@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -143,6 +143,7 @@ export default [
143
143
  "**/data-e2e/**",
144
144
  "**/.git/**",
145
145
  ".test-output/**",
146
+ ".scratch/**",
146
147
  ".claude/**",
147
148
  // Wiki snippets are embedded into pages where `b` / `db` /
148
149
  // `req` / `res` are in scope; some use top-level await. They're
@@ -128,7 +128,10 @@ function _knownPrimitiveSet(docs, seederIndex, parser) {
128
128
  var headingRe = /<h[23](?:\s+[^>]*)?>([\s\S]*?)<\/h[23]>/g;
129
129
  var m;
130
130
  while ((m = headingRe.exec(page.body)) !== null) {
131
- var inner = m[1].replace(/<[^>]+>/g, "").replace(/&amp;/g, "&");
131
+ var inner = m[1];
132
+ var prevInner; // strip tags until stable (incomplete-multi-char-sanitization)
133
+ do { prevInner = inner; inner = inner.replace(/<[^>]+>/g, ""); } while (inner !== prevInner);
134
+ inner = inner.replace(/&amp;/g, "&");
132
135
  var sigRe = /b\.[a-zA-Z][a-zA-Z0-9_.]*/g;
133
136
  var sm;
134
137
  while ((sm = sigRe.exec(inner)) !== null) set[_bare(sm[0])] = true;
@@ -26,8 +26,11 @@ function _stripAnchorMarkup(s) {
26
26
  // double-decodes &amp;lt; -> <).
27
27
  var stripped = String(s)
28
28
  .replace(/<a\s+class="anchor"[^>]*>[\s\S]*?<\/a>/g, "")
29
- .replace(/<\/?code>/g, "")
30
- .replace(/<[^>]+>/g, "");
29
+ .replace(/<\/?code>/g, "");
30
+ // Re-run the generic tag strip until stable so nested-bracket residue
31
+ // can't survive a single pass (incomplete-multi-character-sanitization).
32
+ var prev;
33
+ do { prev = stripped; stripped = stripped.replace(/<[^>]+>/g, ""); } while (stripped !== prev);
31
34
  return htmlEntities.unescapeBuiltinEntities(stripped)
32
35
  .replace(/\s+/g, " ")
33
36
  .replace(/^\s+|\s+$/g, "");
@@ -58,7 +58,10 @@ function _synthDescription(body, fallback) {
58
58
  if (typeof body !== "string") return fallback;
59
59
  var m = body.match(/<p[^>]*>([\s\S]*?)<\/p>/i);
60
60
  if (!m) return fallback;
61
- var text = m[1].replace(/<[^>]+>/g, "").replace(/&[a-z0-9#]+;/gi, " ").replace(/\s+/g, " ").trim();
61
+ var text = m[1];
62
+ var prevText; // strip tags until stable (incomplete-multi-char-sanitization)
63
+ do { prevText = text; text = text.replace(/<[^>]+>/g, ""); } while (text !== prevText);
64
+ text = text.replace(/&[a-z0-9#]+;/gi, " ").replace(/\s+/g, " ").trim();
62
65
  if (!text) return fallback;
63
66
  var maxLen = b.constants.BYTES.bytes(160);
64
67
  if (text.length > maxLen) text = text.slice(0, maxLen - 3).trimEnd() + "...";
@@ -0,0 +1,20 @@
1
+ "use strict";
2
+
3
+ var b = require("..");
4
+ var expected = require("./_expected");
5
+
6
+ // Fuzz the free-text guard's two parsing surfaces: validate() (pure inspection,
7
+ // must never throw on arbitrary bytes) and sanitize() (strip pass, must either
8
+ // return a shrunk string or throw a recognized GuardTextError, never crash).
9
+ module.exports.fuzz = function (data) {
10
+ var input;
11
+ try { input = data.toString("utf8"); }
12
+ catch (_e) { return; }
13
+ try {
14
+ b.guardText.validate(input, { profile: "strict" });
15
+ b.guardText.sanitize(input, { profile: "balanced" });
16
+ } catch (e) {
17
+ if (expected.isExpected(e)) return;
18
+ throw e;
19
+ }
20
+ };
@@ -225,6 +225,7 @@ var guardYaml = require("./lib/guard-yaml");
225
225
  var guardXml = require("./lib/guard-xml");
226
226
  var guardMarkdown = require("./lib/guard-markdown");
227
227
  var guardEmail = require("./lib/guard-email");
228
+ var guardText = require("./lib/guard-text");
228
229
  var guardDomain = require("./lib/guard-domain");
229
230
  var guardUuid = require("./lib/guard-uuid");
230
231
  var guardCidr = require("./lib/guard-cidr");
@@ -609,6 +610,7 @@ module.exports = {
609
610
  guardXml: guardXml,
610
611
  guardMarkdown: guardMarkdown,
611
612
  guardEmail: guardEmail,
613
+ guardText: guardText,
612
614
  guardDomain: guardDomain,
613
615
  guardUuid: guardUuid,
614
616
  guardCidr: guardCidr,
@@ -51,7 +51,7 @@ var validateOpts = require("./validate-opts");
51
51
  var { defineClass } = require("./framework-error");
52
52
 
