@blamejs/core 0.13.42 → 0.13.44

package/lib/archive-read.js

@@ -214,10 +214,11 @@ async function _readCentralDirectory(adapter, eocd) {
       "multi-disk archives are not supported (diskNumber=" + eocd.diskNumber + ")");
   }
   if (eocd.totalEntries === 0xffff || eocd.cdSize === 0xffffffff || eocd.cdOffset === 0xffffffff) {
-    // ZIP64 sentinel — not supported in v0.12.7. Will land in a
-    // follow-up patch when an operator surfaces a need.
+    // ZIP64 sentinel — unsupported. Archives at >4 GiB / >65535 entries
+    // use tar instead (the escape hatch); ZIP64 read support is deferred
+    // until an operator surfaces a need.
     throw new ArchiveReadError("archive-read/zip64-unsupported",
-      "ZIP64 archives are not supported in v0.12.7 (operators at >4 GiB / >65535 entries should switch to tar — lands v0.12.8)");
+      "ZIP64 archives are unsupported (operators at >4 GiB / >65535 entries should switch to tar)");
   }
   if (eocd.cdSize === 0 || eocd.totalEntries === 0) {
     return [];
@@ -256,7 +257,7 @@ async function _readCentralDirectory(adapter, eocd) {
     }
     if (compressedSize === 0xffffffff || uncompressedSize === 0xffffffff || lfhOffset === 0xffffffff) {
       throw new ArchiveReadError("archive-read/zip64-unsupported",
-        "central directory entry " + n + " carries ZIP64 sentinel sizes (not supported in v0.12.7)");
+        "central directory entry " + n + " carries ZIP64 sentinel sizes (unsupported — use tar for >4 GiB / >65535 entries)");
     }
     // ZIP names are CP437 or UTF-8 (per FLAG_UTF8_NAME bit). Decode
     // as UTF-8 unconditionally — Codex P2 territory if operators in
@@ -425,7 +426,7 @@ async function _decompressEntry(adapter, entry, dataStart, bombPolicy) {
   }
   throw new ArchiveReadError("archive-read/unsupported-method",
     "entry " + JSON.stringify(entry.name) + " uses method=" + entry.method +
-    " — only STORE (0) and DEFLATE (8) supported in v0.12.7");
+    " — only STORE (0) and DEFLATE (8) are supported");
 }
 
 // ---- Public read.zip factory ---------------------------------------------
@@ -668,8 +669,10 @@ function zip(adapter, opts) {
         // entry-type policy opts in.
         if (entry.isEncrypted && !extractOpts.allowEncrypted) {
           throw new ArchiveReadError("archive-read/encrypted-entry",
-            "entry " + JSON.stringify(entry.name) + " is encrypted — " +
-            "v0.12.7 does not decrypt; Flavor 1/2/3 land v0.12.10/v0.12.11");
+            "entry " + JSON.stringify(entry.name) + " is encrypted — this " +
+            "low-level reader does not decrypt; use b.safeArchive for " +
+            "encrypted-archive handling, or pass allowEncrypted to extract " +
+            "the raw entry");
         }
         var typeRefusal = _enforceEntryTypePolicy(entry, entryTypePolicy);
         if (typeRefusal) {

package/lib/arg-parser.js

@@ -53,17 +53,17 @@ function _isPlainNonEmpty(s) {
 
 function _validateFlagName(name) {
   if (!_isPlainNonEmpty(name)) {
-    throw new ArgParserError("argParser/flag-name-invalid",
+    throw new ArgParserError("arg-parser/flag-name-invalid",
       "flag name must be a non-empty string");
   }
   if (FORBIDDEN_NAMES.indexOf(name) !== -1) {
-    throw new ArgParserError("argParser/flag-name-forbidden",
+    throw new ArgParserError("arg-parser/flag-name-forbidden",
       "flag name '" + name + "' is reserved");
   }
   // ASCII-only kebab-/snake-case identifier. Keeps every flag name safe
   // to embed in help text and prevents `--foo$bar=baz` style oddities.
   if (!/^[a-zA-Z][a-zA-Z0-9_-]*$/.test(name)) {
-    throw new ArgParserError("argParser/flag-name-shape",
+    throw new ArgParserError("arg-parser/flag-name-shape",
       "flag name '" + name + "' must match [a-zA-Z][a-zA-Z0-9_-]*");
   }
 }
@@ -71,26 +71,26 @@ function _validateFlagName(name) {
 function _validateAlias(alias, ownerName) {
   if (alias === undefined || alias === null) return;
   if (typeof alias !== "string" || alias.length !== 1 || !/^[a-zA-Z]$/.test(alias)) {
-    throw new ArgParserError("argParser/alias-shape",
+    throw new ArgParserError("arg-parser/alias-shape",
       "flag '" + ownerName + "' alias must be a single letter [a-zA-Z]");
   }
 }
 
