@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -56,8 +56,8 @@
56
56
  var codepointClass = require("./codepoint-class");
57
57
  var lazyRequire = require("./lazy-require");
58
58
  var gateContract = require("./gate-contract");
59
+ var ipUtils = require("./ip-utils");
59
60
  var C = require("./constants");
60
- var numericBounds = require("./numeric-bounds");
61
61
  var { GuardDomainError } = require("./framework-error");
62
62
 
63
63
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -88,9 +88,6 @@ var BARE_XN_RE = /^xn--$/i;
88
88
  // Wildcard label — `*` alone in any label position.
89
89
  var WILDCARD_LABEL_RE = /^\*$/;
90
90
 
91
- // IPv4 decimal-dotted form.
92
- var IPV4_DOTTED_RE = /^(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?:\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}$/;
93
-
94
91
  // Looser IPv4 detection — every dot-segment is a numeric form
95
92
  // (decimal, octal with leading 0, or hex with 0x prefix), or the whole
96
93
  // input is a long-decimal / long-hex (no dots). Catches the parser-
@@ -178,10 +175,7 @@ function _shannonEntropy(s) {
178
175
 
179
176
  var PROFILES = Object.freeze({
180
177
  "strict": {
181
- bidiPolicy: "reject",
182
- controlPolicy: "reject",
183
- nullBytePolicy: "reject",
184
- zeroWidthPolicy: "reject",
178
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
185
179
  ldhPolicy: "reject",
186
180
  underscorePolicy: "reject", // strict refuses service labels too
187
181
  punycodePolicy: "reject",
@@ -201,10 +195,7 @@ var PROFILES = Object.freeze({
201
195
  maxRuntimeMs: C.TIME.seconds(2),
202
196
  },
203
197
  "balanced": {
204
- bidiPolicy: "reject",
205
- controlPolicy: "reject",
206
- nullBytePolicy: "reject",
207
- zeroWidthPolicy: "reject",
198
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
208
199
  ldhPolicy: "reject",
209
200
  underscorePolicy: "reject",
210
201
  punycodePolicy: "audit",
@@ -225,10 +216,7 @@ var PROFILES = Object.freeze({
225
216
  maxRuntimeMs: C.TIME.seconds(2),
226
217
  },
227
218
  "permissive": {
228
- bidiPolicy: "reject", // BIDI refused at every profile — universal forgery
229
- controlPolicy: "reject", // control bytes refused at every profile
230
- nullBytePolicy: "reject", // null refused at every profile
231
- zeroWidthPolicy: "reject", // zero-width refused at every profile — invisible label-segmentation
219
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
232
220
  ldhPolicy: "audit",
233
221
  underscorePolicy: "allow", // service labels permitted in permissive
234
222
  punycodePolicy: "allow",
@@ -249,62 +237,12 @@ var PROFILES = Object.freeze({
249
237
  },
250
238
  });
251
239
 
252
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
253
- mode: "enforce",
254
- }));
255
-
256
- var COMPLIANCE_POSTURES = Object.freeze({
257
- "hipaa": Object.assign({}, PROFILES["strict"], {
258
- forensicSnippetBytes: C.BYTES.bytes(256),
259
- }),
260
- "pci-dss": Object.assign({}, PROFILES["strict"], {
261
- forensicSnippetBytes: C.BYTES.bytes(256),
262
- }),
263
- "gdpr": Object.assign({}, PROFILES["balanced"], {
264
- forensicSnippetBytes: C.BYTES.bytes(128),
265
- }),
266
- "soc2": Object.assign({}, PROFILES["strict"], {
267
- forensicSnippetBytes: C.BYTES.bytes(512),
268
- }),
269
- });
270
-
271
- function _resolveOpts(opts) {
272
- return gateContract.resolveProfileAndPosture(opts, {
273
- profiles: PROFILES,
274
- compliancePostures: COMPLIANCE_POSTURES,
275
- defaults: DEFAULTS,
276
- errorClass: GuardDomainError,
277
- errCodePrefix: "domain",
278
- });
279
- }
280
-
281
240
  // ---- Detection ----
282
241
 
