@blamejs/core 0.11.5 → 0.11.17

package/index.js

@@ -119,6 +119,7 @@ var safeSql = require("./lib/safe-sql");
 var chainWriter = require("./lib/chain-writer");
 var safeBuffer = require("./lib/safe-buffer");
 var safeDecompress = require("./lib/safe-decompress").safeDecompress;
+var safeMountInfo = require("./lib/safe-mount-info");
 var lazyRequire = require("./lib/lazy-require");
 var frameworkError = require("./lib/framework-error");
 var nistCrosswalk = require("./lib/nist-crosswalk");
@@ -456,6 +457,7 @@ module.exports = {
   chainWriter:      chainWriter,
   safeBuffer:       safeBuffer,
   safeDecompress:   safeDecompress,
+  safeMountInfo:    safeMountInfo,
   lazyRequire:      lazyRequire,
   frameworkError:   frameworkError,
   httpClient:       httpClient,

package/lib/audit.js

@@ -74,8 +74,8 @@ var log = boot("audit");
 // audit critical path — b.audit.record() must return, emit/safeEmit
 // drains must not stall behind it. On timeout the shadow record is
 // dropped (audit.shadow_timeout observability event) and the
-// framework chain row remains committed. CLAUDE.md rule §5 drop-
-// silent posture for hot-path observability sinks.
+// framework chain row remains committed — audit emission MUST NOT
+// crash or stall the request that triggered it.
 var EXTERNAL_STORE_TIMEOUT_MS = C.TIME.seconds(30);
 
 // External shadow store registered via `b.audit.useStore({ record })`.
@@ -88,11 +88,11 @@ var EXTERNAL_STORE_TIMEOUT_MS = C.TIME.seconds(30);
 // the operator's record receives the fully-formed row (logical fields +
 // `_id` + `recordedAt` + `monotonicCounter` + `prevHash` + `rowHash`).
 //
-// Shadow failures are drop-silent (rule §5 — hot-path observability
-// sinks must not crash the path that emitted them). An audit-shadow
-// failure surfaces via `b.observability` as `audit.shadow_failed`; the
-// framework chain row still committed and downstream verifyChain still
-// works against the framework store.
+// Shadow failures are drop-silent — hot-path observability sinks
+// must not crash the path that emitted them. An audit-shadow
+// failure surfaces via `b.observability` as `audit.shadow_failed`;
+// the framework chain row still committed and downstream
+// verifyChain still works against the framework store.
 var _externalStore = null;
 
 // Per-operation timeout for framework-state SQL. A misbehaving
@@ -481,8 +481,9 @@ async function record(event) {
       var appended = await _chainWriter.append(logical);
       // Operator-registered shadow store: replicate the fully-formed
       // row to an immutable external destination. Drop-silent on
-      // failure (rule §5) — the framework chain is authoritative and
-      // already committed; the shadow is a best-effort archival.
+      // failure — the framework chain is authoritative and already
+      // committed; the shadow is a best-effort archival, and an
+      // unreachable destination must not crash the audit caller.
       // The operator's record receives the SAME object the framework
       // returns to its caller, so external consumers see identical
       // hashes / counters / ids for cross-store reconciliation.
@@ -547,10 +548,10 @@ async function record(event) {
  * or `audit.shadow_timeout` (cap exceeded) with `{ action,
  * monotonicCounter, error, timeoutMs }` metadata, and the framework
  * chain append still succeeds (the row is durable in the framework's
- * own table; the shadow is a best-effort archival). This is the
- * rule §5 drop-silent posture for hot-path observability sinks — an
- * unreachable / hanging shadow MUST NOT crash or stall the request
- * path that triggered the audit attempt.
+ * own table; the shadow is a best-effort archival). Hot-path
+ * observability sinks emit drop-silent — an unreachable / hanging
+ * shadow MUST NOT crash or stall the request path that triggered
+ * the audit attempt.
  *
  * Call this once at boot, BEFORE the first `b.audit.record` /
  * `b.audit.emit` / `b.audit.safeEmit`. Switching stores on a running