53
53
  var httpClient = lazyRequire(function () { return require("./http-client"); });
54
- var audit = lazyRequire(function () { return require("./audit"); });
54
+ var auditEmit = require("./audit-emit");
55
55
  var C = require("./constants");
56
56
 
57
57
  // A2aTasksError is the per-call error class — separate from A2aError
@@ -82,15 +82,7 @@ var TASK_ID_RE = /^[A-Za-z0-9_-]{1,64}$/;
82
82
  var SKILL_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._-]{0,63}$/; // allow:duplicate-regex — RFC-3986-unreserved identifier shape, shared across mcp.js + mcp-tool-registry.js
83
83
  // RFC-3986-unreserved identifier shape (length cap inside regex), not a byte count
84
84
 
85
- function _emitAudit(action, metadata, outcome) {
86
- try {
87
- audit().safeEmit({
88
- action: action,
89
- outcome: outcome || "success",
90
- metadata: metadata,
91
- });
92
- } catch (_e) { /* best-effort */ }
93
- }
85
+ var _emitAudit = auditEmit.emit;
94
86
 
95
87
  var bCrypto = lazyRequire(function () { return require("./crypto"); });
96
88
 
@@ -515,19 +507,11 @@ function _jsonRpcError(id, code, message, data) {
515
507
  }
516
508
 
517
509
  function _readBody(req, maxBytes) {
518
- return new Promise(function (resolve, reject) {
519
- var collector = safeBuffer.boundedChunkCollector({
520
- maxBytes: maxBytes,
521
- errorClass: A2aTasksError,
522
- sizeCode: "a2a-tasks/body-too-large",
523
- sizeMessage: "a2a-tasks: request body exceeded " + maxBytes + " bytes",
524
- });
525
- req.on("data", function (chunk) {
526
- try { collector.push(chunk); }
527
- catch (capErr) { reject(capErr); }
528
- });
529
- req.on("end", function () { resolve(collector.result()); });
530
- req.on("error", function (e) { reject(e); });
510
+ return safeBuffer.collectStream(req, {
511
+ maxBytes: maxBytes,
512
+ errorClass: A2aTasksError,
513
+ sizeCode: "a2a-tasks/body-too-large",
514
+ sizeMessage: "a2a-tasks: request body exceeded " + maxBytes + " bytes",
531
515
  });
532
516
  }
533
517
 
@@ -42,6 +42,7 @@
42
42
  */
43
43
 
44
44
  var nodeCrypto = require("node:crypto");
45
+ var safeBuffer = require("./safe-buffer");
45
46
 
