@blamejs/blamejs-shop 0.4.31 → 0.4.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (343) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/README.md +1 -1
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +400 -282
  5. package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -3
  6. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +21 -4
  7. package/lib/vendor/blamejs/.gitignore +6 -0
  8. package/lib/vendor/blamejs/CHANGELOG.md +28 -0
  9. package/lib/vendor/blamejs/MIGRATING.md +55 -0
  10. package/lib/vendor/blamejs/README.md +8 -6
  11. package/lib/vendor/blamejs/SECURITY.md +19 -3
  12. package/lib/vendor/blamejs/api-snapshot.json +2190 -664
  13. package/lib/vendor/blamejs/docker/caddy/localstack.Caddyfile +19 -0
  14. package/lib/vendor/blamejs/docker/init/generate-certs.sh +1 -1
  15. package/lib/vendor/blamejs/docker/otel/config.yaml +42 -0
  16. package/lib/vendor/blamejs/docker/otel/export/.gitkeep +0 -0
  17. package/lib/vendor/blamejs/docker/postgres/initdb/10-replication.sh +15 -0
  18. package/lib/vendor/blamejs/docker/postgres/replica-entrypoint.sh +38 -0
  19. package/lib/vendor/blamejs/docker/toxiproxy/toxiproxy.json +14 -0
  20. package/lib/vendor/blamejs/docker-compose.test.yml +209 -0
  21. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +132 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +221 -61
  23. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +144 -9
  24. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +99 -0
  25. package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +36 -0
  26. package/lib/vendor/blamejs/index.js +4 -0
  27. package/lib/vendor/blamejs/lib/agent-envelope-mac.js +104 -0
  28. package/lib/vendor/blamejs/lib/agent-event-bus.js +105 -4
  29. package/lib/vendor/blamejs/lib/agent-posture-chain.js +8 -42
  30. package/lib/vendor/blamejs/lib/ai-content-detect.js +9 -10
  31. package/lib/vendor/blamejs/lib/api-key.js +158 -77
  32. package/lib/vendor/blamejs/lib/atomic-file.js +62 -4
  33. package/lib/vendor/blamejs/lib/audit-chain.js +47 -11
  34. package/lib/vendor/blamejs/lib/audit-sign.js +77 -2
  35. package/lib/vendor/blamejs/lib/audit-tools.js +79 -51
  36. package/lib/vendor/blamejs/lib/audit.js +259 -123
  37. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +6 -2
  38. package/lib/vendor/blamejs/lib/auth/oauth.js +66 -9
  39. package/lib/vendor/blamejs/lib/auth/openid-federation.js +108 -47
  40. package/lib/vendor/blamejs/lib/auth/saml.js +6 -8
  41. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +36 -7
  42. package/lib/vendor/blamejs/lib/backup/index.js +45 -10
  43. package/lib/vendor/blamejs/lib/break-glass.js +355 -147
  44. package/lib/vendor/blamejs/lib/cache.js +174 -105
  45. package/lib/vendor/blamejs/lib/chain-writer.js +38 -16
  46. package/lib/vendor/blamejs/lib/cli.js +19 -14
  47. package/lib/vendor/blamejs/lib/cluster-provider-db.js +130 -104
  48. package/lib/vendor/blamejs/lib/cluster-storage.js +119 -22
  49. package/lib/vendor/blamejs/lib/cluster.js +119 -71
  50. package/lib/vendor/blamejs/lib/codepoint-class.js +23 -0
  51. package/lib/vendor/blamejs/lib/compliance.js +210 -4
  52. package/lib/vendor/blamejs/lib/consent.js +82 -29
  53. package/lib/vendor/blamejs/lib/constants.js +27 -11
  54. package/lib/vendor/blamejs/lib/credential-hash.js +9 -0
  55. package/lib/vendor/blamejs/lib/crypto-field.js +916 -156
  56. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +35 -22
  57. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +3 -2
  58. package/lib/vendor/blamejs/lib/db-query.js +882 -260
  59. package/lib/vendor/blamejs/lib/db-schema.js +228 -44
  60. package/lib/vendor/blamejs/lib/db.js +249 -99
  61. package/lib/vendor/blamejs/lib/dsr.js +385 -55
  62. package/lib/vendor/blamejs/lib/error-page.js +14 -1
  63. package/lib/vendor/blamejs/lib/external-db-migrate.js +239 -137
  64. package/lib/vendor/blamejs/lib/external-db.js +549 -34
  65. package/lib/vendor/blamejs/lib/file-upload.js +52 -7
  66. package/lib/vendor/blamejs/lib/framework-error.js +20 -1
  67. package/lib/vendor/blamejs/lib/framework-files.js +73 -0
  68. package/lib/vendor/blamejs/lib/framework-schema.js +695 -394
  69. package/lib/vendor/blamejs/lib/gate-contract.js +659 -1
  70. package/lib/vendor/blamejs/lib/guard-agent-registry.js +26 -44
  71. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  72. package/lib/vendor/blamejs/lib/guard-auth.js +42 -112
  73. package/lib/vendor/blamejs/lib/guard-cidr.js +33 -154
  74. package/lib/vendor/blamejs/lib/guard-csv.js +46 -113
  75. package/lib/vendor/blamejs/lib/guard-domain.js +34 -157
  76. package/lib/vendor/blamejs/lib/guard-dsn.js +27 -43
  77. package/lib/vendor/blamejs/lib/guard-email.js +47 -69
  78. package/lib/vendor/blamejs/lib/guard-envelope.js +19 -32
