@blamejs/blamejs-shop 0.4.56 → 0.4.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (402) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/affiliates.js +35 -4
  3. package/lib/api-keys.js +17 -2
  4. package/lib/asset-manifest.json +1 -1
  5. package/lib/backorder.js +21 -4
  6. package/lib/click-and-collect.js +11 -2
  7. package/lib/credit-limits.js +132 -84
  8. package/lib/vendor/MANIFEST.json +426 -366
  9. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  10. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  11. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  12. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  14. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  15. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  16. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  17. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  18. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  19. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  20. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  21. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  23. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  24. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  25. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  26. package/lib/vendor/blamejs/index.js +2 -0
  27. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  28. package/lib/vendor/blamejs/lib/acme.js +6 -5
  29. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  30. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  31. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  32. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  33. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  34. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  35. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  36. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  37. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  38. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  39. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  40. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  41. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  42. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  43. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  44. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  45. package/lib/vendor/blamejs/lib/archive.js +2 -10
  46. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  47. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  48. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  49. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  50. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  51. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  52. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  53. package/lib/vendor/blamejs/lib/audit.js +84 -0
  54. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  55. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  56. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  57. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  58. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  59. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  60. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  61. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  62. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  63. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  64. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  65. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  66. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  67. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  68. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  69. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  70. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  71. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  72. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  73. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  74. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  75. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  76. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  77. package/lib/vendor/blamejs/lib/cache.js +7 -18
  78. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  79. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  80. package/lib/vendor/blamejs/lib/cert.js +3 -10
  81. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  82. package/lib/vendor/blamejs/lib/cli.js +5 -1
  83. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  84. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  85. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  86. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  87. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  88. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  89. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  90. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  91. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  92. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  93. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  94. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  95. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  96. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  97. package/lib/vendor/blamejs/lib/cose.js +19 -11
  98. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  99. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  100. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  101. package/lib/vendor/blamejs/lib/csp.js +235 -3
  102. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  103. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  104. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  105. package/lib/vendor/blamejs/lib/db.js +34 -12
  106. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  107. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  108. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  109. package/lib/vendor/blamejs/lib/did.js +6 -2
  110. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  111. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  112. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  113. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  114. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  115. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  116. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  117. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  118. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  119. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  120. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  121. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  122. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  123. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  124. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  125. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  126. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  127. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  128. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  129. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  130. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  131. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  132. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  133. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  135. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  136. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  137. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  138. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  139. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  140. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  141. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  142. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  143. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  144. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  145. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  146. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  147. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  148. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  149. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  150. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  151. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  152. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  153. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  154. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  155. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  156. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  157. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  158. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  159. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  161. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  162. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  163. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  164. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  165. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  166. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  167. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  168. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  169. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  170. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  171. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  172. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  173. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  174. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  175. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  176. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  177. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  178. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  179. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  180. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  181. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  182. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  183. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  184. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  185. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  186. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  187. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  188. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  189. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  190. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  191. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  192. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  193. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  194. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  195. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  196. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  197. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  198. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  199. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  200. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  201. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  202. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  203. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  204. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  205. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  206. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  207. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  208. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  209. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  210. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  211. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  212. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  213. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  214. package/lib/vendor/blamejs/lib/mail.js +6 -11
  215. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  216. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  217. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  218. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  219. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  220. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  221. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  222. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  223. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  224. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  225. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  226. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  227. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  228. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  229. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  230. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  231. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  232. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  233. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  234. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  235. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  236. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  237. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  238. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  239. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  240. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  241. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  242. package/lib/vendor/blamejs/lib/money.js +105 -0
  243. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  244. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  245. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  246. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  247. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  248. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  249. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  250. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  251. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  252. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  253. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  254. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  255. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  256. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  257. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  258. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  259. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  260. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  261. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  262. package/lib/vendor/blamejs/lib/observability.js +95 -0
  263. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  264. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  265. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  266. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  267. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  268. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  269. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  270. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  271. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  272. package/lib/vendor/blamejs/lib/pick.js +63 -5
  273. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  274. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  275. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  276. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  277. package/lib/vendor/blamejs/lib/redact.js +2 -1
  278. package/lib/vendor/blamejs/lib/render.js +4 -2
  279. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  280. package/lib/vendor/blamejs/lib/restore.js +5 -22
  281. package/lib/vendor/blamejs/lib/retention.js +3 -5
  282. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  283. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  284. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  285. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  286. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  287. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  288. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  289. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  290. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  291. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  292. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  293. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  294. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  295. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  296. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  297. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  298. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  299. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  300. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  301. package/lib/vendor/blamejs/lib/session.js +194 -6
  302. package/lib/vendor/blamejs/lib/sql.js +225 -78
  303. package/lib/vendor/blamejs/lib/sse.js +6 -10
  304. package/lib/vendor/blamejs/lib/static.js +136 -98
  305. package/lib/vendor/blamejs/lib/storage.js +4 -2
  306. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  307. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  308. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  309. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  310. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  311. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  312. package/lib/vendor/blamejs/lib/vc.js +2 -7
  313. package/lib/vendor/blamejs/lib/vex.js +35 -13
  314. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  315. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  316. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  317. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  318. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  319. package/lib/vendor/blamejs/lib/worm.js +2 -3
  320. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  321. package/lib/vendor/blamejs/package.json +1 -1
  322. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  323. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  324. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  325. package/lib/vendor/blamejs/test/10-state.js +9 -3
  326. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  327. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  328. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  329. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  330. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  332. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  333. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  334. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  335. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  336. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  337. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  340. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  341. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  342. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  346. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  347. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  349. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  351. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  352. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  388. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  392. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  393. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  395. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  397. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  398. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  399. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  400. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  401. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  402. package/package.json +1 -1
@@ -37,11 +37,9 @@
37
37
  * ISO 8601 / RFC 3339 datetime identifier-safety guard.
38
38
  */
39
39
 
