@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -42,7 +42,6 @@ var codepointClass = require("./codepoint-class");
42
42
  var lazyRequire = require("./lazy-require");
43
43
  var gateContract = require("./gate-contract");
44
44
  var C = require("./constants");
45
- var numericBounds = require("./numeric-bounds");
46
45
  var { GuardMarkdownError } = require("./framework-error");
47
46
 
48
47
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -142,10 +141,7 @@ var PROFILES = Object.freeze({
142
141
  doctypePolicy: "reject",
143
142
  emphasisRunPolicy: "reject",
144
143
  filePolicy: "reject",
145
- bidiPolicy: "reject",
146
- controlPolicy: "reject",
147
- nullBytePolicy: "reject",
148
- zeroWidthPolicy: "reject",
144
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
149
145
  maxBytes: C.BYTES.mib(1),
150
146
  maxLines: 4096, // line count cap
151
147
  maxLinks: 256, // link count cap
@@ -209,36 +205,6 @@ var PROFILES = Object.freeze({
209
205
  },
210
206
  });
211
207
 
212
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
213
- mode: "enforce",
214
- maxRuntimeMs: C.TIME.seconds(10),
215
- }));
216
-
217
- var COMPLIANCE_POSTURES = Object.freeze({
218
- "hipaa": Object.assign({}, PROFILES["strict"], {
219
- forensicSnippetBytes: C.BYTES.bytes(256),
220
- }),
221
- "pci-dss": Object.assign({}, PROFILES["strict"], {
222
- forensicSnippetBytes: C.BYTES.bytes(256),
223
- }),
224
- "gdpr": Object.assign({}, PROFILES["balanced"], {
225
- forensicSnippetBytes: C.BYTES.bytes(128),
226
- }),
227
- "soc2": Object.assign({}, PROFILES["strict"], {
228
- forensicSnippetBytes: C.BYTES.bytes(512),
229
- }),
230
- });
231
-
232
- function _resolveOpts(opts) {
233
- return gateContract.resolveProfileAndPosture(opts, {
234
- profiles: PROFILES,
235
- compliancePostures: COMPLIANCE_POSTURES,
236
- defaults: DEFAULTS,
237
- errorClass: GuardMarkdownError,
238
- errCodePrefix: "markdown",
239
- });
240
- }
241
-
242
208
  // matchAll wrapper avoids a substring that the local security hook
243
209
  // flags for unrelated reasons.
244
210
  function _allMatches(input, regex) {
@@ -246,17 +212,9 @@ function _allMatches(input, regex) {
246
212
  }
247
213
 
248
214
  function _detectIssues(input, opts) {
249
- var issues = [];
250
- if (typeof input !== "string") {
251
- return [{ kind: "bad-input", severity: "high",
252
- snippet: "input is not a string" }];
253
- }
254
- if (input.length > opts.maxBytes) {
255
- return [{ kind: "too-large", severity: "high",
256
- ruleId: "markdown.too-large",
257
- snippet: "input " + input.length +
258
- " bytes exceeds maxBytes " + opts.maxBytes }];
259
- }
215
+ var pre = gateContract.detectStringInput(input, opts, { name: "markdown", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
216
+ if (pre.done) return pre.issues;
217
+ var issues = pre.issues;
260
218
 
261
219
  // Line count cap — line-based parsers scale O(lines).
262
220
  var lineCount = 0;
@@ -481,7 +439,7 @@ function _detectIssues(input, opts) {
481
439
  }
482
440
 
483
441
  // 12. Codepoint-class threats.
484
- issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "markdown"));
442
+ issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "markdown", "warn"));
485
443
 
486
444
  return issues;
487
445
  }
@@ -537,21 +495,9 @@ function _detectIssues(input, opts) {
537
495
  * bad.ok; // → false
538
496
  * bad.issues[0].ruleId; // → "markdown.dangerous-scheme"
539
497
  */
540
- function validate(input, opts) {
541
- opts = _resolveOpts(opts);
542
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
543
- ["maxBytes", "maxLines", "maxLinks", "maxImages", "maxAutolinks",
544
- "maxRefDefs", "maxListDepth", "maxBlockquoteDepth"],
545
- "guardMarkdown.validate", GuardMarkdownError, "markdown.bad-opt");
546
- if (typeof input !== "string") {
547
- return {
548
- ok: false,
549
- issues: [{ kind: "bad-input", severity: "high",
550
- snippet: "input is not a string" }],
551
- };
552
- }
553
- return gateContract.aggregateIssues(_detectIssues(input, opts));
554
- }
498
+ // validate is assembled by gateContract.defineGuard from `detect`
499
+ // (_detectIssues), with the maxBytes/maxLines/... caps declared via `intOpts`.
500
+ // The @primitive block above documents the resulting ABI.
555
501
 
