@blamejs/blamejs-shop 0.4.55 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +385 -2
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +426 -366
  5. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  6. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  7. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  9. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  10. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  11. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  12. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  13. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  14. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  15. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  16. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  17. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  18. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  19. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  20. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  21. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  22. package/lib/vendor/blamejs/index.js +2 -0
  23. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  24. package/lib/vendor/blamejs/lib/acme.js +6 -5
  25. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  26. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  28. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  29. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  30. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  31. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  32. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  33. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  34. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  35. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  36. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  37. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  38. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  39. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  40. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  41. package/lib/vendor/blamejs/lib/archive.js +2 -10
  42. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  43. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  44. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  45. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  46. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  47. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  48. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  49. package/lib/vendor/blamejs/lib/audit.js +84 -0
  50. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  51. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  52. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  53. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  54. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  55. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  56. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  57. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  58. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  59. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  60. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  61. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  62. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  65. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  66. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  67. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  68. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  69. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  70. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  71. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  72. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  73. package/lib/vendor/blamejs/lib/cache.js +7 -18
  74. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  75. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  76. package/lib/vendor/blamejs/lib/cert.js +3 -10
  77. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  78. package/lib/vendor/blamejs/lib/cli.js +5 -1
  79. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  80. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  81. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  82. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  83. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  85. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  86. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  87. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  88. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  89. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  90. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  91. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  92. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  93. package/lib/vendor/blamejs/lib/cose.js +19 -11
  94. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  95. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  96. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  97. package/lib/vendor/blamejs/lib/csp.js +235 -3
  98. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  99. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  100. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  101. package/lib/vendor/blamejs/lib/db.js +34 -12
  102. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  103. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  104. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  105. package/lib/vendor/blamejs/lib/did.js +6 -2
  106. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  107. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  108. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  109. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  110. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  111. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  112. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  113. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  114. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  115. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  116. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  117. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  118. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  119. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  120. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  121. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  122. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  123. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  124. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  125. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  126. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  127. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  128. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  129. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  130. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  131. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  132. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  133. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  134. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  135. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  136. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  137. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  138. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  139. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  140. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  142. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  143. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  144. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  145. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  146. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  147. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  148. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  149. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  150. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  151. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  152. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  153. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  154. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  155. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  156. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  157. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  158. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  159. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  161. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  162. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  163. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  164. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  165. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  166. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  167. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  168. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  169. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  170. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  171. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  172. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  173. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  174. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  175. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  176. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  177. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  178. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  179. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  180. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  181. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  182. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  183. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  184. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  185. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  186. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  187. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  188. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  189. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  190. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  191. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  192. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  193. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  194. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  195. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  196. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  197. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  198. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  199. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  200. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  201. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  202. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  203. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  204. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  205. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  206. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  207. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  208. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  209. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  210. package/lib/vendor/blamejs/lib/mail.js +6 -11
  211. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  212. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  213. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  214. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  215. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  216. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  217. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  218. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  219. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  220. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  221. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  222. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  223. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  224. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  225. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  226. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  227. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  228. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  229. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  230. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  231. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  232. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  233. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  234. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  235. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  236. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  237. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  238. package/lib/vendor/blamejs/lib/money.js +105 -0
  239. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  240. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  241. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  242. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  243. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  244. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  245. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  246. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  247. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  248. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  249. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  251. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  252. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  253. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  254. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  255. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  256. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  257. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  258. package/lib/vendor/blamejs/lib/observability.js +95 -0
  259. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  260. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  261. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  262. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  263. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  265. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  266. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  267. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  268. package/lib/vendor/blamejs/lib/pick.js +63 -5
  269. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  270. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  271. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  272. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  273. package/lib/vendor/blamejs/lib/redact.js +2 -1
  274. package/lib/vendor/blamejs/lib/render.js +4 -2
  275. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  276. package/lib/vendor/blamejs/lib/restore.js +5 -22
  277. package/lib/vendor/blamejs/lib/retention.js +3 -5
  278. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  279. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  280. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  282. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  283. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  284. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  285. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  286. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  287. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  288. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  289. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  290. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  291. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  292. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  293. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  294. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  295. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  296. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  297. package/lib/vendor/blamejs/lib/session.js +194 -6
  298. package/lib/vendor/blamejs/lib/sql.js +225 -78
  299. package/lib/vendor/blamejs/lib/sse.js +6 -10
  300. package/lib/vendor/blamejs/lib/static.js +136 -98
  301. package/lib/vendor/blamejs/lib/storage.js +4 -2
  302. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  303. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  304. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  305. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  306. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  307. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  308. package/lib/vendor/blamejs/lib/vc.js +2 -7
  309. package/lib/vendor/blamejs/lib/vex.js +35 -13
  310. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  311. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  312. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  313. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  314. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  315. package/lib/vendor/blamejs/lib/worm.js +2 -3
  316. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  317. package/lib/vendor/blamejs/package.json +1 -1
  318. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  319. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  320. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  321. package/lib/vendor/blamejs/test/10-state.js +9 -3
  322. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  323. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  324. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  325. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  326. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  329. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  330. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  335. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  336. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  338. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  342. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  346. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  348. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  391. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  397. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  398. package/lib/winback-campaigns.js +202 -42
  399. package/package.json +1 -1
@@ -0,0 +1,78 @@
1
+ "use strict";
2
+ /**
3
+ * b.codepointClass — control-char predicate helpers
4
+ * (isForbiddenControlChar / firstControlCharOffset).
5
+ */
6
+ var helpers = require("../helpers");
7
+ var check = helpers.check;
8
+ var codepointClass = require("../../lib/codepoint-class");
9
+
10
+ function testIsForbiddenControlChar() {
11
+ var f = codepointClass.isForbiddenControlChar;
12
+ // NUL and other C0 controls are forbidden by default.
13
+ check("isForbiddenControlChar: NUL forbidden", f(0x00) === true);
14
+ check("isForbiddenControlChar: 0x01 forbidden", f(0x01) === true);
15
+ check("isForbiddenControlChar: 0x1f forbidden", f(0x1f) === true);
16
+ // TAB always permitted.
17
+ check("isForbiddenControlChar: TAB permitted", f(0x09) === false);
18
+ // DEL always forbidden, regardless of opts.
