@blamejs/blamejs-shop 0.4.56 → 0.4.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (402) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/affiliates.js +35 -4
  3. package/lib/api-keys.js +17 -2
  4. package/lib/asset-manifest.json +1 -1
  5. package/lib/backorder.js +21 -4
  6. package/lib/click-and-collect.js +11 -2
  7. package/lib/credit-limits.js +132 -84
  8. package/lib/vendor/MANIFEST.json +426 -366
  9. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  10. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  11. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  12. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  14. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  15. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  16. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  17. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  18. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  19. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  20. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  21. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  23. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  24. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  25. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  26. package/lib/vendor/blamejs/index.js +2 -0
  27. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  28. package/lib/vendor/blamejs/lib/acme.js +6 -5
  29. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  30. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  31. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  32. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  33. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  34. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  35. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  36. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  37. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  38. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  39. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  40. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  41. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  42. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  43. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  44. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  45. package/lib/vendor/blamejs/lib/archive.js +2 -10
  46. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  47. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  48. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  49. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  50. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  51. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  52. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  53. package/lib/vendor/blamejs/lib/audit.js +84 -0
  54. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  55. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  56. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  57. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  58. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  59. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  60. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  61. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  62. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  63. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  64. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  65. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  66. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  67. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  68. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  69. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  70. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  71. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  72. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  73. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  74. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  75. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  76. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  77. package/lib/vendor/blamejs/lib/cache.js +7 -18
  78. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  79. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  80. package/lib/vendor/blamejs/lib/cert.js +3 -10
  81. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  82. package/lib/vendor/blamejs/lib/cli.js +5 -1
  83. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  84. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  85. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  86. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  87. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  88. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  89. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  90. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  91. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  92. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  93. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  94. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  95. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  96. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  97. package/lib/vendor/blamejs/lib/cose.js +19 -11
  98. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  99. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  100. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  101. package/lib/vendor/blamejs/lib/csp.js +235 -3
  102. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  103. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  104. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  105. package/lib/vendor/blamejs/lib/db.js +34 -12
  106. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  107. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  108. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  109. package/lib/vendor/blamejs/lib/did.js +6 -2
  110. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  111. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  112. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  113. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  114. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  115. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  116. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  117. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  118. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  119. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  120. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  121. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  122. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  123. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  124. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  125. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  126. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  127. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  128. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  129. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  130. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  131. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  132. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  133. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  135. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  136. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  137. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  138. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  139. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  140. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  141. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  142. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  143. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  144. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  145. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  146. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  147. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  148. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  149. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  150. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  151. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  152. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  153. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  154. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  155. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  156. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  157. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  158. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  159. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  161. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  162. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  163. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  164. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  165. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  166. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  167. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  168. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  169. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  170. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  171. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  172. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  173. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  174. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  175. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  176. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  177. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  178. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  179. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  180. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  181. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  182. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  183. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  184. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  185. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  186. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  187. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  188. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  189. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  190. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  191. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  192. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  193. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  194. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  195. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  196. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  197. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  198. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  199. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  200. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  201. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  202. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  203. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  204. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  205. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  206. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  207. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  208. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  209. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  210. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  211. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  212. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  213. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  214. package/lib/vendor/blamejs/lib/mail.js +6 -11
  215. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  216. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  217. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  218. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  219. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  220. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  221. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  222. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  223. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  224. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  225. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  226. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  227. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  228. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  229. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  230. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  231. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  232. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  233. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  234. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  235. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  236. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  237. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  238. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  239. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  240. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  241. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  242. package/lib/vendor/blamejs/lib/money.js +105 -0
  243. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  244. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  245. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  246. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  247. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  248. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  249. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  250. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  251. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  252. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  253. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  254. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  255. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  256. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  257. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  258. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  259. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  260. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  261. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  262. package/lib/vendor/blamejs/lib/observability.js +95 -0
  263. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  264. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  265. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  266. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  267. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  268. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  269. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  270. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  271. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  272. package/lib/vendor/blamejs/lib/pick.js +63 -5
  273. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  274. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  275. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  276. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  277. package/lib/vendor/blamejs/lib/redact.js +2 -1
  278. package/lib/vendor/blamejs/lib/render.js +4 -2
  279. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  280. package/lib/vendor/blamejs/lib/restore.js +5 -22
  281. package/lib/vendor/blamejs/lib/retention.js +3 -5
  282. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  283. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  284. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  285. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  286. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  287. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  288. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  289. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  290. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  291. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  292. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  293. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  294. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  295. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  296. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  297. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  298. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  299. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  300. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  301. package/lib/vendor/blamejs/lib/session.js +194 -6
  302. package/lib/vendor/blamejs/lib/sql.js +225 -78
  303. package/lib/vendor/blamejs/lib/sse.js +6 -10
  304. package/lib/vendor/blamejs/lib/static.js +136 -98
  305. package/lib/vendor/blamejs/lib/storage.js +4 -2
  306. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  307. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  308. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  309. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  310. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  311. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  312. package/lib/vendor/blamejs/lib/vc.js +2 -7
  313. package/lib/vendor/blamejs/lib/vex.js +35 -13
  314. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  315. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  316. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  317. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  318. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  319. package/lib/vendor/blamejs/lib/worm.js +2 -3
  320. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  321. package/lib/vendor/blamejs/package.json +1 -1
  322. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  323. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  324. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  325. package/lib/vendor/blamejs/test/10-state.js +9 -3
  326. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  327. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  328. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  329. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  330. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  332. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  333. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  334. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  335. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  336. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  337. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  340. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  341. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  342. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  346. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  347. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  349. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  351. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  352. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  388. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  392. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  393. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  395. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  397. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  398. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  399. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  400. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  401. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  402. package/package.json +1 -1
@@ -72,9 +72,9 @@
72
72
 
