@blamejs/core 0.13.42 → 0.13.44

package/lib/auth/step-up.js

@@ -87,11 +87,11 @@ function _quote(value) {
   for (var i = 0; i < value.length; i += 1) {
     var code = value.charCodeAt(i);
     if (code < 32 || code === 127) {                                    // allow:raw-byte-literal — ASCII control codepoints
-      throw new AuthError("auth-stepUp/bad-challenge",
+      throw new AuthError("auth-step-up/bad-challenge",
         "challenge value contains control character at index " + i);
     }
     if (value.charAt(i) === '"' || value.charAt(i) === "\\") {
-      throw new AuthError("auth-stepUp/bad-challenge",
+      throw new AuthError("auth-step-up/bad-challenge",
         "challenge value contains illegal character " +
         JSON.stringify(value.charAt(i)) + " at index " + i);
     }
@@ -101,7 +101,7 @@ function _quote(value) {
 
 function _validateRequirement(requirement, label) {
   if (!requirement || typeof requirement !== "object") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       label + ": requirement must be an object — got " +
       JSON.stringify(requirement));
   }
@@ -111,39 +111,39 @@ function _validateRequirement(requirement, label) {
   ], label);
   if (requirement.acr != null) {
     validateOpts.requireNonEmptyString(requirement.acr,
-      label + ": acr", AuthError, "auth-stepUp/bad-acr");
+      label + ": acr", AuthError, "auth-step-up/bad-acr");
   }
   if (requirement.acrValues != null) {
     if (!Array.isArray(requirement.acrValues) || requirement.acrValues.length === 0) {
-      throw new AuthError("auth-stepUp/bad-acr",
+      throw new AuthError("auth-step-up/bad-acr",
         label + ": acrValues must be a non-empty string array");
     }
     for (var i = 0; i < requirement.acrValues.length; i += 1) {
       validateOpts.requireNonEmptyString(requirement.acrValues[i],
-        label + ": acrValues[" + i + "]", AuthError, "auth-stepUp/bad-acr");
+        label + ": acrValues[" + i + "]", AuthError, "auth-step-up/bad-acr");
     }
   }
   if (requirement.maxAge != null) {
     if (typeof requirement.maxAge !== "number" || !isFinite(requirement.maxAge) ||
         requirement.maxAge < 0) {
-      throw new AuthError("auth-stepUp/bad-max-age",
+      throw new AuthError("auth-step-up/bad-max-age",
         label + ": maxAge must be a finite number >= 0 — got " +
         JSON.stringify(requirement.maxAge));
     }
   }
   if (requirement.requiredAmr != null) {
     if (!Array.isArray(requirement.requiredAmr)) {
-      throw new AuthError("auth-stepUp/bad-amr",
+      throw new AuthError("auth-step-up/bad-amr",
         label + ": requiredAmr must be a string array");
     }
     for (var j = 0; j < requirement.requiredAmr.length; j += 1) {
       validateOpts.requireNonEmptyString(requirement.requiredAmr[j],
-        label + ": requiredAmr[" + j + "]", AuthError, "auth-stepUp/bad-amr");
+        label + ": requiredAmr[" + j + "]", AuthError, "auth-step-up/bad-amr");
     }
   }
   if (requirement.phishingResistant != null &&
       typeof requirement.phishingResistant !== "boolean") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       label + ": phishingResistant must be boolean — got " +
       JSON.stringify(requirement.phishingResistant));
   }
@@ -274,29 +274,29 @@ function buildChallenge(opts) {
 // Hot-path callers wrap this in try/catch.
 function parseAuthorizationDetails(value) {
   if (typeof value !== "string") {
-    throw new AuthError("auth-stepUp/bad-rar",
+    throw new AuthError("auth-step-up/bad-rar",
       "parseAuthorizationDetails: value must be a JSON string — got " +
       typeof value);
   }
   var parsed;
   try { parsed = safeJson.parse(value, { maxBytes: C.BYTES.kib(64) }); }
   catch (e) {
-    throw new AuthError("auth-stepUp/bad-rar",
+    throw new AuthError("auth-step-up/bad-rar",
       "parseAuthorizationDetails: invalid JSON — " + e.message);
   }
   if (!Array.isArray(parsed)) {
-    throw new AuthError("auth-stepUp/bad-rar",
+    throw new AuthError("auth-step-up/bad-rar",
       "parseAuthorizationDetails: value must be a JSON array — got " +
       typeof parsed);
   }
   for (var i = 0; i < parsed.length; i += 1) {
     var entry = parsed[i];
     if (!entry || typeof entry !== "object" || Array.isArray(entry)) {
-      throw new AuthError("auth-stepUp/bad-rar",
+      throw new AuthError("auth-step-up/bad-rar",
         "parseAuthorizationDetails[" + i + "]: must be an object");
     }
     if (typeof entry.type !== "string" || entry.type.length === 0) {
-      throw new AuthError("auth-stepUp/bad-rar",
+      throw new AuthError("auth-step-up/bad-rar",
         "parseAuthorizationDetails[" + i + "]: missing required 'type' field");
     }
   }