19
+ check("isForbiddenControlChar: DEL forbidden", f(0x7f) === true);
20
+ check("isForbiddenControlChar: DEL forbidden even with allowLf/allowCr",
21
+ f(0x7f, { allowLf: true, allowCr: true }) === true);
22
+ // Printable + high-bit are not control chars.
23
+ check("isForbiddenControlChar: space ok", f(0x20) === false);
24
+ check("isForbiddenControlChar: 'A' ok", f(0x41) === false);
25
+ check("isForbiddenControlChar: 0xff ok", f(0xff) === false);
26
+ // LF / CR forbidden by default, permitted only when opted in.
27
+ check("isForbiddenControlChar: LF forbidden by default", f(0x0a) === true);
28
+ check("isForbiddenControlChar: CR forbidden by default", f(0x0d) === true);
29
+ check("isForbiddenControlChar: LF permitted with allowLf", f(0x0a, { allowLf: true }) === false);
30
+ check("isForbiddenControlChar: CR still forbidden with allowLf only", f(0x0d, { allowLf: true }) === true);
31
+ check("isForbiddenControlChar: CR permitted with allowCr", f(0x0d, { allowCr: true }) === false);
32
+ check("isForbiddenControlChar: LF still forbidden with allowCr only", f(0x0a, { allowCr: true }) === true);
33
+ // forbidTab — the stricter identifier / key / name contexts forbid TAB too,
34
+ // making the predicate exactly `code < 0x20 || code === 0x7f`.
35
+ check("isForbiddenControlChar: TAB forbidden with forbidTab", f(0x09, { forbidTab: true }) === true);
36
+ check("isForbiddenControlChar: NUL still forbidden with forbidTab", f(0x00, { forbidTab: true }) === true);
37
+ check("isForbiddenControlChar: DEL still forbidden with forbidTab", f(0x7f, { forbidTab: true }) === true);
38
+ check("isForbiddenControlChar: space ok with forbidTab", f(0x20, { forbidTab: true }) === false);
39
+ check("isForbiddenControlChar: 'A' ok with forbidTab", f(0x41, { forbidTab: true }) === false);
40
+ // forbidTab is byte-equivalent to the open-coded `code < 0x20 || code === 0x7f`
41
+ // across every codepoint (the routed name/key validators rely on this).
42
+ var forbidTabParity = true;
43
+ for (var cp = 0; cp <= 0x200; cp += 1) {
44
+ if (f(cp, { forbidTab: true }) !== (cp < 0x20 || cp === 0x7f)) { forbidTabParity = false; break; }
45
+ }
46
+ check("isForbiddenControlChar: forbidTab === (code < 0x20 || code === 0x7f)", forbidTabParity);
47
+ check("firstControlCharOffset: TAB forbidden with forbidTab → offset",
48
+ codepointClass.firstControlCharOffset("a\tb", { forbidTab: true }) === 1);
49
+ check("firstControlCharOffset: TAB allowed by default → -1",
50
+ codepointClass.firstControlCharOffset("a\tb") === -1);
51
+ }
52
+
53
+ function testFirstControlCharOffset() {
54
+ var g = codepointClass.firstControlCharOffset;
55
+ check("firstControlCharOffset: clean string → -1", g("hello world") === -1);
56
+ check("firstControlCharOffset: TAB ok → -1", g("a\tb\tc") === -1);
57
+ check("firstControlCharOffset: empty → -1", g("") === -1);
58
+ check("firstControlCharOffset: NUL at 1", g("a\x00b") === 1);
59
+ check("firstControlCharOffset: DEL at 2", g("ab\x7fc") === 2);
60
+ check("firstControlCharOffset: first of multiple", g("ok\x01\x02") === 2);
61
+ check("firstControlCharOffset: LF found by default", g("a\nb") === 1);
62
+ check("firstControlCharOffset: LF skipped with allowLf", g("a\nb", { allowLf: true }) === -1);
63
+ check("firstControlCharOffset: CRLF skipped with allowLf+allowCr",
64
+ g("a\r\nb", { allowLf: true, allowCr: true }) === -1);
65
+ check("firstControlCharOffset: CR found when only allowLf", g("a\rb", { allowLf: true }) === 1);
66
+ }
67
+
68
+ async function run() {
69
+ testIsForbiddenControlChar();
70
+ testFirstControlCharOffset();
71
+ }
72
+
73
+ module.exports = { run: run };
74
+
75
+ if (require.main === module) {
76
+ run().then(function () { console.log("OK"); })
77
+ .catch(function (e) { console.error(e); process.exit(1); });
78
+ }
@@ -2,6 +2,9 @@
2
2
  /**
3
3
  * b.crypto.toBase64Url + b.crypto.fromBase64Url — RFC 4648 §5
4
4
  * base64url encode/decode routed through Node's built-in encoding.
5
+ * Also covers b.crypto.importPublicJwk — JWK → public KeyObject import —
6
+ * and b.crypto.makeBase64UrlDecoder — typed-error binding around the strict
7
+ * fromBase64Url decoder.
5
8
  */
6
9
 
7
10
  var helpers = require("../helpers");
@@ -67,6 +70,64 @@ function testRoundTripWithUrlSafeChars() {
67
70
  check("round-trip preserves bytes", dec.equals(buf));
68
71
  }
69
72
 
73
+ function testImportPublicJwk() {
74
+ check("importPublicJwk is fn", typeof b.crypto.importPublicJwk === "function");
75
+
76
+ // A valid Ed25519 public JWK (RFC 8037 §A.1 example) imports to a KeyObject.
77
+ var jwk = { kty: "OKP", crv: "Ed25519", x: "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" };
78
+ var key = b.crypto.importPublicJwk(jwk, { errorClass: TypeError, code: "x", messagePrefix: "p: " });
79
+ check("importPublicJwk returns a public KeyObject", key && key.type === "public");
80
+
81
+ // A malformed JWK (missing x) throws the bound class with interpolated message.