73
73
  var codepointClass = require("./codepoint-class");
74
74
  var lazyRequire = require("./lazy-require");
75
+ var pick = require("./pick");
75
76
  var gateContract = require("./gate-contract");
76
77
  var C = require("./constants");
77
- var numericBounds = require("./numeric-bounds");
78
78
  var safeJson = require("./safe-json");
79
79
  var { GuardJsonError } = require("./framework-error");
80
80
 
@@ -87,14 +87,9 @@ var _err = GuardJsonError.factory;
87
87
 
88
88
  var BIDI_RE = codepointClass.BIDI_RE;
89
89
  var C0_CTRL_RE = codepointClass.C0_CTRL_RE;
90
- var ZW_RE = codepointClass.ZERO_WIDTH_RE;
91
90
  var NULL_BYTE = codepointClass.NULL_BYTE;
92
91
  var BOM_CHAR = codepointClass.BOM_CHAR;
93
92
 
94
- // Prototype-pollution key denylist. Operator-supplied JSON containing
95
- // any of these keys at any depth is refused under strict.
96
- var POLLUTION_KEYS = Object.freeze(["__proto__", "constructor", "prototype"]);
97
-
98
93
  // Comment / NaN / Infinity / hex / single-quote markers — pre-parse
99
94
  // scan on the raw source. JSON.parse rejects most of these, but JSON5
100
95
  // / JSONC parsers accept and silently coerce; we surface the source
@@ -132,10 +127,7 @@ var PROFILES = Object.freeze({
132
127
  trailingCommaPolicy: "reject",
133
128
  json5SyntaxPolicy: "reject", // single-quoted / hex / unquoted-key
134
129
  bomPolicy: "reject",
135
- bidiPolicy: "reject",
136
- controlPolicy: "reject",
137
- nullBytePolicy: "reject",
138
- zeroWidthPolicy: "reject",
130
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
139
131
  numericPrecisionPolicy: "reject",
140
132
  requireTopLevelKeyAllowlist: false, // operator opts in via topLevelKeyAllowlist
141
133
  topLevelKeyAllowlist: null,
@@ -192,26 +184,12 @@ var PROFILES = Object.freeze({
192
184
  },
193
185
  });
194
186
 
