@blamejs/blamejs-shop 0.4.31 → 0.4.32

package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js

@@ -0,0 +1,36 @@
+"use strict";
+/**
+ * Fuzz target: b.guardSql (validate / sanitize)
+ *
+ * Targets the raw-SQL guard's tokenizer-first contract: the encoding
+ * gate (string / Buffer-or-refuse), the comment-strip + literal-mask
+ * normalizer, and the injection / exfil / OS-reach detector pipeline.
+ *
+ * validate() must NEVER throw on arbitrary bytes - it classifies and
+ * returns { ok, issues }; any throw out of it is a finding. sanitize()
+ * refuses unrepairable input with GuardSqlError (code prefix "sql.").
+ */
+
+var b        = require("..");
+var expected = require("./_expected");
+
+function expectedRefusal(e) {
+  if (expected.isExpected(e)) return true;
+  if (e && typeof e.code === "string" && e.code.indexOf("sql.") === 0) return true;
+  return false;
+}
+
+module.exports.fuzz = function (data) {
+  // No-throw classification contract (default + strict profiles).
+  b.guardSql.validate(data);
+  b.guardSql.validate(data, { profile: "strict" });
+
+  // Refusal path: sanitize throws GuardSqlError on hostile / unrepairable
+  // input; anything else is an unexpected crash.
+  try {
+    b.guardSql.sanitize(data);
+  } catch (e) {
+    if (expectedRefusal(e)) return;
+    throw e;
+  }
+};

package/lib/vendor/blamejs/index.js

@@ -120,6 +120,7 @@ var clusterStorage = require("./lib/cluster-storage");
 var safeAsync = require("./lib/safe-async");
 var handlers = require("./lib/handlers");
 var safeSql = require("./lib/safe-sql");
+var sql = require("./lib/sql");
 var chainWriter = require("./lib/chain-writer");
 var safeBuffer = require("./lib/safe-buffer");
 var safeDecompress = require("./lib/safe-decompress").safeDecompress;
@@ -181,6 +182,7 @@ var guardSvg = require("./lib/guard-svg");
 var guardFilename = require("./lib/guard-filename");
 var guardMessageId = require("./lib/guard-message-id");
 var guardSmtpCommand = require("./lib/guard-smtp-command");
+var guardSql = require("./lib/guard-sql");
 var guardImapCommand = require("./lib/guard-imap-command");
 var guardPop3Command = require("./lib/guard-pop3-command");
 var guardManageSieveCommand = require("./lib/guard-managesieve-command");
@@ -520,6 +522,7 @@ module.exports = {
   safeAsync:        safeAsync,
   handlers:         handlers,
   safeSql:          safeSql,
+  sql:              sql,
   chainWriter:      chainWriter,
   safeBuffer:       safeBuffer,
   safeDecompress:   safeDecompress,
@@ -569,6 +572,7 @@ module.exports = {
   guardFilename:    guardFilename,
   guardMessageId:   guardMessageId,
   guardSmtpCommand: guardSmtpCommand,
+  guardSql:         guardSql,
   guardImapCommand: guardImapCommand,
   guardPop3Command: guardPop3Command,
   guardManageSieveCommand: guardManageSieveCommand,