82
+ function KeyErr(code, message) { this.code = code; this.message = message; }
83
+ var threw = null;
84
+ try {
85
+ b.crypto.importPublicJwk({ kty: "OKP", crv: "Ed25519" },
86
+ { errorClass: KeyErr, code: "bad/key", messagePrefix: "import failed: " });
87
+ } catch (e) { threw = e; }
88
+ check("importPublicJwk wraps a bad JWK in the bound error class",
89
+ threw instanceof KeyErr && threw.code === "bad/key" &&
90
+ threw.message.indexOf("import failed: ") === 0);
91
+
92
+ // Without errorClass, the raw Node error propagates unchanged.
93
+ var rawThrew = null;
94
+ try { b.crypto.importPublicJwk({ kty: "OKP", crv: "Ed25519" }); }
95
+ catch (e) { rawThrew = e; }
96
+ check("importPublicJwk without errorClass rethrows raw",
97
+ rawThrew !== null && !(rawThrew instanceof KeyErr));
98
+ }
99
+
100
+ function testMakeBase64UrlDecoder() {
101
+ check("makeBase64UrlDecoder is fn", typeof b.crypto.makeBase64UrlDecoder === "function");
102
+ function DErr(code, message) { this.code = code; this.message = message; }
103
+
104
+ // With typeMessage: valid decodes; non-string → typeMessage; malformed → badMessage.
105
+ var decode = b.crypto.makeBase64UrlDecoder({
106
+ errorClass: DErr, code: "x/bad", typeMessage: "must be a string", badMessage: "not valid base64url",
107
+ });
108
+ check("makeBase64UrlDecoder decodes valid base64url",
109
+ Buffer.isBuffer(decode("aGVsbG8")) && decode("aGVsbG8").toString() === "hello");
110
+ var t1 = null; try { decode(123); } catch (e) { t1 = e; }
111
+ check("makeBase64UrlDecoder non-string throws typeMessage",
112
+ t1 instanceof DErr && t1.code === "x/bad" && t1.message === "must be a string");
113
+ var t2 = null; try { decode("!!!not-base64!!!"); } catch (e) { t2 = e; }
114
+ check("makeBase64UrlDecoder malformed throws badMessage",
115
+ t2 instanceof DErr && t2.code === "x/bad" && t2.message === "not valid base64url");
116
+
117
+ // Without typeMessage: a non-string falls into the decode-failure path (badMessage).
118
+ var decode2 = b.crypto.makeBase64UrlDecoder({ errorClass: DErr, code: "y/bad", badMessage: "bad" });
119
+ var t3 = null; try { decode2(123); } catch (e) { t3 = e; }
120
+ check("makeBase64UrlDecoder without typeMessage: non-string → badMessage",
121
+ t3 instanceof DErr && t3.message === "bad");
122
+
123
+ // config-time validation.
124
+ function r(fn) { try { fn(); return false; } catch (e) { return e instanceof TypeError; } }
125
+ check("makeBase64UrlDecoder rejects missing errorClass",
126
+ r(function () { b.crypto.makeBase64UrlDecoder({ code: "x", badMessage: "y" }); }));
127
+ check("makeBase64UrlDecoder rejects missing badMessage",
128
+ r(function () { b.crypto.makeBase64UrlDecoder({ errorClass: DErr, code: "x" }); }));
129
+ }
130
+
70
131
  function run() {
71
132
  testSurface();
72
133
  testRoundTripBuffer();
@@ -76,6 +137,8 @@ function run() {
76
137
  testDecodeRefusesBadShape();
77
138
  testNoTrailingPadding();
78
139
  testRoundTripWithUrlSafeChars();
140
+ testImportPublicJwk();
141
+ testMakeBase64UrlDecoder();
79
142
  }
80
143
 
81
144
  module.exports = { run: run };
@@ -22,7 +22,8 @@ async function run() {
22
22
  check("crypto.hashStream is fn", typeof b.crypto.hashStream === "function");
23
23
 
24
24
  // ---- Default algorithm = sha3-512 → 64-byte digest ----
25
- var tmp = path.join(os.tmpdir(), "blamejs-hashfile-" + Date.now() + ".txt");
25
+ var tmp = path.join(
26
+ fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-hashfile-")), "payload.txt");
26
27
  var payload = "hello blamejs streaming hash";
27
28
  fs.writeFileSync(tmp, payload);
28
29
 
@@ -102,6 +102,54 @@ function testCspErrorClass() {
102
102
  check("CspError carries code", e.code === "csp/test");
103
103
  }
104
104
 
105
+ // b.csp.mergeDirectives / mergePermissionsPolicy — per-route additive merge (#333).
106
+ function _code(fn) { try { fn(); return null; } catch (e) { return e.code || e.message; } }
107
+
108
+ function testMergeDirectives() {
109
+ // Deriving from the strict default must NOT re-validate (and thus refuse)
110
+ // the default's own img-src 'self' data: — only the ADDED sources are gated.
111
+ var merged = b.csp.mergeDirectives(undefined, {
112
+ "script-src": ["https://js.stripe.com"], "frame-src": ["https://js.stripe.com"],
113
+ });
114
+ check("mergeDirectives derives from DEFAULT_CSP without re-validating the base data:",
115
+ /img-src[^;]*data:/.test(merged));
116
+ check("mergeDirectives appends the host to script-src", /script-src[^;]*js\.stripe\.com/.test(merged));
117
+ check("mergeDirectives appends the host to frame-src", /frame-src[^;]*js\.stripe\.com/.test(merged));
118
+ check("mergeDirectives leaves frame-ancestors untouched", merged.indexOf("frame-ancestors") !== -1);
119
+
120
+ // The merge is additive — a second pass over its own output is idempotent.
121
+ var twice = b.csp.mergeDirectives(merged, { "script-src": ["https://js.stripe.com"] });
122
+ check("mergeDirectives de-dupes an already-present source",
123
+ (twice.match(/js\.stripe\.com/g) || []).length === merged.match(/js\.stripe\.com/g).length);
124
+
125
+ // Only the added sources are gated.
