@blamejs/blamejs-shop 0.4.55 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +385 -2
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +426 -366
  5. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  6. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  7. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  9. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  10. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  11. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  12. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  13. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  14. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  15. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  16. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  17. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  18. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  19. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  20. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  21. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  22. package/lib/vendor/blamejs/index.js +2 -0
  23. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  24. package/lib/vendor/blamejs/lib/acme.js +6 -5
  25. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  26. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  28. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  29. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  30. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  31. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  32. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  33. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  34. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  35. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  36. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  37. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  38. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  39. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  40. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  41. package/lib/vendor/blamejs/lib/archive.js +2 -10
  42. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  43. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  44. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  45. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  46. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  47. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  48. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  49. package/lib/vendor/blamejs/lib/audit.js +84 -0
  50. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  51. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  52. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  53. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  54. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  55. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  56. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  57. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  58. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  59. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  60. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  61. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  62. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  65. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  66. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  67. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  68. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  69. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  70. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  71. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  72. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  73. package/lib/vendor/blamejs/lib/cache.js +7 -18
  74. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  75. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  76. package/lib/vendor/blamejs/lib/cert.js +3 -10
  77. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  78. package/lib/vendor/blamejs/lib/cli.js +5 -1
  79. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  80. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  81. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  82. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  83. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  85. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  86. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  87. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  88. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  89. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  90. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  91. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  92. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  93. package/lib/vendor/blamejs/lib/cose.js +19 -11
  94. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  95. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  96. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  97. package/lib/vendor/blamejs/lib/csp.js +235 -3
  98. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  99. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  100. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  101. package/lib/vendor/blamejs/lib/db.js +34 -12
  102. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  103. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  104. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  105. package/lib/vendor/blamejs/lib/did.js +6 -2
  106. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  107. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  108. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  109. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  110. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  111. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  112. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  113. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  114. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  115. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  116. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  117. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  118. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  119. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  120. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  121. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  122. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  123. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  124. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  125. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  126. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  127. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  128. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  129. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  130. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  131. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  132. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  133. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  134. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  135. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  136. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  137. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  138. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  139. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  140. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  142. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  143. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  144. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  145. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  146. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  147. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  148. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  149. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  150. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  151. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  152. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  153. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  154. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  155. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  156. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  157. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  158. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  159. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  161. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  162. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  163. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  164. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  165. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  166. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  167. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  168. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  169. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  170. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  171. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  172. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  173. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  174. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  175. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  176. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  177. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  178. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  179. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  180. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  181. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  182. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  183. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  184. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  185. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  186. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  187. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  188. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  189. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  190. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  191. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  192. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  193. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  194. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  195. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  196. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  197. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  198. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  199. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  200. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  201. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  202. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  203. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  204. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  205. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  206. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  207. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  208. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  209. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  210. package/lib/vendor/blamejs/lib/mail.js +6 -11
  211. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  212. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  213. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  214. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  215. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  216. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  217. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  218. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  219. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  220. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  221. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  222. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  223. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  224. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  225. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  226. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  227. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  228. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  229. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  230. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  231. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  232. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  233. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  234. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  235. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  236. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  237. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  238. package/lib/vendor/blamejs/lib/money.js +105 -0
  239. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  240. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  241. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  242. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  243. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  244. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  245. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  246. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  247. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  248. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  249. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  251. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  252. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  253. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  254. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  255. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  256. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  257. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  258. package/lib/vendor/blamejs/lib/observability.js +95 -0
  259. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  260. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  261. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  262. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  263. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  265. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  266. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  267. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  268. package/lib/vendor/blamejs/lib/pick.js +63 -5
  269. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  270. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  271. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  272. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  273. package/lib/vendor/blamejs/lib/redact.js +2 -1
  274. package/lib/vendor/blamejs/lib/render.js +4 -2
  275. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  276. package/lib/vendor/blamejs/lib/restore.js +5 -22
  277. package/lib/vendor/blamejs/lib/retention.js +3 -5
  278. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  279. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  280. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  282. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  283. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  284. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  285. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  286. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  287. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  288. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  289. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  290. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  291. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  292. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  293. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  294. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  295. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  296. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  297. package/lib/vendor/blamejs/lib/session.js +194 -6
  298. package/lib/vendor/blamejs/lib/sql.js +225 -78
  299. package/lib/vendor/blamejs/lib/sse.js +6 -10
  300. package/lib/vendor/blamejs/lib/static.js +136 -98
  301. package/lib/vendor/blamejs/lib/storage.js +4 -2
  302. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  303. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  304. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  305. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  306. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  307. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  308. package/lib/vendor/blamejs/lib/vc.js +2 -7
  309. package/lib/vendor/blamejs/lib/vex.js +35 -13
  310. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  311. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  312. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  313. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  314. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  315. package/lib/vendor/blamejs/lib/worm.js +2 -3
  316. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  317. package/lib/vendor/blamejs/package.json +1 -1
  318. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  319. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  320. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  321. package/lib/vendor/blamejs/test/10-state.js +9 -3
  322. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  323. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  324. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  325. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  326. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  329. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  330. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  335. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  336. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  338. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  342. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  346. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  348. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  391. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  397. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  398. package/lib/winback-campaigns.js +202 -42
  399. package/package.json +1 -1
@@ -60,7 +60,6 @@
60
60
  * on policy denials (already-held / not-held / invalid-citation).
61
61
  */
62
62
  var bCrypto = require("./crypto");
63
- var lazyRequire = require("./lazy-require");
64
63
  var safeJson = require("./safe-json");
65
64
  var validateOpts = require("./validate-opts");
66
65
  var sql = require("./sql");
@@ -77,7 +76,7 @@ var { defineClass } = require("./framework-error");
77
76
  var HOLD_TABLE = "_blamejs_legal_hold"; // allow:hand-rolled-sql — canonical local table-name; passed to b.sql with quoteName
78
77
  var AUDIT_TABLE = "audit_log";
79
78
 
