@blamejs/blamejs-shop 0.4.56 → 0.4.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (402) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/affiliates.js +35 -4
  3. package/lib/api-keys.js +17 -2
  4. package/lib/asset-manifest.json +1 -1
  5. package/lib/backorder.js +21 -4
  6. package/lib/click-and-collect.js +11 -2
  7. package/lib/credit-limits.js +132 -84
  8. package/lib/vendor/MANIFEST.json +426 -366
  9. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  10. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  11. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  12. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  14. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  15. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  16. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  17. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  18. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  19. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  20. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  21. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  23. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  24. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  25. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  26. package/lib/vendor/blamejs/index.js +2 -0
  27. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  28. package/lib/vendor/blamejs/lib/acme.js +6 -5
  29. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  30. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  31. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  32. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  33. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  34. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  35. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  36. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  37. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  38. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  39. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  40. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  41. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  42. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  43. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  44. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  45. package/lib/vendor/blamejs/lib/archive.js +2 -10
  46. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  47. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  48. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  49. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  50. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  51. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  52. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  53. package/lib/vendor/blamejs/lib/audit.js +84 -0
  54. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  55. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  56. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  57. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  58. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  59. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  60. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  61. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  62. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  63. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  64. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  65. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  66. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  67. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  68. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  69. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  70. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  71. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  72. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  73. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  74. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  75. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  76. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  77. package/lib/vendor/blamejs/lib/cache.js +7 -18
  78. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  79. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  80. package/lib/vendor/blamejs/lib/cert.js +3 -10
  81. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  82. package/lib/vendor/blamejs/lib/cli.js +5 -1
  83. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  84. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  85. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  86. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  87. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  88. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  89. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  90. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  91. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  92. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  93. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  94. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  95. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  96. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  97. package/lib/vendor/blamejs/lib/cose.js +19 -11
  98. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  99. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  100. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  101. package/lib/vendor/blamejs/lib/csp.js +235 -3
  102. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  103. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  104. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  105. package/lib/vendor/blamejs/lib/db.js +34 -12
  106. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  107. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  108. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  109. package/lib/vendor/blamejs/lib/did.js +6 -2
  110. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  111. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  112. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  113. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  114. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  115. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  116. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  117. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  118. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  119. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  120. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  121. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  122. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  123. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  124. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  125. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  126. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  127. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  128. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  129. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  130. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  131. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  132. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  133. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  135. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  136. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  137. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  138. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  139. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  140. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  141. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  142. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  143. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  144. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  145. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  146. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  147. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  148. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  149. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  150. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  151. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  152. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  153. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  154. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  155. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  156. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  157. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  158. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  159. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  161. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  162. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  163. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  164. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  165. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  166. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  167. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  168. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  169. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  170. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  171. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  172. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  173. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  174. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  175. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  176. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  177. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  178. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  179. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  180. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  181. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  182. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  183. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  184. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  185. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  186. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  187. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  188. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  189. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  190. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  191. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  192. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  193. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  194. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  195. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  196. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  197. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  198. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  199. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  200. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  201. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  202. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  203. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  204. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  205. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  206. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  207. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  208. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  209. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  210. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  211. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  212. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  213. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  214. package/lib/vendor/blamejs/lib/mail.js +6 -11
  215. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  216. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  217. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  218. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  219. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  220. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  221. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  222. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  223. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  224. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  225. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  226. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  227. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  228. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  229. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  230. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  231. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  232. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  233. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  234. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  235. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  236. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  237. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  238. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  239. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  240. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  241. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  242. package/lib/vendor/blamejs/lib/money.js +105 -0
  243. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  244. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  245. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  246. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  247. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  248. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  249. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  250. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  251. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  252. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  253. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  254. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  255. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  256. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  257. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  258. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  259. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  260. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  261. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  262. package/lib/vendor/blamejs/lib/observability.js +95 -0
  263. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  264. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  265. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  266. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  267. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  268. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  269. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  270. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  271. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  272. package/lib/vendor/blamejs/lib/pick.js +63 -5
  273. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  274. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  275. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  276. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  277. package/lib/vendor/blamejs/lib/redact.js +2 -1
  278. package/lib/vendor/blamejs/lib/render.js +4 -2
  279. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  280. package/lib/vendor/blamejs/lib/restore.js +5 -22
  281. package/lib/vendor/blamejs/lib/retention.js +3 -5
  282. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  283. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  284. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  285. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  286. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  287. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  288. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  289. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  290. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  291. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  292. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  293. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  294. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  295. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  296. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  297. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  298. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  299. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  300. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  301. package/lib/vendor/blamejs/lib/session.js +194 -6
  302. package/lib/vendor/blamejs/lib/sql.js +225 -78
  303. package/lib/vendor/blamejs/lib/sse.js +6 -10
  304. package/lib/vendor/blamejs/lib/static.js +136 -98
  305. package/lib/vendor/blamejs/lib/storage.js +4 -2
  306. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  307. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  308. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  309. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  310. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  311. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  312. package/lib/vendor/blamejs/lib/vc.js +2 -7
  313. package/lib/vendor/blamejs/lib/vex.js +35 -13
  314. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  315. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  316. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  317. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  318. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  319. package/lib/vendor/blamejs/lib/worm.js +2 -3
  320. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  321. package/lib/vendor/blamejs/package.json +1 -1
  322. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  323. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  324. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  325. package/lib/vendor/blamejs/test/10-state.js +9 -3
  326. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  327. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  328. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  329. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  330. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  332. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  333. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  334. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  335. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  336. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  337. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  340. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  341. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  342. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  346. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  347. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  349. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  351. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  352. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  388. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  392. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  393. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  395. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  397. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  398. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  399. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  400. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  401. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  402. package/package.json +1 -1
@@ -605,6 +605,459 @@ function makeScheduledFlush(delayMs, flushFn) {
605
605
  };
606
606
  }
607
607
 
608
+ /**
609
+ * @primitive b.safeAsync.makeBufferedEnqueue
610
+ * @signature b.safeAsync.makeBufferedEnqueue(buffer, opts)
611
+ * @since 0.15.13
612
+ * @status stable
613
+ * @related b.safeAsync.makeScheduledFlush, b.safeAsync.makeDropCallback
614
+ *
615
+ * Backpressure enqueue for batching egress sinks. Returns an
616
+ * `enqueue(entry)` function that pushes `entry` onto the operator-owned
617
+ * `buffer` array with drop-oldest overflow protection, then either kicks
618
+ * a flush when the batch is full or defers to a coalescing scheduler.