package/lib/auth/oid4vci.js

@@ -451,10 +451,11 @@ function create(opts) {
           "exchangePreAuthorizedCode: tx_code required (offer mandates it)");
       }
       var txHash = sha3Hash("oid4vci-tx:" + eopts.txCode);
-      // Constant-time compare on the hashed tx_code (audit 2026-05-11
-      // — was `!==` on fixed-width sha3 hex; per CLAUDE.md rule §5
-      // every framework-internal compare against attacker-controlled
-      // input routes through timingSafeEqual).
+      // Constant-time compare on the hashed tx_code — `===` on a
+      // hex digest leaks per-byte timing under attacker-controlled
+      // input. Every framework compare against attacker-influenced
+      // bytes routes through timingSafeEqual regardless of the
+      // operand length being fixed.
       if (!timingSafeEqual(txHash, entry.txCodeHash)) {
         // Don't consume on failure — wallet may be retrying. Operator
         // attaches their own attempt counter / lockout via b.auth.lockout.

package/lib/compliance.js

@@ -1087,8 +1087,9 @@ var POSTURE_DEFAULTS = Object.freeze({
   // being certified for the ML-KEM / ML-DSA primitives upstream.
   //
   // Conflict resolution: PQC-first remains the framework default
-  // (CLAUDE.md rule §2 — never weaken security middleware), but
-  // operators in a FedRAMP boundary opt into `fipsMode: true` to
+  // — the framework refuses to weaken security middleware to fit a
+  // posture flag. Operators in a FedRAMP boundary opt into
+  // `fipsMode: true` to
   // switch `b.audit.sign` from SLH-DSA-SHAKE-256f to FIPS-validated
   // AES-GCM + SHA-384 for the audit-chain signing path. The runtime
   // emits a `compliance.posture.fips_conflict` audit warning when

package/lib/crypto.js

@@ -52,7 +52,9 @@ var C = require("./constants");
 // Circular: audit imports b.crypto for sha3Hash + envelope sign. Lazy-
 // load the audit module so the legacy-envelope decrypt path can emit
 // `system.crypto.decrypt.allow_legacy` events without an inline
-// require() inside setImmediate (top-of-file requires per rule §3).
+// require() inside setImmediate. (The framework's convention is
+// top-of-file require() except where a documented circular-load
+// reason forces lazy-load; this is one of those reasons.)
 var lazyRequire = require("./lazy-require");
 var audit       = lazyRequire(function () { return require("./audit"); });
 // safe-buffer hosts the canonical hasCrlf(s) helper used by every

package/lib/safe-decompress.js

@@ -266,7 +266,7 @@ function safeDecompress(input, opts) {
   return out;
 }
 
-// Drop-silent audit emission per rule §5: refuse-emit is best-effort,
+// Drop-silent audit emission — refuse-emit is best-effort,
 // failures here don't crash the operator's path. Then throw the typed
 // error so the caller's catch block decides downstream.
 function _refuse(opts, code, message, originalError) {
@@ -283,7 +283,7 @@ function _refuse(opts, code, message, originalError) {
           reason:    message,
         },
       });
-    } catch (_e) { /* drop-silent per rule §5 */ }
+    } catch (_e) { /* drop-silent — observability is itself hot-path */ }
   }
   var err = new SafeDecompressError(code, message);
   if (originalError) err.cause = originalError;

