@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -0,0 +1,54 @@
1
+ "use strict";
2
+
3
+ // markup-tokenizer — neutral lexing helpers shared by the markup sanitizers
4
+ // (b.guardHtml, b.guardSvg) and the BIMI SVG Tiny PS validator (b.mail.bimi).
5
+ // Each of those keeps its OWN tokenizer loop because their security postures
6
+ // genuinely diverge — guard-html/guard-svg recover leniently from a truncated
7
+ // tag (emit what was scanned, keep going), while the BIMI validator fails
8
+ // closed (throws on any malformation), and each recognizes a different set of
9
+ // declaration forms (`<?`, `<!ENTITY>`, balanced `<!DOCTYPE [...]>`). What they
10
+ // share verbatim is the one quote-aware step below; centralizing it keeps the
11
+ // attribute-quote handling — the part a bypass hides in — identical everywhere.
12
+
13
+ // scanToTagEnd(s, from, len) — advance from `from` (the index just past the
14
+ // opening "<") to the tag's closing ">", treating a ">" that appears inside a
15
+ // single- or double-quoted attribute value as a literal, not a terminator
16
+ // (e.g. `<a title="a>b">` ends at the SECOND ">"). Returns the index of the
17
+ // terminating ">", or `len` if the tag is unterminated (the caller decides
18
+ // whether that is lenient end-of-input or a hard error).
19
+ function scanToTagEnd(s, from, len) {
20
+ var p = from;
21
+ var inQuote = "";
22
+ while (p < len) {
23
+ var ch = s.charAt(p);
24
+ if (inQuote) {
25
+ if (ch === inQuote) inQuote = "";
26
+ } else {
27
+ if (ch === '"' || ch === "'") inQuote = ch;
28
+ else if (ch === ">") break;
29
+ }
30
+ p += 1;
31
+ }
32
+ return p;
33
+ }
34
+
35
+ // splitTagNameAttrs(inner, tagNameRe) — given a start tag's inner text (the
36
+ // bytes between "<" and ">", with any trailing self-closing "/" already
37
+ // stripped by the caller), split it into the lower-cased `tagName` and the raw
38
+ // `attrSrc` remainder. `tagNameRe` is the caller's tag-name grammar (it must
39
+ // capture the name in group 1) — HTML allows `[A-Za-z][A-Za-z0-9:-]*`, while
40
+ // the XML-family grammars (SVG, BIMI SVG Tiny PS) also allow `_`. A tag whose
41
+ // start does not match the grammar yields an empty name + empty attrSrc (the
42
+ // caller treats it as a bogus tag).
43
+ function splitTagNameAttrs(inner, tagNameRe) {
44
+ var nameMatch = inner.match(tagNameRe);
45
+ return {
46
+ tagName: nameMatch ? nameMatch[1].toLowerCase() : "",
47
+ attrSrc: nameMatch ? inner.slice(nameMatch[0].length) : "",
48
+ };
49
+ }
50
+
51
+ module.exports = {
52
+ scanToTagEnd: scanToTagEnd,
53
+ splitTagNameAttrs: splitTagNameAttrs,
54
+ };
@@ -65,8 +65,8 @@ var validateOpts = require("./validate-opts");
65
65
  var { McpError } = require("./framework-error");
66
66
 
67
67
  var bCrypto = lazyRequire(function () { return require("./crypto"); });
68
- var audit = lazyRequire(function () { return require("./audit"); });
69
- var C = require("./constants");
68
+ var auditEmit = require("./audit-emit");
69
+ var C = require("./constants");
70
70
 
71
71
  // Shared name-shape regex across mcp.js / mcp-tool-registry.js / a2a-tasks.js
72
72
  // — every agent-protocol identifier follows the same RFC-3986-unreserved
@@ -80,15 +80,7 @@ var ALLOWED_ALGS = Object.freeze([
80
80
  "slh-dsa-shake-256f",
81
81
  ]);
82
82
 
83
- function _emitAudit(action, metadata, outcome) {
84
- try {
85
- audit().safeEmit({
86
- action: action,
87
- outcome: outcome || "success",
88
- metadata: metadata,
89
- });
90
- } catch (_e) { /* best-effort */ }
91
- }
83
+ var _emitAudit = auditEmit.emit;
92
84
 
