@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -107,10 +107,11 @@
107
107
  */
108
108
 
109
109
  var codepointClass = require("./codepoint-class");
110
+ var markupTokenizer = require("./markup-tokenizer");
111
+ var markupEscape = require("./markup-escape").markupEscape;
110
112
  var lazyRequire = require("./lazy-require");
111
113
  var gateContract = require("./gate-contract");
112
114
  var C = require("./constants");
113
- var numericBounds = require("./numeric-bounds");
114
115
  var safeUrl = require("./safe-url");
115
116
  var { GuardSvgError } = require("./framework-error");
116
117
 
@@ -197,12 +198,10 @@ var URL_ATTRS = Object.freeze([
197
198
  "background", "poster", "icon",
198
199
  ]);
199
200
 
200
- var SAFE_SCHEMES = Object.freeze(["http", "https", "mailto", "tel"]);
201
+ var SAFE_SCHEMES = gateContract.SAFE_URL_SCHEMES;
201
202
 
202
- var DANGEROUS_SCHEMES = Object.freeze([
203
- "javascript", "vbscript", "livescript", "mocha", "ecmascript",
204
- "file", "mhtml", "jar", "intent", "view-source", "feed", "data",
205
- ]);
203
+ // Markup-attribute scheme denylist — the shared XSS / dangerous-resource set.
204
+ var DANGEROUS_SCHEMES = gateContract.DANGEROUS_URL_SCHEMES;
206
205
 
207
206
  var CSS_DANGEROUS_PATTERNS = Object.freeze([
208
207
  /expression\s*\(/i,
@@ -305,68 +304,14 @@ var PROFILES = Object.freeze({
305
304
  },
306
305
  });
307
306
 
308
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
309
- mode: "enforce",
307
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
310
308
  maxRuntimeMs: C.TIME.seconds(30),
311
- }));
312
-
313
- var COMPLIANCE_POSTURES = Object.freeze({
314
- "hipaa": {
315
- allowedTags: STRICT_ALLOWED_TAGS,
316
- bidiPolicy: "reject",
317
- controlPolicy: "reject",
318
- nullBytePolicy: "reject",
319
- cssPolicy: "reject",
320
- doctypePolicy: "reject",
321
- allowExternalRefs: false,
322
- allowAnimation: false,
323
- forensicSnippetBytes: C.BYTES.bytes(256),
324
- },
325
- "pci-dss": {
326
- allowedTags: STRICT_ALLOWED_TAGS,
327
- bidiPolicy: "reject",
328
- controlPolicy: "reject",
329
- nullBytePolicy: "reject",
330
- cssPolicy: "reject",
331
- doctypePolicy: "reject",
332
- allowExternalRefs: false,
333
- allowAnimation: false,
334
- urlSchemes: SAFE_SCHEMES,
335
- forensicSnippetBytes: C.BYTES.bytes(256),
336
- },
337
- "gdpr": {
338
- allowedTags: BALANCED_ALLOWED_TAGS,
339
- bidiPolicy: "strip",
340
- controlPolicy: "strip",
341
- cssPolicy: "strip",
342
- doctypePolicy: "reject",
343
- allowAnimation: false,
344
- forensicSnippetBytes: C.BYTES.bytes(128),
345
- },
346
- "soc2": {
347
- allowedTags: STRICT_ALLOWED_TAGS,
348
- bidiPolicy: "reject",
349
- controlPolicy: "reject",
350
- nullBytePolicy: "reject",
351
- cssPolicy: "reject",
352
- doctypePolicy: "reject",
353
- allowExternalRefs: false,
354
- allowAnimation: false,
355
- forensicSnippetBytes: C.BYTES.bytes(512),
356
- },
357
309
  });
358
310
 
311
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
312
+
359
313
  // ---- Internal helpers ----
360
314
 
361
- function _resolveOpts(opts) {
362
- return gateContract.resolveProfileAndPosture(opts, {
363
- profiles: PROFILES,
364
- compliancePostures: COMPLIANCE_POSTURES,
365
- defaults: DEFAULTS,
366
- errorClass: GuardSvgError,
367
- errCodePrefix: "svg",
368
- });
369
- }
370
315
 
