npm - @blamejs/core - Versions diffs - 0.11.5 → 0.11.6 - Mend

@blamejs/core 0.11.5 → 0.11.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 ## v0.11.x
+- v0.11.6 (2026-05-19) — **`b.safeMountInfo` — canonical `/proc/self/mountinfo` parser.** New operator-facing primitive at `lib/safe-mount-info.js` that centralizes the field-4 ("root within source FS") parse discipline that bind-mount detection requires. Exposes `b.safeMountInfo.parse(text)` / `read(opts)` / `bestMatch(entries, path)` / `isBindMount(entry)`. The `isBindMount` predicate is the canonical bind-mount test — it consults field 4 only, NOT the options string (the kernel doesn't emit "bind" as a mount option per [Linux Documentation/filesystems/proc.rst §3.5](https://www.kernel.org/doc/Documentation/filesystems/proc.txt); ad-hoc parsers that scan options for the word "bind" miss every real bind-mount). Refusal codes: `safe-mount-info/read-failed` (non-Linux / restricted sandbox; returns `opts.fallback` default `null`), `safe-mount-info/parse-failed` (single malformed line — silent-skip by default, `opts.strict: true` upgrades to throw), `safe-mount-info/too-many-lines` (line cap, default 4096), `safe-mount-info/bad-input` (non-string / non-positive-integer arg). Audit emission on every refusal as `system.safe_mount_info.refused` (drop-silent per [CLAUDE.md rule §5](https://github.com/blamejs/blamejs/blob/main/CLAUDE.md)). **Composition:** `lib/watcher.js` filesystem auto-probe now routes through `b.safeMountInfo.read() + bestMatch() + isBindMount()` instead of parsing inline — the single canonical parser means future container-escape detection / sealed-store path validation / sandbox auto-probe call sites inherit the discipline. **New codebase-patterns detector `mountinfo-not-via-safemountinfo`** flags direct `fs.readFileSync("/proc/self/mountinfo", ...)` in lib/ as a migration target; only `lib/safe-mount-info.js` itself reaches the kernel surface. Fuzz harness at `fuzz/safe-mount-info.fuzz.js` probes parse with adversarial bytes (malformed lines / oversize input / Unicode garbage / truncated headers). **References:** [Linux Documentation/filesystems/proc.rst §3.5](https://www.kernel.org/doc/Documentation/filesystems/proc.txt) · [CVE-2024-21626 runc leaky-vessels](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) · [CVE-2022-0185 fsconfig](https://nvd.nist.gov/vuln/detail/CVE-2022-0185).
 - v0.11.5 (2026-05-19) — **`b.safeDecompress(buf, opts)` — bomb-resistant decompression primitive.** New operator-facing primitive at `lib/safe-decompress.js` that centralizes the bounded-output / bounded-ratio defense the v0.10.15 `gunzip-without-output-size-cap` detector enforces per-call-site. Accepts `gzip` / `deflate` / `deflate-raw` (RFC 1951) / `brotli` under an explicit algorithm allowlist (unknown algorithms refuse with `safe-decompress/unsupported-algorithm`); refuses bomb-class input via zlib's own `maxOutputLength` BEFORE allocation; AFTER decompression checks `output.length / input.length` against `maxRatio` (default 50:1) and overwrites + drops the buffer if the ratio is exceeded so operator-facing paths never see the bomb bytes. Pre-decompression input cap (`maxCompressedBytes`, default 4 MiB) defends against very-large compressed payloads whose zlib parse alone is expensive. Refusal codes: `safe-decompress/output-too-large` / `ratio-exceeded` / `decompress-failed` / `empty-input` / `oversized-input` / `unsupported-algorithm` / `bad-arg` / `bad-input`. Operators wire `opts.audit` to receive the `system.safe_decompress.refused` event with `{ code, algorithm, ctx, reason }` metadata; emission is drop-silent per [CLAUDE.md rule §5](https://github.com/blamejs/blamejs/blob/main/CLAUDE.md). **Composition:** `lib/websocket.js` `_inflateMessage` now routes through `b.safeDecompress({ algorithm: "deflate-raw", maxRatio: 0, ... })` — WS already binds upstream via `maxMessageBytes` so the ratio cap is opt-out; future per-message-deflate sites adopt the same shape. Fuzz harness at `fuzz/safe-decompress.fuzz.js` probes the four-algorithm allowlist with adversarial bytes (bomb / malformed / truncated / bogus dictionary) to catch any uncaught error class outside the documented refusal surface. **References:** [RFC 1950 zlib](https://www.rfc-editor.org/rfc/rfc1950) · [RFC 1951 deflate](https://www.rfc-editor.org/rfc/rfc1951) · [RFC 1952 gzip](https://www.rfc-editor.org/rfc/rfc1952) · [RFC 7932 brotli](https://www.rfc-editor.org/rfc/rfc7932) · [CVE-2025-0725](https://nvd.nist.gov/vuln/detail/CVE-2025-0725) · [RFC 8460 §5.2 TLS-RPT decompression community guidance](https://www.rfc-editor.org/rfc/rfc8460#section-5.2).