80
- var audit = lazyRequire(function () { return require("./audit"); });
79
+ var auditEmit = require("./audit-emit");
81
80
 
82
81
  var LegalHoldError = defineClass("LegalHoldError", { alwaysPermanent: true });
83
82
  var _err = LegalHoldError.factory;
@@ -151,19 +150,11 @@ function create(opts) {
151
150
  validateOpts.optionalObjectWithMethod(opts.signWith, "sign",
152
151
  "create: opts.signWith", LegalHoldError, "BAD_OPT", "b.auditSign-shaped object");
153
152
 
154
- function _emit(action, info, outcome) {
155
- if (!auditOn) return;
156
- var sink = auditInstance || audit();
157
- try {
158
- sink.safeEmit({
159
- action: action,
160
- outcome: outcome,
161
- resource: { kind: "legal-hold", id: info && info.subjectId },
162
- reason: (info && info.reason) || null,
163
- metadata: info || {},
164
- });
165
- } catch (_e) { /* best-effort */ }
166
- }
153
+ var _emit = auditEmit.gatedReasonEmitter({
154
+ audit: auditOn,
155
+ sink: auditInstance,
156
+ extra: function (info) { return { resource: { kind: "legal-hold", id: info && info.subjectId } }; },
157
+ });
167
158
 
168
159
  function _ensureSchema() {
169
160
  // Idempotent migration. The framework SQLite path installs the
@@ -198,20 +198,9 @@ function create(config) {
198
198
  "ResourceAlreadyExistsException treated as success).");
199
199
  }
200
200
  var cfg = Object.assign({}, DEFAULTS, config);
201
- var onDrop = typeof cfg.onDrop === "function" ? cfg.onDrop : null;
202
- var _emitDrop = safeAsync.makeDropCallback(onDrop);
203
- var buffer = [];
204
- var dropCount = 0;
205
- var inFlight = false;
206
- var closed = false;
207
201
  var sequenceToken = null;
208
- // Captures the in-flight drain (the IIFE inside _flush) so close() can await
209
- // the actual run before flipping `closed` — otherwise the _flush while-loop's
210
- // `&& !closed` bails and buffered records are stranded at shutdown.
211
- var inFlightPromise = null;
212
- var flushScheduler = safeAsync.makeScheduledFlush(cfg.maxBatchAgeMs, function () { return _flush(); });
213
202
 
214
- function _takeBatch() {
203
+ function _takeBatch(buffer) {
215
204
  var batch = [];
216
205
  var totalBytes = 0;
217
206
  while (buffer.length > 0) {
@@ -239,45 +228,25 @@ function create(config) {
239
228
  return autoCreatePromise;
240
229
  }
241
230
 