619
+ * Resolves `{ accepted: true, queued }` with the post-enqueue depth.
620
+ *
621
+ * This is the shared hot-path decision every batching log-stream sink
622
+ * (CloudWatch, OTLP/HTTP, webhook) makes per record: bound the buffer,
623
+ * surface dropped records to drop accounting, and trigger delivery on a
624
+ * full batch without awaiting it. Bounding is mandatory — an unbounded
625
+ * buffer behind a slow or dead collector is an out-of-memory vector.
626
+ *
627
+ * `opts.flush` returns the in-flight drain promise (its rejection is
628
+ * swallowed here — the sink reports failures through its own onDrop).
629
+ * `opts.schedule` is the coalescing deferral (typically a
630
+ * `makeScheduledFlush` handle's `schedule`). `opts.onOverflow(dropped)`
631
+ * is invoked with the evicted record so the caller can increment its
632
+ * drop counter and emit a drop event. Validates wiring at construction
633
+ * (`TypeError`) so a sink author's typo surfaces at setup, not under load.
634
+ *
635
+ * @opts
636
+ * batchSize: number, // flush when buffer reaches this depth
637
+ * bufferLimit: number, // drop oldest once buffer exceeds this depth
638
+ * flush: Function, // () => Promise — non-awaited batch drain
639
+ * schedule: Function, // () => void — coalescing deferred flush
640
+ * onOverflow: Function, // (dropped) => void — drop accounting (optional)
641
+ *
642
+ * @example
643
+ * var b = require("blamejs");
644
+ *
645
+ * var buffer = [];
646
+ * var dropped = 0;
647
+ * var sched = b.safeAsync.makeScheduledFlush(20, drain);
648
+ * var enqueue = b.safeAsync.makeBufferedEnqueue(buffer, {
649
+ * batchSize: 100,
650
+ * bufferLimit: 1000,
651
+ * flush: drain,
652
+ * schedule: sched.schedule,
653
+ * onOverflow: function () { dropped += 1; },
654
+ * });
655
+ * function drain() { buffer.length = 0; return Promise.resolve(); }
656
+ *
657
+ * await enqueue({ message: "hi" });
658
+ * // → { accepted: true, queued: 1 }
659
+ */
660
+ function makeBufferedEnqueue(buffer, opts) {
661
+ if (!Array.isArray(buffer)) {
662
+ throw new TypeError("safeAsync.makeBufferedEnqueue: buffer must be an array");
663
+ }
664
+ if (!opts || typeof opts !== "object") {
665
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts is required");
666
+ }
667
+ if (typeof opts.batchSize !== "number" || !isFinite(opts.batchSize) || opts.batchSize < 1) {
668
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts.batchSize must be a positive finite number");
669
+ }
670
+ if (typeof opts.bufferLimit !== "number" || !isFinite(opts.bufferLimit) || opts.bufferLimit < 1) {
671
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts.bufferLimit must be a positive finite number");
672
+ }
673
+ if (typeof opts.flush !== "function") {
674
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts.flush must be a function");
675
+ }
676
+ if (typeof opts.schedule !== "function") {
677
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts.schedule must be a function");
678
+ }
679
+ if (opts.onOverflow != null && typeof opts.onOverflow !== "function") {
680
+ throw new TypeError("safeAsync.makeBufferedEnqueue: opts.onOverflow must be a function when provided");
681
+ }
682
+ var batchSize = opts.batchSize;
683
+ var bufferLimit = opts.bufferLimit;
684
+ var flush = opts.flush;
685
+ var schedule = opts.schedule;
686
+ var onOverflow = opts.onOverflow || null;
687
+ return function enqueue(entry) {
688
+ if (buffer.length >= bufferLimit) {
689
+ var dropped = buffer.shift();
690
+ if (onOverflow) onOverflow(dropped);
691
+ }
692
+ buffer.push(entry);
693
+ if (buffer.length >= batchSize) {
694
+ flush().catch(function () {});
695
+ } else {
696
+ schedule();
697
+ }
698
+ return Promise.resolve({ accepted: true, queued: buffer.length });
699
+ };
700
+ }
701
+
702
+ /**
703
+ * @primitive b.safeAsync.makeDrainingClose
704
+ * @signature b.safeAsync.makeDrainingClose(opts)
705
+ * @since 0.15.13
706
+ * @status stable
707
+ * @related b.safeAsync.makeBufferedEnqueue, b.safeAsync.makeScheduledFlush
708
+ *
709
+ * Graceful shutdown for a batching egress sink. Returns an async
710
+ * `close()` that cancels the coalescing scheduler, awaits any in-flight
711
+ * drain, runs one final flush, then marks the sink closed — in that
712
+ * order, because the order is load-bearing.
