@blamejs/blamejs-shop 0.5.5 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1404) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/README.md +1 -1
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/vendor/MANIFEST.json +1395 -1409
  5. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +1 -1
  6. package/lib/vendor/blamejs/.github/dependabot.yml +12 -2
  7. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +3 -3
  8. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +3 -3
  9. package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -29
  10. package/lib/vendor/blamejs/.github/workflows/codeql.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +6 -6
  12. package/lib/vendor/blamejs/.github/workflows/release-container.yml +8 -8
  13. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  14. package/lib/vendor/blamejs/.gitignore +6 -6
  15. package/lib/vendor/blamejs/CHANGELOG.md +68 -0
  16. package/lib/vendor/blamejs/CONTRIBUTING.md +16 -0
  17. package/lib/vendor/blamejs/README.md +2 -1
  18. package/lib/vendor/blamejs/ROADMAP.md +51 -0
  19. package/lib/vendor/blamejs/SECURITY.md +52 -1
  20. package/lib/vendor/blamejs/api-snapshot.json +22 -2
  21. package/lib/vendor/blamejs/bench/_helpers.js +2 -0
  22. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +2 -0
  23. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +2 -0
  24. package/lib/vendor/blamejs/bench/run.js +2 -0
  25. package/lib/vendor/blamejs/bench/safe-json.bench.js +2 -0
  26. package/lib/vendor/blamejs/bin/blamejs.js +2 -0
  27. package/lib/vendor/blamejs/examples/wiki/Dockerfile +1 -1
  28. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +2 -0
  29. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +9 -1
  30. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +2 -0
  31. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +2 -0
  32. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +2 -0
  33. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +2 -0
  34. package/lib/vendor/blamejs/examples/wiki/lib/html-entities.js +2 -0
  35. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +2 -0
  36. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +2 -0
  37. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +2 -0
  38. package/lib/vendor/blamejs/examples/wiki/lib/section.js +2 -0
  39. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +2 -0
  40. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +2 -0
  41. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +2 -0
  42. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +2 -0
  43. package/lib/vendor/blamejs/examples/wiki/package-lock.json +30 -0
  44. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +2 -0
  45. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +2 -0
  46. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +2 -0
  47. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +2 -0
  48. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +2 -0
  49. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +2 -0
  50. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +2 -0
  51. package/lib/vendor/blamejs/examples/wiki/server.js +2 -0
  52. package/lib/vendor/blamejs/examples/wiki/site.config.js +2 -0
  53. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +2 -0
  54. package/lib/vendor/blamejs/examples/wiki/src/editor.js +2 -0
  55. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +2 -0
  56. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +2 -0
  57. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +23 -0
  58. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +2 -0
  59. package/lib/vendor/blamejs/examples/wiki/test/integration.js +2 -0
  60. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +2 -0
  61. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +2 -0
  62. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +2 -0
  63. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +2 -0
  64. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +2 -0
  65. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +2 -0
  66. package/lib/vendor/blamejs/fuzz/_expected.js +2 -0
  67. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +2 -0
  68. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +2 -0
  69. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +2 -0
  70. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +2 -0
  71. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +2 -0
  72. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +2 -0
  73. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +2 -0
  74. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +2 -0
  75. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +2 -0
  76. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +2 -0
  77. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +2 -0
  78. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +2 -0
  79. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +2 -0
  80. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +2 -0
  81. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +2 -0
  82. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +2 -0
  83. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +2 -0
  84. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +2 -0
  85. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +2 -0
  86. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +2 -0
  87. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +2 -0
  88. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +2 -0
  89. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +2 -0
  90. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +2 -0
  91. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +2 -0
  92. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +2 -0
  93. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +2 -0
  94. package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +2 -0
  95. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +2 -0
  96. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +2 -0
  97. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +2 -0
  98. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +2 -0
  99. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +2 -0
  100. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +2 -0
  101. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +2 -0
  102. package/lib/vendor/blamejs/fuzz/package-lock.json +1239 -0
  103. package/lib/vendor/blamejs/fuzz/package.json +10 -0
  104. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +2 -0
  105. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +2 -0
  106. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +2 -0
  107. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +2 -0
  108. package/lib/vendor/blamejs/fuzz/safe-archive.fuzz.js +2 -0
  109. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +2 -0
  110. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +2 -0
  111. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +2 -0
  112. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +2 -0
  113. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +2 -0
  114. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +2 -0
  115. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +2 -0
  116. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +2 -0
  117. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +2 -0
  118. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +2 -0
  119. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +2 -0
  120. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +2 -0
  121. package/lib/vendor/blamejs/index.js +2 -0
  122. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +2 -0
  123. package/lib/vendor/blamejs/lib/a2a-tasks.js +2 -0
  124. package/lib/vendor/blamejs/lib/a2a.js +2 -0
  125. package/lib/vendor/blamejs/lib/acme.js +7 -1
  126. package/lib/vendor/blamejs/lib/agent-audit.js +2 -0
  127. package/lib/vendor/blamejs/lib/agent-envelope-mac.js +2 -0
  128. package/lib/vendor/blamejs/lib/agent-event-bus.js +2 -0
  129. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -0
  130. package/lib/vendor/blamejs/lib/agent-orchestrator.js +10 -2
  131. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -0
  132. package/lib/vendor/blamejs/lib/agent-saga.js +2 -0
  133. package/lib/vendor/blamejs/lib/agent-snapshot.js +2 -0
  134. package/lib/vendor/blamejs/lib/agent-stream.js +2 -0
  135. package/lib/vendor/blamejs/lib/agent-tenant.js +11 -2
  136. package/lib/vendor/blamejs/lib/agent-trace.js +2 -0
  137. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -0
  138. package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +2 -0
  139. package/lib/vendor/blamejs/lib/ai-capability.js +2 -0
  140. package/lib/vendor/blamejs/lib/ai-content-detect.js +2 -0
  141. package/lib/vendor/blamejs/lib/ai-disclosure.js +2 -0
  142. package/lib/vendor/blamejs/lib/ai-dp.js +2 -0
  143. package/lib/vendor/blamejs/lib/ai-frontier-protocol.js +2 -0
  144. package/lib/vendor/blamejs/lib/ai-input.js +2 -0
  145. package/lib/vendor/blamejs/lib/ai-model-manifest.js +2 -0
  146. package/lib/vendor/blamejs/lib/ai-output.js +2 -0
  147. package/lib/vendor/blamejs/lib/ai-pref.js +2 -0
  148. package/lib/vendor/blamejs/lib/ai-prompt.js +2 -0
  149. package/lib/vendor/blamejs/lib/ai-quota.js +2 -0
  150. package/lib/vendor/blamejs/lib/api-key.js +2 -0
  151. package/lib/vendor/blamejs/lib/api-snapshot.js +2 -0
  152. package/lib/vendor/blamejs/lib/app-shutdown.js +2 -0
  153. package/lib/vendor/blamejs/lib/app.js +2 -0
  154. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -0
  155. package/lib/vendor/blamejs/lib/archive-entry-policy.js +2 -0
  156. package/lib/vendor/blamejs/lib/archive-gz.js +2 -0
  157. package/lib/vendor/blamejs/lib/archive-read.js +2 -0
  158. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -0
  159. package/lib/vendor/blamejs/lib/archive-tar.js +9 -0
  160. package/lib/vendor/blamejs/lib/archive-wrap.js +2 -0
  161. package/lib/vendor/blamejs/lib/archive.js +6 -0
  162. package/lib/vendor/blamejs/lib/arg-parser.js +2 -0
  163. package/lib/vendor/blamejs/lib/argon2-builtin.js +2 -0
  164. package/lib/vendor/blamejs/lib/asn1-der.js +2 -0
  165. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +2 -0
  166. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -0
  167. package/lib/vendor/blamejs/lib/asyncapi.js +2 -0
  168. package/lib/vendor/blamejs/lib/atomic-file.js +2 -0
  169. package/lib/vendor/blamejs/lib/audit-chain.js +2 -0
  170. package/lib/vendor/blamejs/lib/audit-daily-review.js +2 -0
  171. package/lib/vendor/blamejs/lib/audit-emit.js +2 -0
  172. package/lib/vendor/blamejs/lib/audit-sign.js +2 -0
  173. package/lib/vendor/blamejs/lib/audit-tools.js +2 -0
  174. package/lib/vendor/blamejs/lib/audit.js +2 -0
  175. package/lib/vendor/blamejs/lib/auth/aal.js +2 -0
  176. package/lib/vendor/blamejs/lib/auth/access-lock.js +2 -0
  177. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -0
  178. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +48 -11
  179. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +2 -0
  180. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +2 -0
  181. package/lib/vendor/blamejs/lib/auth/ciba.js +2 -0
  182. package/lib/vendor/blamejs/lib/auth/dpop.js +2 -0
  183. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +2 -0
  184. package/lib/vendor/blamejs/lib/auth/fal.js +2 -0
  185. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +11 -7
  186. package/lib/vendor/blamejs/lib/auth/jar.js +4 -1
  187. package/lib/vendor/blamejs/lib/auth/jwt-external.js +16 -3
  188. package/lib/vendor/blamejs/lib/auth/jwt.js +2 -0
  189. package/lib/vendor/blamejs/lib/auth/lockout.js +237 -104
  190. package/lib/vendor/blamejs/lib/auth/oauth.js +98 -17
  191. package/lib/vendor/blamejs/lib/auth/oid4vci.js +58 -17
  192. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -0
  193. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -0
  194. package/lib/vendor/blamejs/lib/auth/passkey.js +2 -0
  195. package/lib/vendor/blamejs/lib/auth/password.js +2 -0
  196. package/lib/vendor/blamejs/lib/auth/saml.js +68 -7
  197. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +2 -0
  198. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -0
  199. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -0
  200. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +9 -0
  201. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -0
  202. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +2 -0
  203. package/lib/vendor/blamejs/lib/auth/step-up.js +2 -0
  204. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +5 -8
  205. package/lib/vendor/blamejs/lib/auth-header.js +2 -0
  206. package/lib/vendor/blamejs/lib/backup/bundle.js +2 -0
  207. package/lib/vendor/blamejs/lib/backup/crypto.js +2 -0
  208. package/lib/vendor/blamejs/lib/backup/index.js +14 -0
  209. package/lib/vendor/blamejs/lib/backup/manifest.js +2 -0
  210. package/lib/vendor/blamejs/lib/base32.js +2 -0
  211. package/lib/vendor/blamejs/lib/boot-gates.js +2 -0
  212. package/lib/vendor/blamejs/lib/bounded-map.js +3 -1
  213. package/lib/vendor/blamejs/lib/breach-deadline.js +2 -0
  214. package/lib/vendor/blamejs/lib/break-glass.js +10 -9
  215. package/lib/vendor/blamejs/lib/budr.js +2 -0
  216. package/lib/vendor/blamejs/lib/bundler.js +2 -0
  217. package/lib/vendor/blamejs/lib/cache-redis.js +2 -0
  218. package/lib/vendor/blamejs/lib/cache-status.js +2 -0
  219. package/lib/vendor/blamejs/lib/cache.js +13 -5
  220. package/lib/vendor/blamejs/lib/calendar.js +2 -0
  221. package/lib/vendor/blamejs/lib/canonical-json.js +19 -3
  222. package/lib/vendor/blamejs/lib/cbor.js +2 -0
  223. package/lib/vendor/blamejs/lib/cdn-cache-control.js +2 -0
  224. package/lib/vendor/blamejs/lib/cert.js +2 -0
  225. package/lib/vendor/blamejs/lib/chain-writer.js +2 -0
  226. package/lib/vendor/blamejs/lib/circuit-breaker.js +2 -0
  227. package/lib/vendor/blamejs/lib/cli-helpers.js +2 -0
  228. package/lib/vendor/blamejs/lib/cli.js +57 -20
  229. package/lib/vendor/blamejs/lib/client-hints.js +2 -0
  230. package/lib/vendor/blamejs/lib/cloud-events.js +2 -0
  231. package/lib/vendor/blamejs/lib/cluster-provider-db.js +2 -0
  232. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -0
  233. package/lib/vendor/blamejs/lib/cluster.js +2 -0
  234. package/lib/vendor/blamejs/lib/cms-codec.js +2 -0
  235. package/lib/vendor/blamejs/lib/codepoint-class.js +2 -0
  236. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +2 -0
  237. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +2 -0
  238. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +2 -0
  239. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -0
  240. package/lib/vendor/blamejs/lib/compliance-ai-act.js +2 -0
  241. package/lib/vendor/blamejs/lib/compliance-eaa.js +2 -0
  242. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +2 -0
  243. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +2 -0
  244. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +2 -0
  245. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -0
  246. package/lib/vendor/blamejs/lib/compliance.js +2 -0
  247. package/lib/vendor/blamejs/lib/config-drift.js +2 -0
  248. package/lib/vendor/blamejs/lib/config.js +2 -0
  249. package/lib/vendor/blamejs/lib/consent.js +2 -0
  250. package/lib/vendor/blamejs/lib/constants.js +2 -0
  251. package/lib/vendor/blamejs/lib/content-credentials.js +2 -0
  252. package/lib/vendor/blamejs/lib/content-digest.js +2 -0
  253. package/lib/vendor/blamejs/lib/cookies.js +2 -0
  254. package/lib/vendor/blamejs/lib/cose.js +2 -0
  255. package/lib/vendor/blamejs/lib/cra-report.js +2 -0
  256. package/lib/vendor/blamejs/lib/crdt.js +2 -0
  257. package/lib/vendor/blamejs/lib/credential-hash.js +2 -0
  258. package/lib/vendor/blamejs/lib/crypto-field.js +2 -0
  259. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +2 -0
  260. package/lib/vendor/blamejs/lib/crypto-hpke.js +2 -0
  261. package/lib/vendor/blamejs/lib/crypto-oprf.js +2 -0
  262. package/lib/vendor/blamejs/lib/crypto-xwing.js +2 -0
  263. package/lib/vendor/blamejs/lib/crypto.js +2 -0
  264. package/lib/vendor/blamejs/lib/csp.js +2 -0
  265. package/lib/vendor/blamejs/lib/csv.js +14 -1
  266. package/lib/vendor/blamejs/lib/cwt.js +2 -0
  267. package/lib/vendor/blamejs/lib/daemon.js +2 -0
  268. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -0
  269. package/lib/vendor/blamejs/lib/data-act.js +2 -0
  270. package/lib/vendor/blamejs/lib/db-collection.js +2 -0
  271. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +2 -0
  272. package/lib/vendor/blamejs/lib/db-declare-view.js +2 -0
  273. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +2 -0
  274. package/lib/vendor/blamejs/lib/db-query.js +2 -0
  275. package/lib/vendor/blamejs/lib/db-role-context.js +2 -0
  276. package/lib/vendor/blamejs/lib/db-schema.js +2 -0
  277. package/lib/vendor/blamejs/lib/db.js +2 -0
  278. package/lib/vendor/blamejs/lib/dbsc.js +2 -0
  279. package/lib/vendor/blamejs/lib/ddl-change-control.js +2 -0
  280. package/lib/vendor/blamejs/lib/deprecate.js +2 -0
  281. package/lib/vendor/blamejs/lib/dev.js +2 -0
  282. package/lib/vendor/blamejs/lib/did.js +2 -0
  283. package/lib/vendor/blamejs/lib/dora.js +2 -0
  284. package/lib/vendor/blamejs/lib/dr-runbook.js +2 -0
  285. package/lib/vendor/blamejs/lib/dsa.js +2 -0
  286. package/lib/vendor/blamejs/lib/dsr.js +2 -0
  287. package/lib/vendor/blamejs/lib/dual-control.js +11 -15
  288. package/lib/vendor/blamejs/lib/early-hints.js +2 -0
  289. package/lib/vendor/blamejs/lib/eat.js +4 -1
  290. package/lib/vendor/blamejs/lib/error-page.js +2 -0
  291. package/lib/vendor/blamejs/lib/events.js +2 -0
  292. package/lib/vendor/blamejs/lib/external-db-migrate.js +2 -0
  293. package/lib/vendor/blamejs/lib/external-db.js +2 -0
  294. package/lib/vendor/blamejs/lib/fapi2.js +2 -0
  295. package/lib/vendor/blamejs/lib/fda-21cfr11.js +2 -0
  296. package/lib/vendor/blamejs/lib/fdx.js +2 -0
  297. package/lib/vendor/blamejs/lib/fedcm.js +2 -0
