@blamejs/blamejs-shop 0.4.56 → 0.4.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (402) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/affiliates.js +35 -4
  3. package/lib/api-keys.js +17 -2
  4. package/lib/asset-manifest.json +1 -1
  5. package/lib/backorder.js +21 -4
  6. package/lib/click-and-collect.js +11 -2
  7. package/lib/credit-limits.js +132 -84
  8. package/lib/vendor/MANIFEST.json +426 -366
  9. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  10. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  11. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  12. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  14. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  15. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  16. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  17. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  18. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  19. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  20. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  21. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  23. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  24. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  25. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  26. package/lib/vendor/blamejs/index.js +2 -0
  27. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  28. package/lib/vendor/blamejs/lib/acme.js +6 -5
  29. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  30. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  31. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  32. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  33. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  34. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  35. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  36. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  37. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  38. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  39. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  40. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  41. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  42. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  43. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  44. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  45. package/lib/vendor/blamejs/lib/archive.js +2 -10
  46. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  47. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  48. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  49. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  50. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  51. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  52. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  53. package/lib/vendor/blamejs/lib/audit.js +84 -0
  54. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  55. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  56. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  57. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  58. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  59. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  60. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  61. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  62. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  63. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  64. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  65. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  66. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  67. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  68. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  69. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  70. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  71. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  72. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  73. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  74. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  75. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  76. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  77. package/lib/vendor/blamejs/lib/cache.js +7 -18
  78. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  79. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  80. package/lib/vendor/blamejs/lib/cert.js +3 -10
  81. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  82. package/lib/vendor/blamejs/lib/cli.js +5 -1
  83. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  84. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  85. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  86. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  87. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  88. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  89. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  90. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  91. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  92. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  93. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  94. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  95. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  96. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  97. package/lib/vendor/blamejs/lib/cose.js +19 -11
  98. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  99. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  100. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  101. package/lib/vendor/blamejs/lib/csp.js +235 -3
  102. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  103. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  104. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  105. package/lib/vendor/blamejs/lib/db.js +34 -12
  106. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  107. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  108. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  109. package/lib/vendor/blamejs/lib/did.js +6 -2
  110. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  111. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  112. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  113. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  114. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  115. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  116. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  117. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  118. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  119. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  120. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  121. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  122. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  123. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  124. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  125. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  126. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  127. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  128. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  129. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  130. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  131. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  132. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  133. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  135. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  136. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  137. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  138. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  139. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  140. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  141. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  142. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  143. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  144. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  145. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  146. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  147. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  148. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  149. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  150. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  151. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  152. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  153. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  154. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  155. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  156. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  157. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  158. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  159. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  161. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  162. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  163. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  164. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  165. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  166. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  167. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  168. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  169. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  170. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  171. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  172. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  173. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  174. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  175. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  176. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  177. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  178. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  179. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  180. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  181. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  182. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  183. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  184. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  185. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  186. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  187. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  188. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  189. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  190. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  191. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  192. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  193. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  194. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  195. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  196. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  197. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  198. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  199. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  200. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  201. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  202. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  203. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  204. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  205. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  206. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  207. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  208. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  209. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  210. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  211. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  212. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  213. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  214. package/lib/vendor/blamejs/lib/mail.js +6 -11
  215. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  216. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  217. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  218. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  219. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  220. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  221. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  222. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  223. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  224. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  225. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  226. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  227. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  228. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  229. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  230. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  231. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  232. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  233. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  234. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  235. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  236. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  237. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  238. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  239. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  240. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  241. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  242. package/lib/vendor/blamejs/lib/money.js +105 -0
  243. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  244. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  245. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  246. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  247. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  248. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  249. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  250. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  251. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  252. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  253. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  254. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  255. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  256. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  257. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  258. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  259. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  260. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  261. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  262. package/lib/vendor/blamejs/lib/observability.js +95 -0
  263. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  264. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  265. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  266. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  267. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  268. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  269. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  270. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  271. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  272. package/lib/vendor/blamejs/lib/pick.js +63 -5
  273. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  274. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  275. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  276. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  277. package/lib/vendor/blamejs/lib/redact.js +2 -1
  278. package/lib/vendor/blamejs/lib/render.js +4 -2
  279. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  280. package/lib/vendor/blamejs/lib/restore.js +5 -22
  281. package/lib/vendor/blamejs/lib/retention.js +3 -5
  282. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  283. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  284. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  285. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  286. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  287. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  288. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  289. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  290. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  291. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  292. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  293. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  294. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  295. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  296. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  297. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  298. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  299. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  300. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  301. package/lib/vendor/blamejs/lib/session.js +194 -6
  302. package/lib/vendor/blamejs/lib/sql.js +225 -78
  303. package/lib/vendor/blamejs/lib/sse.js +6 -10
  304. package/lib/vendor/blamejs/lib/static.js +136 -98
  305. package/lib/vendor/blamejs/lib/storage.js +4 -2
  306. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  307. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  308. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  309. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  310. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  311. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  312. package/lib/vendor/blamejs/lib/vc.js +2 -7
  313. package/lib/vendor/blamejs/lib/vex.js +35 -13
  314. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  315. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  316. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  317. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  318. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  319. package/lib/vendor/blamejs/lib/worm.js +2 -3
  320. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  321. package/lib/vendor/blamejs/package.json +1 -1
  322. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  323. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  324. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  325. package/lib/vendor/blamejs/test/10-state.js +9 -3
  326. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  327. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  328. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  329. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  330. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  332. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  333. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  334. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  335. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  336. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  337. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  340. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  341. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  342. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  346. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  347. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  349. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  351. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  352. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  388. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  392. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  393. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  395. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  397. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  398. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  399. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  400. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  401. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  402. package/package.json +1 -1
@@ -159,43 +159,50 @@ function _requireRecordedAt(value, label) {
159
159
  function sccFilingAssessment(opts) {
160
160
  validateOpts.requireObject(opts, "b.pipl.sccFilingAssessment: opts", PiplError, "pipl/bad-opts");
161
161
  validateOpts(opts, SCC_ASSESSMENT_ALLOWED_KEYS, "b.pipl.sccFilingAssessment");
162
- validateOpts.requireNonEmptyString(opts.assessmentId,
163
- "b.pipl.sccFilingAssessment: opts.assessmentId", PiplError, "pipl/bad-assessment-id");
164
- validateOpts.requireNonEmptyString(opts.transferType,
165
- "b.pipl.sccFilingAssessment: opts.transferType", PiplError, "pipl/bad-transfer-type");
166
- validateOpts.requireNonEmptyString(opts.recipientJurisdiction,
167
- "b.pipl.sccFilingAssessment: opts.recipientJurisdiction", PiplError, "pipl/bad-recipient");
162
+ validateOpts.shape(opts, {
163
+ assessmentId: { rule: "required-string", code: "pipl/bad-assessment-id", label: "b.pipl.sccFilingAssessment: opts.assessmentId" },
164
+ transferType: { rule: "required-string", code: "pipl/bad-transfer-type", label: "b.pipl.sccFilingAssessment: opts.transferType" },
165
+ recipientJurisdiction: { rule: "required-string", code: "pipl/bad-recipient", label: "b.pipl.sccFilingAssessment: opts.recipientJurisdiction" },
166
+ dataCategories: function (value) {
167
+ if (!Array.isArray(value) || value.length === 0) {
168
+ throw new PiplError("pipl/bad-data-categories",
169
+ "b.pipl.sccFilingAssessment: opts.dataCategories must be a non-empty array of strings");
170
+ }
171
+ validateOpts.optionalNonEmptyStringArray(value,
172
+ "b.pipl.sccFilingAssessment: opts.dataCategories", PiplError, "pipl/bad-data-categories");
173
+ },
174
+ legalBasis: function (value) {
175
+ if (LEGAL_BASES.indexOf(value) === -1) {
176
+ throw new PiplError("pipl/bad-legal-basis",
177
+ "b.pipl.sccFilingAssessment: opts.legalBasis must be one of " +
178
+ LEGAL_BASES.join(" | ") + " (PIPL Art. 38(1)) — got " + JSON.stringify(value));
179
+ }
180
+ },
181
+ volume: function (value) {
182
+ if (typeof value !== "number" || !isFinite(value) || value < 0) {
183
+ throw new PiplError("pipl/bad-volume",
184
+ "b.pipl.sccFilingAssessment: opts.volume must be a non-negative finite number (data-subject count)");
185
+ }
186
+ },
187
+ sensitivePI: function (value) {
188
+ if (typeof value !== "boolean") {
189
+ throw new PiplError("pipl/bad-sensitive-pi",
190
+ "b.pipl.sccFilingAssessment: opts.sensitivePI must be a boolean");
191
+ }
192
+ },
193
+ ciio: { rule: "optional-boolean", code: "pipl/bad-ciio", label: "b.pipl.sccFilingAssessment: opts.ciio" },
194
+ importantData: { rule: "optional-boolean", code: "pipl/bad-important-data", label: "b.pipl.sccFilingAssessment: opts.importantData" },
195
+ cumulativePI: { rule: "optional-non-negative", code: "pipl/bad-cumulative-pi", label: "b.pipl.sccFilingAssessment: opts.cumulativePI" },
196
+ cumulativeSensitivePI: { rule: "optional-non-negative", code: "pipl/bad-cumulative-sensitive-pi", label: "b.pipl.sccFilingAssessment: opts.cumulativeSensitivePI" },
197
+ recordedAt: function (value) {
198
+ _requireRecordedAt(value, "b.pipl.sccFilingAssessment: opts.recordedAt");
199
+ },
200
+ }, "b.pipl.sccFilingAssessment: opts", PiplError, "pipl/bad-opts", { allow: ["audit"] });
168
201
 