40
- var codepointClass = require("./codepoint-class");
41
40
  var lazyRequire = require("./lazy-require");
42
41
  var gateContract = require("./gate-contract");
43
42
  var C = require("./constants");
44
- var numericBounds = require("./numeric-bounds");
45
43
  var { GuardTimeError } = require("./framework-error");
46
44
 
47
45
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -65,10 +63,7 @@ var MAX_FRACTIONAL_DIGITS = 9;
65
63
 
66
64
  var PROFILES = Object.freeze({
67
65
  "strict": {
68
- bidiPolicy: "reject",
69
- controlPolicy: "reject",
70
- nullBytePolicy: "reject",
71
- zeroWidthPolicy: "reject",
66
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
72
67
  naiveDatetimePolicy: "reject",
73
68
  nonUtcOffsetPolicy: "reject",
74
69
  leapSecondPolicy: "reject",
@@ -82,10 +77,7 @@ var PROFILES = Object.freeze({
82
77
  maxRuntimeMs: C.TIME.seconds(2),
83
78
  },
84
79
  "balanced": {
85
- bidiPolicy: "reject",
86
- controlPolicy: "reject",
87
- nullBytePolicy: "reject",
88
- zeroWidthPolicy: "reject",
80
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
89
81
  naiveDatetimePolicy: "reject",
90
82
  nonUtcOffsetPolicy: "audit",
91
83
  leapSecondPolicy: "audit",
@@ -99,10 +91,7 @@ var PROFILES = Object.freeze({
99
91
  maxRuntimeMs: C.TIME.seconds(2),
100
92
  },
101
93
  "permissive": {
102
- bidiPolicy: "reject", // BIDI refused at every profile
103
- controlPolicy: "reject", // controls refused at every profile
104
- nullBytePolicy: "reject", // null refused at every profile
105
- zeroWidthPolicy: "reject", // zero-width refused at every profile
94
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
106
95
  naiveDatetimePolicy: "audit",
107
96
  nonUtcOffsetPolicy: "allow",
108
97
  leapSecondPolicy: "allow",
@@ -117,57 +106,16 @@ var PROFILES = Object.freeze({
117
106
  },
118
107
  });
119
108
 
120
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
121
- mode: "enforce",
122
- }));
109
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
123
110
 
124
- var COMPLIANCE_POSTURES = Object.freeze({
125
- "hipaa": Object.assign({}, PROFILES["strict"], {
126
- forensicSnippetBytes: C.BYTES.bytes(128),
127
- }),
128
- "pci-dss": Object.assign({}, PROFILES["strict"], {
129
- forensicSnippetBytes: C.BYTES.bytes(128),
130
- }),
131
- "gdpr": Object.assign({}, PROFILES["balanced"], {
132
- forensicSnippetBytes: C.BYTES.bytes(64),
133
- }),
134
- "soc2": Object.assign({}, PROFILES["strict"], {
135
- forensicSnippetBytes: C.BYTES.bytes(256),
136
- }),
137
- });
138
-
139
- function _resolveOpts(opts) {
140
- return gateContract.resolveProfileAndPosture(opts, {
141
- profiles: PROFILES,
142
- compliancePostures: COMPLIANCE_POSTURES,
143
- defaults: DEFAULTS,
144
- errorClass: GuardTimeError,
145
- errCodePrefix: "time",
146
- });
147
- }
111
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 128 });
148
112
 