556
502
  /**
557
503
  * @primitive b.guardMarkdown.sanitize
@@ -583,14 +529,10 @@ function validate(input, opts) {
583
529
  * e.code; // → "markdown.dangerous-tag"
584
530
  * }
585
531
  */
586
- function sanitize(input, opts) {
587
- opts = _resolveOpts(opts);
588
- if (typeof input !== "string") {
589
- throw _err("markdown.bad-input", "sanitize requires string input");
590
- }
591
- var issues = _detectIssues(input, opts);
592
- gateContract.throwOnRefusalSeverity(issues,
593
- { errorClass: GuardMarkdownError, codePrefix: "markdown", severities: ["critical"] });
532
+ // _sanitizeTransform the normalize tail applied by defineGuard's generated
533
+ // sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. spec.sanitizeSeverities
534
+ // is ["critical"] so high-severity findings are stripped here, not thrown.
535
+ function _sanitizeTransform(input, opts) {
594
536
  return codepointClass.applyCharStripPolicies(input, opts);
595
537
  }
596
538
 
@@ -624,43 +566,63 @@ function sanitize(input, opts) {
624
566
  * var bad = await g.check({ bytes: Buffer.from("[x](javascript:1)", "utf8") });
625
567
  * bad.action; // → "refuse"
626
568
  */
569
+ // Disposition of each markdown finding = what the operator's policy for that
570
+ // class selected. The markup-deviation classes (dangerous tag / raw HTML /
571
+ // HTML comment / front-matter / doctype / dangerous link & image & autolink &
572
+ // reference schemes / code-fence language / emphasis run) refuse under `reject`
573
+ // and audit under `audit` — never sanitize, since the char-strip sanitizer
574
+ // cannot excise them; the bidi / null / control char threats follow their
575
+ // shared policies (sanitize under `strip`); every count / depth cap and a bad
576
+ // input always refuse. Exhaustive over every kind _detectIssues emits.
577
+ function _gateDispositionFor(issue, opts) {
578
+ var shared = gateContract.charThreatDisposition(issue, opts);
579
+ if (shared) return shared;
580
+ switch (issue.kind) {
581
+ case "dangerous-tag": return gateContract.policyDisposition(opts.dangerousTagPolicy);
582
+ case "raw-html": return gateContract.policyDisposition(opts.rawHtmlPolicy);
583
+ case "html-comment": return gateContract.policyDisposition(opts.htmlCommentPolicy);
584
+ case "front-matter": return gateContract.policyDisposition(opts.frontMatterPolicy);
585
+ case "doctype": return gateContract.policyDisposition(opts.doctypePolicy);
586
+ // The link / image / autolink / reference-link scheme findings fire ONLY for
587
+ // dangerous URL schemes (javascript: / data: / vbscript: / file:) — a
588
+ // denylist hit, so they refuse like html's dangerous-url-scheme. There is no
589
+ // safe audit-and-serve for a known-XSS scheme; the scheme policy still gates
590
+ // EMISSION (`allow` suppresses the finding entirely, an explicit operator
591
+ // opt-in to serve), but any emitted finding refuses.
592
+ case "image-scheme":
593
+ case "link-scheme":
594
+ case "autolink-scheme":
595
+ case "reference-link-scheme": return "refuse";
596
+ case "code-fence-lang": return gateContract.policyDisposition(opts.codeFenceLangPolicy);
597
+ case "emphasis-run": return gateContract.policyDisposition(opts.emphasisRunPolicy);
598
+ case "bad-input":
599
+ case "too-large":
600
+ case "line-cap":
601
+ case "link-cap":
602
+ case "image-cap":
603
+ case "autolink-cap":
604
+ case "ref-def-cap":
605
+ case "list-depth-cap":
606
+ case "blockquote-depth-cap": return "refuse";