  79. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +24 -42
  80. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +25 -43
  81. package/lib/vendor/blamejs/lib/guard-filename.js +42 -106
  82. package/lib/vendor/blamejs/lib/guard-graphql.js +42 -123
  83. package/lib/vendor/blamejs/lib/guard-html.js +53 -108
  84. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +24 -42
  85. package/lib/vendor/blamejs/lib/guard-image.js +46 -103
  86. package/lib/vendor/blamejs/lib/guard-imap-command.js +18 -32
  87. package/lib/vendor/blamejs/lib/guard-jmap.js +16 -30
  88. package/lib/vendor/blamejs/lib/guard-json.js +38 -108
  89. package/lib/vendor/blamejs/lib/guard-jsonpath.js +38 -171
  90. package/lib/vendor/blamejs/lib/guard-jwt.js +49 -179
  91. package/lib/vendor/blamejs/lib/guard-list-id.js +25 -41
  92. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +27 -43
  93. package/lib/vendor/blamejs/lib/guard-mail-compose.js +24 -42
  94. package/lib/vendor/blamejs/lib/guard-mail-move.js +26 -44
  95. package/lib/vendor/blamejs/lib/guard-mail-query.js +28 -46
  96. package/lib/vendor/blamejs/lib/guard-mail-reply.js +24 -42
  97. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +24 -42
  98. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +17 -31
  99. package/lib/vendor/blamejs/lib/guard-markdown.js +37 -104
  100. package/lib/vendor/blamejs/lib/guard-message-id.js +26 -45
  101. package/lib/vendor/blamejs/lib/guard-mime.js +39 -151
  102. package/lib/vendor/blamejs/lib/guard-oauth.js +54 -135
  103. package/lib/vendor/blamejs/lib/guard-pdf.js +45 -101
  104. package/lib/vendor/blamejs/lib/guard-pop3-command.js +21 -31
  105. package/lib/vendor/blamejs/lib/guard-posture-chain.js +24 -42
  106. package/lib/vendor/blamejs/lib/guard-regex.js +33 -107
  107. package/lib/vendor/blamejs/lib/guard-saga-config.js +24 -42
  108. package/lib/vendor/blamejs/lib/guard-shell.js +42 -172
  109. package/lib/vendor/blamejs/lib/guard-smtp-command.js +48 -54
  110. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +24 -42
  111. package/lib/vendor/blamejs/lib/guard-sql.js +1491 -0
  112. package/lib/vendor/blamejs/lib/guard-stream-args.js +24 -43
  113. package/lib/vendor/blamejs/lib/guard-svg.js +47 -65
  114. package/lib/vendor/blamejs/lib/guard-template.js +35 -172
  115. package/lib/vendor/blamejs/lib/guard-tenant-id.js +26 -45
  116. package/lib/vendor/blamejs/lib/guard-time.js +32 -154
  117. package/lib/vendor/blamejs/lib/guard-trace-context.js +25 -44
  118. package/lib/vendor/blamejs/lib/guard-uuid.js +32 -153
  119. package/lib/vendor/blamejs/lib/guard-xml.js +38 -113
  120. package/lib/vendor/blamejs/lib/guard-yaml.js +51 -163
  121. package/lib/vendor/blamejs/lib/http-client.js +37 -9
  122. package/lib/vendor/blamejs/lib/inbox.js +120 -107
  123. package/lib/vendor/blamejs/lib/legal-hold.js +121 -50
  124. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +47 -31
  125. package/lib/vendor/blamejs/lib/log-stream-otlp.js +32 -18
  126. package/lib/vendor/blamejs/lib/mail-auth.js +236 -0
  127. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -6
  128. package/lib/vendor/blamejs/lib/mail-dkim.js +1 -0
  129. package/lib/vendor/blamejs/lib/mail-greylist.js +2 -6
  130. package/lib/vendor/blamejs/lib/mail-helo.js +2 -6
  131. package/lib/vendor/blamejs/lib/mail-journal.js +85 -64
  132. package/lib/vendor/blamejs/lib/mail-rbl.js +2 -6
  133. package/lib/vendor/blamejs/lib/mail-scan.js +2 -6
  134. package/lib/vendor/blamejs/lib/mail-server-jmap.js +117 -12
  135. package/lib/vendor/blamejs/lib/mail-server-mx.js +276 -7
  136. package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -6
  137. package/lib/vendor/blamejs/lib/mail-store.js +293 -154
  138. package/lib/vendor/blamejs/lib/mail.js +8 -4
  139. package/lib/vendor/blamejs/lib/middleware/body-parser.js +71 -25
  140. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +19 -8
  141. package/lib/vendor/blamejs/lib/middleware/dpop.js +10 -1
  142. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +17 -7
  143. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +75 -51
  144. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +102 -32
  145. package/lib/vendor/blamejs/lib/middleware/security-headers.js +21 -5
  146. package/lib/vendor/blamejs/lib/migrations.js +108 -66
  147. package/lib/vendor/blamejs/lib/network-heartbeat.js +7 -0
  148. package/lib/vendor/blamejs/lib/network-proxy.js +24 -1
  149. package/lib/vendor/blamejs/lib/nonce-store.js +31 -9
  150. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +9 -4
  151. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +57 -3
  152. package/lib/vendor/blamejs/lib/object-store/gcs.js +4 -1
  153. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +5 -2
