@blamejs/blamejs-shop 0.4.31 → 0.4.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +392 -278
- package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -3
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +21 -4
- package/lib/vendor/blamejs/.gitignore +6 -0
- package/lib/vendor/blamejs/CHANGELOG.md +26 -0
- package/lib/vendor/blamejs/MIGRATING.md +43 -0
- package/lib/vendor/blamejs/README.md +8 -6
- package/lib/vendor/blamejs/SECURITY.md +19 -3
- package/lib/vendor/blamejs/api-snapshot.json +2190 -664
- package/lib/vendor/blamejs/docker/caddy/localstack.Caddyfile +19 -0
- package/lib/vendor/blamejs/docker/init/generate-certs.sh +1 -1
- package/lib/vendor/blamejs/docker/otel/config.yaml +42 -0
- package/lib/vendor/blamejs/docker/otel/export/.gitkeep +0 -0
- package/lib/vendor/blamejs/docker/postgres/initdb/10-replication.sh +15 -0
- package/lib/vendor/blamejs/docker/postgres/replica-entrypoint.sh +38 -0
- package/lib/vendor/blamejs/docker/toxiproxy/toxiproxy.json +14 -0
- package/lib/vendor/blamejs/docker-compose.test.yml +209 -0
- package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +132 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +221 -61
- package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +144 -9
- package/lib/vendor/blamejs/examples/wiki/test/e2e.js +99 -0
- package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +36 -0
- package/lib/vendor/blamejs/index.js +4 -0
- package/lib/vendor/blamejs/lib/agent-envelope-mac.js +104 -0
- package/lib/vendor/blamejs/lib/agent-event-bus.js +105 -4
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +8 -42
- package/lib/vendor/blamejs/lib/ai-content-detect.js +9 -10
- package/lib/vendor/blamejs/lib/api-key.js +158 -77
- package/lib/vendor/blamejs/lib/atomic-file.js +62 -4
- package/lib/vendor/blamejs/lib/audit-chain.js +47 -11
- package/lib/vendor/blamejs/lib/audit-sign.js +77 -2
- package/lib/vendor/blamejs/lib/audit-tools.js +79 -51
- package/lib/vendor/blamejs/lib/audit.js +259 -123
- package/lib/vendor/blamejs/lib/auth/oauth.js +53 -9
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +108 -47
- package/lib/vendor/blamejs/lib/auth/saml.js +6 -8
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +31 -5
- package/lib/vendor/blamejs/lib/backup/index.js +45 -10
- package/lib/vendor/blamejs/lib/break-glass.js +355 -147
- package/lib/vendor/blamejs/lib/cache.js +174 -105
- package/lib/vendor/blamejs/lib/chain-writer.js +38 -16
- package/lib/vendor/blamejs/lib/cli.js +19 -14
- package/lib/vendor/blamejs/lib/cluster-provider-db.js +130 -104
- package/lib/vendor/blamejs/lib/cluster-storage.js +119 -22
- package/lib/vendor/blamejs/lib/cluster.js +119 -71
- package/lib/vendor/blamejs/lib/codepoint-class.js +23 -0
- package/lib/vendor/blamejs/lib/compliance.js +206 -4
- package/lib/vendor/blamejs/lib/consent.js +82 -29
- package/lib/vendor/blamejs/lib/constants.js +27 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +916 -156
- package/lib/vendor/blamejs/lib/db-declare-row-policy.js +35 -22
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +3 -2
- package/lib/vendor/blamejs/lib/db-query.js +882 -260
- package/lib/vendor/blamejs/lib/db-schema.js +228 -44
- package/lib/vendor/blamejs/lib/db.js +249 -99
- package/lib/vendor/blamejs/lib/dsr.js +385 -55
- package/lib/vendor/blamejs/lib/error-page.js +14 -1
- package/lib/vendor/blamejs/lib/external-db-migrate.js +239 -137
- package/lib/vendor/blamejs/lib/external-db.js +549 -34
- package/lib/vendor/blamejs/lib/file-upload.js +52 -7
- package/lib/vendor/blamejs/lib/framework-error.js +20 -1
- package/lib/vendor/blamejs/lib/framework-files.js +73 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +695 -394
- package/lib/vendor/blamejs/lib/gate-contract.js +659 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +26 -44
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-auth.js +42 -112
- package/lib/vendor/blamejs/lib/guard-cidr.js +33 -154
- package/lib/vendor/blamejs/lib/guard-csv.js +46 -113
- package/lib/vendor/blamejs/lib/guard-domain.js +34 -157
- package/lib/vendor/blamejs/lib/guard-dsn.js +27 -43
- package/lib/vendor/blamejs/lib/guard-email.js +47 -69
- package/lib/vendor/blamejs/lib/guard-envelope.js +19 -32
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +24 -42
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +25 -43
- package/lib/vendor/blamejs/lib/guard-filename.js +42 -106
- package/lib/vendor/blamejs/lib/guard-graphql.js +42 -123
- package/lib/vendor/blamejs/lib/guard-html.js +53 -108
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +24 -42
- package/lib/vendor/blamejs/lib/guard-image.js +46 -103
- package/lib/vendor/blamejs/lib/guard-imap-command.js +18 -32
- package/lib/vendor/blamejs/lib/guard-jmap.js +16 -30
- package/lib/vendor/blamejs/lib/guard-json.js +38 -108
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +38 -171
- package/lib/vendor/blamejs/lib/guard-jwt.js +49 -179
- package/lib/vendor/blamejs/lib/guard-list-id.js +25 -41