93
85
  function _validateAlg(alg, label) {
94
86
  if (alg === undefined || alg === null) return "ml-dsa-87";
@@ -175,20 +167,31 @@ function create(opts) {
175
167
  throw new McpError("mcp/bad-registry-opts",
176
168
  "toolRegistry.create: opts required (tools + signingKey)", true);
177
169
  }
178
- if (!Array.isArray(opts.tools)) {
179
- throw new McpError("mcp/bad-registry-opts",
180
- "toolRegistry.create: opts.tools must be an array", true);
181
- }
182
- validateOpts.requireNonEmptyString(
183
- opts.signingKey, "toolRegistry.create.signingKey", McpError, "mcp/bad-signing-key");
184
- validateOpts.optionalNonEmptyString(
185
- opts.verifyingKey, "toolRegistry.create.verifyingKey", McpError, "mcp/bad-verifying-key");
170
+ validateOpts.shape(opts, {
171
+ tools: function (value) {
172
+ if (!Array.isArray(value)) {
173
+ throw new McpError("mcp/bad-registry-opts",
174
+ "toolRegistry.create: opts.tools must be an array", true);
175
+ }
176
+ },
177
+ signingKey: { rule: "required-string", code: "mcp/bad-signing-key", label: "toolRegistry.create.signingKey" },
178
+ verifyingKey: { rule: "optional-string", code: "mcp/bad-verifying-key", label: "toolRegistry.create.verifyingKey" },
179
+ alg: function (value) {
180
+ // undefined → default applied below; any present value is registry-checked.
181
+ _validateAlg(value, "toolRegistry.create.alg");
182
+ },
183
+ ttlMs: function (value) {
184
+ // undefined → registry default applied below; any present value must be a
185
+ // finite millisecond count at or above the 1-second floor.
186
+ if (value === undefined) return;
187
+ if (typeof value !== "number" || !isFinite(value) || value < 1000) { // minimum-ttl threshold (1 second), not bytes
188
+ throw new McpError("mcp/bad-ttl",
189
+ "toolRegistry.create.ttlMs must be >= 1000 ms", true);
190
+ }
191
+ },
192
+ }, "toolRegistry.create", McpError, "mcp/bad-registry-opts");
186
193
  var alg = _validateAlg(opts.alg, "toolRegistry.create.alg");
187
194
  var defaultTtlMs = opts.ttlMs !== undefined ? opts.ttlMs : C.TIME.minutes(5);
188
- if (typeof defaultTtlMs !== "number" || !isFinite(defaultTtlMs) || defaultTtlMs < 1000) { // minimum-ttl threshold (1 second), not bytes
189
- throw new McpError("mcp/bad-ttl",
190
- "toolRegistry.create.ttlMs must be >= 1000 ms", true);
191
- }
192
195
 
193
196
  var signingKey = opts.signingKey;
194
197
  var verifyingKey = opts.verifyingKey || null;
@@ -152,7 +152,7 @@ function refuse(res, code, message, id) {
152
152
  function _readBearer(req) {
153
153
  var h = req.headers && req.headers.authorization;
154
154
  if (typeof h !== "string") return null;
155
- if (h.length > C.BYTES.kib(8)) return null;
155
+ if (safeBuffer.byteLengthOf(h) > C.BYTES.kib(8)) return null;
156
156
  var m = /^Bearer\s+([A-Za-z0-9._~+/=-]+)$/.exec(h.trim());
157
157
  return m ? m[1] : null;
158
158
  }
@@ -53,6 +53,7 @@ var C = require("./constants");
53
53
  var cbor = require("./cbor");
54
54
  var cose = require("./cose");
55
55
  var bCrypto = require("./crypto");
56
+ var safeBuffer = require("./safe-buffer");
56
57
  var validateOpts = require("./validate-opts");
57
58
  var { defineClass } = require("./framework-error");
58
59
 
@@ -65,11 +66,14 @@ var TAG_ENCODED_CBOR = 24; // RFC 8949 §3.4.5.1 emb
65
66
  var ALLOWED_TAGS = [0, 1, TAG_ENCODED_CBOR, 1004];
66
67
  var DIGEST_ALGS = { "SHA-256": "sha256", "SHA-384": "sha384", "SHA-512": "sha512" };
67
68
 
68
- function _bytes(x, what) {
69
- if (Buffer.isBuffer(x)) return x;
70
- if (x instanceof Uint8Array) return Buffer.from(x);
71
- throw new MdocError("mdoc/bad-input", "mdoc: " + what + " must be a Buffer / Uint8Array of CBOR");
72
- }
69
+ // mdoc inputs are CBOR byte strings, never text (allowString:false).
70
+ var _bytes = safeBuffer.makeByteCoercer({
71
+ errorClass: MdocError,
72
+ typeCode: "mdoc/bad-input",
73
+ messagePrefix: "mdoc: ",
74
+ messageSuffix: " must be a Buffer / Uint8Array of CBOR",
75
+ allowString: false,
76
+ });
73
77
 
