@blamejs/blamejs-shop 0.4.55 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/admin.js +385 -2
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +426 -366
  5. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  6. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  7. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  9. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  10. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  11. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  12. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  13. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  14. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  15. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  16. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  17. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  18. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  19. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  20. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  21. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  22. package/lib/vendor/blamejs/index.js +2 -0
  23. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  24. package/lib/vendor/blamejs/lib/acme.js +6 -5
  25. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  26. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  28. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  29. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  30. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  31. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  32. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  33. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  34. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  35. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  36. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  37. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  38. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  39. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  40. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  41. package/lib/vendor/blamejs/lib/archive.js +2 -10
  42. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  43. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  44. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  45. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  46. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  47. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  48. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  49. package/lib/vendor/blamejs/lib/audit.js +84 -0
  50. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  51. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  52. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  53. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  54. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  55. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  56. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  57. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  58. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  59. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  60. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  61. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  62. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  65. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  66. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  67. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  68. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  69. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  70. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  71. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  72. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  73. package/lib/vendor/blamejs/lib/cache.js +7 -18
  74. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  75. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  76. package/lib/vendor/blamejs/lib/cert.js +3 -10
  77. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  78. package/lib/vendor/blamejs/lib/cli.js +5 -1
  79. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  80. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  81. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  82. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  83. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  85. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  86. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  87. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  88. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  89. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  90. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  91. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  92. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  93. package/lib/vendor/blamejs/lib/cose.js +19 -11
  94. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  95. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  96. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  97. package/lib/vendor/blamejs/lib/csp.js +235 -3
  98. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  99. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  100. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  101. package/lib/vendor/blamejs/lib/db.js +34 -12
  102. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  103. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  104. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  105. package/lib/vendor/blamejs/lib/did.js +6 -2
  106. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  107. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  108. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  109. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  110. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  111. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  112. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  113. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  114. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  115. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  116. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  117. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  118. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  119. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  120. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  121. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  122. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  123. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  124. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  125. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  126. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  127. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  128. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  129. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  130. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  131. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  132. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  133. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  134. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  135. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  136. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  137. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  138. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  139. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  140. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  142. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  143. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  144. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  145. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  146. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  147. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  148. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  149. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  150. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  151. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  152. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  153. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  154. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  155. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  156. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  157. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  158. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  159. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  161. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  162. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  163. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  164. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  165. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  166. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  167. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  168. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  169. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  170. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  171. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  172. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  173. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  174. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  175. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  176. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  177. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  178. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  179. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  180. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  181. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  182. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  183. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  184. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  185. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  186. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  187. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  188. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  189. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  190. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  191. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  192. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  193. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  194. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  195. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  196. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  197. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  198. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  199. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  200. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  201. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  202. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  203. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  204. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  205. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  206. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  207. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  208. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  209. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  210. package/lib/vendor/blamejs/lib/mail.js +6 -11