169
- if (!Array.isArray(opts.dataCategories) || opts.dataCategories.length === 0) {
170
- throw new PiplError("pipl/bad-data-categories",
171
- "b.pipl.sccFilingAssessment: opts.dataCategories must be a non-empty array of strings");
172
- }
173
- validateOpts.optionalNonEmptyStringArray(opts.dataCategories,
174
- "b.pipl.sccFilingAssessment: opts.dataCategories", PiplError, "pipl/bad-data-categories");
175
-
176
- if (LEGAL_BASES.indexOf(opts.legalBasis) === -1) {
177
- throw new PiplError("pipl/bad-legal-basis",
178
- "b.pipl.sccFilingAssessment: opts.legalBasis must be one of " +
179
- LEGAL_BASES.join(" | ") + " (PIPL Art. 38(1)) — got " + JSON.stringify(opts.legalBasis));
180
- }
181
-
182
- if (typeof opts.volume !== "number" || !isFinite(opts.volume) || opts.volume < 0) {
183
- throw new PiplError("pipl/bad-volume",
184
- "b.pipl.sccFilingAssessment: opts.volume must be a non-negative finite number (data-subject count)");
185
- }
186
- if (typeof opts.sensitivePI !== "boolean") {
187
- throw new PiplError("pipl/bad-sensitive-pi",
188
- "b.pipl.sccFilingAssessment: opts.sensitivePI must be a boolean");
189
- }
190
-
191
- var ciio = opts.ciio === undefined ? false
192
- : validateOpts.optionalBoolean(opts.ciio, "b.pipl.sccFilingAssessment: opts.ciio", PiplError, "pipl/bad-ciio");
193
- var importantData = opts.importantData === undefined ? false
194
- : validateOpts.optionalBoolean(opts.importantData, "b.pipl.sccFilingAssessment: opts.importantData", PiplError, "pipl/bad-important-data");
195
- var cumulativePI = opts.cumulativePI === undefined ? 0
196
- : validateOpts.optionalFiniteNonNegative(opts.cumulativePI, "b.pipl.sccFilingAssessment: opts.cumulativePI", PiplError, "pipl/bad-cumulative-pi");
197
- var cumulativeSensitivePI = opts.cumulativeSensitivePI === undefined ? 0
198
- : validateOpts.optionalFiniteNonNegative(opts.cumulativeSensitivePI, "b.pipl.sccFilingAssessment: opts.cumulativeSensitivePI", PiplError, "pipl/bad-cumulative-sensitive-pi");
202
+ var ciio = opts.ciio === undefined ? false : opts.ciio;
203
+ var importantData = opts.importantData === undefined ? false : opts.importantData;
204
+ var cumulativePI = opts.cumulativePI === undefined ? 0 : opts.cumulativePI;
205
+ var cumulativeSensitivePI = opts.cumulativeSensitivePI === undefined ? 0 : opts.cumulativeSensitivePI;
199
206
 