74
78
  // validityInfo dates are tdate (Tag 0, an RFC 3339 string) or epoch
75
79
  // (Tag 1). Returns epoch-ms; fails closed on a malformed value.
@@ -128,13 +132,8 @@ async function verifyIssuerSigned(issuerSigned, opts) {
128
132
  if (!Array.isArray(opts.algorithms) || opts.algorithms.length === 0) {
129
133
  throw new MdocError("mdoc/algorithms-required", "mdoc.verifyIssuerSigned: opts.algorithms is required");
130
134
  }
131
- var at = new Date();
132
- if (opts.at !== undefined && opts.at !== null) {
133
- if (!(opts.at instanceof Date) || !isFinite(opts.at.getTime())) {
134
- throw new MdocError("mdoc/bad-at", "mdoc.verifyIssuerSigned: opts.at must be a valid Date");
135
- }
136
- at = opts.at;
137
- }
135
+ validateOpts.optionalDate(opts.at, "mdoc.verifyIssuerSigned: opts.at", MdocError, "mdoc/bad-at");
136
+ var at = (opts.at !== undefined && opts.at !== null) ? opts.at : new Date();
138
137
  var decodeOpts = { allowedTags: ALLOWED_TAGS, maxBytes: opts.maxBytes, maxDepth: opts.maxDepth };
139
138
 
140
139
  var top = cbor.decode(_bytes(issuerSigned, "issuerSigned"), decodeOpts);
@@ -48,6 +48,7 @@ var numericBounds = require("./numeric-bounds");
48
48
  var requestHelpers = require("./request-helpers");
49
49
  var { resolveRoute, captureResponseStatus, HTTP_STATUS } = requestHelpers;
50
50
  var validateOpts = require("./validate-opts");
51
+ var boundedMap = require("./bounded-map");
51
52
 
52
53
  var MetricsError = defineClass("MetricsError", { alwaysPermanent: true });
53
54
  var log = boot("metrics");
@@ -353,10 +354,10 @@ function create(opts) {
353
354
  }
354
355
 
355
356
  function _registerMetric(metric) {
356
- if (metrics.has(metric.name)) {
357
+ boundedMap.requireAbsent(metrics, metric.name, function () {
357
358
  throw new MetricsError("metrics/duplicate",
358
359
  "metric '" + metric.name + "' already registered");
359
- }
360
+ });
360
361
  metrics.set(metric.name, metric);
361
362
  return metric;
362
363
  }
@@ -388,19 +389,20 @@ function create(opts) {
388
389
  }
389
390
  var resolved = _resolveLabels(defaultLabels, labelNames, arg.labels);
390
391
  var key = _labelsKey(resolved);
391
- var entry = values.get(key);
392
- if (!entry) {
393
- if (values.size >= cardinalityCap) {
392
+ var entry = boundedMap.getOrInsert(values, key, function () {
393
+ return { labels: resolved, value: 0 };
394
+ }, {
395
+ maxSize: cardinalityCap,
396
+ onFull: function () {
394
397
  if (!capWarned) {
395
398
  log("metric '" + fullName + "' hit labelCardinalityCap (" + cardinalityCap +
396
399
  ") — dropping new label combinations. Reduce label cardinality or raise the cap.");
397
400
  capWarned = true;
398
401
  }
399
- return;
400
- }
401
- entry = { labels: resolved, value: 0 };
402
- values.set(key, entry);
403
- }
402
+ return null;
403
+ },
404
+ });
405
+ if (!entry) return;
404
406
  entry.value += arg.value;
405
407
  },
406
408
  reset: function () { values.clear(); capWarned = false; },
@@ -428,19 +430,18 @@ function create(opts) {
428
430
  function _ensure(callLabels) {
429
431
  var resolved = _resolveLabels(defaultLabels, labelNames, callLabels);
430
432
  var key = _labelsKey(resolved);
431
- var entry = values.get(key);
432
- if (!entry) {
433
- if (values.size >= cardinalityCap) {
433
+ return boundedMap.getOrInsert(values, key, function () {
434
+ return { labels: resolved, value: 0 };
435
+ }, {
436
+ maxSize: cardinalityCap,
437
+ onFull: function () {
434
438
  if (!capWarned) {
435
439
  log("metric '" + fullName + "' hit labelCardinalityCap (" + cardinalityCap + ")");
436
440
  capWarned = true;
437
441
  }
438
442
  return null;
439
- }
440
- entry = { labels: resolved, value: 0 };
441
- values.set(key, entry);
442
- }
443
- return entry;
443
+ },
444
+ });
444
445
  }
445
446
 
