@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -69,9 +69,9 @@
69
69
  */
70
70
 
71
71
  var lazyRequire = require("./lazy-require");
72
+ var safeBuffer = require("./safe-buffer");
72
73
  var gateContract = require("./gate-contract");
73
74
  var C = require("./constants");
74
- var numericBounds = require("./numeric-bounds");
75
75
  var { GuardPdfError } = require("./framework-error");
76
76
 
77
77
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -132,34 +132,9 @@ var PROFILES = Object.freeze({
132
132
  },
133
133
  });
134
134
 
135
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
136
- mode: "enforce",
137
- }));
135
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
138
136
 
139
- var COMPLIANCE_POSTURES = Object.freeze({
140
- "hipaa": Object.assign({}, PROFILES["strict"], {
141
- forensicSnippetBytes: C.BYTES.bytes(512),
142
- }),
143
- "pci-dss": Object.assign({}, PROFILES["strict"], {
144
- forensicSnippetBytes: C.BYTES.bytes(512),
145
- }),
146
- "gdpr": Object.assign({}, PROFILES["balanced"], {
147
- forensicSnippetBytes: C.BYTES.bytes(256),
148
- }),
149
- "soc2": Object.assign({}, PROFILES["strict"], {
150
- forensicSnippetBytes: C.BYTES.bytes(1024),
151
- }),
152
- });
153
-
154
- function _resolveOpts(opts) {
155
- return gateContract.resolveProfileAndPosture(opts, {
156
- profiles: PROFILES,
157
- compliancePostures: COMPLIANCE_POSTURES,
158
- defaults: DEFAULTS,
159
- errorClass: GuardPdfError,
160
- errCodePrefix: "pdf",
161
- });
162
- }
137
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 512 });
163
138
 
164
139
  function _hasPdfMagic(buf) {
165
140
  if (!buf || typeof buf.length !== "number" || buf.length < PDF_MAGIC.length) {
@@ -180,7 +155,7 @@ function _detectIssues(metadata, opts) {
180
155
  }
181
156
 
182
157
  var bytes = metadata.bytes;
183
- if (bytes && typeof bytes.length === "number" && bytes.length > opts.maxBytes) {
158
+ if (bytes && typeof bytes.length === "number" && safeBuffer.byteLengthOf(bytes) > opts.maxBytes) {
184
159
  return [{ kind: "pdf-cap", severity: "high",
185
160
  ruleId: "pdf.pdf-cap",
186
161
  snippet: "pdf bytes exceed maxBytes " + opts.maxBytes }];
@@ -339,15 +314,13 @@ function _detectIssues(metadata, opts) {
339
314
  * launch.issues.some(function (i) { return i.kind === "launch-action"; });
340
315
  * // → true
341
316
  */
342
- function validate(input, opts) {
343
- opts = _resolveOpts(opts);
344
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
345
- ["maxBytes", "maxPageCount"],
346
- "guardPdf.validate", GuardPdfError, "pdf.bad-opt");
347
- // maxEmbeddedFileCount allows 0 (strict refuses all embedded files);
348
- // skip the positive-finite check.
349
- return gateContract.aggregateIssues(_detectIssues(input, opts));
350
- }
317
+ // validate is assembled by gateContract.defineGuard from `detect`
318
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
319
+ // input, resolveOpts(opts)))`, with the maxBytes / maxPageCount caps
320
+ // declared via `intOpts`. maxEmbeddedFileCount allows 0 (strict refuses all
321
+ // embedded files) so it is NOT an intOpt — the positive-finite check would
322
+ // reject the strict default. The @primitive block above documents the
323
+ // resulting public ABI.
351
324
 