 function _validateFlagSpec(spec, ownerLabel) {
   if (!spec || typeof spec !== "object") {
-    throw new ArgParserError("argParser/flag-spec-invalid",
+    throw new ArgParserError("arg-parser/flag-spec-invalid",
       ownerLabel + ": flag spec must be an object");
   }
   _validateFlagName(spec.name);
   _validateAlias(spec.alias, spec.name);
   var type = spec.type || "string";
   if (SUPPORTED_TYPES.indexOf(type) === -1) {
-    throw new ArgParserError("argParser/flag-type-unsupported",
+    throw new ArgParserError("arg-parser/flag-type-unsupported",
       ownerLabel + ": flag '" + spec.name +
       "' type '" + type + "' must be one of " + SUPPORTED_TYPES.join(", "));
   }
   if (spec.description !== undefined && typeof spec.description !== "string") {
-    throw new ArgParserError("argParser/flag-description-invalid",
+    throw new ArgParserError("arg-parser/flag-description-invalid",
       ownerLabel + ": flag '" + spec.name + "' description must be a string");
   }
 }
@@ -101,7 +101,7 @@ function _coerceValue(spec, raw, label) {
   if (type === "number") {
     var n = Number(raw);
     if (!isFinite(n)) {
-      throw new ArgParserError("argParser/value-not-number",
+      throw new ArgParserError("arg-parser/value-not-number",
         label + " '" + spec.name + "' expected a number, got " + JSON.stringify(raw));
     }
     return n;
@@ -112,7 +112,7 @@ function _coerceValue(spec, raw, label) {
     var s = String(raw).toLowerCase();
     if (s === "true" || s === "1" || s === "yes")  return true;
     if (s === "false" || s === "0" || s === "no")  return false;
-    throw new ArgParserError("argParser/value-not-boolean",
+    throw new ArgParserError("arg-parser/value-not-boolean",
       label + " '" + spec.name + "' expected boolean, got " + JSON.stringify(raw));
   }
   if (type === "list") {
@@ -121,7 +121,7 @@ function _coerceValue(spec, raw, label) {
     return s2.indexOf(",") === -1 ? [s2] : s2.split(",");
   }
   // Unreachable: validated at create-time.
-  throw new ArgParserError("argParser/type-unreachable",
+  throw new ArgParserError("arg-parser/type-unreachable",
     "unsupported flag type '" + type + "'");
 }
 