713
+ *
714
+ * The flush loop typically guards on `!closed` to stop pulling from the
715
+ * buffer; flipping `closed` first would strand the records an operator
716
+ * queued in the moment before shutdown. Draining before the flip is the
717
+ * difference between a clean shutdown and silently dropped tail records
718
+ * (lost logs, lost audit). This primitive encodes that invariant once so
719
+ * each sink can't reintroduce the reorder.
720
+ *
721
+ * `opts.getInflight` is read at close time (not construction) so it
722
+ * observes whatever drain is running then; its rejection is swallowed —
723
+ * the sink surfaces flush failures through its own onDrop. `opts.flush`
724
+ * runs the final drain; `opts.markClosed` flips the sink's closed flag.
725
+ *
726
+ * @opts
727
+ * scheduler: Object, // { cancel() } — the coalescing flush handle
728
+ * getInflight: Function, // () => Promise|null — current in-flight drain
729
+ * flush: Function, // () => Promise — final drain
730
+ * markClosed: Function, // () => void — flip the closed flag last
731
+ *
732
+ * @example
733
+ * var b = require("blamejs");
734
+ *
735
+ * var closed = false, inflight = null, buffer = [];
736
+ * var sched = b.safeAsync.makeScheduledFlush(20, drain);
737
+ * function drain() { inflight = Promise.resolve(); return inflight; }
738
+ * var close = b.safeAsync.makeDrainingClose({
739
+ * scheduler: sched,
740
+ * getInflight: function () { return inflight; },
741
+ * flush: drain,
742
+ * markClosed: function () { closed = true; },
743
+ * });
744
+ *
745
+ * await close();
746
+ * closed;
747
+ * // → true
748
+ */
749
+ function makeDrainingClose(opts) {
750
+ if (!opts || typeof opts !== "object") {
751
+ throw new TypeError("safeAsync.makeDrainingClose: opts is required");
752
+ }
753
+ if (!opts.scheduler || typeof opts.scheduler.cancel !== "function") {
754
+ throw new TypeError("safeAsync.makeDrainingClose: opts.scheduler must expose cancel()");
755
+ }
756
+ if (typeof opts.getInflight !== "function") {
757
+ throw new TypeError("safeAsync.makeDrainingClose: opts.getInflight must be a function");
758
+ }
759
+ if (typeof opts.flush !== "function") {
760
+ throw new TypeError("safeAsync.makeDrainingClose: opts.flush must be a function");
761
+ }
762
+ if (typeof opts.markClosed !== "function") {
763
+ throw new TypeError("safeAsync.makeDrainingClose: opts.markClosed must be a function");
764
+ }
765
+ var scheduler = opts.scheduler;
766
+ var getInflight = opts.getInflight;
767
+ var flush = opts.flush;
768
+ var markClosed = opts.markClosed;
769
+ return async function close() {
770
+ scheduler.cancel();
771
+ var inflight = getInflight();
772
+ if (inflight) {
773
+ try { await inflight; } catch (_e) { /* surfaced via the sink's onDrop */ }
774
+ }
775
+ await flush();
776
+ markClosed();
777
+ };
778
+ }
779
+
780
+ /**
781
+ * @primitive b.safeAsync.makeBatchDrain
782
+ * @signature b.safeAsync.makeBatchDrain(opts)
783
+ * @since 0.15.13
784
+ * @status stable
785
+ * @related b.safeAsync.makeBufferedEnqueue, b.safeAsync.makeDrainingClose
786
+ *
787
+ * The drain loop behind a batching egress sink. Owns the single-flight
788
+ * latch and returns `{ flush, getInflight, isInFlight }`. Calling
789
+ * `flush()` while a drain is in progress returns that same in-flight
790
+ * promise (one drain at a time); otherwise it pulls batches off the
791
+ * operator-owned `buffer` and ships each via `opts.sendBatch` until the
792
+ * buffer empties or the sink closes, rescheduling itself if records
793
+ * remain.
794
+ *
795
+ * `opts.sendBatch(batch)` is the per-sink transport (serialize + send,
796
+ * typically wrapped in retry); a throw means the batch is permanently
797
+ * rejected — the loop reports it via `opts.onRetryExhausted(batch, err)`
798
+ * and stops (the buffer keeps the rest for the next cycle). `opts.isClosed`
799
+ * is polled each iteration so a shutdown stops the loop promptly.