  211. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  212. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  213. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  214. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  215. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  216. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  217. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  218. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  219. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  220. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  221. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  222. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  223. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  224. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  225. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  226. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  227. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  228. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  229. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  230. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  231. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  232. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  233. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  234. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  235. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  236. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  237. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  238. package/lib/vendor/blamejs/lib/money.js +105 -0
  239. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  240. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  241. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  242. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  243. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  244. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  245. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  246. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  247. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  248. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  249. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  251. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  252. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  253. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  254. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  255. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  256. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  257. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  258. package/lib/vendor/blamejs/lib/observability.js +95 -0
  259. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  260. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  261. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  262. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  263. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  265. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  266. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  267. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  268. package/lib/vendor/blamejs/lib/pick.js +63 -5
  269. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  270. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  271. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  272. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  273. package/lib/vendor/blamejs/lib/redact.js +2 -1
  274. package/lib/vendor/blamejs/lib/render.js +4 -2
  275. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  276. package/lib/vendor/blamejs/lib/restore.js +5 -22
  277. package/lib/vendor/blamejs/lib/retention.js +3 -5
  278. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  279. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  280. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  282. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  283. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  284. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  285. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  286. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  287. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  288. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  289. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  290. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  291. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  292. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  293. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  294. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  295. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  296. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  297. package/lib/vendor/blamejs/lib/session.js +194 -6
  298. package/lib/vendor/blamejs/lib/sql.js +225 -78
  299. package/lib/vendor/blamejs/lib/sse.js +6 -10
  300. package/lib/vendor/blamejs/lib/static.js +136 -98
  301. package/lib/vendor/blamejs/lib/storage.js +4 -2
  302. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  303. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  304. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  305. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  306. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  307. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  308. package/lib/vendor/blamejs/lib/vc.js +2 -7
  309. package/lib/vendor/blamejs/lib/vex.js +35 -13
  310. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  311. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  312. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  313. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  314. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  315. package/lib/vendor/blamejs/lib/worm.js +2 -3
  316. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  317. package/lib/vendor/blamejs/package.json +1 -1
  318. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  319. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  320. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  321. package/lib/vendor/blamejs/test/10-state.js +9 -3
  322. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  323. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  324. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  325. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  326. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  329. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  330. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  335. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  336. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  338. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  342. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  346. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  348. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  391. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  397. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  398. package/lib/winback-campaigns.js +202 -42
  399. package/package.json +1 -1
@@ -203,6 +203,40 @@ function testGuardJsonStringLengthCap() {
203
203
  rv.issues.some(function (i) { return i.kind === "string-too-long"; }));
204
204
  }
205
205
 
206
+ function testGuardJsonByteCap() {
207
+ // maxBytes is a BYTE cap — multibyte input must be measured by UTF-8
208
+ // byte length, not UTF-16 code-unit count (.length). "é" is one code
209
+ // unit but two bytes, so a string under the char count can still
210
+ // exceed the byte cap.
211
+ var inner = "é".repeat(25);
212
+ var s = JSON.stringify(inner); // .length ~27, bytes ~52
213
+ var byteLen = Buffer.byteLength(s, "utf8");
214
+ // Cap sits between the code-unit count and the byte length so a
215
+ // char-length check would (wrongly) pass while a byte check refuses.
216
+ var cap = s.length + 5;
217
+ check("byte-cap fixture: bytes exceed cap but code units do not",
218
+ byteLen > cap && s.length <= cap);
219
+ var rv = b.guardJson.validate(s, { maxBytes: cap });
220
+ check("multibyte input over the byte cap is refused (too-large by bytes)",
221
+ rv.issues.some(function (i) {
222
+ return i.kind === "too-large" && i.ruleId === "json.too-large";
223
+ }));
224
+
225
+ // ASCII inputs (one byte per code unit) are unaffected — a byte-length
226
+ // cap that exactly admits the string must still pass.
227
+ var ascii = '"' + "x".repeat(20) + '"'; // 22 bytes, 22 code units
228
+ var rvAscii = b.guardJson.validate(ascii, { maxBytes: 64 });
229
+ check("ASCII input within the byte cap is not flagged too-large",
230
+ !rvAscii.issues.some(function (i) { return i.kind === "too-large"; }));
231
+
232
+ // Non-string input keeps the bad-input shape and now carries a ruleId.
233
+ var rvBad = b.guardJson.validate(12345, { maxBytes: 64 });
234
+ check("non-string input → bad-input with json.bad-input ruleId",
235
+ rvBad.issues.some(function (i) {
236
+ return i.kind === "bad-input" && i.ruleId === "json.bad-input";
237
+ }));
238
+ }
239
+
206
240
  function testGuardJsonNumericPrecision() {
207
241
  var rv = b.guardJson.validate('{"id":99999999999999999999}', { profile: "strict" });
208
242
  check("numeric precision-loss detected (above MAX_SAFE_INTEGER)",
@@ -267,6 +301,24 @@ async function testGuardJsonGate() {
267
301
  hostile.action !== "serve");
268
302
  }
269
303
 
304
+ async function testGuardJsonGateSanitizeByPolicy() {
305
+ // The gate decides sanitize-vs-refuse from the finding's OWN policy, not a
306
+ // global "is any policy reject?" guess that wrongly blocked sanitize for
307
+ // unrelated findings. So the SAME __proto__ input REFUSES under
308
+ // pollutionPolicy=reject and SANITIZES under pollutionPolicy=strip (the
309
+ // parse drops __proto__) — independent of the other policies' reject state.
