@blamejs/blamejs-shop 0.4.55 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +385 -2
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +426 -366
  5. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  6. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  7. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  9. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  10. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  11. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  12. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  13. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  14. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  15. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  16. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  17. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  18. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  19. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  20. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  21. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  22. package/lib/vendor/blamejs/index.js +2 -0
  23. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  24. package/lib/vendor/blamejs/lib/acme.js +6 -5
  25. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  26. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  28. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  29. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  30. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  31. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  32. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  33. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  34. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  35. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  36. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  37. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  38. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  39. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  40. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  41. package/lib/vendor/blamejs/lib/archive.js +2 -10
  42. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  43. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  44. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  45. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  46. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  47. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  48. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  49. package/lib/vendor/blamejs/lib/audit.js +84 -0
  50. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  51. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  52. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  53. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  54. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  55. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  56. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  57. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  58. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  59. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  60. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  61. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  62. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  65. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  66. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  67. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  68. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  69. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  70. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  71. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  72. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  73. package/lib/vendor/blamejs/lib/cache.js +7 -18
  74. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  75. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  76. package/lib/vendor/blamejs/lib/cert.js +3 -10
  77. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  78. package/lib/vendor/blamejs/lib/cli.js +5 -1
  79. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  80. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  81. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  82. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  83. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  85. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  86. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  87. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  88. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  89. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  90. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  91. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  92. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  93. package/lib/vendor/blamejs/lib/cose.js +19 -11
  94. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  95. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  96. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  97. package/lib/vendor/blamejs/lib/csp.js +235 -3
  98. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  99. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  100. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  101. package/lib/vendor/blamejs/lib/db.js +34 -12
  102. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  103. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  104. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  105. package/lib/vendor/blamejs/lib/did.js +6 -2
  106. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  107. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  108. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  109. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  110. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  111. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  112. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  113. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  114. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  115. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  116. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  117. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  118. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  119. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  120. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  121. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  122. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  123. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  124. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  125. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  126. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  127. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  128. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  129. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  130. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  131. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  132. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  133. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  134. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  135. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  136. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  137. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  138. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  139. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  140. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  142. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  143. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  144. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  145. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  146. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  147. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  148. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  149. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  150. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  151. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  152. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  153. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  154. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  155. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  156. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  157. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  158. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  159. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  161. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  162. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  163. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  164. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  165. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  166. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  167. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  168. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  169. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  170. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  171. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  172. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  173. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  174. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  175. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  176. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  177. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  178. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  179. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  180. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  181. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  182. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  183. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  184. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  185. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  186. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  187. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  188. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  189. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  190. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  191. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  192. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  193. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  194. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  195. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  196. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  197. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  198. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  199. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  200. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  201. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  202. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  203. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  204. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  205. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  206. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  207. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  208. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  209. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  210. package/lib/vendor/blamejs/lib/mail.js +6 -11
  211. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  212. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  213. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  214. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  215. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  216. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  217. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  218. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  219. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  220. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  221. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  222. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  223. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  224. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  225. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  226. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  227. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  228. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  229. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  230. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  231. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  232. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  233. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  234. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  235. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  236. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  237. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  238. package/lib/vendor/blamejs/lib/money.js +105 -0
  239. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  240. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  241. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  242. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  243. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  244. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  245. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  246. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  247. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  248. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  249. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  251. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  252. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  253. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  254. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  255. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  256. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  257. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  258. package/lib/vendor/blamejs/lib/observability.js +95 -0
  259. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  260. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  261. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  262. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  263. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  265. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  266. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  267. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  268. package/lib/vendor/blamejs/lib/pick.js +63 -5
  269. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  270. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  271. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  272. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  273. package/lib/vendor/blamejs/lib/redact.js +2 -1
  274. package/lib/vendor/blamejs/lib/render.js +4 -2
  275. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  276. package/lib/vendor/blamejs/lib/restore.js +5 -22
  277. package/lib/vendor/blamejs/lib/retention.js +3 -5
  278. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  279. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  280. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  282. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  283. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  284. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  285. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  286. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  287. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  288. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  289. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  290. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  291. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  292. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  293. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  294. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  295. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  296. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  297. package/lib/vendor/blamejs/lib/session.js +194 -6
  298. package/lib/vendor/blamejs/lib/sql.js +225 -78
  299. package/lib/vendor/blamejs/lib/sse.js +6 -10
  300. package/lib/vendor/blamejs/lib/static.js +136 -98
  301. package/lib/vendor/blamejs/lib/storage.js +4 -2
  302. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  303. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  304. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  305. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  306. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  307. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  308. package/lib/vendor/blamejs/lib/vc.js +2 -7
  309. package/lib/vendor/blamejs/lib/vex.js +35 -13
  310. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  311. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  312. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  313. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  314. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  315. package/lib/vendor/blamejs/lib/worm.js +2 -3
  316. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  317. package/lib/vendor/blamejs/package.json +1 -1
  318. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  319. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  320. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  321. package/lib/vendor/blamejs/test/10-state.js +9 -3
  322. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  323. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  324. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  325. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  326. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  329. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  330. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  335. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  336. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  338. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  342. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  346. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  348. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  391. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  397. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  398. package/lib/winback-campaigns.js +202 -42
  399. package/package.json +1 -1
@@ -41,11 +41,9 @@
41
41
  * Shell-argument content-safety guard — refuses user-supplied strings that carry shell-injection shapes BEFORE they reach a child-process spawn.
42
42
  */
43
43
 