800
+ *
801
+ * Two optional hooks cover sinks that need more than a plain splice:
802
+ * `opts.takeBatch(buffer)` returns the next batch (default
803
+ * `buffer.splice(0, batchSize)`) for sinks with a byte-size cap; and
804
+ * `opts.beforeDrain()` runs once before the loop (e.g. ensure a remote
805
+ * log stream exists) — if it throws, the whole buffer is drained to
806
+ * `opts.onBeforeDrainFail(records, err)` as a permanent drop, since every
807
+ * batch would hit the same failure.
808
+ *
809
+ * @opts
810
+ * buffer: Array, // operator-owned record buffer
811
+ * batchSize: number, // default splice width
812
+ * scheduler: Object, // { schedule() } — reschedule when records remain
813
+ * isClosed: Function, // () => boolean — polled each iteration
814
+ * sendBatch: Function, // (batch) => Promise — throw ⇒ permanent reject
815
+ * onRetryExhausted: Function, // (batch, err) => void — permanent-reject accounting
816
+ * takeBatch: Function, // (buffer) => batch — optional; default splice(0, batchSize)
817
+ * beforeDrain: Function, // () => Promise — optional pre-loop step
818
+ * onBeforeDrainFail: Function,// (records, err) => void — optional; beforeDrain threw
819
+ *
820
+ * @example
821
+ * var b = require("blamejs");
822
+ *
823
+ * var buffer = [{ n: 1 }, { n: 2 }];
824
+ * var sent = [];
825
+ * var sched = b.safeAsync.makeScheduledFlush(20, function () {});
826
+ * var drain = b.safeAsync.makeBatchDrain({
827
+ * buffer: buffer,
828
+ * batchSize: 10,
829
+ * scheduler: sched,
830
+ * isClosed: function () { return false; },
831
+ * sendBatch: function (batch) { sent.push(batch); return Promise.resolve(); },
832
+ * onRetryExhausted: function () {},
833
+ * });
834
+ * await drain.flush();
835
+ * sent.length;
836
+ * // → 1
837
+ */
838
+ function makeBatchDrain(opts) {
839
+ if (!opts || typeof opts !== "object") {
840
+ throw new TypeError("safeAsync.makeBatchDrain: opts is required");
841
+ }
842
+ if (!Array.isArray(opts.buffer)) {
843
+ throw new TypeError("safeAsync.makeBatchDrain: opts.buffer must be an array");
844
+ }
845
+ if (typeof opts.batchSize !== "number" || !isFinite(opts.batchSize) || opts.batchSize < 1) {
846
+ throw new TypeError("safeAsync.makeBatchDrain: opts.batchSize must be a positive finite number");
847
+ }
848
+ if (!opts.scheduler || typeof opts.scheduler.schedule !== "function") {
849
+ throw new TypeError("safeAsync.makeBatchDrain: opts.scheduler must expose schedule()");
850
+ }
851
+ if (typeof opts.isClosed !== "function") {
852
+ throw new TypeError("safeAsync.makeBatchDrain: opts.isClosed must be a function");
853
+ }
854
+ if (typeof opts.sendBatch !== "function") {
855
+ throw new TypeError("safeAsync.makeBatchDrain: opts.sendBatch must be a function");
856
+ }
857
+ if (typeof opts.onRetryExhausted !== "function") {
858
+ throw new TypeError("safeAsync.makeBatchDrain: opts.onRetryExhausted must be a function");
859
+ }
860
+ if (opts.takeBatch != null && typeof opts.takeBatch !== "function") {
861
+ throw new TypeError("safeAsync.makeBatchDrain: opts.takeBatch must be a function when provided");
862
+ }
863
+ if (opts.beforeDrain != null && typeof opts.beforeDrain !== "function") {
864
+ throw new TypeError("safeAsync.makeBatchDrain: opts.beforeDrain must be a function when provided");
865
+ }
866
+ if (opts.onBeforeDrainFail != null && typeof opts.onBeforeDrainFail !== "function") {
867
+ throw new TypeError("safeAsync.makeBatchDrain: opts.onBeforeDrainFail must be a function when provided");
868
+ }
869
+ var buffer = opts.buffer;
870
+ var batchSize = opts.batchSize;
871
+ var scheduler = opts.scheduler;
872
+ var isClosed = opts.isClosed;
873
+ var sendBatch = opts.sendBatch;
874
+ var onRetryExhausted = opts.onRetryExhausted;
875
+ var takeBatch = opts.takeBatch || function (buf) { return buf.splice(0, batchSize); };
876
+ var beforeDrain = opts.beforeDrain || null;
877
+ var onBeforeDrainFail = opts.onBeforeDrainFail || null;
878
+
879
+ var inFlight = false;
880
+ var inFlightPromise = null;
881
+
882
+ async function flush() {
883
+ if (inFlight) return inFlightPromise;
884
+ if (buffer.length === 0) return;
885
+ inFlight = true;
886
+ inFlightPromise = (async function () {
887
+ try {
888
+ if (beforeDrain) {
889
+ try { await beforeDrain(); }
890
+ catch (e) {
891
+ // The pre-drain step failed permanently — every batch would hit
892
+ // the same error. Drain the whole buffer to onBeforeDrainFail so
893
+ // the operator sees exactly which records were lost, then bail.