310
+ var pollute = Buffer.from('{"__proto__":{"x":1},"keep":2}', "utf8");
311
+ var reject = await b.guardJson.gate({ profile: "strict", pollutionPolicy: "reject" })
312
+ .check({ bytes: pollute });
313
+ check("pollutionPolicy=reject → refuse", reject.action === "refuse");
314
+ var strip = await b.guardJson.gate({ profile: "strict", pollutionPolicy: "strip" })
315
+ .check({ bytes: pollute });
316
+ check("pollutionPolicy=strip → sanitize (__proto__ dropped per policy)",
317
+ strip.action === "sanitize" &&
318
+ strip.sanitized.toString("utf8").indexOf("__proto__") === -1 &&
319
+ strip.sanitized.toString("utf8").indexOf("keep") !== -1);
320
+ }
321
+
270
322
  function testGuardJsonCompliancePosture() {
271
323
  var hipaa = b.guardJson.compliancePosture("hipaa");
272
324
  check("compliancePosture('hipaa') sets reject policies",
@@ -304,6 +356,7 @@ async function run() {
304
356
  testGuardJsonKeyCountCap();
305
357
  testGuardJsonArrayLengthCap();
306
358
  testGuardJsonStringLengthCap();
359
+ testGuardJsonByteCap();
307
360
  testGuardJsonNumericPrecision();
308
361
  testGuardJsonTopLevelKeyAllowlist();
309
362
  testGuardJsonBidi();
@@ -312,6 +365,7 @@ async function run() {
312
365
  testGuardJsonCompliancePosture();
313
366
  testGuardJsonBadProfile();
314
367
  await testGuardJsonGate();
368
+ await testGuardJsonGateSanitizeByPolicy();
315
369
  }
316
370
 
317
371
  module.exports = { run: run };
@@ -278,7 +278,17 @@ function testBSurface() {
278
278
  typeof b.guardManageSieveCommand.GuardManageSieveCommandError === "function");
279
279
  }
280
280
 
281
+ function testByteCapMultibyte() {
282
+ // maxLineBytes is a BYTE cap (regression for byte-cap-vs-char-length).
283
+ var line = String.fromCharCode(0x4e2d).repeat(2731); // 8193 UTF-8 bytes; strict cap 8192
284
+ var threw = null;
285
+ try { guardManageSieveCommand.validate(line, { profile: "strict" }); } catch (e) { threw = e; }
286
+ check("managesieve byte-cap: oversize multibyte line refused as line-too-long",
287
+ threw && threw.code === "guard-managesieve-command/line-too-long");
288
+ }
289
+
281
290
  function run() {
291
+ testByteCapMultibyte();
282
292
  testBSurface();
283
293
  testSurface();
284
294
  testHappyPath();
@@ -199,6 +199,35 @@ function testGuardMarkdownBlockquoteDepthCap() {
199
199
  rv.issues.some(function (i) { return i.kind === "blockquote-depth-cap"; }));
200
200
  }
201
201
 
202
+ function testGuardMarkdownByteCap() {
203
+ // maxBytes is a BYTE limit. A multibyte string can stay under the cap by
204
+ // UTF-16 code-unit count (.length) while its UTF-8 encoding blows past it,
205
+ // so the cap must measure Buffer.byteLength, never .length. "é" (U+00E9)
206
+ // is 1 code unit but 2 UTF-8 bytes: 8 of them = .length 8 (under a 10-byte
207
+ // cap by char count) yet 16 bytes (over it).
208
+ var multibyte = "é".repeat(8);
209
+ check("multibyte input is 8 UTF-16 units but 16 UTF-8 bytes",
210
+ multibyte.length === 8 && Buffer.byteLength(multibyte, "utf8") === 16);
211
+
212
+ var rvOver = b.guardMarkdown.validate(multibyte, { maxBytes: 10 });
213
+ var cap = rvOver.issues.filter(function (i) { return i.kind === "too-large"; });
214
+ check("multibyte over the BYTE cap fires too-large (not char-count-gated)",
215
+ cap.length === 1);
216
+ check("too-large snippet reports the BYTE length, not the char count",
217
+ cap.length === 1 && /16 bytes exceeds maxBytes 10/.test(cap[0].snippet));
218
+ check("too-large carries ruleId markdown.too-large",
219
+ cap.length === 1 && cap[0].ruleId === "markdown.too-large");
220
+
221
+ // ASCII is unaffected: byte length equals char length, so the cap behaves
222
+ // identically before and after the fix.