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +27 -43
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +24 -42
- package/lib/vendor/blamejs/lib/guard-mail-move.js +26 -44
- package/lib/vendor/blamejs/lib/guard-mail-query.js +28 -46
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +24 -42
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +24 -42
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +17 -31
- package/lib/vendor/blamejs/lib/guard-markdown.js +37 -104
- package/lib/vendor/blamejs/lib/guard-message-id.js +26 -45
- package/lib/vendor/blamejs/lib/guard-mime.js +39 -151
- package/lib/vendor/blamejs/lib/guard-oauth.js +54 -135
- package/lib/vendor/blamejs/lib/guard-pdf.js +45 -101
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +21 -31
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +24 -42
- package/lib/vendor/blamejs/lib/guard-regex.js +33 -107
- package/lib/vendor/blamejs/lib/guard-saga-config.js +24 -42
- package/lib/vendor/blamejs/lib/guard-shell.js +42 -172
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +48 -54
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +24 -42
- package/lib/vendor/blamejs/lib/guard-sql.js +1491 -0
- package/lib/vendor/blamejs/lib/guard-stream-args.js +24 -43
- package/lib/vendor/blamejs/lib/guard-svg.js +47 -65
- package/lib/vendor/blamejs/lib/guard-template.js +35 -172
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +26 -45
- package/lib/vendor/blamejs/lib/guard-time.js +32 -154
- package/lib/vendor/blamejs/lib/guard-trace-context.js +25 -44
- package/lib/vendor/blamejs/lib/guard-uuid.js +32 -153
- package/lib/vendor/blamejs/lib/guard-xml.js +38 -113
- package/lib/vendor/blamejs/lib/guard-yaml.js +51 -163
- package/lib/vendor/blamejs/lib/http-client.js +37 -9
- package/lib/vendor/blamejs/lib/inbox.js +120 -107
- package/lib/vendor/blamejs/lib/legal-hold.js +121 -50
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +47 -31
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +32 -18
- package/lib/vendor/blamejs/lib/mail-auth.js +236 -0
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -6
- package/lib/vendor/blamejs/lib/mail-dkim.js +1 -0
- package/lib/vendor/blamejs/lib/mail-greylist.js +2 -6
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -6
- package/lib/vendor/blamejs/lib/mail-journal.js +85 -64
- package/lib/vendor/blamejs/lib/mail-rbl.js +2 -6
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -6
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +117 -12
- package/lib/vendor/blamejs/lib/mail-server-mx.js +276 -7
- package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -6
- package/lib/vendor/blamejs/lib/mail-store.js +293 -154
- package/lib/vendor/blamejs/lib/mail.js +8 -4
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +71 -25
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +19 -8
- package/lib/vendor/blamejs/lib/middleware/dpop.js +10 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +17 -7
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +75 -51
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +102 -32
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +21 -5
- package/lib/vendor/blamejs/lib/migrations.js +108 -66
- package/lib/vendor/blamejs/lib/network-heartbeat.js +7 -0
- package/lib/vendor/blamejs/lib/network-proxy.js +24 -1
- package/lib/vendor/blamejs/lib/nonce-store.js +31 -9
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +9 -4
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +57 -3
- package/lib/vendor/blamejs/lib/object-store/gcs.js +4 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +5 -2
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +38 -6
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -1
- package/lib/vendor/blamejs/lib/observability.js +124 -0
- package/lib/vendor/blamejs/lib/otel-export.js +12 -3
- package/lib/vendor/blamejs/lib/outbox.js +184 -83
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +47 -7
- package/lib/vendor/blamejs/lib/pqc-agent.js +44 -0
- package/lib/vendor/blamejs/lib/pubsub-cluster.js +42 -20
- package/lib/vendor/blamejs/lib/queue-local.js +225 -140
- package/lib/vendor/blamejs/lib/queue-redis.js +9 -1
- package/lib/vendor/blamejs/lib/queue-sqs.js +6 -0
- package/lib/vendor/blamejs/lib/queue.js +7 -0
- package/lib/vendor/blamejs/lib/redact.js +68 -11
- package/lib/vendor/blamejs/lib/redis-client.js +160 -31
- package/lib/vendor/blamejs/lib/request-helpers.js +7 -0
- package/lib/vendor/blamejs/lib/retention.js +101 -40
- package/lib/vendor/blamejs/lib/router.js +212 -5
- package/lib/vendor/blamejs/lib/safe-dns.js +29 -45
- package/lib/vendor/blamejs/lib/safe-ical.js +18 -33
- package/lib/vendor/blamejs/lib/safe-icap.js +27 -43
- package/lib/vendor/blamejs/lib/safe-sieve.js +21 -40
- package/lib/vendor/blamejs/lib/safe-sql.js +212 -3
- package/lib/vendor/blamejs/lib/safe-url.js +170 -3
- package/lib/vendor/blamejs/lib/safe-vcard.js +18 -33