446
447
  var instance = {
@@ -524,25 +525,26 @@ function create(opts) {
524
525
  }
525
526
  var resolved = _resolveLabels(defaultLabels, labelNames, arg.labels);
526
527
  var key = _labelsKey(resolved);
527
- var entry = values.get(key);
528
- if (!entry) {
529
- if (values.size >= cardinalityCap) {
530
- if (!capWarned) {
531
- log("metric '" + fullName + "' hit labelCardinalityCap (" + cardinalityCap + ")");
532
- capWarned = true;
533
- }
534
- return;
535
- }
528
+ var entry = boundedMap.getOrInsert(values, key, function () {
536
529
  // counts[i] is the count for the [<=buckets[i]] bucket; counts[buckets.length] is +Inf.
537
- entry = {
530
+ return {
538
531
  labels: resolved,
539
532
  counts: new Array(buckets.length + 1).fill(0),
540
533
  sum: 0,
541
534
  count: 0,
542
535
  exemplars: new Array(buckets.length + 1).fill(null),
543
536
  };
544
- values.set(key, entry);
545
- }
537
+ }, {
538
+ maxSize: cardinalityCap,
539
+ onFull: function () {
540
+ if (!capWarned) {
541
+ log("metric '" + fullName + "' hit labelCardinalityCap (" + cardinalityCap + ")");
542
+ capWarned = true;
543
+ }
544
+ return null;
545
+ },
546
+ });
547
+ if (!entry) return;
546
548
  for (var i = 0; i < buckets.length; i++) {
547
549
  if (arg.value <= buckets[i]) {
548
550
  entry.counts[i]++;
@@ -38,6 +38,7 @@
38
38
  var defineClass = require("../framework-error").defineClass;
39
39
  var lazyRequire = require("../lazy-require");
40
40
  var validateOpts = require("../validate-opts");
41
+ var requestHelpers = require("../request-helpers");
41
42
  var denyResponse = require("./deny-response").denyResponse;
42
43
 
43
44
  var audit = lazyRequire(function () { return require("../audit"); });
@@ -106,7 +107,6 @@ function create(opts) {
106
107
  ? opts.consentRequired : null;
107
108
  var hasParentalConsent = typeof opts.hasParentalConsent === "function" ? opts.hasParentalConsent : null;
108
109
  var skipPaths = Array.isArray(opts.skipPaths) ? opts.skipPaths.slice() : [];
109
- var auditOn = opts.audit !== false;
110
110
  var errorMessage = typeof opts.errorMessage === "string" && opts.errorMessage.length > 0
111
111
  ? opts.errorMessage : "service unavailable without parental consent";
112
112
  var onDeny = typeof opts.onDeny === "function" ? opts.onDeny : null;
@@ -123,29 +123,9 @@ function create(opts) {
123
123
  privacyPostureHeader = "X-Privacy-Posture";
124
124
  }
125
125
 
126
- function _shouldSkip(req) {
127
- if (skipPaths.length === 0) return false;
128
- var p = req.url || "";
129
- var qpos = p.indexOf("?");
130
- if (qpos !== -1) p = p.slice(0, qpos);
131
- for (var i = 0; i < skipPaths.length; i++) {
132
- var s = skipPaths[i];
133
- if (typeof s === "string" && (p === s || p.indexOf(s + "/") === 0)) return true;
134
- if (s instanceof RegExp && s.test(p)) return true;
135
- }
136
- return false;
137
- }
126
+ var _shouldSkip = requestHelpers.makeSkipMatcher({ skipPaths: skipPaths }, "middleware.ageGate");
138
127
 
139
- function _emitAudit(action, outcome, metadata) {
140
- if (!auditOn) return;
141
- try {
142
- audit().safeEmit({
143
- action: "middleware.age_gate." + action,
144
- outcome: outcome,
145
- metadata: metadata || {},
146
- });
147
- } catch (_e) { /* drop-silent */ }
148
- }
128
+ var _emitAudit = audit().namespaced("middleware.age_gate", opts.audit);
149
129
 