200
207
  var recordedAt = _requireRecordedAt(opts.recordedAt, "b.pipl.sccFilingAssessment: opts.recordedAt");
201
208
  // Resolve + shape-validate the audit sink at the entry-point tier (THROWS
@@ -306,30 +313,33 @@ function sccFilingAssessment(opts) {
306
313
  function securityAssessmentCertificate(opts) {
307
314
  validateOpts.requireObject(opts, "b.pipl.securityAssessmentCertificate: opts", PiplError, "pipl/bad-opts");
308
315
  validateOpts(opts, SECURITY_CERT_ALLOWED_KEYS, "b.pipl.securityAssessmentCertificate");
309
- validateOpts.requireNonEmptyString(opts.certId,
310
- "b.pipl.securityAssessmentCertificate: opts.certId", PiplError, "pipl/bad-cert-id");
311
- validateOpts.requireNonEmptyString(opts.assessmentScope,
312
- "b.pipl.securityAssessmentCertificate: opts.assessmentScope", PiplError, "pipl/bad-scope");
313
- validateOpts.requireNonEmptyString(opts.dataExporter,
314
- "b.pipl.securityAssessmentCertificate: opts.dataExporter", PiplError, "pipl/bad-exporter");
315
- validateOpts.requireNonEmptyString(opts.overseasRecipient,
316
- "b.pipl.securityAssessmentCertificate: opts.overseasRecipient", PiplError, "pipl/bad-recipient");
317
-
318
- if (RISK_RATINGS.indexOf(opts.riskRating) === -1) {
319
- throw new PiplError("pipl/bad-risk-rating",
320
- "b.pipl.securityAssessmentCertificate: opts.riskRating must be one of " +
321
- RISK_RATINGS.join(" | ") + " — got " + JSON.stringify(opts.riskRating));
322
- }
323
-
324
- if (!Array.isArray(opts.safeguards) || opts.safeguards.length === 0) {
325
- throw new PiplError("pipl/bad-safeguards",
326
- "b.pipl.securityAssessmentCertificate: opts.safeguards must be a non-empty array of strings");
327
- }
328
- validateOpts.optionalNonEmptyStringArray(opts.safeguards,
329
- "b.pipl.securityAssessmentCertificate: opts.safeguards", PiplError, "pipl/bad-safeguards");
316
+ validateOpts.shape(opts, {
317
+ certId: { rule: "required-string", code: "pipl/bad-cert-id", label: "b.pipl.securityAssessmentCertificate: opts.certId" },
318
+ assessmentScope: { rule: "required-string", code: "pipl/bad-scope", label: "b.pipl.securityAssessmentCertificate: opts.assessmentScope" },
319
+ dataExporter: { rule: "required-string", code: "pipl/bad-exporter", label: "b.pipl.securityAssessmentCertificate: opts.dataExporter" },
320
+ overseasRecipient: { rule: "required-string", code: "pipl/bad-recipient", label: "b.pipl.securityAssessmentCertificate: opts.overseasRecipient" },
321
+ riskRating: function (value) {
322
+ if (RISK_RATINGS.indexOf(value) === -1) {
323
+ throw new PiplError("pipl/bad-risk-rating",
324
+ "b.pipl.securityAssessmentCertificate: opts.riskRating must be one of " +
325
+ RISK_RATINGS.join(" | ") + " — got " + JSON.stringify(value));
326
+ }
327
+ },
328
+ safeguards: function (value) {
329
+ if (!Array.isArray(value) || value.length === 0) {
330
+ throw new PiplError("pipl/bad-safeguards",
331
+ "b.pipl.securityAssessmentCertificate: opts.safeguards must be a non-empty array of strings");
332
+ }
333
+ validateOpts.optionalNonEmptyStringArray(value,
334
+ "b.pipl.securityAssessmentCertificate: opts.safeguards", PiplError, "pipl/bad-safeguards");
335
+ },
336
+ filingRef: { rule: "optional-string", code: "pipl/bad-filing-ref", label: "b.pipl.securityAssessmentCertificate: opts.filingRef" },
337
+ recordedAt: function (value) {
338
+ _requireRecordedAt(value, "b.pipl.securityAssessmentCertificate: opts.recordedAt");
339
+ },
340
+ }, "b.pipl.securityAssessmentCertificate: opts", PiplError, "pipl/bad-opts", { allow: ["audit"] });
330
341
 
