@blamejs/core 0.13.43 → 0.13.45

package/lib/boot-gates.js

@@ -66,7 +66,7 @@ var DEFAULT_EXIT_CODE = 1;
 async function run(gates, opts) {
   opts = opts || {};
   if (!Array.isArray(gates) || gates.length === 0) {
-    throw new BootGatesError("bootgates/bad-input",
+    throw new BootGatesError("boot-gates/bad-input",
       "b.bootGates.run: gates must be a non-empty array");
   }
   var log = typeof opts.log === "function" ? opts.log : function (msg) {
@@ -82,7 +82,7 @@ async function run(gates, opts) {
   // throw rather than terminating the process — operators that wire
   // bootGates from their daemon main() pass `exit: process.exit.bind(process)`.
   var exit = typeof opts.exit === "function" ? opts.exit : function (code) {
-    var e = new BootGatesError("bootgates/no-exit-wired",
+    var e = new BootGatesError("boot-gates/no-exit-wired",
       "b.bootGates.run: gate failed (exitCode=" + code + ") but no opts.exit handler was supplied; " +
       "operators wire opts.exit to process.exit.bind(process) in their daemon main()");
     e.exitCode = code;
@@ -96,26 +96,26 @@ async function run(gates, opts) {
     var gate = gates[i];
     if (!gate || typeof gate.name !== "string" || gate.name.length === 0 ||
         typeof gate.fn !== "function") {
-      throw new BootGatesError("bootgates/bad-gate",
+      throw new BootGatesError("boot-gates/bad-gate",
         "b.bootGates.run: gates[" + i + "] must be { name: string, fn: function }");
     }
     var timeoutMs = gate.timeoutMs || DEFAULT_GATE_TIMEOUT_MS;
     if (typeof timeoutMs !== "number" || !isFinite(timeoutMs) || timeoutMs < 1) {
-      throw new BootGatesError("bootgates/bad-timeout",
+      throw new BootGatesError("boot-gates/bad-timeout",
         "b.bootGates.run: gates[" + i + "].timeoutMs must be a positive finite number");
     }
     var gateT0 = Date.now();
     var failure = null;
     try {
       await safeAsync.withTimeout(Promise.resolve().then(gate.fn), timeoutMs,
-        new BootGatesError("bootgates/timeout",
+        new BootGatesError("boot-gates/timeout",
           "b.bootGates.run: gate '" + gate.name + "' exceeded " + timeoutMs + "ms"));
     } catch (err) {
       failure = err;
     }
     if (overallTimeoutMs !== undefined &&
         Date.now() - t0 > overallTimeoutMs && failure === null) {
-      failure = new BootGatesError("bootgates/overall-timeout",
+      failure = new BootGatesError("boot-gates/overall-timeout",
         "b.bootGates.run: overall budget " + overallTimeoutMs + "ms exceeded after gate '" +
         gate.name + "'");
     }