195
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
196
- mode: "enforce",
187
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
197
188
  maxRuntimeMs: C.TIME.seconds(10),
198
- }));
199
-
200
- var COMPLIANCE_POSTURES = Object.freeze({
201
- "hipaa": Object.assign({}, PROFILES["strict"], {
202
- forensicSnippetBytes: C.BYTES.bytes(256),
203
- }),
204
- "pci-dss": Object.assign({}, PROFILES["strict"], {
205
- forensicSnippetBytes: C.BYTES.bytes(256),
206
- }),
207
- "gdpr": Object.assign({}, PROFILES["balanced"], {
208
- forensicSnippetBytes: C.BYTES.bytes(128),
209
- }),
210
- "soc2": Object.assign({}, PROFILES["strict"], {
211
- forensicSnippetBytes: C.BYTES.bytes(512),
212
- }),
213
189
  });
214
190
 
191
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
192
+
215
193
  // ---- Helpers ----
216
194
 
217
195
  function _resolveOpts(opts) {
@@ -225,7 +203,10 @@ function _resolveOpts(opts) {
225
203
  }
226
204
 
227
205
  function _isPollutionKey(key) {
228
- return POLLUTION_KEYS.indexOf(key) !== -1;
206
+ // The framework's single prototype-pollution predicate (core JS vectors
207
+ // plus any operator-registered defense-in-depth extensions) — strict JSON
208
+ // refuses / strips every key it names, at any depth.
209
+ return pick.isPoisonedKey(key);
229
210
  }
230
211
 
231
212
  // _scanPollutionKeys — walks parsed JSON tree counting prototype-
@@ -382,31 +363,19 @@ function _scanRawSource(text, opts) {
382
363
  });
383
364
  }
384
365
  }
385
- // Bidi / null / control via shared codepoint class.
386
- issues.push.apply(issues, codepointClass.detectCharThreats(text, opts, "json"));
387
- if (opts.zeroWidthPolicy !== "allow" && opts.zeroWidthPolicy !== "strip" &&
388
- ZW_RE.test(text)) { // allow:regex-no-length-cap — text bounded by maxBytes above
389
- issues.push({
390
- kind: "zero-width", severity: "warn", ruleId: "json.zero-width",
391
- snippet: "zero-width / invisible-formatting char in JSON source",
392
- });
393
- }
366
+ // Bidi / null / control / zero-width via the shared codepoint class. JSON
367
+ // source treats an invisible-formatting char as a `warn` (cosmetic, not a
368
+ // structural threat) passed as the zero-width severity.
369
+ issues.push.apply(issues, codepointClass.detectCharThreats(text, opts, "json", "warn"));
394
370
  return issues;
395
371
  }
396
372
 
397
373
  // _detectIssues — full validate path: raw-source pre-scan + parse +
398
374
  // tree walk.
399
375
  function _detectIssues(input, opts) {
400
- var issues = [];
401
- if (typeof input !== "string") {
402
- return [{ kind: "bad-input", severity: "high",
403
- snippet: "input is not a string" }];
404
- }
405
- if (input.length > opts.maxBytes) {
406
- return [{ kind: "too-large", severity: "high", ruleId: "json.too-large",
407
- snippet: "input " + input.length +
408
- " bytes exceeds maxBytes " + opts.maxBytes }];
409
- }
376
+ var pre = gateContract.detectStringInput(input, opts, { name: "json", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
377
+ if (pre.done) return pre.issues;
378
+ var issues = pre.issues;
410
379
 
411
380
  // Raw-source pre-scan.
412
381
  issues = issues.concat(_scanRawSource(input, opts));
@@ -616,21 +585,13 @@ function _stripPollutionTree(value, opts, depth) {
616
585
  * rv.ok; // → false
617
586
  * rv.issues.some(function (i) { return i.kind === "prototype-pollution-key"; }); // → true
618
587
  */
619
- function validate(input, opts) {
620
- opts = _resolveOpts(opts);
621
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
622
- ["maxBytes", "maxDepth", "maxKeysPerObject", "maxArrayLength",
623
- "maxStringLength", "maxTotalNodes"],
624
- "guardJson.validate", GuardJsonError, "json.bad-opt");
625
- if (typeof input !== "string") {
626
- return {
627
- ok: false,
628
- issues: [{ kind: "bad-input", severity: "high",
629
- snippet: "input is not a string" }],
630
- };
631
- }
632
- return gateContract.aggregateIssues(_detectIssues(input, opts));
633
- }
588
+ // validate is assembled by gateContract.defineGuard from `detect`
589
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
590
+ // input, resolveOpts(opts)))`, with the maxBytes/maxDepth/maxKeysPerObject/
591
+ // maxArrayLength/maxStringLength/maxTotalNodes caps declared via `intOpts`.
592
+ // Non-string input reduces to the same single `bad-input` issue _detectIssues
593
+ // already emits, so the prior explicit early-return is subsumed. The
594
+ // @primitive block above documents the resulting ABI.
634
595
 