331
- var filingRef = validateOpts.optionalNonEmptyString(opts.filingRef,
332
- "b.pipl.securityAssessmentCertificate: opts.filingRef", PiplError, "pipl/bad-filing-ref");
342
+ var filingRef = opts.filingRef;
333
343
 
334
344
  var recordedAt = _requireRecordedAt(opts.recordedAt, "b.pipl.securityAssessmentCertificate: opts.recordedAt");
335
345
  // Entry-point shape-validate the audit sink (THROWS) before the drop-silent
@@ -36,6 +36,7 @@
36
36
 
37
37
  var nodeCrypto = require("node:crypto");
38
38
  var bCrypto = require("./crypto");
39
+ var safeBuffer = require("./safe-buffer");
39
40
  var validateOpts = require("./validate-opts");
40
41
  var { defineClass } = require("./framework-error");
41
42
 
@@ -58,12 +59,13 @@ function _b64urlPadded(buf) {
58
59
  return s;
59
60
  }
60
61
 
61
- function _bytes(x, what) {
62
- if (Buffer.isBuffer(x)) return x;
63
- if (x instanceof Uint8Array) return Buffer.from(x);
64
- if (typeof x === "string") return Buffer.from(x, "base64");
65
- throw new PrivacyPassError("privacy-pass/bad-bytes", "privacyPass: " + what + " must be a Buffer / Uint8Array / base64 string");
66
- }
62
+ var _bytes = safeBuffer.makeByteCoercer({
63
+ errorClass: PrivacyPassError,
64
+ typeCode: "privacy-pass/bad-bytes",
65
+ messagePrefix: "privacyPass: ",
66
+ messageSuffix: " must be a Buffer / Uint8Array / base64 string",
67
+ encoding: "base64",
68
+ });
67
69
 
