@blamejs/core 0.14.26 → 0.15.0

package/lib/guard-event-bus-topic.js

@@ -25,6 +25,7 @@
  */
 
 var { defineClass } = require("./framework-error");
+var gateContract = require("./gate-contract");
 
 var GuardEventBusTopicError = defineClass("GuardEventBusTopicError", { alwaysPermanent: true });
 
@@ -36,12 +37,7 @@ var PROFILES = Object.freeze({
   permissive: { maxBytes: 512, minDots: 1 },
 });
 
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 
 var RESERVED_PREFIXES = Object.freeze(["framework.", "FRAMEWORK."]);
 
@@ -109,42 +105,28 @@ function validate(name, opts) {
   return name;
 }
 
-/**
- * @primitive b.guardEventBusTopic.compliancePosture
- * @signature b.guardEventBusTopic.compliancePosture(posture)
- * @since     0.9.25
- * @status    stable
- *
- * Return the effective profile for a given compliance posture name.
- * Returns `null` for unknown posture names so operator typos surface
- * here instead of silently falling through to the default profile.
- *
- * @example
- *   b.guardEventBusTopic.compliancePosture("hipaa");   // → "strict"
- */
-function compliancePosture(posture) {
-  return COMPLIANCE_POSTURES[posture] || null;
-}
+// compliancePosture is assembled by gateContract.defineParser below; its
+// wiki section renders from the single-sourced @abiTemplate (defineParser)
+// block in gate-contract.js, instantiated for this guard by the page
+// generator.
 
-function _resolveProfile(opts) {
-  if (opts.posture && COMPLIANCE_POSTURES[opts.posture]) {
-    return COMPLIANCE_POSTURES[opts.posture];
-  }
-  var p = opts.profile || DEFAULT_PROFILE;
-  if (!PROFILES[p]) {
-    throw new GuardEventBusTopicError("event-bus-topic/bad-profile",
-      "guardEventBusTopic: unknown profile '" + p + "'");
-  }
-  return p;
-}
+var _resolveProfile = gateContract.makeProfileResolver({
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  defaults:   DEFAULT_PROFILE,
+  errorClass: GuardEventBusTopicError,
+  codePrefix: "event-bus-topic",
+});
 
-module.exports = {
-  validate:                  validate,
-  compliancePosture:         compliancePosture,
-  PROFILES:                  PROFILES,
-  COMPLIANCE_POSTURES:       COMPLIANCE_POSTURES,
-  RESERVED_PREFIXES:         RESERVED_PREFIXES,
-  GuardEventBusTopicError:   GuardEventBusTopicError,
-  NAME:                      "eventBusTopic",
-  KIND:                      "event-bus-topic",
-};
+module.exports = gateContract.defineParser({
+  name:       "event-bus-topic",
+  entry:      validate,
+  errorClass: GuardEventBusTopicError,
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  extra: {
+    RESERVED_PREFIXES: RESERVED_PREFIXES,
+    NAME:              "eventBusTopic",
+    KIND:              "event-bus-topic",
+  },
+});