  154. package/lib/vendor/blamejs/lib/object-store/sigv4.js +38 -6
  155. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -1
  156. package/lib/vendor/blamejs/lib/observability.js +124 -0
  157. package/lib/vendor/blamejs/lib/otel-export.js +12 -3
  158. package/lib/vendor/blamejs/lib/outbox.js +184 -83
  159. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +47 -7
  160. package/lib/vendor/blamejs/lib/pqc-agent.js +44 -0
  161. package/lib/vendor/blamejs/lib/pubsub-cluster.js +42 -20
  162. package/lib/vendor/blamejs/lib/queue-local.js +225 -140
  163. package/lib/vendor/blamejs/lib/queue-redis.js +9 -1
  164. package/lib/vendor/blamejs/lib/queue-sqs.js +6 -0
  165. package/lib/vendor/blamejs/lib/queue.js +7 -0
  166. package/lib/vendor/blamejs/lib/redact.js +68 -11
  167. package/lib/vendor/blamejs/lib/redis-client.js +160 -31
  168. package/lib/vendor/blamejs/lib/request-helpers.js +7 -0
  169. package/lib/vendor/blamejs/lib/retention.js +117 -42
  170. package/lib/vendor/blamejs/lib/router.js +212 -5
  171. package/lib/vendor/blamejs/lib/safe-dns.js +29 -45
  172. package/lib/vendor/blamejs/lib/safe-ical.js +18 -33
  173. package/lib/vendor/blamejs/lib/safe-icap.js +27 -43
  174. package/lib/vendor/blamejs/lib/safe-sieve.js +21 -40
  175. package/lib/vendor/blamejs/lib/safe-sql.js +212 -3
  176. package/lib/vendor/blamejs/lib/safe-url.js +170 -3
  177. package/lib/vendor/blamejs/lib/safe-vcard.js +18 -33
  178. package/lib/vendor/blamejs/lib/scheduler.js +47 -12
  179. package/lib/vendor/blamejs/lib/seeders.js +122 -74
  180. package/lib/vendor/blamejs/lib/session-stores.js +42 -14
  181. package/lib/vendor/blamejs/lib/session.js +175 -77
  182. package/lib/vendor/blamejs/lib/sql.js +3842 -0
  183. package/lib/vendor/blamejs/lib/sse.js +26 -0
  184. package/lib/vendor/blamejs/lib/ssrf-guard.js +169 -4
  185. package/lib/vendor/blamejs/lib/static.js +177 -34
  186. package/lib/vendor/blamejs/lib/subject.js +96 -49
  187. package/lib/vendor/blamejs/lib/vault/index.js +3 -2
  188. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +3 -2
  189. package/lib/vendor/blamejs/lib/vault/rotate.js +168 -108
  190. package/lib/vendor/blamejs/lib/vault-aad.js +6 -0
  191. package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
  192. package/lib/vendor/blamejs/lib/websocket.js +35 -5
  193. package/lib/vendor/blamejs/lib/worker-pool.js +11 -0
  194. package/lib/vendor/blamejs/package.json +2 -2
  195. package/lib/vendor/blamejs/release-notes/v0.14.x.json +1503 -0
  196. package/lib/vendor/blamejs/release-notes/v0.15.0.json +77 -0
  197. package/lib/vendor/blamejs/release-notes/v0.15.1.json +22 -0
  198. package/lib/vendor/blamejs/release-notes/v0.15.2.json +22 -0
  199. package/lib/vendor/blamejs/release-notes/v0.15.3.json +39 -0
  200. package/lib/vendor/blamejs/release-notes/v0.15.4.json +39 -0
  201. package/lib/vendor/blamejs/release-notes/v0.15.5.json +22 -0
  202. package/lib/vendor/blamejs/release-notes/v0.15.6.json +59 -0
  203. package/lib/vendor/blamejs/release-notes/v0.15.7.json +43 -0
  204. package/lib/vendor/blamejs/scripts/check-services.js +21 -0
  205. package/lib/vendor/blamejs/scripts/gen-migrating.js +67 -0
  206. package/lib/vendor/blamejs/scripts/release.js +398 -38
  207. package/lib/vendor/blamejs/test/00-primitives.js +168 -0
  208. package/lib/vendor/blamejs/test/10-state.js +140 -14
  209. package/lib/vendor/blamejs/test/20-db.js +65 -2
  210. package/lib/vendor/blamejs/test/helpers/db.js +9 -0
  211. package/lib/vendor/blamejs/test/helpers/drivers.js +27 -15
  212. package/lib/vendor/blamejs/test/helpers/services.js +21 -0
  213. package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +246 -0
  214. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +517 -0
  215. package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +639 -0
  216. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +832 -0
  217. package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +453 -0
  218. package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +649 -0
  219. package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +770 -0
  220. package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +630 -0
  221. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +610 -0
  222. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +577 -0
  223. package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +771 -0
  224. package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +549 -0
  225. package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +598 -0
  226. package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +602 -0
  227. package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +576 -0
  228. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +353 -0