371
316
  // HTML5 named-entity ASCII subset — same shape as guard-html.
372
317
  // Browsers honor these inside URL contexts; without decoding them,
@@ -436,9 +381,10 @@ function _isSvgz(input) {
436
381
 
437
382
  function _tokenize(input, maxBytes) {
438
383
  var s = String(input || "");
439
- if (s.length > maxBytes) {
384
+ var nb = Buffer.byteLength(s, "utf8");
385
+ if (nb > maxBytes) {
440
386
  throw _err("svg.too-large",
441
- "input " + s.length + " bytes exceeds maxBytes " + maxBytes);
387
+ "input " + nb + " bytes exceeds maxBytes " + maxBytes);
442
388
  }
443
389
  var tokens = [];
444
390
  var len = s.length;
@@ -508,28 +454,16 @@ function _tokenize(input, maxBytes) {
508
454
  pos = endE; continue;
509
455
  }
510
456
 
511
- var pp = lt + 1;
512
- var inQuote = "";
513
- while (pp < len) {
514
- var ch = s.charAt(pp);
515
- if (inQuote) { if (ch === inQuote) inQuote = ""; }
516
- else {
517
- if (ch === '"' || ch === "'") inQuote = ch;
518
- else if (ch === ">") break;
519
- }
520
- pp += 1;
521
- }
457
+ var pp = markupTokenizer.scanToTagEnd(s, lt + 1, len);
522
458
  var endT = pp < len ? pp + 1 : len;
523
459
  var raw = s.slice(lt, endT);
524
460
  var inner = raw.slice(1, raw.charAt(raw.length - 1) === ">" ? raw.length - 1 : raw.length);
525
461
  var selfClosing = inner.endsWith("/");
526
462
  if (selfClosing) inner = inner.slice(0, inner.length - 1);
527
463
 
528
- var nameMatch = inner.match(/^([A-Za-z][A-Za-z0-9:_-]*)/);
529
- var tagName = nameMatch ? nameMatch[1].toLowerCase() : "";
530
- var attrSrc = nameMatch ? inner.slice(nameMatch[0].length) : "";
531
-
532
- var attrs = _parseAttrs(attrSrc);
464
+ var svgParts = markupTokenizer.splitTagNameAttrs(inner, /^([A-Za-z][A-Za-z0-9:_-]*)/);
465
+ var tagName = svgParts.tagName;
466
+ var attrs = _parseAttrs(svgParts.attrSrc);
533
467
  tokens.push({
534
468
  type: "tag", name: tagName, attrs: attrs,
535
469
  raw: raw, start: lt, end: endT, selfClosing: selfClosing,
@@ -576,6 +510,10 @@ function _parseAttrs(src) {
576
510
  // ---- Detection pass ----
577
511
 
578
512
  function _detectIssues(input, opts) {
513
+ if (typeof input !== "string" && !Buffer.isBuffer(input)) {
514
+ return [{ kind: "bad-input", severity: "high",
515
+ snippet: "input is not string or Buffer" }];
516
+ }
579
517
  if (_isSvgz(input)) {
580
518
  return [{
581
519
  kind: "svgz-compressed", severity: "critical", ruleId: "svg.svgz",
@@ -585,7 +523,7 @@ function _detectIssues(input, opts) {
585
523
  }
586
524
 
587
525
  var s = typeof input === "string" ? input : Buffer.from(input).toString("utf8");
588
- var issues = codepointClass.detectCharThreats(s, opts, "svg");
526
+ var issues = codepointClass.detectCharThreats(s, opts, "svg", "warn");
589
527
 