44
- var codepointClass = require("./codepoint-class");
45
44
  var lazyRequire = require("./lazy-require");
46
45
  var gateContract = require("./gate-contract");
47
46
  var C = require("./constants");
48
- var numericBounds = require("./numeric-bounds");
49
47
  var { GuardShellError } = require("./framework-error");
50
48
 
51
49
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -76,10 +74,7 @@ var NEWLINE_RE = /[\r\n]/;
76
74
 
77
75
  var PROFILES = Object.freeze({
78
76
  "strict": {
79
- bidiPolicy: "reject",
80
- controlPolicy: "reject",
81
- nullBytePolicy: "reject",
82
- zeroWidthPolicy: "reject",
77
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
83
78
  posixMetaPolicy: "reject",
84
79
  cmdMetaPolicy: "reject",
85
80
  dollarSubstPolicy: "reject",
@@ -91,10 +86,7 @@ var PROFILES = Object.freeze({
91
86
  maxRuntimeMs: C.TIME.seconds(2),
92
87
  },
93
88
  "balanced": {
94
- bidiPolicy: "reject",
95
- controlPolicy: "reject",
96
- nullBytePolicy: "reject",
97
- zeroWidthPolicy: "reject",
89
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
98
90
  posixMetaPolicy: "audit",
99
91
  cmdMetaPolicy: "audit",
100
92
  dollarSubstPolicy: "reject",
@@ -106,10 +98,7 @@ var PROFILES = Object.freeze({
106
98
  maxRuntimeMs: C.TIME.seconds(2),
107
99
  },
108
100
  "permissive": {
109
- bidiPolicy: "reject", // BIDI refused at every profile
110
- controlPolicy: "reject", // controls refused at every profile
111
- nullBytePolicy: "reject", // null refused at every profile
112
- zeroWidthPolicy: "reject", // zero-width refused at every profile
101
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
113
102
  posixMetaPolicy: "audit",
114
103
  cmdMetaPolicy: "audit",
115
104
  dollarSubstPolicy: "reject", // command substitution refused at every profile
@@ -122,54 +111,14 @@ var PROFILES = Object.freeze({
122
111
  },
123
112
  });
124
113
 
125
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
126
- mode: "enforce",
127
- }));
114
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
128
115
 
129
- var COMPLIANCE_POSTURES = Object.freeze({
130
- "hipaa": Object.assign({}, PROFILES["strict"], {
131
- forensicSnippetBytes: C.BYTES.bytes(256),
132
- }),
133
- "pci-dss": Object.assign({}, PROFILES["strict"], {
134
- forensicSnippetBytes: C.BYTES.bytes(256),
135
- }),
136
- "gdpr": Object.assign({}, PROFILES["balanced"], {
137
- forensicSnippetBytes: C.BYTES.bytes(128),
138
- }),
139
- "soc2": Object.assign({}, PROFILES["strict"], {
140
- forensicSnippetBytes: C.BYTES.bytes(512),
141
- }),
142
- });
143
-
144
- function _resolveOpts(opts) {
145
- return gateContract.resolveProfileAndPosture(opts, {
146
- profiles: PROFILES,
147
- compliancePostures: COMPLIANCE_POSTURES,
148
- defaults: DEFAULTS,
149
- errorClass: GuardShellError,
150
- errCodePrefix: "shell",
151
- });
152
- }
116
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
153
117
 