package/lib/guard-filename.js

@@ -871,80 +871,10 @@ function gate(opts) {
     });
 }
 
-/**
- * @primitive  b.guardFilename.buildProfile
- * @signature  b.guardFilename.buildProfile(opts)
- * @since      0.7.5
- * @status     stable
- * @related    b.guardFilename.gate, b.guardFilename.compliancePosture
- *
- * Compose a derived profile from one or more named bases plus inline
- * overrides. `opts.extends` is a profile name (`"strict"` /
- * `"balanced"` / `"permissive"`) or an array of names; later entries
- * shadow earlier ones. Inline `opts` keys win last.
- *
- * @opts
- *   extends: string|string[],   // base profile name(s) to compose
- *
- * @example
- *   var custom = b.guardFilename.buildProfile({
- *     extends: "balanced",
- *     extensionAllowlist: [".pdf", ".png", ".jpg"],
- *   });
- *   custom.extensionAllowlist.length;                  // → 3
- *   custom.traversalPolicy;                            // → "reject"
- */
-var buildProfile = gateContract.makeProfileBuilder(PROFILES);
-
-/**
- * @primitive  b.guardFilename.compliancePosture
- * @signature  b.guardFilename.compliancePosture(name)
- * @since      0.7.5
- * @status     stable
- * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardFilename.gate, b.guardFilename.buildProfile
- *
- * Look up a compliance-posture overlay by name (`"hipaa"` /
- * `"pci-dss"` / `"gdpr"` / `"soc2"`). Returns the posture object —
- * the caller may mutate freely. Throws
- * `GuardFilenameError("filename.bad-posture")` on unknown name.
- *
- * @example
- *   var posture = b.guardFilename.compliancePosture("hipaa");
- *   posture.requireAscii;                              // → true
- *   posture.shellExecExtPolicy;                        // → "reject"
- */
-function compliancePosture(name) {
-  return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES, _err, "filename");
-}
-
-var _filenameRulePacks = gateContract.makeRulePackLoader(GuardFilenameError, "filename");
-/**
- * @primitive  b.guardFilename.loadRulePack
- * @signature  b.guardFilename.loadRulePack(pack)
- * @since      0.7.5
- * @status     stable
- * @related    b.guardFilename.gate
- *
- * Register an operator-supplied rule pack with the guard-filename
- * registry. The pack is identified by `pack.id` (non-empty string)
- * and stored for later inspection / dispatch by gates that opt in
- * via `opts.rulePackId`. Returns the pack object unchanged on
- * success; throws `GuardFilenameError("filename.bad-opt")` when
- * `pack` is missing or `pack.id` is not a non-empty string.
- *
- * @example
- *   var pack = b.guardFilename.loadRulePack({
- *     id: "tenant-uploads-policy",
- *     rules: [
- *       { id: "tenant-prefix", severity: "high",
- *         detect: function (n) { return n.indexOf("tenant_") !== 0; },
- *         reason: "tenant policy: filenames must be tenant_-prefixed" },
- *     ],
- *   });
- *   pack.id;                                           // → "tenant-uploads-policy"
- */
-var loadRulePack = _filenameRulePacks.load;
+// buildProfile / compliancePosture / loadRulePack are assembled by
+// gateContract.defineGuard below; their wiki sections render from the
+// single-sourced @abiTemplate blocks in gate-contract.js, instantiated
+// per guard by the page generator.
 
 // ---- verifyExtractionPath -------------------------------------------------
 
@@ -1212,35 +1142,41 @@ function verifyExtractionPath(entryName, extractionRoot, opts) {
   return stringResolved;
 }
 
-module.exports = {
-  // ---- guard-* family identity ----
-  // Filename is a different axis from content-bytes (operators
-  // typically apply both: guardFilename on the upload's name, plus
-  // guardCsv / guardHtml / guardSvg / etc. on the body). guard-filename
-  // is therefore a STANDALONE primitive — it does NOT register into
-  // b.guardAll's content-type-routed dispatch (no canonical mime / ext
-  // per the registry contract). Operators wire it directly via
-  // b.fileUpload({ filenameSafety: gate }) and similar host opts.
-  NAME:                "filename",
-  KIND:                "filename",                                                // filename-string guard (consumes ctx.filename)
-  INTEGRATION_FIXTURES: Object.freeze({
-    kind:            "filename",
-    benignFilename:  "report-2026-Q1.txt",
-    // Hostile: path-traversal in filename (CWE-22 class).
-    hostileFilename: "../etc/passwd",
-  }),
-  // ---- primitive surface ----
-  validate:            validate,
-  sanitize:            sanitize,
-  gate:                gate,
-  buildProfile:        buildProfile,
-  compliancePosture:   compliancePosture,
-  loadRulePack:        loadRulePack,
-  PROFILES:            PROFILES,
-  DEFAULTS:            DEFAULTS,
-  COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
-  WIN_RESERVED_NAMES:  WIN_RESERVED_NAMES,
-  SHELL_EXEC_EXTS:     SHELL_EXEC_EXTS,
-  GuardFilenameError:  GuardFilenameError,
-  verifyExtractionPath: verifyExtractionPath,
-};
+// ---- guard-* family identity ----
+// Filename is a different axis from content-bytes (operators typically
+// apply both: guardFilename on the upload's name, plus guardCsv /
+// guardHtml / guardSvg / etc. on the body). guard-filename is therefore
+// a STANDALONE primitive — it does NOT register into b.guardAll's
+// content-type-routed dispatch (no canonical mime / ext per the registry
+// contract). Operators wire it directly via b.fileUpload({ filenameSafety:
+// gate }) and similar host opts.
+var INTEGRATION_FIXTURES = Object.freeze({
+  kind:            "filename",
+  benignFilename:  "report-2026-Q1.txt",
+  // Hostile: path-traversal in filename (CWE-22 class).
+  hostileFilename: "../etc/passwd",
+});
+
+// Assembled from the gate-contract guard factory. KIND "filename" makes
+// the default gate read ctx.filename || ctx.name, but this guard passes
+// its own bespoke `gate` (the per-policy canSanitize matrix), so the
+// factory only supplies the error class, registry exports, buildProfile /
+// compliancePosture / loadRulePack wiring, and the verifyExtractionPath /
+// WIN_RESERVED_NAMES / SHELL_EXEC_EXTS extras.
+module.exports = gateContract.defineGuard({
+  name:        "filename",
+  kind:        "filename",
+  errorClass:  GuardFilenameError,
+  profiles:    PROFILES,
+  defaults:    DEFAULTS,
+  postures:    COMPLIANCE_POSTURES,
+  integrationFixtures: INTEGRATION_FIXTURES,
+  validate:    validate,
+  sanitize:    sanitize,
+  gate:        gate,
+  extra: {
+    WIN_RESERVED_NAMES:   WIN_RESERVED_NAMES,
+    SHELL_EXEC_EXTS:      SHELL_EXEC_EXTS,
+    verifyExtractionPath: verifyExtractionPath,
+  },
+});