package/lib/boot-gates.js

@@ -66,7 +66,7 @@ var DEFAULT_EXIT_CODE = 1;
 async function run(gates, opts) {
   opts = opts || {};
   if (!Array.isArray(gates) || gates.length === 0) {
-    throw new BootGatesError("bootgates/bad-input",
+    throw new BootGatesError("boot-gates/bad-input",
       "b.bootGates.run: gates must be a non-empty array");
   }
   var log = typeof opts.log === "function" ? opts.log : function (msg) {
@@ -82,7 +82,7 @@ async function run(gates, opts) {
   // throw rather than terminating the process — operators that wire
   // bootGates from their daemon main() pass `exit: process.exit.bind(process)`.
   var exit = typeof opts.exit === "function" ? opts.exit : function (code) {
-    var e = new BootGatesError("bootgates/no-exit-wired",
+    var e = new BootGatesError("boot-gates/no-exit-wired",
       "b.bootGates.run: gate failed (exitCode=" + code + ") but no opts.exit handler was supplied; " +
       "operators wire opts.exit to process.exit.bind(process) in their daemon main()");
     e.exitCode = code;
@@ -96,26 +96,26 @@ async function run(gates, opts) {
     var gate = gates[i];
     if (!gate || typeof gate.name !== "string" || gate.name.length === 0 ||
         typeof gate.fn !== "function") {
-      throw new BootGatesError("bootgates/bad-gate",
+      throw new BootGatesError("boot-gates/bad-gate",
         "b.bootGates.run: gates[" + i + "] must be { name: string, fn: function }");
     }
     var timeoutMs = gate.timeoutMs || DEFAULT_GATE_TIMEOUT_MS;
     if (typeof timeoutMs !== "number" || !isFinite(timeoutMs) || timeoutMs < 1) {
-      throw new BootGatesError("bootgates/bad-timeout",
+      throw new BootGatesError("boot-gates/bad-timeout",
         "b.bootGates.run: gates[" + i + "].timeoutMs must be a positive finite number");
     }
     var gateT0 = Date.now();
     var failure = null;
     try {
       await safeAsync.withTimeout(Promise.resolve().then(gate.fn), timeoutMs,
-        new BootGatesError("bootgates/timeout",
+        new BootGatesError("boot-gates/timeout",
           "b.bootGates.run: gate '" + gate.name + "' exceeded " + timeoutMs + "ms"));
     } catch (err) {
       failure = err;
     }
     if (overallTimeoutMs !== undefined &&
         Date.now() - t0 > overallTimeoutMs && failure === null) {
-      failure = new BootGatesError("bootgates/overall-timeout",
+      failure = new BootGatesError("boot-gates/overall-timeout",
         "b.bootGates.run: overall budget " + overallTimeoutMs + "ms exceeded after gate '" +
         gate.name + "'");
     }