46
47
  var C = require("./constants");
47
48
  var asn1 = require("./asn1-der");
@@ -553,7 +554,7 @@ function create(opts) {
553
554
  var id = orderOpts.identifiers[i];
554
555
  if (!id || typeof id.type !== "string" || typeof id.value !== "string" ||
555
556
  id.type.length === 0 || id.value.length === 0 ||
556
- id.value.length > C.BYTES.bytes(255)) {
557
+ safeBuffer.byteLengthOf(id.value) > C.BYTES.bytes(255)) {
557
558
  throw _err("acme/bad-identifier",
558
559
  "newOrder: identifier must be { type: string, value: string<=255 }", true);
559
560
  }
@@ -569,7 +570,7 @@ function create(opts) {
569
570
  // the field. v1-defensible scope: refuse non-string + cap length so
570
571
  // attacker-supplied profile values can't bloat the JSON payload.
571
572
  if (typeof orderOpts.profile === "string") {
572
- if (orderOpts.profile.length === 0 || orderOpts.profile.length > C.BYTES.bytes(64)) {
573
+ if (orderOpts.profile.length === 0 || safeBuffer.byteLengthOf(orderOpts.profile) > C.BYTES.bytes(64)) {
573
574
  throw _err("acme/bad-profile",
574
575
  "newOrder: profile name must be a non-empty string <= 64 bytes", true);
575
576
  }
@@ -611,7 +612,7 @@ function create(opts) {
611
612
  } else {
612
613
  throw _err("acme/bad-csr", "finalize: csr must be a DER Buffer or PEM string", true);
613
614
  }
614
- if (csrDer.length === 0 || csrDer.length > C.BYTES.kib(64)) {
615
+ if (csrDer.length === 0 || safeBuffer.byteLengthOf(csrDer) > C.BYTES.kib(64)) {
615
616
  throw _err("acme/bad-csr",
616
617
  "finalize: CSR DER size out of range (got " + csrDer.length + " bytes)", true);
617
618
  }
@@ -842,7 +843,7 @@ function create(opts) {
842
843
  }
843
844
  for (var di = 0; di < opts2.domains.length; di += 1) {
844
845
  var d = opts2.domains[di];
845
- if (typeof d !== "string" || d.length === 0 || d.length > C.BYTES.bytes(255)) {
846
+ if (typeof d !== "string" || d.length === 0 || safeBuffer.byteLengthOf(d) > C.BYTES.bytes(255)) {
846
847
  throw _err("acme/bad-csr-domain",
847
848
  "buildCsr: domains[" + di + "] must be a non-empty string <= 255 bytes", true);
848
849
  }
@@ -1328,7 +1329,7 @@ function create(opts) {
1328
1329
  if (!opts2 || typeof opts2 !== "object" || typeof opts2.identifier !== "string" || opts2.identifier.length === 0) {
1329
1330
  throw _err("acme/bad-identifier", "dnsAccount01ChallengeRecord: opts.identifier (host) is required", true);
1330
1331
  }
1331
- if (opts2.identifier.length > C.BYTES.bytes(255)) {
1332
+ if (safeBuffer.byteLengthOf(opts2.identifier) > C.BYTES.bytes(255)) {
1332
1333
  throw _err("acme/bad-identifier", "dnsAccount01ChallengeRecord: identifier exceeds 255 bytes", true);
1333
1334
  }
1334
1335
  if (!state.accountUrl) {
@@ -70,6 +70,7 @@ var agentAudit = require("./agent-audit");
70
70
  var envelopeMac = require("./agent-envelope-mac");
71
71
  var safeJson = require("./safe-json");
72
72
  var bCrypto = require("./crypto");
73
+ var boundedMap = require("./bounded-map");
73
74
 
74
75
  var audit = lazyRequire(function () { return require("./audit"); });
75
76
 