  229. package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +224 -0
  230. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +142 -17
  231. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +25 -10
  232. package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +101 -0
  233. package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +239 -0
  234. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +35 -16
  235. package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +291 -0
  236. package/lib/vendor/blamejs/test/integration/pubsub.test.js +14 -0
  237. package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +322 -0
  238. package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +300 -0
  239. package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +154 -0
  240. package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +71 -0
  241. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +175 -12
  242. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +216 -0
  243. package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +203 -0
  244. package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +126 -0
  245. package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +196 -0
  246. package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +197 -0
  247. package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +209 -0
  248. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +121 -0
  249. package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +168 -0
  250. package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +318 -0
  251. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +233 -7
  252. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +1196 -14
  253. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +229 -0
  254. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +18 -0
  255. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +24 -7
  256. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +165 -0
  257. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +350 -0
  258. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +27 -9
  259. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +76 -0
  260. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +392 -0
  261. package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +159 -0
  262. package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +180 -1
  263. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +5 -2
  264. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +101 -0
  265. package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +128 -0
  266. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +38 -5
  267. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +127 -0
  268. package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +267 -0
  269. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +150 -0
  270. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +30 -0
  271. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +46 -0
  272. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +218 -0
  273. package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +210 -0
  274. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +4 -1
  275. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +48 -2
  276. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +237 -5
  277. package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +20 -9
  278. package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +193 -0
  279. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +90 -0
  280. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +85 -0
  281. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +10 -6
  282. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -4
  283. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +146 -0
  284. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +189 -0
  285. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +3 -1
  286. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +123 -4
  287. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +207 -2
  288. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +74 -0
  289. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +43 -0
  290. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +133 -0
  291. package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +101 -0
  292. package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +136 -0
  293. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +83 -0
  294. package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +429 -0
  295. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +21 -11
  296. package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +40 -0
