@blamejs/core 0.13.43 → 0.13.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/a2a.js +11 -11
- package/lib/agent-snapshot.js +1 -1
- package/lib/ai-capability.js +20 -20
- package/lib/ai-dp.js +17 -17
- package/lib/ai-input.js +3 -3
- package/lib/ai-pref.js +9 -9
- package/lib/ai-quota.js +17 -17
- package/lib/arg-parser.js +38 -38
- package/lib/audit-sign.js +4 -4
- package/lib/auth/acr-vocabulary.js +4 -4
- package/lib/auth/auth-time-tracker.js +1 -1
- package/lib/auth/elevation-grant.js +10 -10
- package/lib/auth/step-up-policy.js +12 -12
- package/lib/auth/step-up.js +15 -15
- package/lib/boot-gates.js +6 -6
- package/lib/budr.js +6 -6
- package/lib/content-credentials.js +13 -13
- package/lib/dark-patterns.js +15 -15
- package/lib/ddl-change-control.js +37 -37
- package/lib/dr-runbook.js +7 -7
- package/lib/fapi2.js +9 -9
- package/lib/fdx.js +7 -7
- package/lib/graphql-federation.js +2 -2
- package/lib/iab-mspa.js +5 -5
- package/lib/iab-tcf.js +18 -18
- package/lib/mcp.js +13 -13
- package/lib/middleware/require-step-up.js +3 -3
- package/lib/sec-cyber.js +3 -3
- package/lib/sse.js +14 -14
- package/lib/tcpa-10dlc.js +5 -5
- package/lib/tenant-quota.js +18 -18
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/fdx.js
CHANGED
|
@@ -162,10 +162,10 @@ var FDX_SCHEMAS = {
|
|
|
162
162
|
*/
|
|
163
163
|
function bind(opts) {
|
|
164
164
|
if (!opts || typeof opts !== "object") {
|
|
165
|
-
throw FdxError.factory("
|
|
165
|
+
throw FdxError.factory("fdx/bad-opts", "fdx.bind: opts required");
|
|
166
166
|
}
|
|
167
167
|
if (!opts.authServer || typeof opts.authServer !== "object") {
|
|
168
|
-
throw FdxError.factory("
|
|
168
|
+
throw FdxError.factory("fdx/bad-auth-server",
|
|
169
169
|
"fdx.bind: authServer object required");
|
|
170
170
|
}
|
|
171
171
|
validateOpts.requireNonEmptyString(opts.authServer.issuer,
|
|
@@ -174,12 +174,12 @@ function bind(opts) {
|
|
|
174
174
|
"fdx.bind: authServer.jwksUri", FdxError, "BAD_JWKS_URI");
|
|
175
175
|
|
|
176
176
|
if (!Array.isArray(opts.resources) || opts.resources.length === 0) {
|
|
177
|
-
throw FdxError.factory("
|
|
177
|
+
throw FdxError.factory("fdx/bad-resources",
|
|
178
178
|
"fdx.bind: resources must be a non-empty array");
|
|
179
179
|
}
|
|
180
180
|
for (var i = 0; i < opts.resources.length; i += 1) {
|
|
181
181
|
if (FDX_RESOURCES.indexOf(opts.resources[i]) === -1) {
|
|
182
|
-
throw FdxError.factory("
|
|
182
|
+
throw FdxError.factory("fdx/unknown-resource",
|
|
183
183
|
"fdx.bind: unknown resource '" + opts.resources[i] +
|
|
184
184
|
"' (allowed: " + FDX_RESOURCES.join(", ") + ")");
|
|
185
185
|
}
|
|
@@ -248,7 +248,7 @@ function bind(opts) {
|
|
|
248
248
|
function validateResponse(resourceType, body) {
|
|
249
249
|
var schema = FDX_SCHEMAS[resourceType];
|
|
250
250
|
if (!schema) {
|
|
251
|
-
throw FdxError.factory("
|
|
251
|
+
throw FdxError.factory("fdx/unknown-resource",
|
|
252
252
|
"fdx.validateResponse: unknown resource '" + resourceType + "'");
|
|
253
253
|
}
|
|
254
254
|
if (!body || typeof body !== "object") {
|
|
@@ -313,7 +313,7 @@ function validateResponse(resourceType, body) {
|
|
|
313
313
|
*/
|
|
314
314
|
function consentReceipt(opts) {
|
|
315
315
|
if (!opts || typeof opts !== "object") {
|
|
316
|
-
throw FdxError.factory("
|
|
316
|
+
throw FdxError.factory("fdx/bad-opts", "fdx.consentReceipt: opts required");
|
|
317
317
|
}
|
|
318
318
|
validateOpts.requireNonEmptyString(opts.dataProvider,
|
|
319
319
|
"fdx.consentReceipt: dataProvider", FdxError, "BAD_DATA_PROVIDER");
|
|
@@ -324,7 +324,7 @@ function consentReceipt(opts) {
|
|
|
324
324
|
validateOpts.requireNonEmptyString(opts.revocationUrl,
|
|
325
325
|
"fdx.consentReceipt: revocationUrl", FdxError, "BAD_REVOCATION_URL");
|
|
326
326
|
if (!Array.isArray(opts.scopes) || opts.scopes.length === 0) {
|
|
327
|
-
throw FdxError.factory("
|
|
327
|
+