package/lib/safe-mount-info.js

@@ -0,0 +1,306 @@
+"use strict";
+/**
+ * @module     b.safeMountInfo
+ * @nav        Primitives
+ * @title      Safe MountInfo
+ * @order      131
+ * @slug       safe-mount-info
+ *
+ * @card
+ *   Canonical /proc/self/mountinfo parser that always reads field 4
+ *   (root-within-source-FS) — defeats the bind-mount detection bug
+ *   class where ad-hoc parsers picked the wrong field.
+ *
+ * @intro
+ *   Linux `/proc/self/mountinfo` is the per-process kernel-published
+ *   mount table. The format is fixed per [kernel
+ *   Documentation/filesystems/proc.rst §3.5](https://www.kernel.org/doc/Documentation/filesystems/proc.txt):
+ *
+ *     <id> <parent> <major:minor> <root> <mountpoint> <options>
+ *     [<optional-fields>...] - <fstype> <source> <super-options>
+ *
+ *   The `<root>` field (positional index 3, 0-based) is "root within
+ *   source FS" — `"/"` for a regular mount, a non-root path for a
+ *   bind-mount (e.g. `/Users/me/data` mounted onto `/data` inside a
+ *   container). Bind-mount detection MUST consult this field; ad-hoc
+ *   parsers that scan the options string for the word "bind" miss
+ *   the truth (kernel doesn't emit "bind" as an option — bind state
+ *   is observable ONLY via field 4).
+ *
+ *   Pre-v0.11.6 the only lib/ caller (lib/watcher.js) parsed mountinfo
+ *   correctly inline. Future callers — container-escape detection,
+ *   sealed-store path validation, sandbox auto-probe — would have to
+ *   re-derive the discipline. This primitive centralizes it: a
+ *   single canonical parser that ALWAYS reads field 4, ALWAYS
+ *   handles the `" - "` optional-fields separator, ALWAYS skips
+ *   malformed lines without throwing.
+ *
+ *   Refusal posture:
+ *     - `safe-mount-info/read-failed`     — /proc/self/mountinfo
+ *       unreadable (non-Linux, restricted sandbox, host filesystem
+ *       hidden). Operators get the typed error AND opts.fallback
+ *       value (default null) to take.
+ *     - `safe-mount-info/parse-failed`    — single malformed line
+ *       within /proc/self/mountinfo. Silent-skip (per-line) by
+ *       default; opts.strict: true upgrades to throw on first
+ *       malformed line.
+ *
+ *   Threat model:
+ *     - **Container-escape detection** (CVE-2019-5736 Docker /
+ *       CVE-2022-0185 fsconfig / CVE-2024-21626 leaky-vessels) —
+ *       bind-mount + root-field analysis is the canonical signal.
+ *       Wrong-field readers (operations on field 5 / 6 / options-
+ *       indexOf-"bind") miss escape-attempt patterns.
+ *     - **Sealed-store integrity** — sealed dbs / vault state
+ *       atop a bind-mounted host directory cross trust boundaries
+ *       on container restart. Detection requires reading field 4
+ *       and matching the mount-point against operator-trusted paths.
+ *
+ *   Composes:
+ *     - lib/safe-decompress / lib/audit — operator-supplied audit
+ *       handle receives `system.safe_mount_info.refused` events on
+ *       read-failed and parse-failed (drop-silent — observability emission must not crash the hot path that emitted the event).
+ *
+ * RFC / kernel-doc citations:
+ *   - [Linux Documentation/filesystems/proc.rst §3.5 — /proc/<pid>/mountinfo](https://www.kernel.org/doc/Documentation/filesystems/proc.txt)
+ *   - [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) — runc leaky-vessels (bind-mount detection)
+ *   - [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185) — fsconfig integer underflow
+ */
+
+var nodeFs = require("node:fs");
+var lazyRequire = require("./lazy-require");
+var validateOpts = require("./validate-opts");
+var numericBounds = require("./numeric-bounds");
+var { defineClass } = require("./framework-error");
+
+var audit = lazyRequire(function () { return require("./audit"); });
+
+var SafeMountInfoError = defineClass("SafeMountInfoError", { alwaysPermanent: true });
+
+var DEFAULT_PATH = "/proc/self/mountinfo";
+
+/**
+ * @primitive b.safeMountInfo.parse
+ * @signature b.safeMountInfo.parse(text, opts?)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.read, b.safeMountInfo.bestMatch
+ *
+ * Parse `/proc/self/mountinfo` text bytes into structured entries.
+ * Each entry carries `{ id, parent, devMajMin, root, mountPoint,