607
+ default: return null;
608
+ }
609
+ }
610
+
627
611
  function gate(opts) {
628
- opts = _resolveOpts(opts);
629
- return gateContract.buildGuardGate(
630
- opts.name || "guardMarkdown:" + (opts.profile || "default"),
631
- opts,
632
- async function (ctx) {
633
- var text = gateContract.extractBytesAsText(ctx);
634
- if (!text) return { ok: true, action: "serve" };
635
- var rv = validate(text, opts);
636
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
637
- var hasCritical = rv.issues.some(function (i) {
638
- return i.severity === "critical";
639
- });
640
- var hasHigh = rv.issues.some(function (i) {
641
- return i.severity === "high";
642
- });
643
- if (!hasCritical && !hasHigh) {
644
- return { ok: true, action: "audit-only", issues: rv.issues };
645
- }
646
- var canSanitize = !hasCritical &&
647
- opts.dangerousTagPolicy !== "reject" &&
648
- opts.dangerousSchemePolicy !== "reject" &&
649
- opts.imageSchemePolicy !== "reject" &&
650
- opts.autolinkSchemePolicy !== "reject" &&
651
- opts.referenceLinkPolicy !== "reject" &&
652
- opts.codeFenceLangPolicy !== "reject" &&
653
- opts.doctypePolicy !== "reject";
654
- if (canSanitize) {
655
- try {
656
- var clean = sanitize(text, opts);
657
- return { ok: true, action: "sanitize",
658
- sanitized: Buffer.from(clean, "utf8"),
659
- issues: rv.issues };
660
- } catch (_e) { /* fall through */ }
661
- }
662
- return { ok: false, action: "refuse", issues: rv.issues };
663
- });
612
+ opts = module.exports.resolveOpts(opts);
613
+ return gateContract.buildContentGate({
614
+ name: opts.name || "guardMarkdown:" + (opts.profile || "default"),
615
+ opts: opts,
616
+ validate: module.exports.validate,
617
+ dispositionFor: _gateDispositionFor,
618
+ // Only the char-threat classes the strip transform can excise ever reach
619
+ // sanitize (and only when their policy is a mitigation); the markup classes
620
+ // are refuse / audit by policy. produceSanitized is the strip transform
621
+ // itself, NOT the public `sanitize` — that one throws on a critical finding
622
+ // (e.g. a bidi override) regardless of the strip policy, which would turn a
623
+ // policy-selected sanitize into a refuse.
624
+ produceSanitized: function (text, o) { return _sanitizeTransform(text, o); },
625
+ });
664
626
  }
665
627
 
666
628
  // buildProfile / compliancePosture / loadRulePack are assembled by
@@ -690,12 +652,16 @@ module.exports = gateContract.defineGuard({
690
652
  kind: "content",
691
653
  errorClass: GuardMarkdownError,
692
654
  profiles: PROFILES,
693
- defaults: DEFAULTS,
694
- postures: COMPLIANCE_POSTURES,
655
+ base: 256,
656
+ defaultsOverlay: { maxRuntimeMs: C.TIME.seconds(10) },
695
657
  mimeTypes: ["text/markdown", "text/x-markdown", "text/x-gfm"],
696
658
  extensions: [".md", ".markdown"],
697
659
  integrationFixtures: INTEGRATION_FIXTURES,
698
- validate: validate,
699
- sanitize: sanitize,
660
+ detect: _detectIssues,
661
+ sanitizeTransform: _sanitizeTransform,
662
+ sanitizeSeverities: ["critical"],
663
+ intOpts: ["maxBytes", "maxLines", "maxLinks", "maxImages", "maxAutolinks",
664
+ "maxRefDefs", "maxListDepth", "maxBlockquoteDepth"],
700
665
  gate: gate,
666
+ extra: { _gateDispositionForTest: _gateDispositionFor },
701
667
  });
@@ -51,6 +51,7 @@
51
51
 
52
52
  var { defineClass } = require("./framework-error");
53
53
  var gateContract = require("./gate-contract");
54
+ var codepointClass = require("./codepoint-class");
54
55
 