894
+ var allBuffered = buffer.splice(0, buffer.length);
895
+ if (onBeforeDrainFail) onBeforeDrainFail(allBuffered, e);
896
+ return;
897
+ }
898
+ }
899
+ while (buffer.length > 0 && !isClosed()) {
900
+ var batch = takeBatch(buffer);
901
+ if (batch.length === 0) break;
902
+ try {
903
+ await sendBatch(batch);
904
+ } catch (sendErr) {
905
+ onRetryExhausted(batch, sendErr);
906
+ break;
907
+ }
908
+ }
909
+ } finally {
910
+ inFlight = false;
911
+ inFlightPromise = null;
912
+ if (buffer.length > 0) scheduler.schedule();
913
+ }
914
+ })();
915
+ return inFlightPromise;
916
+ }
917
+
918
+ return {
919
+ flush: flush,
920
+ getInflight: function () { return inFlightPromise; },
921
+ isInFlight: function () { return inFlight; },
922
+ };
923
+ }
924
+
925
+ /**
926
+ * @primitive b.safeAsync.makeBatchingSink
927
+ * @signature b.safeAsync.makeBatchingSink(opts)
928
+ * @since 0.15.13
929
+ * @status stable
930
+ * @related b.safeAsync.makeBatchDrain, b.safeAsync.makeBufferedEnqueue
931
+ *
932
+ * The complete batching egress-sink core — buffer, drop accounting,
933
+ * single-flight drain, and graceful close, wired together. Returns
934
+ * `{ emit, close, flush, stats }`. A sink built on this provides only
935
+ * its transport (`sendBatch`) and config; the bounded buffer, overflow
936
+ * and retry-exhaustion drop counting, batch-full flushing, and
937
+ * drain-before-close shutdown all come from here.
938
+ *
939
+ * It composes the three lower-level primitives —
940
+ * `makeBufferedEnqueue` (backpressure), `makeBatchDrain` (single-flight
941
+ * drain), `makeDrainingClose` (shutdown) — so every sink shares one
942
+ * implementation of the parts that are easy to get subtly wrong (an
943
+ * unbounded buffer is an OOM vector; flipping closed before the final
944
+ * drain strands tail records).
945
+ *
946
+ * `opts.sendBatch(batch)` is the transport; a throw means permanent
947
+ * rejection (counted as a drop, reported via onDrop "retry-exhausted").
948
+ * `opts.prepareRecord(record)` optionally transforms or rejects a record
949
+ * before buffering — return `{ entry }` to buffer `entry`, or
950
+ * `{ rejected: true, reason, dropKind?, drop?, error? }` to refuse it
951
+ * (e.g. an oversize event past a provider's hard cap). `opts.takeBatch`
952
+ * and `opts.beforeDrain` are forwarded to the drain (byte-cap batching;
953
+ * a pre-drain handshake whose failure drops the buffer under
954
+ * `opts.beforeDrainDropKind`).
955
+ *
956
+ * @opts
957
+ * batchSize: number, // flush at this depth
958
+ * bufferLimit: number, // drop oldest past this depth
959
+ * maxBatchAgeMs: number, // coalescing flush delay
960
+ * sendBatch: Function, // (batch) => Promise — transport
961
+ * onDrop: Function, // ({reason,batch,error}) => void (optional)
962
+ * prepareRecord: Function, // (record) => {entry}|{rejected,...} (optional)
963
+ * takeBatch: Function, // () => batch (optional; byte-cap sinks)
964
+ * beforeDrain: Function, // () => Promise (optional pre-drain step)
965
+ * beforeDrainDropKind: string, // drop kind when beforeDrain fails
966
+ *
967
+ * @example
968
+ * var b = require("blamejs");
969
+ *
970
+ * var sent = [];
971
+ * var sink = b.safeAsync.makeBatchingSink({
972
+ * batchSize: 2,
973
+ * bufferLimit: 100,
974
+ * maxBatchAgeMs: 50,
975
+ * sendBatch: function (batch) { sent.push(batch); return Promise.resolve(); },
976
+ * });
977
+ * await sink.emit({ message: "a" });
978
+ * await sink.emit({ message: "b" }); // batch full → flush
979
+ * await sink.close();
980
+ * sent.length;
981
+ * // → 1
982
+ */
983
+ function makeBatchingSink(opts) {
984
+ if (!opts || typeof opts !== "object") {
985
+ throw new TypeError("safeAsync.makeBatchingSink: opts is required");
986
+ }
987
+ if (typeof opts.sendBatch !== "function") {
988
+ throw new TypeError("safeAsync.makeBatchingSink: opts.sendBatch must be a function");
989
+ }
990
+ if (opts.prepareRecord != null && typeof opts.prepareRecord !== "function") {
991
+ throw new TypeError("safeAsync.makeBatchingSink: opts.prepareRecord must be a function when provided");
992
+ }
993
+ // batchSize / bufferLimit / maxBatchAgeMs are validated by the sub-primitives.