68
70
  // Import the issuer public key and capture the SubjectPublicKeyInfo
69
71
  // bytes used to derive token_key_id. When the caller supplies the
@@ -378,11 +378,8 @@ function fromError(err, opts2) {
378
378
  * // res.statusCode: 400
379
379
  */
380
380
  function respond(res, problem, req) {
381
- if (!res || typeof res !== "object" || typeof res.setHeader !== "function" ||
382
- typeof res.end !== "function") {
383
- throw new ProblemDetailsError("problem-details/bad-res",
384
- "respond: res must be an HTTP response object (setHeader + end)", true);
385
- }
381
+ validateOpts.requireMethods(res, ["setHeader", "end"],
382
+ "respond: res (HTTP response object)", ProblemDetailsError, "problem-details/bad-res", true);
386
383
  if (!problem || typeof problem !== "object" || Array.isArray(problem)) {
387
384
  throw new ProblemDetailsError("problem-details/bad-problem",
388
385
  "respond: problem must be a non-null object", true);
@@ -41,6 +41,7 @@ var C = require("./constants");
41
41
  var lazyRequire = require("./lazy-require");
42
42
  var safeJson = require("./safe-json");
43
43
  var validateOpts = require("./validate-opts");
44
+ var boundedMap = require("./bounded-map");
44
45
  var { defineClass } = require("./framework-error");
45
46
 
46
47
  var audit = lazyRequire(function () { return require("./audit"); });
@@ -58,12 +59,8 @@ function _err(code, message) { return new PubsubError(code, message, true); }
58
59
  function _resolveBackend(opts) {
59
60
  var requested = opts.backend;
60
61
  if (requested && typeof requested === "object") {
61
- if (typeof requested.publishRemote !== "function" ||
62
- typeof requested.start !== "function" ||
63
- typeof requested.stop !== "function") {
64
- throw _err("BAD_BACKEND",
65
- "pubsub: custom backend must implement { publishRemote, start, stop }");
66
- }
62
+ validateOpts.requireMethods(requested, ["publishRemote", "start", "stop"],
63
+ "pubsub: custom backend", PubsubError, "BAD_BACKEND", true);
67
64
  return Object.assign({ name: "custom" }, requested);
68
65
  }
69
66
  if (!requested || requested === "local") {
@@ -347,8 +344,7 @@ function create(opts) {
347
344
  throw _err("BAD_OPT", "pubsub.subscribe: handler must be a function");
348
345
  }
349
346
  var rec = { channel: channel, handler: handler, isPattern: false };
350
- var set = exactSubs.get(channel);
351
- if (!set) { set = new Set(); exactSubs.set(channel, set); }
347
+ var set = boundedMap.getOrInsert(exactSubs, channel, function () { return new Set(); });
352
348
  set.add(rec);
353
349
  // Remote subscribe is fire-and-forget from the caller's perspective;
354
350
  // the redis backend awaits the SUBSCRIBE ack internally before its
@@ -37,6 +37,7 @@
37
37
  */
38
38
 
39
39
  var C = require("./constants");
40
+ var safeBuffer = require("./safe-buffer");
40
41
  var lazyRequire = require("./lazy-require");
41
42
  var safeJson = require("./safe-json");
42
43
  var validateOpts = require("./validate-opts");
@@ -149,7 +150,7 @@ var VALUE_DETECTORS = [
149
150
  name: "connection-string",
150
151
  test: function (v) {
151
152
  if (typeof v !== "string" || v.length < C.BYTES.bytes(8)) return false; // bound BEFORE regex test
152
- if (v.length > C.BYTES.kib(8)) return false;
153
+ if (safeBuffer.byteLengthOf(v) > C.BYTES.kib(8)) return false;
153
154
  // user may be empty (e.g. redis://:password@host); password
154
155
  // segment is required to flag this as a credentialed URI.
155
156
  return /\b[a-zA-Z][a-zA-Z0-9+.-]*:\/\/[^\s:/?#]*:[^\s@/?#]+@/.test(v);
@@ -28,6 +28,8 @@
28
28
  * Server-side HTML / JSON / XML response helpers.
29
29
  */
30
30
 
31
+ var validateOpts = require("./validate-opts");
32
+
31
33
  var DEFAULT_CHARSET = "utf-8";
32
34
 