package/lib/break-glass.js

@@ -523,7 +523,7 @@ function _validatePolicySet(table, opts) {
         "' not in allowed factors [" + ALLOWED_FACTORS.join(",") + "]");
     }
   }
-  // Model B (cryptographic mode) ships in v0.5.1. When enabled,
+  // Model B (cryptographic mode). When enabled,
   // glass-locked columns must be encrypted with `b.breakGlass.encryptCell`
   // at write time (the framework can't auto-encrypt at write because
   // policy-set may post-date existing data; operators run the migration

package/lib/budr.js

@@ -78,31 +78,31 @@ var declarations = new Map();
  */
 function declare(opts) {
   if (!opts || typeof opts !== "object") {
-    throw BudrError.factory("BAD_OPTS", "budr.declare: opts required");
+    throw BudrError.factory("budr/bad-opts", "budr.declare: opts required");
   }
   if (typeof opts.service !== "string" || opts.service.length === 0 ||
       opts.service.length > SERVICE_MAX || !SERVICE_RE.test(opts.service)) {
-    throw BudrError.factory("BAD_SERVICE",
+    throw BudrError.factory("budr/bad-service",
       "budr.declare: service must match " + SERVICE_RE);
   }
   numericBounds.requirePositiveFiniteIntIfPresent(opts.rtoMs, "budr.declare: rtoMs", BudrError, "BAD_RTO");
   numericBounds.requirePositiveFiniteIntIfPresent(opts.rpoMs, "budr.declare: rpoMs", BudrError, "BAD_RPO");
   if (typeof opts.rtoMs !== "number" || typeof opts.rpoMs !== "number") {
-    throw BudrError.factory("BAD_TARGETS",
+    throw BudrError.factory("budr/bad-targets",
       "budr.declare: rtoMs and rpoMs are required positive integer milliseconds");
   }
   if (opts.tier !== undefined && TIERS.indexOf(opts.tier) === -1) {
-    throw BudrError.factory("BAD_TIER",
+    throw BudrError.factory("budr/bad-tier",
       "budr.declare: tier must be one of " + TIERS.join(", "));
   }
   if (opts.criticality !== undefined && CRITICALITIES.indexOf(opts.criticality) === -1) {
-    throw BudrError.factory("BAD_CRITICALITY",
+    throw BudrError.factory("budr/bad-criticality",
       "budr.declare: criticality must be one of " + CRITICALITIES.join(", "));
   }
   validateOpts.optionalNonEmptyString(opts.owner,
     "budr.declare: owner", BudrError, "BAD_OWNER");
   if (opts.citations !== undefined && !Array.isArray(opts.citations)) {
-    throw BudrError.factory("BAD_CITATIONS",
+    throw BudrError.factory("budr/bad-citations",
       "budr.declare: citations must be an array of strings");
   }
 