149
113
  // ---- Detection ----
150
114
 
151
115
  function _detectIssues(input, opts) {
152
- var issues = [];
153
- if (typeof input !== "string") {
154
- return [{ kind: "bad-input", severity: "high",
155
- ruleId: "time.bad-input",
156
- snippet: "time is not a string" }];
157
- }
158
- if (input.length === 0) {
159
- return [{ kind: "empty", severity: "high",
160
- ruleId: "time.empty",
161
- snippet: "time is empty" }];
162
- }
163
- if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
164
- return [{ kind: "time-cap", severity: "high",
165
- ruleId: "time.time-cap",
166
- snippet: "time input exceeds maxBytes " + opts.maxBytes }];
167
- }
168
-
169
- var charThreats = codepointClass.detectCharThreats(input, opts, "time");
170
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
116
+ var pre = gateContract.detectStringInput(input, opts, { name: "time", cap: { bytes: opts.maxBytes } });
117
+ if (pre.done) return pre.issues;
118
+ var issues = pre.issues;
171
119
 
172
120
  // Date-only / time-only quick checks BEFORE the full RFC 3339 regex
173
121
  // so the operator gets a more actionable diagnosis.
@@ -371,21 +319,13 @@ function _detectIssues(input, opts) {
371
319
  * bad.ok; // → false
372
320
  * bad.issues[0].ruleId; // → "time.year-out-of-range"
373
321
  */
374
- function validate(input, opts) {
375
- opts = _resolveOpts(opts);
376
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
377
- ["maxBytes", "minYear", "maxYear", "maxFractionalDigits"],
378
- "guardTime.validate", GuardTimeError, "time.bad-opt");
379
- if (typeof input !== "string") {
380
- return {
381
- ok: false,
382
- issues: [{ kind: "bad-input", severity: "high",
383
- ruleId: "time.bad-input",
384
- snippet: "time is not a string" }],
385
- };
386
- }
387
- return gateContract.aggregateIssues(_detectIssues(input, opts));
388
- }
322
+ // validate is assembled by gateContract.defineGuard from `detect`
323
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
324
+ // input, resolveOpts(opts)))`, with maxBytes / minYear / maxYear /
325
+ // maxFractionalDigits declared via `intOpts`. _detectIssues returns the
326
+ // `time.bad-input` issue for a non-string, so validate reports
327
+ // `{ ok: false }` there without a bespoke early-return. The @primitive
328
+ // block above documents the resulting public ABI.
389
329
 
390
330
  /**
391
331
  * @primitive b.guardTime.sanitize
@@ -417,15 +357,12 @@ function validate(input, opts) {
417
357
  * e.code; // → "time.leap-second"
418
358
  * }
419
359
  */
420
- function sanitize(input, opts) {
421
- opts = _resolveOpts(opts);
422
- if (typeof input !== "string") {
423
- throw _err("time.bad-input", "sanitize requires string input");
424
- }
425
- var issues = _detectIssues(input, opts);
426
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardTimeError, codePrefix: "time" });
427
- // Normalize: lowercase the trailing `T` separator, uppercase the
428
- // `Z` UTC marker.
360
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
361
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
362
+ // already-validated string at this point (a non-string refuses upstream).
363
+ function _sanitizeTransform(input) {
364
+ // Normalize: replace the legacy space separator with `T`, uppercase the
365
+ // trailing `z` UTC marker.
429
366
  return input.replace(/(\d) /, "$1T").replace(/z$/, "Z");
430
367
  }
431
368
 
@@ -434,15 +371,9 @@ function sanitize(input, opts) {
434
371
  // single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
435
372
  // instantiated per guard by the page generator.
436
373
 
437
- var INTEGRATION_FIXTURES = Object.freeze({
438
- kind: "identifier",
439
- benignBytes: Buffer.from("2026-05-05T12:34:56Z", "utf8"),
440
- hostileBytes: Buffer.from("2026-05-05 12:34:56", "utf8"),
441
- benignIdentifier: "2026-05-05T12:34:56Z",
442
- // Hostile: naive datetime (space separator + no offset) — refused
443
- // at strict (cross-region ambiguity class).
444
- hostileIdentifier: "2026-05-05 12:34:56",
445
- });
374
+ // Hostile: naive datetime (space separator + no offset) — refused at
375
+ // strict (cross-region ambiguity class).
376
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("2026-05-05T12:34:56Z", "2026-05-05 12:34:56");
446
377
 