  298. package/lib/vendor/blamejs/lib/file-type.js +2 -0
  299. package/lib/vendor/blamejs/lib/file-upload.js +139 -21
  300. package/lib/vendor/blamejs/lib/flag-cache.js +2 -0
  301. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -0
  302. package/lib/vendor/blamejs/lib/flag-providers.js +2 -0
  303. package/lib/vendor/blamejs/lib/flag-targeting.js +4 -7
  304. package/lib/vendor/blamejs/lib/flag.js +2 -0
  305. package/lib/vendor/blamejs/lib/forms.js +11 -0
  306. package/lib/vendor/blamejs/lib/framework-error.js +2 -0
  307. package/lib/vendor/blamejs/lib/framework-files.js +2 -0
  308. package/lib/vendor/blamejs/lib/framework-schema.js +2 -0
  309. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +2 -0
  310. package/lib/vendor/blamejs/lib/fsm.js +2 -0
  311. package/lib/vendor/blamejs/lib/gate-contract.js +2 -0
  312. package/lib/vendor/blamejs/lib/gdpr-ropa.js +2 -0
  313. package/lib/vendor/blamejs/lib/graphql-federation.js +2 -0
  314. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -0
  315. package/lib/vendor/blamejs/lib/guard-all.js +2 -0
  316. package/lib/vendor/blamejs/lib/guard-archive.js +2 -0
  317. package/lib/vendor/blamejs/lib/guard-auth.js +2 -0
  318. package/lib/vendor/blamejs/lib/guard-cidr.js +2 -0
  319. package/lib/vendor/blamejs/lib/guard-csv.js +2 -0
  320. package/lib/vendor/blamejs/lib/guard-domain.js +2 -0
  321. package/lib/vendor/blamejs/lib/guard-dsn.js +2 -0
  322. package/lib/vendor/blamejs/lib/guard-email.js +2 -0
  323. package/lib/vendor/blamejs/lib/guard-envelope.js +2 -0
  324. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +2 -0
  325. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -0
  326. package/lib/vendor/blamejs/lib/guard-filename.js +2 -0
  327. package/lib/vendor/blamejs/lib/guard-graphql.js +2 -0
  328. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +2 -0
  329. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +2 -0
  330. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +2 -0
  331. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +2 -0
  332. package/lib/vendor/blamejs/lib/guard-html-wcag.js +2 -0
  333. package/lib/vendor/blamejs/lib/guard-html.js +2 -0
  334. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -0
  335. package/lib/vendor/blamejs/lib/guard-image.js +2 -0
  336. package/lib/vendor/blamejs/lib/guard-imap-command.js +2 -0
  337. package/lib/vendor/blamejs/lib/guard-jmap.js +2 -0
  338. package/lib/vendor/blamejs/lib/guard-json.js +2 -0
  339. package/lib/vendor/blamejs/lib/guard-jsonpath.js +2 -0
  340. package/lib/vendor/blamejs/lib/guard-jwt.js +2 -0
  341. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -0
  342. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -0
  343. package/lib/vendor/blamejs/lib/guard-mail-compose.js +2 -0
  344. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -0
  345. package/lib/vendor/blamejs/lib/guard-mail-query.js +2 -0
  346. package/lib/vendor/blamejs/lib/guard-mail-reply.js +2 -0
  347. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +2 -0
  348. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +2 -0
  349. package/lib/vendor/blamejs/lib/guard-markdown.js +2 -0
  350. package/lib/vendor/blamejs/lib/guard-message-id.js +2 -0
  351. package/lib/vendor/blamejs/lib/guard-mime.js +2 -0
  352. package/lib/vendor/blamejs/lib/guard-oauth.js +14 -1
  353. package/lib/vendor/blamejs/lib/guard-pdf.js +2 -0
  354. package/lib/vendor/blamejs/lib/guard-pop3-command.js +2 -0
  355. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -0
  356. package/lib/vendor/blamejs/lib/guard-regex.js +59 -0
  357. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -0
  358. package/lib/vendor/blamejs/lib/guard-shell.js +2 -0
  359. package/lib/vendor/blamejs/lib/guard-smtp-command.js +2 -0
  360. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +2 -0
  361. package/lib/vendor/blamejs/lib/guard-sql.js +2 -0
  362. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -0
  363. package/lib/vendor/blamejs/lib/guard-svg.js +2 -0
  364. package/lib/vendor/blamejs/lib/guard-template.js +2 -0
  365. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -0
  366. package/lib/vendor/blamejs/lib/guard-text.js +2 -0
  367. package/lib/vendor/blamejs/lib/guard-time.js +2 -0
  368. package/lib/vendor/blamejs/lib/guard-trace-context.js +2 -0
  369. package/lib/vendor/blamejs/lib/guard-uuid.js +2 -0
  370. package/lib/vendor/blamejs/lib/guard-xml.js +2 -0
  371. package/lib/vendor/blamejs/lib/guard-yaml.js +2 -0
  372. package/lib/vendor/blamejs/lib/hal.js +2 -0
  373. package/lib/vendor/blamejs/lib/handlers.js +2 -0
  374. package/lib/vendor/blamejs/lib/honeytoken.js +2 -0
  375. package/lib/vendor/blamejs/lib/html-balance.js +2 -0
  376. package/lib/vendor/blamejs/lib/http-client-cache.js +2 -0
  377. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -0
  378. package/lib/vendor/blamejs/lib/http-client.js +2 -0
  379. package/lib/vendor/blamejs/lib/http-message-signature.js +144 -11
  380. package/lib/vendor/blamejs/lib/http2-teardown.js +2 -0
  381. package/lib/vendor/blamejs/lib/i18n-messageformat.js +35 -6
  382. package/lib/vendor/blamejs/lib/i18n.js +2 -0
  383. package/lib/vendor/blamejs/lib/iab-mspa.js +2 -0
  384. package/lib/vendor/blamejs/lib/iab-tcf.js +2 -0
  385. package/lib/vendor/blamejs/lib/importmap-integrity.js +2 -0
  386. package/lib/vendor/blamejs/lib/inbox.js +2 -0
  387. package/lib/vendor/blamejs/lib/incident-report.js +2 -0
  388. package/lib/vendor/blamejs/lib/ip-utils.js +2 -0
  389. package/lib/vendor/blamejs/lib/jobs.js +2 -0
  390. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -0
  391. package/lib/vendor/blamejs/lib/json-merge-patch.js +2 -0
  392. package/lib/vendor/blamejs/lib/json-patch.js +2 -0
  393. package/lib/vendor/blamejs/lib/json-path.js +2 -0
  394. package/lib/vendor/blamejs/lib/json-pointer.js +2 -0
  395. package/lib/vendor/blamejs/lib/json-schema.js +13 -1
  396. package/lib/vendor/blamejs/lib/jsonapi.js +2 -0
  397. package/lib/vendor/blamejs/lib/jtd.js +2 -0
  398. package/lib/vendor/blamejs/lib/jwk.js +2 -0
  399. package/lib/vendor/blamejs/lib/keychain.js +32 -10
  400. package/lib/vendor/blamejs/lib/lazy-require.js +2 -0
  401. package/lib/vendor/blamejs/lib/legal-hold.js +2 -0
  402. package/lib/vendor/blamejs/lib/link-header.js +2 -0
  403. package/lib/vendor/blamejs/lib/local-db-thin.js +2 -0
  404. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +2 -0
  405. package/lib/vendor/blamejs/lib/log-stream-local.js +2 -0
  406. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +2 -0
  407. package/lib/vendor/blamejs/lib/log-stream-otlp.js +2 -0
  408. package/lib/vendor/blamejs/lib/log-stream-syslog.js +2 -0
  409. package/lib/vendor/blamejs/lib/log-stream-webhook.js +2 -0
  410. package/lib/vendor/blamejs/lib/log-stream.js +2 -0
  411. package/lib/vendor/blamejs/lib/log.js +2 -0
  412. package/lib/vendor/blamejs/lib/lro.js +2 -0
  413. package/lib/vendor/blamejs/lib/mail-agent.js +2 -0
  414. package/lib/vendor/blamejs/lib/mail-arc-reuse-token.js +20 -0
  415. package/lib/vendor/blamejs/lib/mail-arc-sign.js +32 -14
  416. package/lib/vendor/blamejs/lib/mail-arf.js +4 -0
  417. package/lib/vendor/blamejs/lib/mail-auth.js +93 -19
  418. package/lib/vendor/blamejs/lib/mail-bimi.js +26 -10
  419. package/lib/vendor/blamejs/lib/mail-bounce.js +23 -6
  420. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +2 -0
  421. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -0
  422. package/lib/vendor/blamejs/lib/mail-crypto.js +2 -0
  423. package/lib/vendor/blamejs/lib/mail-dav.js +2 -0
  424. package/lib/vendor/blamejs/lib/mail-deploy.js +2 -0
  425. package/lib/vendor/blamejs/lib/mail-dkim.js +44 -5
  426. package/lib/vendor/blamejs/lib/mail-greylist.js +2 -0
  427. package/lib/vendor/blamejs/lib/mail-helo.js +16 -0
  428. package/lib/vendor/blamejs/lib/mail-journal.js +2 -0
  429. package/lib/vendor/blamejs/lib/mail-mdn.js +17 -0
  430. package/lib/vendor/blamejs/lib/mail-rbl.js +2 -0
  431. package/lib/vendor/blamejs/lib/mail-require-tls.js +2 -0
  432. package/lib/vendor/blamejs/lib/mail-scan.js +2 -0
  433. package/lib/vendor/blamejs/lib/mail-send-deliver.js +32 -7
  434. package/lib/vendor/blamejs/lib/mail-server-imap.js +2 -0
  435. package/lib/vendor/blamejs/lib/mail-server-jmap.js +23 -11
  436. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +2 -0
  437. package/lib/vendor/blamejs/lib/mail-server-mx.js +2 -0
  438. package/lib/vendor/blamejs/lib/mail-server-net.js +2 -0
  439. package/lib/vendor/blamejs/lib/mail-server-pop3.js +2 -0
  440. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -0
  441. package/lib/vendor/blamejs/lib/mail-server-registry.js +2 -0
  442. package/lib/vendor/blamejs/lib/mail-server-submission.js +2 -0
  443. package/lib/vendor/blamejs/lib/mail-server-tls.js +2 -0
  444. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -0
  445. package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -0
  446. package/lib/vendor/blamejs/lib/mail-srs.js +8 -0
  447. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -0
  448. package/lib/vendor/blamejs/lib/mail-store.js +2 -0
  449. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +2 -0
  450. package/lib/vendor/blamejs/lib/mail.js +11 -0
  451. package/lib/vendor/blamejs/lib/markup-escape.js +2 -0
  452. package/lib/vendor/blamejs/lib/markup-tokenizer.js +2 -0
  453. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +2 -0
  454. package/lib/vendor/blamejs/lib/mcp.js +4 -2
  455. package/lib/vendor/blamejs/lib/mdoc.js +2 -0
  456. package/lib/vendor/blamejs/lib/metrics.js +2 -0
  457. package/lib/vendor/blamejs/lib/middleware/age-gate.js +2 -0
  458. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +2 -0
  459. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +2 -0
  460. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -0
  461. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -0
  462. package/lib/vendor/blamejs/lib/middleware/attach-user.js +2 -0
  463. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -0
  464. package/lib/vendor/blamejs/lib/middleware/body-parser.js +2 -0
  465. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +2 -0
  466. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +10 -1
  467. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +2 -0
  468. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +2 -0
  469. package/lib/vendor/blamejs/lib/middleware/compression.js +2 -0
  470. package/lib/vendor/blamejs/lib/middleware/cookies.js +2 -0
  471. package/lib/vendor/blamejs/lib/middleware/cors.js +7 -0
  472. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +2 -0
  473. package/lib/vendor/blamejs/lib/middleware/csp-report.js +2 -0
  474. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +12 -5
  475. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +2 -0
  476. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +2 -0
  477. package/lib/vendor/blamejs/lib/middleware/deny-response.js +2 -0
  478. package/lib/vendor/blamejs/lib/middleware/dpop.js +2 -0
  479. package/lib/vendor/blamejs/lib/middleware/error-handler.js +2 -0
  480. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +2 -0
  481. package/lib/vendor/blamejs/lib/middleware/flag-context.js +2 -0
  482. package/lib/vendor/blamejs/lib/middleware/gpc.js +2 -0
  483. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -0
  484. package/lib/vendor/blamejs/lib/middleware/health.js +2 -0
  485. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +2 -0
  486. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +30 -2
  487. package/lib/vendor/blamejs/lib/middleware/index.js +2 -0
  488. package/lib/vendor/blamejs/lib/middleware/nel.js +2 -0
  489. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +2 -0
  490. package/lib/vendor/blamejs/lib/middleware/no-cache.js +2 -0
  491. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -0
  492. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -0
  493. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +2 -0
  494. package/lib/vendor/blamejs/lib/middleware/request-id.js +2 -0
  495. package/lib/vendor/blamejs/lib/middleware/request-log.js +6 -0
  496. package/lib/vendor/blamejs/lib/middleware/require-aal.js +2 -0
  497. package/lib/vendor/blamejs/lib/middleware/require-auth.js +2 -0
  498. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -0
  499. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +2 -0
  500. package/lib/vendor/blamejs/lib/middleware/require-methods.js +2 -0
  501. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +2 -0
  502. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +42 -1
  503. package/lib/vendor/blamejs/lib/middleware/scim-server.js +2 -0
  504. package/lib/vendor/blamejs/lib/middleware/security-headers.js +2 -0
  505. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -0
  506. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +12 -0
  507. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +2 -0
  508. package/lib/vendor/blamejs/lib/middleware/sse.js +2 -0
  509. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +2 -0
  510. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +2 -0
  511. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +2 -0
  512. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -0
  513. package/lib/vendor/blamejs/lib/migration-files.js +2 -0
  514. package/lib/vendor/blamejs/lib/migrations.js +2 -0
  515. package/lib/vendor/blamejs/lib/mime-parse.js +5 -1
  516. package/lib/vendor/blamejs/lib/module-loader.js +2 -0
  517. package/lib/vendor/blamejs/lib/money.js +2 -0
  518. package/lib/vendor/blamejs/lib/mtls-ca.js +2 -0
  519. package/lib/vendor/blamejs/lib/mtls-engine-default.js +2 -0
  520. package/lib/vendor/blamejs/lib/network-byte-quota.js +76 -14
  521. package/lib/vendor/blamejs/lib/network-dane.js +2 -0
  522. package/lib/vendor/blamejs/lib/network-dns-resolver.js +55 -18
  523. package/lib/vendor/blamejs/lib/network-dns.js +2 -0
  524. package/lib/vendor/blamejs/lib/network-dnssec.js +15 -2
  525. package/lib/vendor/blamejs/lib/network-heartbeat.js +2 -0
  526. package/lib/vendor/blamejs/lib/network-nts.js +2 -0
  527. package/lib/vendor/blamejs/lib/network-proxy.js +2 -0
  528. package/lib/vendor/blamejs/lib/network-smtp-policy.js +6 -1
  529. package/lib/vendor/blamejs/lib/network-tls.js +99 -5
  530. package/lib/vendor/blamejs/lib/network-tsig.js +13 -1
  531. package/lib/vendor/blamejs/lib/network.js +2 -0
  532. package/lib/vendor/blamejs/lib/nis2-report.js +2 -0
  533. package/lib/vendor/blamejs/lib/nist-crosswalk.js +2 -0
  534. package/lib/vendor/blamejs/lib/nonce-store.js +2 -0
  535. package/lib/vendor/blamejs/lib/notify.js +2 -0
  536. package/lib/vendor/blamejs/lib/ntp-check.js +2 -0
  537. package/lib/vendor/blamejs/lib/numeric-bounds.js +2 -0
  538. package/lib/vendor/blamejs/lib/numeric-checks.js +2 -0
  539. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -0
  540. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +2 -0
  541. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +2 -0
  542. package/lib/vendor/blamejs/lib/object-store/gcs.js +2 -0
  543. package/lib/vendor/blamejs/lib/object-store/http-put.js +2 -0
  544. package/lib/vendor/blamejs/lib/object-store/http-request.js +2 -0
  545. package/lib/vendor/blamejs/lib/object-store/index.js +2 -0
  546. package/lib/vendor/blamejs/lib/object-store/local.js +2 -0
  547. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -0
  548. package/lib/vendor/blamejs/lib/object-store/sigv4.js +2 -0
  549. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +4 -2
  550. package/lib/vendor/blamejs/lib/observability-tracer.js +2 -0
  551. package/lib/vendor/blamejs/lib/observability.js +2 -0
  552. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +2 -0
  553. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +2 -0
  554. package/lib/vendor/blamejs/lib/openapi-security.js +2 -0
  555. package/lib/vendor/blamejs/lib/openapi-yaml.js +2 -0
  556. package/lib/vendor/blamejs/lib/openapi.js +2 -0
  557. package/lib/vendor/blamejs/lib/otel-export.js +2 -0
  558. package/lib/vendor/blamejs/lib/outbox.js +2 -0
  559. package/lib/vendor/blamejs/lib/pagination.js +2 -0
  560. package/lib/vendor/blamejs/lib/parsers/index.js +2 -0
  561. package/lib/vendor/blamejs/lib/parsers/safe-env.js +2 -0
  562. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +2 -0
  563. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +2 -0
  564. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -0
  565. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +2 -0
  566. package/lib/vendor/blamejs/lib/permissions.js +2 -0
  567. package/lib/vendor/blamejs/lib/pick.js +2 -0
  568. package/lib/vendor/blamejs/lib/pipl-cn.js +2 -0
  569. package/lib/vendor/blamejs/lib/pqc-agent.js +2 -0
  570. package/lib/vendor/blamejs/lib/pqc-gate.js +2 -0
  571. package/lib/vendor/blamejs/lib/pqc-software.js +2 -0
  572. package/lib/vendor/blamejs/lib/privacy-pass.js +2 -0
  573. package/lib/vendor/blamejs/lib/privacy.js +2 -0
  574. package/lib/vendor/blamejs/lib/problem-details.js +2 -0
  575. package/lib/vendor/blamejs/lib/process-spawn.js +2 -0
  576. package/lib/vendor/blamejs/lib/promise-pool.js +2 -0
  577. package/lib/vendor/blamejs/lib/protobuf-encoder.js +2 -0
  578. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +2 -0
  579. package/lib/vendor/blamejs/lib/public-suffix.js +45 -5
  580. package/lib/vendor/blamejs/lib/pubsub-cluster.js +2 -0
  581. package/lib/vendor/blamejs/lib/pubsub-redis.js +2 -0
  582. package/lib/vendor/blamejs/lib/pubsub.js +2 -0
  583. package/lib/vendor/blamejs/lib/queue-local.js +28 -11
  584. package/lib/vendor/blamejs/lib/queue-redis.js +79 -17
  585. package/lib/vendor/blamejs/lib/queue-sqs.js +2 -0
  586. package/lib/vendor/blamejs/lib/queue.js +5 -3
  587. package/lib/vendor/blamejs/lib/redact.js +2 -0
  588. package/lib/vendor/blamejs/lib/redis-client.js +30 -5
  589. package/lib/vendor/blamejs/lib/render.js +2 -0
  590. package/lib/vendor/blamejs/lib/request-helpers.js +11 -0
  591. package/lib/vendor/blamejs/lib/resource-access-lock.js +2 -0