package/lib/cms-codec.js

@@ -42,15 +42,16 @@
  *     refuses EnvelopedData and accepts only the §5083 ContentInfo
  *     OID. Cheap escape hatch: operators on such a peer compose
  *     `b.asn1Der` directly to rewrap an EnvelopedData blob into an
- *     AuthEnvelopedData ContentInfo. Lights up in v0.10.14 alongside
- *     `b.mail.smime` sign + verify, where the on-the-wire S/MIME 4.0
- *     content shape calls for it.
+ *     AuthEnvelopedData ContentInfo. A built-in encode path is deferred
+ *     until an interop case requires a peer that refuses EnvelopedData;
+ *     the `b.asn1Der` rewrap covers the gap until then.
  *   - **`b.cms.decode` parse-tree of inner SignedData / EnvelopedData**
- *     beyond the ContentInfo wrapper. v0.10.13 returns the inner
+ *     beyond the ContentInfo wrapper. `b.cms.decode` returns the inner
  *     SEQUENCE bytes as `content` (an asn1-der node); callers that
- *     need fielded access walk it via `b.asn1Der.readSequence`. The
- *     fielded decoders ship alongside S/MIME verify in v0.10.14 where
- *     they're actually consumed.
+ *     need fielded access walk it via `b.asn1Der.readSequence`. Built-in
+ *     fielded decoders are deferred until they're actually consumed by a
+ *     shipping primitive; the `b.asn1Der.readSequence` walk is the escape
+ *     hatch until then.
  *
  *   Refusal posture:
  *
@@ -302,8 +303,8 @@ function encodeEnvelopedData(opts) {
  * string (e.g. `"1.2.840.113549.1.7.2"` for SignedData) and
  * `content` is the inner asn1-der node (SignedData / EnvelopedData /
  * other) — operators walk it via `b.asn1Der.readSequence`. Fielded
- * decoders for SignedData / EnvelopedData ship in v0.10.14 alongside
- * S/MIME sign+verify.
+ * decoders for SignedData / EnvelopedData are deferred; the
+ * `b.asn1Der.readSequence` walk is the escape hatch until then.
  *
  * Refuses input past `opts.maxBytes` (default 64 MiB), top-level
  * non-SEQUENCE shapes, missing OID + [0] EXPLICIT child pair.

package/lib/content-credentials.js

@@ -48,7 +48,7 @@ var REQUIRED_FIELDS = ["provider", "system", "systemVersion", "contentId"];
 
 function _validateBuildOpts(opts) {
   if (!opts || typeof opts !== "object") {
-    throw ContentCredentialsError.factory("BAD_OPTS",
+    throw ContentCredentialsError.factory("content-credentials/bad-opts",
       "contentCredentials.build: opts required");
   }
   for (var i = 0; i < REQUIRED_FIELDS.length; i += 1) {
@@ -57,32 +57,32 @@ function _validateBuildOpts(opts) {
       "contentCredentials.build: " + f, ContentCredentialsError, "MISSING_" + f.toUpperCase());
   }
   if (opts.provider.length > STR_LEN_MAX) {
-    throw ContentCredentialsError.factory("BAD_PROVIDER",
+    throw ContentCredentialsError.factory("content-credentials/bad-provider",
       "provider exceeds " + STR_LEN_MAX + " chars");
   }
   if (opts.system.length > ID_LEN_MAX || !ID_RE.test(opts.system)) {
-    throw ContentCredentialsError.factory("BAD_SYSTEM",
+    throw ContentCredentialsError.factory("content-credentials/bad-system",
       "system must match " + ID_RE);
   }
   if (opts.systemVersion.length > 64 || !SEMVER_RE.test(opts.systemVersion)) {                // allow:raw-byte-literal — semver length cap, not bytes
-    throw ContentCredentialsError.factory("BAD_VERSION",
+    throw ContentCredentialsError.factory("content-credentials/bad-version",
       "systemVersion must be semver");
   }
   if (opts.contentId.length > ID_LEN_MAX || !ID_RE.test(opts.contentId)) {
-    throw ContentCredentialsError.factory("BAD_CONTENT_ID",
+    throw ContentCredentialsError.factory("content-credentials/bad-content-id",
       "contentId must match " + ID_RE);
   }
   if (opts.contentType !== undefined) {
     if (typeof opts.contentType !== "string" || opts.contentType.length === 0 ||
         opts.contentType.length > ID_LEN_MAX || !/^[a-zA-Z]+\/[A-Za-z0-9._+-]+$/.test(opts.contentType)) {
-      throw ContentCredentialsError.factory("BAD_CONTENT_TYPE",
+      throw ContentCredentialsError.factory("content-credentials/bad-content-type",
         "contentType must be a valid IANA media type");
     }
   }
   if (opts.contentSha3 !== undefined) {
     if (typeof opts.contentSha3 !== "string" || opts.contentSha3.length !== SHA3_HEX_LEN ||
         !/^[a-f0-9]+$/i.test(opts.contentSha3)) {
-      throw ContentCredentialsError.factory("BAD_CONTENT_HASH",
+      throw ContentCredentialsError.factory("content-credentials/bad-content-hash",
         "contentSha3 must be lowercase hex SHA3-512 (" + SHA3_HEX_LEN + " chars)");
     }
   }
@@ -229,7 +229,7 @@ function required(opts) {
 function sign(manifest, opts) {
   opts = opts || {};
   if (!manifest || typeof manifest !== "object") {
-    throw ContentCredentialsError.factory("BAD_MANIFEST",
+    throw ContentCredentialsError.factory("content-credentials/bad-manifest",
       "contentCredentials.sign: manifest required");
   }
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
@@ -368,7 +368,7 @@ function _cborUint(n) {
   if (n < 256)        return Buffer.from([0x18, n]);                                                                                          // allow:raw-byte-literal — CBOR threshold
   if (n < 65536)      return Buffer.from([0x19, (n >> 8) & 0xFF, n & 0xFF]);                                                                  // allow:raw-byte-literal — CBOR threshold
   if (n < 4294967296) return Buffer.from([0x1A, (n >> 24) & 0xFF, (n >> 16) & 0xFF, (n >> 8) & 0xFF, n & 0xFF]);                              // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor uint too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor uint too large: " + n);
 }
 