@@ -149,10 +150,10 @@ function create(opts) {
149
150
 
150
151
  function _registerTopic(topics, name, topicOpts, auditImpl) {
151
152
  guardEventBusTopic.validate(name);
152
- if (topics.has(name)) {
153
+ boundedMap.requireAbsent(topics, name, function () {
153
154
  throw new AgentEventBusError("agent-event-bus/topic-duplicate",
154
155
  "registerTopic: '" + name + "' already registered");
155
- }
156
+ });
156
157
  if (!topicOpts.schema || typeof topicOpts.schema !== "object") {
157
158
  throw new AgentEventBusError("agent-event-bus/bad-schema",
158
159
  "registerTopic: schema required (flat key→type map)");
@@ -193,10 +194,10 @@ function _registerTopic(topics, name, topicOpts, auditImpl) {
193
194
  // lifecycle traceability.
194
195
  function _unregisterTopic(topics, name, auditImpl) {
195
196
  guardEventBusTopic.validate(name);
196
- if (!topics.has(name)) {
197
+ boundedMap.requirePresent(topics, name, function () {
197
198
  throw new AgentEventBusError("agent-event-bus/unknown-topic",
198
199
  "unregisterTopic: '" + name + "' not registered");
199
- }
200
+ });
200
201
  topics.delete(name);
201
202
  _safeAudit(auditImpl, "agent.event_bus.topic_unregistered", null, { name: name });
202
203
  }
@@ -143,11 +143,8 @@ function _ensureSealTable() {
143
143
  function create(opts) {
144
144
  opts = opts || {};
145
145
  var store = opts.store || _inMemoryBackend(opts.maxInMemoryEntries);
146
- if (typeof store.get !== "function" || typeof store.put !== "function" ||
147
- typeof store.delete !== "function") {
148
- throw new AgentIdempotencyError("agent-idempotency/bad-store",
149
- "create: store must expose { get, put, delete }");
150
- }
146
+ validateOpts.requireMethods(store, ["get", "put", "delete"],
147
+ "create: store", AgentIdempotencyError, "agent-idempotency/bad-store");
151
148
  var ttlMs = typeof opts.ttlMs === "number" ? opts.ttlMs : DEFAULT_TTL_MS;
152
149
  if (!Number.isFinite(ttlMs) || ttlMs <= 0) {
153
150
  throw new AgentIdempotencyError("agent-idempotency/bad-ttl",
@@ -157,11 +157,8 @@ var _saltedFnvBasisCache = null;
157
157
  function create(opts) {
158
158
  opts = opts || {};
159
159
  var backend = opts.backend || _inMemoryBackend();
160
- if (typeof backend.get !== "function" || typeof backend.set !== "function" ||
161
- typeof backend.delete !== "function" || typeof backend.list !== "function") {
162
- throw new AgentOrchestratorError("agent-orchestrator/bad-backend",
163
- "b.agent.orchestrator.create: backend must expose { get, set, delete, list }");
164
- }
160
+ validateOpts.requireMethods(backend, ["get", "set", "delete", "list"],
161
+ "b.agent.orchestrator.create: backend", AgentOrchestratorError, "agent-orchestrator/bad-backend");
165
162
  var clusterImpl = opts.cluster || cluster();
166
163
  var auditImpl = opts.audit || audit();
167
164
  var permissions = opts.permissions || null;
@@ -71,6 +71,7 @@
71
71
 
72
72
  var lazyRequire = require("./lazy-require");
73
73
  var { defineClass } = require("./framework-error");
74
+ var validateOpts = require("./validate-opts");
74
75
  var guardSagaConfig = require("./guard-saga-config");
75
76
  var bCrypto = require("./crypto");
76
77
  var agentAudit = require("./agent-audit");
@@ -118,11 +119,8 @@ function create(config) {
118
119
  // `agent.saga.no_state_store` surfaces the posture per call).
119
120
  var stateStore = config.stateStore || null;
120
121
  if (stateStore !== null) {
121
- if (typeof stateStore.saveStep !== "function" ||
122
- typeof stateStore.loadResumePoint !== "function") {
123
- throw new AgentSagaError("agent-saga/bad-state-store",
124
- "create: stateStore must expose { saveStep, loadResumePoint, markCompleted?, markFailed? }");
125
- }
122
+ validateOpts.requireMethods(stateStore, ["saveStep", "loadResumePoint"],
123
+ "create: stateStore", AgentSagaError, "agent-saga/bad-state-store");
126
124
  }
127
125
  return {
128
126
  run: function (ctx, initialState, opts) { return _run(config, auditImpl, stateStore, ctx, initialState, opts || {}); },
@@ -153,11 +153,8 @@ var TENANT_KEY_BYTES = 32;
153
153
  function create(opts) {
154
154
  opts = opts || {};
155
155
  var backend = opts.backend || _inMemoryBackend();
156
- if (typeof backend.get !== "function" || typeof backend.set !== "function" ||
157
- typeof backend.delete !== "function" || typeof backend.list !== "function") {
158
- throw new AgentTenantError("agent-tenant/bad-backend",
159
- "create: backend must expose { get, set, delete, list }");
160
- }
156
+ validateOpts.requireMethods(backend, ["get", "set", "delete", "list"],
157
+ "create: backend", AgentTenantError, "agent-tenant/bad-backend");
161
158
  var auditImpl = opts.audit || audit();
162
159
  var permissions = opts.permissions || null;
163
160
  var ctx = {
@@ -99,25 +99,12 @@ function wrap(opts) {
99
99
  var legalBasis = opts.legalBasis;
100
100
  var decide = opts.decide;
101
101
  var onAdverse = typeof opts.onAdverse === "function" ? opts.onAdverse : null;
102
- var auditOn = opts.audit !== false;
103
102
  var now = typeof opts.now === "function" ? opts.now : function () { return Date.now(); };
104
103
 