+ * options, fstype, source, superOptions }` — `root` is the
+ * positional field 4 ("root within source FS") that bind-mount
+ * detection requires.
+ *
+ * Malformed lines are skipped by default (operator's mountinfo MAY
+ * contain a stray line during a concurrent mount/unmount). Set
+ * `opts.strict: true` to throw on first malformed line.
+ *
+ * @opts
+ *   strict:  boolean,        // default false; throw on malformed line
+ *   maxLines: number,        // default 4096; cap to bound parser work
+ *
+ * @example
+ *   var entries = b.safeMountInfo.parse(rawText);
+ *   var bindMounts = entries.filter(function (e) { return e.root !== "/"; });
+ */
+function parse(text, opts) {
+  opts = opts || {};
+  validateOpts(opts, ["strict", "maxLines"], "safeMountInfo.parse");
+  if (typeof text !== "string") {
+    throw new SafeMountInfoError(
+      "safe-mount-info/bad-input",
+      "safeMountInfo.parse: text must be a string");
+  }
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxLines,
+    "safeMountInfo.parse: opts.maxLines",
+    SafeMountInfoError, "safe-mount-info/bad-arg");
+  var maxLines = (typeof opts.maxLines === "number") ? opts.maxLines : 4096;         // allow:raw-byte-literal — line cap matches max kernel-published mount count
+  var strict = opts.strict === true;
+  var lines  = text.split("\n");
+  // `text.split("\n").length` counts the trailing empty segment that
+  // `/proc/self/mountinfo` produces with its final newline. Adjust
+  // the count so the cap reflects ACTUAL records, not segments —
+  // otherwise exactly-`maxLines` valid records gets rejected as
+  // `too-many-lines` because the segment count is `maxLines + 1`.
+  var trailingEmpty = (lines.length > 0 && lines[lines.length - 1] === "");
+  var recordCount = trailingEmpty ? lines.length - 1 : lines.length;
+  if (recordCount > maxLines) {
+    throw new SafeMountInfoError(
+      "safe-mount-info/too-many-lines",
+      "safeMountInfo.parse: mountinfo has " + recordCount +
+      " lines, exceeds maxLines " + maxLines);
+  }
+  var out = [];
+  for (var i = 0; i < lines.length; i += 1) {
+    var ln = lines[i];
+    if (!ln) continue;
+    // Format: <id> <parent> <major:minor> <root> <mountpoint> <options>
+    //         [<optional-fields>...] - <fstype> <source> <super-options>
+    // The separator " - " divides the optional-fields half from the
+    // post-fields half.
+    var sepIdx = ln.indexOf(" - ");
+    if (sepIdx === -1) {
+      if (strict) {
+        throw new SafeMountInfoError(
+          "safe-mount-info/parse-failed",
+          "safeMountInfo.parse: line " + (i + 1) + " missing ' - ' separator");
+      }
+      continue;
+    }
+    var preFields  = ln.slice(0, sepIdx).split(" ");
+    var postFields = ln.slice(sepIdx + 3).split(" ");
+    if (preFields.length < 6 || postFields.length < 1) {                             // allow:raw-byte-literal — kernel-mandated minimum field counts
+      if (strict) {
+        throw new SafeMountInfoError(
+          "safe-mount-info/parse-failed",
+          "safeMountInfo.parse: line " + (i + 1) + " has " + preFields.length +
+          " pre-fields, " + postFields.length + " post-fields (need >=6, >=1)");
+      }
+      continue;
+    }
+    out.push({
+      id:           preFields[0],
+      parent:       preFields[1],
+      devMajMin:    preFields[2],
+      root:         preFields[3],                                                    // *** field 4 (0-indexed 3) — bind-mount detection
+      mountPoint:   preFields[4],
+      options:      preFields[5],
+      // optional-fields (variable length, between [6] and the " - ")
+      // are exposed via `optionalFields` for advanced callers.
+      optionalFields: preFields.slice(6, preFields.length).filter(function (f) { return f.length > 0; }),
+      fstype:       postFields[0],
+      source:       postFields[1] || null,
+      superOptions: postFields[2] || null,
+    });
+  }
+  return out;
+}
+
+/**
+ * @primitive b.safeMountInfo.read
+ * @signature b.safeMountInfo.read(opts?)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.parse, b.safeMountInfo.bestMatch
+ *
+ * Read + parse `/proc/self/mountinfo` in one call. Returns the same
+ * array shape as `parse(text)`. On non-Linux platforms (where /proc