33
35
  function _alreadyDone(res) {
@@ -53,8 +55,8 @@ function _writeResponse(res, status, headers, body) {
53
55
  function _mergedHeaders(base, extra) {
54
56
  if (!extra) return base;
55
57
  var out = {};
56
- for (var k in base) { if (Object.prototype.hasOwnProperty.call(base, k)) out[k] = base[k]; }
57
- for (var j in extra) { if (Object.prototype.hasOwnProperty.call(extra, j)) out[j] = extra[j]; }
58
+ validateOpts.assignOwnEnumerable(out, base);
59
+ validateOpts.assignOwnEnumerable(out, extra);
58
60
  return out;
59
61
  }
60
62
 
@@ -42,6 +42,8 @@
42
42
  // every consumer reads HTTP_STATUS.<NAME> rather than the underlying
43
43
  // integer, so the hex form is purely an internal storage detail.
44
44
  var structuredFields = require("./structured-fields");
45
+ var pick = require("./pick");
46
+ var codepointClass = require("./codepoint-class");
45
47
 
46
48
  var HTTP_STATUS = Object.freeze({
47
49
  OK: 0xC8,
@@ -468,6 +470,91 @@ function resolveRoute(req) {
468
470
  return qIdx === -1 ? url : url.slice(0, qIdx);
469
471
  }
470
472
 
473
+ /**
474
+ * @primitive b.requestHelpers.makeSkipMatcher
475
+ * @signature b.requestHelpers.makeSkipMatcher(opts, label)
476
+ * @since 0.15.13
477
+ * @status stable
478
+ * @related b.requestHelpers.resolveRoute
479
+ *
480
+ * Build a `(req) => boolean` path-match predicate shared by the state-change
481
+ * guards (`csrfProtect` / `fetchMetadata` / `botGuard` / `rateLimit`) AND the
482
+ * route-exemption / mount checks in `auth.accessLock`, `middleware.ageGate`,
483
+ * `middleware.botDisclose`, and `middleware.dailyByteQuota` — so a single route
484
+ * can be exempted (or a middleware mounted on a path subset) without each caller
485
+ * re-rolling the loop. `opts.skipPaths` entries are validated at build time —
486
+ * each must be a string or a RegExp — so an operator typo dies at boot, not on
487
+ * the first request; the optional `opts.skip(req)` predicate is validated the
488
+ * same way.
489
+ *
490
+ * A STRING entry matches on a SEGMENT BOUNDARY, not a raw prefix: `"/api"`
491
+ * matches `/api` and `/api/x` but NOT `/apixyz` — a raw `startsWith` would skip
492
+ * the guard on an unintended sibling path (a guard-bypass class). An entry that
493
+ * already ends in `/` is itself a segment prefix. Pass `exact: true` to require
494
+ * a whole-path match (no descendant). A RegExp entry uses `.test(path)`. The
495
+ * tested path is `req.pathname || req.url || req.originalUrl || "/"` with the
496
+ * query string stripped (matching is on the path, never the query). A `skip`
497
+ * predicate that throws is treated as "do not skip", so a buggy exemption can
498
+ * only keep the guard ON, never silently bypass it.
499
+ *
500
+ * @opts
501
+ * skipPaths: Array<string|RegExp>, // string = segment-boundary match; RegExp = .test(path)
502
+ * exact: boolean, // string entries match whole-path only (no descendant). default false
503
+ * skip: function, // (req) => boolean, optional route-aware predicate
504
+ *
505
+ * @example
506
+ * var shouldSkip = b.requestHelpers.makeSkipMatcher(
507
+ * { skipPaths: ["/healthz", /^\/webhooks\//] }, "middleware.csrfProtect");
508
+ * if (shouldSkip(req)) return next();
509
+ */
510
+ // _skipStrMatch — does the request path match a single STRING skip entry?
511
+ // SEGMENT-BOUNDARY semantics, NOT a raw `startsWith`: entry "/api" matches
512
+ // "/api" and "/api/x" but NOT "/apixyz" (a raw prefix would wrongly skip the
513
+ // guard on the sibling path — a guard-bypass class). An entry that already
514
+ // ends in "/" is itself a segment prefix ("/webhooks/" matches "/webhooks/x").
515
+ // `exact` restricts to a whole-path equality (no descendant match).
516
+ function _skipStrMatch(path, entry, exact) {
517
+ if (exact) return path === entry;
518
+ if (entry.charAt(entry.length - 1) === "/") return path.indexOf(entry) === 0;
519
+ return path === entry || path.indexOf(entry + "/") === 0;
520
+ }
521
+
522
+ function makeSkipMatcher(opts, label) {
523
+ opts = opts || {};
524
+ label = label || "makeSkipMatcher";
525
+ var skipPaths = opts.skipPaths || [];
526
+ if (!Array.isArray(skipPaths)) {
527
+ throw new TypeError(label + ": skipPaths must be an array of string prefixes or RegExp");
528
+ }
529
+ for (var i = 0; i < skipPaths.length; i++) {
530
+ if (typeof skipPaths[i] !== "string" && !(skipPaths[i] instanceof RegExp)) {
531
+ throw new TypeError(label + ": skipPaths[" + i + "] must be a string prefix or RegExp, got " +
532
+ typeof skipPaths[i]);
533
+ }
534
+ }
535
+ var skipFn = opts.skip;
536
+ if (skipFn !== undefined && skipFn !== null && typeof skipFn !== "function") {
537
+ throw new TypeError(label + ": skip must be a function (req) => boolean");
538
+ }
539
+ var exact = opts.exact === true;
540
+ return function _shouldSkip(req) {
541
+ var path = (req && (req.pathname || req.url || req.originalUrl)) || "/";
542
+ var qpos = path.indexOf("?");
543
+ if (qpos !== -1) path = path.slice(0, qpos); // match on the path, never the query string
544
+ for (var j = 0; j < skipPaths.length; j++) {
545
+ var entry = skipPaths[j];
546
+ if (typeof entry === "string" ? _skipStrMatch(path, entry, exact) : entry.test(path)) {
547
+ return true;
548
+ }
549
+ }
550
+ if (skipFn) {
551
+ try { return skipFn(req) === true; }
552
+ catch (_e) { return false; }
553
+ }
554
+ return false;
555
+ };
556
+ }
557
+
471
558
  /**
472
559
  * @primitive b.requestHelpers.captureResponseStatus
473
560
  * @signature b.requestHelpers.captureResponseStatus(res, onEnd)
@@ -667,11 +754,8 @@ function extractBearer(req) {
667
754
  if (raw.indexOf(",") !== -1) return null;
668
755
  // Reject ASCII control characters BEFORE prefix-matching so a header
669
756
  // like "Bearer\rinjected" never reaches consumers.
670
- for (var ci = 0; ci < raw.length; ci += 1) {
671
- var cc = raw.charCodeAt(ci);
672
- if (cc === 0x00 || cc === 0x0A || cc === 0x0D || cc === 0x09 || cc < 0x20 || cc === 0x7F) {
673
- return null;
674
- }
757
+ if (codepointClass.firstControlCharOffset(raw, { forbidTab: true }) !== -1) {
758
+ return null;
675
759
  }
676
760
  // RFC 6750 §2.1 — auth-scheme is case-insensitive. The "Bearer "
677
761
  // prefix + at least one token byte must be present; the literal
@@ -747,15 +831,58 @@ function safeHeadersDistinct(req) {
747
831
  // skip __proto__ / constructor / prototype as keys — they are the
748
832
  // exact strings that triggered the upstream getter throw, and we
749
833
  // refuse to surface them as accessible header names.
750
- if (lower === "__proto__" || lower === "constructor" || lower === "prototype") continue;
834
+ if (pick.isPoisonedKey(lower)) continue;
751
835
  if (out[lower]) out[lower].push(value);
752
836
  else out[lower] = [value];
753
837
  }
754
838
  return out;
755
839
  }
756
840
 