242
- async function _flush() {
243
- if (inFlight) return inFlightPromise;
244
- if (buffer.length === 0) return;
245
- inFlight = true;
246
- inFlightPromise = (async function () {
247
- try {
248
- try { await _ensureAutoCreated(); }
249
- catch (acErr) {
250
- // autoCreate failure is permanent — every subsequent batch
251
- // would hit the same error. Drop the queue with the
252
- // operator-supplied onDrop callback so they see exactly which
253
- // events were lost AND why, then bail.
254
- var allBuffered = buffer.splice(0, buffer.length);
255
- dropCount += allBuffered.length;
256
- _emitDrop("autocreate-failed", allBuffered, acErr);
257
- return;
258
- }
259
- while (buffer.length > 0 && !closed) {
260
- var batch = _takeBatch();
261
- if (batch.length === 0) break;
262
- try {
263
- await retryHelper.withRetry(function () {
264
- return _send(batch);
265
- }, Object.assign({
266
- isPermanent: _isPermanentAwsError,
267
- }, cfg.retry || {}));
268
- } catch (e) {
269
- dropCount += batch.length;
270
- _emitDrop("retry-exhausted", batch, e);
271
- break;
272
- }
273
- }
274
- } finally {
275
- inFlight = false;
276
- inFlightPromise = null;
277
- if (buffer.length > 0) flushScheduler.schedule();
278
- }
279
- })();
280
- return inFlightPromise;
231
+ // CloudWatch rejects any single event above its 256 KiB hard cap — drop it
232
+ // (with a truncated preview) before it can poison a batch; otherwise build
233
+ // the { timestamp, message } event the API expects.
234
+ function _prepareRecord(record) {
235
+ var message = typeof record.message === "string" ? record.message : JSON.stringify(record);
236
+ var size = _eventByteSize(message);
237
+ if (size > CW_MAX_EVENT_BYTES) {
238
+ return {
239
+ rejected: true,
240
+ reason: "event too large",
241
+ dropKind: "event-too-large",
242
+ drop: [{
243
+ timestamp: record.ts || Date.now(),
244
+ message: message.slice(0, DROP_PREVIEW_BYTES) + "...[truncated for drop event]",
245
+ }],
246
+ error: new Error("event exceeds 256 KiB CloudWatch hard cap (was " + size + " bytes)"),
247
+ };
248
+ }
249
+ return { entry: { timestamp: record.ts || Date.now(), message: message } };
281
250
  }
282
251
 
283
252
  async function _send(batch) {
@@ -306,70 +275,33 @@ function create(config) {
306
275
  return res;
307
276
  }
308
277
 
309
- function emit(record) {
310
- if (closed) return Promise.resolve({ accepted: false, reason: "sink closed" });
311
- var message;
312
- if (typeof record.message === "string") {
313
- message = record.message;
314
- } else {
315
- message = JSON.stringify(record);
316
- }
317
- var size = _eventByteSize(message);
318
- if (size > CW_MAX_EVENT_BYTES) {
319
- _emitDrop("event-too-large", [{
320
- timestamp: record.ts || Date.now(),
321
- message: message.slice(0, DROP_PREVIEW_BYTES) + "...[truncated for drop event]",
322
- }], new Error("event exceeds 256 KiB CloudWatch hard cap (was " + size + " bytes)"));
323
- dropCount += 1;
324
- return Promise.resolve({ accepted: false, reason: "event too large" });
325
- }
326
- if (buffer.length >= cfg.bufferLimit) {
327
- var dropped = buffer.shift();
328
- dropCount += 1;
329
- _emitDrop("overflow", [dropped], null);
330
- }
331
- buffer.push({
332
- timestamp: record.ts || Date.now(),
333
- message: message,
334
- });
335
- if (buffer.length >= cfg.batchSize) {
336
- _flush().catch(function () {});
337
- } else {
338
- flushScheduler.schedule();
339
- }
340
- return Promise.resolve({ accepted: true, queued: buffer.length });
341
- }
342
-
343
- async function close() {
344
- // Drain BEFORE flipping closed=true — _flush()'s `while (... && !closed)`
345
- // loop bails on !closed, so flipping the flag first strands the records the
346
- // operator queued just before shutdown (the b.logStream drain contract).
347
- // Stop the timer, await any in-flight drain, drain the remainder, THEN
348
- // refuse new enqueues. Mirrors the webhook sink.
349
- flushScheduler.cancel();
350
- if (inFlightPromise) {
351
- try { await inFlightPromise; } catch (_e) { /* surfaced via onDrop */ }
352
- }
353
- await _flush();
354
- closed = true;
355
- }
356
-
357
- function stats() {
358
- return {
359
- queued: buffer.length,
360
- dropped: dropCount,
361
- inFlight: inFlight,
362
- sequenceToken: sequenceToken,
363
- endpoint: _resolveEndpoint(cfg),
364
- };
365
- }
278
+ // beforeDrain runs the autoCreate handshake once; its failure is permanent
279
+ // (every batch would hit the same error) so the whole buffer is dropped under
280
+ // "autocreate-failed". takeBatch enforces CloudWatch's per-batch byte + count
281
+ // caps; sendBatch wraps the signed PutLogEvents in retry, treating throttling
282
+ // / sequence-token errors per _isPermanentAwsError.
283
+ var sink = safeAsync.makeBatchingSink({
284
+ batchSize: cfg.batchSize,
285
+ bufferLimit: cfg.bufferLimit,
286
+ maxBatchAgeMs: cfg.maxBatchAgeMs,
287
+ onDrop: cfg.onDrop,
288
+ prepareRecord: _prepareRecord,
289
+ takeBatch: _takeBatch,
290
+ beforeDrain: _ensureAutoCreated,
291
+ beforeDrainDropKind: "autocreate-failed",
292
+ sendBatch: function (batch) {
293
+ return retryHelper.withRetry(function () {
294
+ return _send(batch);
295
+ }, Object.assign({ isPermanent: _isPermanentAwsError }, cfg.retry || {}));
296
+ },
297
+ });
366
298
 