590
528
  var tokens;
591
529
  try { tokens = _tokenize(s, opts.maxBytes); }
@@ -708,7 +646,7 @@ function _detectIssues(input, opts) {
708
646
  for (var ai = 0; ai < attrs.length; ai += 1) {
709
647
  var a = attrs[ai];
710
648
  var an = a.name.toLowerCase();
711
- if (a.value && a.value.length > opts.maxAttrValueBytes) {
649
+ if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) {
712
650
  issues.push({
713
651
  kind: "attr-value-too-large", severity: "high",
714
652
  ruleId: "svg.attr-size",
@@ -806,9 +744,10 @@ function _sanitize(input, opts) {
806
744
  throw _err("svg.svgz", "compressed SVGZ payload — operator must ungzip before sanitize");
807
745
  }
808
746
  var s = typeof input === "string" ? input : Buffer.from(input).toString("utf8");
809
- if (s.length > opts.maxBytes) {
747
+ var nb = Buffer.byteLength(s, "utf8");
748
+ if (nb > opts.maxBytes) {
810
749
  throw _err("svg.too-large",
811
- "input " + s.length + " bytes exceeds maxBytes " + opts.maxBytes);
750
+ "input " + nb + " bytes exceeds maxBytes " + opts.maxBytes);
812
751
  }
813
752
  codepointClass.assertNoCharThreats(s, opts, _err, "svg");
814
753
 
@@ -873,7 +812,7 @@ function _sanitize(input, opts) {
873
812
  var a = attrs[ai];
874
813
  var an = a.name.toLowerCase();
875
814
  if (EVENT_HANDLER_RE.test(an)) continue; // allow:regex-no-length-cap — `an` is a tokenized attribute name, bounded
876
- if (a.value && a.value.length > opts.maxAttrValueBytes) continue;
815
+ if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) continue;
877
816
  if (URL_ATTRS.indexOf(an) !== -1) {
878
817
  var scheme = _extractScheme(a.value);
879
818
  var fragment = _isFragmentRef(a.value);
@@ -893,9 +832,7 @@ function _sanitize(input, opts) {
893
832
  !fragment && !opts.allowExternalRefs) continue;
894
833
  }
895
834
  if (an === "style" && _isCssDangerous(a.value)) continue;
896
- attrParts.push(an + "=\"" + a.value
897
- .replace(/&/g, "&amp;").replace(/</g, "&lt;")
898
- .replace(/>/g, "&gt;").replace(/"/g, "&quot;") + "\"");
835
+ attrParts.push(an + "=\"" + markupEscape(a.value) + "\"");
899
836
  }
900
837
  var open = "<" + tok.name + (attrParts.length ? " " + attrParts.join(" ") : "") +
901
838
  (tok.selfClosing ? "/>" : ">");
@@ -951,16 +888,12 @@ function _sanitize(input, opts) {
951
888
  * clean.ok; // → true
952
889
  * clean.issues.length; // → 0
953
890
  */
954
- function validate(input, opts) {
955
- opts = _resolveOpts(opts);
956
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
957
- ["maxBytes", "maxElementCount", "maxUseDepth"],
958
- "guardSvg.validate", GuardSvgError, "svg.bad-opt");
959
-
960
- var bad = gateContract.badInputResultIfNotStringOrBuffer(input);
961
- if (bad) return bad;
962
- return gateContract.aggregateIssues(_detectIssues(input, opts));
963
- }
891
+ // validate is assembled by gateContract.defineGuard from `detect`
892
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
893
+ // input, resolveOpts(opts)))`, with the maxBytes/maxElementCount/maxUseDepth
894
+ // caps declared via `intOpts`. Non-string/non-Buffer input returns a single
895
+ // `svg.bad-input` issue from _detectIssues (never throws). The @primitive
896
+ // block above documents the resulting public ABI.
964
897
 