154
118
  function _detectIssues(input, opts) {
155
- var issues = [];
156
- if (typeof input !== "string") {
157
- return [{ kind: "bad-input", severity: "high",
158
- ruleId: "shell.bad-input",
159
- snippet: "shell arg is not a string" }];
160
- }
161
- if (input.length === 0) {
162
- // Empty arg is not necessarily a threat (legit blank args exist).
163
- return [];
164
- }
165
- if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
166
- return [{ kind: "shell-cap", severity: "high",
167
- ruleId: "shell.shell-cap",
168
- snippet: "shell arg exceeds maxBytes " + opts.maxBytes }];
169
- }
170
-
171
- var charThreats = codepointClass.detectCharThreats(input, opts, "shell");
172
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
119
+ var pre = gateContract.detectStringInput(input, opts, { name: "shell", noun: "shell arg", emptyMode: "ok", cap: { bytes: opts.maxBytes, snippet: "shell arg exceeds maxBytes " + opts.maxBytes } });
120
+ if (pre.done) return pre.issues;
121
+ var issues = pre.issues;
173
122
 
174
123
  // $(...) / ${...} / backtick — universal refuse.
175
124
  if (opts.dollarSubstPolicy !== "allow" &&
@@ -285,13 +234,10 @@ function _detectIssues(input, opts) {
285
234
  * hostile.ok; // → false
286
235
  * hostile.issues.some(function (i) { return i.kind === "posix-metachar"; }); // → true
287
236
  */
288
- function validate(input, opts) {
289
- opts = _resolveOpts(opts);
290
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
291
- ["maxBytes"],
292
- "guardShell.validate", GuardShellError, "shell.bad-opt");
293
- return gateContract.aggregateIssues(_detectIssues(input, opts));
294
- }
237
+ // validate is assembled by gateContract.defineGuard from `detect`
238
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
239
+ // input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
240
+ // The @primitive block above documents the resulting public ABI.
295
241
 
296
242
  /**
297
243
  * @primitive b.guardShell.sanitize
@@ -334,17 +280,11 @@ function validate(input, opts) {
334
280
  * e.code; // → "shell.posix-metachar"
335
281
  * }
336
282
  */
337
- function sanitize(input, opts) {
338
- opts = _resolveOpts(opts);
339
- if (typeof input !== "string") {
340
- throw _err("shell.bad-input", "sanitize requires string input");
341
- }
342
- // Shell args can't be repaired — sanitize either passes through
343
- // valid input or throws.
344
- var issues = _detectIssues(input, opts);
345
- gateContract.throwOnRefusalSeverity(issues, {
346
- errorClass: GuardShellError, codePrefix: "shell",
347
- });
283
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
284
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Shell args
285
+ // cannot be repaired, so the transform is pass-through: an already-validated
286
+ // clean string is returned unchanged (a hostile string refuses upstream).
287
+ function _sanitizeTransform(input) {
348
288
  return input;
349
289
  }
350
290
 
@@ -364,14 +304,8 @@ function sanitize(input, opts) {
364
304
  // in gate-contract.js, instantiated per guard by the page generator.
365
305
 
366
306
  // ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
367
- var INTEGRATION_FIXTURES = Object.freeze({
368
- kind: "identifier",
369
- benignBytes: Buffer.from("safe-arg-value", "utf8"),
370
- hostileBytes: Buffer.from("safe; rm -rf /", "utf8"),
371
- benignIdentifier: "safe-arg-value",
372
- // Hostile: command-injection via metacharacter chain.
373
- hostileIdentifier: "safe; rm -rf /",
374
- });
307
+ // Hostile: command-injection via metacharacter chain.
308
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("safe-arg-value", "safe; rm -rf /");
375
309
 