150
130
  return function ageGateMiddleware(req, res, next) {
151
131
  if (_shouldSkip(req)) return next();
@@ -98,8 +98,9 @@
98
98
 
99
99
  var bCrypto = require("../crypto");
100
100
  var C = require("../constants");
101
+ var numericBounds = require("../numeric-bounds");
101
102
  var lazyRequire = require("../lazy-require");
102
- var nonceStoreLib = require("../nonce-store");
103
+ var nonceStore = require("../nonce-store");
103
104
  var requestHelpers = require("../request-helpers");
104
105
  var safeJson = require("../safe-json");
105
106
  var validateOpts = require("../validate-opts");
@@ -313,7 +314,7 @@ function create(opts) {
313
314
  "apiEncrypt: pruneIntervalMs", ApiEncryptError, "BAD_OPT");
314
315
  var pruneIntervalMs = opts.pruneIntervalMs != null
315
316
  ? opts.pruneIntervalMs : Math.max(C.TIME.seconds(30), Math.floor(replayWindowMs / 2));
316
- var nonceStore = opts.nonceStore || nonceStoreLib.create({ backend: "memory" });
317
+ var store = opts.nonceStore || nonceStore.create({ backend: "memory" });
317
318
  var exemptPaths = Array.isArray(opts.exemptPaths) ? opts.exemptPaths.slice() : [];
318
319
  // contentTypes scoping — middleware only operates on requests whose
319
320
  // Content-Type is in this list. Default JSON; operators with more
@@ -344,12 +345,9 @@ function create(opts) {
344
345
  "apiEncrypt: sessionTtlMs must be a positive finite number (ms), got " +
345
346
  JSON.stringify(opts.sessionTtlMs), 500);
346
347
  }
347
- if (typeof sessionMaxResponses !== "number" || !isFinite(sessionMaxResponses) ||
348
- sessionMaxResponses <= 0 || Math.floor(sessionMaxResponses) !== sessionMaxResponses) {
349
- throw _err("BAD_OPT",
350
- "apiEncrypt: sessionMaxResponses must be a positive finite integer, got " +
351
- JSON.stringify(opts.sessionMaxResponses), 500);
352
- }
348
+ numericBounds.requirePositiveFiniteInt(sessionMaxResponses,
349
+ "apiEncrypt: sessionMaxResponses", ApiEncryptError, "BAD_OPT", null,
350
+ { permanent: true, statusCode: 500 });
353
351
  // sessionStore — duck-typed handle exposing { get, set, delete }. The
354
352
  // helper optionalObjectWithMethod only checks one method; here we need
355
353
  // three. Inline shape kept; not a generic enough pattern to warrant a
@@ -393,16 +391,7 @@ function create(opts) {
393
391
  } catch (_e) { /* audit best-effort */ }
394
392
  }
395
393
 
396
- function _isExempt(req) {
397
- var p = req.pathname || (req.url || "/").split("?")[0];
398
- for (var i = 0; i < exemptPaths.length; i++) {
399
- var rule = exemptPaths[i];
400
- if (typeof rule === "string" ? p === rule || p.indexOf(rule + "/") === 0 : rule.test(p)) {
401
- return true;
402
- }
403
- }
404
- return false;
405
- }
394
+ var _isExempt = requestHelpers.makeSkipMatcher({ skipPaths: exemptPaths }, "middleware.apiEncrypt");
406
395
 
407
396
  function _matchesContentType(req) {
408
397
  if (!contentTypes) return true; // filtering disabled
@@ -443,7 +432,7 @@ function create(opts) {
443
432
  var now = Date.now();
444
433
  if (now - lastPruneAt < pruneIntervalMs) return;
445
434
  lastPruneAt = now;
446
- nonceStore.purgeExpired().catch(function (e) {
435
+ store.purgeExpired().catch(function (e) {
447
436
  try {
448
437
  logger().warn("nonce-store prune failed: " + ((e && e.message) || String(e)));
449
438
  } catch (_e) { /* logger best-effort */ }
@@ -548,7 +537,7 @@ function create(opts) {
548
537
  var nonceHash = bCrypto.sha3Hash(nonce, "hex");
549
538
  var expireAt = now + replayWindowMs;
550
539
  var freshNonce;
551
- try { freshNonce = await nonceStore.checkAndInsert(nonceHash, expireAt); }
540
+ try { freshNonce = await store.checkAndInsert(nonceHash, expireAt); }
552
541
  catch (_e) {
553
542
  _emitFailure(req, "nonce-store-error");
554
543
  return _writeRejection(res, HTTP_STATUS.INTERNAL_SERVER_ERROR, { error: "nonce-store-unavailable" });
@@ -682,7 +671,7 @@ function create(opts) {
682
671
  // capacity.
683
672
  var ctrKey = "ctr:" + sid + ":" + ctr;
684
673
  var ctrFresh;
685
- try { ctrFresh = await nonceStore.checkAndInsert(ctrKey, session.expiresAt); }
674
+ try { ctrFresh = await store.checkAndInsert(ctrKey, session.expiresAt); }
686
675
  catch (_e) {
687
676
  _emitFailure(req, "nonce-store-error");
688
677
  return _writeRejection(res, HTTP_STATUS.INTERNAL_SERVER_ERROR, { error: "nonce-store-unavailable" });
@@ -779,7 +768,7 @@ function create(opts) {
779
768
 