- package/lib/vendor/blamejs/lib/scheduler.js +35 -12
- package/lib/vendor/blamejs/lib/seeders.js +122 -74
- package/lib/vendor/blamejs/lib/session-stores.js +42 -14
- package/lib/vendor/blamejs/lib/session.js +175 -77
- package/lib/vendor/blamejs/lib/sql.js +3842 -0
- package/lib/vendor/blamejs/lib/sse.js +26 -0
- package/lib/vendor/blamejs/lib/ssrf-guard.js +151 -4
- package/lib/vendor/blamejs/lib/static.js +177 -34
- package/lib/vendor/blamejs/lib/subject.js +96 -49
- package/lib/vendor/blamejs/lib/vault/index.js +3 -2
- package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +3 -2
- package/lib/vendor/blamejs/lib/vault/rotate.js +168 -108
- package/lib/vendor/blamejs/lib/vault-aad.js +6 -0
- package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
- package/lib/vendor/blamejs/lib/websocket.js +35 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +11 -0
- package/lib/vendor/blamejs/package.json +2 -2
- package/lib/vendor/blamejs/release-notes/v0.14.x.json +1503 -0
- package/lib/vendor/blamejs/release-notes/v0.15.0.json +77 -0
- package/lib/vendor/blamejs/release-notes/v0.15.1.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.2.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.3.json +39 -0
- package/lib/vendor/blamejs/release-notes/v0.15.4.json +39 -0
- package/lib/vendor/blamejs/release-notes/v0.15.5.json +22 -0
- package/lib/vendor/blamejs/release-notes/v0.15.6.json +59 -0
- package/lib/vendor/blamejs/scripts/check-services.js +21 -0
- package/lib/vendor/blamejs/scripts/gen-migrating.js +51 -0
- package/lib/vendor/blamejs/scripts/release.js +398 -38
- package/lib/vendor/blamejs/test/00-primitives.js +117 -0
- package/lib/vendor/blamejs/test/10-state.js +140 -14
- package/lib/vendor/blamejs/test/20-db.js +65 -2
- package/lib/vendor/blamejs/test/helpers/db.js +9 -0
- package/lib/vendor/blamejs/test/helpers/drivers.js +27 -15
- package/lib/vendor/blamejs/test/helpers/services.js +21 -0
- package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +246 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +517 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +639 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +832 -0
- package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +453 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +649 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +770 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +630 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +610 -0
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +577 -0
- package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +771 -0
- package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +549 -0
- package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +598 -0
- package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +602 -0
- package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +576 -0
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +353 -0
- package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +224 -0
- package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +142 -17
- package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +25 -10
- package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +101 -0
- package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +239 -0
- package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +35 -16
- package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +291 -0
- package/lib/vendor/blamejs/test/integration/pubsub.test.js +14 -0
- package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +322 -0
- package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +300 -0
- package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +154 -0
- package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +71 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +175 -12
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +216 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +203 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +126 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +196 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +197 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +209 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +121 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +168 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +318 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +233 -7
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +1120 -14
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +229 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +24 -7