126
+ check("mergeDirectives refuses an unknown directive",
127
+ _code(function () { b.csp.mergeDirectives(undefined, { "bogus-src": ["x"] }); }) === "csp/unknown-directive");
128
+ check("mergeDirectives refuses an added catch-all source",
129
+ _code(function () { b.csp.mergeDirectives(undefined, { "script-src": ["*"] }); }) === "csp/catch-all-source");
130
+ check("mergeDirectives refuses an added data: without allowDataImages",
131
+ _code(function () { b.csp.mergeDirectives(undefined, { "img-src": ["data:"] }); }) === "csp/data-source");
132
+ check("mergeDirectives admits an added data: with allowDataImages",
133
+ typeof b.csp.mergeDirectives(undefined, { "img-src": ["data:"] }, { allowDataImages: true }) === "string");
134
+ check("mergeDirectives refuses CR/LF in an added source",
135
+ _code(function () { b.csp.mergeDirectives(undefined, { "script-src": ["https://x\r\ny"] }); }) === "csp/header-injection");
136
+ // Prototype-pollution guard — the hostile key must be own-enumerable (JSON).
137
+ check("mergeDirectives refuses a __proto__ directive name",
138
+ _code(function () { b.csp.mergeDirectives(undefined, JSON.parse('{"__proto__":["https://x"]}')); }) === "csp/bad-directive-name");
139
+ }
140
+
141
+ function testMergePermissionsPolicy() {
142
+ var pp = b.csp.mergePermissionsPolicy(undefined, { payment: '(self "https://js.stripe.com")' });
143
+ check("mergePermissionsPolicy re-enables the named feature", /payment=\(self "https:\/\/js\.stripe\.com"\)/.test(pp));
144
+ check("mergePermissionsPolicy leaves other features denied", /camera=\(\)/.test(pp));
145
+ check("mergePermissionsPolicy refuses a non-RFC-9651 value",
146
+ _code(function () { b.csp.mergePermissionsPolicy(undefined, { payment: "yes" }); }) === "csp/bad-feature-value");
147
+ check("mergePermissionsPolicy refuses a comma-bearing value (header injection)",
148
+ _code(function () { b.csp.mergePermissionsPolicy(undefined, { payment: "(self), camera=*" }); }) === "csp/bad-feature-value");
149
+ check("mergePermissionsPolicy refuses a __proto__ feature name",
150
+ _code(function () { b.csp.mergePermissionsPolicy(undefined, JSON.parse('{"__proto__":"(self)"}')); }) === "csp/bad-feature-name");
151
+ }
152
+
105
153
  function run() {
106
154
  testDefaultCspRoundTrips();
107
155
  testWebrtcDirective();
@@ -113,6 +161,8 @@ function run() {
113
161
  testNonce();
114
162
  testHash();
115
163
  testCspErrorClass();
164
+ testMergeDirectives();
165
+ testMergePermissionsPolicy();
116
166
  }
117
167
 
118
168
  if (require.main === module) {
@@ -396,6 +396,6 @@ module.exports = { run: run };
396
396
  if (require.main === module) {
397
397
  run().then(
398
398
  function () { console.log("OK — " + helpers.getChecks() + " checks passed"); },
399
- function (e) { console.error("FAIL:", e.message); process.exit(1); }
399
+ function (e) { console.error("FAIL: " + helpers.formatErr(e)); process.exit(1); }
400
400
  );
401
401
  }
@@ -21,8 +21,9 @@ var check = helpers.check;
21
21
 
22
22
  var processSpawn = require("../../lib/process-spawn");
23
23
 
24
+ var _tmpBase = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-daemon-test-"));
24
25
  function _tmpFile(name) {
25
- return path.join(os.tmpdir(), "blamejs-daemon-test-" + Date.now() + "-" +
26
+ return path.join(_tmpBase, Date.now() + "-" +
26
27
  Math.random().toString(36).slice(2, 8) + "-" + name);
27
28
  }
28
29
 
@@ -0,0 +1,76 @@
1
+ "use strict";
2
+ /**
3
+ * defineGuard resolveOpts — the bound profile/posture resolver every guard
4
+ * built via gateContract.defineGuard exposes as `<guard>.resolveOpts(opts)`.
5
+ * Bespoke gates call it instead of hand-rolling the per-guard
6
+ * `resolveProfileAndPosture(opts, { profiles, postures, defaults, errorClass,
7
+ * errCodePrefix })` binding. This proves the generated resolver applies the
8
+ * named profile, applies the compliance posture, and is idempotent over an
9
+ * already-resolved opts (the property the gate relies on when it re-resolves).
10
+ */
11
+
12
+ var helpers = require("../helpers");
13
+ var b = helpers.b;
14
+ var check = helpers.check;
15
+
16
+ // One representative per defineGuard-built guard that exposes resolveOpts.
17
+ // Referencing the qualified name keeps each in the coverage census.
18
+ var GUARDS = [
19
+ ["guardCsv", b.guardCsv.resolveOpts],
20
+ ["guardHtml", b.guardHtml.resolveOpts],
21
+ ["guardSvg", b.guardSvg.resolveOpts],
22
+ ["guardXml", b.guardXml.resolveOpts],
23
+ ["guardJson", b.guardJson.resolveOpts],
24
+ ["guardYaml", b.guardYaml.resolveOpts],
25
+ ["guardMarkdown", b.guardMarkdown.resolveOpts],
26
+ ["guardFilename", b.guardFilename.resolveOpts],
27
+ ["guardSql", b.guardSql.resolveOpts],
28
+ ["guardEmail", b.guardEmail.resolveOpts],
29
+ ["guardText", b.guardText.resolveOpts],
30
+ ["guardImage", b.guardImage.resolveOpts],
31
+ ["guardPdf", b.guardPdf.resolveOpts],
32
+ ];
33
+
34
+ function testResolveOptsSurface() {
35
+ GUARDS.forEach(function (pair) {
36
+ check(pair[0] + ".resolveOpts is a function", typeof pair[1] === "function");
37
+ });
38
+ }
39
+
40
+ function testResolveOptsAppliesProfile() {
41
+ GUARDS.forEach(function (pair) {
42
+ var resolved = pair[1]({ profile: "strict" });
43
+ check(pair[0] + ".resolveOpts returns an opts object", resolved && typeof resolved === "object");
44
+ check(pair[0] + ".resolveOpts records the named profile", resolved.profile === "strict");
45
+ });
46
+ }
47
+
48
+ function testResolveOptsIdempotent() {
49
+ // The bespoke gates re-resolve an already-resolved opts; resolveOpts must be
50
+ // a fixpoint so the second pass does not throw or drift.