throw FdxError.factory("fdx/bad-scopes",
|
|
328
328
|
"fdx.consentReceipt: scopes must be a non-empty array");
|
|
329
329
|
}
|
|
330
330
|
numericBounds.requirePositiveFiniteIntIfPresent(opts.durationMs,
|
|
@@ -87,7 +87,7 @@ function _readBody(req, errorClass) {
|
|
|
87
87
|
try { collector.push(chunk); }
|
|
88
88
|
catch (_e) {
|
|
89
89
|
req.destroy();
|
|
90
|
-
reject(errorClass.factory("
|
|
90
|
+
reject(errorClass.factory("graphql-federation/body-too-large",
|
|
91
91
|
"graphqlFederation: body exceeds " + cap + " bytes"));
|
|
92
92
|
}
|
|
93
93
|
});
|
|
@@ -133,7 +133,7 @@ function guardSdl(opts) {
|
|
|
133
133
|
var publicSchemaOk = opts.publicSchemaOk === true;
|
|
134
134
|
var routerToken = typeof opts.routerToken === "string" ? opts.routerToken : null;
|
|
135
135
|
if (!publicSchemaOk && (!routerToken || routerToken.length < ROUTER_TOKEN_MIN_LEN)) {
|
|
136
|
-
throw errorClass.factory("
|
|
136
|
+
throw errorClass.factory("graphql-federation/bad-opts",
|
|
137
137
|
"graphqlFederation.guardSdl: routerToken (32+ char) required unless publicSchemaOk=true");
|
|
138
138
|
}
|
|
139
139
|
var nonceStore = opts.nonceStore && typeof opts.nonceStore.has === "function" &&
|
package/lib/iab-mspa.js
CHANGED
|
@@ -74,11 +74,11 @@ var DATA_USES = ["sale", "sharing", "targeted-ads", "sensitive", "child-data"];
|
|
|
74
74
|
*/
|
|
75
75
|
function parseGpp(gppString) {
|
|
76
76
|
if (typeof gppString !== "string" || gppString.length === 0) {
|
|
77
|
-
throw IabMspaError.factory("
|
|
77
|
+
throw IabMspaError.factory("iab-mspa/bad-input",
|
|
78
78
|
"iabMspa.parseGpp: gppString required");
|
|
79
79
|
}
|
|
80
80
|
if (gppString.length > 8192) { // allow:raw-byte-literal — GPP string cap, not bytes
|
|
81
|
-
throw IabMspaError.factory("
|
|
81
|
+
throw IabMspaError.factory("iab-mspa/input-too-large",
|
|
82
82
|
"iabMspa.parseGpp: gppString exceeds 8192 chars");
|
|
83
83
|
}
|
|
84
84
|
// GPP framing: <header>~<section1>~<section2>...
|
|
@@ -157,11 +157,11 @@ function parseGpp(gppString) {
|
|
|
157
157
|
*/
|
|
158
158
|
function checkOptOut(parsed, opts) {
|
|
159
159
|
if (!parsed || typeof parsed !== "object" || !Array.isArray(parsed.sections)) {
|
|
160
|
-
throw IabMspaError.factory("
|
|
160
|
+
throw IabMspaError.factory("iab-mspa/bad-parsed",
|
|
161
161
|
"iabMspa.checkOptOut: parsed object required (call parseGpp first)");
|
|
162
162
|
}
|
|
163
163
|
if (!opts || DATA_USES.indexOf(opts.dataUse) === -1) {
|
|
164
|
-
throw IabMspaError.factory("
|
|
164
|
+
throw IabMspaError.factory("iab-mspa/bad-data-use",
|
|
165
165
|
"iabMspa.checkOptOut: opts.dataUse must be one of " + DATA_USES.join(", "));
|
|
166
166
|
}
|
|
167
167
|
var signals = [];
|
|
@@ -214,7 +214,7 @@ function refuseProcessing(parsed, opts) {
|
|
|
214
214
|
signals: rv.signals,
|
|
215
215
|
},
|
|
216
216
|
});
|
|
217
|
-
throw IabMspaError.factory("
|
|
217
|
+
throw IabMspaError.factory("iab-mspa/opt-out-honored",
|
|
218
218
|
"iabMspa: opt-out signal must be honored for dataUse='" + opts.dataUse +
|
|
219
219
|
"' (signals: " + rv.signals.join(", ") + ")");
|
|
220
220
|
}
|
package/lib/iab-tcf.js
CHANGED
|
@@ -116,7 +116,7 @@ function _b64urlDecode(s) {
|
|
|
116
116
|
var pad = padded.length % 4;
|
|
117
117
|
if (pad === 2) padded += "==";
|
|
118
118
|
else if (pad === 3) padded += "=";
|
|
119
|
-
else if (pad === 1) throw IabTcfError.factory("
|
|
119
|
+
else if (pad === 1) throw IabTcfError.factory("iab-tcf/bad-base64",
|
|
120
120
|
"iabTcf: base64url segment has invalid length");
|
|
121
121
|
return Buffer.from(padded, "base64");
|
|
122
122
|
}
|
|
@@ -127,7 +127,7 @@ function _bitReader(buf) {
|
|
|
127
127
|
var totalBits = buf.length * 8; // allow:raw-byte-literal — bits per byte
|
|
128
128
|
function read(n) {
|
|
129
129
|
if (bitOffset + n > totalBits) {
|
|
130
|
-
throw IabTcfError.factory("
|
|
130
|
+