package/lib/vendor/blamejs/lib/agent-envelope-mac.js

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * b.agent._envelopeMac — internal shared keyed-MAC mechanism for
+ * authenticating agent cross-process envelopes (`b.agent.postureChain`
+ * delegation envelopes, `b.agent.eventBus` wire envelopes, and any
+ * future agent boundary that carries security-relevant fields over a
+ * shared transport).
+ *
+ * The threat is uniform across these boundaries: an attacker with write
+ * access to the shared transport (queue / pubsub) can forge or tamper an
+ * envelope's authority-bearing fields — posture set, tenant id, topic —
+ * because schema/shape validation alone proves nothing about
+ * authenticity. The defense is a keyed MAC (HMAC-SHA3-512) over the
+ * canonical bytes of exactly those fields, keyed off the vault master so
+ * an attacker without the vault key cannot forge it and a vault rotation
+ * invalidates every in-flight MAC.
+ *
+ * Each calling domain supplies a stable `label` (domain separation) and
+ * the canonical bytes of the fields it protects; the key derivation,
+ * HMAC construction, and constant-time comparison live here so there is
+ * a single mechanism to audit, not one per agent module.
+ *
+ * Internal — operator-facing surface is each primitive's envelope
+ * sign/verify behaviour; this is the implementation detail.
+ */
+
+var nodeCrypto = require("node:crypto");
+var lazyRequire = require("./lazy-require");
+var { defineClass } = require("./framework-error");
+var bCrypto = require("./crypto");
+
+var vault = lazyRequire(function () { return require("./vault"); });
+
+var AgentEnvelopeMacError = defineClass("AgentEnvelopeMacError", { alwaysPermanent: true });
+
+var ENVELOPE_MAC_KEY_BYTES = 32;                                                                        // HMAC-SHA3-512 keyed bytes
+
+// Per-label memoized keys — each domain-separation label derives its own
+// sub-key from the vault master so a MAC minted for one boundary can
+// never validate on another. Memoization is process-local; a vault
+// rotation implies an operator restart (which clears the cache).
+var _macKeyCache = Object.create(null);
+
+// Resolve (and memoize) the MAC sub-key for a domain-separation `label`,
+// derived from the vault master. Throws when the vault is not
+// initialized — there is no key to authenticate with, so callers MUST
+// treat that as fail-closed for any cross-tenant / authority decision
+// rather than proceeding unauthenticated.
+function resolveKey(label) {
+  if (typeof label !== "string" || label.length === 0) {
+    throw new AgentEnvelopeMacError("agent-envelope-mac/bad-label",
+      "resolveKey: label must be a non-empty string");
+  }
+  if (_macKeyCache[label]) return _macKeyCache[label];
+  var v;
+  try { v = vault(); } catch (_e) { v = null; }
+  if (!v || typeof v.getKeysJson !== "function") {
+    throw new AgentEnvelopeMacError("agent-envelope-mac/vault-not-initialized",
+      "envelope MAC: vault must be initialized before agent envelopes can be authenticated " +
+      "(operator wires b.vault.init() at boot)");
+  }
+  var keysJson;
+  try { keysJson = v.getKeysJson(); }
+  catch (e) {
+    throw new AgentEnvelopeMacError("agent-envelope-mac/vault-not-initialized",
+      "envelope MAC: vault.getKeysJson threw — " + (e && e.message ? e.message : String(e)));
+  }
+  var rootBytes = Buffer.from(bCrypto.sha3Hash(keysJson), "hex");
+  var input = Buffer.concat([
+    Buffer.from(label, "utf8"),
+    Buffer.from([0x00]),
+    rootBytes,
+  ]);
+  _macKeyCache[label] = bCrypto.kdf(input, ENVELOPE_MAC_KEY_BYTES);
+  return _macKeyCache[label];
+}
+
+// Compute the base64 HMAC-SHA3-512 of `canonicalBytes` under the
+// `label`'s vault-derived sub-key.
+function sign(label, canonicalBytes) {
+  var key = resolveKey(label);
+  return nodeCrypto.createHmac("sha3-512", key).update(canonicalBytes).digest().toString("base64");
+}
+
+// Constant-time verify that `mac` (base64) is the correct HMAC for
+// `canonicalBytes` under the `label`'s sub-key. Returns false for a
+// missing / malformed `mac`; propagates AgentEnvelopeMacError from
+// resolveKey when the vault is absent so the caller fails closed rather
+// than treating a missing key as a verification pass.
+function verify(label, canonicalBytes, mac) {
+  if (typeof mac !== "string" || mac.length === 0) return false;
+  var expected = sign(label, canonicalBytes);
+  return bCrypto.timingSafeEqual(mac, expected);
+}
+
+module.exports = {
+  resolveKey:             resolveKey,
+  sign:                   sign,
+  verify:                 verify,
+  AgentEnvelopeMacError:  AgentEnvelopeMacError,
+  ENVELOPE_MAC_KEY_BYTES: ENVELOPE_MAC_KEY_BYTES,
+  // Test-only — flush the memoized per-label MAC keys after a vault reset.
+  _resetForTest:          function () { _macKeyCache = Object.create(null); },
+};