283
242
  function _detectIssues(input, opts) {
284
- var issues = [];
285
- if (typeof input !== "string") {
286
- return [{ kind: "bad-input", severity: "high",
287
- ruleId: "domain.bad-input",
288
- snippet: "domain is not a string" }];
289
- }
290
-
291
- // Total-length cap (UTF-8 byte count, not codepoint count, per RFC 1035).
292
- var byteLen = Buffer.byteLength(input, "utf8");
293
- if (byteLen > opts.maxDomainOctets) {
294
- issues.push({
295
- kind: "domain-cap", severity: "high",
296
- ruleId: "domain.domain-cap",
297
- snippet: "domain " + byteLen + " octets exceeds " +
298
- opts.maxDomainOctets + " (RFC 1035 §2.3.4)",
299
- });
300
- return issues; // size cap is structural — abort further checks
301
- }
302
-
303
- // Codepoint-class threats (BIDI / control / null / zero-width). These
304
- // are universal-refuse — running them first lets the more specific
305
- // structural checks operate on a sanitized-or-refused input.
306
- var charThreats = codepointClass.detectCharThreats(input, opts, "domain");
307
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
243
+ var pre = gateContract.detectStringInput(input, opts, { name: "domain", emptyMode: "skip", cap: { bytes: opts.maxDomainOctets, snippet: function (byteLen, max) { return "domain " + byteLen + " octets exceeds " + max + " (RFC 1035 §2.3.4)"; } } });
244
+ if (pre.done) return pre.issues;
245
+ var issues = pre.issues;
308
246
 
309
247
  // Trailing-dot — FQDN distinguisher. Normalize for downstream checks
310
248
  // but record as audit if operator wants to know.
@@ -336,7 +274,7 @@ function _detectIssues(input, opts) {
336
274
  }
337
275
 
338
276
  // IPv4 detection — strict dotted-decimal AND loose (octal/hex/long).
339
- if (IPV4_DOTTED_RE.test(name) || _looksLikeIpv4Permissive(name)) {
277
+ if (ipUtils.IPV4_RE.test(name) || _looksLikeIpv4Permissive(name)) {
340
278
  if (opts.ipLiteralPolicy !== "allow") {
341
279
  issues.push({
342
280
  kind: "ipv4-as-domain",
@@ -601,21 +539,10 @@ function _detectIssues(input, opts) {
601
539
  * var ok = b.guardDomain.validate("example.com", { profile: "strict" });
602
540
  * ok.ok; // → true
603
541
  */
604
- function validate(input, opts) {
605
- opts = _resolveOpts(opts);
606
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
607
- ["maxLabelOctets", "maxDomainOctets", "maxBytes", "dgaMinLabelLen"],
608
- "guardDomain.validate", GuardDomainError, "domain.bad-opt");
609
- if (typeof input !== "string") {
610
- return {
611
- ok: false,
612
- issues: [{ kind: "bad-input", severity: "high",
613
- ruleId: "domain.bad-input",
614
- snippet: "domain is not a string" }],
615
- };
616
- }
617
- return gateContract.aggregateIssues(_detectIssues(input, opts));
618
- }
542
+ // validate is assembled by gateContract.defineGuard from `detect`
543
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
544
+ // input, resolveOpts(opts)))`, with the length/byte caps declared via
545
+ // `intOpts`. The @primitive block above documents the resulting public ABI.
619
546
 
620
547
  /**
621
548
  * @primitive b.guardDomain.sanitize
@@ -641,14 +568,10 @@ function validate(input, opts) {
641
568
  * var safe = b.guardDomain.sanitize("Example.Com.", { profile: "balanced" });
642
569
  * safe; // → "example.com"
643
570
  */
644
- function sanitize(input, opts) {
645
- opts = _resolveOpts(opts);
646
- if (typeof input !== "string") {
647
- throw _err("domain.bad-input", "sanitize requires string input");
648
- }
649
- // Critical refuses can't be repaired.
650
- var issues = _detectIssues(input, opts);
651
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardDomainError, codePrefix: "domain" });
571
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
572
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
573
+ // already-validated string at this point (a non-string refuses upstream).
574
+ function _sanitizeTransform(input) {
652
575
  // Safe transforms: lowercase ASCII, strip trailing dot.
653
576
  var out = input.toLowerCase();
654
577
  if (out.charAt(out.length - 1) === ".") out = out.slice(0, -1);
@@ -660,15 +583,9 @@ function sanitize(input, opts) {
660
583
  // single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
661
584
  // instantiated per guard by the page generator.
662
585
 