+ * doesn't exist) returns `opts.fallback` (default `null`); audit
+ * emission per `safe-mount-info.refused` with code `read-failed`.
+ *
+ * @opts
+ *   path:     string,        // override path (default /proc/self/mountinfo)
+ *   fallback: any,           // returned on read failure (default null)
+ *   audit:    object,        // optional b.audit handle for refusal events
+ *   strict:   boolean,       // forwarded to parse()
+ *   maxLines: number,        // forwarded to parse()
+ *
+ * @example
+ *   var entries = b.safeMountInfo.read();
+ *   if (entries === null) {
+ *     // non-Linux / sandboxed / no /proc
+ *   }
+ */
+function read(opts) {
+  opts = opts || {};
+  validateOpts(opts,
+    ["path", "fallback", "audit", "strict", "maxLines"],
+    "safeMountInfo.read");
+  var path = typeof opts.path === "string" && opts.path.length > 0
+    ? opts.path
+    : DEFAULT_PATH;
+  var text;
+  try { text = nodeFs.readFileSync(path, "utf8"); }
+  catch (e) {
+    _refuseEmit(opts, "safe-mount-info/read-failed",
+      "/proc/self/mountinfo unreadable: " + ((e && e.message) || String(e)));
+    return ("fallback" in opts) ? opts.fallback : null;
+  }
+  return parse(text, opts);
+}
+
+/**
+ * @primitive b.safeMountInfo.bestMatch
+ * @signature b.safeMountInfo.bestMatch(entries, path)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.read, b.safeMountInfo.isBindMount
+ *
+ * Find the mountinfo entry whose `mountPoint` is the longest prefix
+ * of `path`. Returns `null` when no entry covers `path`. The "longest
+ * prefix" semantic is what bind-mount detection / sealed-store-path
+ * validation needs — a mounted subdir wins over the root mount.
+ *
+ * @example
+ *   var entries  = b.safeMountInfo.read();
+ *   var atPath   = b.safeMountInfo.bestMatch(entries, "/var/lib/blamejs");
+ *   if (atPath && atPath.root !== "/") {
+ *     // path lives on a bind-mount (potentially crossing host/guest)
+ *   }
+ */
+function bestMatch(entries, path) {
+  if (!Array.isArray(entries) || entries.length === 0) return null;
+  if (typeof path !== "string" || path.length === 0) return null;
+  var best = null;
+  var bestLen = -1;
+  for (var i = 0; i < entries.length; i += 1) {
+    var e = entries[i];
+    if (!e || typeof e.mountPoint !== "string" || e.mountPoint.length === 0) continue;
+    var mp = e.mountPoint;
+    if (path === mp ||
+        (path.length > mp.length &&
+         path.indexOf(mp) === 0 &&
+         (mp === "/" || path.charCodeAt(mp.length) === 47 /* "/" */))) {              // allow:raw-byte-literal — ASCII forward-slash
+      if (mp.length > bestLen) {
+        bestLen = mp.length;
+        best = e;
+      }
+    }
+  }
+  return best;
+}
+
+/**
+ * @primitive b.safeMountInfo.isBindMount
+ * @signature b.safeMountInfo.isBindMount(entry)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.bestMatch
+ *
+ * `true` when the mountinfo entry's `root` field is something other
+ * than `"/"` (i.e. the mount is a bind from a non-root path within
+ * the source filesystem). The canonical bind-mount test — does NOT
+ * consult the options string (the kernel doesn't emit "bind" there).
+ *
+ * @example
+ *   var entries = b.safeMountInfo.read();
+ *   var atData  = b.safeMountInfo.bestMatch(entries, "/data");
+ *   var isBind  = b.safeMountInfo.isBindMount(atData);
+ */
+function isBindMount(entry) {
+  if (!entry || typeof entry !== "object") return false;
+  return typeof entry.root === "string" && entry.root.length > 0 && entry.root !== "/";
+}
+
+function _refuseEmit(opts, code, message) {
+  var auditImpl = opts.audit || (audit() && audit().safeEmit ? audit() : null);
+  if (auditImpl && typeof auditImpl.safeEmit === "function") {
+    try {
+      auditImpl.safeEmit({
+        action:   "system.safe_mount_info.refused",
+        outcome:  "denied",
+        metadata: { code: code, reason: message },
+      });
+    } catch (_e) { /* drop-silent — observability emission must not crash the hot path that emitted the event */ }
+  }
+}
+
+module.exports = {
+  parse:                  parse,
+  read:                   read,
+  bestMatch:              bestMatch,
+  isBindMount:            isBindMount,
+  SafeMountInfoError:     SafeMountInfoError,
+  DEFAULT_PATH:           DEFAULT_PATH,
+};

