npm - @blamejs/core - Versions diffs - 0.13.43 → 0.13.45 - Mend

@blamejs/core 0.13.43 → 0.13.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/CHANGELOG.md +4 -0
package/README.md +1 -1
package/lib/a2a.js +11 -11
package/lib/agent-snapshot.js +1 -1
package/lib/ai-capability.js +20 -20
package/lib/ai-dp.js +17 -17
package/lib/ai-input.js +3 -3
package/lib/ai-pref.js +9 -9
package/lib/ai-quota.js +17 -17
package/lib/arg-parser.js +38 -38
package/lib/audit-sign.js +4 -4
package/lib/auth/acr-vocabulary.js +4 -4
package/lib/auth/auth-time-tracker.js +1 -1
package/lib/auth/elevation-grant.js +10 -10
package/lib/auth/step-up-policy.js +12 -12
package/lib/auth/step-up.js +15 -15
package/lib/boot-gates.js +6 -6
package/lib/budr.js +6 -6
package/lib/cert.js +71 -9
package/lib/content-credentials.js +13 -13
package/lib/dark-patterns.js +15 -15
package/lib/ddl-change-control.js +37 -37
package/lib/dr-runbook.js +7 -7
package/lib/fapi2.js +9 -9
package/lib/fdx.js +7 -7
package/lib/graphql-federation.js +2 -2
package/lib/iab-mspa.js +5 -5
package/lib/iab-tcf.js +18 -18
package/lib/mcp.js +13 -13
package/lib/middleware/require-step-up.js +3 -3
package/lib/network-tls.js +81 -5
package/lib/sec-cyber.js +3 -3
package/lib/sse.js +14 -14
package/lib/tcpa-10dlc.js +5 -5
package/lib/tenant-quota.js +18 -18
package/package.json +1 -1
package/sbom.cdx.json +6 -6