 - v0.11.4 (2026-05-19) — **`b.audit.useStore({ record })` shadow store + WebSocket permessage-deflate bomb fix + 5 new codebase-patterns detectors + shape-matcher substrate.** **`b.audit.useStore({ record })`** registers an operator-supplied shadow store that receives a copy of every audit chain append AFTER the framework's tamper-evident chain commits. The operator's `record(row)` async function receives the fully-formed row — `{ _id, recordedAt, monotonicCounter, prevHash, rowHash, action, outcome, actorUserId, ..., metadata }` — so external destinations (AWS QLDB / Azure Confidential Ledger / Google Cloud Audit Logs / in-house WORM appliances / SIEM forwarders) see identical hashes for cross-store reconciliation. Shadow failures are drop-silent per [CLAUDE.md rule §5](https://github.com/blamejs/blamejs/blob/main/CLAUDE.md) — the framework chain is authoritative and already committed; an unreachable shadow surfaces via `b.observability` as the `audit.shadow_failed` event but never crashes the request path. Composes with HIPAA §164.312(b) / PCI-DSS Req 10.5.3 (separation-of-duties retention) / SOX §404 / SEC 17a-4 WORM postures. Pass `null` or `{ record: null }` to unregister. **WebSocket permessage-deflate bomb fix:** `lib/websocket.js` `_inflateMessage` previously called `zlib.inflateRawSync` without `maxOutputLength` — a malicious peer could ship a small compressed frame that exploded into gigabytes BEFORE the framework's post-decompression `maxMessageBytes` check ran. The inflate now passes `maxOutputLength: this.maxMessageBytes` so zlib refuses mid-decompress; same CVE-2024-zlib / CVE-2025-0725 amplification class the `gunzip-without-output-size-cap` detector defends elsewhere. **New codebase-patterns detectors:** (1) `test-promise-settimeout-sleep` (scans the `test/` tree — first detector under the new test-scope walker — for the `await new Promise(r => setTimeout(r, N))` shape forbidden by [CLAUDE.md §11b](https://github.com/blamejs/blamejs/blob/main/CLAUDE.md), with the migration backlog pre-allowlisted as a release-gate countdown); (2) `inflate-unzip-without-output-size-cap` (extends the v0.10.15 gunzip-cap detector to `zlib.inflateSync` / `inflateRawSync` / `unzipSync` / `createInflate` family — RFC 1951 deflate is the same bomb class); (3) `map-get-falsy-then-set-pre-node-26` (companion to `map-has-then-set-pre-node-26` — catches the `!M.get(k)` / `M.get(k) === undefined|null` semantically-identical variants); (4) `fs-existssync-then-read-toctou` (CodeQL `js/file-system-race` class — `fs.existsSync(p) + fs.readFile(p)` against the same path is symlink-swap-vulnerable; the canonical defense is `lib/atomic-file.js`'s open-by-fd-first pattern); (5) `buffer-from-string-on-auth-path` (flags `Buffer.from(String(x))` in `lib/` — auth-bearing sites become `b.safeBytes` migration targets in the next release). **Shape-matcher substrate** lands at `test/helpers/_shape-match.js` (test-only, never ships — `test/` is absent from package.json `files:` allowlist): token-aware traversal that tracks paren / brace / bracket depth + string / template-literal / regex / comment state, exposing `findCalls(source, calleeRegex)` / `findEnclosingTry(source, pos)` / `aliasesOf(source, chainRegex)`. Future releases convert the highest-bypass-risk regex-only detectors to AST-aware variants using this substrate, closing the class of regex-bypass via variable renaming / parens / line splits that surface-pattern detectors miss. **References:** [RFC 7692 §7.2.2 WebSocket permessage-deflate](https://www.rfc-editor.org/rfc/rfc7692#section-7.2.2) · [HIPAA §164.312(b) Audit Controls](https://www.law.cornell.edu/cfr/text/45/164.312) · [PCI-DSS v4.0 Req 10](https://www.pcisecuritystandards.org/) · [SEC 17a-4 WORM](https://www.sec.gov/files/rules/final/34-44238.pdf) · [SOX §404](https://www.sec.gov/about/laws/soa2002.pdf) · [CVE-2024-zlib decompression amplification](https://nvd.nist.gov/) · [CVE-2025-0725](https://nvd.nist.gov/vuln/detail/CVE-2025-0725) · [CodeQL js/file-system-race](https://codeql.github.com/codeql-query-help/javascript/js-file-system-race/).