841
+ /**
842
+ * @primitive b.requestHelpers.makeResourceAuditEmitter
843
+ * @signature b.requestHelpers.makeResourceAuditEmitter(sink, resourceKind, idFor?)
844
+ * @since 0.15.13
845
+ * @status stable
846
+ * @related b.requestHelpers.extractActorContext
847
+ *
848
+ * Build a drop-silent audit emitter `(action, key, outcome, metadata, req)` for
849
+ * a request-scoped resource. The emitter is disabled when `sink` is falsy (the
850
+ * operator supplied no audit instance), so a primitive can wire it
851
+ * unconditionally and let the operator opt in by passing `opts.audit`. Each
852
+ * event carries `resource: { kind, id }` and, when a request is passed, the
853
+ * actor extracted from it (`extractActorContext`); a throwing sink is swallowed
854
+ * so audit emission can never break the request the event describes.
855
+ *
856
+ * The auth lockout / bot-challenge and session device-binding primitives emit
857
+ * this exact shape, varying only in the resource kind and how the id derives
858
+ * from the per-call key. `idFor(key)` maps the per-call key to the resource id
859
+ * (default: the key verbatim); pass it when the id needs a prefix or transform.
860
+ *
861
+ * @example
862
+ * var emitAudit = b.requestHelpers.makeResourceAuditEmitter(
863
+ * opts.audit, "auth.lockout", function (key) { return ns + ":" + key; });
864
+ * emitAudit("locked", key, "denied", { attempts: n }, req);
865
+ */
866
+ function makeResourceAuditEmitter(sink, resourceKind, idFor) {
867
+ return function (action, key, outcome, metadata, req) {
868
+ if (!sink) return;
869
+ try {
870
+ var event = {
871
+ action: action,
872
+ outcome: outcome,
873
+ resource: { kind: resourceKind, id: idFor ? idFor(key) : key },
874
+ metadata: metadata || {},
875
+ };
876
+ if (req) event.actor = extractActorContext(req);
877
+ sink.safeEmit(event);
878
+ } catch (_e) { /* audit best-effort — never let a sink throw escape */ }
879
+ };
880
+ }
881
+
757
882
  module.exports = {
758
883
  resolveRoute: resolveRoute,
884
+ makeResourceAuditEmitter: makeResourceAuditEmitter,
885
+ makeSkipMatcher: makeSkipMatcher,
759
886
  captureResponseStatus: captureResponseStatus,
760
887
  extractActorContext: extractActorContext,
761
888
  resolveActorWithOverride: resolveActorWithOverride,
@@ -59,9 +59,8 @@ var bCrypto = require("./crypto");
59
59
  var numericChecks = require("./numeric-checks");
60
60
  var restoreBundle = require("./restore-bundle");
61
61
  var restoreRollback = require("./restore-rollback");
62
- var lazyRequire = require("./lazy-require");
63
62
  var validateOpts = require("./validate-opts");
64
- var audit = lazyRequire(function () { return require("./audit"); });
63
+ var auditEmit = require("./audit-emit");
65
64
  var { FrameworkError } = require("./framework-error");
66
65
 
