491
|
+
// Observability-only: `_emitAudit` wraps audit.safeEmit in try/catch
|
|
492
|
+
// (drop-silent — by design) so a throwing sink never breaks the upload.
|
|
493
|
+
function _emitContentSafetySkipped(uploadId, actor, reason, ext, size) {
|
|
494
|
+
_emitObs("fileUpload.content_safety_skipped", 1, { reason: reason, ext: ext || "" });
|
|
495
|
+
// outcome "success" — the upload itself finalized; the audit records
|
|
496
|
+
// that the byte-level scan did NOT run, with `reason` naming why
|
|
497
|
+
// (the only outcomes the audit chain accepts are success / failure /
|
|
498
|
+
// denied, so the skip-cause lives in `reason` + `metadata`).
|
|
499
|
+
_emitAudit("fileUpload.content_safety_skipped", {
|
|
500
|
+
actor: requestHelpers.extractActorContext(actor),
|
|
501
|
+
resource: { kind: "fileUpload", id: uploadId },
|
|
502
|
+
outcome: "success",
|
|
503
|
+
reason: reason,
|
|
504
|
+
metadata: { uploadId: uploadId, ext: ext || null, size: size, reason: reason },
|
|
505
|
+
});
|
|
506
|
+
}
|
|
507
|
+
|
|
478
508
|
// Staging dir mode 0o700 — only the framework process reads its own
|
|
479
509
|
// staging files.
|
|
480
510
|
atomicFile.ensureDir(stagingDir, 0o700);
|
|
@@ -1088,12 +1118,27 @@ function create(opts) {
|
|
|
1088
1118
|
// upload streamed past maxStreamReassemblyBytes and was never
|
|
1089
1119
|
// reassembled into a buffer the byte-level gate can inspect. The
|
|
1090
1120
|
// MIME-sniff and filename gates still ran; the per-extension
|
|
1091
|
-
// content gate did NOT.
|
|
1092
|
-
//
|
|
1093
|
-
//
|
|
1094
|
-
|
|
1095
|
-
|
|
1121
|
+
// content gate did NOT. Audit the skip (with the streamed reason)
|
|
1122
|
+
// so operators can alert, lower maxStreamReassemblyBytes, or cap
|
|
1123
|
+
// maxFileBytes to force content-gating of this type.
|
|
1124
|
+
_emitContentSafetySkipped(uploadId, actor, "streamed-over-reassembly-cap",
|
|
1125
|
+
safetyExt, verified.totalBytes);
|
|
1126
|
+
} else {
|
|
1127
|
+
// contentSafety is wired but no gate is registered for this file's
|
|
1128
|
+
// extension — the byte-level scan does not run. Audit the skip so
|
|
1129
|
+
// a review can tell the upload bypassed content scanning (and
|
|
1130
|
+
// register a gate for the extension if it should be scanned).
|
|
1131
|
+
_emitContentSafetySkipped(uploadId, actor, "no-gate-for-extension",
|
|
1132
|
+
safetyExt, verified.totalBytes);
|
|
1096
1133
|
}
|
|
1134
|
+
} else {
|
|
1135
|
+
// Content-safety scanning is disabled for this upload manager
|
|
1136
|
+
// (contentSafety: null opt-out at create()). The create-time audit
|
|
1137
|
+
// recorded the disable; this per-upload audit makes the bypass
|
|
1138
|
+
// visible at the point bytes reached storage.
|
|
1139
|
+
_emitContentSafetySkipped(uploadId, actor, "content-safety-disabled",
|
|
1140
|
+
nodePath.extname(filename).toLowerCase(),
|
|
1141
|
+
verified.totalBytes);
|
|
1097
1142
|
}
|
|
1098
1143
|
|
|
1099
1144
|
// Hand to operator's onFinalize.
|
|
@@ -125,6 +125,11 @@ var QueueError = defineClass("QueueError");
|
|
|
125
125
|
// them and skips immediately rather than hammering a misconfig.
|
|
126
126
|
var RedisError = defineClass("RedisError");
|
|
127
127
|
var ExternalDbError = defineClass("ExternalDbError");
|
|
128
|
+
// DbQueryError covers the local-SQLite query-builder refusal paths
|
|
129
|
+
// (residency write gates, malformed-call shapes). Refusals pass the
|
|
130
|
+
// permanent flag explicitly — a residency mismatch never becomes valid
|
|
131
|
+
// on retry, while the class stays open for transient codes later.