package/lib/guard-graphql.js

@@ -87,8 +87,6 @@ var { GuardGraphqlError } = require("./framework-error");
 var observability = lazyRequire(function () { return require("./observability"); });
 void observability;
 
-var _err = GuardGraphqlError.factory;
-
 // Query-body proto-poison literal (CVE-2026-32621). Matches the bare
 // identifier in field / alias / variable-declaration positions —
 // `$__proto__: String`, `__proto__: realField`, `__proto__ { ... }`,
@@ -544,12 +542,7 @@ function validate(input, opts) {
 function sanitize(input, opts) {
   opts = _resolveOpts(opts);
   var issues = _detectIssues(input, opts);
-  for (var i = 0; i < issues.length; i += 1) {
-    if (issues[i].severity === "critical" || issues[i].severity === "high") {
-      throw _err(issues[i].ruleId || "graphql.refused",
-        "guardGraphql.sanitize: " + issues[i].snippet);
-    }
-  }
+  gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardGraphqlError, codePrefix: "graphql" });
   return input;
 }
 
@@ -612,120 +605,46 @@ function gate(opts) {
     });
 }
 
-/**
- * @primitive  b.guardGraphql.buildProfile
- * @signature  b.guardGraphql.buildProfile(opts)
- * @since      0.7.49
- * @status     stable
- * @related    b.guardGraphql.gate, b.guardGraphql.compliancePosture
- *
- * Compose a derived profile from one or more named bases plus
- * inline overrides. `opts.extends` is a profile name (`"strict"` /
- * `"balanced"` / `"permissive"`) or an array of names; later
- * entries shadow earlier ones, and inline `opts` keys win last.
- * Operators stage profile overlays here so the final shape is
- * traceable to a baseline rather than a hand-typed dictionary.
- *
- * @opts
- *   extends: string|string[],   // base profile name(s) to compose
- *   ...:     any guardGraphql key, // inline override of resolved keys
- *
- * @example
- *   var custom = b.guardGraphql.buildProfile({
- *     extends: "balanced",
- *     introspectionPolicy: "reject",
- *     maxDepth: 6,
- *   });
- *   custom.introspectionPolicy;                         // → "reject"
- *   custom.maxDepth;                                    // → 6
- */
-var buildProfile = gateContract.makeProfileBuilder(PROFILES);
-
-/**
- * @primitive  b.guardGraphql.compliancePosture
- * @signature  b.guardGraphql.compliancePosture(name)
- * @since      0.7.49
- * @status     stable
- * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardGraphql.gate, b.guardGraphql.buildProfile
- *
- * Look up a compliance-posture overlay by name (`"hipaa"` /
- * `"pci-dss"` / `"gdpr"` / `"soc2"`). Returns a shallow clone of
- * the posture object — the caller may mutate freely. Throws
- * `GuardGraphqlError("graphql.bad-posture")` on unknown name.
- * Postures extend the strict profile (or balanced for `gdpr`)
- * with a `forensicSnippetBytes` cap appropriate to the regime.
- *
- * @example
- *   var posture = b.guardGraphql.compliancePosture("soc2");
- *   posture.introspectionPolicy;                        // → "reject"
- *   posture.forensicSnippetBytes;                       // → 1024
- */
-function compliancePosture(name) {
-  return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES,
-    _err, "graphql");
-}
+// buildProfile / compliancePosture / loadRulePack are assembled by
+// gateContract.defineGuard below — their wiki sections render from the
+// single-sourced @abiTemplate blocks in gate-contract.js.
 