  592. package/lib/vendor/blamejs/lib/restore-bundle.js +2 -0
  593. package/lib/vendor/blamejs/lib/restore-rollback.js +2 -0
  594. package/lib/vendor/blamejs/lib/restore.js +2 -0
  595. package/lib/vendor/blamejs/lib/retention.js +2 -0
  596. package/lib/vendor/blamejs/lib/retry.js +2 -0
  597. package/lib/vendor/blamejs/lib/rfc3339.js +2 -0
  598. package/lib/vendor/blamejs/lib/router.js +109 -19
  599. package/lib/vendor/blamejs/lib/safe-archive.js +2 -0
  600. package/lib/vendor/blamejs/lib/safe-async.js +44 -0
  601. package/lib/vendor/blamejs/lib/safe-buffer.js +66 -0
  602. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -0
  603. package/lib/vendor/blamejs/lib/safe-dns.js +2 -0
  604. package/lib/vendor/blamejs/lib/safe-ical.js +2 -0
  605. package/lib/vendor/blamejs/lib/safe-icap.js +7 -0
  606. package/lib/vendor/blamejs/lib/safe-json.js +2 -0
  607. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -0
  608. package/lib/vendor/blamejs/lib/safe-mime.js +2 -0
  609. package/lib/vendor/blamejs/lib/safe-mount-info.js +2 -0
  610. package/lib/vendor/blamejs/lib/safe-path.js +2 -0
  611. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -0
  612. package/lib/vendor/blamejs/lib/safe-schema.js +2 -0
  613. package/lib/vendor/blamejs/lib/safe-sieve.js +2 -0
  614. package/lib/vendor/blamejs/lib/safe-smtp.js +2 -0
  615. package/lib/vendor/blamejs/lib/safe-sql.js +2 -0
  616. package/lib/vendor/blamejs/lib/safe-url.js +2 -0
  617. package/lib/vendor/blamejs/lib/safe-vcard.js +2 -0
  618. package/lib/vendor/blamejs/lib/sandbox-worker.js +2 -0
  619. package/lib/vendor/blamejs/lib/sandbox.js +2 -0
  620. package/lib/vendor/blamejs/lib/scheduler.js +2 -0
  621. package/lib/vendor/blamejs/lib/scitt.js +2 -0
  622. package/lib/vendor/blamejs/lib/sd-notify.js +2 -0
  623. package/lib/vendor/blamejs/lib/sec-cyber.js +2 -0
  624. package/lib/vendor/blamejs/lib/security-assert.js +2 -0
  625. package/lib/vendor/blamejs/lib/seeders.js +2 -0
  626. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +2 -0
  627. package/lib/vendor/blamejs/lib/self-update.js +104 -56
  628. package/lib/vendor/blamejs/lib/server-timing.js +2 -0
  629. package/lib/vendor/blamejs/lib/session-device-binding.js +2 -0
  630. package/lib/vendor/blamejs/lib/session-stores.js +2 -0
  631. package/lib/vendor/blamejs/lib/session.js +71 -32
  632. package/lib/vendor/blamejs/lib/slug.js +2 -0
  633. package/lib/vendor/blamejs/lib/sql.js +2 -0
  634. package/lib/vendor/blamejs/lib/sse.js +2 -0
  635. package/lib/vendor/blamejs/lib/ssrf-guard.js +9 -1
  636. package/lib/vendor/blamejs/lib/standard-webhooks.js +2 -0
  637. package/lib/vendor/blamejs/lib/static.js +54 -20
  638. package/lib/vendor/blamejs/lib/storage.js +2 -0
  639. package/lib/vendor/blamejs/lib/stream-throttle.js +2 -0
  640. package/lib/vendor/blamejs/lib/structured-fields.js +2 -0
  641. package/lib/vendor/blamejs/lib/subject.js +2 -0
  642. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +2 -0
  643. package/lib/vendor/blamejs/lib/template.js +2 -0
  644. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -0
  645. package/lib/vendor/blamejs/lib/test-harness.js +2 -0
  646. package/lib/vendor/blamejs/lib/testing.js +2 -0
  647. package/lib/vendor/blamejs/lib/time.js +2 -0
  648. package/lib/vendor/blamejs/lib/tls-exporter.js +2 -0
  649. package/lib/vendor/blamejs/lib/totp.js +2 -0
  650. package/lib/vendor/blamejs/lib/tracing.js +2 -0
  651. package/lib/vendor/blamejs/lib/tsa.js +2 -0
  652. package/lib/vendor/blamejs/lib/uri-template.js +2 -0
  653. package/lib/vendor/blamejs/lib/uuid.js +2 -0
  654. package/lib/vendor/blamejs/lib/validate-opts.js +2 -0
  655. package/lib/vendor/blamejs/lib/vault/index.js +2 -0
  656. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +2 -0
  657. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +2 -0
  658. package/lib/vendor/blamejs/lib/vault/rotate.js +2 -0
  659. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +2 -0
  660. package/lib/vendor/blamejs/lib/vault/wrap.js +2 -0
  661. package/lib/vendor/blamejs/lib/vault-aad.js +2 -0
  662. package/lib/vendor/blamejs/lib/vc.js +31 -0
  663. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +10 -10
  664. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +2 -4
  665. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +745 -745
  666. package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
  667. package/lib/vendor/blamejs/lib/vex.js +2 -0
  668. package/lib/vendor/blamejs/lib/watcher.js +2 -0
  669. package/lib/vendor/blamejs/lib/web-push-vapid.js +2 -0
  670. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +33 -5
  671. package/lib/vendor/blamejs/lib/webhook.js +2 -0
  672. package/lib/vendor/blamejs/lib/websocket-channels.js +2 -0
  673. package/lib/vendor/blamejs/lib/websocket.js +2 -0
  674. package/lib/vendor/blamejs/lib/wiki-concepts.js +2 -0
  675. package/lib/vendor/blamejs/lib/worker-pool.js +2 -0
  676. package/lib/vendor/blamejs/lib/worm.js +2 -0
  677. package/lib/vendor/blamejs/lib/ws-client.js +2 -0
  678. package/lib/vendor/blamejs/lib/x509-chain.js +2 -0
  679. package/lib/vendor/blamejs/lib/xml-c14n.js +10 -7
  680. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +7 -6
  681. package/lib/vendor/blamejs/package-lock.json +533 -0
  682. package/lib/vendor/blamejs/package.json +3 -3
  683. package/lib/vendor/blamejs/release-notes/v0.15.x.json +2284 -0
  684. package/lib/vendor/blamejs/release-notes/v0.16.0.json +44 -0
  685. package/lib/vendor/blamejs/release-notes/v0.16.1.json +36 -0
  686. package/lib/vendor/blamejs/release-notes/v0.16.2.json +71 -0
  687. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +2 -0
  688. package/lib/vendor/blamejs/scripts/check-actions-currency.js +113 -1
  689. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +2 -0
  690. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +2 -0
  691. package/lib/vendor/blamejs/scripts/check-esbuild-pin.js +33 -40
  692. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +2 -0
  693. package/lib/vendor/blamejs/scripts/check-services.js +2 -0
  694. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +2 -0
  695. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +2 -0
  696. package/lib/vendor/blamejs/scripts/gen-migrating.js +2 -0
  697. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +2 -0
  698. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +2 -0
  699. package/lib/vendor/blamejs/scripts/generate-ssdf-attestation.js +2 -0
  700. package/lib/vendor/blamejs/scripts/pin-all.js +215 -0
  701. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +2 -0
  702. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +2 -0
  703. package/lib/vendor/blamejs/scripts/release.js +5 -1
  704. package/lib/vendor/blamejs/scripts/sha3-digest.js +2 -0
  705. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +2 -0
  706. package/lib/vendor/blamejs/scripts/test-integration.js +2 -0
  707. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +2 -0
  708. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +2 -0
  709. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +2 -0
  710. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +2 -0
  711. package/lib/vendor/blamejs/test/00-primitives.js +35 -1
  712. package/lib/vendor/blamejs/test/10-state.js +2 -0
  713. package/lib/vendor/blamejs/test/20-db.js +2 -0
  714. package/lib/vendor/blamejs/test/30-chain.js +2 -0
  715. package/lib/vendor/blamejs/test/40-consumers.js +2 -0
  716. package/lib/vendor/blamejs/test/50-integration.js +2 -0
  717. package/lib/vendor/blamejs/test/_helpers.js +2 -0
  718. package/lib/vendor/blamejs/test/_smoke-worker.js +2 -0
  719. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +2 -0
  720. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +2 -0
  721. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +2 -0
  722. package/lib/vendor/blamejs/test/helpers/_shape-match.js +2 -0
  723. package/lib/vendor/blamejs/test/helpers/check.js +2 -0
  724. package/lib/vendor/blamejs/test/helpers/cluster.js +2 -0
  725. package/lib/vendor/blamejs/test/helpers/db.js +2 -0
  726. package/lib/vendor/blamejs/test/helpers/drivers.js +2 -0
  727. package/lib/vendor/blamejs/test/helpers/fs-watch.js +2 -0
  728. package/lib/vendor/blamejs/test/helpers/http.js +2 -0
  729. package/lib/vendor/blamejs/test/helpers/index.js +2 -0
  730. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +2 -0
  731. package/lib/vendor/blamejs/test/helpers/mocks.js +2 -0
  732. package/lib/vendor/blamejs/test/helpers/otel.js +2 -0
  733. package/lib/vendor/blamejs/test/helpers/services.js +2 -0
  734. package/lib/vendor/blamejs/test/helpers/wait.js +2 -0
  735. package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +2 -0
  736. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -0
  737. package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +2 -0
  738. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -0
  739. package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +2 -0
  740. package/lib/vendor/blamejs/test/integration/cache.test.js +2 -0
  741. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +2 -0
  742. package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +2 -0
  743. package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +2 -0
  744. package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +2 -0
  745. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +2 -0
  746. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +2 -0
  747. package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +2 -0
  748. package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +2 -0
  749. package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +2 -0
  750. package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +2 -0
  751. package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +2 -0
  752. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +2 -0
  753. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -0
  754. package/lib/vendor/blamejs/test/integration/http-client.test.js +2 -0
  755. package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +2 -0
  756. package/lib/vendor/blamejs/test/integration/log-stream.test.js +2 -0
  757. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +2 -0
  758. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +2 -0
  759. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +2 -0
  760. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +2 -0
  761. package/lib/vendor/blamejs/test/integration/network-dns.test.js +2 -0
  762. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +2 -0
  763. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +2 -0
  764. package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +2 -0
  765. package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +2 -0
  766. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +2 -0
  767. package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +2 -0
  768. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +2 -0
  769. package/lib/vendor/blamejs/test/integration/pubsub.test.js +2 -0
  770. package/lib/vendor/blamejs/test/integration/queue-cluster-mysql.test.js +2 -0
  771. package/lib/vendor/blamejs/test/integration/queue-cluster-pg.test.js +2 -0
  772. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +115 -0
  773. package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +2 -0
  774. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +2 -0
  775. package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +2 -0
  776. package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +2 -0
  777. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +2 -0
  778. package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +2 -0
  779. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +15 -0
  780. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +2 -0
  781. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +2 -0
  782. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +2 -0
  783. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +2 -0
  784. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +2 -0
  785. package/lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.js +441 -0
  786. package/lib/vendor/blamejs/test/layer-0-primitives/acme-failclosed.test.js +131 -0
  787. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +2 -0
  788. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +2 -0
  789. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +2 -0
  790. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +0 -0
  791. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +23 -0
  792. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +2 -0
  793. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +2 -0
  794. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +2 -0
  795. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +2 -0
  796. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +22 -0
  797. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +2 -0
  798. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +2 -0
  799. package/lib/vendor/blamejs/test/layer-0-primitives/ai-aedt-bias-audit.test.js +2 -0
  800. package/lib/vendor/blamejs/test/layer-0-primitives/ai-capability.test.js +2 -0
  801. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +2 -0
  802. package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure-apply-all.test.js +2 -0
  803. package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure.test.js +2 -0
  804. package/lib/vendor/blamejs/test/layer-0-primitives/ai-dp.test.js +2 -0
  805. package/lib/vendor/blamejs/test/layer-0-primitives/ai-frontier-protocol.test.js +2 -0
  806. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +2 -0
  807. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +2 -0
  808. package/lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js +2 -0
  809. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +2 -0
  810. package/lib/vendor/blamejs/test/layer-0-primitives/ai-prompt.test.js +2 -0
  811. package/lib/vendor/blamejs/test/layer-0-primitives/ai-quota.test.js +2 -0
  812. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt-rejection-envelope.test.js +2 -0
  813. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +2 -0
  814. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +2 -0
  815. package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js +2 -0
  816. package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js +2 -0
  817. package/lib/vendor/blamejs/test/layer-0-primitives/archive-sniff-envelope.test.js +2 -0
  818. package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar-hardening.test.js +22 -0
  819. package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar.test.js +2 -0
  820. package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap-passphrase.test.js +2 -0
  821. package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap.test.js +2 -0
  822. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +2 -0
  823. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +4 -0
  824. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +2 -0
  825. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +2 -0
  826. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +2 -0
  827. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +2 -0
  828. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +2 -0
  829. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read-errorfor-bypass.test.js +2 -0
  830. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +2 -0
  831. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-append-nofollow.test.js +2 -0
  832. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +2 -0
  833. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-rename-retry.test.js +2 -0
  834. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-excl.test.js +2 -0
  835. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-stream.test.js +2 -0
  836. package/lib/vendor/blamejs/test/layer-0-primitives/attach-user-bearer-scheme.test.js +2 -0
  837. package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-corrupted-anchor.test.js +2 -0
  838. package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-incremental-verify.test.js +2 -0
  839. package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +2 -0
  840. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +2 -0
  841. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +2 -0
  842. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +2 -0
  843. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +2 -0
  844. package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +2 -0
  845. package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +2 -0
  846. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +2 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +2 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +2 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +2 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-dual-control.test.js +2 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-return-bytes.test.js +2 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +2 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +2 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +2 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +2 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +9 -6
  857. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +56 -0
  858. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +121 -1
  859. package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-coverage.test.js +482 -0
