@blamejs/core 0.14.17 → 0.14.18

package/lib/static.js

@@ -6,7 +6,8 @@
  * quotas (cluster-shared via b.cache), Range support (RFC 7233 single-range),
  * the full conditional-request set (If-None-Match / If-Match /
  * If-Modified-Since / If-Unmodified-Since), MIME allowlist with magic-byte
- * verification (composes b.fileType), per-request operator hook, idle-stream
+ * verification (composes b.fileType), per-request operator hooks (onServe
+ * on the success path, onError on every refusal path), idle-stream
  * timeout, cancellation propagation, force-revoke, and compliance-retention
  * gating.
  *
@@ -16,6 +17,12 @@
  *   var mw = serve.middleware;                       // (req, res, next)
  *   await b.staticServe.integrity(absFilePath);      // SRI helper (SHA-384)
  *
+ *   // onError mirrors onServe for the refusal paths (403 / 404 / 415 /
+ *   // 412 / 416 / 429 / 451 / 500): it receives
+ *   // { req, res, urlPath, absPath, status, code, actor } AFTER the
+ *   // refusal response is written. Observability-only — a throw is
+ *   // swallowed so a broken hook can't tear down the socket.
+ *
  * Backwards compatible: every existing opt (root, mountPath,
  * hashedPathPattern, indexFile, defaultMaxAge, contentTypes) keeps its
  * original meaning. New opts (permissions, cache, audit, observability,
@@ -450,6 +457,7 @@ function _validateCreateOpts(opts) {
   validateOpts.auditShape(opts.audit, "staticServe.create", StaticServeError);
   validateOpts.observabilityShape(opts.observability, "staticServe.create", StaticServeError);
   validateOpts.optionalFunction(opts.onServe, "staticServe.create: onServe", StaticServeError);
+  validateOpts.optionalFunction(opts.onError, "staticServe.create: onError", StaticServeError);
   // contentSafety — extension-keyed gate map. Default behaviour: when
   // undefined, the framework wires b.guardAll.byExtension({ profile:
   // "strict" }) automatically so every shipped guard is ON by default.
@@ -604,7 +612,7 @@ function create(opts) {
     "root", "mountPath", "hashedPathPattern",
     "indexFile", "defaultMaxAge", "contentTypes",
     "permissions", "cache", "fileType", "retention", "revokeStore",
-    "allowedFileTypes", "audit", "observability", "onServe",
+    "allowedFileTypes", "audit", "observability", "onServe", "onError",
     "acceptRanges", "auditSuccess", "auditFailures",
     "maxBytesPerActorPerWindowMs", "maxBytesAllActorsPerWindowMs",
     "bandwidthWindowMs", "maxConcurrentDownloadsPerActor", "maxIdleMs",
@@ -657,6 +665,7 @@ function create(opts) {
     contentSafety = opts.contentSafety;
   }
   var onServe         = opts.onServe || null;
+  var onError         = opts.onError || null;
   var audit           = opts.audit || null;
   var auditSuccess    = cfg.auditSuccess;
   var auditFailures   = cfg.auditFailures;
@@ -756,6 +765,26 @@ function create(opts) {
     var actorCtx = requestHelpers.extractActorContext(req);
     var actorKey = _actorKeyFromContext(actorCtx);
 
+    // Request-scoped error writer. Wraps the module-level _writeError so
+    // every refusal path (403 / 404 / 415 / 412 / 416 / 429 / 451 / 500)
+    // also invokes the operator's onError hook — the success-path mirror
+    // of onServe. The signature matches _writeError exactly; the `code`
+    // argument routes through to the hook so operators can branch on the
+    // refusal reason. The hook is observability-only: it runs AFTER the
+    // response is written and a throw is swallowed so a broken sink can't
+    // turn a 4xx into a torn-down socket.
+    function writeErr(r, status, code, message, headers) {
+      _writeError(r, status, code, message, headers);
+      if (onError) {
+        try {
+          onError({
+            req: req, res: r, urlPath: urlPath, absPath: absPath,
+            status: status, code: code, actor: actorCtx,
+          });
+        } catch (_he) { /* hook best-effort */ }
+      }
+    }
+
     // Permission gate (403)
     var perm = await _checkPermission(req);
     if (!perm.ok) {
@@ -766,7 +795,7 @@ function create(opts) {
           outcome: "failure", reason: "permission_denied", resource: urlPath,
         }, actorCtx));
       }
-      return _writeError(res, HTTP.FORBIDDEN, "permission_denied",
+      return writeErr(res, HTTP.FORBIDDEN, "permission_denied",
         "Forbidden");
     }
 