package/lib/vendor/blamejs/lib/agent-event-bus.js

@@ -67,11 +67,25 @@ var { defineClass }       = require("./framework-error");
 var guardEventBusTopic    = require("./guard-event-bus-topic");
 var guardEventBusPayload  = require("./guard-event-bus-payload");
 var agentAudit            = require("./agent-audit");
+var envelopeMac           = require("./agent-envelope-mac");
+var safeJson              = require("./safe-json");
+var bCrypto               = require("./crypto");
 
 var audit                 = lazyRequire(function () { return require("./audit"); });
 
 var AgentEventBusError = defineClass("AgentEventBusError", { alwaysPermanent: true });
 
+// Wire-envelope authentication. An attacker with pubsub write access can
+// set _tenantId to a victim subscriber's tenant + a schema-valid payload
+// and forge a cross-tenant event; the tenant/posture/schema checks at the
+// consumer prove SHAPE, not authenticity. Defense is a keyed MAC over the
+// envelope's authority-bearing fields, minted at publish and verified at
+// the consumer BEFORE the tenant/schema checks. The key derivation +
+// HMAC live in the shared b.agent.envelopeMac mechanism (one keyed-MAC
+// mechanism for every agent boundary); this label domain-separates the
+// event-bus MAC from the posture-chain MAC.
+var ENVELOPE_MAC_LABEL = "blamejs.agent.eventBus/v1";
+
 /**
  * @primitive b.agent.eventBus.create
  * @signature b.agent.eventBus.create(opts)
@@ -88,6 +102,7 @@ var AgentEventBusError = defineClass("AgentEventBusError", { alwaysPermanent: tr
  *   pubsub:       { publish, subscribe, unsubscribe },   // required
  *   audit:        b.audit namespace,                      // optional
  *   permissions:  b.permissions instance,                  // optional
+ *   requireMac:   boolean,                                 // default: true — keyed-MAC envelope auth; false only for single-process unit tests with no vault
  *
  * @example
  *   var bus = b.agent.eventBus.create({ pubsub: myPubsub });
@@ -109,12 +124,18 @@ function create(opts) {
   var auditImpl   = opts.audit || audit();
   var permissions = opts.permissions || null;
   var topics      = new Map();
+  // Envelope MAC (M6): default ON. Only single-process unit tests with no
+  // vault should opt out. When off, the cross-tenant MAC gate is bypassed
+  // and that is audit-visible at publish + delivery; production /
+  // multi-process / queue-spanning deployments leave the default so a
+  // pubsub-write attacker can't forge a cross-tenant event.
+  var requireMac  = opts.requireMac !== false;
 
   return {
     registerTopic:   function (name, topicOpts)    { return _registerTopic(topics, name, topicOpts || {}, auditImpl); },
     unregisterTopic: function (name)               { return _unregisterTopic(topics, name, auditImpl); },
-    publish:         function (name, payload, pOpts) { return _publish(topics, opts.pubsub, name, payload, pOpts || {}, permissions, auditImpl); },
-    subscribe:       function (name, handler, sOpts) { return _subscribe(topics, opts.pubsub, name, handler, sOpts || {}, permissions, auditImpl); },
+    publish:         function (name, payload, pOpts) { return _publish(topics, opts.pubsub, name, payload, pOpts || {}, permissions, auditImpl, requireMac); },
+    subscribe:       function (name, handler, sOpts) { return _subscribe(topics, opts.pubsub, name, handler, sOpts || {}, permissions, auditImpl, requireMac); },
     listTopics:      function (args)                { return _listTopics(topics, args || {}, permissions); },
     AgentEventBusError: AgentEventBusError,
     guards: {
@@ -201,7 +222,30 @@ function _listTopics(topics, args, permissions) {
 