635
596
  /**
636
597
  * @primitive b.guardJson.parse
@@ -779,45 +740,65 @@ function _policyKeyForRuleId(ruleId) {
779
740
  * var verdict = await jsonGate.check({ bytes: hostile });
780
741
  * verdict.action; // → "refuse"
781
742
  */
743
+ // Disposition of each json finding = what the operator's policy for that class
744
+ // selected. The RFC-deviation findings (comments / trailing commas / NaN /
745
+ // JSON5 syntax / BOM / prototype-pollution / duplicate keys) sanitize by
746
+ // re-parsing under a mitigation policy and refuse under `reject`; the bidi /
747
+ // null / control char threats follow their shared policies; structural caps,
748
+ // a parse failure, and an allowlist miss always refuse; the big-integer
749
+ // precision and zero-width notes are audit-only. Exhaustive over every kind
750
+ // _detectIssues emits (the gate-disposition coverage test enforces it).
751
+ function _gateDispositionFor(issue, opts) {
752
+ var shared = gateContract.charThreatDisposition(issue, opts);
753
+ if (shared) return shared;
754
+ switch (issue.kind) {
755
+ case "bom-leading":
756
+ case "bom-mid-stream": return gateContract.policyDisposition(opts.bomPolicy);
757
+ case "comment-block":
758
+ case "comment-line": return gateContract.policyDisposition(opts.commentPolicy);
759
+ case "nan-infinity": return gateContract.policyDisposition(opts.nanInfinityPolicy);
760
+ case "trailing-comma": return gateContract.policyDisposition(opts.trailingCommaPolicy);
761
+ case "single-quoted-key":
762
+ case "hex-literal": return gateContract.policyDisposition(opts.json5SyntaxPolicy);
763
+ case "prototype-pollution-key": return gateContract.policyDisposition(opts.pollutionPolicy);
764
+ case "duplicate-key": return gateContract.policyDisposition(opts.duplicateKeyPolicy);
765
+ // zero-width is classified by charThreatDisposition above (its
766
+ // zeroWidthPolicy). numeric-precision-loss follows its own policy like every
767
+ // other RFC-deviation finding — under numericPrecisionPolicy:reject it
768
+ // refuses, not audits.
769
+ case "numeric-precision-loss": return gateContract.policyDisposition(opts.numericPrecisionPolicy);
770
+ case "node-count-cap":
771
+ case "depth-cap":
772
+ case "string-too-long":
773
+ case "array-length-cap":
774
+ case "key-count-cap":
775
+ case "bad-input":
776
+ case "too-large":
777
+ case "parse-failed":
778
+ case "missing-allowlist":
779
+ case "top-level-key-not-allowlisted": return "refuse";
780
+ default: return null;
781
+ }
782
+ }
783
+
782
784
  function gate(opts) {
783
785
  opts = _resolveOpts(opts);
784
- return gateContract.buildGuardGate(
785
- opts.name || "guardJson:" + (opts.profile || "default"),
786
- opts,
787
- async function (ctx) {
788
- var text = gateContract.extractBytesAsText(ctx);
789
- if (!text) return { ok: true, action: "serve" };
790
- var rv = validate(text, opts);
791
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
792
- var hasCritical = rv.issues.some(function (i) {
793
- return i.severity === "critical" || i.severity === "high";
794
- });
795
- if (!hasCritical) return { ok: true, action: "audit-only", issues: rv.issues };
796
-
797
- // Sanitize-eligibility: every reject-policy must be off.
798
- var canSanitize = opts.pollutionPolicy !== "reject" &&
799
- opts.duplicateKeyPolicy !== "reject" &&
800
- opts.nanInfinityPolicy !== "reject" &&
801
- opts.commentPolicy !== "reject" &&
802
- opts.trailingCommaPolicy !== "reject" &&
803
- opts.json5SyntaxPolicy !== "reject" &&
804
- opts.bomPolicy !== "reject" &&
805
- opts.bidiPolicy !== "reject" &&
806
- opts.controlPolicy !== "reject" &&
807
- opts.nullBytePolicy !== "reject";
808
- if (canSanitize) {
809
- try {
810
- var clean = parse(text, opts);
811
- var emitted = JSON.stringify(clean);
812
- return {
813
- ok: true, action: "sanitize",
814
- sanitized: Buffer.from(emitted, "utf8"),
815
- issues: rv.issues,
816
- };
817
- } catch (_e) { /* fall through */ }
818
- }
819
- return { ok: false, action: "refuse", issues: rv.issues };
820
- });
786
+ return gateContract.buildContentGate({
787
+ name: opts.name || "guardJson:" + (opts.profile || "default"),
788
+ opts: opts,
789
+ validate: module.exports.validate,
790
+ dispositionFor: _gateDispositionFor,
791
+ // A sanitize-disposition finding (a class set to a mitigation) is repaired in
792
+ // two passes: first the char-strip policies remove bidi / control / null /
793
+ // zero-width per policy (so a strip-policy char threat is excised even when
794
+ // it sits inside a string value), then a parse + re-serialize drops
795
+ // __proto__ / comments / NaN / trailing commas per the active policy. Under a
796
+ // reject policy the finding is already refuse-disposition, so this is not
797
+ // reached for that class.
798
+ produceSanitized: function (text, o) {
799
+ return JSON.stringify(parse(codepointClass.applyCharStripPolicies(text, o), o));
800
+ },
801
+ });
821
802
  }
822
803
 