55
56
  var GuardMessageIdError = defineClass("GuardMessageIdError", { alwaysPermanent: true });
56
57
 
@@ -124,12 +125,10 @@ function validate(value, opts) {
124
125
  // C0 control chars + NUL + DEL — always refused at every profile
125
126
  // (defends mail-header-injection class — operator can't smuggle
126
127
  // CR/LF into a Message-Id to fold an attacker-chosen From: line).
127
- for (var i = 0; i < value.length; i += 1) {
128
- var c = value.charCodeAt(i);
129
- if (c < 0x20 || c === 0x7F) { // C0 + DEL refusal
130
- throw new GuardMessageIdError("message-id/control-char",
131
- "guardMessageId.validate: control char 0x" + c.toString(16) + " at offset " + i);
132
- }
128
+ var _ctlOff = codepointClass.firstControlCharOffset(value, { forbidTab: true }); // C0 + DEL refusal
129
+ if (_ctlOff !== -1) {
130
+ throw new GuardMessageIdError("message-id/control-char",
131
+ "guardMessageId.validate: control char 0x" + value.charCodeAt(_ctlOff).toString(16) + " at offset " + _ctlOff);
133
132
  }
134
133
 
135
134
  // Bidi codepoints — refused at strict + balanced; permissive lets
@@ -36,11 +36,9 @@
36
36
  * Media-type identifier-safety guard.
37
37
  */
38
38
 
39
- var codepointClass = require("./codepoint-class");
40
39
  var lazyRequire = require("./lazy-require");
41
40
  var gateContract = require("./gate-contract");
42
41
  var C = require("./constants");
43
- var numericBounds = require("./numeric-bounds");
44
42
  var safeBuffer = require("./safe-buffer");
45
43
  var { GuardMimeError } = require("./framework-error");
46
44
 
@@ -81,10 +79,7 @@ var RISKY_TYPES = Object.freeze([
81
79
 
82
80
  var PROFILES = Object.freeze({
83
81
  "strict": {
84
- bidiPolicy: "reject",
85
- controlPolicy: "reject",
86
- nullBytePolicy: "reject",
87
- zeroWidthPolicy: "reject",
82
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
88
83
  wildcardPolicy: "reject",
89
84
  vendorTreePolicy: "audit",
90
85
  personalTreePolicy: "audit",
@@ -95,10 +90,7 @@ var PROFILES = Object.freeze({
95
90
  maxRuntimeMs: C.TIME.seconds(2),
96
91
  },
97
92
  "balanced": {
98
- bidiPolicy: "reject",
99
- controlPolicy: "reject",
100
- nullBytePolicy: "reject",
101
- zeroWidthPolicy: "reject",
93
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
102
94
  wildcardPolicy: "audit",
103
95
  vendorTreePolicy: "allow",
104
96
  personalTreePolicy: "audit",
@@ -109,10 +101,7 @@ var PROFILES = Object.freeze({
109
101
  maxRuntimeMs: C.TIME.seconds(2),
110
102
  },
111
103
  "permissive": {
112
- bidiPolicy: "reject", // BIDI refused at every profile
113
- controlPolicy: "reject", // controls refused at every profile
114
- nullBytePolicy: "reject", // null refused at every profile
115
- zeroWidthPolicy: "reject", // zero-width refused at every profile
104
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
116
105
  wildcardPolicy: "allow",
117
106
  vendorTreePolicy: "allow",
118
107
  personalTreePolicy: "allow",
@@ -124,35 +113,6 @@ var PROFILES = Object.freeze({
124
113
  },
125
114
  });
126
115
 
127
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
128
- mode: "enforce",
129
- }));
130
-
131
- var COMPLIANCE_POSTURES = Object.freeze({
132
- "hipaa": Object.assign({}, PROFILES["strict"], {
133
- forensicSnippetBytes: C.BYTES.bytes(128),
134
- }),
135
- "pci-dss": Object.assign({}, PROFILES["strict"], {
136
- forensicSnippetBytes: C.BYTES.bytes(128),
137
- }),
138
- "gdpr": Object.assign({}, PROFILES["balanced"], {
139
- forensicSnippetBytes: C.BYTES.bytes(64),
140
- }),
141
- "soc2": Object.assign({}, PROFILES["strict"], {
142
- forensicSnippetBytes: C.BYTES.bytes(256),
143
- }),
144
- });
145
-
146
- function _resolveOpts(opts) {
147
- return gateContract.resolveProfileAndPosture(opts, {
148
- profiles: PROFILES,
149
- compliancePostures: COMPLIANCE_POSTURES,
150
- defaults: DEFAULTS,
151
- errorClass: GuardMimeError,
152
- errCodePrefix: "mime",
153
- });
154
- }
155
-
156
116
  // ---- Parser ----
157
117
 