780
769
  middleware.publishPublicKey = publishPublicKey;
781
770
  middleware.close = function () {
782
- if (typeof nonceStore.close === "function") nonceStore.close();
771
+ if (typeof store.close === "function") store.close();
783
772
  if (sessionStore && typeof sessionStore.close === "function") sessionStore.close();
784
773
  };
785
774
  // Expose for tests / operator dashboards. Counts are 0 in per-request mode.
@@ -28,6 +28,7 @@
28
28
  var lazyRequire = require("../lazy-require");
29
29
  var safeJson = require("../safe-json");
30
30
  var validateOpts = require("../validate-opts");
31
+ var denyResponse = require("./deny-response");
31
32
  var { defineClass } = require("../framework-error");
32
33
 
33
34
  var AssetlinksError = defineClass("AssetlinksError", { alwaysPermanent: true });
@@ -108,13 +109,7 @@ function create(opts) {
108
109
  var path = qIdx === -1 ? url : url.slice(0, qIdx);
109
110
  if (path !== "/.well-known/assetlinks.json") return next();
110
111
  if (req.method !== "GET" && req.method !== "HEAD") {
111
- var bodyMsg = "Method Not Allowed";
112
- res.writeHead(405, { // HTTP 405 status
113
- "Allow": "GET, HEAD",
114
- "Content-Type": "text/plain; charset=utf-8",
115
- "Content-Length": Buffer.byteLength(bodyMsg),
116
- });
117
- res.end(bodyMsg);
112
+ denyResponse.methodNotAllowed(res, "GET, HEAD");
118
113
  return;
119
114
  }
120
115
  res.writeHead(200, { // HTTP 200 status
@@ -38,6 +38,7 @@ var lazyRequire = require("../lazy-require");
38
38
  var requestHelpers = require("../request-helpers");
39
39
  var validateOpts = require("../validate-opts");
40
40
  var denyResponse = require("./deny-response").denyResponse;
41
+ var codepointClass = require("../codepoint-class");
41
42
  var { AuthError } = require("../framework-error");
42
43
 
43
44
  var audit = lazyRequire(function () { return require("../audit"); });
@@ -164,7 +165,7 @@ function create(opts) {
164
165
  }
165
166
  for (var ri = 0; ri < realm.length; ri += 1) {
166
167
  var rcode = realm.charCodeAt(ri);
167
- if (rcode < 32 || rcode === 127) { // ASCII control codepoints
168
+ if (codepointClass.isForbiddenControlChar(rcode, { forbidTab: true })) { // ASCII control codepoints
168
169
  throw new AuthError("auth-bearer/bad-realm",
169
170
  "realm contains control character at index " + ri);
170
171
  }
@@ -115,6 +115,8 @@
115
115
  */
116
116
 
117
117
  var nodeFs = require("node:fs");
118
+ var pick = require("../pick");
119
+ var numericBounds = require("../numeric-bounds");
118
120
  var os = require("node:os");
119
121
  var nodePath = require("node:path");
120
122
  var nodeCrypto = require("node:crypto");
@@ -164,7 +166,6 @@ var BodyParserError = defineClass("BodyParserError", { withStatusCode: true });
164
166
  // Mirrors safe-json.js + safe-schema.js. Field names that match these
165
167
  // are refused at the parse boundary regardless of which sub-parser is
166
168
  // in play — consistent prototype-pollution defense across the framework.
167
- var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
168
169
 