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +165 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +350 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +27 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +392 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +159 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +180 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +128 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +38 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +127 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +267 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +150 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +30 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +46 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +218 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +210 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +4 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +48 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +237 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +20 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +193 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +90 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +85 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +10 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +146 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +189 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +3 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +123 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +207 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +74 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +43 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +133 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +136 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +429 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +21 -11
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +113 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +99 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +255 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +309 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +143 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +287 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +79 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +31 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +49 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +595 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +91 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +69 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +194 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +66 -0
- package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +638 -0
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +21 -0
- package/lib/vendor/blamejs/test/smoke.js +79 -21
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +0 -43
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +0 -60
- package/lib/vendor/blamejs/release-notes/v0.14.10.json +0 -54
- package/lib/vendor/blamejs/release-notes/v0.14.11.json +0 -72
- package/lib/vendor/blamejs/release-notes/v0.14.12.json +0 -95
- package/lib/vendor/blamejs/release-notes/v0.14.13.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.14.14.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.14.16.json +0 -45
- package/lib/vendor/blamejs/release-notes/v0.14.17.json +0 -57
- package/lib/vendor/blamejs/release-notes/v0.14.18.json +0 -127
- package/lib/vendor/blamejs/release-notes/v0.14.19.json +0 -61
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.20.json +0 -73
- package/lib/vendor/blamejs/release-notes/v0.14.21.json +0 -98
- package/lib/vendor/blamejs/release-notes/v0.14.22.json +0 -91
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.14.6.json +0 -60
- package/lib/vendor/blamejs/release-notes/v0.14.7.json +0 -77
- package/lib/vendor/blamejs/release-notes/v0.14.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.14.9.json +0 -40
|
@@ -273,6 +273,46 @@ async function testGrantRefusalPaths() {
|
|
|
273
273
|
}
|
|
274
274
|
}
|
|
275
275
|
|
|
276
|
+
// ---- Grant — concurrent TOTP replay (atomic step reservation) ----
|
|
277
|
+
|
|
278
|
+
async function testConcurrentTotpGrantReplay() {
|
|
279
|
+
var tmpDir = _tmp();
|
|
280
|
+
await setupTestDb(tmpDir);
|
|
281
|
+
try {
|
|
282
|
+
b.breakGlass.init();
|
|
283
|
+
await b.breakGlass.policy.set("patients", {
|
|
284
|
+
columns: ["ssn"],
|
|
285
|
+
factors: ["totp"],
|
|
286
|
+
});
|
|
287
|
+
var totp = _validTotp();
|
|
288
|
+
var req = _fakeReq(); // one req → one actor → one (actor, secret) replay key
|
|
289
|
+
function grantOpts() {
|
|
290
|
+
return {
|
|
291
|
+
req: req,
|
|
292
|
+
table: "patients",
|
|
293
|
+
reason: "concurrent replay regression test",
|
|
294
|
+
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
295
|
+
};
|
|
296
|
+
}
|
|
297
|
+
// Two grants in flight at once presenting the SAME in-window code. The
|
|
298
|
+
// accepted TOTP step is reserved atomically as part of acceptance, so
|
|
299
|
+
// exactly one grant succeeds and the other is refused as a replay — a
|
|
300
|
+
// read-then-commit floor let both observe the old floor and both pass.