367
299
  return {
368
300
  protocol: "cloudwatch",
369
- emit: emit,
370
- close: close,
371
- stats: stats,
372
- flush: _flush,
301
+ emit: sink.emit,
302
+ close: sink.close,
303
+ stats: function () { return sink.stats({ sequenceToken: sequenceToken, endpoint: _resolveEndpoint(cfg) }); },
304
+ flush: sink.flush,
373
305
  };
374
306
  }
375
307
 
@@ -223,7 +223,10 @@ function _makeClient(cfg) {
223
223
  // (http://, cleartext HTTP/2) there is no certificate to validate and
224
224
  // nothing to skip, so neither rejectUnauthorized nor the insecure-TLS
225
225
  // audit applies — emitting it there would be a false security event.
226
- sessionOpts.rejectUnauthorized = false;
226
+ // Operator-governed (not a hardcoded literal): cfg.allowInsecure is true in
227
+ // this branch, so this resolves to false — but derived from the operator's
228
+ // own flag, audited, and never a framework default.
229
+ sessionOpts.rejectUnauthorized = !cfg.allowInsecure;
227
230
  networkTls().auditInsecureTls({ host: authority, source: "log-stream.otlp-grpc" });
228
231
  }
229
232
  var session = http2.connect(authority, sessionOpts);
@@ -357,24 +360,24 @@ function create(config) {
357
360
  }
358
361
  }
359
362
 
363
+ // Fire-and-forget enqueue: full batch drains immediately (not awaited —
364
+ // emit is hot-path), partial batch coalesces via the scheduler. Errors
365
+ // surface through onDrop. No dropCount here — gRPC drop accounting is the
366
+ // export stream's concern, not the buffer's.
367
+ var _enqueue = safeAsync.makeBufferedEnqueue(buffer, {
368
+ batchSize: cfg.batchSize,
369
+ bufferLimit: cfg.bufferLimit,
370
+ flush: _flush,
371
+ schedule: flushScheduler.schedule,
372
+ onOverflow: function (dropped) { _emitDrop("overflow", [dropped], null); },
373
+ });
374
+
360
375
  function emit(record) {
361
376
  if (closed) {
362
377
  _emitDrop("sink-closed", [record], null);
363
378
  return Promise.resolve({ accepted: false, reason: "closed" });
364
379
  }
365
- if (buffer.length >= cfg.bufferLimit) {
366
- var dropped = buffer.shift();
367
- _emitDrop("overflow", [dropped], null);
368
- }
369
- buffer.push(record);
370
- if (buffer.length >= cfg.batchSize) {
371
- // Drain immediately; don't await — emit is fire-and-forget on the
372
- // hot path. Errors surface via onDrop.
373
- _flush().catch(function () {});
374
- } else if (!closed) {
375
- flushScheduler.schedule();
376
- }
377
- return Promise.resolve({ accepted: true, queued: buffer.length });
380
+ return _enqueue(record);
378
381
  }
379
382
 