663
- var INTEGRATION_FIXTURES = Object.freeze({
664
- kind: "identifier",
665
- benignBytes: Buffer.from("example.com", "utf8"),
666
- // Hostile: dotted-decimal IPv4 (CVE-2021-22931 class) — every
667
- // profile refuses (allowlist-bypass via DNS rebinding).
668
- hostileBytes: Buffer.from("192.168.1.1", "utf8"),
669
- benignIdentifier: "example.com",
670
- hostileIdentifier: "192.168.1.1",
671
- });
586
+ // Hostile: dotted-decimal IPv4 (CVE-2021-22931 class) — every profile
587
+ // refuses (allowlist-bypass via DNS rebinding).
588
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("example.com", "192.168.1.1");
672
589
 
673
590
  // Assembled from the gate-contract guard factory: error class, registry
674
591
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -682,10 +599,10 @@ module.exports = gateContract.defineGuard({
682
599
  kind: "identifier",
683
600
  errorClass: GuardDomainError,
684
601
  profiles: PROFILES,
685
- defaults: DEFAULTS,
686
- postures: COMPLIANCE_POSTURES,
602
+ base: 256,
687
603
  integrationFixtures: INTEGRATION_FIXTURES,
688
- validate: validate,
689
- sanitize: sanitize,
604
+ detect: _detectIssues,
605
+ sanitizeTransform: _sanitizeTransform,
606
+ intOpts: ["maxLabelOctets", "maxDomainOctets", "maxBytes", "dgaMinLabelLen"],
690
607
  ctxFields: ["identifier", "domain"],
691
608
  });
@@ -100,8 +100,11 @@
100
100
  */
101
101
 
102
102
  var C = require("./constants");
103
+ var safeBuffer = require("./safe-buffer");
103
104
  var { defineClass } = require("./framework-error");
104
105
  var gateContract = require("./gate-contract");
106
+ var codepointClass = require("./codepoint-class");
107
+ var structuredFields = require("./structured-fields");
105
108
 
106
109
  var GuardDsnError = defineClass("GuardDsnError", { alwaysPermanent: true });
107
110
 
@@ -168,7 +171,7 @@ function parse(deliveryStatusBody, opts) {
168
171
  throw new GuardDsnError("guard-dsn/bad-input",
169
172
  "parse: deliveryStatusBody must be a Buffer or string");
170
173
  }
171
- if (bytes.length > caps.maxBytes) {
174
+ if (safeBuffer.byteLengthOf(bytes) > caps.maxBytes) {
172
175
  throw new GuardDsnError("guard-dsn/oversize-body",
173
176
  "parse: body " + bytes.length + " bytes exceeds maxBytes=" + caps.maxBytes);
174
177
  }
@@ -295,8 +298,9 @@ function _parseFieldBlock(block, maxHeaderLine) {
295
298
  throw new GuardDsnError("guard-dsn/malformed-field",
296
299
  "parse: line '" + raw + "' missing ':' field-name terminator");
297
300
  }
298
- var name = raw.slice(0, colon).trim().toLowerCase();
299
- var value = raw.slice(colon + 1).trim();
301
+ var dkv = structuredFields.parseKeyValuePiece(raw, ":");
302
+ var name = dkv.key;
303
+ var value = dkv.value.trim();
300
304
  if (name.length === 0) {
301
305
  throw new GuardDsnError("guard-dsn/malformed-field",
302
306
  "parse: empty field name on line '" + raw + "'");
@@ -312,12 +316,12 @@ function _checkControlChars(line) {
312
316
  // continuation), DEL. Bare CR and LF can't appear because we
313
317
  // already split on \n; this catches forms that survive the
314
318
  // split (e.g. backslash + literal sequence).
315
- for (var i = 0; i < line.length; i += 1) {
316
- var c = line.charCodeAt(i);
317
- if (c === 0x00 || c === 0x7f || (c < 0x20 && c !== 0x09)) { // RFC 5322 control char + TAB allow
318
- throw new GuardDsnError("guard-dsn/control-char",
319
- "parse: control char 0x" + c.toString(16) + " in field line refused (header-injection defense)");
320
- }
319
+ // Refuse NUL / C0 (except TAB) / DEL CR & LF already removed by the
320
+ // upstream split, so they are forbidden here (header-injection defense).
321
+ var ctrlAt = codepointClass.firstControlCharOffset(line);
322
+ if (ctrlAt !== -1) {
323
+ throw new GuardDsnError("guard-dsn/control-char",
324
+ "parse: control char 0x" + line.charCodeAt(ctrlAt).toString(16) + " in field line refused (header-injection defense)");
321
325
  }
322
326
  }
323
327
 
