@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -66,22 +66,12 @@ function create(opts) {
66
66
  var standards = opts.standards.slice();
67
67
  var contact = opts.contact || null;
68
68
  var supervisoryAuthority = opts.supervisoryAuthority || null;
69
- var auditOn = opts.audit !== false;
70
69
  var now = typeof opts.now === "function" ? opts.now : function () { return Date.now(); };
71
70
 
72
71
  var criteria = new Map();
73
72
  var nonConformances = [];
74
73
 
75
- function _emitAudit(action, outcome, metadata) {
76
- if (!auditOn) return;
77
- try {
78
- audit().safeEmit({
79
- action: "compliance.eaa." + action,
80
- outcome: outcome,
81
- metadata: metadata || {},
82
- });
83
- } catch (_e) { /* drop-silent */ }
84
- }
74
+ var _emitAudit = audit().namespaced("compliance.eaa", opts.audit);
85
75
 
86
76
  function declareCriterion(id, decl) {
87
77
  if (typeof id !== "string" || id.length === 0) {
@@ -65,20 +65,25 @@ function create(opts) {
65
65
  "fetchOnStart", "audit",
66
66
  ], "compliance.sanctions.fetcher.create");
67
67
 
68
- if (!opts.screener || typeof opts.screener.reload !== "function") {
69
- throw new SanctionsFetcherError("sanctions-fetcher/bad-screener",
70
- "fetcher.create: screener must be a sanctions.create() instance");
71
- }
72
- if (typeof opts.fetch !== "function") {
73
- throw new SanctionsFetcherError("sanctions-fetcher/bad-fetch",
74
- "fetcher.create: fetch must be an async function returning entry[]");
75
- }
76
- validateOpts.optionalPositiveFinite(opts.intervalMs,
77
- "fetcher.create: intervalMs", SanctionsFetcherError, "sanctions-fetcher/bad-opts");
78
- validateOpts.optionalFunction(opts.onRefreshed,
79
- "fetcher.create: onRefreshed", SanctionsFetcherError, "sanctions-fetcher/bad-opts");
80
- validateOpts.optionalFunction(opts.onError,
81
- "fetcher.create: onError", SanctionsFetcherError, "sanctions-fetcher/bad-opts");
68
+ validateOpts.shape(opts, {
69
+ screener: function (value) {
70
+ if (!value || typeof value.reload !== "function") {
71
+ throw new SanctionsFetcherError("sanctions-fetcher/bad-screener",
72
+ "fetcher.create: screener must be a sanctions.create() instance");
73
+ }
74
+ },
75
+ fetch: function (value) {
76
+ if (typeof value !== "function") {
77
+ throw new SanctionsFetcherError("sanctions-fetcher/bad-fetch",
78
+ "fetcher.create: fetch must be an async function returning entry[]");
79
+ }
80
+ },
81
+ intervalMs: "optional-positive-finite",
82
+ onRefreshed: "optional-function",
83
+ onError: "optional-function",
84
+ fetchOnStart: "optional-boolean",
85
+ audit: "optional-boolean",
86
+ }, "fetcher.create", SanctionsFetcherError, "sanctions-fetcher/bad-opts");
82
87
 
83
88
  var intervalMs = opts.intervalMs || C.TIME.hours(24);
84
89
  var fetchOnStart = opts.fetchOnStart !== false;
@@ -93,21 +98,9 @@ function create(opts) {
93
98
  var refreshCount = 0;
94
99
  var failureCount = 0;
95
100
 
96
- function _emitAudit(action, outcome, metadata) {
97
- if (!auditOn) return;
98
- try {
99
- audit().safeEmit({
100
- action: action,
101
- outcome: outcome,
102
- metadata: metadata || {},
103
- });
104
- } catch (_e) { /* drop-silent */ }
105
- }
101
+ var _emitAudit = audit().namespaced(null, { audit: auditOn });
106
102
 