package/index.js CHANGED Viewed

@@ -119,6 +119,7 @@ var safeSql = require("./lib/safe-sql");
 var chainWriter = require("./lib/chain-writer");
 var safeBuffer = require("./lib/safe-buffer");
 var safeDecompress = require("./lib/safe-decompress").safeDecompress;
+var safeMountInfo = require("./lib/safe-mount-info");
 var lazyRequire = require("./lib/lazy-require");
 var frameworkError = require("./lib/framework-error");
 var nistCrosswalk = require("./lib/nist-crosswalk");
@@ -456,6 +457,7 @@ module.exports = {
   chainWriter:      chainWriter,
   safeBuffer:       safeBuffer,
   safeDecompress:   safeDecompress,
+  safeMountInfo:    safeMountInfo,
   lazyRequire:      lazyRequire,
   frameworkError:   frameworkError,
   httpClient:       httpClient,

package/lib/safe-mount-info.js ADDED Viewed

@@ -0,0 +1,306 @@
+"use strict";
+/**
+ * @module     b.safeMountInfo
+ * @nav        Primitives
+ * @title      Safe MountInfo
+ * @order      131
+ * @slug       safe-mount-info
+ *
+ * @card
+ *   Canonical /proc/self/mountinfo parser that always reads field 4
+ *   (root-within-source-FS) — defeats the bind-mount detection bug
+ *   class where ad-hoc parsers picked the wrong field.
+ *
+ * @intro
+ *   Linux `/proc/self/mountinfo` is the per-process kernel-published
+ *   mount table. The format is fixed per [kernel
+ *   Documentation/filesystems/proc.rst §3.5](https://www.kernel.org/doc/Documentation/filesystems/proc.txt):
+ *
+ *     <id> <parent> <major:minor> <root> <mountpoint> <options>
+ *     [<optional-fields>...] - <fstype> <source> <super-options>
+ *
+ *   The `<root>` field (positional index 3, 0-based) is "root within
+ *   source FS" — `"/"` for a regular mount, a non-root path for a
+ *   bind-mount (e.g. `/Users/me/data` mounted onto `/data` inside a
+ *   container). Bind-mount detection MUST consult this field; ad-hoc
+ *   parsers that scan the options string for the word "bind" miss
+ *   the truth (kernel doesn't emit "bind" as an option — bind state
+ *   is observable ONLY via field 4).
+ *
+ *   Pre-v0.11.6 the only lib/ caller (lib/watcher.js) parsed mountinfo
+ *   correctly inline. Future callers — container-escape detection,
+ *   sealed-store path validation, sandbox auto-probe — would have to
+ *   re-derive the discipline. This primitive centralizes it: a
+ *   single canonical parser that ALWAYS reads field 4, ALWAYS
+ *   handles the `" - "` optional-fields separator, ALWAYS skips
+ *   malformed lines without throwing.
+ *
+ *   Refusal posture:
+ *     - `safe-mount-info/read-failed`     — /proc/self/mountinfo
+ *       unreadable (non-Linux, restricted sandbox, host filesystem
+ *       hidden). Operators get the typed error AND opts.fallback
+ *       value (default null) to take.