447
378
  // Assembled from the gate-contract guard factory: error class, registry
448
379
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -458,7 +389,8 @@ module.exports = gateContract.defineGuard({
458
389
  defaults: DEFAULTS,
459
390
  postures: COMPLIANCE_POSTURES,
460
391
  integrationFixtures: INTEGRATION_FIXTURES,
461
- validate: validate,
462
- sanitize: sanitize,
392
+ detect: _detectIssues,
393
+ sanitizeTransform: _sanitizeTransform,
394
+ intOpts: ["maxBytes", "minYear", "maxYear", "maxFractionalDigits"],
463
395
  ctxFields: ["identifier", "timestamp", "time"],
464
396
  });
@@ -33,11 +33,9 @@
33
33
  * UUID identifier-safety guard.
34
34
  */
35
35
 
36
- var codepointClass = require("./codepoint-class");
37
36
  var lazyRequire = require("./lazy-require");
38
37
  var gateContract = require("./gate-contract");
39
38
  var C = require("./constants");
40
- var numericBounds = require("./numeric-bounds");
41
39
  var { GuardUuidError } = require("./framework-error");
42
40
 
43
41
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -66,10 +64,7 @@ var MAX_HEX = "ffffffffffffffffffffffffffffffff";
66
64
 
67
65
  var PROFILES = Object.freeze({
68
66
  "strict": {
69
- bidiPolicy: "reject",
70
- controlPolicy: "reject",
71
- nullBytePolicy: "reject",
72
- zeroWidthPolicy: "reject",
67
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
73
68
  formatPolicy: "hyphenated-only", // hyphenated | hyphenless | braced | urn | hyphenated-only | any
74
69
  versionPolicy: "reject-unassigned", // reject-unassigned | audit | allow
75
70
  variantPolicy: "reject-non-rfc", // reject-non-rfc | audit | allow
@@ -82,10 +77,7 @@ var PROFILES = Object.freeze({
82
77
  maxRuntimeMs: C.TIME.seconds(2),
83
78
  },
84
79
  "balanced": {
85
- bidiPolicy: "reject",
86
- controlPolicy: "reject",
87
- nullBytePolicy: "reject",
88
- zeroWidthPolicy: "reject",
80
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
89
81
  formatPolicy: "any",
90
82
  versionPolicy: "reject-unassigned",
91
83
  variantPolicy: "audit",
@@ -98,10 +90,7 @@ var PROFILES = Object.freeze({
98
90
  maxRuntimeMs: C.TIME.seconds(2),
99
91
  },
100
92
  "permissive": {
101
- bidiPolicy: "reject", // BIDI refused at every profile
102
- controlPolicy: "reject", // controls refused at every profile
103
- nullBytePolicy: "reject", // null refused at every profile
104
- zeroWidthPolicy: "reject", // zero-width refused at every profile
93
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
105
94
  formatPolicy: "any",
106
95
  versionPolicy: "audit",
107
96
  variantPolicy: "allow",
@@ -115,34 +104,9 @@ var PROFILES = Object.freeze({
115
104
  },
116
105
  });
117
106
 
118
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
119
- mode: "enforce",
120
- }));
107
+ var DEFAULTS = gateContract.strictDefaults(PROFILES);
121
108
 
122
- var COMPLIANCE_POSTURES = Object.freeze({
123
- "hipaa": Object.assign({}, PROFILES["strict"], {
124
- forensicSnippetBytes: C.BYTES.bytes(128),
125
- }),
126
- "pci-dss": Object.assign({}, PROFILES["strict"], {
127
- forensicSnippetBytes: C.BYTES.bytes(128),
128
- }),
129
- "gdpr": Object.assign({}, PROFILES["balanced"], {
130
- forensicSnippetBytes: C.BYTES.bytes(64),
131
- }),
132
- "soc2": Object.assign({}, PROFILES["strict"], {
133
- forensicSnippetBytes: C.BYTES.bytes(256),
134
- }),
135
- });
136
-
137
- function _resolveOpts(opts) {
138
- return gateContract.resolveProfileAndPosture(opts, {
139
- profiles: PROFILES,
140
- compliancePostures: COMPLIANCE_POSTURES,
141
- defaults: DEFAULTS,
142
- errorClass: GuardUuidError,
143
- errCodePrefix: "uuid",
144
- });
145
- }
109
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 128 });
146
110
 