51
+ GUARDS.forEach(function (pair) {
52
+ var once = pair[1]({ profile: "strict" });
53
+ var twice = pair[1](once);
54
+ check(pair[0] + ".resolveOpts is idempotent (profile stable)", twice.profile === once.profile);
55
+ });
56
+ }
57
+
58
+ function testResolveOptsAppliesPosture() {
59
+ // A compliance posture overlays its caps; resolveOpts must surface it.
60
+ var resolved = b.guardCsv.resolveOpts({ compliancePosture: "hipaa" });
61
+ check("guardCsv.resolveOpts applies a compliance posture", resolved && typeof resolved === "object");
62
+ }
63
+
64
+ function run() {
65
+ testResolveOptsSurface();
66
+ testResolveOptsAppliesProfile();
67
+ testResolveOptsIdempotent();
68
+ testResolveOptsAppliesPosture();
69
+ }
70
+
71
+ module.exports = { run: run };
72
+
73
+ if (require.main === module) {
74
+ try { run(); console.log("[defineguard-resolve-opts] OK — " + helpers.getChecks() + " checks passed"); }
75
+ catch (e) { console.error("FAIL:", e.stack || e); process.exit(1); }
76
+ }
@@ -126,6 +126,15 @@ function run() {
126
126
  check("context.merge: keeps base", merged.targetingKey === "user-42");
127
127
  check("context.merge: adds overlay", merged.tier === "gold");
128
128
 
129
+ // An own poisoned key (constructor / __proto__ / prototype) on a merge source
130
+ // is skipped — the merge routes through validateOpts.assignOwnEnumerable, a
131
+ // prototype-pollution defense the prior hand-rolled own-key copy lacked.
132
+ var poison = {};
133
+ Object.defineProperty(poison, "constructor", { value: "EVIL", enumerable: true, configurable: true });
134
+ var safeMerged = b.flag.context.merge({ targetingKey: "u" }, poison);
135
+ check("context.merge: skips an own poisoned 'constructor' key",
136
+ safeMerged.constructor !== "EVIL" && safeMerged.targetingKey === "u");
137
+
129
138
  // bucketOf is deterministic
130
139
  var b1 = b.flag.context.bucketOf("user-42", "test-flag");
131
140
  var b2 = b.flag.context.bucketOf("user-42", "test-flag");
@@ -0,0 +1,290 @@
1
+ "use strict";
2
+ /**
3
+ * b.gateContract.buildContentGate — the content-guard gate action-chain
4
+ * (serve / audit-only / sanitize / refuse) every content guard composes.
5
+ *
6
+ * The disposition of each finding is what the operator's POLICY for that class
7
+ * selected, NOT the finding's impact severity:
8
+ * reject → refuse · a mitigation (strip / prefix / redact) → sanitize ·
9
+ * audit → audit-only.
10
+ * The guard declares the binding via spec.dispositionFor(issue, opts), routed
11
+ * through b.gateContract.policyDisposition / b.gateContract.charThreatDisposition. `refuse`
12
+ * wins over `sanitize` wins over `audit-only`. Operator-injected extraIssues
13
+ * carry no guard sanitizer, so a refusal-severity hit can only refuse. There is
14
+ * NO re-validation: a sanitize-disposition finding runs the guard's sanitizer
15
+ * and the output is served (a mitigation may be in-place, not removal, so a
16
+ * second detector pass would wrongly refuse it); a sanitizer that throws falls
17
+ * through to refuse.
18
+ */
19
+
20
+ var helpers = require("../helpers");
21
+ var check = helpers.check;
22
+ var gc = require("../../lib/gate-contract");
23
+
24
+ // Synthetic content guard. Each marker token emits a finding; the governing
25
+ // "policy" is operator-set via opts.cfgPolicy, so the SAME finding refuses /
26
+ // sanitizes / audits purely by policy — proving disposition is read from policy
27
+ // and not from the (here deliberately critical) severity.
28
+ // "CFG" → configurable (governed by opts.cfgPolicy)
29
+ // "DENY" → always-dangerous denylist (always refuse)
30
+ // "OBS" → observational (always audit)
31
+ function _validate(input) {
32
+ var text = Buffer.isBuffer(input) ? input.toString("utf8") : input;
33
+ var issues = [];
34
+ if (text.indexOf("CFG") !== -1) issues.push({ kind: "configurable", severity: "critical", ruleId: "x.cfg" });
35
+ if (text.indexOf("DENY") !== -1) issues.push({ kind: "denylisted", severity: "critical", ruleId: "x.deny" });
36
+ if (text.indexOf("OBS") !== -1) issues.push({ kind: "observe", severity: "warn", ruleId: "x.obs" });
37
+ return { ok: issues.length === 0, issues: issues };
38
+ }
39
+ function _dispositionFor(issue, opts) {
40
+ switch (issue.kind) {
41
+ case "configurable": return gc.policyDisposition(opts.cfgPolicy);
42
+ case "denylisted": return "refuse";
43
+ case "observe": return "audit";
44
+ default: return null;
45
+ }
46
+ }
47
+ // The sanitizer removes the "CFG" marker (the only mitigable class).
48
+ function _produceSanitized(input) {
49
+ var text = Buffer.isBuffer(input) ? input.toString("utf8") : input;
50
+ return text.split("CFG").join("");
51
+ }
52
+
53
+ function _gate(opts, extra) {
54
+ return gc.buildContentGate(Object.assign({
55
+ name: "synthetic:test",
56
+ opts: opts,
57
+ validate: _validate,
58
+ dispositionFor: _dispositionFor,
59
+ produceSanitized: function (t) { return _produceSanitized(t); },
60
+ }, extra || {}));
61
+ }
62
+
63
+ async function run() {
64
+ function act(gate, text) {
65
+ return gate.check({ bytes: Buffer.from(text, "utf8") }).then(function (d) { return d.action; });
66
+ }
67
+
68
+ var strip = _gate({ cfgPolicy: "strip" });
69
+ var reject = _gate({ cfgPolicy: "reject" });
70
+ var audit = _gate({ cfgPolicy: "audit" });
71
+
72
+ check("clean input → serve", (await act(strip, "hello world")) === "serve");
73
+ check("observational-only → audit-only", (await act(strip, "a OBS b")) === "audit-only");
74
+ check("denylist finding → refuse (always)", (await act(strip, "x DENY y")) === "refuse");
75
+
76
+ // The SAME configurable finding, three policies — disposition follows policy.