package/lib/budr.js

@@ -78,31 +78,31 @@ var declarations = new Map();
  */
 function declare(opts) {
   if (!opts || typeof opts !== "object") {
-    throw BudrError.factory("BAD_OPTS", "budr.declare: opts required");
+    throw BudrError.factory("budr/bad-opts", "budr.declare: opts required");
   }
   if (typeof opts.service !== "string" || opts.service.length === 0 ||
       opts.service.length > SERVICE_MAX || !SERVICE_RE.test(opts.service)) {
-    throw BudrError.factory("BAD_SERVICE",
+    throw BudrError.factory("budr/bad-service",
       "budr.declare: service must match " + SERVICE_RE);
   }
   numericBounds.requirePositiveFiniteIntIfPresent(opts.rtoMs, "budr.declare: rtoMs", BudrError, "BAD_RTO");
   numericBounds.requirePositiveFiniteIntIfPresent(opts.rpoMs, "budr.declare: rpoMs", BudrError, "BAD_RPO");
   if (typeof opts.rtoMs !== "number" || typeof opts.rpoMs !== "number") {
-    throw BudrError.factory("BAD_TARGETS",
+    throw BudrError.factory("budr/bad-targets",
       "budr.declare: rtoMs and rpoMs are required positive integer milliseconds");
   }
   if (opts.tier !== undefined && TIERS.indexOf(opts.tier) === -1) {
-    throw BudrError.factory("BAD_TIER",
+    throw BudrError.factory("budr/bad-tier",
       "budr.declare: tier must be one of " + TIERS.join(", "));
   }
   if (opts.criticality !== undefined && CRITICALITIES.indexOf(opts.criticality) === -1) {
-    throw BudrError.factory("BAD_CRITICALITY",
+    throw BudrError.factory("budr/bad-criticality",
       "budr.declare: criticality must be one of " + CRITICALITIES.join(", "));
   }
   validateOpts.optionalNonEmptyString(opts.owner,
     "budr.declare: owner", BudrError, "BAD_OWNER");
   if (opts.citations !== undefined && !Array.isArray(opts.citations)) {
-    throw BudrError.factory("BAD_CITATIONS",
+    throw BudrError.factory("budr/bad-citations",
       "budr.declare: citations must be an array of strings");
   }
 

package/lib/cert.js

@@ -22,9 +22,9 @@
  *     - `b.acme.create`         → ACME orders, JWS, ARI fetch
  *     - `b.vault.seal`          → sealed-disk persistence of certs + keys + account material
  *     - `b.safeAsync.repeating` → renewal scheduler with drop-silent error path
- *     - `b.network.tls.ocsp`    → server-side stapling helpers
+ *     - `b.network.tls.ocsp`    → fetches + caches a validated OCSP response per cert for server-side stapling
  *     - `b.audit`               → cert.* lifecycle audit chain
- *     - `b.compliance`          → posture refusals (e.g. plaintext storage refused under HIPAA / PCI)
+ *     - `b.compliance`          → validates the declared posture names; storage-confidentiality postures hold because keys/certs are always sealed at rest
  *
  *   Does NOT ship the challenge-solver implementations (HTTP-01 server,
  *   DNS provider integrations, TLS-ALPN-01 socket). Those are operator-
@@ -60,6 +60,7 @@ var acme          = lazyRequire(function () { return require("./acme"); });
 var vault         = lazyRequire(function () { return require("./vault"); });
 var audit         = lazyRequire(function () { return require("./audit"); });
 var networkTls    = lazyRequire(function () { return require("./network-tls"); });
+var compliance    = lazyRequire(function () { return require("./compliance"); });
 var bCrypto       = lazyRequire(function () { return require("./crypto"); });
 
 var CertError = defineClass("CertError");
@@ -222,7 +223,7 @@ function _createSealedDiskStorage(opts) {
  *     refreshMs:  number,             // default 12h — OCSP-response cache lifetime
  *   },
  *   audit:    boolean | object,       // default true — emit cert.* lifecycle events via b.audit.safeEmit
- *   compliance: Array<string>,         // optional — posture refusals (e.g. ["hipaa"]); refuses plaintext storage etc.
+ *   compliance: Array<string>,         // optional — posture names (e.g. ["hipaa"]); validated against b.compliance.KNOWN_POSTURES (throws on an unknown name) + surfaced on getContext().compliance. Cert keys/certs are always sealed at rest, so storage-confidentiality postures hold by construction.
  *
  * @example
  *   var mgr = b.cert.create({
@@ -383,13 +384,31 @@ function create(opts) {
 