147
111
  function _classifyForm(input) {
148
112
  if (UUID_URN_RE.test(input)) return "urn"; // allow:regex-no-length-cap — input bounded by maxBytes
@@ -161,26 +125,9 @@ function _toCanonicalHex(input, form) {
161
125
  }
162
126
 
163
127
  function _detectIssues(input, opts) {
164
- var issues = [];
165
- if (typeof input !== "string") {
166
- return [{ kind: "bad-input", severity: "high",
167
- ruleId: "uuid.bad-input",
168
- snippet: "uuid is not a string" }];
169
- }
170
- if (input.length === 0) {
171
- return [{ kind: "empty", severity: "high",
172
- ruleId: "uuid.empty",
173
- snippet: "uuid is empty" }];
174
- }
175
- if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
176
- return [{ kind: "uuid-cap", severity: "high",
177
- ruleId: "uuid.uuid-cap",
178
- snippet: "uuid input exceeds maxBytes " + opts.maxBytes }];
179
- }
180
-
181
- // Codepoint-class threats (universal refuse — runs first).
182
- var charThreats = codepointClass.detectCharThreats(input, opts, "uuid");
183
- for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
128
+ var pre = gateContract.detectStringInput(input, opts, { name: "uuid", cap: { bytes: opts.maxBytes } });
129
+ if (pre.done) return pre.issues;
130
+ var issues = pre.issues;
184
131
 
185
132
  // Format classification.
186
133
  var form = _classifyForm(input);
@@ -330,21 +277,10 @@ function _detectIssues(input, opts) {
330
277
  * bad.ok; // → false
331
278
  * bad.issues[0].ruleId; // → "uuid.nil"
332
279
  */
333
- function validate(input, opts) {
334
- opts = _resolveOpts(opts);
335
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
336
- ["maxBytes"],
337
- "guardUuid.validate", GuardUuidError, "uuid.bad-opt");
338
- if (typeof input !== "string") {
339
- return {
340
- ok: false,
341
- issues: [{ kind: "bad-input", severity: "high",
342
- ruleId: "uuid.bad-input",
343
- snippet: "uuid is not a string" }],
344
- };
345
- }
346
- return gateContract.aggregateIssues(_detectIssues(input, opts));
347
- }
280
+ // validate is assembled by gateContract.defineGuard from `detect`
281
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
282
+ // input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
283
+ // The @primitive block above documents the resulting public ABI.
348
284
 
349
285
  /**
350
286
  * @primitive b.guardUuid.sanitize
@@ -376,13 +312,10 @@ function validate(input, opts) {
376
312
  * e.code; // → "uuid.max"
377
313
  * }
378
314
  */
379
- function sanitize(input, opts) {
380
- opts = _resolveOpts(opts);
381
- if (typeof input !== "string") {
382
- throw _err("uuid.bad-input", "sanitize requires string input");
383
- }
384
- var issues = _detectIssues(input, opts);
385
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardUuidError, codePrefix: "uuid" });
315
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
316
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
317
+ // already-validated string at this point (a non-string refuses upstream).
318
+ function _sanitizeTransform(input) {
386
319
  // Safe transforms: lowercase + strip braces / urn prefix → canonical
387
320
  // hyphenated form.
388
321
  var form = _classifyForm(input);
@@ -398,14 +331,8 @@ function sanitize(input, opts) {
398
331
  // single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
399
332
  // instantiated per guard by the page generator.
400
333
 
401
- var INTEGRATION_FIXTURES = Object.freeze({
402
- kind: "identifier",
403
- benignBytes: Buffer.from("550e8400-e29b-41d4-a716-446655440000", "utf8"),
404
- hostileBytes: Buffer.from("00000000-0000-0000-0000-000000000000", "utf8"),
405
- benignIdentifier: "550e8400-e29b-41d4-a716-446655440000",
406
- // Hostile: nil UUID — refused at strict (sentinel-leak class).
407
- hostileIdentifier: "00000000-0000-0000-0000-000000000000",
408
- });
334
+ // Hostile: nil UUID — refused at strict (sentinel-leak class).
335
+ var INTEGRATION_FIXTURES = gateContract.identifierFixtures("550e8400-e29b-41d4-a716-446655440000", "00000000-0000-0000-0000-000000000000");
409
336
 