package/lib/mcp.js CHANGED Viewed

@@ -81,30 +81,30 @@ function parseRequest(body, opts) {
   try {
     parsed = typeof body === "string" ? safeJson.parse(body, { maxBytes: C.BYTES.mib(1) }) : body;                                  // allow:JSON.parse — routed via safeJson.parse
   } catch (_e) {
-    throw errorClass.factory("BAD_JSON",
+    throw errorClass.factory("mcp/bad-json",
       "mcp.parseRequest: body is not valid JSON");
   }
   if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
-    throw errorClass.factory("BAD_ENVELOPE",
+    throw errorClass.factory("mcp/bad-envelope",
       "mcp.parseRequest: request must be a JSON-RPC object");
   }
   if (parsed.jsonrpc !== "2.0") {
-    throw errorClass.factory("BAD_VERSION",
+    throw errorClass.factory("mcp/bad-version",
       "mcp.parseRequest: jsonrpc must be \"2.0\"");
   }
   if (typeof parsed.method !== "string" || parsed.method.length === 0 ||
       parsed.method.length > METHOD_NAME_MAX) {
-    throw errorClass.factory("BAD_METHOD",
+    throw errorClass.factory("mcp/bad-method",
       "mcp.parseRequest: method must be a non-empty string under 256 bytes");
   }
   if (parsed.id !== undefined && parsed.id !== null &&
       typeof parsed.id !== "string" && typeof parsed.id !== "number") {
-    throw errorClass.factory("BAD_ID",
+    throw errorClass.factory("mcp/bad-id",
       "mcp.parseRequest: id must be string, number, or null");
   }
   if (parsed.params !== undefined && parsed.params !== null &&
       typeof parsed.params !== "object") {
-    throw errorClass.factory("BAD_PARAMS",
+    throw errorClass.factory("mcp/bad-params",
       "mcp.parseRequest: params must be object or array");
   }
   return parsed;
@@ -167,7 +167,7 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
       try { collector.push(chunk); }
       catch (_e) {
         req.destroy();
-        reject(errorClass.factory("BODY_TOO_LARGE",
+        reject(errorClass.factory("mcp/body-too-large",
           "mcp: request body exceeds " + maxBytes + " bytes"));
       }
     });
@@ -178,17 +178,17 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
 function _checkRedirectUri(uri, allowlist, errorClass) {
   if (typeof uri !== "string") {
-    throw errorClass.factory("BAD_REDIRECT_URI",
+    throw errorClass.factory("mcp/bad-redirect-uri",
       "mcp: redirect_uri must be a string");
   }
   if (!Array.isArray(allowlist) || allowlist.indexOf(uri) === -1) {
-    throw errorClass.factory("REDIRECT_URI_REFUSED",
+    throw errorClass.factory("mcp/redirect-uri-refused",
       "mcp: redirect_uri not in allowlist (OAuth 2.1 / RFC 9700 sec 4.1.1)");
   }
   var parsed;
   try { parsed = safeUrl.parse(uri); }
   catch (_e) {
-    throw errorClass.factory("BAD_REDIRECT_URI",
+    throw errorClass.factory("mcp/bad-redirect-uri",
       "mcp: redirect_uri did not parse");
   }
   var isHttps = parsed.protocol === "https:";
@@ -205,7 +205,7 @@ function _checkRedirectUri(uri, allowlist, errorClass) {
   }
   var isLocal = rawHost === "localhost" || rawHost === "127.0.0.1" || rawHost === "::1";
   if (!isHttps && !isLocal) {
-    throw errorClass.factory("INSECURE_REDIRECT_URI",
+    throw errorClass.factory("mcp/insecure-redirect-uri",
       "mcp: redirect_uri must be HTTPS (or localhost; RFC 9700 sec 4.1.1)");
   }
 }
@@ -257,7 +257,7 @@ function serverGuard(opts) {
   var requireBearer = opts.requireBearer !== false;
   var verifyBearer  = opts.verifyBearer || null;
   if (requireBearer && typeof verifyBearer !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("mcp/bad-opts",
       "mcp.serverGuard: verifyBearer required when requireBearer=true");
   }
   var redirectUriAllowlist = Array.isArray(opts.redirectUriAllowlist)
@@ -266,7 +266,7 @@ function serverGuard(opts) {
   var registerClientAllowlist = typeof opts.registerClientAllowlist === "function"
     ? opts.registerClientAllowlist : null;
   if (allowDynamicRegister && !registerClientAllowlist) {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("mcp/bad-opts",
       "mcp.serverGuard: allowDynamicRegister=true requires registerClientAllowlist function");
   }
   var toolAllowlist     = Array.isArray(opts.toolAllowlist)     ? opts.toolAllowlist     : null;

package/lib/middleware/require-step-up.js CHANGED Viewed

@@ -123,11 +123,11 @@ function create(opts) {
   ], "middleware.requireStepUp");
   if (!opts.requirement || typeof opts.requirement !== "object") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       "middleware.requireStepUp: opts.requirement must be an object");
   }
   validateOpts.optionalFunction(opts.getClaims,
-    "middleware.requireStepUp: getClaims", AuthError, "auth-stepUp/bad-opt");
+    "middleware.requireStepUp: getClaims", AuthError, "auth-step-up/bad-opt");
   var realm        = (typeof opts.realm === "string" && opts.realm.length > 0)
     ? opts.realm : "api";
@@ -146,7 +146,7 @@ function create(opts) {
   // on the first hot-path request.
   var probe = stepUp().evaluate({ claims: { acr: "0" }, requirement: opts.requirement });
   if (probe.error === "bad_requirement" || probe.error === "unknown_acr") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       "middleware.requireStepUp: " + (probe.reason || probe.error));
   }