|
|
301
|
+
var results = await Promise.allSettled([
|
|
302
|
+
b.breakGlass.grant(grantOpts()),
|
|
303
|
+
b.breakGlass.grant(grantOpts()),
|
|
304
|
+
]);
|
|
305
|
+
var ok = results.filter(function (r) { return r.status === "fulfilled"; });
|
|
306
|
+
var bad = results.filter(function (r) { return r.status === "rejected"; });
|
|
307
|
+
check("concurrent totp grant: exactly one grant succeeds", ok.length === 1);
|
|
308
|
+
check("concurrent totp grant: the other is refused as a replay",
|
|
309
|
+
bad.length === 1 &&
|
|
310
|
+
/breakglass\/bad-factor/.test((bad[0].reason && bad[0].reason.code) || ""));
|
|
311
|
+
} finally {
|
|
312
|
+
await teardownTestDb(tmpDir);
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
|
|
276
316
|
// ---- Grant + unseal — full lifecycle on a real sealed table ----
|
|
277
317
|
|
|
278
318
|
async function testUnsealRowLifecycle() {
|
|
@@ -300,8 +340,9 @@ async function testUnsealRowLifecycle() {
|
|
|
300
340
|
});
|
|
301
341
|
check("grant: maxRowsPerGrant honored from policy", grant.rowsRemaining === 3);
|
|
302
342
|
|
|
303
|
-
// Use grant once
|
|
304
|
-
|
|
343
|
+
// Use grant once. Default policy pins IP + session, so redemption
|
|
344
|
+
// threads the same request shape the grant was minted from.
|
|
345
|
+
var unsealed = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId, { req: _fakeReq() });
|
|
305
346
|
check("unsealRow: returns the row", unsealed && unsealed._id === jid.jobId);
|
|
306
347
|
check("unsealRow: payload column is decrypted",
|
|
307
348
|
unsealed.payload && unsealed.payload.indexOf("alice") !== -1);
|
|
@@ -339,10 +380,10 @@ async function testGrantExhaustion() {
|
|
|
339
380
|
reason: "compliance spot-check on queue row",
|
|
340
381
|
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
341
382
|
});
|
|
342
|
-
await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId);
|
|
383
|
+
await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId, { req: _fakeReq() });
|
|
343
384
|
|
|
344
385
|
var threw = null;
|
|
345
|
-
try { await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId); }
|
|
386
|
+
try { await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId, { req: _fakeReq() }); }
|
|
346
387
|
catch (e) { threw = e; }
|
|
347
388
|
check("exhaustion: second use of 1-row grant rejects",
|
|
348
389
|
threw && /breakglass\/grant-exhausted/.test(threw.code));
|
|
@@ -375,7 +416,7 @@ async function testGrantRevoke() {
|
|
|
375
416
|
});
|
|
376
417
|
await b.breakGlass.revoke(grant.id, { reason: "task complete" });
|
|
377
418
|
var threw = null;
|
|
378
|
-
try { await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId); }
|
|
419
|
+
try { await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId, { req: _fakeReq() }); }
|
|
379
420
|
catch (e) { threw = e; }
|
|
380
421
|
check("revoke: unseal after revoke rejects",
|
|
381
422
|
threw && /breakglass\/grant-revoked/.test(threw.code));
|
|
@@ -441,6 +482,185 @@ async function testSweepExpiredGrants() {
|
|
|
441
482
|
}
|
|
442
483
|
}
|
|
443
484
|
|
|
485
|
+
// ---- Grant binding enforcement: IP pin / session pin / fail-closed ----
|
|
486
|
+
|
|
487
|
+
async function testIpPinEnforcement() {
|
|
488
|
+
var tmpDir = _tmp();
|
|
489
|
+
await setupTestDb(tmpDir);
|
|
490
|
+
try {
|
|
491
|
+
b.breakGlass.init();
|
|
492
|
+
b.queue.init({ backends: { primary: { protocol: "local" } } });
|
|
493
|
+
var jid = await b.queue.enqueue("ip-pin-q", { secret: "row-ip-pin" });
|
|
494
|
+
await b.breakGlass.policy.set("_blamejs_jobs", {
|
|
495
|
+
columns: ["payload"], factors: ["totp"], maxRowsPerGrant: 5,
|
|
496
|
+
pinIp: true, sessionPin: false, // isolate the IP pin
|
|
497
|
+
});
|
|
498
|
+
var totp = _validTotp();
|
|
499
|
+
// Mint from IP-A.