-var _gqlRulePacks = gateContract.makeRulePackLoader(GuardGraphqlError, "graphql");
-/**
- * @primitive  b.guardGraphql.loadRulePack
- * @signature  b.guardGraphql.loadRulePack(pack)
- * @since      0.7.49
- * @status     stable
- * @related    b.guardGraphql.gate
- *
- * Register an operator-supplied rule pack with the guard-graphql
- * registry. The pack is identified by `pack.id` (non-empty
- * string) and stored for later inspection / dispatch by gates
- * that opt in via `opts.rulePackId`. Returns the pack object
- * unchanged on success; throws `GuardGraphqlError("graphql.bad-opt")`
- * when `pack` is missing or `pack.id` is not a non-empty string.
- *
- * @example
- *   var pack = b.guardGraphql.loadRulePack({
- *     id: "no-mutation-on-read-replica",
- *     rules: [
- *       { id: "no-mutation", severity: "high",
- *         detect: function (req) { return /^\s*mutation\b/.test(req.query || ""); },
- *         reason: "read-replica refuses mutation operations" },
- *     ],
- *   });
- *   pack.id;                                            // → "no-mutation-on-read-replica"
- */
-var loadRulePack = _gqlRulePacks.load;
+// ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
+var INTEGRATION_FIXTURES = Object.freeze({
+  kind: "graphql-request",
+  benignBytes: Buffer.from(JSON.stringify({
+    query: "query GetMe { me { id name } }",
+    operationName: "GetMe",
+  }), "utf8"),
+  hostileBytes: Buffer.from(JSON.stringify({
+    query: "query Inspect { __schema { types { name } } }",
+    operationName: "Inspect",
+  }), "utf8"),
+  benignGraphqlRequest: {
+    query: "query GetMe { me { id name } }",
+    operationName: "GetMe",
+  },
+  hostileGraphqlRequest: {
+    query: "query Inspect { __schema { types { name } } }",
+    operationName: "Inspect",
+  },
+});
 
-module.exports = {
-  // ---- guard-* family registry exports ----
-  NAME:                "graphql",
-  KIND:                "graphql-request",
-  INTEGRATION_FIXTURES: Object.freeze({
-    kind: "graphql-request",
-    benignBytes: Buffer.from(JSON.stringify({
-      query: "query GetMe { me { id name } }",
-      operationName: "GetMe",
-    }), "utf8"),
-    hostileBytes: Buffer.from(JSON.stringify({
-      query: "query Inspect { __schema { types { name } } }",
-      operationName: "Inspect",
-    }), "utf8"),
-    benignGraphqlRequest: {
-      query: "query GetMe { me { id name } }",
-      operationName: "GetMe",
-    },
-    hostileGraphqlRequest: {
-      query: "query Inspect { __schema { types { name } } }",
-      operationName: "Inspect",
-    },
-  }),
-  // ---- primitive surface ----
-  validate:            validate,
-  sanitize:            sanitize,
-  gate:                gate,
-  buildProfile:        buildProfile,
-  compliancePosture:   compliancePosture,
-  loadRulePack:        loadRulePack,
-  PROFILES:            PROFILES,
-  DEFAULTS:            DEFAULTS,
-  COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
-  GuardGraphqlError:   GuardGraphqlError,
-};
+// Assembled from the gate-contract guard factory: error class, registry
+// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
+// compliancePosture / loadRulePack wiring, plus the per-guard inspection
+// surface (validate / sanitize / bespoke gate) passed through verbatim.
+// The custom KIND ("graphql-request") is accepted because the bespoke
+// gate reads its own ctx fields (ctx.graphqlRequest / ctx.gql).
+module.exports = gateContract.defineGuard({
+  name:        "graphql",
+  kind:        "graphql-request",
+  errorClass:  GuardGraphqlError,
+  profiles:    PROFILES,
+  defaults:    DEFAULTS,
+  postures:    COMPLIANCE_POSTURES,
+  integrationFixtures: INTEGRATION_FIXTURES,
+  validate:    validate,
+  sanitize:    sanitize,
+  gate:        gate,
+});

