@blamejs/core 0.14.27 → 0.15.0

package/lib/mail-journal.js

@@ -72,7 +72,7 @@ var C = require("./constants");
 var validateOpts = require("./validate-opts");
 var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
-var safeSql = require("./safe-sql");
+var sql = require("./sql");
 var { defineClass } = require("./framework-error");
 var lazyRequire = require("./lazy-require");
 
@@ -213,33 +213,40 @@ function create(opts) {
   // / `messageId` / `archivedAt` / `sizeBytes` / `regimes` / `legalHold`
   // queryable without unsealing the payload. The payload (headers +
   // body) lives in the WORM bucket sealed via b.cryptoField.sealRow.
-  // Route every identifier through safeSql.quoteIdentifier — the
-  // shared substrate validates the unquoted name AND emits the
-  // dialect-correct quoted form. Index names must be built from the
-  // unquoted base then quoted independently; appending suffixes to
-  // an already-quoted token produces invalid SQL like
-  // `"_mail_journal_x"_archived_at_idx`.
-  var rawTable    = "_mail_journal_" + namespace.replace(/-/g, "_");
-  var qTable      = safeSql.quoteIdentifier(rawTable);
-  var qIdxArchAt  = safeSql.quoteIdentifier(rawTable + "_archived_at_idx");
-  var qIdxMsgId   = safeSql.quoteIdentifier(rawTable + "_message_id_idx");
-  opts.db.runSql(
-    "CREATE TABLE IF NOT EXISTS " + qTable + " (" +
-    "journal_id TEXT PRIMARY KEY, " +
-    "direction TEXT NOT NULL, " +
-    "actor_id TEXT, " +
-    "message_id TEXT, " +
-    "archived_at INTEGER NOT NULL, " +
-    "size_bytes INTEGER NOT NULL, " +
-    "regimes TEXT NOT NULL, " +
-    "floor_until INTEGER NOT NULL, " +
-    "legal_hold INTEGER NOT NULL DEFAULT 0, " +
-    "storage_key TEXT NOT NULL UNIQUE, " +
-    "sealed_payload BLOB NOT NULL" +
-    ");" +
-    "CREATE INDEX IF NOT EXISTS " + qIdxArchAt + " ON " + qTable + " (archived_at);" +
-    "CREATE INDEX IF NOT EXISTS " + qIdxMsgId  + " ON " + qTable + " (message_id);"
-  );
+  //
+  // The journal table is an operator-namespaced local table (NOT a
+  // framework `_blamejs_` table that clusterStorage rewrites), so every
+  // statement composes b.sql with quoteName:true — b.sql validates the
+  // identifier through b.safeSql and emits the dialect-quoted form,
+  // running against opts.db (the local sqlite handle) directly. `_t()`
+  // opens each verb builder pre-bound to this table so the name resolves
+  // in exactly one place.
+  var rawTable = "_mail_journal_" + namespace.replace(/-/g, "_");
+  var TBL_OPTS = { dialect: "sqlite", quoteName: true };
+  function _t(verb) { return sql[verb](rawTable, TBL_OPTS); }
+
+  // Bootstrap DDL — CREATE TABLE + the archived_at / message_id indexes.
+  // runSql is a multi-statement helper, so the three b.sql DDL strings
+  // join with `;` into one call (each b.sql build is a single validated
+  // statement; the join is the multi-statement boundary runSql expects).
+  var ddl = [
+    sql.createTable(rawTable, [
+      { name: "journal_id",     type: "text", primaryKey: true },
+      { name: "direction",      type: "text", notNull: true },
+      { name: "actor_id",       type: "text" },
+      { name: "message_id",     type: "text" },
+      { name: "archived_at",    type: "int",  notNull: true },
+      { name: "size_bytes",     type: "int",  notNull: true },
+      { name: "regimes",        type: "text", notNull: true },
+      { name: "floor_until",    type: "int",  notNull: true },
+      { name: "legal_hold",     type: "int",  notNull: true, default: 0 },
+      { name: "storage_key",    type: "text", notNull: true, unique: true },
+      { name: "sealed_payload", type: "blob", notNull: true },
+    ], TBL_OPTS).sql,
+    sql.createIndex(rawTable + "_archived_at_idx", rawTable, ["archived_at"], TBL_OPTS).sql,
+    sql.createIndex(rawTable + "_message_id_idx",  rawTable, ["message_id"],  TBL_OPTS).sql,
+  ].join(";");
+  opts.db.runSql(ddl);
 
   async function record(req) {
     validateOpts.requireObject(req, "mail.journal.record",
@@ -292,13 +299,24 @@ function create(opts) {
 