|
|
500
|
+
var grant = await b.breakGlass.grant({
|
|
501
|
+
req: _fakeReq({ socket: { remoteAddress: "10.0.0.1" } }),
|
|
502
|
+
table: "_blamejs_jobs",
|
|
503
|
+
reason: "ip-pin: minting from address A for redemption test",
|
|
504
|
+
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
505
|
+
});
|
|
506
|
+
|
|
507
|
+
// Redeem from IP-B → refused on the operator unsealRow consumer.
|
|
508
|
+
var threwUnseal = null;
|
|
509
|
+
try {
|
|
510
|
+
await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId,
|
|
511
|
+
{ req: _fakeReq({ socket: { remoteAddress: "10.0.0.2" } }) });
|
|
512
|
+
} catch (e) { threwUnseal = e; }
|
|
513
|
+
check("ip-pin: IP-B redeem refused (unsealRow)",
|
|
514
|
+
threwUnseal && /breakglass\/grant-ip-mismatch/.test(threwUnseal.code));
|
|
515
|
+
|
|
516
|
+
// The mismatch must NOT have consumed the grant — same-IP redeem still
|
|
517
|
+
// succeeds afterward.
|
|
518
|
+
var ok = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId,
|
|
519
|
+
{ req: _fakeReq({ socket: { remoteAddress: "10.0.0.1" } }) });
|
|
520
|
+
check("ip-pin: same-IP redeem succeeds (mismatch did not consume)",
|
|
521
|
+
ok && ok.payload && ok.payload.indexOf("row-ip-pin") !== -1);
|
|
522
|
+
|
|
523
|
+
try { await b.queue.shutdown({ timeoutMs: 200 }); } catch (_e) {}
|
|
524
|
+
} finally {
|
|
525
|
+
await teardownTestDb(tmpDir);
|
|
526
|
+
}
|
|
527
|
+
}
|
|
528
|
+
|
|
529
|
+
async function testSessionPinEnforcement() {
|
|
530
|
+
var tmpDir = _tmp();
|
|
531
|
+
await setupTestDb(tmpDir);
|
|
532
|
+
try {
|
|
533
|
+
b.breakGlass.init();
|
|
534
|
+
b.queue.init({ backends: { primary: { protocol: "local" } } });
|
|
535
|
+
var jid = await b.queue.enqueue("sess-pin-q", { secret: "row-sess-pin" });
|
|
536
|
+
await b.breakGlass.policy.set("_blamejs_jobs", {
|
|
537
|
+
columns: ["payload"], factors: ["totp"], maxRowsPerGrant: 5,
|
|
538
|
+
pinIp: false, sessionPin: true, // isolate the session pin
|
|
539
|
+
});
|
|
540
|
+
var totp = _validTotp();
|
|
541
|
+
var grant = await b.breakGlass.grant({
|
|
542
|
+
req: _fakeReq({ session: { id: "sess-A" } }),
|
|
543
|
+
table: "_blamejs_jobs",
|
|
544
|
+
reason: "session-pin: minting under session A for redemption test",
|
|
545
|
+
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
546
|
+
});
|
|
547
|
+
|
|
548
|
+
var threw = null;
|
|
549
|
+
try {
|
|
550
|
+
await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId,
|
|
551
|
+
{ req: _fakeReq({ session: { id: "sess-B" } }) });
|
|
552
|
+
} catch (e) { threw = e; }
|
|
553
|
+
check("session-pin: different session redeem refused",
|
|
554
|
+
threw && /breakglass\/grant-session-mismatch/.test(threw.code));
|
|
555
|
+
|
|
556
|
+
var ok = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId,
|
|
557
|
+
{ req: _fakeReq({ session: { id: "sess-A" } }) });
|
|
558
|
+
check("session-pin: same-session redeem succeeds",
|
|
559
|
+
ok && ok.payload && ok.payload.indexOf("row-sess-pin") !== -1);
|
|
560
|
+
|
|
561
|
+
try { await b.queue.shutdown({ timeoutMs: 200 }); } catch (_e) {}
|
|
562
|
+
} finally {
|
|
563
|
+
await teardownTestDb(tmpDir);
|
|
564
|
+
}
|
|
565
|
+
}
|
|
566
|
+
|
|
567
|
+
async function testIpPinFailClosedOnNullBinding() {
|
|
568
|
+
// An Express-shaped req exposes only `req.ip` (no socket.remoteAddress).