package/lib/network-tls.js CHANGED Viewed

@@ -20,6 +20,7 @@ var NetworkTlsError = defineClass("NetworkTlsError", { alwaysPermanent: true });
 var observability = lazyRequire(function () { return require("./observability"); });
 var audit = lazyRequire(function () { return require("./audit"); });
 var networkDns = lazyRequire(function () { return require("./network-dns"); });
+var httpClient = lazyRequire(function () { return require("./http-client"); });
 var asn1 = require("./asn1-der");
 // STATE.tlsKeyShares is initialized to the default PQC group list at
@@ -1194,9 +1195,10 @@ function evaluateOcspResponse(ocspDer, opts) {
 //
 // Constructs a DER-encoded OCSPRequest for a single (leafCertDer,
 // issuerCertDer) pair, optionally with an RFC 8954 nonce extension.
-// Operators send the returned `requestDer` to the OCSP responder URL
-// (e.g. via b.httpClient with `Content-Type: application/ocsp-request`)
-// and pass `nonce` to `ocsp.evaluate(responseDer, { expectedNonce })`
+// `ocsp.fetch` composes this with `b.httpClient` to POST the request to
+// the cert's responder and return a validated response; operators who
+// need the raw request (custom transport, batched requests) call this
+// directly and pass `nonce` to `ocsp.evaluate(responseDer, { expectedNonce })`
 // to defend against replay attacks.
 //
 // Nonce DEFAULT ON — defense in depth. RFC 6960 §4.4.1 marks nonce
@@ -1291,8 +1293,10 @@ function buildOcspRequest(opts) {
   // framework that touches SHA-1" need a signal. Emit an audit row
   // on every OCSP request build so the algorithm choice is visible
   // in the chain.
-  var nameHash = nodeCrypto.createHash("sha1").update(iss.issuerNameDer).digest();
-  var keyHash  = nodeCrypto.createHash("sha1").update(iss.issuerKey).digest();
+  // lgtm[js/weak-cryptographic-algorithm] — RFC 6960 §4.1.1 CertID lookup hash over the PUBLIC issuer name; a name/key lookup, not an integrity or secrecy operation. SHA-256 CertIDs are §4.3-optional and rejected by most responders.
+  var nameHash = nodeCrypto.createHash("sha1").update(iss.issuerNameDer).digest(); // lgtm[js/weak-cryptographic-algorithm]
+  // lgtm[js/weak-cryptographic-algorithm] — RFC 6960 §4.1.1 CertID lookup hash over the PUBLIC issuer key; a name/key lookup, not an integrity or secrecy operation.
+  var keyHash  = nodeCrypto.createHash("sha1").update(iss.issuerKey).digest(); // lgtm[js/weak-cryptographic-algorithm]
   setImmediate(function () {
     try {
       var auditMod = require("./audit");                                            // allow:inline-require — circular-load defense (audit imports network-tls)
@@ -1339,6 +1343,77 @@ function buildOcspRequest(opts) {
   return { requestDer: requestDer, nonce: nonceBytes };
 }
+// _ocspResponderUrl — pull the OCSP responder URL out of a cert's
+// Authority Information Access extension. node:crypto exposes it as a
+// multi-line string ("OCSP - URI:http://...\nCA Issuers - URI:...\n").
+function _ocspResponderUrl(x509) {
+  var ia = x509 && x509.infoAccess;
+  if (typeof ia !== "string") return null;
+  var m = ia.match(/OCSP\s*-\s*URI:(\S+)/i);
+  return m ? m[1].trim() : null;
+}
+// fetch — POST a freshly-built OCSPRequest to the cert's responder and
+// return the validated, known-good response bytes. Composes buildRequest +