158
118
  function _splitTopLevel(input) {
@@ -175,25 +135,9 @@ function _splitTopLevel(input) {
175
135
  }
176
136
 
177
137
  function _detectIssues(input, opts) {
178
- var issues = [];
179
- if (typeof input !== "string") {
180
- return [{ kind: "bad-input", severity: "high",
181
- ruleId: "mime.bad-input",
182
- snippet: "mime is not a string" }];
183
- }
184
- if (input.length === 0) {
185
- return [{ kind: "empty", severity: "high",
186
- ruleId: "mime.empty",
187
- snippet: "mime is empty" }];
188
- }
189
- if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
190
- return [{ kind: "mime-cap", severity: "high",
191
- ruleId: "mime.mime-cap",
192
- snippet: "mime input exceeds maxBytes " + opts.maxBytes }];
193
- }
194
-
195
- var charThreats = codepointClass.detectCharThreats(input, opts, "mime");
196
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
138
+ var pre = gateContract.detectStringInput(input, opts, { name: "mime", cap: { bytes: opts.maxBytes } });
139
+ if (pre.done) return pre.issues;
140
+ var issues = pre.issues;
197
141
 
198
142
  var parts = _splitTopLevel(input);
199
143
  var typeSubtype = parts[0];
@@ -391,21 +335,10 @@ function _detectIssues(input, opts) {
391
335
  * bad.ok; // → false
392
336
  * bad.issues[0].ruleId; // → "mime.risky-type"
393
337
  */
394
- function validate(input, opts) {
395
- opts = _resolveOpts(opts);
396
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
397
- ["maxBytes"],
398
- "guardMime.validate", GuardMimeError, "mime.bad-opt");
399
- if (typeof input !== "string") {
400
- return {
401
- ok: false,
402
- issues: [{ kind: "bad-input", severity: "high",
403
- ruleId: "mime.bad-input",
404
- snippet: "mime is not a string" }],
405
- };
406
- }
407
- return gateContract.aggregateIssues(_detectIssues(input, opts));
408
- }
338
+ // validate is assembled by gateContract.defineGuard from `detect`
339
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
340
+ // input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
341
+ // The @primitive block above documents the resulting public ABI.
409
342
 
410
343
  /**
411
344
  * @primitive b.guardMime.sanitize
@@ -437,15 +370,10 @@ function validate(input, opts) {
437
370
  * e.code; // → "mime.risky-type"
438
371
  * }
439
372
  */
440
- function sanitize(input, opts) {
441
- opts = _resolveOpts(opts);
442
- if (typeof input !== "string") {
443
- throw _err("mime.bad-input", "sanitize requires string input");
444
- }
445
- var issues = _detectIssues(input, opts);
446
- gateContract.throwOnRefusalSeverity(issues, {
447
- errorClass: GuardMimeError, codePrefix: "mime",
448
- });
373
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
374
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
375
+ // already-validated string at this point (a non-string refuses upstream).
376
+ function _sanitizeTransform(input) {
449
377
  // Normalize: lowercase the type/subtype; preserve parameter case
450
378
  // because some parameter values are case-significant (e.g. boundary
451
379
  // tokens in multipart/form-data).
@@ -468,15 +396,8 @@ function sanitize(input, opts) {
468
396
  // Their wiki sections render from the single-sourced @abiTemplate blocks
469
397
  // in gate-contract.js, instantiated per guard by the page generator.
470
398
 
471
- var INTEGRATION_FIXTURES = Object.freeze({
472
- kind: "identifier",
473
- benignBytes: Buffer.from("application/json", "utf8"),
474
- hostileBytes: Buffer.from("application/x-msdownload", "utf8"),
475
- benignIdentifier: "application/json",
476
- // Hostile: risky-type — refused at strict (executable script-host
477
- // class).
478
- hostileIdentifier: "application/x-msdownload",
479
- });
399
+ // Hostile: risky-type — refused at strict (executable script-host class).
400
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("application/json", "application/x-msdownload");
480
401
 
