@blamejs/core 0.14.10 → 0.14.11

package/lib/framework-error.js

@@ -412,6 +412,20 @@ var McpError              = defineClass("McpError",              { alwaysPermane
 // input shape, classifier-result-shape errors, oversized input bypass.
 // Permanent — caller-shape errors.
 var AiInputError          = defineClass("AiInputError",          { alwaysPermanent: true });
+// AiOutputError covers LLM output-handling violations raised by
+// b.ai.output.sanitize / b.ai.output.redact: malformed input shape
+// (non-string), oversized output bypass (exceeds maxBytes cap), bad
+// maxBytes opt, unknown redaction entity. Permanent — caller-shape
+// errors that retry will not recover. OWASP LLM05:2025 (Improper
+// Output Handling) + LLM02:2025 (Sensitive Information Disclosure).
+var AiOutputError         = defineClass("AiOutputError",         { alwaysPermanent: true });
+// AiPromptError covers LLM prompt-assembly violations raised by
+// b.ai.prompt.template: malformed segment shape (non-string system /
+// context / user), bad maxBytes / nonceBytes opt, oversized assembled
+// prompt. Permanent — caller-shape errors that retry will not recover.
+// OWASP LLM01:2025 (Prompt Injection — indirect / data-plane injection
+// from untrusted context).
+var AiPromptError         = defineClass("AiPromptError",         { alwaysPermanent: true });
 // A2aError covers A2A (Agent-to-Agent) protocol violations: signed-
 // agent-card signature mismatch, expired card, unknown card id,
 // malformed card shape, signature-algorithm allowlist drift.
@@ -691,6 +705,8 @@ module.exports = {
   SseError:               SseError,
   McpError:               McpError,
   AiInputError:           AiInputError,
+  AiOutputError:          AiOutputError,
+  AiPromptError:          AiPromptError,
   A2aError:               A2aError,
   GraphqlFederationError: GraphqlFederationError,
   Fda21Cfr11Error:        Fda21Cfr11Error,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.14.10",
+  "version": "0.14.11",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:a284c3a3-4413-4bda-9a99-ef60b057cc3a",
+  "serialNumber": "urn:uuid:51d93d1b-aac7-4b5a-b94b-b60595c0eba0",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-31T11:30:02.144Z",
+    "timestamp": "2026-05-31T14:46:52.063Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.14.10",
+      "bom-ref": "@blamejs/core@0.14.11",
       "type": "application",
       "name": "blamejs",
-      "version": "0.14.10",
+      "version": "0.14.11",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.14.10",
+      "purl": "pkg:npm/%40blamejs/core@0.14.11",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.14.10",
+      "ref": "@blamejs/core@0.14.11",
       "dependsOn": []
     }
   ]