  297. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +83 -0
  298. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +113 -0
  299. package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +99 -0
  300. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +59 -0
  301. package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +255 -0
  302. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +362 -0
  303. package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +143 -0
  304. package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +287 -0
  305. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js +71 -0
  306. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +79 -0
  307. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +50 -0
  308. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +31 -4
  309. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +45 -0
  310. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +49 -0
  311. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +595 -0
  312. package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +91 -0
  313. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +69 -0
  314. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +194 -2
  315. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +88 -0
  316. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +66 -0
  317. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +84 -0
  318. package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +638 -0
  319. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +21 -0
  320. package/lib/vendor/blamejs/test/smoke.js +79 -21
  321. package/package.json +2 -2
  322. package/lib/vendor/blamejs/release-notes/v0.14.0.json +0 -43
  323. package/lib/vendor/blamejs/release-notes/v0.14.1.json +0 -60
  324. package/lib/vendor/blamejs/release-notes/v0.14.10.json +0 -54
  325. package/lib/vendor/blamejs/release-notes/v0.14.11.json +0 -72
  326. package/lib/vendor/blamejs/release-notes/v0.14.12.json +0 -95
  327. package/lib/vendor/blamejs/release-notes/v0.14.13.json +0 -52
  328. package/lib/vendor/blamejs/release-notes/v0.14.14.json +0 -31
  329. package/lib/vendor/blamejs/release-notes/v0.14.16.json +0 -45
  330. package/lib/vendor/blamejs/release-notes/v0.14.17.json +0 -57
  331. package/lib/vendor/blamejs/release-notes/v0.14.18.json +0 -127
  332. package/lib/vendor/blamejs/release-notes/v0.14.19.json +0 -61
  333. package/lib/vendor/blamejs/release-notes/v0.14.2.json +0 -18
  334. package/lib/vendor/blamejs/release-notes/v0.14.20.json +0 -73
  335. package/lib/vendor/blamejs/release-notes/v0.14.21.json +0 -98
  336. package/lib/vendor/blamejs/release-notes/v0.14.22.json +0 -91
  337. package/lib/vendor/blamejs/release-notes/v0.14.3.json +0 -18
  338. package/lib/vendor/blamejs/release-notes/v0.14.4.json +0 -18
  339. package/lib/vendor/blamejs/release-notes/v0.14.5.json +0 -18
  340. package/lib/vendor/blamejs/release-notes/v0.14.6.json +0 -60
  341. package/lib/vendor/blamejs/release-notes/v0.14.7.json +0 -77
  342. package/lib/vendor/blamejs/release-notes/v0.14.8.json +0 -27
  343. package/lib/vendor/blamejs/release-notes/v0.14.9.json +0 -40
package/lib/vendor/blamejs/lib/consent.js CHANGED
@@ -46,6 +46,8 @@ var cluster = require("./cluster");
46
46
  var clusterStorage = require("./cluster-storage");
47
47
  var chainWriter = require("./chain-writer");
48
48
  var safeAsync = require("./safe-async");
49
+ var safeSql = require("./safe-sql");
50
+ var sql = require("./sql");
49
51
  var lazyRequire = require("./lazy-require");
50
52
  var C = require("./constants");
51
53
  var { ClusterError } = require("./framework-error");
@@ -300,14 +302,24 @@ function isGranted(opts) {
300
302
  }
301
303
  // Find the most recent consent row for this (subjectId, purpose).
302
304
  // subjectId is sealed → look up via subjectIdHash (derived).
303
- var hash = db().hashFor("consent_log", "subjectId", opts.subjectId);
304
- if (!hash) {
305
+ var subjectCand = db().hashCandidatesFor("consent_log", "subjectId", opts.subjectId);
306
+ if (!subjectCand) {
305
307
  throw new Error("consent_log subjectId is missing a derived hash — schema misconfigured");
306
308
  }
307
- var row = db().prepare(
308
- "SELECT action FROM consent_log WHERE subjectIdHash = ? AND purpose = ? " +
309
- "ORDER BY monotonicCounter DESC LIMIT 1"
310
- ).get(hash, opts.purpose);
309
+ // Local db() handle: emit the LOCAL table name (consent_log) quoted so
310
+ // the camelCase subjectIdHash / monotonicCounter columns resolve, and
311
+ // run the built { sql, params } against the prepared statement. whereIn
312
+ // dual-reads across the keyed-MAC flip so a row written under the legacy
313
+ // salted-sha3 subjectIdHash is still matched.