@@ -325,10 +329,9 @@ function _stripRecipientType(value) {
325
329
  // RFC 3464 §2.3.2: "rfc822;alice@example.com" — type prefix
326
330
  // before semicolon classifies the address. Strip for the common
327
331
  // case of rfc822, surface the raw value otherwise.
328
- var semi = value.indexOf(";");
329
- if (semi === -1) return value;
330
- var type = value.slice(0, semi).trim().toLowerCase();
331
- if (type === "rfc822") return value.slice(semi + 1).trim();
332
+ var skv = structuredFields.parseKeyValuePiece(value, ";");
333
+ if (skv.value === null) return value;
334
+ if (skv.key === "rfc822") return skv.value.trim();
332
335
  return value;
333
336
  }
334
337
 
@@ -51,6 +51,7 @@
51
51
  */
52
52
 
53
53
  var codepointClass = require("./codepoint-class");
54
+ var mimeParse = require("./mime-parse");
54
55
  var lazyRequire = require("./lazy-require");
55
56
  var gateContract = require("./gate-contract");
56
57
  var C = require("./constants");
@@ -215,10 +216,7 @@ var PROFILES = Object.freeze({
215
216
  mixedScriptPolicy: "reject",
216
217
  displayNameSpoofPolicy: "reject",
217
218
  bomPolicy: "reject",
218
- bidiPolicy: "reject",
219
- controlPolicy: "reject",
220
- nullBytePolicy: "reject",
221
- zeroWidthPolicy: "reject",
219
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
222
220
  allowedScripts: ["latin"],
223
221
  maxLocalPartBytes: LIMIT_LOCAL_PART,
224
222
  maxDomainBytes: LIMIT_DOMAIN,
@@ -277,26 +275,12 @@ var PROFILES = Object.freeze({
277
275
  },
278
276
  });
279
277
 
280
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
281
- mode: "enforce",
278
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
282
279
  maxRuntimeMs: C.TIME.seconds(10),
283
- }));
284
-
285
- var COMPLIANCE_POSTURES = Object.freeze({
286
- "hipaa": Object.assign({}, PROFILES["strict"], {
287
- forensicSnippetBytes: C.BYTES.bytes(256),
288
- }),
289
- "pci-dss": Object.assign({}, PROFILES["strict"], {
290
- forensicSnippetBytes: C.BYTES.bytes(256),
291
- }),
292
- "gdpr": Object.assign({}, PROFILES["balanced"], {
293
- forensicSnippetBytes: C.BYTES.bytes(128),
294
- }),
295
- "soc2": Object.assign({}, PROFILES["strict"], {
296
- forensicSnippetBytes: C.BYTES.bytes(512),
297
- }),
298
280
  });
299
281
 
282
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
283
+
300
284
  function _resolveOpts(opts) {
301
285
  return gateContract.resolveProfileAndPosture(opts, {
302
286
  profiles: PROFILES,
@@ -317,10 +301,11 @@ function _detectAddressIssues(input, opts) {
317
301
  }
318
302
 
319
303
  // Total-address length cap.
320
- if (input.length > opts.maxAddressBytes) {
304
+ var addressBytes = Buffer.byteLength(input, "utf8");
305
+ if (addressBytes > opts.maxAddressBytes) {
321
306
  issues.push({
322
307
  kind: "address-cap", severity: "high", ruleId: "email.address-cap",
323
- snippet: "address " + input.length + " bytes exceeds maxAddressBytes " +
308
+ snippet: "address " + addressBytes + " bytes exceeds maxAddressBytes " +
324
309
  opts.maxAddressBytes,
325
310
  });
326
311
  }
@@ -374,19 +359,21 @@ function _detectAddressIssues(input, opts) {
374
359
  var localPart = atIdx === -1 ? input : input.slice(0, atIdx);
375
360
  var domain = atIdx === -1 ? "" : input.slice(atIdx + 1);
376
361
 