  860. package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-failclosed.test.js +257 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +2 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.js +671 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-failclosed.test.js +179 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/auth-status-list.test.js +19 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +2 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +2 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/backup-bundle-info.test.js +2 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/backup-clone-bundle.test.js +2 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/backup-find-bundles.test.js +2 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-coverage.test.js +690 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-failclosed.test.js +103 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/backup-key-rotation.test.js +2 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +2 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +2 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-all.test.js +2 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-bundle.test.js +2 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +2 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-all-bundles.test.js +0 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-bundle.test.js +2 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +2 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/base32.test.js +2 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +2 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +2 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-error-redaction.test.js +2 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +2 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +2 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +12 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +2 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +2 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +46 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +2 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +2 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +2 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +12 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +2 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +2 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json.test.js +28 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/cbor.test.js +2 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +2 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +2 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +2 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/ciba-authreqid-binding.test.js +2 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +2 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +2 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +2 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +2 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +2 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-coverage.test.js +238 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +2 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +2 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +2 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +2 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +2 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +2 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +2 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +2 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +2 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +2 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/cloud-events.test.js +2 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/cluster-storage.test.js +2 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/cluster-vault-rotation.test.js +2 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +2 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +791 -13
  925. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +2 -0
  926. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +2 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +2 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +2 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eu-ai-act-posture.test.js +2 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +2 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +2 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/compression-range.test.js +2 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +2 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +2 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/consent-purposes.test.js +2 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +2 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/content-digest.test.js +2 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +12 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/cose.test.js +2 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +2 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/crdt.test.js +2 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +2 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +2 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +2 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-aad-downgrade.test.js +2 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +2 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +2 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +2 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +2 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +2 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +2 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +2 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +2 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +2 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +2 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-oprf.test.js +2 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +2 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-self-test.test.js +2 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-xwing.test.js +2 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +2 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +2 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +2 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +40 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +11 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/cwt.test.js +2 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +2 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/dane.test.js +2 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +2 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +2 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +2 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +2 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +2 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +2 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/db-key-aad.test.js +2 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +2 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +2 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +2 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +2 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +2 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +2 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +2 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-transaction.test.js +2 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +2 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +2 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +2 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +2 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +2 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +2 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +2 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +2 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/deny-response.test.js +2 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js +2 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +2 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +2 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/dnssec.test.js +37 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +2 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-alg-kty.test.js +2 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-htu-peergating.test.js +2 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +2 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +2 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/dsa.test.js +2 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +2 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +2 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +28 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +2 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/eat.test.js +2 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +2 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +2 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +2 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +2 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +2 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-non-atomic-backend.test.js +2 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +2 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +2 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +2 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +2 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +2 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +2 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +124 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +2 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js +2 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +2 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +2 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +66 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-ownership.test.js +214 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +2 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +2 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +2 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +2 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +2 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +2 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +2 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +2 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +2 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +2 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +2 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +2 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +2 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +2 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +2 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +2 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +2 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +2 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +2 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +2 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +2 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +2 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +2 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +2 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +2 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +2 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +2 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +2 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +2 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +2 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +2 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +2 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +2 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/guard-oauth-replay-failopen.test.js +57 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +2 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +2 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +2 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +2 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +2 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +2 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +2 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +2 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +2 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +2 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +2 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +2 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +2 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +2 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +2 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +2 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +2 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +2 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +2 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +315 -3
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +26 -0
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +2 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +2 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +2 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +40 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +2 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +2 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +2 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +2 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +2 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +2 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/json-merge-patch.test.js +2 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/json-patch.test.js +2 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/json-path.test.js +2 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +2 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/json-schema.test.js +26 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/jtd.test.js +2 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/jwk.test.js +2 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +2 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.js +0 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/keychain-failclosed.test.js +185 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +2 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/link-header.test.js +2 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +2 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +2 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +2 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +2 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +2 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +2 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +2 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-coverage.test.js +437 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-dmarc-policy-failclosed.test.js +2 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-failclosed.test.js +144 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +289 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi-cert-validity-unparseable.test.js +2 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +2 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +61 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +2 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +2 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +2 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime-bad-validity.test.js +2 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +2 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +2 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +2 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +2 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim-numericdate-failclosed.test.js +2 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +130 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +2 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +2 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/mail-header-injection.test.js +2 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +17 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +2 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +29 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/mail-proxy-framing-bounds.test.js +2 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +2 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +2 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +2 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +113 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +2 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +50 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +2 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +2 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +2 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +2 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +2 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +2 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +2 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +2 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +2 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +21 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +2 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +2 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +2 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +2 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +2 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +2 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js +2 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +2 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +2 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +2 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +11 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +2 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +2 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +2 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +2 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +2 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +65 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-lookup-timeout-default.test.js +2 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver-timeout.test.js +2 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +28 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +2 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +2 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/network-nts-handshake-byte-cap.test.js +2 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/network-smtp-policy-coverage.test.js +565 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +2 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +2 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +2 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/network-tsig.test.js +26 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +2 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +2 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +2 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +2 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +2 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +2 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +2 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +2 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/object-store-range-header.test.js +2 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/object-store-versioned-delete.test.js +2 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +22 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +2 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +2 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +2 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +8 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +2 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/output-header-hardening.test.js +2 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +2 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +2 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +2 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +2 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +2 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +2 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/pipl-cn.test.js +2 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +2 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +2 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/privacy-pass.test.js +2 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/privacy-vendor-review.test.js +2 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +2 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +2 -0