package/lib/guard-html.js

@@ -1096,114 +1096,59 @@ function gate(opts) {
     });
 }
 
-/**
- * @primitive b.guardHtml.buildProfile
- * @signature b.guardHtml.buildProfile(opts)
- * @since     0.7.6
- * @related   b.guardHtml.compliancePosture, b.guardHtml.gate
- *
- * Resolve a named profile against `PROFILES` and return the merged
- * options bag. Operators introspecting the active limits (without
- * calling `validate` / `sanitize` / `gate`) call this. Throws
- * `GuardHtmlError` with code `html.bad-profile` when the name
- * doesn't appear in the profile catalog.
- *
- * @opts
- *   profile:  string,   // "strict" | "balanced" | "permissive"
- *
- * @example
- *   var resolved = b.guardHtml.buildProfile({ profile: "strict" });
- *   resolved.maxBytes;        // → 2097152  (2 MiB)
- *   resolved.maxAttrValueBytes; // → 8192  (8 KiB)
- */
-var buildProfile = gateContract.makeProfileBuilder(PROFILES);
-
-/**
- * @primitive b.guardHtml.compliancePosture
- * @signature b.guardHtml.compliancePosture(name)
- * @since     0.7.6
- * @related   b.guardHtml.buildProfile, b.guardHtml.gate
- *
- * Return the option overlay for a named compliance posture
- * (`hipaa` / `pci-dss` / `gdpr` / `soc2`). Operators compose this
- * over a base profile to harden the default per regulatory regime.
- * Throws `GuardHtmlError` with code `html.bad-posture` on unknown
- * names.
- *
- * @example
- *   var hipaa = b.guardHtml.compliancePosture("hipaa");
- *   hipaa.bidiPolicy;       // → "reject"
- *   hipaa.cssPolicy;        // → "reject"
- *   hipaa.mxssHintPolicy;   // → "reject"
- */
-function compliancePosture(name) {
-  return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES, _err, "html");
-}
-
-/**
- * @primitive b.guardHtml.loadRulePack
- * @signature b.guardHtml.loadRulePack(pack)
- * @since     0.7.6
- * @related   b.guardHtml.gate, b.guardHtml.buildProfile
- *
- * Register an operator-supplied rule pack (a versioned bundle of
- * extra tag / attribute / scheme overrides) into the guard's
- * private store. Subsequent `gate` calls referencing the pack by
- * its `id` overlay these rules on top of the resolved profile.
- * Validates pack shape and throws `GuardHtmlError` on malformed
- * input.
- *
- * @example
- *   b.guardHtml.loadRulePack({
- *     id:      "kb-2026-html",
- *     version: "1.0.0",
- *     extraDangerousTags: ["custom-element"],
- *   });
- */
-var _htmlRulePacks = gateContract.makeRulePackLoader(GuardHtmlError, "html");
-var loadRulePack = _htmlRulePacks.load;
+// buildProfile / compliancePosture / loadRulePack are assembled by
+// gateContract.defineGuard below (makeProfileBuilder(PROFILES) /
+// lookupCompliancePosture(_, COMPLIANCE_POSTURES) / makeRulePackLoader).
+// Their wiki sections render from the single-sourced @abiTemplate blocks
+// in gate-contract.js, instantiated per guard by the page generator.
 