377
- if (localPart.length > opts.maxLocalPartBytes) {
362
+ var localPartBytes = Buffer.byteLength(localPart, "utf8");
363
+ if (localPartBytes > opts.maxLocalPartBytes) {
378
364
  issues.push({
379
365
  kind: "local-part-cap", severity: "high",
380
366
  ruleId: "email.local-part-cap",
381
- snippet: "local-part " + localPart.length + " bytes exceeds " +
367
+ snippet: "local-part " + localPartBytes + " bytes exceeds " +
382
368
  opts.maxLocalPartBytes + " (RFC 5321 §4.5.3.1.1)",
383
369
  });
384
370
  }
385
- if (domain.length > opts.maxDomainBytes) {
371
+ var domainBytes = Buffer.byteLength(domain, "utf8");
372
+ if (domainBytes > opts.maxDomainBytes) {
386
373
  issues.push({
387
374
  kind: "domain-cap", severity: "high",
388
375
  ruleId: "email.domain-cap",
389
- snippet: "domain " + domain.length + " bytes exceeds " +
376
+ snippet: "domain " + domainBytes + " bytes exceeds " +
390
377
  opts.maxDomainBytes + " (RFC 5321 §4.5.3.1.2)",
391
378
  });
392
379
  }
@@ -516,23 +503,16 @@ function validateAddress(input, opts) {
516
503
  snippet: "address is not a string" }],
517
504
  };
518
505
  }
519
- return gateContract.aggregateIssues(_detectAddressIssues(input, opts));
506
+ // "raw" contract — the detector type-checks its own string input.
507
+ return gateContract.runIssueValidator(input, opts, _detectAddressIssues, "raw");
520
508
  }
521
509
 
522
510
  // ---- Message validation (full RFC 822 / 5322) ----
523
511
 
524
512
  function _detectMessageIssues(input, opts) {
525
- var issues = [];
526
- if (typeof input !== "string") {
527
- return [{ kind: "bad-input", severity: "high",
528
- snippet: "input is not a string" }];
529
- }
530
- if (input.length > opts.maxBytes) {
531
- return [{ kind: "too-large", severity: "high",
532
- ruleId: "email.too-large",
533
- snippet: "input " + input.length +
534
- " bytes exceeds maxBytes " + opts.maxBytes }];
535
- }
513
+ var pre = gateContract.detectStringInput(input, opts, { name: "email", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
514
+ if (pre.done) return pre.issues;
515
+ var issues = pre.issues;
536
516
 
537
517
  // BOM at start of message — header-injection prelude.
538
518
  if (opts.bomPolicy !== "allow") {
@@ -591,11 +571,12 @@ function _detectMessageIssues(input, opts) {
591
571
  });
592
572
  }
593
573
  for (var li = 0; li < lines.length; li += 1) {
594
- if (lines[li].length > opts.maxHeaderLineBytes) {
574
+ var lineBytes = Buffer.byteLength(lines[li], "utf8");
575
+ if (lineBytes > opts.maxHeaderLineBytes) {
595
576
  issues.push({
596
577
  kind: "header-line-cap", severity: "high",
597
578
  ruleId: "email.header-line-cap",
598
- snippet: "header line " + (li + 1) + " is " + lines[li].length +
579
+ snippet: "header line " + (li + 1) + " is " + lineBytes +
599
580
  " bytes (RFC 5322 §2.1.1 limit " + opts.maxHeaderLineBytes + ")",
600
581
  });
601
582
  break;
@@ -632,6 +613,27 @@ function _detectMessageIssues(input, opts) {
632
613
  }
633
614
  }
634
615
 
616
+ // Header-block STRUCTURE — a line in the header section that is neither a
617
+ // valid `name: value` field nor a folding continuation is malformed per RFC
618
+ // 5322 §2.2, and is the header-injection / SMTP-smuggling signal. This is the
619
+ // auto-router footgun: a value an operator intends as a single address (e.g.
620
+ // `a@b.com\r\nBcc: evil@x.com`) has a newline so `validate` treats it as a
621
+ // message; the bare `a@b.com` line is the smuggled content preceding the
622
+ // injected `Bcc` header. The shared mimeParse.classifyHeaderBlock surfaces
623
+ // every such line (the silent-skip parsers used to drop them).
624
+ if (opts.crlfHeaderInjectionPolicy !== "allow") {
625
+ var block = mimeParse.classifyHeaderBlock(input);
626
+ for (var mi = 0; mi < block.malformed.length; mi += 1) {
627
+ issues.push({
628
+ kind: "malformed-header-line", severity: "high",
629
+ ruleId: "email.malformed-header-line",
630
+ snippet: "header-section line " + (block.malformed[mi].lineIndex + 1) +
631
+ " is neither a header field nor a folding continuation — " +
632
+ "malformed message / header-injection signal",
633
+ });
634
+ }
635
+ }
636
+
635
637
  // Codepoint-class threats in the full message.
636
638
  issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "email"));
637
639
 