823
804
  // buildProfile / compliancePosture / loadRulePack are assembled by
@@ -840,8 +821,8 @@ var INTEGRATION_FIXTURES = Object.freeze({
840
821
  // exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
841
822
  // buildProfile / compliancePosture / loadRulePack wiring, plus the
842
823
  // per-guard inspection surface (validate / parse) and JSON extras
843
- // (POLLUTION_KEYS) passed through verbatim. The bespoke `gate` carries
844
- // JSON's sanitize-reparse-reserialize chain unchanged.
824
+ // (POLLUTION_KEYS, surfaced from the framework's canonical pick.POISONED_KEYS).
825
+ // The bespoke `gate` carries JSON's sanitize-reparse-reserialize chain unchanged.
845
826
  module.exports = gateContract.defineGuard({
846
827
  name: "json",
847
828
  kind: "content",
@@ -852,11 +833,14 @@ module.exports = gateContract.defineGuard({
852
833
  mimeTypes: ["application/json", "application/ld+json", "application/vnd.api+json"],
853
834
  extensions: [".json", ".jsonld"],
854
835
  integrationFixtures: INTEGRATION_FIXTURES,
855
- validate: validate,
836
+ detect: _detectIssues,
837
+ intOpts: ["maxBytes", "maxDepth", "maxKeysPerObject", "maxArrayLength",
838
+ "maxStringLength", "maxTotalNodes"],
856
839
  gate: gate,
857
840
  extra: {
841
+ _gateDispositionForTest: _gateDispositionFor,
858
842
  parse: parse,
859
- POLLUTION_KEYS: POLLUTION_KEYS,
843
+ POLLUTION_KEYS: pick.POISONED_KEYS,
860
844
  },
861
845
  });
862
846
 
@@ -50,11 +50,9 @@
50
50
  * JSONPath content-safety guard — refuses user-supplied JSONPath query strings that exhibit dynamic-code-execution shapes BEFORE they reach a JSONPath evaluator.
51
51
  */
52
52
 
53
- var codepointClass = require("./codepoint-class");
54
53
  var lazyRequire = require("./lazy-require");
55
54
  var gateContract = require("./gate-contract");
56
55
  var C = require("./constants");
57
- var numericBounds = require("./numeric-bounds");
58
56
  var { GuardJsonpathError } = require("./framework-error");
59
57
 