   // ---- Audit + compliance ----
   var auditEnabled = opts.audit !== false;
-  var compliance = Array.isArray(opts.compliance) ? opts.compliance.slice() : [];
+  var compliancePostures = Array.isArray(opts.compliance) ? opts.compliance.slice() : [];
+  // Validate posture names against the framework catalog so a typo is
+  // caught at create() rather than silently ignored. The cert manager
+  // satisfies the storage-confidentiality postures (HIPAA / PCI-DSS /
+  // GDPR …) by construction — keys + certs are always sealed at rest
+  // (storage.type is enforced to "sealed-disk"), so there is no plaintext-
+  // storage state for a posture to fail to. The postures are recorded +
+  // surfaced on the served context for an auditor.
+  if (compliancePostures.length > 0) {
+    var knownPostures = compliance().KNOWN_POSTURES;
+    compliancePostures.forEach(function (p) {
+      if (knownPostures.indexOf(p) === -1) {
+        throw new CertError("cert/unknown-compliance-posture",
+          "cert.create: opts.compliance posture '" + p + "' is not a known posture; " +
+          "see b.compliance.KNOWN_POSTURES");
+      }
+    });
+  }
 
   // ---- Internal state ----
   var emitter = new EventEmitter();
-  var loadedContexts = Object.create(null);   // name → { cert, key, ca, expiresAt, fingerprintSha256, sniNames }
+  var loadedContexts = Object.create(null);   // name → { cert, key, ca, expiresAt, fingerprintSha256, sniNames, ocspResponse }
   var acmeClient = null;
   var scheduler = null;
+  var ocspTimer = null;
   var stopped = false;
 
   function _emitAudit(action, outcome, metadata) {
@@ -689,6 +708,39 @@ function create(opts) {
     }
   }
 
+  // Split a PEM chain into individual certificate blocks (leaf first).
+  function _splitPemChain(pem) {
+    return pem.match(/-----BEGIN CERTIFICATE-----[\s\S]+?-----END CERTIFICATE-----/g) || [];
+  }
+
+  // Fetch + cache a validated OCSP response for one managed cert, for
+  // server-side stapling. Fail-soft: a responder error, or no issuer in the
+  // served chain, leaves any prior staple in place and never throws — an
+  // absent staple degrades gracefully (clients fall back to their own
+  // revocation checking). The validated DER is exposed on
+  // getContext().ocspResponse for the operator's TLS server to staple via
+  // its 'OCSPRequest' handler.
+  async function _refreshOcspFor(name) {
+    var ctx = loadedContexts[name];
+    if (!ctx || !ocspStapling) return;
+    var chain = _splitPemChain(ctx.cert);
+    if (chain.length < 2) return;   // no issuer in the served chain
+    try {
+      // allow:raw-outbound-http — b.network.tls.ocsp.fetch composes b.httpClient internally (SSRF guard + pinned DNS); not a raw outbound call
+      var rv = await networkTls().ocsp.fetch({ leafPem: chain[0], issuerPem: chain[1] });
+      ctx.ocspResponse = rv.ocspDer;
+      _emitAudit("cert.ocsp.refreshed", "success", { name: name });
+    } catch (e) {
+      _emitAudit("cert.ocsp.refresh-failed", "failure",
+        { name: name, error: (e && e.message) || String(e) });
+    }
+  }
+
+  async function _refreshAllOcsp() {
+    var keys = Object.keys(loadedContexts);
+    for (var i = 0; i < keys.length; i += 1) { await _refreshOcspFor(keys[i]); }
+  }
+
   async function start() {
     if (stopped) {
       throw new CertError("cert/already-stopped",
@@ -706,12 +758,21 @@ function create(opts) {
         await _renewCheckOne(certsByName[keys[ki]]);
       }
     }, renewIntervalMs, { name: "cert-renew" });
+    // 3. OCSP stapling. The initial fetch runs in the background so a slow
+    //    responder never delays start(); the staple becomes available
+    //    shortly after, and the timer refreshes on the configured cadence.
+    if (ocspStapling) {
+      _refreshAllOcsp().catch(function () { /* per-cert errors already audited */ });
+      ocspTimer = safeAsync.repeating(_refreshAllOcsp, ocspRefreshMs, { name: "cert-ocsp" });
+    }
   }
 
   async function stop() {
     stopped = true;
     if (scheduler && typeof scheduler.stop === "function") scheduler.stop();
     scheduler = null;
+    if (ocspTimer && typeof ocspTimer.stop === "function") ocspTimer.stop();
+    ocspTimer = null;
   }
 