package/lib/subject.js

@@ -634,9 +634,9 @@ function _subjectHash(subjectId) {
 }
 
 function _writeAudit(action, subjectId, outcome, metadata) {
-  // recordSafe — audit failure must not roll back the subject mutation
-  // that already touched the database. Drop-silent per CLAUDE.md rule
-  // §5 (hot-path audit sinks): swallow any throw from audit.emit so a
+  // recordSafe — audit failure must not roll back the subject
+  // mutation that already touched the database. Hot-path audit
+  // sinks are drop-silent: swallow any throw from audit.emit so a
   // misconfigured sink doesn't crash a partially-committed subject
   // mutation. Errors surface via the audit sink's own logger.
   try {

package/lib/watcher.js

@@ -49,6 +49,7 @@ var nodeFs   = require("node:fs");
 var nodePath = require("node:path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
+var safeMountInfo = require("./safe-mount-info");
 var { WatcherError } = require("./framework-error");
 
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -240,50 +241,19 @@ function _detectAutoMode(rootPath) {
   try { inContainer = nodeFs.existsSync("/.dockerenv"); }
   catch (_e) { inContainer = false; }
 
-  var mountInfoRaw = null;
-  try { mountInfoRaw = nodeFs.readFileSync("/proc/self/mountinfo", "utf8"); }
-  catch (_e) { mountInfoRaw = null; }
-
-  if (!mountInfoRaw) {
-    // No mountinfo available — fall back to fs. Operator can still
-    // override explicitly via mode: "poll".
+  // Route through b.safeMountInfo — single canonical parser that
+  // ALWAYS reads field 4 ("root within source FS") for the bind-
+  // mount check below. Pre-v0.11.6 this parsed inline; centralizing
+  // it means future container-escape / sealed-store / sandbox call
+  // sites inherit the discipline.
+  var entries = safeMountInfo.read();
+  if (entries === null || entries.length === 0) {
     return { mode: "fs", reason: "no-mountinfo", fsType: null, inContainer: inContainer };
   }
-
-  // Find the mount whose mount-point is the longest prefix of rootPath.
-  var lines = mountInfoRaw.split("\n");
-  var bestMatch = null;
-  var bestLen   = -1;
-  for (var i = 0; i < lines.length; i += 1) {
-    var ln = lines[i];
-    if (!ln) continue;
-    // Format: <id> <parent> <major:minor> <root> <mountpoint> <options>
-    //         [<optional-fields>...] - <fstype> <source> <super-options>
-    // The separator " - " divides the optional-fields half from the post-fields half.
-    var sepIdx = ln.indexOf(" - ");
-    if (sepIdx === -1) continue;
-    var preFields  = ln.slice(0, sepIdx).split(" ");
-    var postFields = ln.slice(sepIdx + 3).split(" ");
-    if (preFields.length < 6 || postFields.length < 1) continue;
-    var rootField  = preFields[3];        // "/" for regular mount; bound-source path for bind
-    var mountPoint = preFields[4];
-    var fstype     = postFields[0];
-    if (typeof mountPoint !== "string" || mountPoint.length === 0) continue;
-    if (rootPath === mountPoint ||
-        (rootPath.length > mountPoint.length &&
-         rootPath.indexOf(mountPoint) === 0 &&