380
383
  async function close() {
@@ -212,89 +212,25 @@ function create(config) {
212
212
  "Content-Type": "application/json",
213
213
  "Accept": "application/json",
214
214
  }, _authHeaders(cfg));
215
- var onDrop = typeof cfg.onDrop === "function" ? cfg.onDrop : null;
216
- var _emitDrop = safeAsync.makeDropCallback(onDrop);
217
- var buffer = [];
218
- var dropCount = 0;
219
- var inFlight = false;
220
- var closed = false;
221
- // Captures the in-flight drain so close() awaits the real run before flipping
222
- // `closed` (the _flush while-loop bails on !closed → flipping first strands
223
- // buffered records at shutdown).
224
- var inFlightPromise = null;
225
- var flushScheduler = safeAsync.makeScheduledFlush(cfg.maxBatchAgeMs, function () { return _flush(); });
226
-
227
- async function _flush() {
228
- if (inFlight) return inFlightPromise;
229
- if (buffer.length === 0) return;
230
- inFlight = true;
231
- inFlightPromise = (async function () {
232
- try {
233
- while (buffer.length > 0 && !closed) {
234
- var batch = buffer.splice(0, cfg.batchSize);
235
- var body = _serializeBatch(batch, cfg, scopeVersion);
236
- try {
237
- await retryHelper.withRetry(function () {
238
- return _post(resolvedUrl, body, headers, cfg.timeoutMs, cfg.allowedProtocols, cfg.allowInternal);
239
- }, cfg.retry);
240
- } catch (e) {
241
- dropCount += batch.length;
242
- _emitDrop("retry-exhausted", batch, e);
243
- break;
244
- }
245
- }
246
- } finally {
247
- inFlight = false;
248
- inFlightPromise = null;
249
- if (buffer.length > 0) flushScheduler.schedule();
250
- }
251
- })();
252
- return inFlightPromise;
253
- }
254
-
255
- function emit(record) {
256
- if (closed) return Promise.resolve({ accepted: false, reason: "sink closed" });
257
- if (buffer.length >= cfg.bufferLimit) {
258
- var dropped = buffer.shift();
259
- dropCount += 1;
260
- _emitDrop("overflow", [dropped], null);
261
- }
262
- buffer.push(record);
263
- if (buffer.length >= cfg.batchSize) {
264
- _flush().catch(function () {});
265
- } else {
266
- flushScheduler.schedule();
267
- }
268
- return Promise.resolve({ accepted: true, queued: buffer.length });
269
- }
270
-
271
- async function close() {
272
- // Drain BEFORE flipping closed=true (see _flush's `&& !closed` guard) so
273
- // records queued just before shutdown reach the wire. Mirrors the webhook
274
- // + cloudwatch sinks.
275
- flushScheduler.cancel();
276
- if (inFlightPromise) {
277
- try { await inFlightPromise; } catch (_e) { /* surfaced via onDrop */ }
278
- }
279
- await _flush();
280
- closed = true;
281
- }
282
-
283
- function stats() {
284
- return {
285
- queued: buffer.length,
286
- dropped: dropCount,
287
- inFlight: inFlight,
288
- url: resolvedUrl,
289
- };
290
- }
215
+ var sink = safeAsync.makeBatchingSink({
216
+ batchSize: cfg.batchSize,
217
+ bufferLimit: cfg.bufferLimit,
218
+ maxBatchAgeMs: cfg.maxBatchAgeMs,
219
+ onDrop: cfg.onDrop,
220
+ sendBatch: function (batch) {
221
+ var body = _serializeBatch(batch, cfg, scopeVersion);
222
+ return retryHelper.withRetry(function () {
223
+ return _post(resolvedUrl, body, headers, cfg.timeoutMs, cfg.allowedProtocols, cfg.allowInternal);
224
+ }, cfg.retry);
225
+ },
226
+ });
291
227
 
292
228
  return {
293
229
  protocol: "otlp",
294
- emit: emit,
295
- close: close,
296
- stats: stats,
297
- flush: _flush,
230
+ emit: sink.emit,
231
+ close: sink.close,
232
+ stats: function () { return sink.stats({ url: resolvedUrl }); },
233
+ flush: sink.flush,
298
234
  };
299
235
  }
300
236
 