   function getContext(name) {
@@ -729,6 +790,11 @@ function create(opts) {
       key:                ctx.key,
       expiresAt:          ctx.expiresAt,
       fingerprintSha256:  ctx.fingerprintSha256,
+      // The cached, validated OCSP response (DER Buffer) when ocsp.stapling
+      // is on and a response has been fetched; null otherwise. Staple it
+      // from the TLS server's 'OCSPRequest' handler: cb(null, ocspResponse).
+      ocspResponse:       ctx.ocspResponse || null,
+      compliance:         compliancePostures.slice(),
     };
   }
 
@@ -798,10 +864,6 @@ function create(opts) {
   function off(event, handler)  { emitter.off(event, handler);   return this; }
   function once(event, handler) { emitter.once(event, handler);  return this; }
 
-  // Suppress unused-warnings for ocsp + compliance until those branches
-  // wire up in v0.11.23+ follow-up.
-  void ocspStapling; void ocspRefreshMs; void compliance; void networkTls;
-
   return {
     start:        start,
     stop:         stop,

package/lib/content-credentials.js

@@ -48,7 +48,7 @@ var REQUIRED_FIELDS = ["provider", "system", "systemVersion", "contentId"];
 
 function _validateBuildOpts(opts) {
   if (!opts || typeof opts !== "object") {
-    throw ContentCredentialsError.factory("BAD_OPTS",
+    throw ContentCredentialsError.factory("content-credentials/bad-opts",
       "contentCredentials.build: opts required");
   }
   for (var i = 0; i < REQUIRED_FIELDS.length; i += 1) {
@@ -57,32 +57,32 @@ function _validateBuildOpts(opts) {
       "contentCredentials.build: " + f, ContentCredentialsError, "MISSING_" + f.toUpperCase());
   }
   if (opts.provider.length > STR_LEN_MAX) {
-    throw ContentCredentialsError.factory("BAD_PROVIDER",
+    throw ContentCredentialsError.factory("content-credentials/bad-provider",
       "provider exceeds " + STR_LEN_MAX + " chars");
   }
   if (opts.system.length > ID_LEN_MAX || !ID_RE.test(opts.system)) {
-    throw ContentCredentialsError.factory("BAD_SYSTEM",
+    throw ContentCredentialsError.factory("content-credentials/bad-system",
       "system must match " + ID_RE);
   }
   if (opts.systemVersion.length > 64 || !SEMVER_RE.test(opts.systemVersion)) {                // allow:raw-byte-literal — semver length cap, not bytes
-    throw ContentCredentialsError.factory("BAD_VERSION",
+    throw ContentCredentialsError.factory("content-credentials/bad-version",
       "systemVersion must be semver");
   }
   if (opts.contentId.length > ID_LEN_MAX || !ID_RE.test(opts.contentId)) {
-    throw ContentCredentialsError.factory("BAD_CONTENT_ID",
+    throw ContentCredentialsError.factory("content-credentials/bad-content-id",
       "contentId must match " + ID_RE);
   }
   if (opts.contentType !== undefined) {
     if (typeof opts.contentType !== "string" || opts.contentType.length === 0 ||
         opts.contentType.length > ID_LEN_MAX || !/^[a-zA-Z]+\/[A-Za-z0-9._+-]+$/.test(opts.contentType)) {
-      throw ContentCredentialsError.factory("BAD_CONTENT_TYPE",
+      throw ContentCredentialsError.factory("content-credentials/bad-content-type",
         "contentType must be a valid IANA media type");
     }
   }
   if (opts.contentSha3 !== undefined) {
     if (typeof opts.contentSha3 !== "string" || opts.contentSha3.length !== SHA3_HEX_LEN ||
         !/^[a-f0-9]+$/i.test(opts.contentSha3)) {
-      throw ContentCredentialsError.factory("BAD_CONTENT_HASH",
+      throw ContentCredentialsError.factory("content-credentials/bad-content-hash",
         "contentSha3 must be lowercase hex SHA3-512 (" + SHA3_HEX_LEN + " chars)");
     }
   }
@@ -229,7 +229,7 @@ function required(opts) {
 function sign(manifest, opts) {
   opts = opts || {};
   if (!manifest || typeof manifest !== "object") {
-    throw ContentCredentialsError.factory("BAD_MANIFEST",
+    throw ContentCredentialsError.factory("content-credentials/bad-manifest",
       "contentCredentials.sign: manifest required");
   }
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
@@ -368,7 +368,7 @@ function _cborUint(n) {
   if (n < 256)        return Buffer.from([0x18, n]);                                                                                          // allow:raw-byte-literal — CBOR threshold
   if (n < 65536)      return Buffer.from([0x19, (n >> 8) & 0xFF, n & 0xFF]);                                                                  // allow:raw-byte-literal — CBOR threshold
   if (n < 4294967296) return Buffer.from([0x1A, (n >> 24) & 0xFF, (n >> 16) & 0xFF, (n >> 8) & 0xFF, n & 0xFF]);                              // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor uint too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor uint too large: " + n);
 }
 