-         (mountPoint === "/" || rootPath.charCodeAt(mountPoint.length) === 47 /* / */))) {
-      if (mountPoint.length > bestLen) {
-        bestLen = mountPoint.length;
-        bestMatch = { mountPoint: mountPoint, rootField: rootField, fstype: fstype };
-      }
-    }
-  }
-
+  var bestMatch = safeMountInfo.bestMatch(entries, rootPath);
   if (!bestMatch) {
     return { mode: "fs", reason: "no-mount-match", fsType: null, inContainer: inContainer };
   }
-
   if (AUTO_PROBE_POLL_FSTYPES.has(bestMatch.fstype)) {
     return {
       mode:        "poll",
@@ -292,16 +262,12 @@ function _detectAutoMode(rootPath) {
       inContainer: inContainer,
     };
   }
-
-  // Bind-mount detection via mountinfo field 4 ("root"). For a regular
-  // mount this is "/" — the entire source filesystem is mounted. For a
-  // bind-mount it's the path within the source filesystem that was
-  // bound onto the mount point (e.g. "/Users/me/data" on a Docker
-  // Desktop bind from macOS). When we're inside a container AND the
-  // best-matching mount carries a non-"/" root, the mount is a bind
-  // and inotify chains across the host/guest boundary are unreliable.
-  // (Operator can still force fs via mode: "fs"; force poll via mode: "poll".)
-  if (inContainer && bestMatch.rootField && bestMatch.rootField !== "/") {
+  // Bind-mount detection via field 4 — `b.safeMountInfo.isBindMount`
+  // is the canonical predicate (does NOT consult options string;
+  // the kernel doesn't emit "bind" there). When we're inside a
+  // container AND the best-matching mount is a bind, inotify
+  // chains across the host/guest boundary are unreliable.
+  if (inContainer && safeMountInfo.isBindMount(bestMatch)) {
     return {
       mode:        "poll",
       reason:      "container-bind-mount",
@@ -309,7 +275,6 @@ function _detectAutoMode(rootPath) {
       inContainer: inContainer,
     };
   }
-
   return {
     mode:        "fs",
     reason:      "native-fs",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.11.5",
+  "version": "0.11.17",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -1,11 +1,11 @@
 {
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
-  "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8b0da807-db01-45a8-b301-744f3623a4e7",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:977499c0-aee7-4197-9b4d-c7af9fd7fda5",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-19T22:45:04.845Z",
+    "timestamp": "2026-05-20T16:28:06.450Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.11.5",
-      "type": "library",
+      "bom-ref": "@blamejs/core@0.11.17",
+      "type": "application",
       "name": "blamejs",
-      "version": "0.11.5",
+      "version": "0.11.17",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.11.5",
+      "purl": "pkg:npm/%40blamejs/core@0.11.17",
       "properties": [],
       "externalReferences": [
         {
@@ -54,8 +54,8 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.11.5",
+      "ref": "@blamejs/core@0.11.17",
       "dependsOn": []
     }
   ]
-}
+}