994
+ var prepareRecord = opts.prepareRecord || null;
995
+ var beforeDrainDropKind = opts.beforeDrainDropKind || "before-drain-failed";
996
+ var onDrop = makeDropCallback(opts.onDrop);
997
+
998
+ var buffer = [];
999
+ var dropCount = 0;
1000
+ var closed = false;
1001
+
1002
+ var flushScheduler = makeScheduledFlush(opts.maxBatchAgeMs, function () { return _flush(); });
1003
+
1004
+ var drain = makeBatchDrain({
1005
+ buffer: buffer,
1006
+ batchSize: opts.batchSize,
1007
+ scheduler: flushScheduler,
1008
+ isClosed: function () { return closed; },
1009
+ takeBatch: opts.takeBatch,
1010
+ beforeDrain: opts.beforeDrain,
1011
+ onBeforeDrainFail: opts.beforeDrain
1012
+ ? function (records, e) { dropCount += records.length; onDrop(beforeDrainDropKind, records, e); }
1013
+ : undefined,
1014
+ sendBatch: opts.sendBatch,
1015
+ onRetryExhausted: function (batch, e) { dropCount += batch.length; onDrop("retry-exhausted", batch, e); },
1016
+ });
1017
+ var _flush = drain.flush;
1018
+
1019
+ var enqueue = makeBufferedEnqueue(buffer, {
1020
+ batchSize: opts.batchSize,
1021
+ bufferLimit: opts.bufferLimit,
1022
+ flush: _flush,
1023
+ schedule: flushScheduler.schedule,
1024
+ onOverflow: function (dropped) { dropCount += 1; onDrop("overflow", [dropped], null); },
1025
+ });
1026
+
1027
+ function emit(record) {
1028
+ if (closed) return Promise.resolve({ accepted: false, reason: "sink closed" });
1029
+ if (prepareRecord) {
1030
+ var prepared = prepareRecord(record);
1031
+ if (prepared && prepared.rejected) {
1032
+ dropCount += 1;
1033
+ if (prepared.drop) onDrop(prepared.dropKind || prepared.reason, prepared.drop, prepared.error || null);
1034
+ return Promise.resolve({ accepted: false, reason: prepared.reason });
1035
+ }
1036
+ return enqueue(prepared && "entry" in prepared ? prepared.entry : record);
1037
+ }
1038
+ return enqueue(record);
1039
+ }
1040
+
1041
+ var close = makeDrainingClose({
1042
+ scheduler: flushScheduler,
1043
+ getInflight: drain.getInflight,
1044
+ flush: _flush,
1045
+ markClosed: function () { closed = true; },
1046
+ });
1047
+
1048
+ return {
1049
+ emit: emit,
1050
+ close: close,
1051
+ flush: _flush,
1052
+ // `extra` merges sink-specific fields (resolved URL, sequence token …)
1053
+ // over the shared { queued, dropped, inFlight } base.
1054
+ stats: function (extra) {
1055
+ var base = { queued: buffer.length, dropped: dropCount, inFlight: drain.isInFlight() };
1056
+ return extra ? Object.assign(base, extra) : base;
1057
+ },
1058
+ };
1059
+ }
1060
+
608
1061
  // ---- parallel ----
609
1062
  //
610
1063
  // Bounded-concurrency mapAsync. Runs `fn(item, index)` over `items`
@@ -1174,6 +1627,10 @@ module.exports = {
1174
1627
  safeInvoke: safeInvoke,
1175
1628
  makeDropCallback: makeDropCallback,
1176
1629
  makeScheduledFlush: makeScheduledFlush,
1630
+ makeBufferedEnqueue: makeBufferedEnqueue,
1631
+ makeDrainingClose: makeDrainingClose,
1632
+ makeBatchDrain: makeBatchDrain,
1633
+ makeBatchingSink: makeBatchingSink,
1177
1634
  parallel: parallel,
1178
1635
  Mutex: Mutex,
1179
1636
  Semaphore: Semaphore,
@@ -167,7 +167,13 @@ function normalizeText(input, opts) {
167
167
  *
168
168
  * @opts
169
169
  * maxBytes: number, // optional positive finite int; byte cap
170
- * errorClass: Function, // caller-supplied Error subclass
170
+ * encoding: string, // string→Buffer encoding. default "utf8" (e.g. "hex", "base64")
171
+ * allowString: boolean, // accept a string input (coerced via `encoding`). default true;
172
+ * // false = byte inputs only (Buffer/Uint8Array) — a string throws
173
+ * // (COSE_Key / mdoc CBOR / DNSSEC bytes are byte-only by spec)
174
+ * errorClass: Function, // caller-supplied Error subclass; thrown as new Class(message, code)
175
+ * errorFactory: Function, // (code, message) -> Error; for caller error classes whose
176
+ * // constructor is (code, message) — sidesteps the errorClass order
171
177
  * typeCode: string, // default "buffer/wrong-input-type"
172
178
  * sizeCode: string, // default "buffer/too-large"
173
179
  * typeMessage: string, // override the wrong-input-type message
@@ -208,23 +214,146 @@ function toBuffer(data, opts) {
208
214
  maxBytes = opts.maxBytes;
209
215
  }
210
216
  var errClass = opts.errorClass;
217
+ var errFactory = opts.errorFactory;
218
+ var encoding = opts.encoding || "utf8";
219
+ var allowString = opts.allowString !== false; // default true; false = byte inputs only (string throws)
211
220
  var typeCode = opts.typeCode || "buffer/wrong-input-type";
212
221
  var sizeCode = opts.sizeCode || "buffer/too-large";
213
222
  var typeMsg = opts.typeMessage || "data must be Buffer, Uint8Array, or string";
214
223
  var sizeMsg = opts.sizeMessage || "data exceeds maxBytes";
224
+ // errorFactory wins when supplied (caller's class is (code, message)-shaped);
225
+ // otherwise fall back to the (message, code) errorClass path.