352
325
  /**
353
326
  * @primitive b.guardPdf.sanitize
@@ -356,13 +329,19 @@ function validate(input, opts) {
356
329
  * @status stable
357
330
  * @related b.guardPdf.validate, b.guardPdf.gate
358
331
  *
359
- * Best-effort metadata pass-through. PDF byte sanitization
360
- * (stripping JavaScript actions, embedded files, OpenActions) is
361
- * the operator parser's responsibility the guard cannot rewrite
362
- * the byte stream without a vendored PDF library. `sanitize`
363
- * validates the metadata against the active profile and re-throws
364
- * `GuardPdfError` when any issue is `critical` or `high`. Returns
365
- * the input unchanged when every issue is `warn` or below.
332
+ * Disarm-by-refusal. PDF active content (`/JavaScript`, `/Launch`,
333
+ * `/OpenAction`, embedded files) and encryption live in a
334
+ * cross-referenced object graph; excising them safely needs a vendored
335
+ * PDF parser, which the framework does not ship (a parser per format is
336
+ * a supply-chain hop, and a fragile in-house excision on a security
337
+ * primitive is worse than an honest refusal). So `sanitize` forces every
338
+ * active-content / exfil / encryption policy to `reject` and re-throws
339
+ * `GuardPdfError` on any finding — it never hands back a PDF that still
340
+ * carries JavaScript, a launch/open action, embedded files, or
341
+ * encryption. A PDF with none of these passes through unchanged
342
+ * (genuinely nothing to strip). Operators needing a repaired file run a
343
+ * vendored disarm tool (e.g. `qpdf --decrypt` plus removing
344
+ * `/OpenAction` / `/Names` / `/JavaScript`).
366
345
  *
367
346
  * @opts
368
347
  * profile: "strict"|"balanced"|"permissive",
@@ -379,12 +358,21 @@ function validate(input, opts) {
379
358
  * }
380
359
  */
381
360
  function sanitize(input, opts) {
382
- opts = _resolveOpts(opts);
383
- if (!input || typeof input !== "object") {
384
- throw _err("pdf.bad-input", "sanitize requires metadata object");
385
- }
386
- var issues = _detectIssues(input, opts);
387
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardPdfError, codePrefix: "pdf" });
361
+ var resolved = module.exports.resolveOpts(opts);
362
+ // Force the active-content / exfil / encryption policies to reject, then
363
+ // refuse anything the validate chain flags. The object graph can't be
364
+ // edited without a parser, so disarm collapses to "refuse if not already
365
+ // inert" never a silent passthrough of a live action.
366
+ var strict = Object.assign({}, resolved, {
367
+ magicPolicy: "reject",
368
+ openActionPolicy: "reject",
369
+ embeddedFilePolicy: "reject",
370
+ embeddedFileCountPolicy: "reject",
371
+ encryptedPolicy: "reject",
372
+ });
373
+ var issues = _detectIssues(input, strict);
374
+ gateContract.throwOnRefusalSeverity(issues,
375
+ { errorClass: GuardPdfError, codePrefix: "pdf" });
388
376
  return input;
389
377
  }
390
378
 