@@ -132,13 +132,13 @@ function _buildFlagIndex(flagSpecs, ownerLabel) {
     var spec = flagSpecs[i];
     _validateFlagSpec(spec, ownerLabel);
     if (byName[spec.name]) {
-      throw new ArgParserError("argParser/flag-duplicate",
+      throw new ArgParserError("arg-parser/flag-duplicate",
         ownerLabel + ": flag '" + spec.name + "' declared twice");
     }
     byName[spec.name] = spec;
     if (spec.alias) {
       if (byAlias[spec.alias]) {
-        throw new ArgParserError("argParser/alias-duplicate",
+        throw new ArgParserError("arg-parser/alias-duplicate",
           ownerLabel + ": alias '-" + spec.alias + "' declared twice");
       }
       byAlias[spec.alias] = spec;
@@ -232,12 +232,12 @@ function _renderCommandHelp(parser, command) {
 // command-name (the first non-flag token, when commands are configured).
 function _splitArgv(parser, argv) {
   if (!Array.isArray(argv)) {
-    throw new ArgParserError("argParser/argv-not-array",
+    throw new ArgParserError("arg-parser/argv-not-array",
       "argv must be an array of strings");
   }
   for (var n = 0; n < argv.length; n++) {
     if (typeof argv[n] !== "string") {
-      throw new ArgParserError("argParser/argv-element-not-string",
+      throw new ArgParserError("arg-parser/argv-element-not-string",
         "argv[" + n + "] must be a string");
     }
   }
@@ -256,7 +256,7 @@ function _splitArgv(parser, argv) {
       if (!parser.commands.byName[name]) {
         // Surface help / version as built-ins even when no command matches.
         if (name === "help") return { command: "__help__", pre: argv.slice(0, i), rest: argv.slice(i + 1) };
-        throw new ArgParserError("argParser/unknown-command",
+        throw new ArgParserError("arg-parser/unknown-command",
           "unknown command '" + name + "'");
       }
       return { command: name, pre: argv.slice(0, i), rest: argv.slice(i + 1) };
@@ -299,7 +299,7 @@ function _consumeFlags(index, tokens) {
     if (tok.indexOf("--") === 0) {
       var rest = tok.slice(2);
       if (FORBIDDEN_NAMES.indexOf(rest.split("=")[0]) !== -1) {
-        throw new ArgParserError("argParser/argv-forbidden-name",
+        throw new ArgParserError("arg-parser/argv-forbidden-name",
           "flag '--" + rest.split("=")[0] + "' is reserved");
       }
       var eq = rest.indexOf("=");
@@ -313,7 +313,7 @@ function _consumeFlags(index, tokens) {
       }
       spec = index.byName[nm];
       if (!spec) {
-        throw new ArgParserError("argParser/unknown-flag",
+        throw new ArgParserError("arg-parser/unknown-flag",
           "unknown flag '--" + nm + "'");
       }
     } else if (tok.indexOf("-") === 0 && tok.length >= 2) {
@@ -329,12 +329,12 @@ function _consumeFlags(index, tokens) {
         ach = alias;
       }
       if (ach.length !== 1) {
-        throw new ArgParserError("argParser/short-flag-shape",
+        throw new ArgParserError("arg-parser/short-flag-shape",
           "short flag '" + tok + "' must be a single letter (use --long-form for multi-char names)");
       }
       spec = index.byAlias[ach];
       if (!spec) {
-        throw new ArgParserError("argParser/unknown-alias",
+        throw new ArgParserError("arg-parser/unknown-alias",
           "unknown short flag '-" + ach + "'");
       }
     } else {
@@ -349,7 +349,7 @@ function _consumeFlags(index, tokens) {
     } else {
       if (!hasInlineValue) {
         if (i + 1 >= tokens.length) {
-          throw new ArgParserError("argParser/value-missing",
+          throw new ArgParserError("arg-parser/value-missing",
             "flag '--" + spec.name + "' requires a value");
         }
         rawValue = tokens[++i];
@@ -377,7 +377,7 @@ function _applyDefaultsAndRequired(specs, flags, ownerLabel) {
   for (var k = 0; k < specs.length; k++) {
     var s = specs[k];
     if (s.required && flags[s.name] === undefined) {
-      throw new ArgParserError("argParser/missing-required",
+      throw new ArgParserError("arg-parser/missing-required",
         ownerLabel + ": flag '--" + s.name + "' is required");
     }
   }
@@ -385,23 +385,23 @@ function _applyDefaultsAndRequired(specs, flags, ownerLabel) {
 