226
+ function _raise(message, code) {
227
+ if (typeof errFactory === "function") throw errFactory(code, message);
228
+ _throw(errClass, message, code);
229
+ }
215
230
 
216
231
  var buf;
217
- if (Buffer.isBuffer(data)) buf = data;
218
- else if (typeof data === "string") buf = Buffer.from(data, "utf8");
219
- else if (data instanceof Uint8Array) buf = Buffer.from(data);
220
- else _throw(errClass, typeMsg, typeCode);
232
+ if (Buffer.isBuffer(data)) buf = data;
233
+ else if (allowString && typeof data === "string") buf = Buffer.from(data, encoding);
234
+ else if (data instanceof Uint8Array) buf = Buffer.from(data);
235
+ else _raise(typeMsg, typeCode); // a string under allowString:false falls through here
221
236
 
222
237
  if (maxBytes !== null && buf.length > maxBytes) {
223
- _throw(errClass, sizeMsg, sizeCode);
238
+ _raise(sizeMsg, sizeCode);
224
239
  }
225
240
  return buf;
226
241
  }
227
242
 
243
+ /**
244
+ * @primitive b.safeBuffer.makeByteCoercer
245
+ * @signature b.safeBuffer.makeByteCoercer(opts)
246
+ * @since 0.15.13
247
+ * @status stable
248
+ * @related b.safeBuffer.toBuffer, b.safeBuffer.byteLengthOf
249
+ *
250
+ * Bind `toBuffer` to one module's error contract, returning a
251
+ * `coerce(value, what)` that validates `value` is a byte input (with the
252
+ * module's `allowString` / `encoding` policy) and, on a type mismatch,
253
+ * throws the module's own error class with a per-field message
254
+ * `messagePrefix + what + messageSuffix`. The mirror of
255
+ * `b.audit.namespaced` / `b.observability.namespaced` for the byte-input
256
+ * boundary: each module bound `toBuffer` to its error class + code +
257
+ * message template in a hand-rolled `function _bytes(x, what) { return
258
+ * toBuffer(x, { errorFactory: (c, m) => new XError(c, m), … }); }`
259
+ * wrapper — this owns that binding once.
260
+ *
261
+ * `what` names the field being coerced (`"issuerAuth"`, `"x coordinate"`)
262
+ * and is interpolated into the message so one coercer serves every call
263
+ * site in a module. The byte-mode is whatever `toBuffer` accepts:
264
+ * `allowString: false` for strict byte-only inputs (COSE / mdoc / DNSSEC
265
+ * wire data), or `encoding` (`"hex"` / `"base64"`) for modules that
266
+ * accept an encoded string alongside raw bytes.
267
+ *
268
+ * @opts
269
+ * errorClass: Function, // required — (code, message) error constructor
270
+ * typeCode: string, // required — error code on a type mismatch
271
+ * messagePrefix: string, // text before `what`. default: ""
272
+ * messageSuffix: string, // text after `what`. default: ""
273
+ * allowString: boolean, // forwarded to toBuffer. default: true
274
+ * encoding: string, // forwarded to toBuffer. default: "utf8"
275
+ *
276
+ * @example
277
+ * var b = require("blamejs");
278
+ *
279
+ * function DnssecError(code, msg) { this.code = code; this.message = msg; }
280
+ * var toBytes = b.safeBuffer.makeByteCoercer({
281
+ * errorClass: DnssecError,
282
+ * typeCode: "dnssec/bad-bytes",
283
+ * messagePrefix: "dnssec: ",
284
+ * messageSuffix: " must be a Buffer",
285
+ * allowString: false,
286
+ * });
287
+ * toBytes(Buffer.from([1, 2]), "RRSIG"); // → <Buffer 01 02>
288
+ * // toBytes("nope", "RRSIG") throws DnssecError("dnssec/bad-bytes",
289
+ * // "dnssec: RRSIG must be a Buffer")
290
+ */
291
+ function makeByteCoercer(opts) {
292
+ if (!opts || typeof opts !== "object") {
293
+ throw new SafeBufferError("makeByteCoercer: opts is required", "buffer/bad-arg");
294
+ }
295
+ if (typeof opts.errorClass !== "function") {
296
+ throw new SafeBufferError("makeByteCoercer: opts.errorClass must be a constructor", "buffer/bad-arg");
297
+ }
298
+ if (typeof opts.typeCode !== "string" || opts.typeCode.length === 0) {
299
+ throw new SafeBufferError("makeByteCoercer: opts.typeCode must be a non-empty string", "buffer/bad-arg");
300
+ }
301
+ var ErrorClass = opts.errorClass;
302
+ var errorFactory = function (code, message) { return new ErrorClass(code, message); };
303
+ var typeCode = opts.typeCode;
304
+ var prefix = opts.messagePrefix != null ? opts.messagePrefix : "";
305
+ var suffix = opts.messageSuffix != null ? opts.messageSuffix : "";
306
+ var allowString = opts.allowString;
307
+ var encoding = opts.encoding;
308
+ return function coerce(value, what) {
309
+ return toBuffer(value, {
310
+ allowString: allowString,
311
+ encoding: encoding,
312
+ errorFactory: errorFactory,
313
+ typeCode: typeCode,
314
+ typeMessage: prefix + (what == null ? "" : what) + suffix,
315
+ });
316
+ };
317
+ }
318
+
319
+ /**
320
+ * @primitive b.safeBuffer.byteLengthOf
321
+ * @signature b.safeBuffer.byteLengthOf(value, encoding?)