|
|
569
|
+
// When pinIp is on and the binding could not be captured at mint, the
|
|
570
|
+
// redemption must FAIL-CLOSED rather than silently skip enforcement.
|
|
571
|
+
var tmpDir = _tmp();
|
|
572
|
+
await setupTestDb(tmpDir);
|
|
573
|
+
try {
|
|
574
|
+
b.breakGlass.init();
|
|
575
|
+
b.queue.init({ backends: { primary: { protocol: "local" } } });
|
|
576
|
+
var jid = await b.queue.enqueue("fc-q", { secret: "row-fc" });
|
|
577
|
+
await b.breakGlass.policy.set("_blamejs_jobs", {
|
|
578
|
+
columns: ["payload"], factors: ["totp"], maxRowsPerGrant: 5,
|
|
579
|
+
pinIp: true, sessionPin: false,
|
|
580
|
+
});
|
|
581
|
+
// Force a NULL ip binding at mint: a request with no socket AND no
|
|
582
|
+
// req.ip, so clientIp resolves null even with the req.ip fallback.
|
|
583
|
+
var noIpReq = {
|
|
584
|
+
user: { id: "user-test-1" },
|
|
585
|
+
headers: { "user-agent": "test-agent" },
|
|
586
|
+
method: "POST",
|
|
587
|
+
url: "/admin/break-glass",
|
|
588
|
+
};
|
|
589
|
+
var totp = _validTotp();
|
|
590
|
+
var grant = await b.breakGlass.grant({
|
|
591
|
+
req: noIpReq,
|
|
592
|
+
table: "_blamejs_jobs",
|
|
593
|
+
reason: "fail-closed: minting with no resolvable client IP",
|
|
594
|
+
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
595
|
+
});
|
|
596
|
+
|
|
597
|
+
var threw = null;
|
|
598
|
+
try {
|
|
599
|
+
await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId,
|
|
600
|
+
{ req: _fakeReq({ socket: { remoteAddress: "10.0.0.9" } }) });
|
|
601
|
+
} catch (e) { threw = e; }
|
|
602
|
+
check("ip-pin fail-closed: null binding refuses redemption",
|
|
603
|
+
threw && /breakglass\/grant-ip-mismatch/.test(threw.code));
|
|
604
|
+
|
|
605
|
+
try { await b.queue.shutdown({ timeoutMs: 200 }); } catch (_e) {}
|
|
606
|
+
} finally {
|
|
607
|
+
await teardownTestDb(tmpDir);
|
|
608
|
+
}
|
|
609
|
+
}
|
|
610
|
+
|
|
611
|
+
async function testTotpReplayDefense() {
|
|
612
|
+
var tmpDir = _tmp();
|
|
613
|
+
await setupTestDb(tmpDir);
|
|
614
|
+
try {
|
|
615
|
+
b.breakGlass.init();
|
|
616
|
+
await b.breakGlass.policy.set("patients", {
|
|
617
|
+
columns: ["ssn"], factors: ["totp"], maxRowsPerGrant: 5,
|
|
618
|
+
});
|
|
619
|
+
// Pin a deterministic clock so both grant attempts land on the same
|
|
620
|
+
// TOTP step — the replay window.
|
|
621
|
+
var fixedNow = 1_700_000_000_000;
|
|
622
|
+
var secret = b.auth.totp.generateSecret();
|
|
623
|
+
var code = b.auth.totp.generate(secret, { now: fixedNow });
|
|
624
|
+
|
|
625
|
+
var g1 = await b.breakGlass.grant({
|
|
626
|
+
req: _fakeReq(),
|
|
627
|
+
table: "patients",
|
|
628
|
+
reason: "totp-replay: first redemption of the code",
|
|
629
|
+
factor: { type: "totp", secret: secret, code: code, now: fixedNow },
|
|
630
|
+
});
|
|
631
|
+
check("totp-replay: first grant succeeds", typeof g1.id === "string");
|
|
632
|
+
|
|
633
|
+
// Same code + same clock = same step → must be rejected as a replay.