  1214. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +2 -0
  1215. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +2 -0
  1216. package/lib/vendor/blamejs/test/layer-0-primitives/proto-shadow-allowlist.test.js +2 -0
  1217. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +2 -0
  1218. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +2 -0
  1219. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +29 -0
  1220. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +2 -0
  1221. package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +2 -0
  1222. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +44 -0
  1223. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +2 -0
  1224. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +2 -0
  1225. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +2 -0
  1226. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +2 -0
  1227. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +2 -0
  1228. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +2 -0
  1229. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-xff-spoofing.test.js +2 -0
  1230. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +2 -0
  1231. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +16 -0
  1232. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +7 -0
  1233. package/lib/vendor/blamejs/test/layer-0-primitives/request-id-async-context.test.js +2 -0
  1234. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +3 -0
  1235. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +2 -0
  1236. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +2 -0
  1237. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +2 -0
  1238. package/lib/vendor/blamejs/test/layer-0-primitives/restore-blob-remap.test.js +2 -0
  1239. package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +2 -0
  1240. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +2 -0
  1241. package/lib/vendor/blamejs/test/layer-0-primitives/retention-sweep-termination.test.js +2 -0
  1242. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +2 -0
  1243. package/lib/vendor/blamejs/test/layer-0-primitives/router-body-validation.test.js +2 -0
  1244. package/lib/vendor/blamejs/test/layer-0-primitives/router-coverage.test.js +592 -0
  1245. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1246. package/lib/vendor/blamejs/test/layer-0-primitives/router-failclosed.test.js +0 -0
  1247. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +2 -0
  1248. package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +59 -0
  1249. package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-auto-unwrap.test.js +2 -0
  1250. package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-inspect-unwrap.test.js +2 -0
  1251. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +41 -0
  1252. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +2 -0
  1253. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +13 -0
  1254. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +2 -0
  1255. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +2 -0
  1256. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +2 -0
  1257. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +2 -0
  1258. package/lib/vendor/blamejs/test/layer-0-primitives/safe-json-stringify-for-script.test.js +2 -0
  1259. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +2 -0
  1260. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +2 -0
  1261. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +2 -0
  1262. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +2 -0
  1263. package/lib/vendor/blamejs/test/layer-0-primitives/safe-redirect.test.js +2 -0
  1264. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +2 -0
  1265. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +2 -0
  1266. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +2 -0
  1267. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +2 -0
  1268. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +2 -0
  1269. package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +2 -0
  1270. package/lib/vendor/blamejs/test/layer-0-primitives/saml-mdq-wrapping.test.js +237 -0
  1271. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +2 -0
  1272. package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js +2 -0
  1273. package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +2 -0
  1274. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +2 -0
  1275. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +2 -0
  1276. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js +2 -0
  1277. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +2 -0
  1278. package/lib/vendor/blamejs/test/layer-0-primitives/scitt.test.js +2 -0
  1279. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +2 -0
  1280. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +2 -0
  1281. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +2 -0
  1282. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +2 -0
  1283. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +2 -0
  1284. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +2 -0
  1285. package/lib/vendor/blamejs/test/layer-0-primitives/security-txt.test.js +2 -0
  1286. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +2 -0
  1287. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-poll-asset-digest.test.js +2 -0
  1288. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier-ecdsa-encoding.test.js +9 -1
  1289. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +2 -0
  1290. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +87 -4
  1291. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +2 -0
  1292. package/lib/vendor/blamejs/test/layer-0-primitives/session-binding-unreadable-failclosed.test.js +80 -0
  1293. package/lib/vendor/blamejs/test/layer-0-primitives/session-destroy-all-store-backed.test.js +2 -0
  1294. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding-ipv6-canonical-and-no-store.test.js +2 -0
  1295. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +2 -0
  1296. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +2 -0
  1297. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +2 -0
  1298. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +2 -0
  1299. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +2 -0
  1300. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +2 -0
  1301. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +2 -0
  1302. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +5 -1
  1303. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +2 -0
  1304. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +2 -0
  1305. package/lib/vendor/blamejs/test/layer-0-primitives/sql-coverage.test.js +422 -0
  1306. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +2 -0
  1307. package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +2 -0
  1308. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +2 -0
  1309. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +23 -1
  1310. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +2 -0
  1311. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +33 -0
  1312. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +44 -0
  1313. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1314. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +2 -0
  1315. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +2 -0
  1316. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields-codec.test.js +2 -0
  1317. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +2 -0
  1318. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +2 -0
  1319. package/lib/vendor/blamejs/test/layer-0-primitives/template-escape-html.test.js +2 -0
  1320. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +2 -0
  1321. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +2 -0
  1322. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +2 -0
  1323. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +2 -0
  1324. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +2 -0
  1325. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +2 -0
  1326. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +2 -0
  1327. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +2 -0
  1328. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-freshness.test.js +6 -2
  1329. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +127 -3
  1330. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +2 -0
  1331. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +2 -0
  1332. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +2 -0
  1333. package/lib/vendor/blamejs/test/layer-0-primitives/tsa.test.js +2 -0
  1334. package/lib/vendor/blamejs/test/layer-0-primitives/uri-template.test.js +2 -0
  1335. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +2 -0
  1336. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-port.test.js +2 -0
  1337. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +2 -0
  1338. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +2 -0
  1339. package/lib/vendor/blamejs/test/layer-0-primitives/vault-default-store.test.js +2 -0
  1340. package/lib/vendor/blamejs/test/layer-0-primitives/vault-rotate-aad.test.js +2 -0
  1341. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +2 -0
  1342. package/lib/vendor/blamejs/test/layer-0-primitives/vc.test.js +25 -0
  1343. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-currency-classify.test.js +2 -0
  1344. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +2 -0
  1345. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +2 -0
  1346. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +2 -0
  1347. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +2 -0
  1348. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +2 -0
  1349. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +77 -0
  1350. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-verify-nonce-atomic.test.js +2 -0
  1351. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +2 -0
  1352. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +2 -0
  1353. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +2 -0
  1354. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +2 -0
  1355. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +2 -0
  1356. package/lib/vendor/blamejs/test/layer-0-primitives/worm.test.js +2 -0
  1357. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +2 -0
  1358. package/lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js +117 -1
  1359. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +2 -0
  1360. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +2 -0
  1361. package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +2 -0
  1362. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +2 -0
  1363. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +2 -0
  1364. package/lib/vendor/blamejs/test/smoke.js +2 -0
  1365. package/package.json +5 -2
  1366. package/lib/vendor/blamejs/release-notes/v0.15.0.json +0 -77
  1367. package/lib/vendor/blamejs/release-notes/v0.15.1.json +0 -22
  1368. package/lib/vendor/blamejs/release-notes/v0.15.10.json +0 -53
  1369. package/lib/vendor/blamejs/release-notes/v0.15.11.json +0 -52
  1370. package/lib/vendor/blamejs/release-notes/v0.15.12.json +0 -47
  1371. package/lib/vendor/blamejs/release-notes/v0.15.13.json +0 -81
  1372. package/lib/vendor/blamejs/release-notes/v0.15.14.json +0 -122
  1373. package/lib/vendor/blamejs/release-notes/v0.15.15.json +0 -73
  1374. package/lib/vendor/blamejs/release-notes/v0.15.16.json +0 -94
  1375. package/lib/vendor/blamejs/release-notes/v0.15.17.json +0 -52
  1376. package/lib/vendor/blamejs/release-notes/v0.15.18.json +0 -49
  1377. package/lib/vendor/blamejs/release-notes/v0.15.19.json +0 -18
  1378. package/lib/vendor/blamejs/release-notes/v0.15.2.json +0 -22
  1379. package/lib/vendor/blamejs/release-notes/v0.15.20.json +0 -27
  1380. package/lib/vendor/blamejs/release-notes/v0.15.21.json +0 -51
  1381. package/lib/vendor/blamejs/release-notes/v0.15.22.json +0 -18
  1382. package/lib/vendor/blamejs/release-notes/v0.15.23.json +0 -22
  1383. package/lib/vendor/blamejs/release-notes/v0.15.24.json +0 -22
  1384. package/lib/vendor/blamejs/release-notes/v0.15.25.json +0 -18
  1385. package/lib/vendor/blamejs/release-notes/v0.15.26.json +0 -18
  1386. package/lib/vendor/blamejs/release-notes/v0.15.27.json +0 -18
  1387. package/lib/vendor/blamejs/release-notes/v0.15.28.json +0 -18
  1388. package/lib/vendor/blamejs/release-notes/v0.15.29.json +0 -27
  1389. package/lib/vendor/blamejs/release-notes/v0.15.3.json +0 -39
  1390. package/lib/vendor/blamejs/release-notes/v0.15.30.json +0 -18
  1391. package/lib/vendor/blamejs/release-notes/v0.15.31.json +0 -18
  1392. package/lib/vendor/blamejs/release-notes/v0.15.32.json +0 -18
  1393. package/lib/vendor/blamejs/release-notes/v0.15.33.json +0 -18
  1394. package/lib/vendor/blamejs/release-notes/v0.15.34.json +0 -27
  1395. package/lib/vendor/blamejs/release-notes/v0.15.35.json +0 -27
  1396. package/lib/vendor/blamejs/release-notes/v0.15.36.json +0 -18
  1397. package/lib/vendor/blamejs/release-notes/v0.15.37.json +0 -26
  1398. package/lib/vendor/blamejs/release-notes/v0.15.38.json +0 -26
  1399. package/lib/vendor/blamejs/release-notes/v0.15.4.json +0 -39
  1400. package/lib/vendor/blamejs/release-notes/v0.15.5.json +0 -22
  1401. package/lib/vendor/blamejs/release-notes/v0.15.6.json +0 -59
  1402. package/lib/vendor/blamejs/release-notes/v0.15.7.json +0 -43
  1403. package/lib/vendor/blamejs/release-notes/v0.15.8.json +0 -48
  1404. package/lib/vendor/blamejs/release-notes/v0.15.9.json +0 -58
@@ -0,0 +1,671 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
3
+ "use strict";
4
+ /**
5
+ * b.auth.saml.sp — branch-coverage sweep for the SAML 2.0 SP primitive.
6
+ *
7
+ * The existing SAML suites cover the SubjectConfirmation NotBefore /
8
+ * NotOnOrAfter fail-closed windows, the SLO HTTP-Redirect signing round-trip,
9
+ * and the MDQ signature-wrapping defense. This file closes the remaining
10
+ * unit-testable branches driven through the shipped consumer path
11
+ * (b.auth.saml.sp.create + the returned SP methods, b.auth.saml.fetchMdq):
12
+ *
13
+ * - create() config-time validation (missing required fields, unknown opt,
14
+ * bad clockSkew) — each throws through the AuthError codes it advertises;
15
+ * - buildAuthnRequest / metadata XML-attribute escaping (RFC 3741) so a
16
+ * hostile ACS / entityId / nameIdFormat cannot break out of its context;
17
+ * - verifyResponse pre-signature structural refusals: non-string / non-XML
18
+ * input, wrong root, non-Success Status, the XSW duplicate-element shapes
19
+ * (Status / StatusCode / Assertion / EncryptedAssertion), the unsigned
20
+ * refusal, and EncryptedAssertion-without-SP-key;
21
+ * - verifyResponse signed-path refusals that fire only after XMLDSig
22
+ * verification succeeds (wrong Issuer, audience-confusion, expired
23
+ * Conditions, the duplicate-Subject XSW), plus the happy path returning
24
+ * nameId / sessionIndex / attributes;
25
+ * - the SLO redirect + HTTP-POST + SOAP build/parse validation surface.
26
+ *
27
+ * Signed fixtures mint a self-signed RSA IdP cert and compute the digest +
28
+ * SignatureValue through the framework's own b.xmlC14n so verifyResponse's
29
+ * recomputation matches exactly — there is no test bypass of the signature
30
+ * check (a wrong-key negative control proves the signature gate is live).