223
+ var rvAsciiUnder = b.guardMarkdown.validate("aaaaaaaa", { maxBytes: 10 });
224
+ check("ASCII under the byte cap → no too-large",
225
+ !rvAsciiUnder.issues.some(function (i) { return i.kind === "too-large"; }));
226
+ var rvAsciiOver = b.guardMarkdown.validate("aaaaaaaaaaaaaaaa", { maxBytes: 10 });
227
+ check("ASCII over the byte cap → too-large still fires",
228
+ rvAsciiOver.issues.some(function (i) { return i.kind === "too-large"; }));
229
+ }
230
+
202
231
  function testGuardMarkdownSanitizeRefusesCritical() {
203
232
  var threw = null;
204
233
  try { b.guardMarkdown.sanitize(
@@ -208,6 +237,20 @@ function testGuardMarkdownSanitizeRefusesCritical() {
208
237
  threw && /scheme|refused/.test(threw.code || threw.message || ""));
209
238
  }
210
239
 
240
+ function testGuardMarkdownSanitizeRefusesBadInput() {
241
+ // A non-string/Buffer sanitize input is unprocessable — it must throw a typed
242
+ // markdown.bad-input, NEVER silently return the garbage. (sanitizeSeverities
243
+ // is ["critical"], so the high-severity bad-input issue is not a content
244
+ // refusal; the generated sanitize refuses a `bad-input` KIND unconditionally.)
245
+ [123, null, {}, [1, 2, 3], true].forEach(function (bad) {
246
+ var threw = null;
247
+ try { b.guardMarkdown.sanitize(bad, { profile: "strict" }); }
248
+ catch (e) { threw = e; }
249
+ check("sanitize(" + JSON.stringify(bad) + ") throws markdown.bad-input (no silent pass)",
250
+ threw && threw.code === "markdown.bad-input");
251
+ });
252
+ }
253
+
211
254
  async function testGuardMarkdownGate() {
212
255
  var g = b.guardMarkdown.gate({ profile: "strict" });
213
256
  var clean = await g.check({
@@ -257,7 +300,9 @@ async function run() {
257
300
  testGuardMarkdownLinkCap();
258
301
  testGuardMarkdownListDepthCap();
259
302
  testGuardMarkdownBlockquoteDepthCap();
303
+ testGuardMarkdownByteCap();
260
304
  testGuardMarkdownSanitizeRefusesCritical();
305
+ testGuardMarkdownSanitizeRefusesBadInput();
261
306
  testGuardMarkdownCompliancePosture();
262
307
  await testGuardMarkdownGate();
263
308
  }
@@ -0,0 +1,101 @@
1
+ "use strict";
2
+ /**
3
+ * guard-pdf — PDF content-safety primitive (b.guardPdf).
4
+ *
5
+ * Covers: surface; registry parity; magic-byte / declared-MIME mismatch;
6
+ * polyglot; JavaScript / Launch / OpenAction active-content detection;
7
+ * embedded files; encryption; inspectMagic; and the disarm-by-refusal
8
+ * sanitize — PDF active content lives in a cross-referenced object graph
9
+ * that cannot be excised without a vendored parser, so sanitize forces every
10
+ * active-content / exfil / encryption policy to reject and refuses anything
11
+ * it cannot disarm rather than passing a live action through.