 // ---- Publish --------------------------------------------------------------
 
-async function _publish(topics, pubsub, name, payload, pOpts, permissions, auditImpl) {
+// Canonical bytes the MAC covers: _topic, _tenantId, _posture,
+// _publishedAt, and a hash of the payload (so the payload can't be
+// swapped without invalidating the MAC, without copying the whole
+// payload into the signed preimage). Field set matches the consumer's
+// authority decision inputs. Built as an ordered [key,value] tuple list
+// so the canonical preimage is stable regardless of source key order.
+function _macField(value, kind) {
+  if (kind === "string") return typeof value === "string" ? value : null;
+  if (kind === "number") return typeof value === "number" ? value : null;
+  return value === undefined ? null : value;   // pass-through (posture)
+}
+function _envelopeMacBytes(wrapped) {
+  var payloadForHash = wrapped.payload === undefined ? null : wrapped.payload;
+  var tuples = [
+    ["_topic",       _macField(wrapped._topic, "string")],
+    ["_tenantId",    _macField(wrapped._tenantId, "string")],
+    ["_posture",     _macField(wrapped._posture, "any")],
+    ["_publishedAt", _macField(wrapped._publishedAt, "number")],
+    ["payloadHash",  bCrypto.sha3Hash(safeJson.canonical(payloadForHash))],
+  ];
+  return Buffer.from(safeJson.canonical(tuples), "utf8");
+}
+
+async function _publish(topics, pubsub, name, payload, pOpts, permissions, auditImpl, requireMac) {
   guardEventBusTopic.validate(name);
   var entry = topics.get(name);
   if (!entry) {
@@ -256,6 +300,32 @@ async function _publish(topics, pubsub, name, payload, pOpts, permissions, audit
     _publishedAt: Date.now(),
     payload:      payload,
   };
+  // Authenticate the envelope's authority-bearing fields with a keyed MAC
+  // (M6). The consumer verifies this BEFORE the tenant/schema checks, so a
+  // pubsub-write attacker can't forge a cross-tenant event. If the vault
+  // isn't initialized there's no key to mint with — fail closed at publish
+  // (requireMac default) rather than emit an unauthenticatable envelope
+  // onto the bus. requireMac:false is the single-process unit-test escape
+  // hatch and is audit-visible.
+  try {
+    wrapped._mac = envelopeMac.sign(ENVELOPE_MAC_LABEL, _envelopeMacBytes(wrapped));
+  } catch (e) {
+    if (requireMac) {
+      _safeAudit(auditImpl, "agent.event_bus.publish_denied", pOpts.actor || null, {
+        topic: name, reason: "envelope-mac-unavailable",
+      });
+      throw new AgentEventBusError("agent-event-bus/envelope-mac-unavailable",
+        "publish: cannot authenticate the event envelope — " +
+        ((e && e.message) || String(e)) +
+        " (vault must be initialized so the bus MAC key is derivable, or " +
+        "set requireMac:false for single-process unit tests)");
+    }
+    // Escape hatch: no key + requireMac disabled → emit unauthenticated.
+    wrapped._mac = null;
+    _safeAudit(auditImpl, "agent.event_bus.mac_bypassed", pOpts.actor || null, {
+      topic: name, reason: "require-mac-disabled", phase: "publish",
+    });
+  }
   await pubsub.publish(name, wrapped);
   _safeAudit(auditImpl, "agent.event_bus.published", pOpts.actor, {
     topic: name, posture: entry.posture,
@@ -265,7 +335,7 @@ async function _publish(topics, pubsub, name, payload, pOpts, permissions, audit
 