@@ -773,7 +775,8 @@ function validateMessage(input, opts) {
773
775
  snippet: "input is not a string" }],
774
776
  };
775
777
  }
776
- return gateContract.aggregateIssues(_detectMessageIssues(input, opts));
778
+ // "raw" contract — the detector type-checks its own string input.
779
+ return gateContract.runIssueValidator(input, opts, _detectMessageIssues, "raw");
777
780
  }
778
781
 
779
782
  /**
@@ -901,17 +904,7 @@ function gate(opts) {
901
904
  var text = gateContract.extractBytesAsText(ctx);
902
905
  if (!text) return { ok: true, action: "serve" };
903
906
  var rv = validateMessage(text, opts);
904
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
905
- var hasCritical = rv.issues.some(function (i) {
906
- return i.severity === "critical";
907
- });
908
- var hasHigh = rv.issues.some(function (i) {
909
- return i.severity === "high";
910
- });
911
- if (!hasCritical && !hasHigh) {
912
- return { ok: true, action: "audit-only", issues: rv.issues };
913
- }
914
- return { ok: false, action: "refuse", issues: rv.issues };
907
+ return gateContract.severityDisposition(rv.issues);
915
908
  });
916
909
  }
917
910
 
@@ -147,7 +147,7 @@ var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
147
147
  */
148
148
  function check(ctx, opts) {
149
149
  opts = opts || {};
150
- var profile = opts.profile || (opts.posture && COMPLIANCE_POSTURES[opts.posture]) || DEFAULT_PROFILE;
150
+ var profile = gateContract.resolveProfileName(opts, COMPLIANCE_POSTURES, DEFAULT_PROFILE);
151
151
  if (!PROFILES[profile]) {
152
152
  throw new GuardEnvelopeError("guard-envelope/bad-profile",
153
153
  "check: unknown profile '" + profile + "'");
@@ -26,6 +26,7 @@
26
26
 
27
27
  var { defineClass } = require("./framework-error");
28
28
  var gateContract = require("./gate-contract");
29
+ var codepointClass = require("./codepoint-class");
29
30
 
30
31
  var GuardEventBusTopicError = defineClass("GuardEventBusTopicError", { alwaysPermanent: true });
31
32
 
@@ -97,7 +98,7 @@ function validate(name, opts) {
97
98
  throw new GuardEventBusTopicError("event-bus-topic/non-ascii",
98
99
  "guardEventBusTopic.validate: name contains non-ASCII codepoint at offset " + i);
99
100
  }
100
- if (c < 0x20 || c === 0x7F || c === 0x2F || c === 0x5C) { // C0/DEL/slash/backslash
101
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true }) || c === 0x2F || c === 0x5C) { // C0/DEL/slash/backslash
101
102
  throw new GuardEventBusTopicError("event-bus-topic/bad-char",
102
103
  "guardEventBusTopic.validate: forbidden char 0x" + c.toString(16) + " at offset " + i);
103
104
  }
@@ -136,10 +136,7 @@ var HOMOGLYPH_RE = new RegExp("[" + codepointClass.charClass(HOMOGLYPH_RANGES) +
136
136
 
137
137
  var PROFILES = Object.freeze({
138
138
  "strict": {
139
- bidiPolicy: "reject",
140
- controlPolicy: "reject",
141
- nullBytePolicy: "reject",
142
- zeroWidthPolicy: "reject",
139
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
143
140
  homoglyphPolicy: "reject",
144
141
  traversalPolicy: "reject",
145
142
  reservedCharPolicy: "reject",
@@ -197,49 +194,12 @@ var PROFILES = Object.freeze({
197
194
  },
198
195
  });
199
196
 