@@ -400,8 +388,10 @@ function sanitize(input, opts) {
400
388
  * { "application/pdf": gate } })` or `b.staticServe`. Operators pass
401
389
  * `ctx.metadata` (the parser's structural report) plus the original
402
390
  * `bytes`. Action chain: `serve` (no issues) → `audit-only`
403
- * (warn-only) → `refuse` (any critical / high). No `sanitize` action
404
- * PDF byte streams can't be rewritten without a vendored parser.
391
+ * (warn-only) → `refuse` (any critical / high). The gate does not
392
+ * rewrite bytes; `b.guardPdf.sanitize(bag)` is disarm-by-refusal (it
393
+ * refuses any PDF still carrying active content / embedded files /
394
+ * encryption rather than silently passing it through).
405
395
  *
406
396
  * @opts
407
397
  * profile: "strict"|"balanced"|"permissive",
@@ -422,25 +412,21 @@ function sanitize(input, opts) {
422
412
  * verdict.issues[0].kind; // → "javascript-action"
423
413
  */
424
414
  function gate(opts) {
425
- opts = _resolveOpts(opts);
415
+ opts = gateContract.resolveProfileAndPosture(opts, {
416
+ profiles: PROFILES,
417
+ compliancePostures: COMPLIANCE_POSTURES,
418
+ defaults: DEFAULTS,
419
+ errorClass: GuardPdfError,
420
+ errCodePrefix: "pdf",
421
+ });
426
422
  return gateContract.buildGuardGate(
427
423
  opts.name || "guardPdf:" + (opts.profile || "default"),
428
424
  opts,
429
425
  async function (ctx) {
430
426
  var meta = ctx && (ctx.metadata || ctx.pdfMetadata);
431
427
  if (!meta) return { ok: true, action: "serve" };
432
- var rv = validate(meta, opts);
433
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
434
- var hasCritical = rv.issues.some(function (i) {
435
- return i.severity === "critical";
436
- });
437
- var hasHigh = rv.issues.some(function (i) {
438
- return i.severity === "high";
439
- });
440
- if (!hasCritical && !hasHigh) {
441
- return { ok: true, action: "audit-only", issues: rv.issues };
442
- }
443
- return { ok: false, action: "refuse", issues: rv.issues };
428
+ var rv = module.exports.validate(meta, opts);
429
+ return gateContract.severityDisposition(rv.issues);
444
430
  });
445
431
  }
446
432
 
@@ -492,10 +478,13 @@ var INTEGRATION_FIXTURES = Object.freeze({
492
478
  // Assembled from the gate-contract guard factory: error class, registry
493
479
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
494
480
  // compliancePosture / loadRulePack wiring, plus the per-guard inspection
495
- // surface (validate / sanitize / gate) and the pdf extra (inspectMagic)
496
- // passed through verbatim. KIND="metadata" is a custom kind, so the bespoke
497
- // `gate` (operator-feeds-metadata ctx.metadata reader) is REQUIRED and
498
- // carries the JavaScript / launch-action / embedded-file chain unchanged.
481
+ // surface. validate + sanitize are generated from `detect` (_detectIssues)
482
+ // and `sanitizeTransform` (_sanitizeTransform) with the positive-finite-int
483
+ // caps declared via `intOpts` (maxEmbeddedFileCount is excluded strict
484
+ // defaults it to 0). The pdf extra (inspectMagic) passes through verbatim.
485
+ // KIND="metadata" is a custom kind, so the bespoke `gate`
486
+ // (operator-feeds-metadata ctx.metadata reader) is REQUIRED and carries the
487
+ // JavaScript / launch-action / embedded-file chain unchanged.
499
488
  module.exports = gateContract.defineGuard({
500
489
  name: "pdf",
501
490
  kind: "metadata",
@@ -504,8 +493,12 @@ module.exports = gateContract.defineGuard({
504
493
  defaults: DEFAULTS,
505
494
  postures: COMPLIANCE_POSTURES,
506
495
  integrationFixtures: INTEGRATION_FIXTURES,
507
- validate: validate,
508
- sanitize: sanitize,
496
+ // detect reads a structured `{ bytes, hasJavaScript, ... }` metadata report,
497
+ // not text. The generated validate's default "raw" input contract hands the
498
+ // bag straight to detect (which owns its own bad-input).
499
+ detect: _detectIssues,
500
+ sanitize: sanitize,
501
+ intOpts: ["maxBytes", "maxPageCount"],
509
502
  gate: gate,
510
503
  extra: {
511
504
  inspectMagic: inspectMagic,
@@ -75,6 +75,8 @@
75
75
 
76
76
  var { defineClass } = require("./framework-error");
77
77
  var gateContract = require("./gate-contract");
78
+ var codepointClass = require("./codepoint-class");
79
+ var safeBuffer = require("./safe-buffer");
78
80
 
79
81
  var GuardPop3CommandError = defineClass("GuardPop3CommandError", { alwaysPermanent: true });
80
82
 