+ *     - `safe-mount-info/parse-failed`    — single malformed line
+ *       within /proc/self/mountinfo. Silent-skip (per-line) by
+ *       default; opts.strict: true upgrades to throw on first
+ *       malformed line.
+ *
+ *   Threat model:
+ *     - **Container-escape detection** (CVE-2019-5736 Docker /
+ *       CVE-2022-0185 fsconfig / CVE-2024-21626 leaky-vessels) —
+ *       bind-mount + root-field analysis is the canonical signal.
+ *       Wrong-field readers (operations on field 5 / 6 / options-
+ *       indexOf-"bind") miss escape-attempt patterns.
+ *     - **Sealed-store integrity** — sealed dbs / vault state
+ *       atop a bind-mounted host directory cross trust boundaries
+ *       on container restart. Detection requires reading field 4
+ *       and matching the mount-point against operator-trusted paths.
+ *
+ *   Composes:
+ *     - lib/safe-decompress / lib/audit — operator-supplied audit
+ *       handle receives `system.safe_mount_info.refused` events on
+ *       read-failed and parse-failed (drop-silent per rule §5).
+ *
+ * RFC / kernel-doc citations:
+ *   - [Linux Documentation/filesystems/proc.rst §3.5 — /proc/<pid>/mountinfo](https://www.kernel.org/doc/Documentation/filesystems/proc.txt)
+ *   - [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) — runc leaky-vessels (bind-mount detection)
+ *   - [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185) — fsconfig integer underflow
+ */
+var nodeFs = require("node:fs");
+var lazyRequire = require("./lazy-require");
+var validateOpts = require("./validate-opts");
+var numericBounds = require("./numeric-bounds");
+var { defineClass } = require("./framework-error");
+var audit = lazyRequire(function () { return require("./audit"); });
+var SafeMountInfoError = defineClass("SafeMountInfoError", { alwaysPermanent: true });
+var DEFAULT_PATH = "/proc/self/mountinfo";
+/**
+ * @primitive b.safeMountInfo.parse
+ * @signature b.safeMountInfo.parse(text, opts?)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.read, b.safeMountInfo.bestMatch
+ *
+ * Parse `/proc/self/mountinfo` text bytes into structured entries.
+ * Each entry carries `{ id, parent, devMajMin, root, mountPoint,
+ * options, fstype, source, superOptions }` — `root` is the
+ * positional field 4 ("root within source FS") that bind-mount
+ * detection requires.
+ *
+ * Malformed lines are skipped by default (operator's mountinfo MAY
+ * contain a stray line during a concurrent mount/unmount). Set
+ * `opts.strict: true` to throw on first malformed line.
+ *
+ * @opts
+ *   strict:  boolean,        // default false; throw on malformed line
+ *   maxLines: number,        // default 4096; cap to bound parser work
+ *
+ * @example
+ *   var entries = b.safeMountInfo.parse(rawText);
+ *   var bindMounts = entries.filter(function (e) { return e.root !== "/"; });
+ */
+function parse(text, opts) {
+  opts = opts || {};
+  validateOpts(opts, ["strict", "maxLines"], "safeMountInfo.parse");
+  if (typeof text !== "string") {
+    throw new SafeMountInfoError(
+      "safe-mount-info/bad-input",
+      "safeMountInfo.parse: text must be a string");
+  }
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxLines,
+    "safeMountInfo.parse: opts.maxLines",
+    SafeMountInfoError, "safe-mount-info/bad-arg");
+  var maxLines = (typeof opts.maxLines === "number") ? opts.maxLines : 4096;         // allow:raw-byte-literal — line cap matches max kernel-published mount count
+  var strict = opts.strict === true;
+  var lines  = text.split("\n");
+  // `text.split("\n").length` counts the trailing empty segment that
+  // `/proc/self/mountinfo` produces with its final newline. Adjust
+  // the count so the cap reflects ACTUAL records, not segments —
+  // otherwise exactly-`maxLines` valid records gets rejected as
+  // `too-many-lines` because the segment count is `maxLines + 1`.