107
- function _emitMetric(verb, n) {
108
- try { observability().safeEvent("compliance.sanctions.fetcher." + verb, n || 1, {}); }
109
- catch (_e) { /* drop-silent */ }
110
- }
103
+ var _emitMetric = observability().namespaced("compliance.sanctions.fetcher");
111
104
 
112
105
  async function _tick() {
113
106
  if (stopping) return;
@@ -284,21 +284,9 @@ function create(opts) {
284
284
  // strings.
285
285
  var index = opts.entries.map(_normalizeEntry);
286
286
 
287
- function _emitAudit(action, outcome, metadata) {
288
- if (!auditOn) return;
289
- try {
290
- audit().safeEmit({
291
- action: action,
292
- outcome: outcome,
293
- metadata: metadata || {},
294
- });
295
- } catch (_e) { /* drop-silent — audit sink */ }
296
- }
287
+ var _emitAudit = audit().namespaced(null, { audit: auditOn });
297
288
 
298
- function _emitMetric(verb, n, labels) {
299
- try { observability().safeEvent("compliance.sanctions." + verb, n || 1, labels || {}); }
300
- catch (_e) { /* drop-silent */ }
301
- }
289
+ var _emitMetric = observability().namespaced("compliance.sanctions");
302
290
 
303
291
  function _exactMatch(qNorm, candidate) {
304
292
  for (var i = 0; i < candidate._allNamesNormalized.length; i++) {
@@ -47,6 +47,7 @@ var aiAct = require("./compliance-ai-act");
47
47
  var { ComplianceError } = require("./framework-error");
48
48
 
49
49
  var audit = lazyRequire(function () { return require("./audit"); });
50
+ var auditEmit = require("./audit-emit");
50
51
  var retentionMod = lazyRequire(function () { return require("./retention"); });
51
52
  var db = lazyRequire(function () { return require("./db"); });
52
53
  var cryptoField = lazyRequire(function () { return require("./crypto-field"); });
@@ -316,15 +317,7 @@ var ARTIFACT_STANDARDS = Object.freeze([
316
317
 
317
318
  var STATE = { posture: null, setAt: null, fipsMode: false };
318
319
 
319
- function _emitAudit(action, metadata, outcome) {
320
- try {
321
- audit().safeEmit({
322
- action: action,
323
- outcome: outcome || "success",
324
- metadata: metadata,
325
- });
326
- } catch (_e) { /* audit best-effort */ }
327
- }
320
+ var _emitAudit = auditEmit.emit;
328
321
 
329
322
  /**
330
323
  * @primitive b.compliance.set
@@ -47,6 +47,7 @@ var { defineClass } = require("./framework-error");
47
47
  var atomicFile = require("./atomic-file");
48
48
 
49
49
  var audit = lazyRequire(function () { return require("./audit"); });
50
+ var auditEmit = require("./audit-emit");
50
51
 
51
52
  var ConfigDriftError = defineClass("ConfigDriftError", { alwaysPermanent: true });
52
53
  var _err = ConfigDriftError.factory;
@@ -159,18 +160,7 @@ function create(opts) {
159
160
  var sidecarPath = nodePath.join(dataDir,
160
161
  baselineName === "default" ? SIDECAR_NAME : ("config-baseline-" + baselineName + ".sig"));
161
162
 
162
- function _emit(action, info, outcome) {
163
- if (!auditOn) return;
164
- var sink = auditInstance || audit();
165
- try {
166
- sink.safeEmit({
167
- action: action,
168
- outcome: outcome,
169
- metadata: info || {},
170
- reason: info && info.reason ? info.reason : null,
171
- });
172
- } catch (_e) { /* audit best-effort */ }
173
- }
163
+ var _emit = auditEmit.gatedReasonEmitter({ audit: auditOn, sink: auditInstance });
174
164
 
175
165
  function _readSidecar() {
176
166
  if (!nodeFs.existsSync(sidecarPath)) return null;
@@ -29,6 +29,7 @@
29
29
 