@@ -167,17 +169,14 @@ function validate(line, opts) {
167
169
  throw new GuardPop3CommandError("guard-pop3-command/empty-line",
168
170
  "guardPop3Command.validate: empty command line");
169
171
  }
170
- if (line.length > caps.maxLineBytes) {
172
+ if (safeBuffer.byteLengthOf(line) > caps.maxLineBytes) {
171
173
  throw new GuardPop3CommandError("guard-pop3-command/line-too-long",
172
- "guardPop3Command.validate: line " + line.length + " bytes exceeds cap " + caps.maxLineBytes);
174
+ "guardPop3Command.validate: line " + safeBuffer.byteLengthOf(line) + " bytes exceeds cap " + caps.maxLineBytes);
173
175
  }
174
- for (var i = 0; i < line.length; i += 1) {
175
- var c = line.charCodeAt(i);
176
- if (c === 0x00 || c === 0x7F || (c < 0x20 && c !== 0x09)) { // control-byte refusal
177
- if (c === 0x0A && caps.allowBareLf) continue;
178
- throw new GuardPop3CommandError("guard-pop3-command/bad-byte",
179
- "guardPop3Command.validate: control byte 0x" + c.toString(16) + " at offset " + i); // hex format literal in error message
180
- }
176
+ var ctrlAt = codepointClass.firstControlCharOffset(line, { allowLf: caps.allowBareLf }); // bare LF permitted only when caps allow
177
+ if (ctrlAt !== -1) {
178
+ throw new GuardPop3CommandError("guard-pop3-command/bad-byte",
179
+ "guardPop3Command.validate: control byte 0x" + line.charCodeAt(ctrlAt).toString(16) + " at offset " + ctrlAt); // hex format literal in error message
181
180
  }
182
181
 
183
182
  var firstSpace = line.indexOf(" ");
@@ -200,9 +199,9 @@ function validate(line, opts) {
200
199
  case "USER":
201
200
  if (!rest) throw new GuardPop3CommandError("guard-pop3-command/missing-username",
202
201
  "guardPop3Command.validate: USER requires a name argument");
203
- if (rest.length > caps.maxUsernameBytes) {
202
+ if (safeBuffer.byteLengthOf(rest) > caps.maxUsernameBytes) {
204
203
  throw new GuardPop3CommandError("guard-pop3-command/username-too-long",
205
- "guardPop3Command.validate: USER name " + rest.length + " bytes exceeds cap " + caps.maxUsernameBytes);
204
+ "guardPop3Command.validate: USER name " + safeBuffer.byteLengthOf(rest) + " bytes exceeds cap " + caps.maxUsernameBytes);
206
205
  }
207
206
  if (opts.tls === false && profileName === "strict") {
208
207
  throw new GuardPop3CommandError("guard-pop3-command/cleartext-auth",
@@ -213,9 +212,9 @@ function validate(line, opts) {
213
212
  case "PASS":
214
213
  if (!rest) throw new GuardPop3CommandError("guard-pop3-command/missing-password",
215
214
  "guardPop3Command.validate: PASS requires a password argument");
216
- if (rest.length > caps.maxPasswordBytes) {
215
+ if (safeBuffer.byteLengthOf(rest) > caps.maxPasswordBytes) {
217
216
  throw new GuardPop3CommandError("guard-pop3-command/password-too-long",
218
- "guardPop3Command.validate: PASS argument " + rest.length + " bytes exceeds cap " + caps.maxPasswordBytes);
217
+ "guardPop3Command.validate: PASS argument " + safeBuffer.byteLengthOf(rest) + " bytes exceeds cap " + caps.maxPasswordBytes);
219
218
  }
220
219
  if (opts.tls === false && profileName === "strict") {
221
220
  throw new GuardPop3CommandError("guard-pop3-command/cleartext-auth",
@@ -27,6 +27,7 @@
27
27
 
28
28
  var { defineClass } = require("./framework-error");
29
29
  var gateContract = require("./gate-contract");
30
+ var codepointClass = require("./codepoint-class");
30
31
 