410
337
  // Assembled from the gate-contract guard factory: error class, registry
411
338
  // exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
@@ -421,7 +348,8 @@ module.exports = gateContract.defineGuard({
421
348
  defaults: DEFAULTS,
422
349
  postures: COMPLIANCE_POSTURES,
423
350
  integrationFixtures: INTEGRATION_FIXTURES,
424
- validate: validate,
425
- sanitize: sanitize,
351
+ detect: _detectIssues,
352
+ sanitizeTransform: _sanitizeTransform,
353
+ intOpts: ["maxBytes"],
426
354
  ctxFields: ["identifier", "uuid"],
427
355
  });
@@ -71,7 +71,6 @@ var codepointClass = require("./codepoint-class");
71
71
  var lazyRequire = require("./lazy-require");
72
72
  var gateContract = require("./gate-contract");
73
73
  var C = require("./constants");
74
- var numericBounds = require("./numeric-bounds");
75
74
  var { GuardXmlError } = require("./framework-error");
76
75
 
77
76
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -113,10 +112,7 @@ var PROFILES = Object.freeze({
113
112
  processingInstrPolicy: "reject",
114
113
  cdataPolicy: "reject",
115
114
  xmlDsigPolicy: "audit",
116
- bidiPolicy: "reject",
117
- controlPolicy: "reject",
118
- nullBytePolicy: "reject",
119
- zeroWidthPolicy: "reject",
115
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
120
116
  maxBytes: C.BYTES.mib(2),
121
117
  maxDepth: 64, // recursion depth, not byte size
122
118
  maxElements: 8192, // element count cap, not byte size
@@ -166,47 +162,17 @@ var PROFILES = Object.freeze({
166
162
  },
167
163
  });
168
164
 
169
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
170
- mode: "enforce",
165
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
171
166
  maxRuntimeMs: C.TIME.seconds(10),
172
- }));
173
-
174
- var COMPLIANCE_POSTURES = Object.freeze({
175
- "hipaa": Object.assign({}, PROFILES["strict"], {
176
- forensicSnippetBytes: C.BYTES.bytes(256),
177
- }),
178
- "pci-dss": Object.assign({}, PROFILES["strict"], {
179
- forensicSnippetBytes: C.BYTES.bytes(256),
180
- }),
181
- "gdpr": Object.assign({}, PROFILES["balanced"], {
182
- forensicSnippetBytes: C.BYTES.bytes(128),
183
- }),
184
- "soc2": Object.assign({}, PROFILES["strict"], {
185
- forensicSnippetBytes: C.BYTES.bytes(512),
186
- }),
187
167
  });
188
168
 
189
- function _resolveOpts(opts) {
190
- return gateContract.resolveProfileAndPosture(opts, {
191
- profiles: PROFILES,
192
- compliancePostures: COMPLIANCE_POSTURES,
193
- defaults: DEFAULTS,
194
- errorClass: GuardXmlError,
195
- errCodePrefix: "xml",
196
- });
197
- }
169
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
170
+
198
171
 
199
172
  function _detectIssues(input, opts) {
200
- var issues = [];
201
- if (typeof input !== "string") {
202
- return [{ kind: "bad-input", severity: "high",
203
- snippet: "input is not a string" }];
204
- }
205
- if (input.length > opts.maxBytes) {
206
- return [{ kind: "too-large", severity: "high", ruleId: "xml.too-large",
207
- snippet: "input " + input.length +
208
- " bytes exceeds maxBytes " + opts.maxBytes }];
209
- }
173
+ var pre = gateContract.detectStringInput(input, opts, { name: "xml", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
174
+ if (pre.done) return pre.issues;
175
+ var issues = pre.issues;
210
176
 
211
177
  // 1. DOCTYPE.
212
178
  if (opts.doctypePolicy !== "allow" && DOCTYPE_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxBytes above
@@ -301,8 +267,8 @@ function _detectIssues(input, opts) {
301
267
  // CVE-2026-33036 .NET XmlReader class). Counted regardless of
302
268
  // entityPolicy so signed-XML paths that need entities-allowed don't
303
269
  // get the NCR cap disabled with them. The `maxNumericCharRefs` opt
304
- // is validated by `numericBounds.requireAllPositiveFiniteIntIfPresent`
305
- // at the public-surface boundary above.
270
+ // is validated as a positive-finite int via defineGuard's `intOpts`
271
+ // at the public validate boundary.
306
272
  var ncrCap = opts.maxNumericCharRefs;
307
273
  if (ncrCap !== undefined && ncrCap !== null) {
308
274
  var ncrMatches = input.match(NUMERIC_CHAR_REF_RE); // allow:regex-no-length-cap — input bounded by maxBytes above
@@ -320,7 +286,7 @@ function _detectIssues(input, opts) {
320
286
  }
321
287
 