314
+ var isGrantedBuilt = sql.select("consent_log", { dialect: "sqlite", quoteName: true })
315
+ .columns(["action"])
316
+ .whereIn("subjectIdHash", subjectCand.values)
317
+ .where("purpose", opts.purpose)
318
+ .orderBy("monotonicCounter", "desc")
319
+ .limit(1)
320
+ .toSql();
321
+ var isGrantedStmt = db().prepare(isGrantedBuilt.sql);
322
+ var row = isGrantedStmt.get.apply(isGrantedStmt, isGrantedBuilt.params);
311
323
  if (!row) return false;
312
324
  return row.action === "granted";
313
325
  }
@@ -334,12 +346,14 @@ function isGranted(opts) {
334
346
  */
335
347
  function history(subjectId) {
336
348
  if (!subjectId) throw new Error("consent.history requires a subjectId");
337
- var hash = db().hashFor("consent_log", "subjectId", subjectId);
338
- if (!hash) {
349
+ var subjectCand = db().hashCandidatesFor("consent_log", "subjectId", subjectId);
350
+ if (!subjectCand) {
339
351
  throw new Error("consent_log subjectId is missing a derived hash — schema misconfigured");
340
352
  }
353
+ // whereIn dual-reads across the keyed-MAC flip so the subject's pre-flip
354
+ // (legacy salted-sha3) consent rows still appear in the access response.
341
355
  var rows = db().from("consent_log")
342
- .where({ subjectIdHash: hash })
356
+ .whereIn(subjectCand.field, subjectCand.values)
343
357
  .orderBy("monotonicCounter", "asc")
344
358
  .all();
345
359
  return rows;
@@ -409,30 +423,69 @@ async function _appendConsentRow(fields) {
409
423
  }
410
424
 
411
425
  async function _upsertConsentTip(counter, rowHash, signedAt, fencingToken) {
412
- // Single atomic INSERT … ON CONFLICT DO UPDATE … WHERE … RETURNING.
413
- // Same canonical fencing-token guard as _blamejs_audit_tip: the
414
- // WHERE clause enforces monotonic-non-decreasing fencingToken at
415
- // the DB level so a partitioned old leader can't overwrite the tip
416
- // even if its application-layer cluster.requireLeader() gate let
417
- // the call through.
426
+ // Single atomic INSERT … ON CONFLICT(scope) DO UPDATE … WHERE … RETURNING
427
+ // via b.sql. Same canonical fencing-token guard as _blamejs_audit_tip: the
428
+ // fenced WHERE enforces monotonic-non-decreasing fencingToken at the DB
429
+ // level so a partitioned old leader can't overwrite the tip even if its
430
+ // application-layer cluster.requireLeader() gate let the call through. On
431
+ // rejection RETURNING produces 0 rows.
432
+ //
433
+ // The consent-tip is external-only; its LOGICAL name IS the
434
+ // `_blamejs_`-prefixed name (self-mapped in LOCAL_TO_EXTERNAL), passed
435
+ // bare to b.sql so clusterStorage rewrites it (and the same bare name
436
+ // inside the guarded fence) to the configured prefix and placeholderizes.
437
+ //
438
+ // Dialect is the ACTIVE backend (clusterStorage.dialect()) so the fence's
439
+ // identifier quoting + conflict-expression idiom match the server the SQL
440
+ // dispatches to. The fence text itself is dialect-specific because the
441
+ // builder folds it verbatim: on Postgres / SQLite the upsert keeps a
442
+ // `WHERE "<table>"."fencingToken" <= EXCLUDED."fencingToken"` guard (and a
443
+ // RETURNING row that signals fenced-out via 0 rows); on MySQL there is no
444
+ // WHERE and no EXCLUDED, so the builder folds the same guard into per-column
445
+ // `IF(<table>.`fencingToken` <= VALUES(`fencingToken`), VALUES(col), col)`
446
+ // — the fence must therefore reference `VALUES(...)` with backticks. The
447
+ // bare table qualifier (no quoteName) lets clusterStorage rewrite the
448
+ // logical `_blamejs_consent_tip` to the configured prefix inside the fence
449
+ // exactly as it does for the table name.