throw IabTcfError.factory("iab-tcf/bad-length",
|
|
131
131
|
"iabTcf: read past end of segment (offset=" + bitOffset + " want=" + n + " total=" + totalBits + ")");
|
|
132
132
|
}
|
|
133
133
|
// Accumulate with `* 2`, not `<< 1`: the Created / LastUpdated fields are
|
|
@@ -288,7 +288,7 @@ function _parseSecondaryVendorSegment(buf, expectedType) {
|
|
|
288
288
|
var r = _bitReader(buf);
|
|
289
289
|
var segType = r.read(3); // allow:raw-byte-literal — TCF spec field width
|
|
290
290
|
if (segType !== expectedType) {
|
|
291
|
-
throw IabTcfError.factory("
|
|
291
|
+
throw IabTcfError.factory("iab-tcf/bad-segment-type",
|
|
292
292
|
"iabTcf: expected segment type " + expectedType + ", got " + segType);
|
|
293
293
|
}
|
|
294
294
|
return _parseVendorSection(r);
|
|
@@ -318,18 +318,18 @@ function _parseSecondaryVendorSegment(buf, expectedType) {
|
|
|
318
318
|
*/
|
|
319
319
|
function parseString(tcString) {
|
|
320
320
|
if (typeof tcString !== "string" || tcString.length === 0) {
|
|
321
|
-
throw IabTcfError.factory("
|
|
321
|
+
throw IabTcfError.factory("iab-tcf/bad-input",
|
|
322
322
|
"iabTcf.parseString: tcString must be a non-empty string");
|
|
323
323
|
}
|
|
324
324
|
if (tcString.length > MAX_TC_STRING_BYTES) {
|
|
325
|
-
throw IabTcfError.factory("
|
|
325
|
+
throw IabTcfError.factory("iab-tcf/input-too-large",
|
|
326
326
|
"iabTcf.parseString: tcString exceeds " + MAX_TC_STRING_BYTES + " bytes");
|
|
327
327
|
}
|
|
328
328
|
var segments = tcString.split(".");
|
|
329
329
|
var coreBuf;
|
|
330
330
|
try { coreBuf = _b64urlDecode(segments[0]); }
|
|
331
331
|
catch (e) {
|
|
332
|
-
throw IabTcfError.factory("
|
|
332
|
+
throw IabTcfError.factory("iab-tcf/bad-core",
|
|
333
333
|
"iabTcf.parseString: core segment base64url decode failed: " + e.message);
|
|
334
334
|
}
|
|
335
335
|
var core = _parseCore(coreBuf);
|
|
@@ -425,7 +425,7 @@ function requireV23Disclosed(tcString, opts) {
|
|
|
425
425
|
metadata: { coreVersion: parsed.core.version, required: TCF_V23_CORE_VERSION },
|
|
426
426
|
});
|
|
427
427
|
}
|
|
428
|
-
throw IabTcfError.factory("
|
|
428
|
+
throw IabTcfError.factory("iab-tcf/wrong-core-version",
|
|
429
429
|
"iabTcf: core version " + parsed.core.version + " not v2.3 (required " +
|
|
430
430
|
TCF_V23_CORE_VERSION + ")");
|
|
431
431
|
}
|
|
@@ -438,7 +438,7 @@ function requireV23Disclosed(tcString, opts) {
|
|
|
438
438
|
metadata: { policyVersion: parsed.core.policyVersion, required: TCF_V23_POLICY_VERSION },
|
|
439
439
|
});
|
|
440
440
|
}
|
|
441
|
-
throw IabTcfError.factory("
|
|
441
|
+
throw IabTcfError.factory("iab-tcf/wrong-policy-version",
|
|
442
442
|
"iabTcf: policy version " + parsed.core.policyVersion + " not v2.3 (required " +
|
|
443
443
|
TCF_V23_POLICY_VERSION + ")");
|
|
444
444
|
}
|
|
@@ -451,7 +451,7 @@ function requireV23Disclosed(tcString, opts) {
|
|
|
451
451
|
metadata: {},
|
|
452
452
|
});
|
|
453
453
|
}
|
|
454
|
-
throw IabTcfError.factory("
|
|
454
|
+
throw IabTcfError.factory("iab-tcf/missing-disclosed-vendors",
|
|
455
455
|
"iabTcf: TC string lacks DisclosedVendors segment (TCF v2.3 §III.B.5 — REQUIRED since 2026-02-28)");
|
|
456
456
|
}
|
|
457
457
|
if (auditOn) {
|
|
@@ -492,12 +492,12 @@ function requireV23Disclosed(tcString, opts) {
|
|
|
492
492
|
*/
|
|
493
493
|
function checkVendor(parsed, vendorId) {
|
|
494
494
|
if (!parsed || !parsed.core) {
|
|
495
|
-
throw IabTcfError.factory("
|
|
495
|
+
throw IabTcfError.factory("iab-tcf/bad-parsed",
|
|
496
496
|
"iabTcf.checkVendor: parsed object required (call parseString first)");
|
|
497
497
|
}
|
|
498
498
|
if (typeof vendorId !== "number" || !isFinite(vendorId) || vendorId < 1 ||
|
|
499
499
|
Math.floor(vendorId) !== vendorId) {
|
|
500
|
-
throw IabTcfError.factory("
|
|
500
|
+
throw IabTcfError.factory("iab-tcf/bad-vendor-id",
|
|
501
501
|
"iabTcf.checkVendor: vendorId must be a positive integer");