30
30
  var nodeCrypto = require("node:crypto");
31
31
  var bCrypto = require("./crypto");
32
+ var safeBuffer = require("./safe-buffer");
32
33
  var structuredFields = require("./structured-fields");
33
34
  var validateOpts = require("./validate-opts");
34
35
  var { defineClass } = require("./framework-error");
@@ -59,12 +60,12 @@ function _strictBase64(s, what) {
59
60
  return buf;
60
61
  }
61
62
 
62
- function _bodyBytes(body, what) {
63
- if (Buffer.isBuffer(body)) return body;
64
- if (body instanceof Uint8Array) return Buffer.from(body);
65
- if (typeof body === "string") return Buffer.from(body, "utf8");
66
- throw new ContentDigestError("content-digest/bad-body", "contentDigest: " + what + " must be a Buffer / Uint8Array / string");
67
- }
63
+ var _bodyBytes = safeBuffer.makeByteCoercer({
64
+ errorClass: ContentDigestError,
65
+ typeCode: "content-digest/bad-body",
66
+ messagePrefix: "contentDigest: ",
67
+ messageSuffix: " must be a Buffer / Uint8Array / string",
68
+ });
68
69
 
69
70
  /**
70
71
  * @primitive b.contentDigest.create
@@ -150,8 +151,9 @@ function verify(fieldValue, body, opts) {
150
151
  if (m === "") continue;
151
152
  var eq = m.indexOf("=");
152
153
  if (eq < 1) throw new ContentDigestError("content-digest/bad-field", "contentDigest.verify: malformed dictionary member");
153
- var name = m.slice(0, eq).trim().toLowerCase();
154
- var raw = m.slice(eq + 1).trim();
154
+ var kvp = structuredFields.parseKeyValuePiece(m);
155
+ var name = kvp.key;
156
+ var raw = kvp.value.trim();
155
157
  var nodeAlg = ACTIVE[name];
156
158
  if (!nodeAlg) continue; // ignore legacy / unknown entries
157
159
  if (raw.length < 2 || raw.charAt(0) !== ":" || raw.charAt(raw.length - 1) !== ":") {
@@ -48,6 +48,7 @@
48
48
  */
49
49
 
50
50
  var C = require("./constants");
51
+ var structuredFields = require("./structured-fields");
51
52
  var validateOpts = require("./validate-opts");
52
53
  var { FrameworkError } = require("./framework-error");
53
54
 
@@ -143,9 +144,7 @@ function parse(cookieHeader) {
143
144
  if (!k) continue;
144
145
  var v = pair.slice(eq + 1).trim();
145
146
  // Strip surrounding double-quotes per RFC 6265 §5.2.
146
- if (v.length >= 2 && v.charAt(0) === '"' && v.charAt(v.length - 1) === '"') {
147
- v = v.slice(1, -1);
148
- }
147
+ v = structuredFields.stripDoubleQuotes(v);
149
148
  try { v = decodeURIComponent(v); }
150
149
  catch (_e) { /* malformed encoding — keep raw */ }
151
150
  // Last write wins per RFC; matches every browser's behavior.
@@ -386,10 +385,8 @@ function create(opts) {
386
385
  }
387
386
 
388
387
  function _requireVault() {
389
- if (!vault || typeof vault.seal !== "function" || typeof vault.unseal !== "function") {
390
- throw new CookieError("cookies/no-vault",
391
- "sealed cookies require opts.vault (a value with .seal/.unseal)");
392
- }
388
+ validateOpts.requireMethods(vault, ["seal", "unseal"],
389
+ "sealed cookies: opts.vault", CookieError, "cookies/no-vault");
393
390
  }
394
391
 
395
392
  // Vault.seal returns "vault:<base64>". We strip the constant prefix
@@ -515,10 +512,7 @@ function parseSafe(cookieHeader, opts) {
515
512
  });
516
513
  continue;
517
514
  }
518
- var v = pair.slice(eq + 1).trim();
519
- if (v.length >= 2 && v.charAt(0) === '"' && v.charAt(v.length - 1) === '"') {
520
- v = v.slice(1, -1);
521
- }
515
+ var v = structuredFields.stripDoubleQuotes(pair.slice(eq + 1).trim());
522
516
  try { v = decodeURIComponent(v); }
523
517
  catch (_e) { /* malformed encoding — keep raw */ }
524
518
 