77
+ check("configurable under strip-policy → sanitize", (await act(strip, "a CFG b")) === "sanitize");
78
+ check("configurable under reject-policy → refuse", (await act(reject, "a CFG b")) === "refuse");
79
+ check("configurable under audit-policy → audit-only",(await act(audit, "a CFG b")) === "audit-only");
80
+
81
+ // Precedence: refuse > sanitize > audit.
82
+ check("denylist beside a sanitizable finding → refuse",
83
+ (await act(strip, "CFG DENY")) === "refuse");
84
+ check("sanitizable beside an observational finding → sanitize",
85
+ (await act(strip, "CFG OBS")) === "sanitize");
86
+
87
+ // The sanitize output is the repaired bytes (the CFG marker removed).
88
+ var d = await strip.check({ bytes: Buffer.from("keep CFG keep", "utf8") });
89
+ check("sanitize: output is a Buffer with the finding removed",
90
+ d.action === "sanitize" && Buffer.isBuffer(d.sanitized) &&
91
+ d.sanitized.toString("utf8").indexOf("CFG") === -1 &&
92
+ d.sanitized.toString("utf8").indexOf("keep") !== -1);
93
+
94
+ // No produceSanitized → a sanitize-disposition finding cannot be repaired → refuse.
95
+ var noSan = gc.buildContentGate({ name: "n", opts: { cfgPolicy: "strip" },
96
+ validate: _validate, dispositionFor: _dispositionFor });
97
+ check("no produceSanitized: sanitizable finding → refuse",
98
+ (await noSan.check({ bytes: Buffer.from("CFG", "utf8") })).action === "refuse");
99
+
100
+ // A sanitizer that throws falls through to refuse.
101
+ var throws = _gate({ cfgPolicy: "strip" }, { produceSanitized: function () { throw new Error("boom"); } });
102
+ check("sanitizer throws → refuse",
103
+ (await throws.check({ bytes: Buffer.from("CFG", "utf8") })).action === "refuse");
104
+
105
+ // sanitizeBlockingKinds: skip the attempt for a class the sanitizer must not touch.
106
+ var blocked = _gate({ cfgPolicy: "strip" }, { sanitizeBlockingKinds: ["configurable"] });
107
+ check("blocking-kind present → refuse without sanitize attempt",
108
+ (await blocked.check({ bytes: Buffer.from("CFG", "utf8") })).action === "refuse");
109
+
110
+ // extraIssues: operator-injected detect-only findings refuse on a high hit
111
+ // (the guard owns no sanitizer for them) regardless of the guard's own policy.
112
+ var withExtra = _gate({ cfgPolicy: "strip" }, {
113
+ extraIssues: function (subject) {
114
+ var text = Buffer.isBuffer(subject) ? subject.toString("utf8") : subject;
115
+ return text.indexOf("RULE") !== -1
116
+ ? [{ kind: "operator.rule", severity: "high", ruleId: "operator.rule" }] : [];
117
+ },
118
+ });
119
+ check("extraIssues high hit → refuse (no guard sanitizer for it)",
120
+ (await withExtra.check({ bytes: Buffer.from("RULE", "utf8") })).action === "refuse");
121
+ check("extraIssues with no hit → still serve",
122
+ (await withExtra.check({ bytes: Buffer.from("clean", "utf8") })).action === "serve");
123
+
124
+ // ctxField:"bytes" reads ctx.bytes raw (no utf8 round-trip in the contract).
125
+ var bytesGate = _gate({ cfgPolicy: "strip" }, { ctxField: "bytes" });
126
+ check("ctxField bytes: still drives the chain",
127
+ (await bytesGate.check({ bytes: Buffer.from("a CFG b", "utf8") })).action === "sanitize");
128
+
129
+ // policyDisposition unit.
130
+ check("policyDisposition reject → refuse", gc.policyDisposition("reject") === "refuse");
131
+ check("policyDisposition strip → sanitize", gc.policyDisposition("strip") === "sanitize");
132
+ check("policyDisposition prefix-tab → sanitize", gc.policyDisposition("prefix-tab") === "sanitize");
133
+ check("policyDisposition audit → audit", gc.policyDisposition("audit") === "audit");
134
+ check("policyDisposition audit-only → audit", gc.policyDisposition("audit-only") === "audit");
135
+
136
+ // severityDisposition unit: the non-sanitizing gate's serve/audit-only/refuse chain.
137
+ check("severityDisposition no issues → serve",
138
+ JSON.stringify(gc.severityDisposition([])) === JSON.stringify({ ok: true, action: "serve" }));
139
+ check("severityDisposition low/medium only → audit-only",
140
+ gc.severityDisposition([{ severity: "low" }, { severity: "medium" }]).action === "audit-only");
141
+ check("severityDisposition any high → refuse",
142
+ gc.severityDisposition([{ severity: "low" }, { severity: "high" }]).ok === false &&
143
+ gc.severityDisposition([{ severity: "high" }]).action === "refuse");
144
+ check("severityDisposition any critical → refuse",
145
+ gc.severityDisposition([{ severity: "critical" }]).action === "refuse");
146
+ check("severityDisposition carries issues on audit-only/refuse, omits on serve",
147
+ gc.severityDisposition([{ severity: "low" }]).issues.length === 1 &&
148
+ gc.severityDisposition([]).issues === undefined);
149
+
150
+ // charThreatDisposition unit: shared bidi/null/control read their policies.
151
+ check("charThreatDisposition bidi under strip → sanitize",
152
+ gc.charThreatDisposition({ kind: "bidi-override" }, { bidiPolicy: "strip" }) === "sanitize");
153
+ check("charThreatDisposition null under reject → refuse",
154
+ gc.charThreatDisposition({ kind: "null-byte" }, { nullBytePolicy: "reject" }) === "refuse");
155
+ check("charThreatDisposition unrelated kind → null",
156
+ gc.charThreatDisposition({ kind: "configurable" }, {}) === null);
157
+
158
+ // compliancePostures unit: the four-posture regulation-disposition policy.