 // ---- Subscribe ------------------------------------------------------------
 
-async function _subscribe(topics, pubsub, name, handler, sOpts, permissions, auditImpl) {
+async function _subscribe(topics, pubsub, name, handler, sOpts, permissions, auditImpl, requireMac) {
   guardEventBusTopic.validate(name);
   var entry = topics.get(name);
   if (!entry) {
@@ -320,6 +390,37 @@ async function _subscribe(topics, pubsub, name, handler, sOpts, permissions, aud
         { topic: name, reason: "malformed-envelope" });
       return;
     }
+    // Envelope authentication FIRST (M6): verify the keyed MAC over the
+    // authority-bearing fields (_topic / _tenantId / _posture /
+    // _publishedAt / payload-hash) BEFORE trusting _tenantId / _posture
+    // for any routing or schema decision. A pubsub-write attacker who
+    // forges _tenantId (cross-tenant routing) or tampers _posture / the
+    // payload produces a MAC mismatch and the delivery drops. If the
+    // vault key is unavailable, verify() throws — we fail CLOSED (drop),
+    // never deliver an unauthenticatable envelope cross-tenant.
+    // requireMac:false is the single-process unit-test escape hatch and
+    // is audit-visible.
+    if (requireMac) {
+      var macOk = false;
+      try {
+        macOk = envelopeMac.verify(ENVELOPE_MAC_LABEL, _envelopeMacBytes(wrapped), wrapped._mac);
+      } catch (_e) {
+        macOk = false;
+      }
+      if (!macOk) {
+        _safeAudit(auditImpl, "agent.event_bus.cross_tenant_drop", sOpts.actor, {
+          topic: name,
+          publisherTenant:  typeof wrapped._tenantId === "string" ? wrapped._tenantId : null,
+          subscriberTenant: subscriberTenant,
+          reason: "envelope-mac-invalid",
+        });
+        return;
+      }
+    } else {
+      _safeAudit(auditImpl, "agent.event_bus.mac_bypassed", sOpts.actor, {
+        topic: name, reason: "require-mac-disabled", phase: "delivery",
+      });
+    }
     // Tenant-scope check: subscriber's tenantId must match the
     // publisher's tenantId from the wire envelope. If the envelope
     // lacks _tenantId (publisher omitted), that's a tampered or

package/lib/vendor/blamejs/lib/agent-posture-chain.js

@@ -51,15 +51,13 @@
  */
 
 var lazyRequire             = require("./lazy-require");
-var nodeCrypto              = require("node:crypto");
 var { defineClass }         = require("./framework-error");
 var guardPostureChain       = require("./guard-posture-chain");
 var agentAudit              = require("./agent-audit");
 var safeJson                = require("./safe-json");
-var bCrypto                 = require("./crypto");
+var envelopeMac             = require("./agent-envelope-mac");
 
 var audit                   = lazyRequire(function () { return require("./audit"); });
-var vault                   = lazyRequire(function () { return require("./vault"); });
 
 var AgentPostureChainError = defineClass("AgentPostureChainError", { alwaysPermanent: true });
 