@@ -55,6 +55,7 @@
55
55
  var nodeCrypto = require("node:crypto");
56
56
  var cbor = require("./cbor");
57
57
  var bCrypto = require("./crypto");
58
+ var safeBuffer = require("./safe-buffer");
58
59
  var validateOpts = require("./validate-opts");
59
60
  var { defineClass } = require("./framework-error");
60
61
 
@@ -110,10 +111,11 @@ function _algParamsFor(algId) {
110
111
  }
111
112
 
112
113
  function _bstr(x) {
113
- if (Buffer.isBuffer(x)) return x;
114
- if (x instanceof Uint8Array) return Buffer.from(x);
115
- if (typeof x === "string") return Buffer.from(x, "utf8");
116
- throw new CoseError("cose/bad-bytes", "cose: expected bytes (Buffer / Uint8Array / string)");
114
+ return safeBuffer.toBuffer(x, {
115
+ errorFactory: function (code, msg) { return new CoseError(code, msg); },
116
+ typeCode: "cose/bad-bytes",
117
+ typeMessage: "cose: expected bytes (Buffer / Uint8Array / string)",
118
+ });
117
119
  }
118
120
 
119
121
  // Sig_structure (RFC 9052 §4.4) for COSE_Sign1:
@@ -753,11 +755,14 @@ var COSE_KEY_LABEL_KTY = 1;
753
755
  var COSE_KEY_LABEL_KID = 2;
754
756
  var COSE_KEY_LABEL_ALG = 3;
755
757
 
756
- function _coseKeyBytes(v, what) {
757
- if (Buffer.isBuffer(v)) return v;
758
- if (v instanceof Uint8Array) return Buffer.from(v);
759
- throw new CoseError("cose/bad-cose-key", "cose.importKey: COSE_Key " + what + " must be a byte string");
760
- }
758
+ // COSE_Key components are byte strings, never text (allowString:false).
759
+ var _coseKeyBytes = safeBuffer.makeByteCoercer({
760
+ errorClass: CoseError,
761
+ typeCode: "cose/bad-cose-key",
762
+ messagePrefix: "cose.importKey: COSE_Key ",
763
+ messageSuffix: " must be a byte string",
764
+ allowString: false,
765
+ });
761
766
 
762
767
  /**
763
768
  * @primitive b.cose.importKey
@@ -806,8 +811,11 @@ function importKey(coseKey) {
806
811
  } else {
807
812
  throw new CoseError("cose/unsupported-key", "cose.importKey: kty must be OKP (1) or EC2 (2), got " + kty);
808
813
  }
809
- try { return nodeCrypto.createPublicKey({ key: jwk, format: "jwk" }); }
810
- catch (e) { throw new CoseError("cose/bad-cose-key", "cose.importKey: could not import COSE_Key: " + ((e && e.message) || e)); }
814
+ return bCrypto.importPublicJwk(jwk, {
815
+ errorClass: CoseError,
816
+ code: "cose/bad-cose-key",
817
+ messagePrefix: "cose.importKey: could not import COSE_Key: ",
818
+ });
811
819
  }
812
820
 
813
821
  /**
@@ -70,7 +70,6 @@ function create(opts) {
70
70
  var enisaEndpoint = typeof opts.enisaEndpoint === "string" && opts.enisaEndpoint.length > 0
71
71
  ? opts.enisaEndpoint : null;
72
72
  var httpClient = opts.httpClient || null;
73
- var auditOn = opts.audit !== false;
74
73
 
75
74
  // CRA Article 14 deadlines — operators don't override these without
76
75
  // documented regulatory justification (the deadlines are statutory,
@@ -89,16 +88,7 @@ function create(opts) {
89
88
  },
90
89
  });
91
90
 