|
|
502
502
|
}
|
|
503
503
|
return {
|
|
@@ -522,7 +522,7 @@ function _idArray(x) {
|
|
|
522
522
|
var out = [];
|
|
523
523
|
list.forEach(function (id) {
|
|
524
524
|
if (typeof id !== "number" || !isFinite(id) || id < 1 || Math.floor(id) !== id) {
|
|
525
|
-
throw IabTcfError.factory("
|
|
525
|
+
throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: vendor/purpose ids must be positive integers, got " + id);
|
|
526
526
|
}
|
|
527
527
|
if (!seen[id]) { seen[id] = 1; out.push(id); }
|
|
528
528
|
});
|
|
@@ -544,7 +544,7 @@ function _idRuns(ids) {
|
|
|
544
544
|
|
|
545
545
|
function _decisec(t) {
|
|
546
546
|
var ms = t instanceof Date ? t.getTime() : (t == null ? Date.now() : Number(t));
|
|
547
|
-
if (!isFinite(ms) || ms < 0) throw IabTcfError.factory("
|
|
547
|
+
if (!isFinite(ms) || ms < 0) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: timestamp must be a Date or non-negative epoch-ms");
|
|
548
548
|
return Math.round(ms / 100); // allow:raw-time-literal — ms → TCF deciseconds
|
|
549
549
|
}
|
|
550
550
|
|
|
@@ -554,8 +554,8 @@ function _decisec(t) {
|
|
|
554
554
|
function _bitWriter() {
|
|
555
555
|
var bits = "";
|
|
556
556
|
function writeInt(v, n) {
|
|
557
|
-
if (typeof v !== "number" || !isFinite(v) || v < 0 || Math.floor(v) !== v) throw IabTcfError.factory("
|
|
558
|
-
if (v >= Math.pow(2, n)) throw IabTcfError.factory("
|
|
557
|
+
if (typeof v !== "number" || !isFinite(v) || v < 0 || Math.floor(v) !== v) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: expected a non-negative integer, got " + v);
|
|
558
|
+
if (v >= Math.pow(2, n)) throw IabTcfError.factory("iab-tcf/value-overflow", "iabTcf.encode: " + v + " does not fit in " + n + " bits");
|
|
559
559
|
bits += v.toString(2).padStart(n, "0");
|
|
560
560
|
}
|
|
561
561
|
function writeBool(flag) { bits += flag ? "1" : "0"; }
|
|
@@ -601,10 +601,10 @@ function _b64urlEncode(buf) {
|
|
|
601
601
|
|
|
602
602
|
function _writeLetters(w, s, label) {
|
|
603
603
|
var str = String(s).toUpperCase();
|
|
604
|
-
if (str.length !== 2) throw IabTcfError.factory("
|
|
604
|
+
if (str.length !== 2) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: " + label + " must be a 2-letter code, got '" + s + "'");
|
|
605
605
|
for (var i = 0; i < 2; i += 1) {
|
|
606
606
|
var v = str.charCodeAt(i) - 0x41; // allow:raw-byte-literal — ASCII 'A' offset
|
|
607
|
-
if (v < 0 || v > 25) throw IabTcfError.factory("
|
|
607
|
+
if (v < 0 || v > 25) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: '" + str.charAt(i) + "' is not an A-Z letter");
|
|
608
608
|
w.writeInt(v, 6); // allow:raw-byte-literal — TCF spec field width
|
|
609
609
|
}
|
|
610
610
|
}
|
|
@@ -650,7 +650,7 @@ function _encodePublisherTC(pub) {
|
|
|
650
650
|
*/
|
|
651
651
|
function encode(obj) {
|
|
652
652
|
if (!obj || typeof obj !== "object" || !obj.core || typeof obj.core !== "object") {
|
|
653
|
-
throw IabTcfError.factory("
|
|
653
|
+
throw IabTcfError.factory("iab-tcf/bad-input", "iabTcf.encode: obj must have a 'core' object");
|
|
654
654
|
}
|
|
655
655
|
var c = obj.core;
|
|
656
656
|
var w = _bitWriter();
|
package/lib/mcp.js
CHANGED
|
@@ -81,30 +81,30 @@ function parseRequest(body, opts) {
|
|
|
81
81
|
try {
|
|
82
82
|
parsed = typeof body === "string" ? safeJson.parse(body, { maxBytes: C.BYTES.mib(1) }) : body; // allow:JSON.parse — routed via safeJson.parse
|
|
83
83
|
} catch (_e) {
|
|
84
|
-
throw errorClass.factory("
|
|
84
|
+
throw errorClass.factory("mcp/bad-json",
|
|
85
85
|
"mcp.parseRequest: body is not valid JSON");
|
|
86
86
|
}
|
|
87
87
|
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
88
|
-
throw errorClass.factory("
|
|
88
|
+
throw errorClass.factory("mcp/bad-envelope",
|
|
89
89
|
"mcp.parseRequest: request must be a JSON-RPC object");
|
|
90
90
|
}
|
|
91
91
|
if (parsed.jsonrpc !== "2.0") {
|
|
92
|