+// b.httpClient + evaluate, completing the server-side-stapling fetch path
+// (the response is what a TLS server staples via its 'OCSPRequest' handler).
+// The responder URL is taken from the leaf cert's AIA extension unless
+// opts.responderUrl overrides it. Throws TlsTrustError on any failure
+// (no responder, transport error, non-good certStatus, signature mismatch);
+// callers that staple should treat a throw as "no staple this cycle".
+async function fetchOcspResponse(opts) {
+  opts = opts || {};
+  if (typeof opts.leafPem !== "string" || typeof opts.issuerPem !== "string") {
+    throw new TlsTrustError("tls/ocsp-bad-input",
+      "ocsp.fetch: opts.leafPem and opts.issuerPem (PEM strings) are required");
+  }
+  var leafX, issuerX;
+  try {
+    leafX = new nodeCrypto.X509Certificate(opts.leafPem);
+    issuerX = new nodeCrypto.X509Certificate(opts.issuerPem);
+  } catch (e) {
+    throw new TlsTrustError("tls/ocsp-bad-cert",
+      "ocsp.fetch: could not parse leaf/issuer PEM: " + ((e && e.message) || String(e)));
+  }
+  var responderUrl = opts.responderUrl || _ocspResponderUrl(leafX);
+  if (!responderUrl) {
+    throw new TlsTrustError("tls/ocsp-no-responder",
+      "ocsp.fetch: cert has no AIA OCSP responder URL; pass opts.responderUrl");
+  }
+  var built = buildOcspRequest({
+    leafCertDer: leafX.raw, issuerCertDer: issuerX.raw,
+    nonce: opts.nonce, nonceLen: opts.nonceLen,
+  });
+  var res;
+  try {
+    res = await httpClient().request({
+      url:          responderUrl,
+      method:       "POST",
+      headers:      { "content-type": "application/ocsp-request", "accept": "application/ocsp-response" },
+      body:         built.requestDer,
+      responseMode: "buffer",
+      timeoutMs:    opts.timeoutMs || C.TIME.seconds(10),
+    });
+  } catch (e) {
+    throw new TlsTrustError("tls/ocsp-fetch-failed",
+      "ocsp.fetch: responder request to " + responderUrl + " failed: " + ((e && e.message) || String(e)));
+  }
+  if (res.status !== 200 || !Buffer.isBuffer(res.body) || res.body.length === 0) {
+    throw new TlsTrustError("tls/ocsp-fetch-bad-status",
+      "ocsp.fetch: responder returned status " + res.status + " with an empty/non-buffer body");
+  }
+  var evald = evaluateOcspResponse(res.body, {
+    issuerPem:     opts.issuerPem,
+    serialHex:     opts.serialHex || null,
+    expectedNonce: opts.nonce === false ? null : built.nonce,
+  });
+  if (!evald.ok) {
+    throw new TlsTrustError("tls/ocsp-not-good",
+      "ocsp.fetch: response is not good: " + (evald.errors || []).join("; "));
+  }
+  return { ocspDer: res.body, evaluation: evald, responderUrl: responderUrl };
+}
 var ocsp = Object.freeze({
   // Connect with OCSP requested. Returns { authorized, ocspBytes,
   // peerCert }. requireStapled: true makes empty / not-stapled responses
@@ -1379,6 +1454,7 @@ var ocsp = Object.freeze({
   },
   parseResponse:        parseOcspResponse,
   evaluate:             evaluateOcspResponse,
+  fetch:                fetchOcspResponse,
   // buildRequest — construct a DER-encoded OCSPRequest for a single
   // (leafCertDer, issuerCertDer) pair. RFC 8954 nonce extension is ON
   // by default (16 random bytes; opts.nonceLen overrides within RFC