105
104
  var deadlines = REGIME_DEADLINES[legalBasis] || REGIME_DEADLINES["operator-defined"];
106
105
 
107
- function _emitAudit(action, outcome, metadata) {
108
- if (!auditOn) return;
109
- try {
110
- audit().safeEmit({
111
- action: "ai.adverse_decision." + action,
112
- outcome: outcome,
113
- metadata: metadata || {},
114
- });
115
- } catch (_e) { /* drop-silent */ }
116
- }
117
- function _emitMetric(verb, n, labels) {
118
- try { observability().safeEvent("ai.adverse_decision." + verb, n || 1, labels || {}); }
119
- catch (_e) { /* drop-silent */ }
120
- }
106
+ var _emitAudit = audit().namespaced("ai.adverse_decision", opts.audit);
107
+ var _emitMetric = observability().namespaced("ai.adverse_decision");
121
108
 
122
109
  return async function adverseDecisionDecorated(subject) {
123
110
  if (!subject || typeof subject !== "object") {
@@ -239,12 +239,7 @@ function create(opts) {
239
239
  }
240
240
  var auditOn = opts.audit !== false;
241
241
 
242
- function _emitAudit(action, outcome, metadata) {
243
- if (!auditOn) return;
244
- try {
245
- audit().safeEmit({ action: action, outcome: outcome, metadata: metadata || {} });
246
- } catch (_e) { /* audit best-effort — drop-silent */ }
247
- }
242
+ var _emitAudit = audit().namespaced(null, { audit: auditOn });
248
243
 
249
244
  function describe(modelId) {
250
245
  var d = registry.get(modelId);
@@ -429,11 +429,7 @@ function budget(opts) {
429
429
  var spentDelta = 0;
430
430
  var rdp = RDP_ORDERS.map(function () { return 0; }); // rdp accounting
431
431
 
432
- function _emitAudit(action, outcome, metadata) {
433
- if (!auditOn) return;
434
- try { audit().safeEmit({ action: action, outcome: outcome, metadata: metadata || {} }); }
435
- catch (_e) { /* drop-silent */ }
436
- }
432
+ var _emitAudit = audit().namespaced(null, { audit: auditOn });
437
433
 
438
434
  function _currentEpsilon(rdpCurve) {
439
435
  if (accounting === "basic") return spentEpsilon;
@@ -23,6 +23,7 @@
23
23
  var C = require("./constants");
24
24
  var numericBounds = require("./numeric-bounds");
25
25
  var audit = require("./audit");
26
+ var codepointClass = require("./codepoint-class");
26
27
  var { AiInputError } = require("./framework-error");
27
28
 