@@ -98,101 +98,29 @@ function create(config) {
98
98
  errorClass: LogStreamError,
99
99
  });
100
100
  var headers = Object.assign({ "Content-Type": cfg.contentType }, _authHeaders(cfg));
101
- // onDrop callback: invoked when a batch is dropped, either by buffer
102
- // overflow ("overflow") or by retry exhaustion ("retry-exhausted").
103
- // Operator wiring this directly (without the framework's dispatcher
104
- // wrapping) needs visibility into permanent-drop events; the
105
- // dispatcher path emits its own audit, but a sink used in isolation
106
- // would otherwise lose drops silently. The callback is invoked
107
- // best-effort — a throw inside it is swallowed.
108
- var onDrop = typeof cfg.onDrop === "function" ? cfg.onDrop : null;
109
- var _emitDrop = safeAsync.makeDropCallback(onDrop);
110
- var buffer = [];
111
- var dropCount = 0;
112
- var inFlight = false;
113
- var closed = false;
114
- var flushScheduler = safeAsync.makeScheduledFlush(cfg.maxBatchAgeMs, function () { return _flush(); });
115
-
116
- // Track the in-flight flush as a promise so close() can await it.
117
- // Without this, a record arriving mid-flush gets buffered, the
118
- // emit-time _flush() early-returns on `if (inFlight) return`, and
119
- // the buffered record is stranded if shutdown fires before
120
- // flushScheduler.schedule() drains it.
121
- var inFlightPromise = null;
122
- async function _flush() {
123
- if (inFlight) return inFlightPromise;
124
- if (buffer.length === 0) return;
125
- inFlight = true;
126
- inFlightPromise = (async function () {
127
- try {
128
- while (buffer.length > 0 && !closed) {
129
- var batch = buffer.splice(0, cfg.batchSize);
130
- var body = _serializeBatch(batch, cfg.bodyShape);
131
- try {
132
- await retryHelper.withRetry(function () {
133
- return _post(cfg.url, body, headers, cfg.timeoutMs, cfg.allowedProtocols, cfg.allowInternal);
134
- }, cfg.retry);
135
- } catch (e) {
136
- // Batch permanently rejected — surface via dropCount AND the
137
- // operator-supplied onDrop callback. The dispatcher path
138
- // wraps its own audit hook around emit(); operators using
139
- // this sink directly rely on dropCount + onDrop.
140
- dropCount += batch.length;
141
- _emitDrop("retry-exhausted", batch, e);
142
- break;
143
- }
144
- }
145
- } finally {
146
- inFlight = false;
147
- inFlightPromise = null;
148
- if (buffer.length > 0) flushScheduler.schedule();
149
- }
150
- })();
151
- return inFlightPromise;
152
- }
153
-
154
- function emit(record) {
155
- if (closed) return Promise.resolve({ accepted: false, reason: "sink closed" });
156
- if (buffer.length >= cfg.bufferLimit) {
157
- var dropped = buffer.shift(); // drop oldest
158
- dropCount += 1;
159
- _emitDrop("overflow", [dropped], null);
160
- }
161
- buffer.push(record);
162
- if (buffer.length >= cfg.batchSize) {
163
- // Don't await — non-blocking flush. Caller's emit returns immediately.
164
- _flush().catch(function () {});
165
- } else {
166
- flushScheduler.schedule();
167
- }
168
- return Promise.resolve({ accepted: true, queued: buffer.length });
169
- }
170
-
171
- async function close() {
172
- // Drain BEFORE flipping closed=true. _flush()'s while loop bails on
173
- // !closed, so flipping the flag first leaves any buffered records
174
- // stranded — the very records the operator queued just before
175
- // calling shutdown(). Order: stop the timer, await any in-flight
176
- // flush so its records POST before we touch the buffer, drain
177
- // anything still queued, THEN refuse new enqueues.
178
- flushScheduler.cancel();
179
- if (inFlightPromise) {
180
- try { await inFlightPromise; } catch (_e) { /* surfaced via onDrop */ }
181
- }
182
- await _flush();
183
- closed = true;
184
- }
185
-
186
- function stats() {
187
- return { queued: buffer.length, dropped: dropCount, inFlight: inFlight };
188
- }
101
+ // A batch permanently rejected by retry surfaces via dropCount AND the
102
+ // operator-supplied onDrop the dispatcher wraps its own audit around
103
+ // emit(), but a sink wired directly (or by buffer overflow) would otherwise
104
+ // lose drops silently. onDrop is best-effort; a throw inside it is swallowed.
105
+ var sink = safeAsync.makeBatchingSink({
106
+ batchSize: cfg.batchSize,
107
+ bufferLimit: cfg.bufferLimit,
108
+ maxBatchAgeMs: cfg.maxBatchAgeMs,
109
+ onDrop: cfg.onDrop,
110
+ sendBatch: function (batch) {
111
+ var body = _serializeBatch(batch, cfg.bodyShape);
112
+ return retryHelper.withRetry(function () {
113
+ return _post(cfg.url, body, headers, cfg.timeoutMs, cfg.allowedProtocols, cfg.allowInternal);
114
+ }, cfg.retry);
115
+ },
116
+ });
189
117
 