 function _validateCommandSpec(cmd) {
   if (!cmd || typeof cmd !== "object") {
-    throw new ArgParserError("argParser/command-spec-invalid",
+    throw new ArgParserError("arg-parser/command-spec-invalid",
       "command spec must be an object");
   }
   if (!_isPlainNonEmpty(cmd.name)) {
-    throw new ArgParserError("argParser/command-name-invalid",
+    throw new ArgParserError("arg-parser/command-name-invalid",
       "command name must be a non-empty string");
   }
   if (!/^[a-zA-Z][a-zA-Z0-9_-]*$/.test(cmd.name)) {
-    throw new ArgParserError("argParser/command-name-shape",
+    throw new ArgParserError("arg-parser/command-name-shape",
       "command name '" + cmd.name + "' must match [a-zA-Z][a-zA-Z0-9_-]*");
   }
   if (cmd.handler !== undefined && typeof cmd.handler !== "function") {
-    throw new ArgParserError("argParser/command-handler-not-function",
+    throw new ArgParserError("arg-parser/command-handler-not-function",
       "command '" + cmd.name + "' handler must be a function");
   }
   if (cmd.description !== undefined && typeof cmd.description !== "string") {
-    throw new ArgParserError("argParser/command-description-invalid",
+    throw new ArgParserError("arg-parser/command-description-invalid",
       "command '" + cmd.name + "' description must be a string");
   }
 }
@@ -465,29 +465,29 @@ function _validateCommandSpec(cmd) {
  */
 function create(opts) {
   if (!opts || typeof opts !== "object") {
-    throw new ArgParserError("argParser/opts-required",
+    throw new ArgParserError("arg-parser/opts-required",
       "argParser.create requires an opts object");
   }
   var programName = opts.programName;
   if (programName !== undefined && typeof programName !== "string") {
-    throw new ArgParserError("argParser/program-name-invalid",
+    throw new ArgParserError("arg-parser/program-name-invalid",
       "programName must be a string");
   }
   var description = opts.description;
   if (description !== undefined && typeof description !== "string") {
-    throw new ArgParserError("argParser/description-invalid",
+    throw new ArgParserError("arg-parser/description-invalid",
       "description must be a string");
   }
   var topFlagsSpec = opts.flags || [];
   if (!Array.isArray(topFlagsSpec)) {
-    throw new ArgParserError("argParser/flags-not-array",
+    throw new ArgParserError("arg-parser/flags-not-array",
       "flags must be an array");
   }
   var topFlags = _buildFlagIndex(topFlagsSpec, "top-level");
 
   var commandsSpec = opts.commands || [];
   if (!Array.isArray(commandsSpec)) {
-    throw new ArgParserError("argParser/commands-not-array",
+    throw new ArgParserError("arg-parser/commands-not-array",
       "commands must be an array");
   }
   var commandsByName = Object.create(null);
@@ -496,12 +496,12 @@ function create(opts) {
     var c = commandsSpec[i];
     _validateCommandSpec(c);
     if (commandsByName[c.name]) {
-      throw new ArgParserError("argParser/command-duplicate",
+      throw new ArgParserError("arg-parser/command-duplicate",
         "command '" + c.name + "' declared twice");
     }
     var cmdFlagsSpec = c.flags || [];
     if (!Array.isArray(cmdFlagsSpec)) {
-      throw new ArgParserError("argParser/command-flags-not-array",
+      throw new ArgParserError("arg-parser/command-flags-not-array",
         "command '" + c.name + "' flags must be an array");
     }
     var cmdFlags = _buildFlagIndex(cmdFlagsSpec, "command '" + c.name + "'");
@@ -526,7 +526,7 @@ function create(opts) {
     if (commandName) {
       var cmd = commandsByName[commandName];
       if (!cmd) {
-        throw new ArgParserError("argParser/help-unknown-command",
+        throw new ArgParserError("arg-parser/help-unknown-command",
           "no command named '" + commandName + "'");
       }
       return _renderCommandHelp(parser, cmd);
@@ -645,7 +645,7 @@ function create(opts) {
  */
 function parseRaw(argv) {
   if (!Array.isArray(argv)) {
-    throw new ArgParserError("argParser/argv-not-array",
+    throw new ArgParserError("arg-parser/argv-not-array",
       "argv must be an array of strings");
   }
   var pos = [];
@@ -653,7 +653,7 @@ function parseRaw(argv) {
   for (var i = 0; i < argv.length; i++) {
     var tok = argv[i];
     if (typeof tok !== "string") {
-      throw new ArgParserError("argParser/argv-element-not-string",
+      throw new ArgParserError("arg-parser/argv-element-not-string",
         "argv[" + i + "] must be a string");
     }
     if (tok === "--") {
@@ -673,14 +673,14 @@ function parseRaw(argv) {
         val = true;
       }
       if (FORBIDDEN_NAMES.indexOf(name) !== -1) {
-        throw new ArgParserError("argParser/argv-forbidden-name",
+        throw new ArgParserError("arg-parser/argv-forbidden-name",
           "flag '--" + name + "' is reserved");
       }
       flags[name] = val;
     } else if (tok.indexOf("-") === 0 && tok.length === 2) {
       var s = tok.slice(1);
       if (FORBIDDEN_NAMES.indexOf(s) !== -1) {
-        throw new ArgParserError("argParser/argv-forbidden-name",
+        throw new ArgParserError("arg-parser/argv-forbidden-name",
           "flag '-" + s + "' is reserved");
       }
       flags[s] = true;