60
58
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -81,10 +79,7 @@ var RECURSIVE_DESCENT_RE = /\.\.\[?\*\]?/g;
81
79
 
82
80
  var PROFILES = Object.freeze({
83
81
  "strict": {
84
- bidiPolicy: "reject",
85
- controlPolicy: "reject",
86
- nullBytePolicy: "reject",
87
- zeroWidthPolicy: "reject",
82
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
88
83
  filterExprPolicy: "reject",
89
84
  scriptExprPolicy: "reject",
90
85
  dynamicHintPolicy: "reject",
@@ -96,10 +91,7 @@ var PROFILES = Object.freeze({
96
91
  maxRuntimeMs: C.TIME.seconds(2),
97
92
  },
98
93
  "balanced": {
99
- bidiPolicy: "reject",
100
- controlPolicy: "reject",
101
- nullBytePolicy: "reject",
102
- zeroWidthPolicy: "reject",
94
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
103
95
  filterExprPolicy: "reject", // RCE class — refused at every profile
104
96
  scriptExprPolicy: "reject", // RCE class — refused at every profile
105
97
  dynamicHintPolicy: "reject", // RCE class — refused at every profile
@@ -111,10 +103,7 @@ var PROFILES = Object.freeze({
111
103
  maxRuntimeMs: C.TIME.seconds(2),
112
104
  },
113
105
  "permissive": {
114
- bidiPolicy: "reject", // BIDI refused at every profile
115
- controlPolicy: "reject", // controls refused at every profile
116
- nullBytePolicy: "reject", // null refused at every profile
117
- zeroWidthPolicy: "reject", // zero-width refused at every profile
106
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
118
107
  filterExprPolicy: "reject", // RCE class refused at every profile
119
108
  scriptExprPolicy: "reject", // RCE class refused at every profile
120
109
  dynamicHintPolicy: "reject", // RCE class refused at every profile
@@ -127,35 +116,6 @@ var PROFILES = Object.freeze({
127
116
  },
128
117
  });
129
118
 
130
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
131
- mode: "enforce",
132
- }));
133
-
134
- var COMPLIANCE_POSTURES = Object.freeze({
135
- "hipaa": Object.assign({}, PROFILES["strict"], {
136
- forensicSnippetBytes: C.BYTES.bytes(256),
137
- }),
138
- "pci-dss": Object.assign({}, PROFILES["strict"], {
139
- forensicSnippetBytes: C.BYTES.bytes(256),
140
- }),
141
- "gdpr": Object.assign({}, PROFILES["balanced"], {
142
- forensicSnippetBytes: C.BYTES.bytes(128),
143
- }),
144
- "soc2": Object.assign({}, PROFILES["strict"], {
145
- forensicSnippetBytes: C.BYTES.bytes(512),
146
- }),
147
- });
148
-
149
- function _resolveOpts(opts) {
150
- return gateContract.resolveProfileAndPosture(opts, {
151
- profiles: PROFILES,
152
- compliancePostures: COMPLIANCE_POSTURES,
153
- defaults: DEFAULTS,
154
- errorClass: GuardJsonpathError,
155
- errCodePrefix: "jsonpath",
156
- });
157
- }
158
-
159
119
  function _hasDynamicHint(input) {
160
120
  for (var i = 0; i < DYNAMIC_HINTS.length; i += 1) {
161
121
  if (input.indexOf(DYNAMIC_HINTS[i]) !== -1) return DYNAMIC_HINTS[i];
@@ -164,26 +124,9 @@ function _hasDynamicHint(input) {
164
124
  }
165
125
 