+  var trailingEmpty = (lines.length > 0 && lines[lines.length - 1] === "");
+  var recordCount = trailingEmpty ? lines.length - 1 : lines.length;
+  if (recordCount > maxLines) {
+    throw new SafeMountInfoError(
+      "safe-mount-info/too-many-lines",
+      "safeMountInfo.parse: mountinfo has " + recordCount +
+      " lines, exceeds maxLines " + maxLines);
+  }
+  var out = [];
+  for (var i = 0; i < lines.length; i += 1) {
+    var ln = lines[i];
+    if (!ln) continue;
+    // Format: <id> <parent> <major:minor> <root> <mountpoint> <options>
+    //         [<optional-fields>...] - <fstype> <source> <super-options>
+    // The separator " - " divides the optional-fields half from the
+    // post-fields half.
+    var sepIdx = ln.indexOf(" - ");
+    if (sepIdx === -1) {
+      if (strict) {
+        throw new SafeMountInfoError(
+          "safe-mount-info/parse-failed",
+          "safeMountInfo.parse: line " + (i + 1) + " missing ' - ' separator");
+      }
+      continue;
+    }
+    var preFields  = ln.slice(0, sepIdx).split(" ");
+    var postFields = ln.slice(sepIdx + 3).split(" ");
+    if (preFields.length < 6 || postFields.length < 1) {                             // allow:raw-byte-literal — kernel-mandated minimum field counts
+      if (strict) {
+        throw new SafeMountInfoError(
+          "safe-mount-info/parse-failed",
+          "safeMountInfo.parse: line " + (i + 1) + " has " + preFields.length +
+          " pre-fields, " + postFields.length + " post-fields (need >=6, >=1)");
+      }
+      continue;
+    }
+    out.push({
+      id:           preFields[0],
+      parent:       preFields[1],
+      devMajMin:    preFields[2],
+      root:         preFields[3],                                                    // *** field 4 (0-indexed 3) — bind-mount detection
+      mountPoint:   preFields[4],
+      options:      preFields[5],
+      // optional-fields (variable length, between [6] and the " - ")
+      // are exposed via `optionalFields` for advanced callers.
+      optionalFields: preFields.slice(6, preFields.length).filter(function (f) { return f.length > 0; }),
+      fstype:       postFields[0],
+      source:       postFields[1] || null,
+      superOptions: postFields[2] || null,
+    });
+  }
+  return out;
+}
+/**
+ * @primitive b.safeMountInfo.read
+ * @signature b.safeMountInfo.read(opts?)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.parse, b.safeMountInfo.bestMatch
+ *
+ * Read + parse `/proc/self/mountinfo` in one call. Returns the same
+ * array shape as `parse(text)`. On non-Linux platforms (where /proc
+ * doesn't exist) returns `opts.fallback` (default `null`); audit
+ * emission per `safe-mount-info.refused` with code `read-failed`.
+ *
+ * @opts
+ *   path:     string,        // override path (default /proc/self/mountinfo)
+ *   fallback: any,           // returned on read failure (default null)
+ *   audit:    object,        // optional b.audit handle for refusal events
+ *   strict:   boolean,       // forwarded to parse()
+ *   maxLines: number,        // forwarded to parse()
+ *
+ * @example
+ *   var entries = b.safeMountInfo.read();
+ *   if (entries === null) {
+ *     // non-Linux / sandboxed / no /proc
+ *   }
+ */
+function read(opts) {
+  opts = opts || {};
+  validateOpts(opts,
+    ["path", "fallback", "audit", "strict", "maxLines"],
+    "safeMountInfo.read");
+  var path = typeof opts.path === "string" && opts.path.length > 0
+    ? opts.path
+    : DEFAULT_PATH;
+  var text;
+  try { text = nodeFs.readFileSync(path, "utf8"); }
+  catch (e) {
+    _refuseEmit(opts, "safe-mount-info/read-failed",
+      "/proc/self/mountinfo unreadable: " + ((e && e.message) || String(e)));
+    return ("fallback" in opts) ? opts.fallback : null;
+  }
+  return parse(text, opts);
+}
+/**
+ * @primitive b.safeMountInfo.bestMatch
+ * @signature b.safeMountInfo.bestMatch(entries, path)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.read, b.safeMountInfo.isBindMount
+ *
+ * Find the mountinfo entry whose `mountPoint` is the longest prefix
+ * of `path`. Returns `null` when no entry covers `path`. The "longest
+ * prefix" semantic is what bind-mount detection / sealed-store-path
+ * validation needs — a mounted subdir wins over the root mount.