package/lib/sec-cyber.js CHANGED Viewed

@@ -91,13 +91,13 @@ function _addBusinessDays(startMs, days) {
 function eightKArtifact(opts) {
   if (!opts || typeof opts !== "object") {
-    throw SecCyberError.factory("BAD_OPTS",
+    throw SecCyberError.factory("sec-cyber/bad-opts",
       "secCyber.eightKArtifact: opts required");
   }
   validateOpts.requireNonEmptyString(opts.incidentId,
     "secCyber.eightKArtifact: incidentId", SecCyberError, "BAD_INCIDENT_ID");
   if (!opts.registrant || typeof opts.registrant !== "object") {
-    throw SecCyberError.factory("BAD_REGISTRANT",
+    throw SecCyberError.factory("sec-cyber/bad-registrant",
       "secCyber.eightKArtifact: registrant object required");
   }
   validateOpts.requireNonEmptyString(opts.registrant.name,
@@ -110,7 +110,7 @@ function eightKArtifact(opts) {
     "secCyber.eightKArtifact: materialityDeterminedAt", SecCyberError, "BAD_MAT_AT");
   if (FINDINGS.indexOf(opts.materialityFinding) === -1) {
-    throw SecCyberError.factory("BAD_FINDING",
+    throw SecCyberError.factory("sec-cyber/bad-finding",
       "secCyber.eightKArtifact: materialityFinding must be one of " + FINDINGS.join(", "));
   }
   validateOpts.requireNonEmptyString(opts.materialityReasoning,

package/lib/sse.js CHANGED Viewed

@@ -89,7 +89,7 @@ function _validateRetry(retry, errorClass) {
   if (retry === undefined || retry === null) return null;
   if (typeof retry !== "number" || !isFinite(retry) || retry < 0 ||
       Math.floor(retry) !== retry) {
-    throw errorClass.factory("BAD_RETRY",
+    throw errorClass.factory("sse/bad-retry",
       "sse.send: retry must be a non-negative finite integer (got " +
       JSON.stringify(retry) + ")");
   }
@@ -98,14 +98,14 @@ function _validateRetry(retry, errorClass) {
 function _refuseInjection(field, value, errorClass) {
   if (typeof value !== "string") {
-    throw errorClass.factory("BAD_FIELD",
+    throw errorClass.factory("sse/bad-field",
       "sse.send: " + field + " must be a string");
   }
   // Length-bound BEFORE the regex test — _capField applies a tighter
   // cap further along, but the regex itself runs against the full
   // value so we bound here too.
   if (value.length > MAX_DATA_BYTES) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.send: " + field + " too large for injection scan");
   }
   if (INJECTION_RE.test(value)) {                                                          // allow:regex-no-length-cap — value length capped above
@@ -114,7 +114,7 @@ function _refuseInjection(field, value, errorClass) {
       outcome:  "denied",
       metadata: { field: field, length: value.length },
     });
-    throw errorClass.factory("INJECTION",
+    throw errorClass.factory("sse/injection",
       "sse.send: " + field + " contains LF/CR/NUL — refused " +
       "(CVE-2026-33128 / 29085 / 44217 class)");
   }
@@ -130,7 +130,7 @@ var MAX_DATA_BYTES  = C.BYTES.mib(1);
 function _capField(field, value, capBytes, errorClass) {
   var len = Buffer.byteLength(value, "utf8");
   if (len > capBytes) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.send: " + field + " exceeds cap (" + len + " > " +
       capBytes + " bytes)");
   }
@@ -139,7 +139,7 @@ function _capField(field, value, capBytes, errorClass) {
 function serializeEvent(opts, errorClass) {
   errorClass = errorClass || SseError;
   if (!opts || typeof opts !== "object") {
-    throw errorClass.factory("BAD_OPTS", "sse.serializeEvent: opts required");
+    throw errorClass.factory("sse/bad-opts", "sse.serializeEvent: opts required");
   }
   var out = "";
   // Field order: id, event, retry, data — matches the framework's
@@ -162,7 +162,7 @@ function serializeEvent(opts, errorClass) {
   }
   if (opts.data !== undefined && opts.data !== null) {
     if (typeof opts.data !== "string") {
-      throw errorClass.factory("BAD_FIELD",
+      throw errorClass.factory("sse/bad-field",
         "sse.send: data must be a string");
     }
     _capField("data", opts.data, MAX_DATA_BYTES, errorClass);
@@ -174,7 +174,7 @@ function serializeEvent(opts, errorClass) {
         outcome:  "denied",
         metadata: { field: "data", length: opts.data.length, char: "cr-or-nul" },
       });
-      throw errorClass.factory("INJECTION",
+      throw errorClass.factory("sse/injection",
         "sse.send: data contains CR or NUL — refused");
     }
     var lines = opts.data.split("\n");
@@ -189,11 +189,11 @@ function serializeEvent(opts, errorClass) {
 function _validateComment(text, errorClass) {
   if (typeof text !== "string") {
-    throw errorClass.factory("BAD_FIELD",
+    throw errorClass.factory("sse/bad-field",
       "sse.comment: text must be a string");
   }
   if (text.length > MAX_DATA_BYTES) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.comment: text too large for injection scan");
   }
   if (INJECTION_RE.test(text)) {                                                            // allow:regex-no-length-cap — text length capped above
@@ -202,7 +202,7 @@ function _validateComment(text, errorClass) {
       outcome:  "denied",
       metadata: { field: "comment", length: text.length },
     });
-    throw errorClass.factory("INJECTION",
+    throw errorClass.factory("sse/injection",
       "sse.comment: text contains LF/CR/NUL — refused");
   }
 }
@@ -224,14 +224,14 @@ function create(req, res, opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || SseError;
   if (!res || typeof res.write !== "function" || typeof res.end !== "function") {
-    throw errorClass.factory("BAD_RES",
+    throw errorClass.factory("sse/bad-res",
       "sse.create: res must be a writable response stream");
   }
   var heartbeatMs = opts.heartbeatMs;
   if (heartbeatMs === undefined) heartbeatMs = C.TIME.seconds(15);
   if (typeof heartbeatMs !== "number" || !isFinite(heartbeatMs) ||
       heartbeatMs < 0 || Math.floor(heartbeatMs) !== heartbeatMs) {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("sse/bad-opts",
       "sse.create: heartbeatMs must be a non-negative integer ms (got " +
       JSON.stringify(heartbeatMs) + ")");
   }
@@ -264,7 +264,7 @@ function create(req, res, opts) {
   function _writeRaw(s) {
     if (closed) {
-      throw errorClass.factory("CLOSED",
+      throw errorClass.factory("sse/closed",
         "sse.send: channel closed");
     }
     res.write(s);