31
+ */
32
+
33
+ var helpers = require("../helpers");
34
+ var check = helpers.check;
35
+ var b = helpers.b;
36
+ var nodeCrypto = require("node:crypto");
37
+ var c14n = require("../../lib/xml-c14n");
38
+ var pq = require("../../lib/pqc-software");
39
+
40
+ var DS = "http://www.w3.org/2000/09/xmldsig#";
41
+ var EXC = "http://www.w3.org/2001/10/xml-exc-c14n#";
42
+
43
+ var IDP_ENTITY_ID = "https://idp.example";
44
+ var SP_ENTITY_ID = "https://sp.example";
45
+ var ACS_URL = "https://sp.example/saml/acs";
46
+ var IDP_SSO_URL = "https://idp.example/sso";
47
+ var IDP_SLO_URL = "https://idp.example/slo";
48
+ var FAKE_CERT = "-----BEGIN CERTIFICATE-----\nx\n-----END CERTIFICATE-----";
49
+
50
+ var BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
51
+ var SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
52
+
53
+ function iso(ms) { return new Date(Date.now() + ms).toISOString(); }
54
+ function b64(xml) { return Buffer.from(xml, "utf8").toString("base64"); }
55
+
56
+ // Mint a self-signed RSA cert via the vendored @peculiar/x509 bundle — the
57
+ // same shape the SubjectConfirmation / MDQ suites use. verifyResponse parses
58
+ // idpCertPem with nodeCrypto.createPublicKey and verifies an rsa-sha256 PKCS1
59
+ // signature, so a real RSA keypair is required.
60
+ async function _mintRsaCert(cn) {
61
+ var pki = require("../../lib/vendor/pki.cjs");
62
+ var x509 = pki.x509;
63
+ var keys = await nodeCrypto.webcrypto.subtle.generateKey(
64
+ { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, // allow:raw-byte-literal — RFC 8301 §3.1 RSA bit floor
65
+ publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" },
66
+ true, ["sign", "verify"]);
67
+ var now = new Date();
68
+ var cert = await x509.X509CertificateGenerator.createSelfSigned({
69
+ serialNumber: "01",
70
+ name: "CN=" + cn,
71
+ notBefore: now,
72
+ notAfter: new Date(now.getTime() + 365 * 24 * 3600 * 1000), // allow:raw-time-literal — 1y fixture validity
73
+ signingAlgorithm: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
74
+ keys: keys,
75
+ });
76
+ var pkcs8 = await nodeCrypto.webcrypto.subtle.exportKey("pkcs8", keys.privateKey);
77
+ var keyPem = "-----BEGIN PRIVATE KEY-----\n" +
78
+ Buffer.from(pkcs8).toString("base64").match(/.{1,64}/g).join("\n") +
79
+ "\n-----END PRIVATE KEY-----\n";
80
+ return { certPem: cert.toString("pem"), keyPem: keyPem };
81
+ }
82
+
83
+ // An SP with a placeholder cert — for branches that throw BEFORE any real
84
+ // signature verification (all the input-validation / XSW-structural refusals),
85
+ // where idpCertPem is stored but never parsed.
86
+ function _fakeSp(extra) {
87
+ var opts = {
88
+ entityId: SP_ENTITY_ID,
89
+ assertionConsumerServiceUrl: ACS_URL,
90
+ idpEntityId: IDP_ENTITY_ID,
91
+ idpSsoUrl: IDP_SSO_URL,
92
+ idpSloUrl: IDP_SLO_URL,
93
+ idpCertPem: FAKE_CERT,
94
+ };
95
+ if (extra) { for (var k in extra) { opts[k] = extra[k]; } }
96
+ return b.auth.saml.sp.create(opts);
97
+ }
98
+
99
+ // An SP whose trust anchor is a minted RSA cert — for the signed-path branches.
100
+ function _realSp(idp, extra) {
101
+ var opts = {
102
+ entityId: SP_ENTITY_ID,
103
+ assertionConsumerServiceUrl: ACS_URL,
104
+ idpEntityId: IDP_ENTITY_ID,
105
+ idpSsoUrl: IDP_SSO_URL,
106
+ idpCertPem: idp.certPem,
107
+ };
108
+ if (extra) { for (var k in extra) { opts[k] = extra[k]; } }
109
+ return b.auth.saml.sp.create(opts);
110
+ }
111
+
112
+ function _codeOf(fn) {
113
+ try { fn(); return "NO-THROW"; }
114
+ catch (e) { return e.code || e.message; }
115
+ }
116
+ function _verifyCode(sp, xmlB64, vopts) {
117
+ return _codeOf(function () { sp.verifyResponse(xmlB64, vopts || {}); });
118
+ }
119
+
120
+ // Build a SAML Response with an Assertion-level enveloped XMLDSig signature.
121
+ // The Assertion's Signature child is stripped before the digest (the
122
+ // enveloped-signature transform); both the digest and the SignedInfo are
123
+ // canonicalized through b.xmlC14n so the verifier's recomputation matches.
124
+ // `o` overrides: issuer, subjectXml, conditions, audience, attrStmt, scd.
125
+ function _buildSignedResponse(idp, o) {
126
+ o = o || {};
127
+ var assertionId = "_assertion-" + o.tag;
128
+ var responseId = "_response-" + o.tag;
129
+ var issueInstant = iso(0);
130
+
131
+ var issuer = o.issuer !== undefined ? o.issuer : IDP_ENTITY_ID;
132
+ var issuerXml = issuer === null ? "" : "<saml:Issuer>" + issuer + "</saml:Issuer>";
133
+
134
+ var scd = o.scd !== undefined ? o.scd :
135
+ "<saml:SubjectConfirmationData NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\"" + // allow:raw-time-literal — 5m otherwise-valid window
136
+ " Recipient=\"" + ACS_URL + "\"" +
137
+ (o.inResponseTo ? " InResponseTo=\"" + o.inResponseTo + "\"" : "") + "/>";
138
+ var subjectXml = o.subjectXml !== undefined ? o.subjectXml :
139
+ "<saml:Subject>" +
140
+ "<saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">" +
141
+ (o.nameId || "alice@example.com") + "</saml:NameID>" +
142
+ "<saml:SubjectConfirmation Method=\"" + BEARER + "\">" + scd +
143
+ "</saml:SubjectConfirmation></saml:Subject>";
144
+
145
+ var conditions = o.conditions !== undefined ? o.conditions :
146
+ "<saml:Conditions NotBefore=\"" + iso(-5 * 60 * 1000) + // allow:raw-time-literal — 5m skew window
147
+ "\" NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\">" + // allow:raw-time-literal — 5m skew window
148
+ "<saml:AudienceRestriction><saml:Audience>" + (o.audience || SP_ENTITY_ID) +
149
+ "</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
150
+
151
+ var authnStmt = "<saml:AuthnStatement SessionIndex=\"_sess-1\" AuthnInstant=\"" + issueInstant +
152
+ "\"><saml:AuthnContext><saml:AuthnContextClassRef>" +
153
+ "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" +
154
+ "</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>";
155
+ var attrStmt = o.attrStmt || "";
156
+
157
+ var open = "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " +
158
+ "ID=\"" + assertionId + "\" Version=\"2.0\" IssueInstant=\"" + issueInstant + "\">";
159
+ var close = "</saml:Assertion>";
160
+ var inner = issuerXml + "SIGNATURE_PLACEHOLDER" + subjectXml + conditions + authnStmt + attrStmt;
161
+
162
+ var noSig = open + inner.replace("SIGNATURE_PLACEHOLDER", "") + close;
163
+ var digest = nodeCrypto.createHash("sha256").update(c14n.canonicalize(noSig)).digest("base64");
164
+
165
+ var signedInfo =
166
+ "<ds:SignedInfo xmlns:ds=\"" + DS + "\">" +
167
+ "<ds:CanonicalizationMethod Algorithm=\"" + EXC + "\"></ds:CanonicalizationMethod>" +
168
+ "<ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"></ds:SignatureMethod>" +
169
+ "<ds:Reference URI=\"#" + assertionId + "\">" +
170
+ "<ds:Transforms>" +
171
+ "<ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></ds:Transform>" +
172
+ "<ds:Transform Algorithm=\"" + EXC + "\"></ds:Transform>" +
173
+ "</ds:Transforms>" +
174
+ "<ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></ds:DigestMethod>" +
175
+ "<ds:DigestValue>" + digest + "</ds:DigestValue>" +
176
+ "</ds:Reference></ds:SignedInfo>";
177
+ var priv = nodeCrypto.createPrivateKey({ key: idp.keyPem, format: "pem" });
178
+ var sigValue = nodeCrypto.sign("sha256", c14n.canonicalize(signedInfo),
179
+ { key: priv, padding: nodeCrypto.constants.RSA_PKCS1_PADDING }).toString("base64");
180
+ var signatureXml = "<ds:Signature xmlns:ds=\"" + DS + "\">" + signedInfo +
181
+ "<ds:SignatureValue>" + sigValue + "</ds:SignatureValue></ds:Signature>";
182
+
183
+ var assertionFull = open + inner.replace("SIGNATURE_PLACEHOLDER", signatureXml) + close;
184
+ var response =
185
+ "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " +
186
+ "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " +
187
+ "ID=\"" + responseId + "\" Version=\"2.0\" IssueInstant=\"" + issueInstant + "\" " +
188
+ "Destination=\"" + ACS_URL + "\">" +
189
+ "<saml:Issuer>" + IDP_ENTITY_ID + "</saml:Issuer>" +
190
+ "<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/></samlp:Status>" +
191
+ assertionFull + "</samlp:Response>";
192
+ return b64(response);
193
+ }
194
+
195
+ // A bare (unsigned) Response envelope for the pre-signature structural cases.
196
+ var P_NS = "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " +
197
+ "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
198
+ var STATUS_OK = "<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/></samlp:Status>";
199
+ function _response(inner) { return "<samlp:Response " + P_NS + " ID=\"_r\">" + inner + "</samlp:Response>"; }
200
+
201
+ // ---------------------------------------------------------------------------
202
+ // create() config-time validation
203
+ // ---------------------------------------------------------------------------
204
+
205
+ function testCreateRequiredFields() {
206
+ var base = {
207
+ entityId: SP_ENTITY_ID, assertionConsumerServiceUrl: ACS_URL,
208
+ idpEntityId: IDP_ENTITY_ID, idpSsoUrl: IDP_SSO_URL, idpCertPem: FAKE_CERT,
209
+ };
210
+ function omit(k) { var c = Object.assign({}, base); delete c[k]; return _codeOf(function () { b.auth.saml.sp.create(c); }); }
211
+ check("create: missing entityId → no-entity-id", omit("entityId") === "auth-saml/no-entity-id");
212
+ check("create: missing ACS → no-acs", omit("assertionConsumerServiceUrl") === "auth-saml/no-acs");
213
+ check("create: missing idpEntityId → no-idp-entity-id", omit("idpEntityId") === "auth-saml/no-idp-entity-id");
214
+ check("create: missing idpSsoUrl → no-idp-sso", omit("idpSsoUrl") === "auth-saml/no-idp-sso");
215
+ check("create: missing idpCertPem → no-idp-cert", omit("idpCertPem") === "auth-saml/no-idp-cert");
216
+ }
217
+
218
+ function testCreateRejectsBadOpts() {
219
+ var base = {
220
+ entityId: SP_ENTITY_ID, assertionConsumerServiceUrl: ACS_URL,
221
+ idpEntityId: IDP_ENTITY_ID, idpSsoUrl: IDP_SSO_URL, idpCertPem: FAKE_CERT,
222
+ };
223
+ function withOpt(o) { return _codeOf(function () { b.auth.saml.sp.create(Object.assign({}, base, o)); }); }
224
+
225
+ var unknown = null;
226
+ try { b.auth.saml.sp.create(Object.assign({}, base, { bogusKey: 1 })); }
227
+ catch (e) { unknown = e; }
228
+ check("create: unknown opt is refused", unknown !== null && unknown.code === "BAD_OPT");
229
+ check("create: unknown-opt message names the key", unknown && /bogusKey/.test(unknown.message));
230
+
231
+ // clockSkewSec must be a finite, non-negative number — a negative, Infinity,
232
+ // or string value is refused at config time (an Infinity that slipped
233
+ // through would disable the freshness windows downstream).