12
+ */
13
+
14
+ var helpers = require("../helpers");
15
+ var b = helpers.b;
16
+ var check = helpers.check;
17
+
18
+ var _PDF = Buffer.from([0x25, 0x50, 0x44, 0x46, 0x2D]); // %PDF-
19
+ function _code(fn) { try { fn(); return null; } catch (e) { return e && e.code; } }
20
+
21
+ function testGuardPdfSurface() {
22
+ check("guardPdf is an object", typeof b.guardPdf === "object");
23
+ check("guardPdf.NAME === 'pdf'", b.guardPdf.NAME === "pdf");
24
+ check("guardPdf.PROFILES has strict", !!b.guardPdf.PROFILES["strict"]);
25
+ check("guardPdf.COMPLIANCE_POSTURES hipaa", !!b.guardPdf.COMPLIANCE_POSTURES["hipaa"]);
26
+ check("guardPdf.validate is a function", typeof b.guardPdf.validate === "function");
27
+ check("guardPdf.sanitize is a function", typeof b.guardPdf.sanitize === "function");
28
+ check("guardPdf.gate is a function", typeof b.guardPdf.gate === "function");
29
+ check("frameworkError.GuardPdfError exposed", typeof b.frameworkError.GuardPdfError === "function");
30
+ }
31
+
32
+ function testGuardPdfRegistryParity() {
33
+ check("guardPdf registered in guardAll",
34
+ b.guardAll.allGuards().some(function (g) { return (g.name || g.NAME) === "pdf"; }));
35
+ }
36
+
37
+ function testValidateActiveContent() {
38
+ var rv = b.guardPdf.validate({ bytes: _PDF, hasJavaScript: true }, { profile: "strict" });
39
+ check("javascript: validate ok:false", rv.ok === false);
40
+ check("javascript: kind reported", rv.issues.some(function (i) { return i.kind === "javascript-action"; }));
41
+ }
42
+
43
+ // ---- disarm-by-refusal sanitize ----
44
+
45
+ function testSanitizeInertPassthrough() {
46
+ var inert = { bytes: _PDF };
47
+ var out = b.guardPdf.sanitize(inert, { profile: "balanced" });
48
+ check("inert PDF passes through unchanged", out === inert);
49
+ }
50
+
51
+ function testSanitizeRefusesJavaScript() {
52
+ check("javascript refused",
53
+ _code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasJavaScript: true }, { profile: "balanced" }); }) === "pdf.javascript-action");
54
+ }
55
+
56
+ function testSanitizeRefusesLaunch() {
57
+ check("launch refused",
58
+ _code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasLaunchAction: true }, { profile: "balanced" }); }) === "pdf.launch-action");
59
+ }
60
+
61
+ function testSanitizeForcesOpenActionReject() {
62
+ // open-action is warn-level under permissive at the gate, but sanitize forces
63
+ // reject (it cannot strip the action) → refuse, never a silent passthrough.
64
+ check("open-action refused under sanitize even at permissive",
65
+ _code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasOpenAction: true }, { profile: "permissive" }); }) === "pdf.open-action");
66
+ }
67
+
68
+ function testSanitizeForcesEmbeddedFileReject() {
69
+ check("embedded-file refused under sanitize even at permissive",
70
+ _code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasEmbeddedFiles: true }, { profile: "permissive" }); }) === "pdf.embedded-file");
71
+ }
72
+
73
+ function testSanitizeForcesEncryptedReject() {
74
+ check("encrypted refused under sanitize even at permissive",
75
+ _code(function () { b.guardPdf.sanitize({ bytes: _PDF, isEncrypted: true }, { profile: "permissive" }); }) === "pdf.encrypted");
76
+ }
77
+
78
+ function testSanitizeBadInput() {
79
+ check("bad input refused",
80
+ _code(function () { b.guardPdf.sanitize(null, { profile: "balanced" }); }) === "pdf.bad-input");
81
+ }
82
+
83
+ function run() {
84
+ testGuardPdfSurface();
85
+ testGuardPdfRegistryParity();
86
+ testValidateActiveContent();
87
+ testSanitizeInertPassthrough();
88
+ testSanitizeRefusesJavaScript();
89
+ testSanitizeRefusesLaunch();
90
+ testSanitizeForcesOpenActionReject();
91
+ testSanitizeForcesEmbeddedFileReject();
92
+ testSanitizeForcesEncryptedReject();
93
+ testSanitizeBadInput();
94
+ }
95
+
96
+ module.exports = { run: run };
97
+
98
+ if (require.main === module) {
99
+ try { run(); console.log("[guard-pdf] OK — " + helpers.getChecks() + " checks passed"); }
100
+ catch (e) { console.error("FAIL:", e.stack || e); process.exit(1); }
101
+ }
@@ -143,7 +143,25 @@ function testCompliancePosture() {
143
143
  check("posture: unknown → null", b.guardPop3Command.compliancePosture("nope") === null);
144
144
  }
145
145
 
146
+ function testByteCapMultibyte() {
147
+ // maxLineBytes / maxUsernameBytes / maxPasswordBytes are BYTE caps.