322
288
  // 9. Codepoint-class threats.
323
- issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "xml"));
289
+ issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "xml", "warn"));
324
290
 
325
291
  // 10. Element + depth + attribute caps via tag count.
326
292
  var openTags = (input.match(/<[A-Za-z][\w:-]*/g) || []).length;
@@ -415,21 +381,11 @@ function _detectIssues(input, opts) {
415
381
  * rv.ok; // → false
416
382
  * rv.issues.some(function (i) { return i.kind === "doctype"; }); // → true
417
383
  */
418
- function validate(input, opts) {
419
- opts = _resolveOpts(opts);
420
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
421
- ["maxBytes", "maxDepth", "maxElements", "maxAttrsPerElement",
422
- "maxAttrValueBytes", "maxNumericCharRefs"],
423
- "guardXml.validate", GuardXmlError, "xml.bad-opt");
424
- if (typeof input !== "string") {
425
- return {
426
- ok: false,
427
- issues: [{ kind: "bad-input", severity: "high",
428
- snippet: "input is not a string" }],
429
- };
430
- }
431
- return gateContract.aggregateIssues(_detectIssues(input, opts));
432
- }
384
+ // validate is assembled by gateContract.defineGuard from `detect`
385
+ // (_detectIssues), with the positive-finite-int caps declared via `intOpts`.
386
+ // A non-string input falls through _detectIssues' xml.bad-input issue, which
387
+ // aggregateIssues reports as ok:false. The @primitive block above documents
388
+ // the resulting ABI.
433
389
 
434
390
  /**
435
391
  * @primitive b.guardXml.sanitize
@@ -469,18 +425,12 @@ function validate(input, opts) {
469
425
  * });
470
426
  * clean.indexOf(ZWSP) === -1; // → true
471
427
  */
472
- function sanitize(input, opts) {
473
- opts = _resolveOpts(opts);
474
- if (typeof input !== "string") {
475
- throw _err("xml.bad-input", "sanitize requires string input");
476
- }
477
- // XML sanitization — strip what's strip-able per policy. Critical
478
- // shapes (DOCTYPE / ENTITY / external / parameter-entity) have no
479
- // safe sanitization; throw.
480
- var issues = _detectIssues(input, opts);
481
- gateContract.throwOnRefusalSeverity(issues,
482
- { errorClass: GuardXmlError, codePrefix: "xml", severities: ["critical"] });
483
- // Strip character-class threats per policy via the shared helper.
428
+ // _sanitizeTransform the normalize tail applied by defineGuard's generated
429
+ // sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. spec.sanitizeSeverities
430
+ // is ["critical"], so the critical structural shapes (DOCTYPE / ENTITY /
431
+ // external / parameter-entity) throw upstream; the strip-able character-class
432
+ // threats (BOM, bidi, C0, null, zero-width) are repaired here per policy.
433
+ function _sanitizeTransform(input, opts) {
484
434
  return codepointClass.applyCharStripPolicies(input, opts);
485
435
  }
486
436
 