92
- function _emitAudit(action, outcome, metadata) {
93
- if (!auditOn) return;
94
- try {
95
- audit().safeEmit({
96
- action: "cra.report." + action,
97
- outcome: outcome,
98
- metadata: metadata || {},
99
- });
100
- } catch (_e) { /* drop-silent */ }
101
- }
91
+ var _emitAudit = audit().namespaced("cra.report", opts.audit);
102
92
 
103
93
  async function _submitToEnisa(payload) {
104
94
  if (!enisaEndpoint || !httpClient) {
@@ -56,6 +56,7 @@
56
56
  * Per-column field-level encryption with AAD-bound envelopes.
57
57
  */
58
58
  var lazyRequire = require("./lazy-require");
59
+ var boundedMap = require("./bounded-map");
59
60
  var vault = require("./vault");
60
61
  var vaultAad = require("./vault-aad");
61
62
  var validateOpts = require("./validate-opts");
@@ -568,14 +569,9 @@ function computeNamespacedHash(ns, value, opts) {
568
569
  "(default) or 'hmac-shake256', got " + JSON.stringify(mode));
569
570
  }
570
571
  var truncateBytes = opts.truncateBytes;
571
- if (truncateBytes !== undefined) {
572
- if (typeof truncateBytes !== "number" || !isFinite(truncateBytes) ||
573
- truncateBytes <= 0 || Math.floor(truncateBytes) !== truncateBytes) {
574
- throw new CryptoFieldError("crypto-field/bad-truncate-bytes",
575
- "computeNamespacedHash: opts.truncateBytes must be a " +
576
- "positive integer (bytes), got " + JSON.stringify(truncateBytes));
577
- }
578
- }
572
+ numericBounds.requirePositiveFiniteIntIfPresent(truncateBytes,
573
+ "computeNamespacedHash: opts.truncateBytes", CryptoFieldError,
574
+ "crypto-field/bad-truncate-bytes");
579
575
  var hex = _computeDerivedHash({ mode: mode }, mode, ns, String(value));
580
576
  if (truncateBytes !== undefined) {
581
577
  return hex.slice(0, truncateBytes * 2);
@@ -918,8 +914,7 @@ function _rateNoteFailure(actor, table, column) {
918
914
  if (!_rateCap) return false;
919
915
  var nowMs = _rateCap.now();
920
916
  var key = _rateKey(actor, table, column);
921
- var arr = _rateFailWindows.get(key);
922
- if (!arr) { arr = []; _rateFailWindows.set(key, arr); }
917
+ var arr = boundedMap.getOrInsert(_rateFailWindows, key, function () { return []; });
923
918
  // Prune entries older than the window (sliding-window via timestamp
924
919
  // array — same shape as b.mail.server.rateLimit._pruneWindow).
925
920
  var cutoff = nowMs - _rateCap.windowMs;
@@ -49,6 +49,7 @@ var nodeFs = require("node:fs");
49
49
  var { pipeline } = require("node:stream/promises");
50
50
  var { xchacha20poly1305 } = require("./vendor/noble-ciphers.cjs");
51
51
  var C = require("./constants");
52
+ var numericBounds = require("./numeric-bounds");
52
53
  // Circular: audit imports b.crypto for sha3Hash + envelope sign. Lazy-
53
54
  // load the audit module so the legacy-envelope decrypt path can emit
54
55
  // `system.crypto.decrypt.allow_legacy` events without an inline
@@ -337,8 +338,7 @@ function hashFilesParallel(filePaths, opts) {
337
338
  // override per-call.
338
339
  var maxBytesPerFile = opts.maxBytesPerFile !== undefined
339
340
  ? opts.maxBytesPerFile : C.BYTES.gib(1);
340
- if (typeof maxBytesPerFile !== "number" || !isFinite(maxBytesPerFile) ||
341
- maxBytesPerFile <= 0 || Math.floor(maxBytesPerFile) !== maxBytesPerFile) {
341
+ if (!numericBounds.isPositiveFiniteInt(maxBytesPerFile)) {
342
342
  return Promise.reject(new TypeError(
343
343
  "crypto.hashFilesParallel: opts.maxBytesPerFile must be a positive integer, got " + maxBytesPerFile
344
344
  ));
@@ -847,6 +847,74 @@ function fromBase64Url(s, opts) {
847
847
  return Buffer.from(s, "base64url");
848
848
  }
849
849
 