package/lib/audit-sign.js

@@ -178,13 +178,13 @@ var pendingNewKeyAlg = null;
 async function init(opts) {
   if (initialized) return;
   if (!opts || !opts.dataDir) {
-    throw new AuditSignError("auditSign/bad-init",
+    throw new AuditSignError("audit-sign/bad-init",
       "auditSign.init({ dataDir }) is required");
   }
 
   var mode = (opts.mode || "wrapped").toLowerCase();
   if (mode !== "wrapped" && mode !== "plaintext") {
-    throw new AuditSignError("auditSign/bad-mode",
+    throw new AuditSignError("audit-sign/bad-mode",
       "auditSign.init: mode must be 'wrapped' or 'plaintext'");
   }
   // Algorithm-on-generate. Validated against the supported list so
@@ -192,7 +192,7 @@ async function init(opts) {
   // deeper in nodeCrypto.
   var alg = (opts.algorithm || DEFAULT_SIGNING_ALG).toLowerCase();
   if (SUPPORTED_SIGNING_ALGS.indexOf(alg) === -1) {
-    throw new AuditSignError("auditSign/bad-algorithm",
+    throw new AuditSignError("audit-sign/bad-algorithm",
       "auditSign.init: algorithm must be one of " +
       SUPPORTED_SIGNING_ALGS.join(", ") + " (got: " + alg + ")");
   }
@@ -341,7 +341,7 @@ async function _initFirstRunWrapped() {
 
 function _requireInit() {
   if (!initialized) {
-    throw new AuditSignError("auditSign/not-initialized",
+    throw new AuditSignError("audit-sign/not-initialized",
       "auditSign.init() must be awaited before sign/verify");
   }
 }

package/lib/auth/acr-vocabulary.js

@@ -144,14 +144,14 @@ function register(opts) {
   opts = opts || {};
   validateOpts(opts, ["value", "rank"], "auth.acr.register");
   validateOpts.requireNonEmptyString(opts.value, "register: value",
-    AuthError, "auth-stepUp/bad-acr");
+    AuthError, "auth-step-up/bad-acr");
   if (typeof opts.rank !== "number" || !isFinite(opts.rank)) {
-    throw new AuthError("auth-stepUp/bad-rank",
+    throw new AuthError("auth-step-up/bad-rank",
       "auth.acr.register: rank must be a finite number — got " +
       JSON.stringify(opts.rank));
   }
   if (opts.rank < 0 || opts.rank > 100) {
-    throw new AuthError("auth-stepUp/bad-rank",
+    throw new AuthError("auth-step-up/bad-rank",
       "auth.acr.register: rank must be in [0, 100] — got " + opts.rank);
   }
   _registry[opts.value] = opts.rank;
@@ -192,7 +192,7 @@ function meets(presented, required) {
   var rp = rankOf(presented);
   var rr = rankOf(required);
   if (rr === -1) {
-    throw new AuthError("auth-stepUp/unknown-acr",
+    throw new AuthError("auth-step-up/unknown-acr",
       "auth.acr.meets: required acr is not registered (call b.auth.acr.register first): " +
       JSON.stringify(required));
   }

package/lib/auth/auth-time-tracker.js

@@ -58,7 +58,7 @@ function ageSec(claims, now) {
 
 function freshEnough(claims, maxAgeSec, now) {
   if (typeof maxAgeSec !== "number" || !isFinite(maxAgeSec) || maxAgeSec < 0) {
-    throw new AuthError("auth-stepUp/bad-max-age",
+    throw new AuthError("auth-step-up/bad-max-age",
       "auth.authTime.freshEnough: maxAgeSec must be a finite number >= 0 — got " +
       JSON.stringify(maxAgeSec));
   }