28
29
  var SAMPLE_TRUNC = 80; // sample truncation length, not bytes
@@ -69,8 +70,7 @@ function _featuresOf(input) {
69
70
  var cp = input.charCodeAt(i);
70
71
  if ((cp >= 0x202a && cp <= 0x202e) || (cp >= 0x2066 && cp <= 0x2069)) bidi++;
71
72
  else if (cp === 0x200b || cp === 0x200c || cp === 0x200d || cp === 0xfeff || cp === 0x2060) zw++;
72
- else if (cp < 0x20 && cp !== 0x09 && cp !== 0x0a && cp !== 0x0d) ctrl++;
73
- else if (cp === 0x7f) ctrl++;
73
+ else if (codepointClass.isForbiddenControlChar(cp, { allowLf: true, allowCr: true })) ctrl++;
74
74
  }
75
75
  return {
76
76
  length: input.length,
@@ -152,13 +152,8 @@ function parseHeader(value) {
152
152
  label: "aiPref.parseHeader",
153
153
  });
154
154
  var out = { train: null, infer: null, snippet: null, price: null };
155
- var pairs = value.split(",");
156
- for (var i = 0; i < pairs.length; i += 1) {
157
- var p = pairs[i].trim();
158
- var eq = p.indexOf("=");
159
- if (eq === -1) continue;
160
- var k = p.slice(0, eq).trim().toLowerCase();
161
- var val = p.slice(eq + 1).trim();
155
+ var kvps = structuredFields.parseKeyValuePieces(value.split(","));
156
+ structuredFields.forEachKeyValue(kvps, function (k, val) {
162
157
  if (k === "train" && TRAIN_VALUES.indexOf(val) !== -1) out.train = val;
163
158
  else if (k === "infer" && INFER_VALUES.indexOf(val) !== -1) out.infer = val;
164
159
  else if (k === "snippet" && SNIPPET_VALUES.indexOf(val) !== -1) out.snippet = val;
@@ -169,7 +164,7 @@ function parseHeader(value) {
169
164
  var pt = parseInt(val, 10);
170
165
  if (isFinite(pt) && pt > 0) out.price = Object.assign({ perTokens: pt }, out.price || {});
171
166
  }
172
- }
167
+ });
173
168
  return out;
174
169
  }
175
170
 
@@ -318,12 +318,7 @@ function create(opts) {
318
318
  return null;
319
319
  }
320
320
 
321
- function _emitAudit(action, outcome, metadata) {
322
- if (!auditOn) return;
323
- try {
324
- audit().safeEmit({ action: action, outcome: outcome, metadata: metadata || {} });
325
- } catch (_e) { /* audit best-effort — drop-silent */ }
326
- }
321
+ var _emitAudit = audit().namespaced(null, { audit: auditOn });
327
322
 
328
323
  function _emitMetric(name, n) {
329
324
  try { observability().safeEvent(name, n || 1, {}); }
@@ -507,14 +502,8 @@ function _validateLimitMap(map, label) {
507
502
  }
508
503
 
509
504
  function _validateStore(store) {
510
- if (!store || typeof store !== "object" ||
511
- typeof store.reserve !== "function" ||
512
- typeof store.add !== "function" ||
513
- typeof store.get !== "function" ||
514
- typeof store.reset !== "function") {
515
- throw new AiQuotaError("ai-quota/bad-store",
516
- "ai.quota.create: store must expose reserve / add / get / reset functions");
517
- }
505
+ validateOpts.requireMethods(store, ["reserve", "add", "get", "reset"],
506
+ "ai.quota.create: store", AiQuotaError, "ai-quota/bad-store");
518
507
  }
519
508
 
520
509
  module.exports = {
@@ -134,37 +134,46 @@ function _validateIdentifier(name, value) {
134
134
  }
135
135
 
136
136
  function _validateCreateOpts(opts) {
137
- validateOpts.requireObject(opts, "apiKey.create", ApiKeyError);
138
- _validateIdentifier("apiKey.create: namespace", opts.namespace);
139
- if (opts.prefix !== undefined) _validateIdentifier("apiKey.create: prefix", opts.prefix);
140
- validateOpts.optionalPositiveInt(opts.idBytes, "apiKey.create: idBytes", ApiKeyError);
141
- validateOpts.optionalPositiveInt(opts.secretBytes, "apiKey.create: secretBytes", ApiKeyError);
142
- validateOpts.optionalBoolean(opts.trackLastUsedAt, "apiKey.create: trackLastUsedAt", ApiKeyError);
143
- validateOpts.optionalBoolean(opts.auditFailures, "apiKey.create: auditFailures", ApiKeyError);
144
- validateOpts.optionalBoolean(opts.auditSuccess, "apiKey.create: auditSuccess", ApiKeyError);
145
- validateOpts.optionalFiniteNonNegative(opts.purgeAfterMs, "apiKey.create: purgeAfterMs", ApiKeyError);
146
- if (opts.hashAlgo !== undefined) {
147
- if (typeof opts.hashAlgo !== "string" ||
148
- (opts.hashAlgo !== "shake256" && opts.hashAlgo !== "argon2id")) {
149
- throw _err("BAD_OPT", "apiKey.create: hashAlgo must be 'shake256' or 'argon2id', got " +
150
- JSON.stringify(opts.hashAlgo));
151
- }
152
- }
153
- validateOpts.auditShape(opts.audit, "apiKey.create", ApiKeyError);
154
- validateOpts.optionalFunction(opts.clock, "apiKey.create: clock", ApiKeyError);
137
+ validateOpts.shape(opts, {
138
+ namespace: function (v, l) { _validateIdentifier(l, v); },
139
+ prefix: function (v, l) { if (v !== undefined) _validateIdentifier(l, v); },
140
+ idBytes: "optional-positive-int",
141
+ secretBytes: "optional-positive-int",
142
+ trackLastUsedAt: "optional-boolean",
143
+ auditFailures: "optional-boolean",
144
+ auditSuccess: "optional-boolean",
145
+ purgeAfterMs: "optional-non-negative",
146
+ hashAlgo: function (v) {
147
+ if (v !== undefined) {
148
+ if (typeof v !== "string" || (v !== "shake256" && v !== "argon2id")) {
149
+ throw _err("BAD_OPT", "apiKey.create: hashAlgo must be 'shake256' or 'argon2id', got " +
150
+ JSON.stringify(v));
151
+ }
152
+ }
153
+ },
154
+ audit: function (v) { validateOpts.auditShape(v, "apiKey.create", ApiKeyError); },
155
+ clock: "optional-function",
156
+ }, "apiKey.create", ApiKeyError);
155
157
  }
156
158
 