-
throw errorClass.factory("
|
|
92
|
+
throw errorClass.factory("mcp/bad-version",
|
|
93
93
|
"mcp.parseRequest: jsonrpc must be \"2.0\"");
|
|
94
94
|
}
|
|
95
95
|
if (typeof parsed.method !== "string" || parsed.method.length === 0 ||
|
|
96
96
|
parsed.method.length > METHOD_NAME_MAX) {
|
|
97
|
-
throw errorClass.factory("
|
|
97
|
+
throw errorClass.factory("mcp/bad-method",
|
|
98
98
|
"mcp.parseRequest: method must be a non-empty string under 256 bytes");
|
|
99
99
|
}
|
|
100
100
|
if (parsed.id !== undefined && parsed.id !== null &&
|
|
101
101
|
typeof parsed.id !== "string" && typeof parsed.id !== "number") {
|
|
102
|
-
throw errorClass.factory("
|
|
102
|
+
throw errorClass.factory("mcp/bad-id",
|
|
103
103
|
"mcp.parseRequest: id must be string, number, or null");
|
|
104
104
|
}
|
|
105
105
|
if (parsed.params !== undefined && parsed.params !== null &&
|
|
106
106
|
typeof parsed.params !== "object") {
|
|
107
|
-
throw errorClass.factory("
|
|
107
|
+
throw errorClass.factory("mcp/bad-params",
|
|
108
108
|
"mcp.parseRequest: params must be object or array");
|
|
109
109
|
}
|
|
110
110
|
return parsed;
|
|
@@ -167,7 +167,7 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
|
|
|
167
167
|
try { collector.push(chunk); }
|
|
168
168
|
catch (_e) {
|
|
169
169
|
req.destroy();
|
|
170
|
-
reject(errorClass.factory("
|
|
170
|
+
reject(errorClass.factory("mcp/body-too-large",
|
|
171
171
|
"mcp: request body exceeds " + maxBytes + " bytes"));
|
|
172
172
|
}
|
|
173
173
|
});
|
|
@@ -178,17 +178,17 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
|
|
|
178
178
|
|
|
179
179
|
function _checkRedirectUri(uri, allowlist, errorClass) {
|
|
180
180
|
if (typeof uri !== "string") {
|
|
181
|
-
throw errorClass.factory("
|
|
181
|
+
throw errorClass.factory("mcp/bad-redirect-uri",
|
|
182
182
|
"mcp: redirect_uri must be a string");
|
|
183
183
|
}
|
|
184
184
|
if (!Array.isArray(allowlist) || allowlist.indexOf(uri) === -1) {
|
|
185
|
-
throw errorClass.factory("
|
|
185
|
+
throw errorClass.factory("mcp/redirect-uri-refused",
|
|
186
186
|
"mcp: redirect_uri not in allowlist (OAuth 2.1 / RFC 9700 sec 4.1.1)");
|
|
187
187
|
}
|
|
188
188
|
var parsed;
|
|
189
189
|
try { parsed = safeUrl.parse(uri); }
|
|
190
190
|
catch (_e) {
|
|
191
|
-
throw errorClass.factory("
|
|
191
|
+
throw errorClass.factory("mcp/bad-redirect-uri",
|
|
192
192
|
"mcp: redirect_uri did not parse");
|
|
193
193
|
}
|
|
194
194
|
var isHttps = parsed.protocol === "https:";
|
|
@@ -205,7 +205,7 @@ function _checkRedirectUri(uri, allowlist, errorClass) {
|
|
|
205
205
|
}
|
|
206
206
|
var isLocal = rawHost === "localhost" || rawHost === "127.0.0.1" || rawHost === "::1";
|
|
207
207
|
if (!isHttps && !isLocal) {
|
|
208
|
-
throw errorClass.factory("
|
|
208
|
+
throw errorClass.factory("mcp/insecure-redirect-uri",
|
|
209
209
|
"mcp: redirect_uri must be HTTPS (or localhost; RFC 9700 sec 4.1.1)");
|
|
210
210
|
}
|
|
211
211
|
}
|
|
@@ -257,7 +257,7 @@ function serverGuard(opts) {
|
|
|
257
257
|
var requireBearer = opts.requireBearer !== false;
|
|
258
258
|
var verifyBearer = opts.verifyBearer || null;
|
|
259
259
|
if (requireBearer && typeof verifyBearer !== "function") {
|
|
260
|
-
throw errorClass.factory("
|
|
260
|
+
throw errorClass.factory("mcp/bad-opts",
|
|
261
261
|
"mcp.serverGuard: verifyBearer required when requireBearer=true");
|
|
262
262
|
}
|
|
263
263
|
var redirectUriAllowlist = Array.isArray(opts.redirectUriAllowlist)
|
|
@@ -266,7 +266,7 @@ function serverGuard(opts) {
|
|
|
266
266
|
var registerClientAllowlist = typeof opts.registerClientAllowlist === "function"
|
|
267
267
|
? opts.registerClientAllowlist : null;
|
|
268
268
|
if (allowDynamicRegister && !registerClientAllowlist) {
|
|
269
|
-
throw errorClass.factory("
|
|
269
|
+
throw errorClass.factory("mcp/bad-opts",
|
|
270
270
|