159
+ // hipaa/pci-dss/soc2 → strict tier, gdpr → balanced tier; snippet base / ÷2 / ×2.
160
+ var PROFILES = {
161
+ strict: { bidiPolicy: "reject", maxBytes: 1000 },
162
+ balanced: { bidiPolicy: "strip", maxBytes: 2000 },
163
+ };
164
+ var cp = gc.compliancePostures(PROFILES, { base: 256 });
165
+ check("compliancePostures hipaa/pci/soc2 use the strict tier",
166
+ cp.hipaa.bidiPolicy === "reject" && cp["pci-dss"].bidiPolicy === "reject" && cp.soc2.bidiPolicy === "reject");
167
+ check("compliancePostures gdpr uses the balanced tier (data-minimization strips)",
168
+ cp.gdpr.bidiPolicy === "strip" && cp.gdpr.maxBytes === 2000);
169
+ check("compliancePostures snippet budget scales base / ÷2 / ×2",
170
+ cp.hipaa.forensicSnippetBytes === 256 && cp["pci-dss"].forensicSnippetBytes === 256 &&
171
+ cp.gdpr.forensicSnippetBytes === 128 && cp.soc2.forensicSnippetBytes === 512);
172
+ check("compliancePostures every posture is frozen", Object.isFrozen(cp) && Object.isFrozen(cp.gdpr));
173
+ var cpOv = gc.compliancePostures(PROFILES, { base: 256, overlays: { gdpr: { bidiPolicy: "audit" } } });
174
+ check("compliancePostures overlay merges last (per-posture intended delta)",
175
+ cpOv.gdpr.bidiPolicy === "audit" && cpOv.gdpr.maxBytes === 2000);
176
+ var threwBase = null;
177
+ try { gc.compliancePostures(PROFILES, { base: 7 }); } catch (e) { threwBase = e; }
178
+ check("compliancePostures throws on a non-even base (config-time)", threwBase !== null);
179
+ var threwProf = null;
180
+ try { gc.compliancePostures({ strict: {} }, { base: 256 }); } catch (e) { threwProf = e; }
181
+ check("compliancePostures throws when profiles lack strict+balanced", threwProf !== null);
182
+
183
+ // strictDefaults unit: strict profile + enforce mode + overlay.
184
+ var sd = gc.strictDefaults({ strict: { bidiPolicy: "reject", maxBytes: 100 } });
185
+ check("strictDefaults = strict profile + mode:enforce",
186
+ sd.bidiPolicy === "reject" && sd.maxBytes === 100 && sd.mode === "enforce" && Object.isFrozen(sd));
187
+ var sdo = gc.strictDefaults({ strict: { bidiPolicy: "reject" } }, { maxRuntimeMs: 9000 });
188
+ check("strictDefaults overlay merges last", sdo.maxRuntimeMs === 9000 && sdo.mode === "enforce");
189
+ check("strictDefaults overlay may override mode",
190
+ gc.strictDefaults({ strict: {} }, { mode: "audit" }).mode === "audit");
191
+ var sdThrew = null;
192
+ try { gc.strictDefaults({ balanced: {} }); } catch (e) { sdThrew = e; }
193
+ check("strictDefaults throws when profiles lack strict", sdThrew !== null);
194
+
195
+ // detectStringInput unit: the whole string-detector preamble → { done, issues }.
196
+ var dsiBad = gc.detectStringInput(12345, {}, { name: "cidr" });
197
+ check("detectStringInput non-string → done + typed bad-input issue",
198
+ dsiBad.done === true && dsiBad.issues[0].kind === "bad-input" &&
199
+ dsiBad.issues[0].ruleId === "cidr.bad-input" && dsiBad.issues[0].snippet === "cidr is not a string");
200
+ var dsiEmpty = gc.detectStringInput("", {}, { name: "cidr" });
201
+ check("detectStringInput empty (issue mode) → done + <name>.empty issue",
202
+ dsiEmpty.done === true && dsiEmpty.issues[0].kind === "empty" &&
203
+ dsiEmpty.issues[0].ruleId === "cidr.empty" && dsiEmpty.issues[0].snippet === "cidr is empty");
204
+ var dsiOk = gc.detectStringInput("", {}, { name: "shell", emptyMode: "ok" });
205
+ check("detectStringInput emptyMode 'ok' → done + [] (empty is legal)",
206
+ dsiOk.done === true && JSON.stringify(dsiOk.issues) === "[]");
207
+ check("detectStringInput emptyMode 'skip' → not done on empty (detector owns empty)",
208
+ gc.detectStringInput("", {}, { name: "domain", emptyMode: "skip" }).done === false);
209
+ var dsiCap = gc.detectStringInput("aaaa", {}, { name: "cidr", cap: { bytes: 2 } });
210
+ check("detectStringInput over byte cap → done + default <name>-cap issue",
211
+ dsiCap.done === true && dsiCap.issues[0].kind === "cidr-cap" &&
212
+ dsiCap.issues[0].ruleId === "cidr.cidr-cap" && dsiCap.issues[0].snippet === "cidr input exceeds maxBytes 2");
213
+ var dsiCapOv = gc.detectStringInput("aaaa", {}, { name: "jsonpath", cap: { bytes: 2, kind: "pattern-cap", snippet: "jsonpath exceeds maxPatternBytes 2" } });
214
+ check("detectStringInput cap.kind + cap.snippet override",
215
+ dsiCapOv.issues[0].kind === "pattern-cap" && dsiCapOv.issues[0].ruleId === "jsonpath.pattern-cap" &&
216
+ dsiCapOv.issues[0].snippet === "jsonpath exceeds maxPatternBytes 2");
217
+ check("detectStringInput cap.snippet function receives (byteLen, bytes)",
218
+ gc.detectStringInput("aaaa", {}, { name: "domain", cap: { bytes: 2, snippet: function (n, m) { return "domain " + n + " octets exceeds " + m; } } }).issues[0].snippet === "domain 4 octets exceeds 2");
219
+ var dsiCont = gc.detectStringInput("hello", {}, { name: "cidr" });
220
+ check("detectStringInput non-empty under cap → not done + codepoint-threat array",
221
+ dsiCont.done === false && Array.isArray(dsiCont.issues));
222
+ check("detectStringInput scanCodepoints:false → not done + [] (guard scans later / parses its own)",
223
+ (function () { var r = gc.detectStringInput("hello", {}, { name: "json", scanCodepoints: false }); return r.done === false && JSON.stringify(r.issues) === "[]"; })());
224
+ check("detectStringInput cap measures BYTES not chars (multibyte over byte cap caps)",
225
+ gc.detectStringInput("é", {}, { name: "x", cap: { bytes: 1 } }).done === true &&
226
+ gc.detectStringInput("é", {}, { name: "x", cap: { bytes: 1 } }).issues[0].kind === "x-cap");
227
+ check("detectStringInput noun overrides the bad-input subject",
228
+ gc.detectStringInput(1, {}, { name: "regex", noun: "regex pattern" }).issues[0].snippet === "regex pattern is not a string");
229
+ var dsiThrew = null;
230
+ try { gc.detectStringInput("x", {}, {}); } catch (e) { dsiThrew = e; }
231
+ check("detectStringInput throws on missing cfg.name (config-time)", dsiThrew !== null);
232
+
233
+ // ---- identifierFixtures: an identifier guard's INTEGRATION_FIXTURES from
234
+ // one benign + one hostile sample (byte forms derived, not re-typed).