|
|
634
|
+
var threw = null;
|
|
635
|
+
try {
|
|
636
|
+
await b.breakGlass.grant({
|
|
637
|
+
req: _fakeReq(),
|
|
638
|
+
table: "patients",
|
|
639
|
+
reason: "totp-replay: second use of the SAME code must fail",
|
|
640
|
+
factor: { type: "totp", secret: secret, code: code, now: fixedNow },
|
|
641
|
+
});
|
|
642
|
+
} catch (e) { threw = e; }
|
|
643
|
+
check("totp-replay: re-using the same code in-window refused",
|
|
644
|
+
threw && /breakglass\/bad-factor/.test(threw.code));
|
|
645
|
+
|
|
646
|
+
// A DIFFERENT credential accepting a code at the same step still
|
|
647
|
+
// succeeds — proves the replay floor is keyed by secret fingerprint,
|
|
648
|
+
// not actorId alone.
|
|
649
|
+
var secret2 = b.auth.totp.generateSecret();
|
|
650
|
+
var code2 = b.auth.totp.generate(secret2, { now: fixedNow });
|
|
651
|
+
var g2 = await b.breakGlass.grant({
|
|
652
|
+
req: _fakeReq(),
|
|
653
|
+
table: "patients",
|
|
654
|
+
reason: "totp-replay: distinct credential same window still works",
|
|
655
|
+
factor: { type: "totp", secret: secret2, code: code2, now: fixedNow },
|
|
656
|
+
});
|
|
657
|
+
check("totp-replay: distinct credential at same step still succeeds",
|
|
658
|
+
typeof g2.id === "string" && g2.id !== g1.id);
|
|
659
|
+
} finally {
|
|
660
|
+
await teardownTestDb(tmpDir);
|
|
661
|
+
}
|
|
662
|
+
}
|
|
663
|
+
|
|
444
664
|
// ---- v0.5.1: Cryptographic mode (Model B) ----
|
|
445
665
|
|
|
446
666
|
async function testEncryptDecryptCellHappyPath() {
|
|
@@ -577,7 +797,7 @@ async function testCryptographicUnsealRow() {
|
|
|
577
797
|
reason: "Model B integration test for cryptographic unseal",
|
|
578
798
|
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
579
799
|
});
|
|
580
|
-
var row = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId);
|
|
800
|
+
var row = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", jid.jobId, { req: _fakeReq() });
|
|
581
801
|
check("Model B unsealRow: decrypts cryptographic cell",
|
|
582
802
|
row.payload === "alice's diagnosis (Model B)");
|
|
583
803
|
|
|
@@ -620,7 +840,7 @@ async function testMigrateModelAtoModelB() {
|
|
|
620
840
|
reason: "post-migration verification of payload decrypt path",
|
|
621
841
|
factor: { type: "totp", code: totp.code, secret: totp.secret },
|
|
622
842
|
});
|
|
623
|
-
var row = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", j1.jobId);
|
|
843
|
+
var row = await b.breakGlass.unsealRow(grant, "_blamejs_jobs", j1.jobId, { req: _fakeReq() });
|
|
624
844
|
check("migrate: row-1 reads as cryptographic-mode plaintext",
|
|
625
845
|
row.payload && row.payload.indexOf("row-1-secret") !== -1);
|
|
626
846
|
void j2; void j3;
|
|
@@ -851,11 +1071,17 @@ async function run() {
|
|
|
851
1071
|
await testPolicyValidation();
|
|
852
1072
|
await testGrantHappyPath();
|
|
853
1073
|
await testGrantRefusalPaths();
|
|
1074
|
+
await testConcurrentTotpGrantReplay();
|
|
854
1075
|
await testUnsealRowLifecycle();
|
|
855
1076
|
await testGrantExhaustion();
|
|
856
1077
|
await testGrantRevoke();
|
|
857
1078
|
await testTableMismatch();
|
|
858
1079
|
await testSweepExpiredGrants();
|
|
1080
|
+
// grant binding enforcement (IP / session pin + fail-closed) + TOTP replay
|
|
1081
|
+
await testIpPinEnforcement();
|
|
1082
|
+
await testSessionPinEnforcement();
|
|
1083
|
+
await testIpPinFailClosedOnNullBinding();
|
|
1084
|
+
await testTotpReplayDefense();
|
|
859
1085
|
// v0.5.1 Model B
|
|
860
1086
|
await testEncryptDecryptCellHappyPath();
|
|
861
1087
|
await testEncryptionContextBinding();
|