481
402
  // Assembled from the gate-contract guard factory: error class, registry
482
403
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -488,10 +409,10 @@ module.exports = gateContract.defineGuard({
488
409
  kind: "identifier",
489
410
  errorClass: GuardMimeError,
490
411
  profiles: PROFILES,
491
- defaults: DEFAULTS,
492
- postures: COMPLIANCE_POSTURES,
412
+ base: 128,
493
413
  integrationFixtures: INTEGRATION_FIXTURES,
494
- validate: validate,
495
- sanitize: sanitize,
414
+ detect: _detectIssues,
415
+ sanitizeTransform: _sanitizeTransform,
416
+ intOpts: ["maxBytes"],
496
417
  ctxFields: ["identifier", "mime"],
497
418
  });
@@ -83,7 +83,6 @@ var codepointClass = require("./codepoint-class");
83
83
  var lazyRequire = require("./lazy-require");
84
84
  var gateContract = require("./gate-contract");
85
85
  var C = require("./constants");
86
- var numericBounds = require("./numeric-bounds");
87
86
  var { GuardOauthError } = require("./framework-error");
88
87
 
89
88
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -96,10 +95,7 @@ var DEFAULT_RESPONSE_TYPES = Object.freeze(["code"]);
96
95
 
97
96
  var PROFILES = Object.freeze({
98
97
  "strict": {
99
- bidiPolicy: "reject",
100
- controlPolicy: "reject",
101
- nullBytePolicy: "reject",
102
- zeroWidthPolicy: "reject",
98
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
103
99
  pkcePolicy: "require-s256",
104
100
  statePolicy: "require",
105
101
  redirectUriPolicy: "require-exact-allowlist",
@@ -113,10 +109,7 @@ var PROFILES = Object.freeze({
113
109
  maxRuntimeMs: C.TIME.seconds(2),
114
110
  },
115
111
  "balanced": {
116
- bidiPolicy: "reject",
117
- controlPolicy: "reject",
118
- nullBytePolicy: "reject",
119
- zeroWidthPolicy: "reject",
112
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
120
113
  pkcePolicy: "require-any", // S256 or plain
121
114
  statePolicy: "require",
122
115
  redirectUriPolicy: "require-exact-allowlist",
@@ -130,10 +123,7 @@ var PROFILES = Object.freeze({
130
123
  maxRuntimeMs: C.TIME.seconds(2),
131
124
  },
132
125
  "permissive": {
133
- bidiPolicy: "reject", // BIDI refused at every profile
134
- controlPolicy: "reject", // controls refused at every profile
135
- nullBytePolicy: "reject", // null refused at every profile
136
- zeroWidthPolicy: "reject", // zero-width refused at every profile
126
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
137
127
  pkcePolicy: "audit",
138
128
  statePolicy: "audit",
139
129
  redirectUriPolicy: "audit",
@@ -148,35 +138,6 @@ var PROFILES = Object.freeze({
148
138
  },
149
139
  });
150
140
 
151
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
152
- mode: "enforce",
153
- }));
154
-
155
- var COMPLIANCE_POSTURES = Object.freeze({
156
- "hipaa": Object.assign({}, PROFILES["strict"], {
157
- forensicSnippetBytes: C.BYTES.bytes(256),
158
- }),
159
- "pci-dss": Object.assign({}, PROFILES["strict"], {
160
- forensicSnippetBytes: C.BYTES.bytes(256),
161
- }),
162
- "gdpr": Object.assign({}, PROFILES["balanced"], {
163
- forensicSnippetBytes: C.BYTES.bytes(128),
164
- }),
165
- "soc2": Object.assign({}, PROFILES["strict"], {
166
- forensicSnippetBytes: C.BYTES.bytes(512),
167
- }),
168
- });
169
-
170
- function _resolveOpts(opts) {
171
- return gateContract.resolveProfileAndPosture(opts, {
172
- profiles: PROFILES,
173
- compliancePostures: COMPLIANCE_POSTURES,
174
- defaults: DEFAULTS,
175
- errorClass: GuardOauthError,
176
- errCodePrefix: "oauth",
177
- });
178
- }
179
-
180
141
  function _detectIssues(flow, opts) {
181
142
  var issues = [];
182
143
  if (!flow || typeof flow !== "object") {
@@ -401,13 +362,9 @@ function _detectIssues(flow, opts) {
401
362
  * });
402
363
  * ok.ok; // → true
403
364
  */
404
- function validate(input, opts) {
405
- opts = _resolveOpts(opts);
406
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
407
- ["maxBytes", "maxParamBytes"],
408
- "guardOauth.validate", GuardOauthError, "oauth.bad-opt");
409
- return gateContract.aggregateIssues(_detectIssues(input, opts));
410
- }
365
+ // validate is assembled by gateContract.defineGuard from `detect`
366
+ // (_detectIssues), with the maxBytes/maxParamBytes caps declared via
367
+ // `intOpts`. The @primitive block above documents the resulting ABI.
411
368
 