157
159
  function _validateIssueOpts(opts) {
158
- validateOpts.requireObject(opts, "apiKey.issue", ApiKeyError);
159
- validateOpts.requireNonEmptyString(opts.ownerId, "apiKey.issue: ownerId", ApiKeyError, "MISSING_OWNER");
160
- validateOpts.optionalNonEmptyStringArray(opts.scopes, "apiKey.issue: scopes", ApiKeyError, "BAD_SCOPES");
161
- validateOpts.optionalPlainObject(opts.metadata, "apiKey.issue: metadata",
162
- ApiKeyError, "BAD_METADATA");
163
- if (opts.expiresAt !== undefined && opts.expiresAt !== null) {
164
- if (typeof opts.expiresAt !== "number" || !isFinite(opts.expiresAt) || opts.expiresAt < 0) {
165
- throw _err("BAD_OPT", "apiKey.issue: expiresAt must be a non-negative finite number (unix ms) or null");
166
- }
167
- }
160
+ validateOpts.shape(opts, {
161
+ ownerId: { rule: "required-string", code: "MISSING_OWNER" },
162
+ scopes: { rule: "optional-string-array", code: "BAD_SCOPES" },
163
+ metadata: { rule: "optional-plain-object", code: "BAD_METADATA" },
164
+ expiresAt: function (v) {
165
+ if (v !== undefined && v !== null) {
166
+ if (typeof v !== "number" || !isFinite(v) || v < 0) {
167
+ throw _err("BAD_OPT", "apiKey.issue: expiresAt must be a non-negative finite number (unix ms) or null");
168
+ }
169
+ }
170
+ },
171
+ }, "apiKey.issue", ApiKeyError, undefined, {
172
+ // `req` / `context` are the audit-actor pass-through bag — forwarded
173
+ // verbatim to requestHelpers.resolveActorWithOverride (via _actor)
174
+ // to populate the issue audit's 5 W's, not validated locally.
175
+ allow: ["req", "context"],
176
+ });
168
177
  }
169
178
 