850
+ /**
851
+ * @primitive b.crypto.makeBase64UrlDecoder
852
+ * @signature b.crypto.makeBase64UrlDecoder(opts)
853
+ * @since 0.15.13
854
+ * @status stable
855
+ * @related b.crypto.fromBase64Url, b.crypto.toBase64Url
856
+ *
857
+ * Bind the strict `fromBase64Url` decoder to one module's error contract,
858
+ * returning a `decode(s)` that translates the decoder's `TypeError` (bad
859
+ * type or non-canonical input) into the caller's typed error. Every
860
+ * base64url-carrying surface — JWT segments, DPoP / OAuth tokens, status
861
+ * lists, pagination cursors — wrapped `fromBase64Url` in the same
862
+ * `if (typeof s !== "string") throw new XError(...); try { return
863
+ * fromBase64Url(s); } catch { throw new XError(...); }` shape, differing
864
+ * only in error class, code, and the two messages; this owns that binding.
865
+ *
866
+ * `opts.badMessage` is thrown on any decode failure (non-canonical /
867
+ * malformed input — the strict decoder rejects the CWE-347 signature-
868
+ * canonicalization footgun). `opts.typeMessage` is optional: when set, a
869
+ * non-string input throws it directly (the common case names the field —
870
+ * "cursor must be a string"); when omitted, a non-string falls through to
871
+ * `badMessage` like any other decode failure.
872
+ *
873
+ * @opts
874
+ * errorClass: Function, // required — (code, message) error constructor
875
+ * code: string, // required — error code for both throws
876
+ * badMessage: string, // required — message on a decode failure
877
+ * typeMessage: string, // optional — message on a non-string input
878
+ *
879
+ * @example
880
+ * var b = require("blamejs");
881
+ *
882
+ * function JwtError(code, message) { this.code = code; this.message = message; }
883
+ * var decodeSeg = b.crypto.makeBase64UrlDecoder({
884
+ * errorClass: JwtError,
885
+ * code: "jwt/malformed",
886
+ * typeMessage: "expected base64url string",
887
+ * badMessage: "JWT segment is not valid base64url",
888
+ * });
889
+ * decodeSeg("aGVsbG8"); // → <Buffer 68 65 6c 6c 6f>
890
+ * // decodeSeg("!!!") throws JwtError("jwt/malformed", "JWT segment is not valid base64url")
891
+ */
892
+ function makeBase64UrlDecoder(opts) {
893
+ if (!opts || typeof opts !== "object") {
894
+ throw new TypeError("crypto.makeBase64UrlDecoder: opts is required");
895
+ }
896
+ if (typeof opts.errorClass !== "function") {
897
+ throw new TypeError("crypto.makeBase64UrlDecoder: opts.errorClass must be a constructor");
898
+ }
899
+ if (typeof opts.badMessage !== "string") {
900
+ throw new TypeError("crypto.makeBase64UrlDecoder: opts.badMessage must be a string");
901
+ }
902
+ var ErrorClass = opts.errorClass;
903
+ var code = opts.code;
904
+ var typeMessage = opts.typeMessage;
905
+ var badMessage = opts.badMessage;
906
+ return function decode(s) {
907
+ if (typeMessage !== undefined && typeof s !== "string") {
908
+ throw new ErrorClass(code, typeMessage);
909
+ }
910
+ try {
911
+ return fromBase64Url(s);
912
+ } catch (_e) {
913
+ throw new ErrorClass(code, badMessage);
914
+ }
915
+ };
916
+ }
917
+
850
918
  // ---- Subresource Integrity (W3C SRI 1.0) ----
851
919
  //
852
920
  // b.crypto.sri(content, { algorithm? }) — returns a `sha###-base64`
@@ -1024,6 +1092,53 @@ function verify(data, signature, publicKeyPem) {
1024
1092
  return nodeCrypto.verify(null, Buffer.from(data), publicKeyPem, signature);
1025
1093
  }
1026
1094
 