 void safeUrl;     // reserved for future scheme-allowlist composition
 
-module.exports = {
-  // ---- guard-* family registry exports ----
-  NAME:                "html",
-  KIND:                "content",
-  MIME_TYPES:          Object.freeze(["text/html", "application/xhtml+xml"]),
-  EXTENSIONS:          Object.freeze([".html", ".htm", ".xhtml"]),
-  INTEGRATION_FIXTURES: Object.freeze({
-    kind:         "content",
-    contentType:  "text/html",
-    extension:    ".html",
-    benignBytes:  Buffer.from("<p>hello world</p>", "utf8"),
-    // Hostile: <script> tag is in the dangerous-tag denylist; refused
-    // unconditionally regardless of profile.
-    hostileBytes: Buffer.from('<p>hi</p><script>alert(1)</script>', "utf8"),
-  }),
-  // ---- primitive surface ----
-  validate:            validate,
-  sanitize:            sanitize,
-  escapeText:          escapeText,
-  escapeAttr:          escapeAttr,
-  gate:                gate,
-  buildProfile:        buildProfile,
-  compliancePosture:   compliancePosture,
-  loadRulePack:        loadRulePack,
-  PROFILES:            PROFILES,
-  DEFAULTS:            DEFAULTS,
-  COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
-  DANGEROUS_TAGS:      DANGEROUS_TAGS,
-  STRICT_ALLOWED_TAGS: STRICT_ALLOWED_TAGS,
-  BALANCED_ALLOWED_TAGS: BALANCED_ALLOWED_TAGS,
-  PERMISSIVE_ALLOWED_TAGS: PERMISSIVE_ALLOWED_TAGS,
-  DANGEROUS_ATTRS:     DANGEROUS_ATTRS,
-  URL_ATTRS:           URL_ATTRS,
-  SAFE_SCHEMES:        SAFE_SCHEMES,
-  DANGEROUS_SCHEMES:   DANGEROUS_SCHEMES,
-  CLOBBER_GLOBALS:     CLOBBER_GLOBALS,
-  CLOBBER_PRONE_TAGS:  CLOBBER_PRONE_TAGS,
-  // WCAG 2.2 audit-only mode (b.guardHtml.wcag.audit) — accessibility
-  // scanner that emits violations without modifying HTML.
-  wcag:                guardHtmlWcag,
-  GuardHtmlError:      GuardHtmlError,
-};
+var INTEGRATION_FIXTURES = Object.freeze({
+  kind:         "content",
+  contentType:  "text/html",
+  extension:    ".html",
+  benignBytes:  Buffer.from("<p>hello world</p>", "utf8"),
+  // Hostile: <script> tag is in the dangerous-tag denylist; refused
+  // unconditionally regardless of profile.
+  hostileBytes: Buffer.from('<p>hi</p><script>alert(1)</script>', "utf8"),
+});
+
+// Assembled from the gate-contract guard factory: error class, registry
+// exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
+// buildProfile / compliancePosture / loadRulePack wiring, plus the
+// per-guard inspection surface (validate / sanitize) and HTML extras
+// (escapeText / escapeAttr / wcag + the tag/attr/scheme/clobber tables)
+// passed through verbatim. The bespoke `gate` carries HTML's
+// sanitize-and-reemit chain unchanged.
+module.exports = gateContract.defineGuard({
+  name:        "html",
+  kind:        "content",
+  errorClass:  GuardHtmlError,
+  profiles:    PROFILES,
+  defaults:    DEFAULTS,
+  postures:    COMPLIANCE_POSTURES,
+  mimeTypes:   ["text/html", "application/xhtml+xml"],
+  extensions:  [".html", ".htm", ".xhtml"],
+  integrationFixtures: INTEGRATION_FIXTURES,
+  validate:    validate,
+  sanitize:    sanitize,
+  gate:        gate,
+  extra: {
+    escapeText:              escapeText,
+    escapeAttr:              escapeAttr,
+    DANGEROUS_TAGS:          DANGEROUS_TAGS,
+    STRICT_ALLOWED_TAGS:     STRICT_ALLOWED_TAGS,
+    BALANCED_ALLOWED_TAGS:   BALANCED_ALLOWED_TAGS,
+    PERMISSIVE_ALLOWED_TAGS: PERMISSIVE_ALLOWED_TAGS,
+    DANGEROUS_ATTRS:         DANGEROUS_ATTRS,
+    URL_ATTRS:               URL_ATTRS,
+    SAFE_SCHEMES:            SAFE_SCHEMES,
+    DANGEROUS_SCHEMES:       DANGEROUS_SCHEMES,
+    CLOBBER_GLOBALS:         CLOBBER_GLOBALS,
+    CLOBBER_PRONE_TAGS:      CLOBBER_PRONE_TAGS,
+    // WCAG 2.2 audit-only mode (b.guardHtml.wcag.audit) — accessibility
+    // scanner that emits violations without modifying HTML.
+    wcag:                    guardHtmlWcag,
+  },
+});