31
32
  var GuardPostureChainError = defineClass("GuardPostureChainError", { alwaysPermanent: true });
32
33
 
@@ -127,7 +128,7 @@ function validate(envelope, opts) {
127
128
  throw new GuardPostureChainError("posture-chain/non-ascii-hop",
128
129
  "guardPostureChain.validate: chainTrail[" + h + "] has non-ASCII codepoint");
129
130
  }
130
- if (hc < 0x20 || hc === 0x7F) { // C0/DEL
131
+ if (codepointClass.isForbiddenControlChar(hc, { forbidTab: true })) { // C0/DEL
131
132
  throw new GuardPostureChainError("posture-chain/bad-hop-char",
132
133
  "guardPostureChain.validate: chainTrail[" + h + "] has forbidden char 0x" + hc.toString(16));
133
134
  }
@@ -45,11 +45,9 @@
45
45
  * Regex-pattern content-safety guard — refuses user-supplied pattern strings that exhibit catastrophic-backtracking (ReDoS) shapes BEFORE the framework compiles them with `new RegExp(...)`.
46
46
  */
47
47
 
48
- var codepointClass = require("./codepoint-class");
49
48
  var lazyRequire = require("./lazy-require");
50
49
  var gateContract = require("./gate-contract");
51
50
  var C = require("./constants");
52
- var numericBounds = require("./numeric-bounds");
53
51
  var { GuardRegexError } = require("./framework-error");
54
52
 
55
53
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -82,10 +80,7 @@ var EXTGLOB_HEAD_RE = /[*+?@!]\(/g;
82
80
 
83
81
  var PROFILES = Object.freeze({
84
82
  "strict": {
85
- bidiPolicy: "reject",
86
- controlPolicy: "reject",
87
- nullBytePolicy: "reject",
88
- zeroWidthPolicy: "reject",
83
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
89
84
  nestedQuantPolicy: "reject",
90
85
  alternationQuantPolicy: "reject",
91
86
  boundedRepeatPolicy: "reject",
@@ -100,10 +95,7 @@ var PROFILES = Object.freeze({
100
95
  maxRuntimeMs: C.TIME.seconds(2),
101
96
  },
102
97
  "balanced": {
103
- bidiPolicy: "reject",
104
- controlPolicy: "reject",
105
- nullBytePolicy: "reject",
106
- zeroWidthPolicy: "reject",
98
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
107
99
  nestedQuantPolicy: "reject",
108
100
  alternationQuantPolicy: "audit",
109
101
  boundedRepeatPolicy: "audit",
@@ -117,10 +109,7 @@ var PROFILES = Object.freeze({
117
109
  maxRuntimeMs: C.TIME.seconds(2),
118
110
  },
119
111
  "permissive": {
120
- bidiPolicy: "reject", // BIDI refused at every profile
121
- controlPolicy: "reject", // controls refused at every profile
122
- nullBytePolicy: "reject", // null refused at every profile
123
- zeroWidthPolicy: "reject", // zero-width refused at every profile
112
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
124
113
  nestedQuantPolicy: "reject", // canonical ReDoS class refused at every profile
125
114
  alternationQuantPolicy: "allow",
126
115
  boundedRepeatPolicy: "audit",
@@ -135,56 +124,15 @@ var PROFILES = Object.freeze({
135
124
  },
136
125
  });
137
126
 
138
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
139
- mode: "enforce",
140
- }));
127
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
141
128
 
142
- var COMPLIANCE_POSTURES = Object.freeze({
143
- "hipaa": Object.assign({}, PROFILES["strict"], {
144
- forensicSnippetBytes: C.BYTES.bytes(256),
145
- }),
146
- "pci-dss": Object.assign({}, PROFILES["strict"], {
147
- forensicSnippetBytes: C.BYTES.bytes(256),
148
- }),
149
- "gdpr": Object.assign({}, PROFILES["balanced"], {
150
- forensicSnippetBytes: C.BYTES.bytes(128),
151
- }),
152
- "soc2": Object.assign({}, PROFILES["strict"], {
153
- forensicSnippetBytes: C.BYTES.bytes(512),
154
- }),
155
- });
129
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
156
130
 