965
898
  /**
966
899
  * @primitive b.guardSvg.sanitize
@@ -1003,7 +936,7 @@ function validate(input, opts) {
1003
936
  * /onload/.test(clean); // → false
1004
937
  */
1005
938
  function sanitize(input, opts) {
1006
- opts = _resolveOpts(opts);
939
+ opts = _guard.resolveOpts(opts);
1007
940
  if (typeof input !== "string" && !Buffer.isBuffer(input)) {
1008
941
  throw _err("svg.bad-input", "sanitize requires string or Buffer input");
1009
942
  }
@@ -1055,42 +988,57 @@ function sanitize(input, opts) {
1055
988
  * });
1056
989
  * refuse.action; // → "refuse"
1057
990
  */
1058
- function gate(opts) {
1059
- opts = _resolveOpts(opts);
1060
- return gateContract.buildGuardGate(
1061
- opts.name || "guardSvg:" + (opts.profile || "default"),
1062
- opts,
1063
- async function (ctx) {
1064
- var bytes = ctx.bytes;
1065
- if (!bytes) return { ok: true, action: "serve" };
1066
- var rv = validate(bytes, opts);
1067
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
1068
- var hasCritical = rv.issues.some(function (i) {
1069
- return i.severity === "critical" || i.severity === "high";
1070
- });
1071
- if (!hasCritical) return { ok: true, action: "audit-only", issues: rv.issues };
1072
-
1073
- // SVGZ never sanitizable — refuse.
1074
- if (rv.issues.some(function (i) { return i.kind === "svgz-compressed"; })) {
1075
- return { ok: false, action: "refuse", issues: rv.issues };
1076
- }
991
+ // Disposition of each svg finding = what the operator's policy for that class
992
+ // selected. CSS injection / DOCTYPE / CDATA / processing-instruction and the
993
+ // bidi / null / control char threats follow their policies (sanitize under
994
+ // `strip`, refuse under `reject`, audit under `audit`). The always-dangerous
995
+ // classes (dangerous / animation tag, event handler, animation target,
996
+ // dangerous URL scheme, external ref, entity declaration) refuse; a gzipped
997
+ // SVGZ payload refuses (it must never reach the text sanitizer); a
998
+ // non-allowlisted but benign tag / scheme sanitizes; structural caps and a
999
+ // tokenizer failure refuse. Exhaustive over every kind _detectIssues emits.
1000
+ function _gateDispositionFor(issue, opts) {
1001
+ var shared = gateContract.charThreatDisposition(issue, opts);
1002
+ if (shared) return shared;
1003
+ switch (issue.kind) {
1004
+ case "css-injection": return gateContract.policyDisposition(opts.cssPolicy);
1005
+ case "doctype": return gateContract.policyDisposition(opts.doctypePolicy);
1006
+ case "cdata": return gateContract.policyDisposition(opts.cdataPolicy);
1007
+ case "processing-instruction": return gateContract.policyDisposition(opts.processingInstrPolicy);
1008
+ case "non-allowlisted-tag":
1009
+ case "non-allowlisted-url-scheme": return "sanitize";
1010
+ case "svgz-compressed":
1011
+ case "entity-declaration":
1012
+ case "dangerous-tag":
1013
+ case "event-handler":
1014
+ case "animation-target":
1015
+ case "dangerous-url-scheme":
1016
+ case "external-ref": return "refuse";
1017
+ case "tokenize-failed":
1018
+ case "element-count-cap":
1019
+ case "attr-count-cap":
1020
+ case "use-depth-cap":
1021
+ case "attr-value-too-large":
1022
+ case "bad-input": return "refuse";
1023
+ default: return null;
1024
+ }
1025
+ }
1077
1026
 
1078
- if (opts.bidiPolicy !== "reject" &&
1079
- opts.controlPolicy !== "reject" &&
1080
- opts.nullBytePolicy !== "reject" &&
1081
- opts.cssPolicy !== "reject" &&
1082
- opts.doctypePolicy !== "reject") {
1083
- try {
1084
- var clean = sanitize(bytes, opts);
1085
- return {
1086
- ok: true, action: "sanitize",
1087
- sanitized: Buffer.from(clean, "utf8"),
1088
- issues: rv.issues,
1089
- };
1090
- } catch (_e) { /* fall through */ }
1091
- }
1092
- return { ok: false, action: "refuse", issues: rv.issues };
1093
- });
1027
+ function gate(opts) {
1028
+ opts = _guard.resolveOpts(opts);
1029
+ return gateContract.buildContentGate({
1030
+ name: opts.name || "guardSvg:" + (opts.profile || "default"),
1031
+ opts: opts,
1032
+ validate: module.exports.validate,
1033
+ dispositionFor: _gateDispositionFor,
1034
+ // SVG reads the RAW bytes (SVGZ gzip detection needs the byte signature).
1035
+ // A gzipped SVGZ must not be fed to the text sanitizer → it is refuse-
1036
+ // disposition, and sanitizeBlockingKinds is a second backstop that skips
1037
+ // the sanitize attempt for it.
1038
+ ctxField: "bytes",
1039
+ sanitizeBlockingKinds: ["svgz-compressed"],
1040
+ produceSanitized: function (bytes, o) { return sanitize(bytes, o); },
1041
+ });
1094
1042
  }
1095
1043
 