package/lib/auth/elevation-grant.js

@@ -58,7 +58,7 @@ function _ensureSigningKey() {
 
 function setSigningKey(keyBuffer) {
   if (!Buffer.isBuffer(keyBuffer) || keyBuffer.length < MIN_KEY_BYTES) {
-    throw new AuthError("auth-stepUp/bad-key",
+    throw new AuthError("auth-step-up/bad-key",
       "auth.stepUp.grant.setSigningKey: keyBuffer must be a Buffer of >= " +
       MIN_KEY_BYTES + " bytes");
   }
@@ -92,37 +92,37 @@ function create(opts) {
     "ttlSec", "audience", "now",
   ], "auth.stepUp.grant.create");
   validateOpts.requireNonEmptyString(opts.subject,
-    "grant.create: subject", AuthError, "auth-stepUp/bad-grant");
+    "grant.create: subject", AuthError, "auth-step-up/bad-grant");
   validateOpts.requireNonEmptyString(opts.scope,
-    "grant.create: scope", AuthError, "auth-stepUp/bad-grant");
+    "grant.create: scope", AuthError, "auth-step-up/bad-grant");
   if (opts.acr != null) {
     validateOpts.requireNonEmptyString(opts.acr,
-      "grant.create: acr", AuthError, "auth-stepUp/bad-grant");
+      "grant.create: acr", AuthError, "auth-step-up/bad-grant");
   }
   if (opts.amr != null) {
     if (!Array.isArray(opts.amr)) {
-      throw new AuthError("auth-stepUp/bad-grant",
+      throw new AuthError("auth-step-up/bad-grant",
         "grant.create: amr must be an array — got " + typeof opts.amr);
     }
     for (var i = 0; i < opts.amr.length; i += 1) {
       if (typeof opts.amr[i] !== "string") {
-        throw new AuthError("auth-stepUp/bad-grant",
+        throw new AuthError("auth-step-up/bad-grant",
           "grant.create: amr[" + i + "] must be a string");
       }
     }
   }
   if (opts.audience != null) {
     validateOpts.requireNonEmptyString(opts.audience,
-      "grant.create: audience", AuthError, "auth-stepUp/bad-grant");
+      "grant.create: audience", AuthError, "auth-step-up/bad-grant");
   }
   var ttlSec = (typeof opts.ttlSec === "number") ? opts.ttlSec : DEFAULT_TTL_SEC;
   if (!isFinite(ttlSec) || ttlSec < MIN_TTL_SEC) {
-    throw new AuthError("auth-stepUp/bad-grant",
+    throw new AuthError("auth-step-up/bad-grant",
       "grant.create: ttlSec must be a finite number >= " +
       MIN_TTL_SEC + " — got " + JSON.stringify(opts.ttlSec));
   }
   if (ttlSec > MAX_TTL_SEC) {
-    throw new AuthError("auth-stepUp/bad-grant",
+    throw new AuthError("auth-step-up/bad-grant",
       "grant.create: ttlSec must be <= " + MAX_TTL_SEC +
       " (1h hard ceiling) — got " + ttlSec);
   }
@@ -247,7 +247,7 @@ function revoke(jti, opts) {
   opts = opts || {};
   validateOpts(opts, ["reason"], "auth.stepUp.grant.revoke");
   if (typeof jti !== "string" || jti.length === 0) {
-    throw new AuthError("auth-stepUp/bad-jti",
+    throw new AuthError("auth-step-up/bad-jti",
       "grant.revoke: jti must be a non-empty string — got " + JSON.stringify(jti));
   }
   _revokedSet[jti] = true;

package/lib/auth/step-up-policy.js

@@ -59,7 +59,7 @@ function _mkNode(spec) {
 }
 
 function acr(value) {
-  validateOpts.requireNonEmptyString(value, "policy.acr: value", AuthError, "auth-stepUp/bad-acr");
+  validateOpts.requireNonEmptyString(value, "policy.acr: value", AuthError, "auth-step-up/bad-acr");
   return _mkNode({
     kind:  "acr",
     value: value,
@@ -76,12 +76,12 @@ function acr(value) {
 