 function _cborNint(n) {
@@ -397,13 +397,13 @@ function _cborArrayHeader(n) {
   if (n < 24)    return Buffer.from([0x80 | n]);                                                                                               // allow:raw-byte-literal — CBOR threshold
   if (n < 256)   return Buffer.from([0x98, n]);                                                                                                // allow:raw-byte-literal — CBOR threshold
   if (n < 65536) return Buffer.from([0x99, (n >> 8) & 0xFF, n & 0xFF]);                                                                        // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor array too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor array too large: " + n);
 }
 
 function _cborMapHeader(n) {
   if (n < 24)    return Buffer.from([0xA0 | n]);                                                                                               // allow:raw-byte-literal — CBOR threshold
   if (n < 256)   return Buffer.from([0xB8, n]);                                                                                                // allow:raw-byte-literal — CBOR threshold
-  throw ContentCredentialsError.factory("CBOR_OVERFLOW", "cbor map too large: " + n);
+  throw ContentCredentialsError.factory("content-credentials/cbor-overflow", "cbor map too large: " + n);
 }
 
 function _cborTag(tag) {
@@ -454,14 +454,14 @@ function _cborTag(tag) {
 function signCose(manifest, opts) {
   opts = opts || {};
   if (!manifest || typeof manifest !== "object") {
-    throw ContentCredentialsError.factory("BAD_MANIFEST",
+    throw ContentCredentialsError.factory("content-credentials/bad-manifest",
       "contentCredentials.signCose: manifest required");
   }
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
     "contentCredentials.signCose: privateKeyPem", ContentCredentialsError, "BAD_KEY");
   var algName = (opts.alg || "ml-dsa-87").toLowerCase();
   if (!(algName in COSE_ALGS)) {
-    throw ContentCredentialsError.factory("BAD_ALG",
+    throw ContentCredentialsError.factory("content-credentials/bad-alg",
       "contentCredentials.signCose: alg '" + algName +
       "' not in COSE alg registry. Known: " + Object.keys(COSE_ALGS).join(", "));
   }