157
- function _resolveOpts(opts) {
158
- return gateContract.resolveProfileAndPosture(opts, {
159
- profiles: PROFILES,
160
- compliancePostures: COMPLIANCE_POSTURES,
161
- defaults: DEFAULTS,
162
- errorClass: GuardRegexError,
163
- errCodePrefix: "regex",
164
- });
165
- }
166
131
 
167
132
  function _detectIssues(input, opts) {
168
- var issues = [];
169
- if (typeof input !== "string") {
170
- return [{ kind: "bad-input", severity: "high",
171
- ruleId: "regex.bad-input",
172
- snippet: "regex pattern is not a string" }];
173
- }
174
- if (input.length === 0) {
175
- return [{ kind: "empty", severity: "high",
176
- ruleId: "regex.empty",
177
- snippet: "regex pattern is empty" }];
178
- }
179
- if (Buffer.byteLength(input, "utf8") > opts.maxPatternBytes) {
180
- return [{ kind: "pattern-cap", severity: "high",
181
- ruleId: "regex.pattern-cap",
182
- snippet: "regex pattern exceeds maxPatternBytes " +
183
- opts.maxPatternBytes }];
184
- }
185
-
186
- var charThreats = codepointClass.detectCharThreats(input, opts, "regex");
187
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
133
+ var pre = gateContract.detectStringInput(input, opts, { name: "regex", noun: "regex pattern", cap: { bytes: opts.maxPatternBytes, kind: "pattern-cap", snippet: "regex pattern exceeds maxPatternBytes " + opts.maxPatternBytes } });
134
+ if (pre.done) return pre.issues;
135
+ var issues = pre.issues;
188
136
 
189
137
  if (opts.nestedQuantPolicy !== "allow" && NESTED_QUANT_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxPatternBytes
190
138
  issues.push({
@@ -394,13 +342,9 @@ function _detectNestedExtglob(input, opts, issues) {
394
342
  * hostile.ok; // → false
395
343
  * hostile.issues.some(function (i) { return i.kind === "nested-quantifier"; }); // → true
396
344
  */
397
- function validate(input, opts) {
398
- opts = _resolveOpts(opts);
399
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
400
- ["maxBytes", "maxPatternBytes", "maxBoundedRepeat", "maxConsecutiveStars"],
401
- "guardRegex.validate", GuardRegexError, "regex.bad-opt");
402
- return gateContract.aggregateIssues(_detectIssues(input, opts));
403
- }
345
+ // validate is assembled by gateContract.defineGuard from `detect`
346
+ // (_detectIssues), with the positive-finite-int caps declared via `intOpts`.
347
+ // The @primitive block above documents the resulting ABI.
404
348
 
405
349
  /**
406
350
  * @primitive b.guardRegex.sanitize
@@ -444,15 +388,11 @@ function validate(input, opts) {
444
388
  * e.code; // → "regex.nested-quantifier"
445
389
  * }
446
390
  */
447
- function sanitize(input, opts) {
448
- opts = _resolveOpts(opts);
449
- if (typeof input !== "string") {
450
- throw _err("regex.bad-input", "sanitize requires string input");
451
- }
452
- var issues = _detectIssues(input, opts);
453
- gateContract.throwOnRefusalSeverity(issues, {
454
- errorClass: GuardRegexError, codePrefix: "regex",
455
- });
391
+ // _sanitizeTransform the normalize tail applied by defineGuard's generated
392
+ // sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. Regex patterns
393
+ // cannot be safely repaired, so the transform is a pass-through: a non-string
394
+ // or any critical/high finding refuses upstream, clean input returns verbatim.
395
+ function _sanitizeTransform(input) {
456
396
  return input;
457
397
  }
458
398
 