234
+ check("create: negative clockSkewSec refused", withOpt({ clockSkewSec: -1 }) === "BAD_OPT");
235
+ check("create: Infinity clockSkewSec refused", withOpt({ clockSkewSec: Infinity }) === "BAD_OPT");
236
+ check("create: string clockSkewSec refused", withOpt({ clockSkewSec: "60" }) === "BAD_OPT");
237
+
238
+ check("create: non-object opts refused", _codeOf(function () { b.auth.saml.sp.create("nope"); }) === "BAD_OPT");
239
+ check("create: null opts refused", _codeOf(function () { b.auth.saml.sp.create(null); }) === "BAD_OPT");
240
+ }
241
+
242
+ // ---------------------------------------------------------------------------
243
+ // buildAuthnRequest — shape + RFC 3741 XML escaping + redirect assembly
244
+ // ---------------------------------------------------------------------------
245
+
246
+ function testAuthnRequestShapeAndRelayState() {
247
+ var sp = _fakeSp();
248
+ var ar = sp.buildAuthnRequest({ relayState: "/dash&x=1" });
249
+ check("authn: id is an underscore-prefixed token", typeof ar.id === "string" && ar.id.charAt(0) === "_");
250
+ check("authn: redirectUrl starts at the IdP SSO URL", ar.redirectUrl.indexOf(IDP_SSO_URL) === 0);
251
+ check("authn: redirectUrl carries SAMLRequest param", ar.redirectUrl.indexOf("SAMLRequest=") !== -1);
252
+ check("authn: RelayState is URL-encoded",
253
+ ar.redirectUrl.indexOf("RelayState=" + encodeURIComponent("/dash&x=1")) !== -1);
254
+ check("authn: raw is a samlp:AuthnRequest", ar.raw.indexOf("<samlp:AuthnRequest") === 0);
255
+ }
256
+
257
+ function testAuthnRequestNameIdPolicy() {
258
+ var without = _fakeSp().buildAuthnRequest().raw;
259
+ check("authn: no NameIDPolicy when nameIdFormat unset", without.indexOf("NameIDPolicy") === -1);
260
+ var withFmt = _fakeSp({ nameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" })
261
+ .buildAuthnRequest().raw;
262
+ check("authn: NameIDPolicy present when nameIdFormat set", withFmt.indexOf("<samlp:NameIDPolicy") !== -1);
263
+ }
264
+
265
+ function testAuthnRequestQuerySeparator() {
266
+ // When the IdP SSO URL already carries a query, the SAMLRequest param is
267
+ // appended with & (not a second ?), so the redirect stays a valid URL.
268
+ var sp = _fakeSp({ idpSsoUrl: IDP_SSO_URL + "?foo=1" });
269
+ var url = sp.buildAuthnRequest().redirectUrl;
270
+ check("authn: pre-existing query gets &SAMLRequest", url.indexOf("?foo=1&SAMLRequest=") !== -1);
271
+ }
272
+
273
+ function testAuthnRequestAttributeEscaping() {
274
+ // A hostile ACS carrying a quote + angle brackets must be escaped inside the
275
+ // AssertionConsumerServiceURL attribute — it cannot break out of the
276
+ // attribute and inject unsigned markup (RFC 3741 §1.3.2).
277
+ var sp = _fakeSp({
278
+ entityId: "https://sp.example/e<vil",
279
+ assertionConsumerServiceUrl: "https://sp.example/acs\"><evil>&",
280
+ });
281
+ var raw = sp.buildAuthnRequest().raw;
282
+ check("authn: hostile ACS cannot break out of the attribute", raw.indexOf("\"><evil>") === -1);
283
+ check("authn: quote in ACS is escaped to &quot;", raw.indexOf("&quot;") !== -1);
284
+ check("authn: '<' in entityId Issuer text is escaped",
285
+ raw.indexOf("e&lt;vil") !== -1 && raw.indexOf("e<vil") === -1);
286
+ }
287
+
288
+ // ---------------------------------------------------------------------------
289
+ // metadata()
290
+ // ---------------------------------------------------------------------------
291
+
292
+ function testMetadata() {
293
+ var sp = _fakeSp();
294
+ var meta = sp.metadata();
295
+ check("metadata: is an EntityDescriptor", meta.indexOf("<md:EntityDescriptor") !== -1);
296
+ check("metadata: carries the SP entityID", meta.indexOf("entityID=\"" + SP_ENTITY_ID + "\"") !== -1);
297
+ check("metadata: advertises the ACS location", meta.indexOf(ACS_URL) !== -1);
298
+ check("metadata: WantAssertionsSigned is true", meta.indexOf("WantAssertionsSigned=\"true\"") !== -1);
299
+ check("metadata: no SingleLogoutService when unconfigured", meta.indexOf("SingleLogoutService") === -1);
300
+ }
301
+
302
+ function testMetadataSlo() {
303
+ var configured = _fakeSp({ singleLogoutServiceUrl: "https://sp.example/slo" }).metadata();
304
+ check("metadata: SLO service emitted when configured on create",
305
+ configured.indexOf("SingleLogoutService") !== -1 && configured.indexOf("https://sp.example/slo") !== -1);
306
+ var override = _fakeSp().metadata({ singleLogoutServiceUrl: "https://sp.example/slo2" });
307
+ check("metadata: metaOpts singleLogoutServiceUrl override honored",
308
+ override.indexOf("https://sp.example/slo2") !== -1);
309
+ // Hostile SLO URL is attribute-escaped.
310
+ var hostile = _fakeSp().metadata({ singleLogoutServiceUrl: "https://sp.example/x\"><evil>" });
311
+ check("metadata: hostile SLO URL cannot break out of the attribute",
312
+ hostile.indexOf("\"><evil>") === -1 && hostile.indexOf("&quot;") !== -1);
313
+ }
314
+
315
+ // ---------------------------------------------------------------------------
316
+ // verifyResponse — pre-signature input validation + XSW structural refusals
317
+ // ---------------------------------------------------------------------------
318
+
319
+ function testVerifyResponseInputValidation() {
320
+ var sp = _fakeSp();
321
+ check("verify: non-string SAMLResponse → no-response",
322
+ _verifyCode(sp, 12345) === "auth-saml/no-response");
323
+ check("verify: empty SAMLResponse → no-response",
324
+ _verifyCode(sp, "") === "auth-saml/no-response");
325
+ check("verify: base64 that decodes to non-XML → bad-response-decode",
326
+ _verifyCode(sp, b64("no-angle-brackets-here")) === "auth-saml/bad-response-decode");
327
+ check("verify: wrong root element → wrong-root",
328
+ _verifyCode(sp, b64("<samlp:Foo " + P_NS + "/>")) === "auth-saml/wrong-root");
329
+ }
330
+
331
+ function testVerifyResponseStatus() {
332
+ var sp = _fakeSp();
333
+ var reqStatus = "<samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\"/></samlp:Status>";
334
+ check("verify: non-Success Status → bad-status",
335
+ _verifyCode(sp, b64(_response(reqStatus))) === "auth-saml/bad-status");
336
+ check("verify: absent Status → bad-status",
337
+ _verifyCode(sp, b64(_response(""))) === "auth-saml/bad-status");
338
+ }
339
+
340
+ function testVerifyResponseXswStructural() {
341
+ var sp = _fakeSp();
342
+ check("verify: duplicate <Status> → duplicate-status (XSW)",
343
+ _verifyCode(sp, b64(_response(STATUS_OK + STATUS_OK))) === "auth-saml/duplicate-status");
344
+ check("verify: duplicate <StatusCode> → duplicate-status-code (XSW)",
345
+ _verifyCode(sp, b64(_response(
346
+ "<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/><samlp:StatusCode Value=\"x\"/></samlp:Status>"
347
+ ))) === "auth-saml/duplicate-status-code");
348
+ check("verify: duplicate <Assertion> → duplicate-assertion (XSW)",
349
+ _verifyCode(sp, b64(_response(STATUS_OK + "<saml:Assertion ID=\"_a1\"/><saml:Assertion ID=\"_a2\"/>")))
350
+ === "auth-saml/duplicate-assertion");
351
+ check("verify: duplicate <EncryptedAssertion> → duplicate-encrypted-assertion (XSW)",
352
+ _verifyCode(sp, b64(_response(STATUS_OK + "<saml:EncryptedAssertion/><saml:EncryptedAssertion/>")))
353
+ === "auth-saml/duplicate-encrypted-assertion");
354
+ }
355
+
356
+ function testVerifyResponseNoAssertionAndUnsigned() {
357
+ var sp = _fakeSp();
358
+ check("verify: Success but no Assertion → no-assertion",
359
+ _verifyCode(sp, b64(_response(STATUS_OK))) === "auth-saml/no-assertion");
360
+ check("verify: single Assertion with no Signature → unsigned",
361
+ _verifyCode(sp, b64(_response(STATUS_OK +
362
+ "<saml:Assertion ID=\"_a1\"><saml:Issuer>" + IDP_ENTITY_ID + "</saml:Issuer></saml:Assertion>")))
363
+ === "auth-saml/unsigned");
364
+ }
365
+
366
+ function testVerifyResponseEncryptedWithoutKey() {
367
+ var sp = _fakeSp();
368
+ check("verify: EncryptedAssertion without spPrivateKeyPem → encrypted-no-sp-key",
369
+ _verifyCode(sp, b64(_response(STATUS_OK +
370
+ "<saml:EncryptedAssertion><xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"/></saml:EncryptedAssertion>")))
371
+ === "auth-saml/encrypted-no-sp-key");
372
+ }
373
+
374
+ // ---------------------------------------------------------------------------
375
+ // verifyResponse — signed-path branches (fire only after XMLDSig verify)
376
+ // ---------------------------------------------------------------------------
377
+
378
+ async function testVerifyResponseHappyPath() {
379
+ var idp = await _mintRsaCert("idp.example");
380
+ var sp = _realSp(idp);
381
+ var attrStmt =
382
+ "<saml:AttributeStatement>" +
383
+ "<saml:Attribute Name=\"email\"><saml:AttributeValue>alice@example.com</saml:AttributeValue></saml:Attribute>" +
384
+ "<saml:Attribute Name=\"roles\">" +
385
+ "<saml:AttributeValue>admin</saml:AttributeValue><saml:AttributeValue>ops</saml:AttributeValue></saml:Attribute>" +
386
+ "</saml:AttributeStatement>";
387
+ var info = sp.verifyResponse(_buildSignedResponse(idp, { tag: "happy", attrStmt: attrStmt }));
388
+ check("verify happy: nameId returned", info.nameId === "alice@example.com");
389
+ check("verify happy: nameIdFormat returned",
390
+ info.nameIdFormat === "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
391
+ check("verify happy: sessionIndex from AuthnStatement", info.sessionIndex === "_sess-1");
392
+ check("verify happy: issuer echoed", info.issuer === IDP_ENTITY_ID);
393
+ check("verify happy: single-valued attribute is a scalar", info.attributes.email === "alice@example.com");
394
+ check("verify happy: multi-valued attribute is an array",
395
+ Array.isArray(info.attributes.roles) && info.attributes.roles.join(",") === "admin,ops");
396
+ check("verify happy: audience defaults to entityId", info.audience === SP_ENTITY_ID);
397
+ }
398
+
399
+ async function testVerifyResponseInResponseTo() {
400
+ var idp = await _mintRsaCert("idp.example");
401
+ var sp = _realSp(idp);
402
+ var rt = "_req-abc";
403
+ var okB64 = _buildSignedResponse(idp, { tag: "irt-ok", inResponseTo: rt });
404
+ var info = sp.verifyResponse(okB64, { expectedInResponseTo: rt });
405
+ check("verify: matching InResponseTo is captured", info.inResponseTo === rt);
406
+ var mismatchCode = _verifyCode(sp,
407
+ _buildSignedResponse(idp, { tag: "irt-bad", inResponseTo: "_other" }),
408
+ { expectedInResponseTo: rt });
409
+ check("verify: InResponseTo mismatch → bad-in-response-to (replay defense)",
410
+ mismatchCode === "auth-saml/bad-in-response-to");
411
+ }
412
+
413
+ async function testVerifyResponseWrongIssuer() {
414
+ var idp = await _mintRsaCert("idp.example");
415
+ var sp = _realSp(idp);
416
+ check("verify: Issuer != configured idpEntityId → wrong-issuer",
417
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "wi", issuer: "https://evil.example" }))
418
+ === "auth-saml/wrong-issuer");
419
+ }
420
+
421
+ async function testVerifyResponseAudience() {
422
+ var idp = await _mintRsaCert("idp.example");
423
+ var sp = _realSp(idp);
424
+ var noRestriction = "<saml:Conditions NotBefore=\"" + iso(-5 * 60 * 1000) + // allow:raw-time-literal — 5m skew window
425
+ "\" NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\"></saml:Conditions>"; // allow:raw-time-literal — 5m skew window
426
+ check("verify: no AudienceRestriction → no-audience-restriction (audience-confusion defense)",
427
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "na", conditions: noRestriction }))
428
+ === "auth-saml/no-audience-restriction");
429
+ check("verify: AudienceRestriction for a different SP → wrong-audience",
430
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "wa", audience: "https://other.example" }))
431
+ === "auth-saml/wrong-audience");
432
+
433
+ // requireAudienceRestriction:false opts out of the binding requirement.
434
+ var info = sp.verifyResponse(
435
+ _buildSignedResponse(idp, { tag: "opt", conditions: noRestriction }),
436
+ { requireAudienceRestriction: false });
437
+ check("verify: requireAudienceRestriction:false accepts a missing binding", info.nameId === "alice@example.com");
438
+ }
439
+
440
+ async function testVerifyResponseConditionsExpired() {
441
+ var idp = await _mintRsaCert("idp.example");
442
+ var sp = _realSp(idp);
443
+ var expired = "<saml:Conditions NotOnOrAfter=\"" + iso(-60 * 60 * 1000) + "\">" + // allow:raw-time-literal — 1h in the past
444
+ "<saml:AudienceRestriction><saml:Audience>" + SP_ENTITY_ID +
445
+ "</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
446
+ check("verify: expired Conditions/NotOnOrAfter → conditions-expired",
447
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "ce", conditions: expired }))
448
+ === "auth-saml/conditions-expired");
449
+ var future = "<saml:Conditions NotBefore=\"" + iso(60 * 60 * 1000) + "\">" + // allow:raw-time-literal — 1h in the future
450
+ "<saml:AudienceRestriction><saml:Audience>" + SP_ENTITY_ID +
451
+ "</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
452
+ check("verify: future Conditions/NotBefore → conditions-not-yet-valid",
453
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "cf", conditions: future }))
454
+ === "auth-saml/conditions-not-yet-valid");
455
+ }
456
+
457
+ async function testVerifyResponseDuplicateSubjectXsw() {
458
+ var idp = await _mintRsaCert("idp.example");
459
+ var sp = _realSp(idp);
460
+ var twoSubjects =
461
+ "<saml:Subject>" +
462
+ "<saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">alice@example.com</saml:NameID>" +
463
+ "<saml:SubjectConfirmation Method=\"" + BEARER + "\">" +
464
+ "<saml:SubjectConfirmationData NotOnOrAfter=\"" + iso(5 * 60 * 1000) + // allow:raw-time-literal — 5m window
465
+ "\" Recipient=\"" + ACS_URL + "\"/></saml:SubjectConfirmation></saml:Subject>" +
466
+ "<saml:Subject><saml:NameID>attacker@evil.example</saml:NameID></saml:Subject>";
467
+ check("verify: duplicate <Subject> in a signed Assertion → duplicate-subject (XSW)",
468
+ _verifyCode(sp, _buildSignedResponse(idp, { tag: "ds", subjectXml: twoSubjects }))
469
+ === "auth-saml/duplicate-subject");
470
+ }
471
+
472
+ async function testVerifyResponseTamperedDigest() {
473
+ // A validly-signed assertion whose signed bytes are then mutated must be
474
+ // refused: the recomputed digest no longer matches the signed DigestValue.