1095
+ /**
1096
+ * @primitive b.crypto.importPublicJwk
1097
+ * @signature b.crypto.importPublicJwk(jwk, opts?)
1098
+ * @since 0.15.13
1099
+ * @status stable
1100
+ * @related b.crypto.verify
1101
+ *
1102
+ * Import a JWK as a public `KeyObject` via
1103
+ * `crypto.createPublicKey({ key, format: "jwk" })`, translating the Node
1104
+ * import failure into a caller-supplied typed error. Untrusted JWKs reach
1105
+ * this from DID documents (`publicKeyJwk`), DNSKEY records, and COSE_Key
1106
+ * structures — each module validates the `kty` / `crv` it accepts BEFORE
1107
+ * calling, then hands the assembled JWK here for the final import + error
1108
+ * translation that was otherwise hand-rolled identically in every one.
1109
+ * Centralising it gives one place to harden untrusted-JWK import.
1110
+ *
1111
+ * On failure, when `opts.errorClass` is supplied the thrown error is
1112
+ * `new opts.errorClass(opts.code, opts.messagePrefix + nodeFailureDetail)`
1113
+ * so the operator sees the module's own code + a message naming the
1114
+ * source; without it the original Node error propagates unchanged.
1115
+ *
1116
+ * @opts
1117
+ * errorClass: Function, // (code, message) error constructor
1118
+ * code: string, // error code passed to errorClass
1119
+ * messagePrefix: string, // text before the Node failure detail. default: ""
1120
+ *
1121
+ * @example
1122
+ * var b = require("blamejs");
1123
+ *
1124
+ * function KeyError(code, message) { this.code = code; this.message = message; }
1125
+ * var key = b.crypto.importPublicJwk(
1126
+ * { kty: "OKP", crv: "Ed25519", x: "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" },
1127
+ * { errorClass: KeyError, code: "bad-key", messagePrefix: "bad key: " });
1128
+ * // → <KeyObject> (or throws KeyError("bad-key", "bad key: <detail>"))
1129
+ */
1130
+ function importPublicJwk(jwk, opts) {
1131
+ opts = opts || {};
1132
+ try {
1133
+ return nodeCrypto.createPublicKey({ key: jwk, format: "jwk" });
1134
+ } catch (e) {
1135
+ if (typeof opts.errorClass === "function") {
1136
+ throw new opts.errorClass(opts.code, (opts.messagePrefix || "") + ((e && e.message) || e));
1137
+ }
1138
+ throw e;
1139
+ }
1140
+ }
1141
+
1027
1142
  // Track whether the hybrid-disabled audit has been emitted at least
1028
1143
  // once per process, so a high-volume KEM-only deployment doesn't peg
1029
1144
  // the audit bus with one event per encrypt() call. Operators who want
@@ -1768,7 +1883,7 @@ function _pemToDer(pemOrDer) {
1768
1883
  // for mTLS bootstrap / webhook verification / peer-cert pinning.
1769
1884
  // 64 KiB caps the largest plausible PEM (a P-384 cert + chain) at
1770
1885
  // ~3× margin while refusing pathological inputs outright.
1771
- if (pemOrDer.length > C.BYTES.kib(64)) {
1886
+ if (safeBuffer.byteLengthOf(pemOrDer) > C.BYTES.kib(64)) {
1772
1887
  throw new TypeError(
1773
1888
  "crypto.hashCertFingerprint: PEM input exceeds 64 KiB (" +
1774
1889
  pemOrDer.length + " bytes); refuse oversized input to avoid " +
@@ -2022,6 +2137,8 @@ module.exports = {
2022
2137
  // Signatures
2023
2138
  sign: sign,
2024
2139
  verify: verify,
2140
+ importPublicJwk: importPublicJwk,
2141
+ makeBase64UrlDecoder: makeBase64UrlDecoder,
2025
2142
  // Envelope encrypt/decrypt
2026
2143
  encrypt: encrypt,
2027
2144
  decrypt: decrypt,