235
+ var idfx = gc.identifierFixtures("example.com", "192.168.1.1");
236
+ check("identifierFixtures kind is identifier", idfx.kind === "identifier");
237
+ check("identifierFixtures keeps the benign/hostile identifier strings",
238
+ idfx.benignIdentifier === "example.com" && idfx.hostileIdentifier === "192.168.1.1");
239
+ check("identifierFixtures derives byte forms as utf8 Buffers",
240
+ Buffer.isBuffer(idfx.benignBytes) && idfx.benignBytes.equals(Buffer.from("example.com", "utf8")) &&
241
+ Buffer.isBuffer(idfx.hostileBytes) && idfx.hostileBytes.equals(Buffer.from("192.168.1.1", "utf8")));
242
+ check("identifierFixtures result is frozen", Object.isFrozen(idfx));
243
+ var idfxAscii = gc.identifierFixtures("EHLO x", "A\r\n.\r\nB", "ascii");
244
+ check("identifierFixtures encoding param drives the byte form (ascii)",
245
+ idfxAscii.benignBytes.equals(Buffer.from("EHLO x", "ascii")) &&
246
+ idfxAscii.hostileBytes.equals(Buffer.from("A\r\n.\r\nB", "ascii")));
247
+ var idfxThrew = function (fn) { try { fn(); return false; } catch (_e) { return true; } };
248
+ check("identifierFixtures throws on empty benign (config-time)",
249
+ idfxThrew(function () { gc.identifierFixtures("", "h"); }));
250
+ check("identifierFixtures throws on non-string hostile (config-time)",
251
+ idfxThrew(function () { gc.identifierFixtures("b", 5); }));
252
+ check("identifierFixtures throws on unknown encoding (config-time)",
253
+ idfxThrew(function () { gc.identifierFixtures("b", "h", "utf-99"); }));
254
+
255
+ // ---- markup URL-scheme constants (shared by guard-html / guard-svg).
256
+ check("DANGEROUS_URL_SCHEMES denies the script + dangerous-resource schemes",
257
+ gc.DANGEROUS_URL_SCHEMES.indexOf("javascript") !== -1 &&
258
+ gc.DANGEROUS_URL_SCHEMES.indexOf("ecmascript") !== -1 &&
259
+ gc.DANGEROUS_URL_SCHEMES.indexOf("data") !== -1 &&
260
+ gc.DANGEROUS_URL_SCHEMES.indexOf("file") !== -1);
261
+ check("DANGEROUS_URL_SCHEMES does not contain a safe scheme",
262
+ gc.DANGEROUS_URL_SCHEMES.indexOf("https") === -1 &&
263
+ gc.DANGEROUS_URL_SCHEMES.indexOf("mailto") === -1);
264
+ check("DANGEROUS_URL_SCHEMES is frozen", Object.isFrozen(gc.DANGEROUS_URL_SCHEMES));
265
+ check("SAFE_URL_SCHEMES is the strict allowlist base [http, https, mailto, tel]",
266
+ JSON.stringify(gc.SAFE_URL_SCHEMES) === JSON.stringify(["http", "https", "mailto", "tel"]) &&
267
+ Object.isFrozen(gc.SAFE_URL_SCHEMES));
268
+ check("SAFE and DANGEROUS scheme sets are disjoint",
269
+ gc.SAFE_URL_SCHEMES.every(function (s) { return gc.DANGEROUS_URL_SCHEMES.indexOf(s) === -1; }));
270
+
271
+ // ---- resolveProfileName: profile-precedence name resolution, no throw.
272
+ var POST = { hipaa: "strict", gdpr: "balanced" };
273
+ check("resolveProfileName: explicit profile wins",
274
+ gc.resolveProfileName({ profile: "permissive", posture: "hipaa" }, POST, "strict") === "permissive");
275
+ check("resolveProfileName: posture maps to its tier when no profile",
276
+ gc.resolveProfileName({ posture: "gdpr" }, POST, "strict") === "balanced");
277
+ check("resolveProfileName: falls back to the default",
278
+ gc.resolveProfileName({}, POST, "strict") === "strict");
279
+ check("resolveProfileName: does not validate (returns an unknown name unchanged)",
280
+ gc.resolveProfileName({ profile: "bogus" }, POST, "strict") === "bogus");
281
+ check("resolveProfileName: tolerates null opts",
282
+ gc.resolveProfileName(null, POST, "strict") === "strict");
283
+ }
284
+
285
+ module.exports = { run: run };
286
+
287
+ if (require.main === module) {
288
+ run().then(function () { console.log("[gate-contract-content-gate] OK — " + helpers.getChecks() + " checks passed"); })
289
+ .catch(function (e) { console.error("FAIL:", e.stack || e); process.exit(1); });
290
+ }