|
|
132
|
+
var DbQueryError = defineClass("DbQueryError");
|
|
128
133
|
var ClusterError = defineClass("ClusterError");
|
|
129
134
|
var ClusterProviderError = defineClass("ClusterProviderError");
|
|
130
135
|
var HandlerError = defineClass("HandlerError", { withCause: true });
|
|
@@ -210,6 +215,16 @@ var GuardSvgError = defineClass("GuardSvgError", { alwaysPermane
|
|
|
210
215
|
// (Windows strips them silently), unicode bidi/RTLO file-name spoofing,
|
|
211
216
|
// overlong UTF-8 encoding, length caps. alwaysPermanent.
|
|
212
217
|
var GuardFilenameError = defineClass("GuardFilenameError", { alwaysPermanent: true });
|
|
218
|
+
// GuardSqlError covers raw-SQL refusals from the b.guardSql guard: the
|
|
219
|
+
// OS-reach floor (file / exec / FDW / extension / privilege-pivot
|
|
220
|
+
// across Postgres / SQLite / MySQL), stacked statements, comment
|
|
221
|
+
// smuggling, embedded string literals in a fragment, invalid UTF-8
|
|
222
|
+
// (CVE-2025-1094 encoding-bypass class), time-based probes, schema
|
|
223
|
+
// recon, and the migration DDL-verb allowlist. DOT-style codes
|
|
224
|
+
// (sql.refuse / sql.stacked / sql.file-access / ...) so they don't
|
|
225
|
+
// collide with SafeSqlError's slash codes (sql/bad-shape / ...).
|
|
226
|
+
// alwaysPermanent.
|
|
227
|
+
var GuardSqlError = defineClass("GuardSqlError", { alwaysPermanent: true });
|
|
213
228
|
// GuardArchiveError covers archive-shape violations: zip-slip path
|
|
214
229
|
// traversal, symlink + hardlink escape, decompression-ratio bombs,
|
|
215
230
|
// nested-archive depth, file-count + total-size + per-entry-size caps,
|
|
@@ -552,7 +567,9 @@ var WatcherError = defineClass("WatcherError", { alwaysPermane
|
|
|
552
567
|
// caller-shape misuse or an irrecoverable on-disk condition.
|
|
553
568
|
var LocalDbThinError = defineClass("LocalDbThinError", { alwaysPermanent: true });
|
|
554
569
|
// RouterError covers operator-shape violations on the router primitive:
|
|
555
|
-
// invalid `allowedRedirectOrigins` opt at create time,
|
|
570
|
+
// invalid `allowedRedirectOrigins` opt at create time, a malformed
|
|
571
|
+
// `use()` mount (non-string / non-array prefix, a prefix not beginning
|
|
572
|
+
// with "/", a missing or non-function middleware), and cross-origin
|
|
556
573
|
// `res.redirect()` targets that are not on the allowlist. alwaysPermanent
|
|
557
574
|
// — every case is config-time programming bug or an outbound-redirect
|
|
558
575
|
// shape error that retry will not recover.
|
|
@@ -653,6 +670,7 @@ module.exports = {
|
|
|
653
670
|
QueueError: QueueError,
|
|
654
671
|
RedisError: RedisError,
|
|
655
672
|
ExternalDbError: ExternalDbError,
|
|
673
|
+
DbQueryError: DbQueryError,
|
|
656
674
|
ClusterError: ClusterError,
|
|
657
675
|
ClusterProviderError: ClusterProviderError,
|
|
658
676
|
HandlerError: HandlerError,
|
|
@@ -679,6 +697,7 @@ module.exports = {
|
|
|
679
697
|
GuardHtmlError: GuardHtmlError,
|
|
680
698
|
GuardSvgError: GuardSvgError,
|
|
681
699
|
GuardFilenameError: GuardFilenameError,
|
|
700
|
+
GuardSqlError: GuardSqlError,
|
|
682
701
|
GuardArchiveError: GuardArchiveError,
|
|
683
702
|
GuardJsonError: GuardJsonError,
|
|
684
703
|
GuardYamlError: GuardYamlError,
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
// framework-files — the single source of truth for the framework's on-disk
|
|
4
|
+
// state file names. Centralized (mirroring framework-schema's table-name
|
|
5
|
+
// registry) so a rename / relocation is a one-line change and no module
|
|
6
|
+
// hardcodes the literal. Every owner resolves its file name through
|
|
7
|
+
// fileName(logical) instead of embedding the string; the codebase-patterns
|
|
8
|
+
// `no-hardcoded-framework-file-name` detector drives the remaining owners
|
|
9
|
+
// onto this registry in reverse (a file that still hardcodes a registered
|
|
10
|
+
// name fails the gate once it leaves the migration backlog).