+ *
+ * @example
+ *   var entries  = b.safeMountInfo.read();
+ *   var atPath   = b.safeMountInfo.bestMatch(entries, "/var/lib/blamejs");
+ *   if (atPath && atPath.root !== "/") {
+ *     // path lives on a bind-mount (potentially crossing host/guest)
+ *   }
+ */
+function bestMatch(entries, path) {
+  if (!Array.isArray(entries) || entries.length === 0) return null;
+  if (typeof path !== "string" || path.length === 0) return null;
+  var best = null;
+  var bestLen = -1;
+  for (var i = 0; i < entries.length; i += 1) {
+    var e = entries[i];
+    if (!e || typeof e.mountPoint !== "string" || e.mountPoint.length === 0) continue;
+    var mp = e.mountPoint;
+    if (path === mp ||
+        (path.length > mp.length &&
+         path.indexOf(mp) === 0 &&
+         (mp === "/" || path.charCodeAt(mp.length) === 47 /* "/" */))) {              // allow:raw-byte-literal — ASCII forward-slash
+      if (mp.length > bestLen) {
+        bestLen = mp.length;
+        best = e;
+      }
+    }
+  }
+  return best;
+}
+/**
+ * @primitive b.safeMountInfo.isBindMount
+ * @signature b.safeMountInfo.isBindMount(entry)
+ * @since     0.11.6
+ * @status    stable
+ * @related   b.safeMountInfo.bestMatch
+ *
+ * `true` when the mountinfo entry's `root` field is something other
+ * than `"/"` (i.e. the mount is a bind from a non-root path within
+ * the source filesystem). The canonical bind-mount test — does NOT
+ * consult the options string (the kernel doesn't emit "bind" there).
+ *
+ * @example
+ *   var entries = b.safeMountInfo.read();
+ *   var atData  = b.safeMountInfo.bestMatch(entries, "/data");
+ *   var isBind  = b.safeMountInfo.isBindMount(atData);
+ */
+function isBindMount(entry) {
+  if (!entry || typeof entry !== "object") return false;
+  return typeof entry.root === "string" && entry.root.length > 0 && entry.root !== "/";
+}
+function _refuseEmit(opts, code, message) {
+  var auditImpl = opts.audit || (audit() && audit().safeEmit ? audit() : null);
+  if (auditImpl && typeof auditImpl.safeEmit === "function") {
+    try {
+      auditImpl.safeEmit({
+        action:   "system.safe_mount_info.refused",
+        outcome:  "denied",
+        metadata: { code: code, reason: message },
+      });
+    } catch (_e) { /* drop-silent per rule §5 */ }
+  }
+}
+module.exports = {
+  parse:                  parse,
+  read:                   read,
+  bestMatch:              bestMatch,
+  isBindMount:            isBindMount,
+  SafeMountInfoError:     SafeMountInfoError,
+  DEFAULT_PATH:           DEFAULT_PATH,
+};

package/lib/watcher.js CHANGED Viewed

@@ -49,6 +49,7 @@ var nodeFs   = require("node:fs");
 var nodePath = require("node:path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
+var safeMountInfo = require("./safe-mount-info");
 var { WatcherError } = require("./framework-error");
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -240,50 +241,19 @@ function _detectAutoMode(rootPath) {
   try { inContainer = nodeFs.existsSync("/.dockerenv"); }
   catch (_e) { inContainer = false; }
-  var mountInfoRaw = null;
-  try { mountInfoRaw = nodeFs.readFileSync("/proc/self/mountinfo", "utf8"); }
-  catch (_e) { mountInfoRaw = null; }
-  if (!mountInfoRaw) {
-    // No mountinfo available — fall back to fs. Operator can still
-    // override explicitly via mode: "poll".
+  // Route through b.safeMountInfo — single canonical parser that
+  // ALWAYS reads field 4 ("root within source FS") for the bind-
+  // mount check below. Pre-v0.11.6 this parsed inline; centralizing
+  // it means future container-escape / sealed-store / sandbox call
+  // sites inherit the discipline.