376
310
  // Assembled from the gate-contract guard factory: error class, registry
377
311
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -386,7 +320,8 @@ module.exports = gateContract.defineGuard({
386
320
  defaults: DEFAULTS,
387
321
  postures: COMPLIANCE_POSTURES,
388
322
  integrationFixtures: INTEGRATION_FIXTURES,
389
- validate: validate,
390
- sanitize: sanitize,
323
+ detect: _detectIssues,
324
+ sanitizeTransform: _sanitizeTransform,
325
+ intOpts: ["maxBytes"],
391
326
  ctxFields: ["identifier", "arg"],
392
327
  });
@@ -89,6 +89,7 @@
89
89
 
90
90
  var { defineClass } = require("./framework-error");
91
91
  var gateContract = require("./gate-contract");
92
+ var codepointClass = require("./codepoint-class");
92
93
 
93
94
  var GuardSmtpCommandError = defineClass("GuardSmtpCommandError", { alwaysPermanent: true });
94
95
 
@@ -196,7 +197,7 @@ function validate(line, opts) {
196
197
  // so the documented allowBareLf path actually accepts LF (Codex
197
198
  // caught this: permissive profile was effectively broken).
198
199
  if (c === 0x0a && caps.allowBareLf) continue; // RFC 5321 §2.3.8 LF, permissive bypass
199
- if (c < 0x20 || c === 0x7f) { // RFC 5321 §2.3.8 forbids C0 / DEL
200
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) { // RFC 5321 §2.3.8 forbids C0 / DEL
200
201
  throw new GuardSmtpCommandError("guard-smtp-command/control-char",
201
202
  "guardSmtpCommand.validate: control char 0x" + c.toString(16) + " refused");
202
203
  }
@@ -550,16 +551,12 @@ function detectBodySmuggling(buf) {
550
551
  return false;
551
552
  }
552
553
 
553
- var INTEGRATION_FIXTURES = Object.freeze({
554
- kind: "identifier",
555
- // Benign: standard EHLO greeting.
556
- benignBytes: Buffer.from("EHLO mail.example.com", "ascii"),
557
- // Hostile: CRLF smuggling attempt — bare CR inside a command line
558
- // (CVE-2023-51764 / 51765 / 51766 class).
559
- hostileBytes: Buffer.from("MAIL FROM:<a@b.com>\r\n.\r\nMAIL FROM:<evil@x.com>", "ascii"),
560
- benignIdentifier: "EHLO mail.example.com",
561
- hostileIdentifier: "MAIL FROM:<a@b.com>\r\n.\r\nMAIL FROM:<evil@x.com>",
562
- });
554
+ // Benign: standard EHLO greeting.
555
+ // Hostile: CRLF smuggling attempt — bare CR inside a command line
556
+ // (CVE-2023-51764 / 51765 / 51766 class).
557
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures(
558
+ "EHLO mail.example.com",
559
+ "MAIL FROM:<a@b.com>\r\n.\r\nMAIL FROM:<evil@x.com>", "ascii");
563
560
 
564
561
  // Assembled from the gate-contract parser factory: error class,
565
562
  // compliancePosture wiring, PROFILES / COMPLIANCE_POSTURES, the `validate`
@@ -140,6 +140,7 @@
140
140
  */
141
141
 
142
142
  var gateContract = require("./gate-contract");
143
+ var codepointClass = require("./codepoint-class");
143
144
  var safeSql = require("./safe-sql");
144
145
  var C = require("./constants");
145
146
  var bCrypto = require("./crypto");
@@ -459,15 +460,14 @@ var PROFILES = Object.freeze({
459
460
  },
460
461
  });
461
462
 
462
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES.strict, {
463
- mode: "enforce",
463
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
464
464
  contextMode: DEFAULT_CONTEXT_MODE,
465
465
  maxBytes: C.BYTES.bytes(1048576), // 1 MiB raw-SQL cap
466
466
  maxRuntimeMs: C.TIME.seconds(5),
467
467
  // gdprRedact controls whether the audited fragment body is replaced
468
468
  // by a salted hash fingerprint (set by the gdpr posture overlay).
469
469
  gdprRedact: false,
470
- }));
470
+ });
471
471
 