190
118
  return {
191
119
  protocol: "webhook",
192
- emit: emit,
193
- close: close,
194
- stats: stats,
195
- flush: _flush,
120
+ emit: sink.emit,
121
+ close: sink.close,
122
+ stats: sink.stats,
123
+ flush: sink.flush,
196
124
  };
197
125
  }
198
126
 
@@ -103,9 +103,9 @@ function _parseHeaderBlock(headerBlock) {
103
103
  }
104
104
 
105
105
  function _canonRelaxedHeader(name, value) {
106
- var unfolded = String(value).replace(/\r?\n[ \t]+/g, " "); // allow:duplicate-regex DKIM/ARC RFC 6376 §3.4.2 unfolding
107
- var trimmed = unfolded.replace(/[ \t]+/g, " ").replace(/^[ \t]+|[ \t]+$/g, ""); // allow:duplicate-regex DKIM/ARC RFC 6376 §3.4.2 WSP collapse
108
- return name.toLowerCase() + ":" + trimmed + "\r\n";
106
+ // RFC 6376 §3.4.2 relaxed header canonshared with the DKIM signer/verifier
107
+ // so an ARC chain produces a byte-identical canon (RFC 8617 §5.1.1).
108
+ return dkim.canonHeaderRelaxed(name, value);
109
109
  }
110
110
 
111
111
  // RFC 8617 §5.1.1 references RFC 6376 §3.4.4 for body canonicalization.
@@ -414,4 +414,9 @@ module.exports = {
414
414
  ALLOWED_ALGORITHMS: ALLOWED_ALGORITHMS,
415
415
  DEFAULT_HEADERS: DEFAULT_HEADERS,
416
416
  MailAuthError: MailAuthError,
417
+ // The canon-source header parser, exposed so a golden-vector test can pin its
418
+ // byte-exact extraction. Like DKIM's, a sign->verify round-trip cannot catch
419
+ // a byte-error here (self-consistent); the AMS/AS signatures fed to a real
420
+ // ARC verifier would silently fail instead.
421
+ _parseHeaderBlockForTest: _parseHeaderBlock,
417
422
  };
@@ -40,6 +40,7 @@
40
40
  var lazyRequire = require("./lazy-require");
41
41
  var mimeParse = require("./mime-parse");
42
42
  var C = require("./constants");
43
+ var safeBuffer = require("./safe-buffer");
43
44
  var { MailArfError } = require("./framework-error");
44
45
 
45
46
  var audit = lazyRequire(function () { return require("./audit"); });
@@ -138,10 +139,10 @@ function parse(rawMessage, opts) {
138
139
  ? rawMessage.toString("utf8")
139
140
  : rawMessage;
140
141
 
141
- if (asString.length > maxBytes) {
142
+ if (safeBuffer.byteLengthOf(asString) > maxBytes) {
142
143
  _emitMalformed(auditOn, "report exceeds maxBytes");
143
144
  throw new MailArfError("mailarf/parse-failed",
144
- "mailArf.parse: report exceeds " + maxBytes + " bytes (got " + asString.length + ")");
145
+ "mailArf.parse: report exceeds " + maxBytes + " bytes (got " + safeBuffer.byteLengthOf(asString) + ")");
145
146
  }
146
147
 
147
148
  // 1. Bisect headers / body, parse Content-Type for boundary.