148
+ var mb = String.fromCharCode(0x4e2d); // one 3-byte UTF-8 char
149
+ var t1 = null;
150
+ try { b.guardPop3Command.validate(mb.repeat(100), { profile: "strict", tls: true }); } catch (e) { t1 = e; }
151
+ check("pop3 byte-cap: oversize multibyte line refused as line-too-long",
152
+ t1 && t1.code === "guard-pop3-command/line-too-long");
153
+ var t2 = null;
154
+ try { b.guardPop3Command.validate("USER " + mb.repeat(40), { profile: "strict", tls: true }); } catch (e) { t2 = e; }
155
+ check("pop3 byte-cap: oversize multibyte USER name refused",
156
+ t2 && t2.code === "guard-pop3-command/username-too-long");
157
+ var t3 = null;
158
+ try { b.guardPop3Command.validate("PASS " + mb.repeat(40), { profile: "strict", tls: true }); } catch (e) { t3 = e; }
159
+ check("pop3 byte-cap: oversize multibyte PASS argument refused",
160
+ t3 && t3.code === "guard-pop3-command/password-too-long");
161
+ }
162
+
146
163
  function run() {
164
+ testByteCapMultibyte();
147
165
  testSurface();
148
166
  testHappyPath();
149
167
  testCleartextAuthRefused();
@@ -203,6 +203,53 @@ function testGuardSvgCaps() {
203
203
  rv.issues.some(function (issue) { return issue.kind === "use-depth-cap"; }));
204
204
  }
205
205
 
206
+ function testGuardSvgByteCapsMeasureBytes() {
207
+ // Caps named in *Bytes must measure UTF-8 bytes, not UTF-16 code units.
208
+ // "é" is one code unit (.length 1) but two UTF-8 bytes. A 50-char run is
209
+ // 50 code units / 100 bytes — under a 60 char-count but over a 60-byte cap.
210
+ var multibyte = "é".repeat(50);
211
+ check("multibyte fixture: 50 code units, 100 UTF-8 bytes",
212
+ multibyte.length === 50 && Buffer.byteLength(multibyte, "utf8") === 100);
213
+
214
+ // Top-level maxBytes (validate path → tokenizer cap).
215
+ var rvSize = b.guardSvg.validate(multibyte, { profile: "strict", maxBytes: 60 });
216
+ check("validate: multibyte over byte cap reports too-large",
217
+ rvSize.issues.some(function (issue) {
218
+ return /exceeds maxBytes/.test(issue.snippet || "");
219
+ }));
220
+ check("validate: too-large snippet reports the BYTE count, not char count",
221
+ rvSize.issues.some(function (issue) {
222
+ return /input 100 bytes exceeds maxBytes 60/.test(issue.snippet || "");
223
+ }));
224
+
225
+ // Top-level maxBytes (sanitize path → throws).
226
+ var threwMb = null;
227
+ try { b.guardSvg.sanitize(multibyte, { profile: "strict", maxBytes: 60 }); }
228
+ catch (e) { threwMb = e; }
229
+ check("sanitize: multibyte over byte cap throws too-large with byte count",
230
+ threwMb && /input 100 bytes exceeds maxBytes 60/.test(threwMb.message));
231
+
232
+ // ASCII under the same cap stays unchanged (no false positive).
233
+ var rvAscii = b.guardSvg.validate("a".repeat(50), { profile: "strict", maxBytes: 60 });
234
+ check("validate: 50-byte ASCII under 60-byte cap is NOT flagged too-large",
235
+ !rvAscii.issues.some(function (issue) {
236
+ return /exceeds maxBytes/.test(issue.snippet || "");
237
+ }));
238
+
239
+ // Per-attribute maxAttrValueBytes measures bytes too.