1096
1044
  // buildProfile / compliancePosture / loadRulePack are assembled by
@@ -1114,10 +1062,15 @@ var INTEGRATION_FIXTURES = Object.freeze({
1114
1062
  // Assembled from the gate-contract guard factory: error class, registry
1115
1063
  // exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
1116
1064
  // buildProfile / compliancePosture / loadRulePack wiring, plus the
1117
- // per-guard inspection surface (validate / sanitize / gate) and the SVG
1118
- // tag / scheme tables passed through verbatim. The bespoke `gate` carries
1119
- // SVG's sanitize-reserialize chain and SVGZ refuse unchanged.
1120
- module.exports = gateContract.defineGuard({
1065
+ // per-guard inspection surface and the SVG tag / scheme tables passed
1066
+ // through verbatim. `validate` is generated from `detect` (_detectIssues)
1067
+ // with the int caps declared via `intOpts`. The bespoke `sanitize` and
1068
+ // `gate` carry SVG's tag/attr strip-reserialize chain — which drops
1069
+ // dangerous tags rather than throwing on them — and the SVGZ refuse
1070
+ // unchanged; neither reduces to the dynamic
1071
+ // detect→throwOnRefusalSeverity→transform path (same-severity findings
1072
+ // split throw-vs-strip), so both stay bespoke.
1073
+ var _guard = module.exports = gateContract.defineGuard({
1121
1074
  name: "svg",
1122
1075
  kind: "content",
1123
1076
  errorClass: GuardSvgError,
@@ -1127,10 +1080,12 @@ module.exports = gateContract.defineGuard({
1127
1080
  mimeTypes: ["image/svg+xml"],
1128
1081
  extensions: [".svg", ".svgz"],
1129
1082
  integrationFixtures: INTEGRATION_FIXTURES,
1130
- validate: validate,
1083
+ detect: _detectIssues,
1084
+ intOpts: ["maxBytes", "maxElementCount", "maxUseDepth"],
1131
1085
  sanitize: sanitize,
1132
1086
  gate: gate,
1133
1087
  extra: {
1088
+ _gateDispositionForTest: _gateDispositionFor,
1134
1089
  DANGEROUS_TAGS: DANGEROUS_TAGS,
1135
1090
  ANIMATION_TAGS: ANIMATION_TAGS,
1136
1091
  ANIMATION_SAFE_TARGETS: ANIMATION_SAFE_TARGETS,
@@ -50,11 +50,9 @@
50
50
  * Server-Side Template Injection (SSTI) content-safety guard — refuses user-supplied strings that contain template-engine syntax BEFORE they're rendered.
51
51
  */
52
52
 
53
- var codepointClass = require("./codepoint-class");
54
53
  var lazyRequire = require("./lazy-require");
55
54
  var gateContract = require("./gate-contract");
56
55
  var C = require("./constants");
57
- var numericBounds = require("./numeric-bounds");
58
56
  var { GuardTemplateError } = require("./framework-error");
59
57
 
60
58
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -74,10 +72,7 @@ var VELOCITY_DIR_RE = /#(?:set|if|else|elseif|end|foreach|parse|include|stop)\b/
74
72
 