@@ -788,7 +817,7 @@ function create(opts) {
           outcome: "failure", reason: "revoked", resource: urlPath,
         }, actorCtx));
       }
-      return _writeError(res, HTTP.NOT_FOUND, "not_found", "Not Found");
+      return writeErr(res, HTTP.NOT_FOUND, "not_found", "Not Found");
     }
 
     // Compliance retention (451)
@@ -800,7 +829,7 @@ function create(opts) {
           outcome: "failure", reason: "retention_blocked", resource: urlPath,
         }, actorCtx));
       }
-      return _writeError(res, HTTP.UNAVAILABLE_FOR_LEGAL_REASONS,
+      return writeErr(res, HTTP.UNAVAILABLE_FOR_LEGAL_REASONS,
         "retention_blocked", "Unavailable For Legal Reasons");
     }
 
@@ -820,7 +849,7 @@ function create(opts) {
             detectedMime: mimeCheck.detected || null,
           }, actorCtx));
         }
-        return _writeError(res, HTTP.UNSUPPORTED_MEDIA_TYPE,
+        return writeErr(res, HTTP.UNSUPPORTED_MEDIA_TYPE,
           "mime_rejected", "Unsupported Media Type");
       }
     }
@@ -861,7 +890,7 @@ function create(opts) {
         catch (_e) {
           stats.failures += 1;
           if (gateHandle) { try { await gateHandle.close(); } catch (_ce) { /* close best-effort */ } }
-          return _writeError(res, HTTP.INTERNAL_SERVER_ERROR,
+          return writeErr(res, HTTP.INTERNAL_SERVER_ERROR,
             "read_failed", "Internal Server Error");
         }
         try { await gateHandle.close(); } catch (_ce) { /* close best-effort */ }
@@ -885,7 +914,7 @@ function create(opts) {
               error: gateErr && gateErr.message,
             }, actorCtx));
           }
-          return _writeError(res, HTTP.INTERNAL_SERVER_ERROR,
+          return writeErr(res, HTTP.INTERNAL_SERVER_ERROR,
             "content_safety_threw", "Internal Server Error");
         }
         if (!gateDecision.ok || gateDecision.action === "refuse") {
@@ -898,7 +927,7 @@ function create(opts) {
               issues: gateContract.summarizeIssues(gateDecision.issues),
             }, actorCtx));
           }
-          return _writeError(res, HTTP.UNSUPPORTED_MEDIA_TYPE,
+          return writeErr(res, HTTP.UNSUPPORTED_MEDIA_TYPE,
             "content_safety_refused", "Unsupported Media Type");
         }
         if (gateDecision.action === "sanitize" && gateDecision.sanitized) {
@@ -929,7 +958,7 @@ function create(opts) {
     if (ifMatch && ifMatch !== "*" && ifMatch !== meta.etag) {
       stats.failures += 1;
       _emitObs("staticServe.precondition_failed", 1, { route: urlPath, header: "if-match" });
-      return _writeError(res, HTTP.PRECONDITION_FAILED || 412,
+      return writeErr(res, HTTP.PRECONDITION_FAILED || 412,
         "precondition_failed", "Precondition Failed");
     }
 