@@ -500,7 +440,7 @@ function sanitize(input, opts) {
500
440
  * });
501
441
  */
502
442
  function gate(opts) {
503
- opts = _resolveOpts(opts);
443
+ opts = _guard.resolveOpts(opts);
504
444
  return gateContract.buildGuardGate(
505
445
  opts.name || "guardRegex:" + (opts.profile || "default"),
506
446
  opts,
@@ -509,18 +449,8 @@ function gate(opts) {
509
449
  if (pattern === undefined || pattern === null) {
510
450
  return { ok: true, action: "serve" };
511
451
  }
512
- var rv = validate(pattern, opts);
513
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
514
- var hasCritical = rv.issues.some(function (i) {
515
- return i.severity === "critical";
516
- });
517
- var hasHigh = rv.issues.some(function (i) {
518
- return i.severity === "high";
519
- });
520
- if (!hasCritical && !hasHigh) {
521
- return { ok: true, action: "audit-only", issues: rv.issues };
522
- }
523
- return { ok: false, action: "refuse", issues: rv.issues };
452
+ var rv = module.exports.validate(pattern, opts);
453
+ return gateContract.severityDisposition(rv.issues);
524
454
  });
525
455
  }
526
456
 
@@ -531,20 +461,14 @@ function gate(opts) {
531
461
  // in gate-contract.js, instantiated per guard by the page generator.
532
462
 
533
463
  // ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
534
- var INTEGRATION_FIXTURES = Object.freeze({
535
- kind: "identifier",
536
- benignBytes: Buffer.from("^[a-z]+$", "utf8"),
537
- hostileBytes: Buffer.from("(a+)+b", "utf8"),
538
- benignIdentifier: "^[a-z]+$",
539
- hostileIdentifier: "(a+)+b",
540
- });
464
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("^[a-z]+$", "(a+)+b");
541
465
 
542
466
  // Assembled from the gate-contract guard factory: error class, registry
543
467
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
544
468
  // compliancePosture / loadRulePack wiring, plus the per-guard inspection
545
469
  // surface (validate / sanitize / gate). The bespoke `gate` carries
546
470
  // guardRegex's ctx.identifier || ctx.pattern dispatch unchanged.
547
- module.exports = gateContract.defineGuard({
471
+ var _guard = module.exports = gateContract.defineGuard({
548
472
  name: "regex",
549
473
  kind: "identifier",
550
474
  errorClass: GuardRegexError,
@@ -552,7 +476,8 @@ module.exports = gateContract.defineGuard({
552
476
  defaults: DEFAULTS,
553
477
  postures: COMPLIANCE_POSTURES,
554
478
  integrationFixtures: INTEGRATION_FIXTURES,
555
- validate: validate,
556
- sanitize: sanitize,
479
+ detect: _detectIssues,
480
+ sanitizeTransform: _sanitizeTransform,
481
+ intOpts: ["maxBytes", "maxPatternBytes", "maxBoundedRepeat", "maxConsecutiveStars"],
557
482
  gate: gate,
558
483
  });
@@ -17,6 +17,7 @@
17
17
 
18
18
  var { defineClass } = require("./framework-error");
19
19
  var gateContract = require("./gate-contract");
20
+ var codepointClass = require("./codepoint-class");
20
21
 
21
22
  var GuardSagaConfigError = defineClass("GuardSagaConfigError", { alwaysPermanent: true });
22
23
 
@@ -80,7 +81,7 @@ function validate(config, opts) {
80
81
  throw new GuardSagaConfigError("saga-config/non-ascii-name",
81
82
  "guardSagaConfig.validate: name has non-ASCII codepoint at offset " + i);
82
83
  }
83
- if (c < 0x20 || c === 0x7F) { // C0/DEL
84
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) { // C0/DEL
84
85
  throw new GuardSagaConfigError("saga-config/bad-name-char",
85
86
  "guardSagaConfig.validate: name has forbidden char 0x" + c.toString(16));
86
87
  }