 function _cborNint(n) {
@@ -397,13 +397,13 @@ function _cborArrayHeader(n) {
   if (n < 24)    return Buffer.from([0x80 | n]);                                                                                               // allow:raw-byte-literal — CBOR threshold
   if (n < 256)   return Buffer.from([0x98, n]);                                                                                                // allow:raw-byte-literal — CBOR threshold
   if (n < 65536) return Buffer.from([0x99, (n >> 8) & 0xFF, n & 0xFF]);                                                                        // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor array too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor array too large: " + n);
 }
 
 function _cborMapHeader(n) {
   if (n < 24)    return Buffer.from([0xA0 | n]);                                                                                               // allow:raw-byte-literal — CBOR threshold
   if (n < 256)   return Buffer.from([0xB8, n]);                                                                                                // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor map too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor map too large: " + n);
 }
 
 function _cborTag(tag) {
@@ -454,14 +454,14 @@ function _cborTag(tag) {
 function signCose(manifest, opts) {
   opts = opts || {};
   if (!manifest || typeof manifest !== "object") {
-    throw ContentCredentialsError.factory("BAD_MANIFEST",
+    throw ContentCredentialsError.factory("content-credentials/bad-manifest",
       "contentCredentials.signCose: manifest required");
   }
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
     "contentCredentials.signCose: privateKeyPem", ContentCredentialsError, "BAD_KEY");
   var algName = (opts.alg || "ml-dsa-87").toLowerCase();
   if (!(algName in COSE_ALGS)) {
-    throw ContentCredentialsError.factory("BAD_ALG",
+    throw ContentCredentialsError.factory("content-credentials/bad-alg",
       "contentCredentials.signCose: alg '" + algName +
       "' not in COSE alg registry. Known: " + Object.keys(COSE_ALGS).join(", "));
   }