75
73
  var PROFILES = Object.freeze({
76
74
  "strict": {
77
- bidiPolicy: "reject",
78
- controlPolicy: "reject",
79
- nullBytePolicy: "reject",
80
- zeroWidthPolicy: "reject",
75
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
81
76
  jinjaPolicy: "reject",
82
77
  erbPolicy: "reject",
83
78
  pugPolicy: "reject",
@@ -87,10 +82,7 @@ var PROFILES = Object.freeze({
87
82
  maxRuntimeMs: C.TIME.seconds(2),
88
83
  },
89
84
  "balanced": {
90
- bidiPolicy: "reject",
91
- controlPolicy: "reject",
92
- nullBytePolicy: "reject",
93
- zeroWidthPolicy: "reject",
85
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
94
86
  jinjaPolicy: "reject", // SSTI class — refused at every profile
95
87
  erbPolicy: "reject",
96
88
  pugPolicy: "reject",
@@ -100,10 +92,7 @@ var PROFILES = Object.freeze({
100
92
  maxRuntimeMs: C.TIME.seconds(2),
101
93
  },
102
94
  "permissive": {
103
- bidiPolicy: "reject", // BIDI refused at every profile
104
- controlPolicy: "reject", // controls refused at every profile
105
- nullBytePolicy: "reject", // null refused at every profile
106
- zeroWidthPolicy: "reject", // zero-width refused at every profile
95
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
107
96
  jinjaPolicy: "reject", // SSTI class refused at every profile
108
97
  erbPolicy: "reject", // SSTI class refused at every profile
109
98
  pugPolicy: "reject", // SSTI class refused at every profile
@@ -114,51 +103,14 @@ var PROFILES = Object.freeze({
114
103
  },
115
104
  });
116
105
 
117
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
118
- mode: "enforce",
119
- }));
106
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
120
107
 
121
- var COMPLIANCE_POSTURES = Object.freeze({
122
- "hipaa": Object.assign({}, PROFILES["strict"], {
123
- forensicSnippetBytes: C.BYTES.bytes(512),
124
- }),
125
- "pci-dss": Object.assign({}, PROFILES["strict"], {
126
- forensicSnippetBytes: C.BYTES.bytes(512),
127
- }),
128
- "gdpr": Object.assign({}, PROFILES["balanced"], {
129
- forensicSnippetBytes: C.BYTES.bytes(256),
130
- }),
131
- "soc2": Object.assign({}, PROFILES["strict"], {
132
- forensicSnippetBytes: C.BYTES.bytes(1024),
133
- }),
134
- });
135
-
136
- function _resolveOpts(opts) {
137
- return gateContract.resolveProfileAndPosture(opts, {
138
- profiles: PROFILES,
139
- compliancePostures: COMPLIANCE_POSTURES,
140
- defaults: DEFAULTS,
141
- errorClass: GuardTemplateError,
142
- errCodePrefix: "template",
143
- });
144
- }
108
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 512 });
145
109
 
146
110
  function _detectIssues(input, opts) {
147
- var issues = [];
148
- if (typeof input !== "string") {
149
- return [{ kind: "bad-input", severity: "high",
150
- ruleId: "template.bad-input",
151
- snippet: "template input is not a string" }];
152
- }
153
- if (input.length === 0) return [];
154
- if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
155
- return [{ kind: "input-cap", severity: "high",
156
- ruleId: "template.input-cap",
157
- snippet: "template input exceeds maxBytes " + opts.maxBytes }];
158
- }
159
-
160
- var charThreats = codepointClass.detectCharThreats(input, opts, "template");
161
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
111
+ var pre = gateContract.detectStringInput(input, opts, { name: "template", noun: "template input", emptyMode: "ok", cap: { bytes: opts.maxBytes, kind: "input-cap", snippet: "template input exceeds maxBytes " + opts.maxBytes } });
112
+ if (pre.done) return pre.issues;
113
+ var issues = pre.issues;
162
114
 