@@ -521,35 +471,49 @@ function sanitize(input, opts) {
521
471
  * var verdict = await xmlGate.check({ bytes: hostile });
522
472
  * verdict.action; // → "refuse"
523
473
  */
474
+ // Disposition of each xml finding = what the operator's policy for that class
475
+ // selected. The XXE / injection classes (DOCTYPE / entity / external-entity /
476
+ // XInclude / schema-location / processing-instruction / CDATA / XML-signature)
477
+ // and the bidi / null / control char threats follow their policies (refuse
478
+ // under `reject`, audit under `audit`, sanitize under `strip`). A parameter
479
+ // entity rides the entity policy. The numeric-char-ref / element / depth caps
480
+ // and a bad input always refuse. Exhaustive over every kind _detectIssues emits.
481
+ function _gateDispositionFor(issue, opts) {
482
+ var shared = gateContract.charThreatDisposition(issue, opts);
483
+ if (shared) return shared;
484
+ switch (issue.kind) {
485
+ case "doctype": return gateContract.policyDisposition(opts.doctypePolicy);
486
+ case "entity-declaration":
487
+ case "parameter-entity": return gateContract.policyDisposition(opts.entityPolicy);
488
+ case "external-entity": return gateContract.policyDisposition(opts.externalEntityPolicy);
489
+ case "xinclude": return gateContract.policyDisposition(opts.xincludePolicy);
490
+ case "schema-location": return gateContract.policyDisposition(opts.schemaLocationPolicy);
491
+ case "processing-instruction": return gateContract.policyDisposition(opts.processingInstrPolicy);
492
+ case "cdata": return gateContract.policyDisposition(opts.cdataPolicy);
493
+ case "xml-signature": return gateContract.policyDisposition(opts.xmlDsigPolicy);
494
+ case "numeric-char-ref-cap":
495
+ case "element-cap":
496
+ case "depth-cap":
497
+ case "bad-input":
498
+ case "too-large": return "refuse";
499
+ default: return null;
500
+ }
501
+ }
502
+
524
503
  function gate(opts) {
525
- opts = _resolveOpts(opts);
526
- return gateContract.buildGuardGate(
527
- opts.name || "guardXml:" + (opts.profile || "default"),
528
- opts,
529
- async function (ctx) {
530
- var text = gateContract.extractBytesAsText(ctx);
531
- if (!text) return { ok: true, action: "serve" };
532
- var rv = validate(text, opts);
533
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
534
- var hasCritical = rv.issues.some(function (i) {
535
- return i.severity === "critical" || i.severity === "high";
536
- });
537
- if (!hasCritical) return { ok: true, action: "audit-only", issues: rv.issues };
538
-
539
- // Sanitize-eligibility: every reject-policy off.
540
- var canSanitize = opts.doctypePolicy !== "reject" &&
541
- opts.entityPolicy !== "reject" &&
542
- opts.externalEntityPolicy !== "reject";
543
- if (canSanitize) {
544
- try {
545
- var clean = sanitize(text, opts);
546
- return { ok: true, action: "sanitize",
547
- sanitized: Buffer.from(clean, "utf8"),
548
- issues: rv.issues };
549
- } catch (_e) { /* fall through */ }
550
- }
551
- return { ok: false, action: "refuse", issues: rv.issues };
552
- });
504
+ opts = _guard.resolveOpts(opts);
505
+ return gateContract.buildContentGate({
506
+ name: opts.name || "guardXml:" + (opts.profile || "default"),
507
+ opts: opts,
508
+ validate: module.exports.validate,
509
+ dispositionFor: _gateDispositionFor,
510
+ // The strip transform, NOT the public `sanitize` — that one throws on a
511
+ // critical finding (e.g. a bidi override) regardless of the strip policy,
512
+ // which would turn a policy-selected sanitize into a refuse. Only the
513
+ // char-threat classes (strip policy) reach sanitize; the XXE / injection
514
+ // classes are refuse / audit by policy.
515
+ produceSanitized: function (text, o) { return _sanitizeTransform(text, o); },
516
+ });
553
517
  }
554
518
 
555
519
  // buildProfile / compliancePosture / loadRulePack are assembled by
@@ -571,11 +535,13 @@ var INTEGRATION_FIXTURES = Object.freeze({
571
535
 
572
536
  // Assembled from the gate-contract guard factory: error class, registry
573
537
  // exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
574
- // buildProfile / compliancePosture / loadRulePack wiring, plus the
575
- // per-guard inspection surface (validate / sanitize / bespoke gate)
576
- // passed through verbatim. The bespoke `gate` carries XML's
577
- // per-policy canSanitize matrix unchanged.
578
- module.exports = gateContract.defineGuard({
538
+ // buildProfile / compliancePosture / loadRulePack wiring, plus validate /
539
+ // sanitize generated from `detect` (_detectIssues) + `sanitizeTransform`
540
+ // (_sanitizeTransform) sanitizeSeverities ["critical"] keeps DOCTYPE /
541
+ // ENTITY / external / parameter-entity throwing while strip-able char-class
542
+ // threats are repaired. The bespoke `gate` carries XML's per-policy
543
+ // canSanitize matrix unchanged.
544
+ var _guard = module.exports = gateContract.defineGuard({
579
545
  name: "xml",
580
546
  kind: "content",
581
547
  errorClass: GuardXmlError,
@@ -585,7 +551,11 @@ module.exports = gateContract.defineGuard({
585
551
  mimeTypes: ["application/xml", "text/xml"],
586
552
  extensions: [".xml"],
587
553
  integrationFixtures: INTEGRATION_FIXTURES,
588
- validate: validate,
589
- sanitize: sanitize,
554
+ detect: _detectIssues,
555
+ sanitizeTransform: _sanitizeTransform,
556
+ sanitizeSeverities: ["critical"],
557
+ intOpts: ["maxBytes", "maxDepth", "maxElements", "maxAttrsPerElement",
558
+ "maxAttrValueBytes", "maxNumericCharRefs"],
590
559
  gate: gate,
560
+ extra: { _gateDispositionForTest: _gateDispositionFor },
591
561
  });