"mcp.serverGuard: allowDynamicRegister=true requires registerClientAllowlist function");
|
|
271
271
|
}
|
|
272
272
|
var toolAllowlist = Array.isArray(opts.toolAllowlist) ? opts.toolAllowlist : null;
|
|
@@ -123,11 +123,11 @@ function create(opts) {
|
|
|
123
123
|
], "middleware.requireStepUp");
|
|
124
124
|
|
|
125
125
|
if (!opts.requirement || typeof opts.requirement !== "object") {
|
|
126
|
-
throw new AuthError("auth-
|
|
126
|
+
throw new AuthError("auth-step-up/bad-requirement",
|
|
127
127
|
"middleware.requireStepUp: opts.requirement must be an object");
|
|
128
128
|
}
|
|
129
129
|
validateOpts.optionalFunction(opts.getClaims,
|
|
130
|
-
"middleware.requireStepUp: getClaims", AuthError, "auth-
|
|
130
|
+
"middleware.requireStepUp: getClaims", AuthError, "auth-step-up/bad-opt");
|
|
131
131
|
|
|
132
132
|
var realm = (typeof opts.realm === "string" && opts.realm.length > 0)
|
|
133
133
|
? opts.realm : "api";
|
|
@@ -146,7 +146,7 @@ function create(opts) {
|
|
|
146
146
|
// on the first hot-path request.
|
|
147
147
|
var probe = stepUp().evaluate({ claims: { acr: "0" }, requirement: opts.requirement });
|
|
148
148
|
if (probe.error === "bad_requirement" || probe.error === "unknown_acr") {
|
|
149
|
-
throw new AuthError("auth-
|
|
149
|
+
throw new AuthError("auth-step-up/bad-requirement",
|
|
150
150
|
"middleware.requireStepUp: " + (probe.reason || probe.error));
|
|
151
151
|
}
|
|
152
152
|
|
package/lib/sec-cyber.js
CHANGED
|
@@ -91,13 +91,13 @@ function _addBusinessDays(startMs, days) {
|
|
|
91
91
|
|
|
92
92
|
function eightKArtifact(opts) {
|
|
93
93
|
if (!opts || typeof opts !== "object") {
|
|
94
|
-
throw SecCyberError.factory("
|
|
94
|
+
throw SecCyberError.factory("sec-cyber/bad-opts",
|
|
95
95
|
"secCyber.eightKArtifact: opts required");
|
|
96
96
|
}
|
|
97
97
|
validateOpts.requireNonEmptyString(opts.incidentId,
|
|
98
98
|
"secCyber.eightKArtifact: incidentId", SecCyberError, "BAD_INCIDENT_ID");
|
|
99
99
|
if (!opts.registrant || typeof opts.registrant !== "object") {
|
|
100
|
-
throw SecCyberError.factory("
|
|
100
|
+
throw SecCyberError.factory("sec-cyber/bad-registrant",
|
|
101
101
|
"secCyber.eightKArtifact: registrant object required");
|
|
102
102
|
}
|
|
103
103
|
validateOpts.requireNonEmptyString(opts.registrant.name,
|
|
@@ -110,7 +110,7 @@ function eightKArtifact(opts) {
|
|
|
110
110
|
"secCyber.eightKArtifact: materialityDeterminedAt", SecCyberError, "BAD_MAT_AT");
|
|
111
111
|
|
|
112
112
|
if (FINDINGS.indexOf(opts.materialityFinding) === -1) {
|
|
113
|
-
throw SecCyberError.factory("
|
|
113
|
+
throw SecCyberError.factory("sec-cyber/bad-finding",
|
|
114
114
|
"secCyber.eightKArtifact: materialityFinding must be one of " + FINDINGS.join(", "));
|
|
115
115
|
}
|
|
116
116
|
validateOpts.requireNonEmptyString(opts.materialityReasoning,
|
package/lib/sse.js
CHANGED
|
@@ -89,7 +89,7 @@ function _validateRetry(retry, errorClass) {
|
|
|
89
89
|
if (retry === undefined || retry === null) return null;
|
|
90
90
|
if (typeof retry !== "number" || !isFinite(retry) || retry < 0 ||
|
|
91
91
|
Math.floor(retry) !== retry) {
|
|
92
|
-
throw errorClass.factory("
|
|
92
|
+
throw errorClass.factory("sse/bad-retry",
|
|
93
93
|
"sse.send: retry must be a non-negative finite integer (got " +
|
|
94
94
|
JSON.stringify(retry) + ")");
|
|
95
95
|
}
|
|
@@ -98,14 +98,14 @@ function _validateRetry(retry, errorClass) {
|
|
|
98
98
|
|
|
99
99
|
function _refuseInjection(field, value, errorClass) {
|
|
100
100
|
if (typeof value !== "string") {
|
|
101
|
-
throw errorClass.factory("
|
|
101
|
+
throw errorClass.factory("sse/bad-field",
|
|
102
102
|
"sse.send: " + field + " must be a string");
|
|
103
103
|
}
|
|
104
104
|
// Length-bound BEFORE the regex test — _capField applies a tighter
|
|
105
105
|
// cap further along, but the regex itself runs against the full
|
|
106
106
|
// value so we bound here too.