472
472
  // All four postures map to the strict floor — a regulated deployment
473
473
  // gets the tightest raw-SQL gate regardless of which framework it cites.
@@ -1197,7 +1197,7 @@ function _identifierHazard(ident) {
1197
1197
  // rest are reported by code point.
1198
1198
  for (var k = 0; k < ident.length; k += 1) {
1199
1199
  var c = ident.charCodeAt(k);
1200
- if (c < 0x20 || c === 0x7f) {
1200
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) {
1201
1201
  return c === 0 ? "contains a null byte"
1202
1202
  : "contains a control byte 0x" + c.toString(16);
1203
1203
  }
@@ -1267,9 +1267,11 @@ function _identifierHazard(ident) {
1267
1267
  function validate(input, opts) {
1268
1268
  opts = _resolveOpts(opts);
1269
1269
  var contextMode = _resolveContextMode(opts);
1270
- var bad = gateContract.badInputResultIfNotStringOrBuffer(input);
1271
- if (bad) return bad;
1272
- return gateContract.aggregateIssues(_inspect(input, opts, contextMode));
1270
+ // "bytes" contract — accept string/Buffer and pass it RAW: _inspect runs an
1271
+ // encoding gate on raw bytes before any decode, so coercing to text first
1272
+ // would hide the very bytes it checks. The closure binds contextMode.
1273
+ return gateContract.runIssueValidator(input, opts,
1274
+ function (subject, o) { return _inspect(subject, o, contextMode); }, "bytes");
1273
1275
  }
1274
1276
 
1275
1277
  /**
@@ -1408,11 +1410,10 @@ function _emitDecisionAudit(sql, issues, opts, contextMode, ctx) {
1408
1410
  var refused = _firstRefusal(issues) !== null;
1409
1411
  var text = Buffer.isBuffer(sql) ? sql.toString("utf8") : String(sql);
1410
1412
  var body = opts.gdprRedact ? _fingerprint(text) : _truncateForAudit(text);
1411
- audit().safeEmit({
1412
- action: "guardSql.gate." + (refused ? "refused" : (issues.length > 0 ? "audited" : "served")),
1413
- actor: ctx && ctx.actor,
1414
- outcome: refused ? "denied" : "success",
1415
- metadata: {
1413
+ audit().namespaced("guardSql.gate")(
1414
+ refused ? "refused" : (issues.length > 0 ? "audited" : "served"),
1415
+ refused ? "denied" : "success",
1416
+ {
1416
1417
  contextMode: contextMode,
1417
1418
  profile: opts.profile || "strict",
1418
1419
  route: ctx && ctx.route,
@@ -1420,7 +1421,8 @@ function _emitDecisionAudit(sql, issues, opts, contextMode, ctx) {
1420
1421
  sqlRedacted: !!opts.gdprRedact,
1421
1422
  issues: gateContract.summarizeIssues(issues),
1422
1423
  },
1423
- });
1424
+ { actor: ctx && ctx.actor }
1425
+ );
1424
1426
  } catch (_e) { /* drop-silent — audit sinks must never crash the producer */ }
1425
1427
  }
1426
1428
 
@@ -21,6 +21,7 @@
21
21
 
22
22
  var { defineClass } = require("./framework-error");
23
23
  var gateContract = require("./gate-contract");
24
+ var pick = require("./pick");
24
25
 
25
26
  var GuardStreamArgsError = defineClass("GuardStreamArgsError", { alwaysPermanent: true });
26
27
 
@@ -122,7 +123,7 @@ function _checkCursorOpts(cursorOpts, depth) {
122
123
  }
123
124
  var keys = Object.keys(cursorOpts);
124
125
  for (var k = 0; k < keys.length; k += 1) {
125
- if (keys[k] === "__proto__" || keys[k] === "constructor" || keys[k] === "prototype") {
126
+ if (pick.isPoisonedKey(keys[k])) {
126
127
  throw new GuardStreamArgsError("stream-args/proto-key",
127
128
  "guardStreamArgs.validate: forbidden key '" + keys[k] + "' in cursorOpts");
128
129
  }