package/lib/dark-patterns.js

@@ -64,47 +64,47 @@ var POSTURES = {
 
 function _validateFlowOpts(opts, label, errorClass) {
   if (!opts || typeof opts !== "object") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.record" + label + ": opts required");
   }
   if (CHANNELS.indexOf(opts.channel) === -1) {
-    throw errorClass.factory("BAD_CHANNEL",
+    throw errorClass.factory("dark-patterns/bad-channel",
       "darkPatterns: channel must be one of " + CHANNELS.join(","));
   }
   if (typeof opts.clickCount !== "number" || !isFinite(opts.clickCount) ||
       opts.clickCount < 1 || opts.clickCount > 50 ||
       Math.floor(opts.clickCount) !== opts.clickCount) {
-    throw errorClass.factory("BAD_CLICKS",
+    throw errorClass.factory("dark-patterns/bad-clicks",
       "darkPatterns: clickCount must be integer 1..50");
   }
   if (!opts.cta || typeof opts.cta !== "object") {
-    throw errorClass.factory("BAD_CTA",
+    throw errorClass.factory("dark-patterns/bad-cta",
       "darkPatterns: cta object required (text, fontWeight, contrastRatio)");
   }
   if (typeof opts.cta.text !== "string" || opts.cta.text.length === 0 ||
       opts.cta.text.length > STR_LEN_MAX) {
-    throw errorClass.factory("BAD_CTA_TEXT",
+    throw errorClass.factory("dark-patterns/bad-cta-text",
       "darkPatterns: cta.text must be 1-256 char string");
   }
   if (typeof opts.cta.fontWeight !== "number" || opts.cta.fontWeight < 100 ||
       opts.cta.fontWeight > FONT_WEIGHT_MAX) {
-    throw errorClass.factory("BAD_FONT_WEIGHT",
+    throw errorClass.factory("dark-patterns/bad-font-weight",
       "darkPatterns: cta.fontWeight must be 100..1000");
   }
   if (typeof opts.cta.contrastRatio !== "number" ||
       opts.cta.contrastRatio < 1 || opts.cta.contrastRatio > 21) {
-    throw errorClass.factory("BAD_CONTRAST",
+    throw errorClass.factory("dark-patterns/bad-contrast",
       "darkPatterns: cta.contrastRatio must be 1..21");
   }
   if (typeof opts.confirmations !== "number" ||
       opts.confirmations < 0 || opts.confirmations > 10 ||
       Math.floor(opts.confirmations) !== opts.confirmations) {
-    throw errorClass.factory("BAD_CONFIRMATIONS",
+    throw errorClass.factory("dark-patterns/bad-confirmations",
       "darkPatterns: confirmations must be integer 0..10");
   }
   if (typeof opts.resourceId !== "string" || opts.resourceId.length === 0 ||
       opts.resourceId.length > STR_LEN_MAX) {
-    throw errorClass.factory("BAD_RESOURCE_ID",
+    throw errorClass.factory("dark-patterns/bad-resource-id",
       "darkPatterns: resourceId must be 1-256 char string");
   }
 }
@@ -252,21 +252,21 @@ function assertParity(signup, cancel, opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || DarkPatternsError;
   if (!signup || signup.kind !== "signup") {
-    throw errorClass.factory("BAD_SIGNUP_FLOW",
+    throw errorClass.factory("dark-patterns/bad-signup-flow",
       "darkPatterns.assertParity: signup must be a recorded signup flow");
   }
   if (!cancel || cancel.kind !== "cancel") {
-    throw errorClass.factory("BAD_CANCEL_FLOW",
+    throw errorClass.factory("dark-patterns/bad-cancel-flow",
       "darkPatterns.assertParity: cancel must be a recorded cancel flow");
   }
   if (signup.resourceId !== cancel.resourceId) {
-    throw errorClass.factory("RESOURCE_MISMATCH",
+    throw errorClass.factory("dark-patterns/resource-mismatch",
       "darkPatterns.assertParity: resourceId differs between flows");
   }
   var postureName = opts.posture || "ftc-2024";
   var posture = POSTURES[postureName];
   if (!posture) {
-    throw errorClass.factory("BAD_POSTURE",
+    throw errorClass.factory("dark-patterns/bad-posture",
       "darkPatterns.assertParity: unknown posture " + postureName);
   }
 
@@ -427,11 +427,11 @@ function middleware(opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || DarkPatternsError;
   if (typeof opts.lookupAttestation !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.middleware: lookupAttestation function required");
   }
   if (typeof opts.resourceIdFromReq !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("dark-patterns/bad-opts",
       "darkPatterns.middleware: resourceIdFromReq function required");
   }