package/lib/dark-patterns.js

@@ -64,47 +64,47 @@ var POSTURES = {
 
 function _validateFlowOpts(opts, label, errorClass) {
   if (!opts || typeof opts !== "object") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.record" + label + ": opts required");
   }
   if (CHANNELS.indexOf(opts.channel) === -1) {
-    throw errorClass.factory("BAD_CHANNEL",
+    throw errorClass.factory("dark-patterns/bad-channel",
       "darkPatterns: channel must be one of " + CHANNELS.join(","));
   }
   if (typeof opts.clickCount !== "number" || !isFinite(opts.clickCount) ||
       opts.clickCount < 1 || opts.clickCount > 50 ||
       Math.floor(opts.clickCount) !== opts.clickCount) {
-    throw errorClass.factory("BAD_CLICKS",
+    throw errorClass.factory("dark-patterns/bad-clicks",
       "darkPatterns: clickCount must be integer 1..50");
   }
   if (!opts.cta || typeof opts.cta !== "object") {
-    throw errorClass.factory("BAD_CTA",
+    throw errorClass.factory("dark-patterns/bad-cta",
       "darkPatterns: cta object required (text, fontWeight, contrastRatio)");
   }
   if (typeof opts.cta.text !== "string" || opts.cta.text.length === 0 ||
       opts.cta.text.length > STR_LEN_MAX) {
-    throw errorClass.factory("BAD_CTA_TEXT",
+    throw errorClass.factory("dark-patterns/bad-cta-text",
       "darkPatterns: cta.text must be 1-256 char string");
   }
   if (typeof opts.cta.fontWeight !== "number" || opts.cta.fontWeight < 100 ||
       opts.cta.fontWeight > FONT_WEIGHT_MAX) {
-    throw errorClass.factory("BAD_FONT_WEIGHT",
+    throw errorClass.factory("dark-patterns/bad-font-weight",
       "darkPatterns: cta.fontWeight must be 100..1000");
   }
   if (typeof opts.cta.contrastRatio !== "number" ||
       opts.cta.contrastRatio < 1 || opts.cta.contrastRatio > 21) {
-    throw errorClass.factory("BAD_CONTRAST",
+    throw errorClass.factory("dark-patterns/bad-contrast",
       "darkPatterns: cta.contrastRatio must be 1..21");
   }
   if (typeof opts.confirmations !== "number" ||
       opts.confirmations < 0 || opts.confirmations > 10 ||
       Math.floor(opts.confirmations) !== opts.confirmations) {
-    throw errorClass.factory("BAD_CONFIRMATIONS",
+    throw errorClass.factory("dark-patterns/bad-confirmations",
       "darkPatterns: confirmations must be integer 0..10");
   }
   if (typeof opts.resourceId !== "string" || opts.resourceId.length === 0 ||
       opts.resourceId.length > STR_LEN_MAX) {
-    throw errorClass.factory("BAD_RESOURCE_ID",
+    throw errorClass.factory("dark-patterns/bad-resource-id",
       "darkPatterns: resourceId must be 1-256 char string");
   }
 }
@@ -252,21 +252,21 @@ function assertParity(signup, cancel, opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || DarkPatternsError;
   if (!signup || signup.kind !== "signup") {
-    throw errorClass.factory("BAD_SIGNUP_FLOW",
+    throw errorClass.factory("dark-patterns/bad-signup-flow",
       "darkPatterns.assertParity: signup must be a recorded signup flow");
   }
   if (!cancel || cancel.kind !== "cancel") {
-    throw errorClass.factory("BAD_CANCEL_FLOW",
+    throw errorClass.factory("dark-patterns/bad-cancel-flow",
       "darkPatterns.assertParity: cancel must be a recorded cancel flow");
   }
   if (signup.resourceId !== cancel.resourceId) {
-    throw errorClass.factory("RESOURCE_MISMATCH",
+    throw errorClass.factory("dark-patterns/resource-mismatch",
       "darkPatterns.assertParity: resourceId differs between flows");
   }
   var postureName = opts.posture || "ftc-2024";
   var posture = POSTURES[postureName];
   if (!posture) {
-    throw errorClass.factory("BAD_POSTURE",
+    throw errorClass.factory("dark-patterns/bad-posture",
       "darkPatterns.assertParity: unknown posture " + postureName);
   }
 
@@ -427,11 +427,11 @@ function middleware(opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || DarkPatternsError;
   if (typeof opts.lookupAttestation !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.middleware: lookupAttestation function required");
   }
   if (typeof opts.resourceIdFromReq !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.middleware: resourceIdFromReq function required");
   }