package/lib/tcpa-10dlc.js CHANGED Viewed

@@ -72,11 +72,11 @@ var records = new Map();   // phoneE164 → record
 function recordConsent(opts) {
   if (!opts || typeof opts !== "object") {
-    throw Tcpa10dlcError.factory("BAD_OPTS",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-opts",
       "tcpa10dlc.recordConsent: opts required");
   }
   if (typeof opts.phoneE164 !== "string" || !E164_RE.test(opts.phoneE164)) {
-    throw Tcpa10dlcError.factory("BAD_PHONE",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
       "tcpa10dlc.recordConsent: phoneE164 must match " + E164_RE);
   }
   validateOpts.requireNonEmptyString(opts.brand,
@@ -86,7 +86,7 @@ function recordConsent(opts) {
   validateOpts.requireNonEmptyString(opts.formUrl,
     "tcpa10dlc.recordConsent: formUrl", Tcpa10dlcError, "BAD_FORM_URL");
   if (DISCLOSURE_PARTIES.indexOf(opts.disclosurePartyKind) === -1) {
-    throw Tcpa10dlcError.factory("BAD_DISCLOSURE_PARTY",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-disclosure-party",
       "tcpa10dlc.recordConsent: disclosurePartyKind must be one of " +
       DISCLOSURE_PARTIES.join(", "));
   }
@@ -133,12 +133,12 @@ function lookup(phoneE164) {
 function revoke(phoneE164, reason) {
   if (typeof phoneE164 !== "string" || !E164_RE.test(phoneE164)) {
-    throw Tcpa10dlcError.factory("BAD_PHONE",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
       "tcpa10dlc.revoke: phoneE164 must match " + E164_RE);
   }
   var existing = records.get(phoneE164);
   if (!existing) {
-    throw Tcpa10dlcError.factory("NO_RECORD",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/no-record",
       "tcpa10dlc.revoke: no consent record for " + phoneE164);
   }
   if (existing.revoked) {