67
66
  class RestoreError extends FrameworkError {
@@ -74,17 +73,9 @@ class RestoreError extends FrameworkError {
74
73
  }
75
74
 
76
75
  function _validateStorage(storage) {
77
- if (!storage || typeof storage !== "object") {
78
- throw new RestoreError("restore/bad-storage",
79
- "storage backend is required (use b.backup.diskStorage or pass a custom one)");
80
- }
81
- var required = ["readBundle", "listBundles", "hasBundle"];
82
- for (var i = 0; i < required.length; i++) {
83
- if (typeof storage[required[i]] !== "function") {
84
- throw new RestoreError("restore/bad-storage",
85
- "storage backend missing method '" + required[i] + "'");
86
- }
87
- }
76
+ validateOpts.requireMethods(storage,
77
+ ["readBundle", "listBundles", "hasBundle"],
78
+ "storage backend", RestoreError, "restore/bad-storage");
88
79
  }
89
80
 
90
81
  function create(opts) {
@@ -152,15 +143,7 @@ function create(opts) {
152
143
  return { totalBytes: totalBytes, fileCount: fileCount };
153
144
  }
154
145
 
155
- function _emitAudit(action, info, outcome) {
156
- if (!auditOn) return;
157
- audit().safeEmit({
158
- action: action,
159
- outcome: outcome,
160
- metadata: info || {},
161
- reason: info && info.reason ? info.reason : null,
162
- });
163
- }
146
+ var _emitAudit = auditEmit.gatedReasonEmitter({ audit: auditOn });
164
147
 
165
148
  async function list() { return await storage.listBundles(); }
166
149
 
@@ -47,6 +47,7 @@ var lazyRequire = require("./lazy-require");
47
47
  var validateOpts = require("./validate-opts");
48
48
  var safeSql = require("./safe-sql");
49
49
  var sql = require("./sql");
50
+ var numericBounds = require("./numeric-bounds");
50
51
  var { defineClass } = require("./framework-error");
51
52
 
52
53
  var audit = lazyRequire(function () { return require("./audit"); });
@@ -116,11 +117,8 @@ function _validateRule(rule) {
116
117
  throw _err("BAD_RULE",
117
118
  "rule.action string must be 'erase' / 'delete' / 'soft-delete', got " + JSON.stringify(action));
118
119
  }
119
- if (rule.batchSize !== undefined &&
120
- (typeof rule.batchSize !== "number" || !isFinite(rule.batchSize) ||
121
- rule.batchSize <= 0 || Math.floor(rule.batchSize) !== rule.batchSize)) {
122
- throw _err("BAD_RULE", "rule.batchSize must be a positive integer");
123
- }
120
+ numericBounds.requirePositiveFiniteIntIfPresent(rule.batchSize,
121
+ "rule.batchSize", RetentionError, "BAD_RULE");
124
122
  if (rule.softDeleteField !== undefined &&
125
123
  (typeof rule.softDeleteField !== "string" || rule.softDeleteField.length === 0)) {
126
124
  throw _err("BAD_RULE", "rule.softDeleteField must be a non-empty string");