166
126
  function _detectIssues(input, opts) {
167
- var issues = [];
168
- if (typeof input !== "string") {
169
- return [{ kind: "bad-input", severity: "high",
170
- ruleId: "jsonpath.bad-input",
171
- snippet: "jsonpath is not a string" }];
172
- }
173
- if (input.length === 0) {
174
- return [{ kind: "empty", severity: "high",
175
- ruleId: "jsonpath.empty",
176
- snippet: "jsonpath is empty" }];
177
- }
178
- if (Buffer.byteLength(input, "utf8") > opts.maxPatternBytes) {
179
- return [{ kind: "pattern-cap", severity: "high",
180
- ruleId: "jsonpath.pattern-cap",
181
- snippet: "jsonpath exceeds maxPatternBytes " +
182
- opts.maxPatternBytes }];
183
- }
184
-
185
- var charThreats = codepointClass.detectCharThreats(input, opts, "jsonpath");
186
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
127
+ var pre = gateContract.detectStringInput(input, opts, { name: "jsonpath", cap: { bytes: opts.maxPatternBytes, kind: "pattern-cap", snippet: "jsonpath exceeds maxPatternBytes " + opts.maxPatternBytes } });
128
+ if (pre.done) return pre.issues;
129
+ var issues = pre.issues;
187
130
 
188
131
  if (opts.filterExprPolicy !== "allow" && FILTER_EXPR_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxPatternBytes
189
132
  issues.push({
@@ -280,13 +223,10 @@ function _detectIssues(input, opts) {
280
223
  * hostile.ok; // → false
281
224
  * hostile.issues.some(function (i) { return i.kind === "filter-expression"; }); // → true
282
225
  */
283
- function validate(input, opts) {
284
- opts = _resolveOpts(opts);
285
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
286
- ["maxBytes", "maxPatternBytes", "maxRecursiveDescents"],
287
- "guardJsonpath.validate", GuardJsonpathError, "jsonpath.bad-opt");
288
- return gateContract.aggregateIssues(_detectIssues(input, opts));
289
- }
226
+ // validate is assembled by gateContract.defineGuard from `detect`
227
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
228
+ // input, resolveOpts(opts)))`, with the numeric opts validated via `intOpts`.
229
+ // The @primitive block above documents the resulting public ABI.
290
230
 
291
231
  /**
292
232
  * @primitive b.guardJsonpath.sanitize
@@ -327,13 +267,11 @@ function validate(input, opts) {
327
267
  * e.code; // → "jsonpath.filter-expression"
328
268
  * }
329
269
  */
330
- function sanitize(input, opts) {
331
- opts = _resolveOpts(opts);
332
- if (typeof input !== "string") {
333
- throw _err("jsonpath.bad-input", "sanitize requires string input");
334
- }
335
- var issues = _detectIssues(input, opts);
336
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardJsonpathError, codePrefix: "jsonpath" });
270
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
271
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. JSONPath
272
+ // expressions cannot be safely repaired, so the transform is pure pass-through:
273
+ // input that survives the refusal gate is returned unchanged.
274
+ function _sanitizeTransform(input) {
337
275
  return input;
338
276
  }
339
277
 
@@ -351,13 +289,7 @@ function sanitize(input, opts) {
351
289
  // Their wiki sections render from the single-sourced @abiTemplate blocks
352
290
  // in gate-contract.js, instantiated per guard by the page generator.
353
291
 
354
- var INTEGRATION_FIXTURES = Object.freeze({
355
- kind: "identifier",
356
- benignBytes: Buffer.from("$.users[*].name", "utf8"),
357
- hostileBytes: Buffer.from("$..[?(@.x)]", "utf8"),
358
- benignIdentifier: "$.users[*].name",
359
- hostileIdentifier: "$..[?(@.x)]",
360
- });
292
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("$.users[*].name", "$..[?(@.x)]");
361
293
 
362
294
  // Assembled from the gate-contract guard factory: error class, registry
363
295
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -370,10 +302,10 @@ module.exports = gateContract.defineGuard({
370
302
  kind: "identifier",
371
303
  errorClass: GuardJsonpathError,
372
304
  profiles: PROFILES,
373
- defaults: DEFAULTS,
374
- postures: COMPLIANCE_POSTURES,
305
+ base: 256,
375
306
  integrationFixtures: INTEGRATION_FIXTURES,
376
- validate: validate,
377
- sanitize: sanitize,
307
+ detect: _detectIssues,
308
+ sanitizeTransform: _sanitizeTransform,
309
+ intOpts: ["maxBytes", "maxPatternBytes", "maxRecursiveDescents"],
378
310
  ctxFields: ["identifier", "jsonpath"],
379
311
  });