170
179
  // ---- Token format ----
@@ -547,10 +547,8 @@ function http(url, opts) {
547
547
  * for await (var e of reader.entries()) entries.push(e);
548
548
  */
549
549
  function trustedStream(readable, opts) {
550
- if (!readable || typeof readable.pipe !== "function" || typeof readable.on !== "function") {
551
- throw new AdapterError("adapter/bad-arg",
552
- "trustedStream: arg must be a Readable (or pipe/on-compatible stream)");
553
- }
550
+ validateOpts.requireMethods(readable, ["pipe", "on"],
551
+ "trustedStream: arg (Readable / pipe-on-compatible stream)", AdapterError, "adapter/bad-arg");
554
552
  if (!(readable instanceof nodeStream.Readable) && !readable.readable) {
555
553
  // Accept stream-like duck-typed objects; many libraries return
556
554
  // Readable-flavored bytes via Symbol.asyncIterator only.
@@ -0,0 +1,32 @@
1
+ "use strict";
2
+ /**
3
+ * lib/archive-entry-policy.js — the entry-type extraction policy shared by the
4
+ * ZIP (archive-read) and TAR (archive-tar-read) readers.
5
+ *
6
+ * Special archive entry types — symlinks, hardlinks, device nodes, FIFOs, and
7
+ * sockets — are a malicious-archive vector (symlink traversal out of the
8
+ * extraction root, device-node creation, etc.), so every type is DENIED by
9
+ * default; an operator opts a type in explicitly per archive. Both readers
10
+ * normalized the same default the same way, so the policy + its overlay live
11
+ * here once rather than drifting between the two formats.
12
+ */
13
+
14
+ var DEFAULT_ENTRY_TYPE_POLICY = Object.freeze({
15
+ symlinks: false,
16
+ hardlinks: false,
17
+ devices: false,
18
+ fifos: false,
19
+ sockets: false,
20
+ });
21
+
22
+ // normalize(p) — overlay an operator policy onto the all-denied default and
23
+ // freeze it. A falsy `p` returns the shared default object (no allocation).
24
+ function normalize(p) {
25
+ if (!p) return DEFAULT_ENTRY_TYPE_POLICY;
26
+ return Object.freeze(Object.assign({}, DEFAULT_ENTRY_TYPE_POLICY, p));
27
+ }
28
+
29
+ module.exports = {
30
+ DEFAULT_ENTRY_TYPE_POLICY: DEFAULT_ENTRY_TYPE_POLICY,
31
+ normalize: normalize,
32
+ };
@@ -54,6 +54,8 @@ var guardArchive = lazyRequire(function () { return require("./guard-archive");
54
54
  var safeDecompress = lazyRequire(function () { return require("./safe-decompress"); });
55
55
  var safeBuffer = lazyRequire(function () { return require("./safe-buffer"); });
56
56
  var archiveAdapters = lazyRequire(function () { return require("./archive-adapters"); });
57
+ var archiveEntryPolicy = require("./archive-entry-policy");
58
+ var auditEmit = require("./audit-emit");
57
59
 
58
60
  // ---- Wire-format constants ------------------------------------------------
59
61
  // Aligned with the write-side `lib/archive.js`. APPNOTE.TXT § references
@@ -120,13 +122,7 @@ var DEFAULT_BOMB_POLICY = Object.freeze({
120
122
  maxExpansionRatio: 100, // compressed → decompressed ratio cap
121
123
  });
122
124
 
123
- var DEFAULT_ENTRY_TYPE_POLICY = Object.freeze({
124
- symlinks: false,
125
- hardlinks: false,
126
- devices: false,
127
- fifos: false,
128
- sockets: false,
129
- });
125
+ var DEFAULT_ENTRY_TYPE_POLICY = archiveEntryPolicy.DEFAULT_ENTRY_TYPE_POLICY;
130
126
 
131
127
  // ---- Helpers --------------------------------------------------------------
132
128
 
@@ -629,17 +625,9 @@ function _normalizeBombPolicy(p) {
629
625
  return Object.freeze(Object.assign({}, DEFAULT_BOMB_POLICY, p));
630
626
  }
631
627
 
632
- function _normalizeEntryTypePolicy(p) {
633
- if (!p) return DEFAULT_ENTRY_TYPE_POLICY;
634
- return Object.freeze(Object.assign({}, DEFAULT_ENTRY_TYPE_POLICY, p));
635
- }
628
+ var _normalizeEntryTypePolicy = archiveEntryPolicy.normalize;
636
629
 
637
- function _emitAudit(opts, action, outcome, metadata) {
638
- if (!opts || !opts.audit || typeof opts.audit.safeEmit !== "function") return;
639
- try {
640
- opts.audit.safeEmit({ action: action, outcome: outcome, metadata: metadata });
641
- } catch (_e) { /* drop-silent — audit sinks must never crash the reader */ }
642
- }
630
+ var _emitAudit = auditEmit.emitToSink; // operator-sink audit emit (opts.audit)
643
631
 
644
632
  /**
645
633
  * @primitive b.archive.read.zip