@@ -70,44 +68,16 @@ var BUILTIN_REGIMES = Object.freeze(["hipaa", "pci-dss", "gdpr", "soc2"]);
 // strips postureSet to [] and re-sends a saga / sub-agent envelope
 // can bypass the downgrade refusal in _validate (which only checks
 // SHAPE, not authenticity). Defense is a keyed MAC over the canonical
-// envelope bytes, computed at appendHop and verified at validate.
+// envelope bytes, computed at appendHop and verified at validate. The
+// key derivation + HMAC construction live in the shared
+// b.agent.envelopeMac mechanism (one keyed-MAC mechanism for every
+// agent boundary); this label domain-separates the posture-chain MAC.
 var ENVELOPE_MAC_LABEL = "blamejs.agent.postureChain/v1";
-var ENVELOPE_MAC_KEY_BYTES = 32;                                                                        // HMAC-SHA3-512 keyed bytes
 // Hop count cap defends infinite recursion across
 // agent delegation. 16 is the spec default; operators can lower via
 // opts.maxHopCount but never raise (audit fan-out without a cap is a
 // DoS class).
 var DEFAULT_MAX_HOP_COUNT = 16;                                                                         // hop count cap
-var _macKeyCache = null;                                                                                // memoized per-vault-master key
-
-function _resolveMacKey() {
-  // Lazy derivation keyed off the vault master. Operator rotating
-  // vault keys invalidates every in-flight MAC — desired property.
-  // Memoization is process-local; if vault rotates within the same
-  // process the operator restarts (vault rotation already implies it).
-  if (_macKeyCache) return _macKeyCache;
-  var v;
-  try { v = vault(); } catch (_e) { v = null; }
-  if (!v || typeof v.getKeysJson !== "function") {
-    throw new AgentPostureChainError("agent-posture-chain/vault-not-initialized",
-      "envelope MAC: vault must be initialized before posture-chain envelopes can be authenticated " +
-      "(operator wires b.vault.init() at boot)");
-  }
-  var keysJson;
-  try { keysJson = v.getKeysJson(); }
-  catch (e) {
-    throw new AgentPostureChainError("agent-posture-chain/vault-not-initialized",
-      "envelope MAC: vault.getKeysJson threw — " + (e && e.message ? e.message : String(e)));
-  }
-  var rootBytes = Buffer.from(bCrypto.sha3Hash(keysJson), "hex");
-  var input = Buffer.concat([
-    Buffer.from(ENVELOPE_MAC_LABEL, "utf8"),
-    Buffer.from([0x00]),
-    rootBytes,
-  ]);
-  _macKeyCache = bCrypto.kdf(input, ENVELOPE_MAC_KEY_BYTES);
-  return _macKeyCache;
-}
 
 function _envelopeMacBytes(envelope) {
   // Sign every field that downstream consumers verify off the wire,
@@ -124,15 +94,11 @@ function _envelopeMacBytes(envelope) {
 }
 
 function _signEnvelope(envelope) {
-  var key = _resolveMacKey();
-  var mac = nodeCrypto.createHmac("sha3-512", key).update(_envelopeMacBytes(envelope)).digest();
-  return mac.toString("base64");
+  return envelopeMac.sign(ENVELOPE_MAC_LABEL, _envelopeMacBytes(envelope));
 }
 
 function _verifyEnvelopeMac(envelope) {
-  if (typeof envelope._mac !== "string" || envelope._mac.length === 0) return false;
-  var expected = _signEnvelope(envelope);
-  return bCrypto.timingSafeEqual(envelope._mac, expected);
+  return envelopeMac.verify(ENVELOPE_MAC_LABEL, _envelopeMacBytes(envelope), envelope._mac);
 }
 
 /**
@@ -362,5 +328,5 @@ module.exports = {
     chain: guardPostureChain,
   },
   // Test-only — flush the memoized MAC key after a vault reset.
-  _resetForTest: function () { _macKeyCache = null; },
+  _resetForTest: function () { envelopeMac._resetForTest(); },
 };

package/lib/vendor/blamejs/lib/ai-content-detect.js

@@ -43,6 +43,7 @@ var lazyRequire = require("./lazy-require");
 var contentCredentials = lazyRequire(function () { return require("./content-credentials"); });
 var audit = require("./audit");
 var { defineClass } = require("./framework-error");
+var gateContract = require("./gate-contract");
 
 var AiContentDetectError = defineClass("AiContentDetectError", { alwaysPermanent: true });
 
@@ -64,16 +65,14 @@ var COMPLIANCE_POSTURES = Object.freeze({
   "nist-ai-rmf":        "balanced",
 });
 
-function _resolveProfile(opts) {
-  if (opts && typeof opts.posture === "string") {
-    var profile = COMPLIANCE_POSTURES[opts.posture];
-    if (profile) return PROFILES[profile];
-  }
-  if (opts && typeof opts.profile === "string" && PROFILES[opts.profile]) {
-    return PROFILES[opts.profile];
-  }
-  return PROFILES[DEFAULT_PROFILE];
-}
+var _resolveProfile = gateContract.makeProfileResolver({
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  defaults:   DEFAULT_PROFILE,
+  errorClass: AiContentDetectError,
+  codePrefix: "ai-content-detect",
+  byObject:   true,
+});
 
 /**
  * @primitive b.ai.aiContentDetect.report