450
+ var d = clusterStorage.dialect();
451
+ var qFence = safeSql.quoteIdentifier("fencingToken", d);
452
+ var tipFence = d === "mysql"
453
+ ? "_blamejs_consent_tip." + qFence + " <= VALUES(" + qFence + ")" // allow:hand-rolled-sql — bare logical name for clusterStorage rewrite
454
+ : "_blamejs_consent_tip." + qFence + " <= EXCLUDED." + qFence; // allow:hand-rolled-sql — bare logical name for clusterStorage rewrite
455
+ var tipBuilt = sql.upsert("_blamejs_consent_tip", { dialect: d }) // allow:hand-rolled-sql — bare logical name for clusterStorage rewrite
456
+ .columns(["scope", "atMonotonicCounter", "rowHash", "signedAt", "fencingToken"])
457
+ .values({
458
+ scope: "consent",
459
+ atMonotonicCounter: counter,
460
+ rowHash: rowHash,
461
+ signedAt: signedAt,
462
+ fencingToken: fencingToken,
463
+ })
464
+ .onConflict(["scope"])
465
+ .doUpdateFromExcluded(["atMonotonicCounter", "rowHash", "signedAt", "fencingToken"])
466
+ // guardColumn pins fencingToken LAST in the MySQL SET list so every
467
+ // other column's IF() evaluates the guard against the PRE-UPDATE token
468
+ // (MySQL evaluates SET left-to-right; a later assignment would otherwise
469
+ // see fencingToken already overwritten). Ignored on Postgres / SQLite,
470
+ // which apply the WHERE atomically.
471
+ .conflictWhere(tipFence, [], { guardColumn: "fencingToken" })
472
+ .returning(["fencingToken"])
473
+ .toSql();
418
474
  var result = await safeAsync.withTimeout(
419
- clusterStorage.execute(
420
- "INSERT INTO _blamejs_consent_tip " +
421
- " (scope, atMonotonicCounter, rowHash, signedAt, fencingToken) " +
422
- "VALUES ('consent', ?, ?, ?, ?) " +
423
- "ON CONFLICT (scope) DO UPDATE SET " +
424
- " atMonotonicCounter = EXCLUDED.atMonotonicCounter, " +
425
- " rowHash = EXCLUDED.rowHash, " +
426
- " signedAt = EXCLUDED.signedAt, " +
427
- " fencingToken = EXCLUDED.fencingToken " +
428
- "WHERE _blamejs_consent_tip.fencingToken <= EXCLUDED.fencingToken " +
429
- "RETURNING fencingToken",
430
- [counter, rowHash, signedAt, fencingToken]
431
- ),
475
+ clusterStorage.execute(tipBuilt.sql, tipBuilt.params),
432
476
  FRAMEWORK_SQL_TIMEOUT_MS,
433
477
  { name: "consent.upsertConsentTip" }
434
478
  );
435
- if (!result.rows || result.rows.length === 0) {
479
+ // MySQL upsert has no RETURNING — the builder emits a readback SELECT
480
+ // alongside, but a fenced-out lower-token write still SUCCEEDS as a no-op
481
+ // INSERT…ON DUPLICATE KEY UPDATE (the IF() keeps the stored values), so
482
+ // there is no 0-rows signal to detect. The DB-level fence still PRESERVES
483
+ // the tip (the security property); the FENCED_OUT throw is the
484
+ // Postgres/SQLite RETURNING-0-rows path only. On MySQL clusterStorage is
485
+ // not a supported framework backend, so the consent-tip never dispatches
486
+ // there in production — the threaded dialect makes the SAME builders emit
487
+ // valid MySQL for operators driving these shapes against MySQL directly.
488
+ if (d !== "mysql" && (!result.rows || result.rows.length === 0)) {
436
489
  throw new ClusterError(
437
490
  "FENCED_OUT",
438
491
  "consent-tip update rejected: incoming fencingToken=" + fencingToken +
package/lib/vendor/blamejs/lib/constants.js CHANGED
@@ -156,22 +156,27 @@ var PQC_GROUPS = Object.freeze({
156
156
  SecP384r1MLKEM1024: 0x11ED,
157
157
  });
158
158
 
159
- // Highest-first preference list. Node TLS picks the first mutually-
160
- // supported group during the handshake, so SecP384r1MLKEM1024
161
- // (P-384 + ML-KEM-1024) is what we always use when the peer also
162
- // advertises it. X25519MLKEM768 is the only fallback both are
163
- // PQC hybrids with current standardized parameter sets.