|
|
11
|
+
//
|
|
12
|
+
// Internal infrastructure (not a public b.* namespace) — consumed by db /
|
|
13
|
+
// vault / audit / backup the way constants.js is.
|
|
14
|
+
|
|
15
|
+
var { FrameworkError } = require("./framework-error");
|
|
16
|
+
|
|
17
|
+
// Canonical state file names. Each is a BARE file name (no path) joined onto
|
|
18
|
+
// the operator's dataDir / a sub-path by the owner. Security-/durability-
|
|
19
|
+
// sensitive files only — templated names (e.g. the hashed working-db file)
|
|
20
|
+
// are not registered here.
|
|
21
|
+
var DEFAULT_FILE_NAMES = Object.freeze({
|
|
22
|
+
dbEnc: "db.enc", // encrypted-at-rest database ciphertext
|
|
23
|
+
dbKeyEnc: "db.key.enc", // sealed database encryption key
|
|
24
|
+
vaultKey: "vault.key", // sealed vault keypair
|
|
25
|
+
auditTip: "audit.tip", // audit rollback-detection sidecar
|
|
26
|
+
auditSignKey: "audit-sign.key", // sealed audit-signing keypair
|
|
27
|
+
rowsEnc: "rows.enc", // archive/backup rows ciphertext member
|
|
28
|
+
checkpointEnc: "checkpoint.enc", // archive/backup checkpoint ciphertext member
|
|
29
|
+
});
|
|
30
|
+
|
|
31
|
+
var _overrides = {};
|
|
32
|
+
|
|
33
|
+
// fileName(logical) — resolve a logical file key to its configured (or
|
|
34
|
+
// default) bare file name. Defensive request-shape reader: throws on an
|
|
35
|
+
// unknown logical key (a typo is a boot-time bug, not a runtime default).
|
|
36
|
+
function fileName(logical) {
|
|
37
|
+
if (Object.prototype.hasOwnProperty.call(_overrides, logical)) return _overrides[logical];
|
|
38
|
+
if (Object.prototype.hasOwnProperty.call(DEFAULT_FILE_NAMES, logical)) {
|
|
39
|
+
return DEFAULT_FILE_NAMES[logical];
|
|
40
|
+
}
|
|
41
|
+
throw new FrameworkError(
|
|
42
|
+
"frameworkFiles.fileName: unknown logical file '" + logical + "'",
|
|
43
|
+
"framework-files/unknown");
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
// setFileName(logical, name) — config-time override of a state file name.
|
|
47
|
+
// THROW on bad input (entry-point tier): the override must name a known
|
|
48
|
+
// logical key and be a bare file name (no path separators, no '..') so it
|
|
49
|
+
// can't redirect a sealed-key write outside the data dir.
|
|
50
|
+
function setFileName(logical, name) {
|
|
51
|
+
if (!Object.prototype.hasOwnProperty.call(DEFAULT_FILE_NAMES, logical)) {
|
|
52
|
+
throw new FrameworkError(
|
|
53
|
+
"frameworkFiles.setFileName: unknown logical file '" + logical + "'",
|
|
54
|
+
"framework-files/unknown");
|
|
55
|
+
}
|
|
56
|
+
if (typeof name !== "string" || name.length === 0 ||
|
|
57
|
+
name.indexOf("/") !== -1 || name.indexOf("\\") !== -1 || name.indexOf("..") !== -1) {
|
|
58
|
+
throw new FrameworkError(
|
|
59
|
+
"frameworkFiles.setFileName: name must be a non-empty bare file name " +
|
|
60
|
+
"(no path separators or '..')", "framework-files/bad-name");
|
|
61
|
+
}
|
|
62
|
+
_overrides[logical] = name;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
// Test/boot helper — drop all overrides back to the defaults.
|
|
66
|
+
function _resetForTest() { _overrides = {}; }
|
|
67
|
+
|
|
68
|
+
module.exports = {
|
|
69
|
+
fileName: fileName,
|
|
70
|
+
setFileName: setFileName,
|
|
71
|
+
DEFAULT_FILE_NAMES: DEFAULT_FILE_NAMES,
|
|
72
|
+
_resetForTest: _resetForTest,
|
|
73
|
+
};
|