412
369
  /**
413
370
  * @primitive b.guardOauth.sanitize
@@ -439,12 +396,11 @@ function validate(input, opts) {
439
396
  * e.code; // → "oauth.pkce-missing"
440
397
  * }
441
398
  */
442
- function sanitize(input, opts) {
443
- opts = _resolveOpts(opts);
444
- // OAuth flows can't be repaired sanitize either passes through
445
- // valid input or throws.
446
- var issues = _detectIssues(input, opts);
447
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardOauthError, codePrefix: "oauth" });
399
+ // _sanitizeTransform the normalize tail applied by defineGuard's generated
400
+ // sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. OAuth flows
401
+ // can't be repaired: any critical/high finding refuses upstream, so the
402
+ // transform passes the already-validated bundle through unchanged.
403
+ function _sanitizeTransform(input) {
448
404
  return input;
449
405
  }
450
406
 
@@ -490,25 +446,15 @@ function sanitize(input, opts) {
490
446
  * rv.action; // → "refuse"
491
447
  */
492
448
  function gate(opts) {
493
- opts = _resolveOpts(opts);
449
+ opts = _guard.resolveOpts(opts);
494
450
  return gateContract.buildGuardGate(
495
451
  opts.name || "guardOauth:" + (opts.profile || "default"),
496
452
  opts,
497
453
  async function (ctx) {
498
454
  var flow = ctx && (ctx.oauthFlow || ctx.flow);
499
455
  if (!flow) return { ok: true, action: "serve" };
500
- var rv = validate(flow, opts);
501
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
502
- var hasCritical = rv.issues.some(function (i) {
503
- return i.severity === "critical";
504
- });
505
- var hasHigh = rv.issues.some(function (i) {
506
- return i.severity === "high";
507
- });
508
- if (!hasCritical && !hasHigh) {
509
- return { ok: true, action: "audit-only", issues: rv.issues };
510
- }
511
- return { ok: false, action: "refuse", issues: rv.issues };
456
+ var rv = module.exports.validate(flow, opts);
457
+ return gateContract.severityDisposition(rv.issues);
512
458
  });
513
459
  }
514
460
 
@@ -555,15 +501,15 @@ var INTEGRATION_FIXTURES = Object.freeze({
555
501
  // surface (validate / sanitize / bespoke gate) passed through verbatim.
556
502
  // The custom KIND ("oauth-flow") is accepted because the bespoke gate
557
503
  // reads its own ctx fields (ctx.oauthFlow / ctx.flow).
558
- module.exports = gateContract.defineGuard({
504
+ var _guard = module.exports = gateContract.defineGuard({
559
505
  name: "oauth",
560
506
  kind: "oauth-flow",
561
507
  errorClass: GuardOauthError,
562
508
  profiles: PROFILES,
563
- defaults: DEFAULTS,
564
- postures: COMPLIANCE_POSTURES,
509
+ base: 256,
565
510
  integrationFixtures: INTEGRATION_FIXTURES,
566
- validate: validate,
567
- sanitize: sanitize,
511
+ detect: _detectIssues,
512
+ sanitizeTransform: _sanitizeTransform,
513
+ intOpts: ["maxBytes", "maxParamBytes"],
568
514
  gate: gate,
569
515
  });