159
+ // Highest-first preference list for OUTBOUND TLS (clients only the
160
+ // server's accept-groups are configured separately). Node TLS picks the
161
+ // first mutually-supported group during the handshake, so a peer that
162
+ // advertises SecP384r1MLKEM1024 (P-384 + ML-KEM-1024) gets it, then the
163
+ // X25519 / SecP256r1 ML-KEM hybrids. X25519 (classical) is the LAST-RESORT
164
+ // fallback for peers that support no ML-KEM hybrid yet — still most of the
165
+ // public TLS surface in 2026 (webhooks, OAuth/OIDC, ACME, third-party APIs).
164
166
  //
165
- // Weaker hybrids (e.g. P-256 + ML-KEM-768) are deliberately excluded
166
- // from the framework's default preference. An operator integrating
167
- // with a peer that only supports a weaker PQC group constructs their
168
- // own https.Agent outside lib/pqc-agent so the downgrade is visible
169
- // in the diff the framework primitive cannot be coaxed into
170
- // negotiating below this list.
167
+ // The framework always PREFERS a hybrid on every handshake; classical
168
+ // X25519 is only negotiated when the peer offers none of the hybrids. When
169
+ // a connection lands on classical instead, the outbound path emits a
170
+ // `tls.classical_downgrade` audit event (lib/pqc-agent.js) so operators can
171
+ // see which peers forced a non-PQC negotiation and track their
172
+ // dependencies' PQC readiness. Weaker non-hybrid classical groups
173
+ // (P-256 / P-384) are deliberately NOT offered — the fallback floor is the
174
+ // X25519 group.
171
175
  var TLS_GROUP_PREFERENCE = Object.freeze([
172
176
  "SecP384r1MLKEM1024",
173
177
  "X25519MLKEM768",
174
178
  "SecP256r1MLKEM768",
179
+ "X25519",
175
180
  ]);
176
181
 
177
182
  var TLS_GROUP_CURVE_STR = TLS_GROUP_PREFERENCE.join(":");
@@ -179,6 +184,16 @@ var TLS_GROUP_CURVE_STR = TLS_GROUP_PREFERENCE.join(":");
179
184
  // ---- Vault sealed-value prefix ----
180
185
  var VAULT_PREFIX = "vault:";
181
186
 
187
+ // ---- Per-row-key sealed-column prefix ----
188
+ // Columns encrypted under a row-scoped key (K_row) — distinct from the
189
+ // vault-root `vault:` / AAD-bound `vault.aad:` prefixes so the read path
190
+ // can route a cell to its decrypt: K_row-sealed cells unwrap the row's
191
+ // secret from `_blamejs_per_row_keys`, derive K_row, then decrypt under
192
+ // it (XChaCha20-Poly1305, AEAD-bound to (table, rowId, column,
193
+ // schemaVersion)). Destroying the row's wrapped secret leaves these
194
+ // cells mathematically undecryptable — the crypto-shred substrate.
195
+ var ROW_PREFIX = "vault.row:";
196
+
182
197
  // ---- Default hash namespaces for derived-hash indexed lookups ----
183
198
  // Apps add their own via app-config registries. The 'bj-' namespace
184
199
  // prevents collision between framework-derived and app-derived hashes.
@@ -205,5 +220,6 @@ module.exports = {
205
220
  TLS_GROUP_PREFERENCE: TLS_GROUP_PREFERENCE,
206
221
  TLS_GROUP_CURVE_STR: TLS_GROUP_CURVE_STR,
207
222
  VAULT_PREFIX: VAULT_PREFIX,
223
+ ROW_PREFIX: ROW_PREFIX,
208
224
  HASH_PREFIX: HASH_PREFIX,
209
225
  };
package/lib/vendor/blamejs/lib/credential-hash.js CHANGED
@@ -380,6 +380,15 @@ function needsRehash(envelope, opts) {
380
380
  try { return passwordModule().needsRehash(phc, opts && opts.params); }
381
381
  catch (_e) { return true; }
382
382
  }
383
+ if (decoded.algoId === C.CRED_HASH_IDS.SHAKE256) {
384
+ // Length-rotation: rehash when the stored digest is SHORTER than the
385
+ // configured/default output length. Upgrade-only (`<`, matching the Argon2
386
+ // needsRehash convention) — a longer-than-target digest is not actively
387
+ // shortened. Without this compare, raising the SHAKE256 length never
388
+ // triggered a rehash and the advertised rotation was a silent no-op.
389
+ var targetLength = (opts && opts.params && opts.params.length) || SHAKE256_DEFAULT_LENGTH;
390
+ if (decoded.payload.length < targetLength) return true;
391
+ }
383
392
  return false;
384
393
  }
385
394