+  var entries = safeMountInfo.read();
+  if (entries === null || entries.length === 0) {
     return { mode: "fs", reason: "no-mountinfo", fsType: null, inContainer: inContainer };
   }
-  // Find the mount whose mount-point is the longest prefix of rootPath.
-  var lines = mountInfoRaw.split("\n");
-  var bestMatch = null;
-  var bestLen   = -1;
-  for (var i = 0; i < lines.length; i += 1) {
-    var ln = lines[i];
-    if (!ln) continue;
-    // Format: <id> <parent> <major:minor> <root> <mountpoint> <options>
-    //         [<optional-fields>...] - <fstype> <source> <super-options>
-    // The separator " - " divides the optional-fields half from the post-fields half.
-    var sepIdx = ln.indexOf(" - ");
-    if (sepIdx === -1) continue;
-    var preFields  = ln.slice(0, sepIdx).split(" ");
-    var postFields = ln.slice(sepIdx + 3).split(" ");
-    if (preFields.length < 6 || postFields.length < 1) continue;
-    var rootField  = preFields[3];        // "/" for regular mount; bound-source path for bind
-    var mountPoint = preFields[4];
-    var fstype     = postFields[0];
-    if (typeof mountPoint !== "string" || mountPoint.length === 0) continue;
-    if (rootPath === mountPoint ||
-        (rootPath.length > mountPoint.length &&
-         rootPath.indexOf(mountPoint) === 0 &&
-         (mountPoint === "/" || rootPath.charCodeAt(mountPoint.length) === 47 /* / */))) {
-      if (mountPoint.length > bestLen) {
-        bestLen = mountPoint.length;
-        bestMatch = { mountPoint: mountPoint, rootField: rootField, fstype: fstype };
-      }
-    }
-  }
+  var bestMatch = safeMountInfo.bestMatch(entries, rootPath);
   if (!bestMatch) {
     return { mode: "fs", reason: "no-mount-match", fsType: null, inContainer: inContainer };
   }
   if (AUTO_PROBE_POLL_FSTYPES.has(bestMatch.fstype)) {
     return {
       mode:        "poll",
@@ -292,16 +262,12 @@ function _detectAutoMode(rootPath) {
       inContainer: inContainer,
     };
   }
-  // Bind-mount detection via mountinfo field 4 ("root"). For a regular
-  // mount this is "/" — the entire source filesystem is mounted. For a
-  // bind-mount it's the path within the source filesystem that was
-  // bound onto the mount point (e.g. "/Users/me/data" on a Docker
-  // Desktop bind from macOS). When we're inside a container AND the
-  // best-matching mount carries a non-"/" root, the mount is a bind
-  // and inotify chains across the host/guest boundary are unreliable.
-  // (Operator can still force fs via mode: "fs"; force poll via mode: "poll".)
-  if (inContainer && bestMatch.rootField && bestMatch.rootField !== "/") {
+  // Bind-mount detection via field 4 — `b.safeMountInfo.isBindMount`
+  // is the canonical predicate (does NOT consult options string;
+  // the kernel doesn't emit "bind" there). When we're inside a
+  // container AND the best-matching mount is a bind, inotify
+  // chains across the host/guest boundary are unreliable.
+  if (inContainer && safeMountInfo.isBindMount(bestMatch)) {
     return {
       mode:        "poll",
       reason:      "container-bind-mount",
@@ -309,7 +275,6 @@ function _detectAutoMode(rootPath) {
       inContainer: inContainer,
     };
   }
   return {
     mode:        "fs",
     reason:      "native-fs",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.11.5",
+  "version": "0.11.6",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json CHANGED Viewed

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8b0da807-db01-45a8-b301-744f3623a4e7",
+  "serialNumber": "urn:uuid:47f41007-66d3-47f2-ba7e-e47db1d7370f",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-19T22:45:04.845Z",
+    "timestamp": "2026-05-20T00:03:39.026Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.11.5",
+      "bom-ref": "@blamejs/core@0.11.6",
       "type": "library",
       "name": "blamejs",
-      "version": "0.11.5",
+      "version": "0.11.6",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.11.5",
+      "purl": "pkg:npm/%40blamejs/core@0.11.6",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.11.5",
+      "ref": "@blamejs/core@0.11.6",
       "dependsOn": []
     }
   ]