package/lib/tenant-quota.js CHANGED Viewed

@@ -113,23 +113,23 @@ function create(opts) {
   if (!opts.db || typeof opts.db.from !== "function" ||
       typeof opts.db.getTableMetadata !== "function") {
-    throw new TenantQuotaError("tenantQuota/bad-db",
+    throw new TenantQuotaError("tenant-quota/bad-db",
       "tenantQuota.create: opts.db must be the framework's b.db namespace");
   }
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.create: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.create: tenantField", TenantQuotaError, "tenant-quota/bad-field");
   var defaultBytesCap = (opts.defaultBytesCap == null)
     ? DEFAULT_BYTES_CAP
     : opts.defaultBytesCap;
   if (typeof defaultBytesCap !== "number" || !isFinite(defaultBytesCap) || defaultBytesCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-cap",
+    throw new TenantQuotaError("tenant-quota/bad-cap",
       "tenantQuota.create: defaultBytesCap must be a positive finite number");
   }
   var perTenantBytesCap = opts.perTenantBytesCap || {};
   if (typeof perTenantBytesCap !== "object" || Array.isArray(perTenantBytesCap)) {
-    throw new TenantQuotaError("tenantQuota/bad-per-tenant",
+    throw new TenantQuotaError("tenant-quota/bad-per-tenant",
       "tenantQuota.create: perTenantBytesCap must be a plain object {tenantId: bytes}");
   }
   // Validate every per-tenant override at config time so a typo
@@ -138,7 +138,7 @@ function create(opts) {
   for (var pi = 0; pi < ptKeys.length; pi++) {
     var v = perTenantBytesCap[ptKeys[pi]];
     if (typeof v !== "number" || !isFinite(v) || v <= 0) {
-      throw new TenantQuotaError("tenantQuota/bad-per-tenant",
+      throw new TenantQuotaError("tenant-quota/bad-per-tenant",
         "tenantQuota.create: perTenantBytesCap['" + ptKeys[pi] +
         "'] must be a positive finite number");
     }
@@ -147,7 +147,7 @@ function create(opts) {
   var auditOn = opts.audit !== false;
   var cacheTtlMs = (opts.cacheTtlMs == null) ? DEFAULT_CACHE_TTL_MS : opts.cacheTtlMs;
   if (typeof cacheTtlMs !== "number" || !isFinite(cacheTtlMs) || cacheTtlMs < 0) {
-    throw new TenantQuotaError("tenantQuota/bad-ttl",
+    throw new TenantQuotaError("tenant-quota/bad-ttl",
       "tenantQuota.create: cacheTtlMs must be a non-negative finite number");
   }
@@ -230,7 +230,7 @@ function create(opts) {
   async function snapshot(tenantId) {
     validateOpts.requireNonEmptyString(tenantId,
-      "tenantQuota.snapshot: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+      "tenantQuota.snapshot: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
     var now = Date.now();
     var cached = cache.get(tenantId);
     var bytesUsed;
@@ -258,7 +258,7 @@ function create(opts) {
         bytesCap:  snap.bytesCap,
       });
       _emitMetric("tenant.quota.exceeded", 1);
-      throw new TenantQuotaError("tenantQuota/exceeded",
+      throw new TenantQuotaError("tenant-quota/exceeded",
         "tenantQuota.assert: tenant '" + tenantId + "' is at " +
         snap.bytesUsed + " of " + snap.bytesCap + " bytes; insert refused");
     }
@@ -344,21 +344,21 @@ function budget(opts) {
   ], "tenantQuota.budget");
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.budget: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.budget: tenantField", TenantQuotaError, "tenant-quota/bad-field");
   var qpsCap = (opts.perTenantQpsCap == null) ? DEFAULT_QPS_CAP : opts.perTenantQpsCap;
   if (typeof qpsCap !== "number" || !isFinite(qpsCap) || qpsCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-qps",
+    throw new TenantQuotaError("tenant-quota/bad-qps",
       "tenantQuota.budget: perTenantQpsCap must be a positive finite number");