322
+ * @since 0.15.13
323
+ * @related b.safeBuffer.toBuffer, b.safeBuffer.normalizeText
324
+ *
325
+ * The byte length of a string OR a byte container, measured correctly
326
+ * for either. A `String`'s `.length` counts UTF-16 code units, NOT
327
+ * bytes — comparing it to a cap named in bytes under-enforces the cap
328
+ * on multibyte input (a 2-4 byte character counts as 1, so the real
329
+ * ceiling is up to ~4x the configured limit). This primitive returns
330
+ * `Buffer.byteLength(value, encoding)` for a string and `value.length`
331
+ * for a `Buffer` / `Uint8Array` (whose `.length` already IS the byte
332
+ * count), so a byte cap is enforced the same way regardless of whether
333
+ * the value arrived decoded or raw. Route every byte-cap comparison
334
+ * through it instead of `value.length > someBytesCap`.
335
+ *
336
+ * Throws `TypeError` on any other type (a defensive net — callers
337
+ * type-check their input before measuring).
338
+ *
339
+ * @example
340
+ * var b = require("blamejs");
341
+ * b.safeBuffer.byteLengthOf("a"); // → 1
342
+ * b.safeBuffer.byteLengthOf("中"); // → 3 (one CJK char, 3 UTF-8 bytes)
343
+ * "中".length; // → 1 (UTF-16 code units — the trap)
344
+ * b.safeBuffer.byteLengthOf(Buffer.from([1, 2, 3])); // → 3
345
+ */
346
+ function byteLengthOf(value, encoding) {
347
+ if (typeof value === "string") {
348
+ return Buffer.byteLength(value, encoding || "utf8");
349
+ }
350
+ if (Buffer.isBuffer(value) || value instanceof Uint8Array) {
351
+ return value.length;
352
+ }
353
+ throw new TypeError("safeBuffer.byteLengthOf: value must be a string, " +
354
+ "Buffer, or Uint8Array; got " + (value === null ? "null" : typeof value));
355
+ }
356
+
228
357
  // ---- boundedChunkCollector ----
229
358
  //
230
359
  // Replaces the unbounded `chunks.push(c); ... Buffer.concat(chunks)`
@@ -672,6 +801,8 @@ function stripCrlf(s, replacement) {
672
801
  module.exports = {
673
802
  normalizeText: normalizeText,
674
803
  toBuffer: toBuffer,
804
+ makeByteCoercer: makeByteCoercer,
805
+ byteLengthOf: byteLengthOf,
675
806
  boundedChunkCollector: boundedChunkCollector,
676
807
  collectStream: collectStream,
677
808
  secureZero: secureZero,
@@ -81,6 +81,7 @@
81
81
  */
82
82
 
83
83
  var zlib = require("node:zlib");
84
+ var safeBuffer = require("./safe-buffer");
84
85
  var lazyRequire = require("./lazy-require");
85
86
  var validateOpts = require("./validate-opts");
86
87
  var numericBounds = require("./numeric-bounds");
@@ -202,7 +203,7 @@ function safeDecompress(input, opts) {
202
203
  if (opts.maxCompressedBytes !== undefined && opts.maxCompressedBytes !== null) {
203
204
  maxCompressedBytes = opts.maxCompressedBytes;
204
205
  }
205
- if (buf.length > maxCompressedBytes) {
206
+ if (safeBuffer.byteLengthOf(buf) > maxCompressedBytes) {
206
207
  _refuse(opts, "safe-decompress/oversized-input",
207
208
  "compressed input " + buf.length + " bytes exceeds maxCompressedBytes " +
208
209
  maxCompressedBytes);
@@ -56,6 +56,7 @@
56
56
  */
57
57
 
58
58
  var C = require("./constants");
59
+ var safeBuffer = require("./safe-buffer");
59
60
  var { defineClass } = require("./framework-error");
60
61
  var gateContract = require("./gate-contract");
61
62
 
@@ -206,7 +207,7 @@ function parseResponse(buf, opts) {
206
207
  "safeDns.parseResponse: buf must be a Buffer; got " + (typeof buf));
207
208
  }
208
209
  var caps = _resolveProfile(opts);
209
- if (buf.length > caps.maxResponseBytes) {
210
+ if (safeBuffer.byteLengthOf(buf) > caps.maxResponseBytes) {
210
211
  throw new SafeDnsError("safe-dns/oversize-response",
211
212
  "safeDns.parseResponse: " + buf.length + " bytes exceeds maxResponseBytes=" +
212
213
  caps.maxResponseBytes + " (RFC 6891 §6.1 EDNS0 advertised buffer size)");