|
|
107
107
|
if (value.length > MAX_DATA_BYTES) {
|
|
108
|
-
throw errorClass.factory("
|
|
108
|
+
throw errorClass.factory("sse/field-too-large",
|
|
109
109
|
"sse.send: " + field + " too large for injection scan");
|
|
110
110
|
}
|
|
111
111
|
if (INJECTION_RE.test(value)) { // allow:regex-no-length-cap — value length capped above
|
|
@@ -114,7 +114,7 @@ function _refuseInjection(field, value, errorClass) {
|
|
|
114
114
|
outcome: "denied",
|
|
115
115
|
metadata: { field: field, length: value.length },
|
|
116
116
|
});
|
|
117
|
-
throw errorClass.factory("
|
|
117
|
+
throw errorClass.factory("sse/injection",
|
|
118
118
|
"sse.send: " + field + " contains LF/CR/NUL — refused " +
|
|
119
119
|
"(CVE-2026-33128 / 29085 / 44217 class)");
|
|
120
120
|
}
|
|
@@ -130,7 +130,7 @@ var MAX_DATA_BYTES = C.BYTES.mib(1);
|
|
|
130
130
|
function _capField(field, value, capBytes, errorClass) {
|
|
131
131
|
var len = Buffer.byteLength(value, "utf8");
|
|
132
132
|
if (len > capBytes) {
|
|
133
|
-
throw errorClass.factory("
|
|
133
|
+
throw errorClass.factory("sse/field-too-large",
|
|
134
134
|
"sse.send: " + field + " exceeds cap (" + len + " > " +
|
|
135
135
|
capBytes + " bytes)");
|
|
136
136
|
}
|
|
@@ -139,7 +139,7 @@ function _capField(field, value, capBytes, errorClass) {
|
|
|
139
139
|
function serializeEvent(opts, errorClass) {
|
|
140
140
|
errorClass = errorClass || SseError;
|
|
141
141
|
if (!opts || typeof opts !== "object") {
|
|
142
|
-
throw errorClass.factory("
|
|
142
|
+
throw errorClass.factory("sse/bad-opts", "sse.serializeEvent: opts required");
|
|
143
143
|
}
|
|
144
144
|
var out = "";
|
|
145
145
|
// Field order: id, event, retry, data — matches the framework's
|
|
@@ -162,7 +162,7 @@ function serializeEvent(opts, errorClass) {
|
|
|
162
162
|
}
|
|
163
163
|
if (opts.data !== undefined && opts.data !== null) {
|
|
164
164
|
if (typeof opts.data !== "string") {
|
|
165
|
-
throw errorClass.factory("
|
|
165
|
+
throw errorClass.factory("sse/bad-field",
|
|
166
166
|
"sse.send: data must be a string");
|
|
167
167
|
}
|
|
168
168
|
_capField("data", opts.data, MAX_DATA_BYTES, errorClass);
|
|
@@ -174,7 +174,7 @@ function serializeEvent(opts, errorClass) {
|
|
|
174
174
|
outcome: "denied",
|
|
175
175
|
metadata: { field: "data", length: opts.data.length, char: "cr-or-nul" },
|
|
176
176
|
});
|
|
177
|
-
throw errorClass.factory("
|
|
177
|
+
throw errorClass.factory("sse/injection",
|
|
178
178
|
"sse.send: data contains CR or NUL — refused");
|
|
179
179
|
}
|
|
180
180
|
var lines = opts.data.split("\n");
|
|
@@ -189,11 +189,11 @@ function serializeEvent(opts, errorClass) {
|
|
|
189
189
|
|
|
190
190
|
function _validateComment(text, errorClass) {
|
|
191
191
|
if (typeof text !== "string") {
|
|
192
|
-
throw errorClass.factory("
|
|
192
|
+
throw errorClass.factory("sse/bad-field",
|
|
193
193
|
"sse.comment: text must be a string");
|
|
194
194
|
}
|
|
195
195
|
if (text.length > MAX_DATA_BYTES) {
|
|
196
|
-
throw errorClass.factory("
|
|
196
|
+
throw errorClass.factory("sse/field-too-large",
|
|
197
197
|
"sse.comment: text too large for injection scan");
|
|
198
198
|
}
|
|
199
199
|
if (INJECTION_RE.test(text)) { // allow:regex-no-length-cap — text length capped above
|
|
@@ -202,7 +202,7 @@ function _validateComment(text, errorClass) {
|
|
|
202
202
|
outcome: "denied",
|
|
203
203
|
metadata: { field: "comment", length: text.length },
|
|