   }
   var rowsCap = (opts.perTenantTotalRowsRead == null) ? DEFAULT_ROWS_READ : opts.perTenantTotalRowsRead;
   if (typeof rowsCap !== "number" || !isFinite(rowsCap) || rowsCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-rows",
+    throw new TenantQuotaError("tenant-quota/bad-rows",
       "tenantQuota.budget: perTenantTotalRowsRead must be a positive finite number");
   }
   var windowMs = (opts.window == null) ? DEFAULT_WINDOW_MS : opts.window;
   if (typeof windowMs !== "number" || !isFinite(windowMs) || windowMs <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-window",
+    throw new TenantQuotaError("tenant-quota/bad-window",
       "tenantQuota.budget: window must be a positive finite number");
   }
   var auditOn = opts.audit !== false;
@@ -393,7 +393,7 @@ function budget(opts) {
   function observe(tenantId, info) {
     validateOpts.requireNonEmptyString(tenantId,
-      "tenantQuota.budget.observe: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+      "tenantQuota.budget.observe: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
     info = info || {};
     var rowsRead = (typeof info.rowsRead === "number" && info.rowsRead >= 0) ? info.rowsRead : 0;
     var now = Date.now();
@@ -411,7 +411,7 @@ function budget(opts) {
         windowMs: windowMs,
       });
       _emitMetric("tenant.budget.exceeded", 1);
-      throw new TenantQuotaError("tenantQuota/budget-exceeded",
+      throw new TenantQuotaError("tenant-quota/budget-exceeded",
         "tenantQuota.budget: tenant '" + tenantId + "' exceeded budget " +
         "(calls=" + c.calls + "/" + maxCalls + ", rowsRead=" + c.rowsRead +
         "/" + rowsCap + ", windowMs=" + windowMs + ")");
@@ -486,7 +486,7 @@ function budget(opts) {
  */
 function instrumentQuery(opts) {
   if (!opts || typeof opts !== "object") {
-    throw new TenantQuotaError("tenantQuota/bad-instr",
+    throw new TenantQuotaError("tenant-quota/bad-instr",
       "tenantQuota.instrumentQuery: opts object is required");
   }
   validateOpts(opts, [
@@ -494,13 +494,13 @@ function instrumentQuery(opts) {
   ], "tenantQuota.instrumentQuery");
   if (!Array.isArray(opts.rows)) {
-    throw new TenantQuotaError("tenantQuota/bad-rows",
+    throw new TenantQuotaError("tenant-quota/bad-rows",
       "tenantQuota.instrumentQuery: rows must be an array");
   }
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.instrumentQuery: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.instrumentQuery: tenantField", TenantQuotaError, "tenant-quota/bad-field");
   validateOpts.requireNonEmptyString(opts.tenantId,
-    "tenantQuota.instrumentQuery: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+    "tenantQuota.instrumentQuery: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
   var auditOn = opts.audit !== false;
   var crossover = [];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.43",
+  "version": "0.13.45",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json CHANGED Viewed

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:d368c000-a7b7-493e-bb55-a28c08371f7e",
+  "serialNumber": "urn:uuid:4f2a624b-9183-4e8a-8807-eb827d32fb2b",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-30T00:14:53.721Z",
+    "timestamp": "2026-05-30T01:55:57.060Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.43",
+      "bom-ref": "@blamejs/core@0.13.45",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.43",
+      "version": "0.13.45",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.43",
+      "purl": "pkg:npm/%40blamejs/core@0.13.45",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.43",
+      "ref": "@blamejs/core@0.13.45",
       "dependsOn": []
     }
   ]