@@ -956,7 +985,7 @@ function create(opts) {
       if (isFinite(ius) && Math.floor(meta.mtimeMs / C.TIME.seconds(1)) > Math.floor(ius / C.TIME.seconds(1))) {
         stats.failures += 1;
         _emitObs("staticServe.precondition_failed", 1, { route: urlPath, header: "if-unmodified-since" });
-        return _writeError(res, HTTP.PRECONDITION_FAILED,
+        return writeErr(res, HTTP.PRECONDITION_FAILED,
           "precondition_failed", "Precondition Failed");
       }
     }
@@ -970,19 +999,19 @@ function create(opts) {
         if (range && (range.malformed || range.multi)) {
           stats.failures += 1;
           _emitObs("staticServe.range_invalid", 1, { route: urlPath });
-          return _writeError(res, HTTP.RANGE_NOT_SATISFIABLE, "range_not_satisfiable",
+          return writeErr(res, HTTP.RANGE_NOT_SATISFIABLE, "range_not_satisfiable",
             "Range Not Satisfiable", { "Content-Range": "bytes */" + meta.size });
         }
         if (range && range.unsatisfiable) {
           stats.failures += 1;
           _emitObs("staticServe.range_invalid", 1, { route: urlPath });
-          return _writeError(res, HTTP.RANGE_NOT_SATISFIABLE, "range_not_satisfiable",
+          return writeErr(res, HTTP.RANGE_NOT_SATISFIABLE, "range_not_satisfiable",
             "Range Not Satisfiable", { "Content-Range": "bytes */" + meta.size });
         }
         if (range && cfg.maxRangeBytes !== Infinity && range.length > cfg.maxRangeBytes) {
           stats.failures += 1;
           _emitObs("staticServe.range_too_large", 1, { route: urlPath });
-          return _writeError(res, HTTP.RANGE_NOT_SATISFIABLE, "range_too_large",
+          return writeErr(res, HTTP.RANGE_NOT_SATISFIABLE, "range_too_large",
             "Range Not Satisfiable", { "Content-Range": "bytes */" + meta.size });
         }
         if (range) {
@@ -1005,7 +1034,7 @@ function create(opts) {
           current: concCheck.current, cap: concCheck.cap,
         }, actorCtx));
       }
-      return _writeError(res, HTTP.TOO_MANY_REQUESTS,
+      return writeErr(res, HTTP.TOO_MANY_REQUESTS,
         "concurrency_cap", "Too Many Requests",
         { "Retry-After": "5" });
     }
@@ -1021,7 +1050,7 @@ function create(opts) {
           scope: bwCheck.scope, used: bwCheck.used, cap: bwCheck.cap,
         }, actorCtx));
       }
-      return _writeError(res, HTTP.TOO_MANY_REQUESTS,
+      return writeErr(res, HTTP.TOO_MANY_REQUESTS,
         "bandwidth_quota", "Too Many Requests",
         { "Retry-After": String(bwCheck.retryAfter) });
     }
@@ -1077,7 +1106,7 @@ function create(opts) {
             error: e && e.message,
           }, actorCtx));
         }
-        return _writeError(res, HTTP.INTERNAL_SERVER_ERROR, "onServe_threw",
+        return writeErr(res, HTTP.INTERNAL_SERVER_ERROR, "onServe_threw",
           "Internal Server Error");
       }
     }

package/lib/uri-template.js

@@ -29,6 +29,7 @@
  */
 
 var { defineClass } = require("./framework-error");
+var codepointClass = require("./codepoint-class");
 
 var UriTemplateError = defineClass("UriTemplateError", { alwaysPermanent: true });
 
@@ -59,7 +60,8 @@ function _pctEncode(str, allowReserved) {
     var ch = str.charAt(i);
     // Preserve existing percent-encoded triplets when the reserved set is
     // allowed (operators "+" and "#").
-    if (allowReserved && ch === "%" && /^[0-9A-Fa-f]{2}$/.test(str.substr(i + 1, 2))) {
+    // allow:regex-no-length-cap — the substr is a fixed 2-char window
+    if (allowReserved && ch === "%" && codepointClass.HEX_PAIR_RE.test(str.substr(i + 1, 2))) {
       out += str.substr(i, 3); i += 2; continue;
     }
     if (UNRESERVED.test(ch) || (allowReserved && RESERVED.test(ch))) { out += ch; continue; }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.14.17",
+  "version": "0.14.18",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:e5d17e91-0802-4373-b6b4-f26370a14472",
+  "serialNumber": "urn:uuid:b96f0679-8967-43f9-b412-aa598ea52508",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-06-01T03:23:48.524Z",
+    "timestamp": "2026-06-02T15:25:35.604Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.14.17",
+      "bom-ref": "@blamejs/core@0.14.18",
       "type": "application",
       "name": "blamejs",
-      "version": "0.14.17",
+      "version": "0.14.18",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.14.17",
+      "purl": "pkg:npm/%40blamejs/core@0.14.18",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.14.17",
+      "ref": "@blamejs/core@0.14.18",
       "dependsOn": []
     }
   ]