200
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
201
- mode: "enforce",
197
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
202
198
  maxRuntimeMs: C.TIME.seconds(5),
203
- }));
204
-
205
- var COMPLIANCE_POSTURES = Object.freeze({
206
- "hipaa": {
207
- bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
208
- zeroWidthPolicy: "reject", homoglyphPolicy: "reject",
209
- traversalPolicy: "reject", reservedCharPolicy: "reject",
210
- reservedNamePolicy: "reject", adsPolicy: "reject",
211
- leadingTrailingPolicy: "reject", shellExecExtPolicy: "reject",
212
- pathSeparatorsPolicy: "reject",
213
- requireAscii: true,
214
- forensicSnippetBytes: C.BYTES.bytes(256),
215
- },
216
- "pci-dss": {
217
- bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
218
- zeroWidthPolicy: "reject", homoglyphPolicy: "reject",
219
- traversalPolicy: "reject", reservedCharPolicy: "reject",
220
- reservedNamePolicy: "reject", adsPolicy: "reject",
221
- leadingTrailingPolicy: "reject", shellExecExtPolicy: "reject",
222
- pathSeparatorsPolicy: "reject",
223
- requireAscii: true,
224
- forensicSnippetBytes: C.BYTES.bytes(256),
225
- },
226
- "gdpr": {
227
- bidiPolicy: "strip", controlPolicy: "strip", nullBytePolicy: "reject",
228
- zeroWidthPolicy: "strip",
229
- traversalPolicy: "reject", reservedCharPolicy: "reject",
230
- leadingTrailingPolicy: "strip",
231
- forensicSnippetBytes: C.BYTES.bytes(128),
232
- },
233
- "soc2": {
234
- bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
235
- zeroWidthPolicy: "reject", traversalPolicy: "reject",
236
- reservedCharPolicy: "reject", reservedNamePolicy: "reject",
237
- adsPolicy: "reject", shellExecExtPolicy: "reject",
238
- pathSeparatorsPolicy: "reject",
239
- forensicSnippetBytes: C.BYTES.bytes(512),
240
- },
241
199
  });
242
200
 
201
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256, overlays: { gdpr: { bidiPolicy: "strip", controlPolicy: "strip" } } });
202
+
243
203
  // ---- Helpers ----
244
204
 
245
205
  function _resolveOpts(opts) {
@@ -332,19 +292,10 @@ function _detectIssues(input, opts) {
332
292
  return issues;
333
293
  }
334
294
 
335
- // 1. Bidi / null / control / zero-width via shared codepoint class.
336
- issues.push.apply(issues, codepointClass.detectCharThreats(name, opts, "filename"));
337
- if (opts.zeroWidthPolicy !== "allow" && opts.zeroWidthPolicy !== "strip") {
338
- var zwMatch = name.match(codepointClass.ZERO_WIDTH_RE);
339
- if (zwMatch) {
340
- issues.push({
341
- kind: "zero-width", severity: "high", ruleId: "filename.zero-width",
342
- location: zwMatch.index,
343
- snippet: "zero-width / invisible-formatting char U+" +
344
- zwMatch[0].charCodeAt(0).toString(HEX_RADIX),
345
- });
346
- }
347
- }
295
+ // 1. Bidi / null / control / zero-width via shared codepoint class. In a
296
+ // filename an invisible char spoofs the name (homoglyph / path confusion), so
297
+ // zero-width is `high` passed as the zero-width severity.
298
+ issues.push.apply(issues, codepointClass.detectCharThreats(name, opts, "filename", "high"));
348
299
 
349
300
  // 2. Path traversal — raw + percent-encoded forms. `name` is bounded
350
301
  // by the maxBytes check at the end of this function (issues are
@@ -685,9 +636,10 @@ function validate(input, opts) {
685
636
  ["maxBytes", "maxComponents"],
686
637
  "guardFilename.validate", GuardFilenameError, "filename.bad-opt");
687
638
 
688
- var bad = gateContract.badInputResultIfNotStringOrBuffer(input);
689
- if (bad) return bad;
690
- return gateContract.aggregateIssues(_detectIssues(input, opts));
639
+ // "bytes" contract — accept string/Buffer and pass it RAW: _detectIssues
640
+ // inspects bytes (overlong-UTF-8) before any utf8 conversion, so coercing to
641
+ // text first would hide the encoding attack.
642
+ return gateContract.runIssueValidator(input, opts, _detectIssues, "bytes");
691
643
  }
692
644
 
693
645
  function _sanitizeStripMode(input, opts) {