204
204
|
});
|
|
205
|
-
throw errorClass.factory("
|
|
205
|
+
throw errorClass.factory("sse/injection",
|
|
206
206
|
"sse.comment: text contains LF/CR/NUL — refused");
|
|
207
207
|
}
|
|
208
208
|
}
|
|
@@ -224,14 +224,14 @@ function create(req, res, opts) {
|
|
|
224
224
|
opts = opts || {};
|
|
225
225
|
var errorClass = opts.errorClass || SseError;
|
|
226
226
|
if (!res || typeof res.write !== "function" || typeof res.end !== "function") {
|
|
227
|
-
throw errorClass.factory("
|
|
227
|
+
throw errorClass.factory("sse/bad-res",
|
|
228
228
|
"sse.create: res must be a writable response stream");
|
|
229
229
|
}
|
|
230
230
|
var heartbeatMs = opts.heartbeatMs;
|
|
231
231
|
if (heartbeatMs === undefined) heartbeatMs = C.TIME.seconds(15);
|
|
232
232
|
if (typeof heartbeatMs !== "number" || !isFinite(heartbeatMs) ||
|
|
233
233
|
heartbeatMs < 0 || Math.floor(heartbeatMs) !== heartbeatMs) {
|
|
234
|
-
throw errorClass.factory("
|
|
234
|
+
throw errorClass.factory("sse/bad-opts",
|
|
235
235
|
"sse.create: heartbeatMs must be a non-negative integer ms (got " +
|
|
236
236
|
JSON.stringify(heartbeatMs) + ")");
|
|
237
237
|
}
|
|
@@ -264,7 +264,7 @@ function create(req, res, opts) {
|
|
|
264
264
|
|
|
265
265
|
function _writeRaw(s) {
|
|
266
266
|
if (closed) {
|
|
267
|
-
throw errorClass.factory("
|
|
267
|
+
throw errorClass.factory("sse/closed",
|
|
268
268
|
"sse.send: channel closed");
|
|
269
269
|
}
|
|
270
270
|
res.write(s);
|
package/lib/tcpa-10dlc.js
CHANGED
|
@@ -72,11 +72,11 @@ var records = new Map(); // phoneE164 → record
|
|
|
72
72
|
|
|
73
73
|
function recordConsent(opts) {
|
|
74
74
|
if (!opts || typeof opts !== "object") {
|
|
75
|
-
throw Tcpa10dlcError.factory("
|
|
75
|
+
throw Tcpa10dlcError.factory("tcpa-10dlc/bad-opts",
|
|
76
76
|
"tcpa10dlc.recordConsent: opts required");
|
|
77
77
|
}
|
|
78
78
|
if (typeof opts.phoneE164 !== "string" || !E164_RE.test(opts.phoneE164)) {
|
|
79
|
-
throw Tcpa10dlcError.factory("
|
|
79
|
+
throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
|
|
80
80
|
"tcpa10dlc.recordConsent: phoneE164 must match " + E164_RE);
|
|
81
81
|
}
|
|
82
82
|
validateOpts.requireNonEmptyString(opts.brand,
|
|
@@ -86,7 +86,7 @@ function recordConsent(opts) {
|
|
|
86
86
|
validateOpts.requireNonEmptyString(opts.formUrl,
|
|
87
87
|
"tcpa10dlc.recordConsent: formUrl", Tcpa10dlcError, "BAD_FORM_URL");
|
|
88
88
|
if (DISCLOSURE_PARTIES.indexOf(opts.disclosurePartyKind) === -1) {
|
|
89
|
-
throw Tcpa10dlcError.factory("
|
|
89
|
+
throw Tcpa10dlcError.factory("tcpa-10dlc/bad-disclosure-party",
|
|
90
90
|
"tcpa10dlc.recordConsent: disclosurePartyKind must be one of " +
|
|
91
91
|
DISCLOSURE_PARTIES.join(", "));
|
|
92
92
|
}
|
|
@@ -133,12 +133,12 @@ function lookup(phoneE164) {
|
|
|
133
133
|
|
|
134
134
|
function revoke(phoneE164, reason) {
|
|
135
135
|
if (typeof phoneE164 !== "string" || !E164_RE.test(phoneE164)) {
|
|
136
|
-
throw Tcpa10dlcError.factory("
|
|
136
|
+
throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
|
|
137
137
|
"tcpa10dlc.revoke: phoneE164 must match " + E164_RE);
|
|
138
138
|
}
|
|
139
139
|
var existing = records.get(phoneE164);
|
|
140
140
|
if (!existing) {
|
|
141
|
-
throw Tcpa10dlcError.factory("
|
|
141
|
+
throw Tcpa10dlcError.factory("tcpa-10dlc/no-record",
|
|
142
142
|
"tcpa10dlc.revoke: no consent record for " + phoneE164);
|
|
143
143
|
}
|
|
144
144
|
if (existing.revoked) {
|