169
170
  // Materialize a header/parameter map from request-derived [key, value]
170
171
  // pairs WITHOUT a computed member write (`target[key] = value`). A
@@ -183,7 +184,7 @@ var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
183
184
  function _mapFromPairs(pairs) {
184
185
  var safe = [];
185
186
  for (var i = 0; i < pairs.length; i++) {
186
- if (POISONED_KEYS.has(pairs[i][0])) continue;
187
+ if (pick.isPoisonedKey(pairs[i][0])) continue;
187
188
  safe.push(pairs[i]);
188
189
  }
189
190
  return Object.assign(Object.create(null), Object.fromEntries(safe));
@@ -256,17 +257,13 @@ function _contentType(req) {
256
257
  // would slice through quoted commas/semicolons and corrupt the
257
258
  // multipart boundary. Use the shared quote-aware splitter that
258
259
  // tracks RFC 8941 §3.3.3 quoted-string state with backslash-escape.
259
- var parts = structuredFields.splitTopLevel(rest, ";");
260
- for (var i = 0; i < parts.length; i++) {
261
- var p = parts[i].trim();
262
- var eq = p.indexOf("=");
263
- if (eq === -1) continue;
264
- var k = p.slice(0, eq).trim().toLowerCase();
265
- var v = p.slice(eq + 1).trim();
260
+ var kvps = structuredFields.parseKeyValuePieces(
261
+ structuredFields.splitTopLevel(rest, ";"));
262
+ structuredFields.forEachKeyValue(kvps, function (key, v) {
266
263
  var _unq = structuredFields.unquoteSfString(v);
267
264
  if (_unq !== null) v = _unq;
268
- paramPairs.push([k, v]);
269
- }
265
+ paramPairs.push([key, v]);
266
+ });
270
267
  }
271
268
  return { type: type, params: _mapFromPairs(paramPairs) };
272
269
  }
@@ -430,26 +427,17 @@ function _bufferBody(req, limit) {
430
427
  return;
431
428
  }
432
429
  }
433
- var collector = safeBuffer.boundedChunkCollector({
430
+ safeBuffer.collectStream(req, {
434
431
  maxBytes: limit,
435
432
  errorClass: BodyParserError,
436
433
  sizeCode: "body-parser/too-large",
437
434
  sizeMessage: "request body exceeds limit",
435
+ }).then(resolve, function (e) {
436
+ // The drain-overflow guard (a second line of defense behind the
437
+ // Content-Length pre-check above) carries the 413 status code.
438
+ if (e && e.isBodyParserError) e.statusCode = HTTP_STATUS.PAYLOAD_TOO_LARGE;
439
+ reject(e);
438
440
  });
439
- var done = false;
440
- req.on("data", function (chunk) {
441
- if (done) return;
442
- try { collector.push(chunk); }
443
- catch (e) {
444
- done = true;
445
- try { req.destroy(); } catch (_e) { /* socket already closed */ }
446
- if (e && e.isBodyParserError) e.statusCode = HTTP_STATUS.PAYLOAD_TOO_LARGE;
447
- reject(e);
448
- return;
449
- }
450
- });
451
- req.on("end", function () { if (!done) { done = true; resolve(collector.result()); } });
452
- req.on("error", function (e) { if (!done) { done = true; reject(e); } });
453
441
  });
454
442
  }
455
443
 