240
+ var attrMb = "<svg><circle foo=\"" + "é".repeat(50) + "\"/></svg>";
241
+ var rvAttr = b.guardSvg.validate(attrMb,
242
+ { profile: "balanced", maxAttrValueBytes: 60, maxBytes: 1000000 });
243
+ check("validate: multibyte attr value over byte cap reports attr-value-too-large",
244
+ rvAttr.issues.some(function (issue) { return issue.ruleId === "svg.attr-size"; }));
245
+
246
+ var attrAscii = "<svg><circle foo=\"" + "a".repeat(50) + "\"/></svg>";
247
+ var rvAttrAscii = b.guardSvg.validate(attrAscii,
248
+ { profile: "balanced", maxAttrValueBytes: 60, maxBytes: 1000000 });
249
+ check("validate: 50-byte ASCII attr value under 60-byte cap NOT flagged",
250
+ !rvAttrAscii.issues.some(function (issue) { return issue.ruleId === "svg.attr-size"; }));
251
+ }
252
+
206
253
  function testGuardSvgSanitize() {
207
254
  var clean = b.guardSvg.sanitize("<svg><script>alert(1)</script><circle/></svg>",
208
255
  { profile: "strict" });
@@ -257,6 +304,33 @@ function testGuardSvgCompliancePosture() {
257
304
  threw && /unknown/.test(threw.message));
258
305
  }
259
306
 
307
+ function testGdprPostureMatchesBalancedTier() {
308
+ // gdpr is the balanced-tier posture for content guards (data-minimization
309
+ // strips rather than rejects, but structural threats stay rejected). svg's
310
+ // balanced profile allows cross-origin external refs (allowExternalRefs:
311
+ // true) while strict refuses them. A partial gdpr posture object that omits
312
+ // allowExternalRefs silently backfills the strict value, turning gdpr into
313
+ // an incoherent strict/balanced hybrid that rejects an external <use> the
314
+ // balanced tier accepts. Assert the gdpr verdict matches the balanced
315
+ // verdict for that exact input.
316
+ var external = '<svg><use xlink:href="https://cdn.example/icons.svg#x"/></svg>';
317
+ var gdpr = b.guardSvg.validate(external, { compliancePosture: "gdpr" });
318
+ var balanced = b.guardSvg.validate(external, { profile: "balanced" });
319
+
320
+ check("gdpr posture allows the same external <use> the balanced tier allows",
321
+ gdpr.ok === balanced.ok);
322
+ check("gdpr posture raises no external-ref the balanced tier does not",
323
+ !gdpr.issues.some(function (issue) { return issue.kind === "external-ref"; }));
324
+
325
+ // Structural identity: the gdpr posture is the balanced profile plus the
326
+ // data-minimization forensic budget (base 256 / 2 = 128), nothing
327
+ // strict-derived backfilled.
328
+ var expected = Object.assign({}, b.guardSvg.PROFILES.balanced,
329
+ { forensicSnippetBytes: 128 });
330
+ check("COMPLIANCE_POSTURES.gdpr deep-equals balanced + forensicSnippetBytes:128",
331
+ JSON.stringify(b.guardSvg.COMPLIANCE_POSTURES.gdpr) === JSON.stringify(expected));
332
+ }
333
+
260
334
  function testGuardSvgBadProfile() {
261
335
  var threw = null;
262
336
  try { b.guardSvg.validate("<svg/>", { profile: "made-up" }); }
@@ -279,8 +353,10 @@ async function run() {
279
353
  testGuardSvgCssInjection();
280
354
  testGuardSvgBidiNullControl();
281
355
  testGuardSvgCaps();
356
+ testGuardSvgByteCapsMeasureBytes();
282
357
  testGuardSvgSanitize();
283
358
  testGuardSvgCompliancePosture();
359
+ testGdprPostureMatchesBalancedTier();
284
360
  testGuardSvgBadProfile();
285
361
  await testGuardSvgGate();
286
362
  }