 function acrAny(values) {
   if (!Array.isArray(values) || values.length === 0) {
-    throw new AuthError("auth-stepUp/bad-policy",
+    throw new AuthError("auth-step-up/bad-policy",
       "policy.acrAny: values must be a non-empty array");
   }
   for (var i = 0; i < values.length; i += 1) {
     validateOpts.requireNonEmptyString(values[i],
-      "policy.acrAny: values[" + i + "]", AuthError, "auth-stepUp/bad-acr");
+      "policy.acrAny: values[" + i + "]", AuthError, "auth-step-up/bad-acr");
   }
   var copy = values.slice();
   return _mkNode({
@@ -100,12 +100,12 @@ function acrAny(values) {
 
 function amr(required) {
   if (!Array.isArray(required) || required.length === 0) {
-    throw new AuthError("auth-stepUp/bad-policy",
+    throw new AuthError("auth-step-up/bad-policy",
       "policy.amr: required must be a non-empty array");
   }
   for (var i = 0; i < required.length; i += 1) {
     validateOpts.requireNonEmptyString(required[i],
-      "policy.amr: required[" + i + "]", AuthError, "auth-stepUp/bad-amr");
+      "policy.amr: required[" + i + "]", AuthError, "auth-step-up/bad-amr");
   }
   var copy = required.slice();
   return _mkNode({
@@ -138,7 +138,7 @@ function phishingResistant() {
 
 function maxAge(seconds) {
   if (typeof seconds !== "number" || !isFinite(seconds) || seconds < 0) {
-    throw new AuthError("auth-stepUp/bad-policy",
+    throw new AuthError("auth-step-up/bad-policy",
       "policy.maxAge: seconds must be a finite number >= 0 — got " +
       JSON.stringify(seconds));
   }
@@ -157,9 +157,9 @@ function maxAge(seconds) {
 }
 
 function custom(name, fn) {
-  validateOpts.requireNonEmptyString(name, "policy.custom: name", AuthError, "auth-stepUp/bad-policy");
+  validateOpts.requireNonEmptyString(name, "policy.custom: name", AuthError, "auth-step-up/bad-policy");
   if (typeof fn !== "function") {
-    throw new AuthError("auth-stepUp/bad-policy",
+    throw new AuthError("auth-step-up/bad-policy",
       "policy.custom: fn must be a function — got " + typeof fn);
   }
   return _mkNode({
@@ -171,7 +171,7 @@ function custom(name, fn) {
       return { ok: ok, atom: "custom:" + name, reason: ok ? null : "custom predicate '" + name + "' returned false" };
     },
     _toReq: function () {
-      throw new AuthError("auth-stepUp/policy-no-challenge",
+      throw new AuthError("auth-step-up/policy-no-challenge",
         "policy.custom: cannot translate to RFC 9470 challenge — wrap in .or() with a translatable atom or use .middleware({ requirement: ... })");
     },
   });
@@ -231,7 +231,7 @@ function _not(inner) {
       return { ok: !i.ok, atom: "not(" + i.atom + ")", reason: i.ok ? "not(" + i.atom + ") matched" : null };
     },
     _toReq: function () {
-      throw new AuthError("auth-stepUp/policy-no-challenge",
+      throw new AuthError("auth-step-up/policy-no-challenge",
         "policy.not: cannot translate to RFC 9470 challenge");
     },
   });
@@ -241,7 +241,7 @@ function _mergeAnd(a, b) {
   var out = {};
   if (a.acr || b.acr) {
     if (a.acr && b.acr && a.acr !== b.acr) {
-      throw new AuthError("auth-stepUp/policy-conflict",
+      throw new AuthError("auth-step-up/policy-conflict",
         "policy.and: conflicting acr requirements " +
         JSON.stringify(a.acr) + " and " + JSON.stringify(b.acr));
     }
@@ -311,7 +311,7 @@ var PRESETS = {
 
 function preset(name) {
   if (!Object.prototype.hasOwnProperty.call(PRESETS, name)) {
-    throw new AuthError("auth-stepUp/bad-preset",
+    throw new AuthError("auth-step-up/bad-preset",
       "policy.preset: unknown preset " + JSON.stringify(name) +
       " — valid presets: " + Object.keys(PRESETS).join(", "));
   }