163
115
  if (opts.jinjaPolicy !== "allow") {
164
116
  if (JINJA_EXPR_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxBytes
@@ -258,13 +210,10 @@ function _detectIssues(input, opts) {
258
210
  * hostile.ok; // → false
259
211
  * hostile.issues.some(function (i) { return i.kind === "jinja-expression"; }); // → true
260
212
  */
261
- function validate(input, opts) {
262
- opts = _resolveOpts(opts);
263
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
264
- ["maxBytes"],
265
- "guardTemplate.validate", GuardTemplateError, "template.bad-opt");
266
- return gateContract.aggregateIssues(_detectIssues(input, opts));
267
- }
213
+ // validate is assembled by gateContract.defineGuard from `detect`
214
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
215
+ // input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
216
+ // The @primitive block above documents the resulting public ABI.
268
217
 
269
218
  /**
270
219
  * @primitive b.guardTemplate.sanitize
@@ -305,13 +254,12 @@ function validate(input, opts) {
305
254
  * e.code; // → "template.jinja-expression"
306
255
  * }
307
256
  */
308
- function sanitize(input, opts) {
309
- opts = _resolveOpts(opts);
310
- if (typeof input !== "string") {
311
- throw _err("template.bad-input", "sanitize requires string input");
312
- }
313
- var issues = _detectIssues(input, opts);
314
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardTemplateError, codePrefix: "template" });
257
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
258
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
259
+ // already-validated string at this point (a non-string refuses upstream).
260
+ // Template input cannot be repaired safely, so the transform is pass-through:
261
+ // clean input is returned verbatim once no high/critical issue fired.
262
+ function _sanitizeTransform(input) {
315
263
  return input;
316
264
  }
317
265
 
@@ -323,14 +271,8 @@ function sanitize(input, opts) {
323
271
  // @abiTemplate (defineGuard) blocks in gate-contract.js, instantiated per
324
272
  // guard by the page generator.
325
273
 
326
- var INTEGRATION_FIXTURES = Object.freeze({
327
- kind: "identifier",
328
- benignBytes: Buffer.from("Hello world", "utf8"),
329
- hostileBytes: Buffer.from("Hello {{7*7}}", "utf8"),
330
- benignIdentifier: "Hello world",
331
- // Hostile: Jinja-shape SSTI probe.
332
- hostileIdentifier: "Hello {{7*7}}",
333
- });
274
+ // Hostile: Jinja-shape SSTI probe.
275
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("Hello world", "Hello {{7*7}}");
334
276
 
335
277
  // Assembled from the gate-contract guard factory: error class, registry
336
278
  // exports (NAME / KIND / INTEGRATION_FIXTURES), the default gate, buildProfile
@@ -347,7 +289,8 @@ module.exports = gateContract.defineGuard({
347
289
  defaults: DEFAULTS,
348
290
  postures: COMPLIANCE_POSTURES,
349
291
  integrationFixtures: INTEGRATION_FIXTURES,
350
- validate: validate,
351
- sanitize: sanitize,
292
+ detect: _detectIssues,
293
+ sanitizeTransform: _sanitizeTransform,
294
+ intOpts: ["maxBytes"],
352
295
  ctxFields: ["identifier", "text"],
353
296
  });
@@ -24,6 +24,7 @@
24
24
 
25
25
  var { defineClass } = require("./framework-error");
26
26
  var gateContract = require("./gate-contract");
27
+ var codepointClass = require("./codepoint-class");
27
28
 
28
29
  var GuardTenantIdError = defineClass("GuardTenantIdError", { alwaysPermanent: true });
29
30
 
@@ -93,7 +94,7 @@ function validate(tenantId, opts) {
93
94
  throw new GuardTenantIdError("tenant-id/non-ascii",
94
95
  "guardTenantId.validate: non-ASCII codepoint at offset " + i);
95
96
  }
96
- if (c < 0x20 || c === 0x7F || c === 0x2F || c === 0x5C) { // C0/DEL/slash/backslash
97
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true }) || c === 0x2F || c === 0x5C) { // C0/DEL/slash/backslash
97
98
  throw new GuardTenantIdError("tenant-id/bad-char",
98
99
  "guardTenantId.validate: forbidden char 0x" + c.toString(16) + " at offset " + i);
99
100
  }