475
+ var idp = await _mintRsaCert("idp.example");
476
+ var sp = _realSp(idp);
477
+ var goodB64 = _buildSignedResponse(idp, { tag: "tamper", nameId: "alice@example.com" });
478
+ var xml = Buffer.from(goodB64, "base64").toString("utf8").replace("alice@example.com", "mallory@evil.example");
479
+ var code = _verifyCode(sp, b64(xml));
480
+ check("verify: tampering signed content → digest-mismatch",
481
+ code === "auth-saml/digest-mismatch");
482
+ }
483
+
484
+ // ---------------------------------------------------------------------------
485
+ // SLO — HTTP-Redirect build/parse validation
486
+ // ---------------------------------------------------------------------------
487
+
488
+ function testLogoutRequestValidation() {
489
+ var sp = _fakeSp();
490
+ check("buildLogoutRequest: missing nameId → no-nameid",
491
+ _codeOf(function () { sp.buildLogoutRequest({ sessionIndex: "_s" }); }) === "auth-saml/no-nameid");
492
+ check("buildLogoutRequest: non-object opts → bad-opts",
493
+ _codeOf(function () { sp.buildLogoutRequest("nope"); }) === "auth-saml/bad-opts");
494
+ var unknownCode = _codeOf(function () { sp.buildLogoutRequest({ nameId: "a", bogus: 1 }); });
495
+ check("buildLogoutRequest: unknown opt is refused", /unknown option/.test(unknownCode));
496
+ }
497
+
498
+ function testLogoutResponseValidation() {
499
+ var sp = _fakeSp();
500
+ check("buildLogoutResponse: missing inResponseTo → no-in-response-to",
501
+ _codeOf(function () { sp.buildLogoutResponse({ destination: IDP_SLO_URL }); }) === "auth-saml/no-in-response-to");
502
+ check("buildLogoutResponse: missing destination → no-destination",
503
+ _codeOf(function () { sp.buildLogoutResponse({ inResponseTo: "_x" }); }) === "auth-saml/no-destination");
504
+ }
505
+
506
+ function testParseLogoutRequestValidation() {
507
+ var sp = _fakeSp();
508
+ check("parseLogoutRequest: non-string input → no-saml-request",
509
+ _codeOf(function () { sp.parseLogoutRequest(123); }) === "auth-saml/no-saml-request");
510
+ check("parseLogoutRequest: undeflatable base64 → bad-saml-request",
511
+ _codeOf(function () { sp.parseLogoutRequest(b64("this is not deflate-raw data")); }) === "auth-saml/bad-saml-request");
512
+ }
513
+
514
+ function testLogoutResponseRoundTrip() {
515
+ var sp = _fakeSp();
516
+ // buildLogoutResponse produces the redirect; extract + parse the SAMLResponse.
517
+ var built = sp.buildLogoutResponse({ inResponseTo: "_orig-1", destination: IDP_SLO_URL });
518
+ var samlResp = decodeURIComponent(built.redirectUrl.split("?")[1].split("&")[0].slice("SAMLResponse=".length));
519
+ var parsed = sp.parseLogoutResponse(samlResp, { expectedInResponseTo: "_orig-1" });
520
+ check("parseLogoutResponse: default status → success true", parsed.success === true);
521
+ check("parseLogoutResponse: InResponseTo round-trips", parsed.inResponseTo === "_orig-1");
522
+ check("parseLogoutResponse: issuer is the SP entityId", parsed.issuer === SP_ENTITY_ID);
523
+
524
+ check("parseLogoutResponse: non-string input → no-saml-response",
525
+ _codeOf(function () { sp.parseLogoutResponse(null); }) === "auth-saml/no-saml-response");
526
+ check("parseLogoutResponse: expectedInResponseTo mismatch → inresponseto-mismatch",
527
+ _codeOf(function () { sp.parseLogoutResponse(samlResp, { expectedInResponseTo: "_different" }); })
528
+ === "auth-saml/inresponseto-mismatch");
529
+
530
+ // A non-Success statusCode surfaces success=false.
531
+ var failBuilt = sp.buildLogoutResponse({
532
+ inResponseTo: "_orig-2", destination: IDP_SLO_URL,
533
+ statusCode: "urn:oasis:names:tc:SAML:2.0:status:Requester",
534
+ });
535
+ var failResp = decodeURIComponent(failBuilt.redirectUrl.split("?")[1].split("&")[0].slice("SAMLResponse=".length));
536
+ check("parseLogoutResponse: non-Success statusCode → success false",
537
+ sp.parseLogoutResponse(failResp).success === false);
538
+ }
539
+
540
+ // ---------------------------------------------------------------------------
541
+ // SLO — HTTP-POST + SOAP bindings (embedded XMLDSig)
542
+ // ---------------------------------------------------------------------------
543
+
544
+ function testLogoutRequestPostRoundTrip() {
545
+ var sp = _fakeSp();
546
+ var kp = pq.ml_dsa_65.keygen();
547
+ var post = sp.buildLogoutRequestPost({
548
+ nameId: "alice@idp", sessionIndex: "_s-9", signingKey: kp.secretKey, signingAlg: "ml-dsa-65",
549
+ });
550
+ check("buildLogoutRequestPost: action is the IdP SLO URL", post.action === IDP_SLO_URL);
551
+ check("buildLogoutRequestPost: formHtml auto-submits SAMLRequest",
552
+ post.formHtml.indexOf("name=\"SAMLRequest\"") !== -1 && post.formHtml.indexOf("document.forms[0].submit()") !== -1);
553
+ var parsed = sp.parseLogoutRequestPost(post.samlRequest, {
554
+ idpVerifyKey: kp.publicKey, idpVerifyAlg: "ml-dsa-65",
555
+ });
556
+ check("POST SLO round-trip: nameId recovered", parsed.nameId === "alice@idp");
557
+ check("POST SLO round-trip: sessionIndex recovered", parsed.sessionIndex === "_s-9");
558
+ check("POST SLO round-trip: id recovered", parsed.id === post.id);
559
+
560
+ // Negative control — a different verify key refuses (the embedded XMLDSig
561
+ // gate is live), proving the round-trip pass above is a real verification.
562
+ check("POST SLO: wrong verify key → bad-signature",
563
+ _codeOf(function () {
564
+ sp.parseLogoutRequestPost(post.samlRequest, {
565
+ idpVerifyKey: pq.ml_dsa_65.keygen().publicKey, idpVerifyAlg: "ml-dsa-65",
566
+ });
567
+ }) === "auth-saml/bad-signature");
568
+ }
569
+
570
+ function testParseLogoutRequestPostValidation() {
571
+ var sp = _fakeSp();
572
+ check("parseLogoutRequestPost: non-string input → bad-input",
573
+ _codeOf(function () { sp.parseLogoutRequestPost(42); }) === "auth-saml/bad-input");
574
+ check("parseLogoutRequestPost: wrong root element → wrong-root",
575
+ _codeOf(function () { sp.parseLogoutRequestPost(b64("<samlp:Foo " + P_NS + "/>")); }) === "auth-saml/wrong-root");
576
+ }
577
+
578
+ function testLogoutRequestSoapShape() {
579
+ var sp = _fakeSp();
580
+ var soap = sp.buildLogoutRequestSoap({ nameId: "a@idp" });
581
+ check("buildLogoutRequestSoap: action is the IdP SLO URL", soap.action === IDP_SLO_URL);
582
+ check("buildLogoutRequestSoap: body is a SOAP envelope wrapping the LogoutRequest",
583
+ soap.body.indexOf("soapenv:Envelope") !== -1 &&
584
+ soap.body.indexOf("soapenv:Body") !== -1 &&
585
+ soap.body.indexOf("<samlp:LogoutRequest") !== -1);
586
+ }
587
+
588
+ function testParseLogoutResponseSoap() {
589
+ var sp = _fakeSp();
590
+ // Build a LogoutResponse XML (via buildLogoutResponse.raw) and wrap it in a
591
+ // SOAP envelope, then drive the public parse path.
592
+ var lr = sp.buildLogoutResponse({ inResponseTo: "_orig-soap", destination: IDP_SLO_URL });
593
+ var envelope = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
594
+ "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
595
+ "<soapenv:Body>" + lr.raw + "</soapenv:Body></soapenv:Envelope>";
596
+ var parsed = sp.parseLogoutResponseSoap(envelope);
597
+ check("parseLogoutResponseSoap: unwraps Body + reports success", parsed.success === true);
598
+ check("parseLogoutResponseSoap: InResponseTo recovered", parsed.inResponseTo === "_orig-soap");
599
+
600
+ check("parseLogoutResponseSoap: non-string input → bad-input",
601
+ _codeOf(function () { sp.parseLogoutResponseSoap(0); }) === "auth-saml/bad-input");
602
+ check("parseLogoutResponseSoap: non-Envelope root → bad-soap",
603
+ _codeOf(function () { sp.parseLogoutResponseSoap("<foo/>"); }) === "auth-saml/bad-soap");
604
+ check("parseLogoutResponseSoap: empty Body → bad-soap",
605
+ _codeOf(function () {
606
+ sp.parseLogoutResponseSoap("<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
607
+ "<soapenv:Body></soapenv:Body></soapenv:Envelope>");
608
+ }) === "auth-saml/bad-soap");
609
+ }
610
+
611
+ // ---------------------------------------------------------------------------
612
+ // fetchMdq — synchronous input validation (throws before any network I/O)
613
+ // ---------------------------------------------------------------------------
614
+
615
+ async function testFetchMdqInputValidation() {
616
+ async function mdqCode(o) {
617
+ try { await b.auth.saml.fetchMdq(o); return "NO-THROW"; }
618
+ catch (e) { return e.code || e.message; }
619
+ }
620
+ check("fetchMdq: non-object opts refused", (await mdqCode(null)) === "BAD_OPT");
621
+ check("fetchMdq: missing baseUrl → no-mdq-base", (await mdqCode({ entityId: IDP_ENTITY_ID })) === "auth-saml/no-mdq-base");
622
+ check("fetchMdq: missing entityId → no-mdq-entity", (await mdqCode({ baseUrl: "https://mdq.example" })) === "auth-saml/no-mdq-entity");
623
+ }
624
+
625
+ async function run() {
626
+ // create()
627
+ testCreateRequiredFields();
628
+ testCreateRejectsBadOpts();
629
+ // buildAuthnRequest
630
+ testAuthnRequestShapeAndRelayState();
631
+ testAuthnRequestNameIdPolicy();
632
+ testAuthnRequestQuerySeparator();
633
+ testAuthnRequestAttributeEscaping();
634
+ // metadata
635
+ testMetadata();
636
+ testMetadataSlo();
637
+ // verifyResponse — pre-signature
638
+ testVerifyResponseInputValidation();
639
+ testVerifyResponseStatus();
640
+ testVerifyResponseXswStructural();
641
+ testVerifyResponseNoAssertionAndUnsigned();
642
+ testVerifyResponseEncryptedWithoutKey();
643
+ // verifyResponse — signed path
644
+ await testVerifyResponseHappyPath();
645
+ await testVerifyResponseInResponseTo();
646
+ await testVerifyResponseWrongIssuer();
647
+ await testVerifyResponseAudience();
648
+ await testVerifyResponseConditionsExpired();
649
+ await testVerifyResponseDuplicateSubjectXsw();
650
+ await testVerifyResponseTamperedDigest();
651
+ // SLO redirect
652
+ testLogoutRequestValidation();
653
+ testLogoutResponseValidation();
654
+ testParseLogoutRequestValidation();
655
+ testLogoutResponseRoundTrip();
656
+ // SLO POST / SOAP
657
+ testLogoutRequestPostRoundTrip();
658
+ testParseLogoutRequestPostValidation();
659
+ testLogoutRequestSoapShape();
660
+ testParseLogoutResponseSoap();
661
+ // fetchMdq
662
+ await testFetchMdqInputValidation();
663
+ }
664
+
665
+ if (require.main === module) {
666
+ run().then(function () {
667
+ console.log("OK — " + helpers.getChecks() + " checks passed");
668
+ process.exit(0);
669
+ }).catch(function (e) { console.error(e && e.stack || e); process.exit(1); });
670
+ }
671
+ module.exports = { run: run };