@@ -520,7 +508,7 @@ async function _parseUrlencoded(req, opts) {
520
508
  for (var i = 0; i < keys.length; i++) {
521
509
  var k = keys[i][0];
522
510
  var v = keys[i][1];
523
- if (POISONED_KEYS.has(k)) {
511
+ if (pick.isPoisonedKey(k)) {
524
512
  throw new BodyParserError(
525
513
  "body-parser/urlencoded-poisoned-key",
526
514
  "urlencoded body contains forbidden key '" + k + "' (prototype-pollution defense)",
@@ -644,10 +632,10 @@ function _parseMultipartHeaders(rawHeaders) {
644
632
  true, HTTP_STATUS.BAD_REQUEST
645
633
  );
646
634
  }
647
- var idx = line.indexOf(":");
648
- if (idx === -1) continue;
649
- var k = line.slice(0, idx).trim().toLowerCase();
650
- var v = line.slice(idx + 1).trim();
635
+ var khv = structuredFields.parseKeyValuePiece(line, ":");
636
+ if (khv.value === null) continue;
637
+ var k = khv.key;
638
+ var v = khv.value.trim();
651
639
  for (var j = 0; j < v.length; j++) {
652
640
  var c = v.charCodeAt(j);
653
641
  if (c === 0 || c === 10 || c === 13) { // NUL/LF/CR forbidden in field-value (RFC 9110 §5.5)
@@ -736,12 +724,8 @@ function _parseHeaderParams(headerValue, filenameCharsets) {
736
724
  // it last so Object.fromEntries' last-wins resolves it.
737
725
  var paramPairs = [["_value", parts[0].trim().toLowerCase()]];
738
726
  var extName = null;
739
- for (var i = 1; i < parts.length; i++) {
740
- var p = parts[i].trim();
741
- var eq = p.indexOf("=");
742
- if (eq === -1) continue;
743
- var k = p.slice(0, eq).trim().toLowerCase();
744
- var v = p.slice(eq + 1).trim();
727
+ var kvps = structuredFields.parseKeyValuePieces(parts, 1);
728
+ structuredFields.forEachKeyValue(kvps, function (k, v) {
745
729
  var _unq = structuredFields.unquoteSfString(v);
746
730
  if (_unq !== null) v = _unq;
747
731
  if (k.charAt(k.length - 1) === "*") {
@@ -751,10 +735,10 @@ function _parseHeaderParams(headerValue, filenameCharsets) {
751
735
  if (bareKey === "filename") extName = decoded;
752
736
  paramPairs.push([bareKey, decoded]);
753
737
  }
754
- continue;
738
+ return;
755
739
  }
756
740
  paramPairs.push([k, v]);
757
- }
741
+ });
758
742
  if (extName !== null) paramPairs.push(["filename", extName]);
759
743
  return _mapFromPairs(paramPairs);
760
744
  }
@@ -952,7 +936,7 @@ async function _parseMultipart(req, opts, ctParams) {
952
936
  // Read until \r\n\r\n.
953
937
  var headEnd = pending.indexOf("\r\n\r\n");
954
938
  if (headEnd === -1) {
955
- if (pending.length > C.BYTES.kib(16)) {
939
+ if (safeBuffer.byteLengthOf(pending) > C.BYTES.kib(16)) {
956
940
  done(new BodyParserError("body-parser/multipart-headers-too-large",
957
941
  "multipart part headers exceed 16KB", true, 413));
958
942
  return;
@@ -986,7 +970,7 @@ async function _parseMultipart(req, opts, ctParams) {
986
970
  "multipart part missing form-data Content-Disposition", true, HTTP_STATUS.BAD_REQUEST));
987
971
  return;
988
972
  }
989
- if (POISONED_KEYS.has(cd.name)) {
973
+ if (pick.isPoisonedKey(cd.name)) {
990
974
  done(new BodyParserError("body-parser/multipart-poisoned-field",
991
975
  "multipart field '" + cd.name + "' is forbidden (prototype-pollution defense)",
992
976
  true, HTTP_STATUS.BAD_REQUEST));
@@ -1654,12 +1638,9 @@ function _resolveStandaloneMultipartOpts(opts, ct) {
1654
1638
  }
1655
1639
  if (opts.maxFiles !== undefined) {
1656
1640
  var mf = opts.maxFiles;
1657
- var mfBad = typeof mf !== "number" || !isFinite(mf) || mf <= 0 || Math.floor(mf) !== mf;
1658
- if (mfBad) {
1659
- throw new BodyParserError("body-parser/bad-max-files",
1660
- "parsers.multipart: opts.maxFiles must be a positive integer",
1661
- true, HTTP_STATUS.BAD_REQUEST);
1662
- }
1641
+ numericBounds.requirePositiveFiniteInt(mf,
1642
+ "parsers.multipart: opts.maxFiles", BodyParserError, "body-parser/bad-max-files",
1643
+ null, { permanent: true, statusCode: HTTP_STATUS.BAD_REQUEST });
1663
1644
  resolved.fileCount = mf;
1664
1645
  }
1665
1646
  // Pass-through overrides for the multipart-specific knobs the middleware
@@ -1705,5 +1686,7 @@ module.exports = {
1705
1686
  _contentType: _contentType,
1706
1687
  _hasBody: _hasBody,
1707
1688
  _sanitizeFilename: _sanitizeFilename,
1708
- POISONED_KEYS: POISONED_KEYS,
1689
+ // Sourced from the canonical pick primitive (no hand-rolled set); a fresh
1690
+ // Set so the long-standing `instanceof Set` shape of this export is kept.
1691
+ POISONED_KEYS: new Set(pick.POISONED_KEYS),
1709
1692
  };