     var regimesJson = JSON.stringify(opts.regimes);
     var floorUntil  = archivedAt + floorMs;
-    opts.db.runSql(
-      "INSERT INTO " + qTable + " (journal_id, direction, actor_id, message_id, " +
-      "archived_at, size_bytes, regimes, floor_until, legal_hold, storage_key, sealed_payload) " +
-      "VALUES (?, ?, ?, ?, ?, ?, ?, ?, 0, ?, ?);",
-      [journalId, req.direction, req.actorId, req.messageId,
-       archivedAt, sizeBytes, regimesJson, floorUntil, storageKey, sealedBlob]
-    );
+    // legal_hold is omitted from the INSERT so the column's
+    // `NOT NULL DEFAULT 0` applies (the prior inline `0` SQL literal) — b.sql
+    // binds every value it is given, so leaving the column out keeps the row
+    // unsealed-at-rest default without binding a redundant constant. b.sql
+    // quotes every column + binds every remaining value as a placeholder.
+    var insBuilt = _t("insert").values({
+      journal_id:     journalId,
+      direction:      req.direction,
+      actor_id:       req.actorId,
+      message_id:     req.messageId,
+      archived_at:    archivedAt,
+      size_bytes:     sizeBytes,
+      regimes:        regimesJson,
+      floor_until:    floorUntil,
+      storage_key:    storageKey,
+      sealed_payload: sealedBlob,
+    }).toSql();
+    opts.db.runSql(insBuilt.sql, insBuilt.params);
 
     _emit("mail.journal.record", "success", {
       journalId:  journalId,
@@ -317,11 +335,12 @@ function create(opts) {
       throw new MailJournalError("mail-journal/bad-id",
         "mail.journal.getById: journalId must be a non-empty string");
     }
-    var rows = opts.db.runSql(
-      "SELECT direction, message_id, archived_at, size_bytes, regimes, floor_until, " +
-      "legal_hold, storage_key, sealed_payload FROM " + qTable + " WHERE journal_id = ?;",
-      [journalId]
-    );
+    var gbBuilt = _t("select")
+      .columns(["direction", "message_id", "archived_at", "size_bytes", "regimes",
+                "floor_until", "legal_hold", "storage_key", "sealed_payload"])
+      .where("journal_id", journalId)
+      .toSql();
+    var rows = opts.db.runSql(gbBuilt.sql, gbBuilt.params);
     if (!rows || rows.length === 0) return null;
     var r = rows[0];
     var unsealed = safeJson.parse(opts.vault.unseal(r.sealed_payload));
@@ -344,30 +363,27 @@ function create(opts) {
 
   function list(filter) {
     filter = filter || {};
+    var limit = numericBounds.isPositiveFiniteInt(filter.limit) ? Math.min(filter.limit, 1000) : 100; // list page cap
+    // Each filter term is an optional .where() leaf (AND-composed); b.sql
+    // quotes the columns + binds the values. A diagnostic clause list is
+    // kept for the audit metadata (the prior `filter: clauses` field).
     var clauses = [];
-    var args    = [];
+    var qb = _t("select").columns(["journal_id", "direction", "actor_id", "message_id",
+      "archived_at", "size_bytes", "regimes", "floor_until", "legal_hold", "storage_key"]);
     if (filter.direction && ALLOWED_DIRECTIONS[filter.direction]) {
-      clauses.push("direction = ?");
-      args.push(filter.direction);
+      qb.where("direction", filter.direction); clauses.push("direction = ?");
     }
     if (typeof filter.since === "number" && numericBounds.isPositiveFiniteInt(filter.since)) {
-      clauses.push("archived_at >= ?");
-      args.push(filter.since);
+      qb.whereOp("archived_at", ">=", filter.since); clauses.push("archived_at >= ?");
     }
     if (typeof filter.until === "number" && numericBounds.isPositiveFiniteInt(filter.until)) {
-      clauses.push("archived_at < ?");
-      args.push(filter.until);
+      qb.whereOp("archived_at", "<", filter.until); clauses.push("archived_at < ?");
     }
     if (filter.actorId && typeof filter.actorId === "string") {
-      clauses.push("actor_id = ?");
-      args.push(filter.actorId);
+      qb.where("actor_id", filter.actorId); clauses.push("actor_id = ?");
     }
-    var limit = numericBounds.isPositiveFiniteInt(filter.limit) ? Math.min(filter.limit, 1000) : 100; // list page cap
-    var where = clauses.length > 0 ? " WHERE " + clauses.join(" AND ") : "";
-    var sql = "SELECT journal_id, direction, actor_id, message_id, archived_at, " +
-              "size_bytes, regimes, floor_until, legal_hold, storage_key FROM " +
-              qTable + where + " ORDER BY archived_at DESC LIMIT " + limit + ";";
-    var rows = opts.db.runSql(sql, args);
+    var listBuilt = qb.orderBy("archived_at", "desc").limit(limit).toSql();
+    var rows = opts.db.runSql(listBuilt.sql, listBuilt.params);
     _emit("mail.journal.list", "success", { count: rows ? rows.length : 0, filter: clauses });
     return (rows || []).map(function (r) {
       return {
@@ -387,11 +403,15 @@ function create(opts) {
 
   function expireSurface(now) {
     if (now === undefined) now = Date.now();
-    var rows = opts.db.runSql(
-      "SELECT journal_id, archived_at, floor_until, message_id, regimes FROM " +
-      qTable + " WHERE floor_until < ? AND legal_hold = 0 ORDER BY archived_at ASC LIMIT 1000;",   // expiry-surface cap
-      [now]
-    );
+    // legal_hold = 0 binds as a value (the prior inline `0` literal).
+    var esBuilt = _t("select")
+      .columns(["journal_id", "archived_at", "floor_until", "message_id", "regimes"])
+      .whereOp("floor_until", "<", now)
+      .where("legal_hold", 0)
+      .orderBy("archived_at", "asc")
+      .limit(1000)                                                                                  // expiry-surface cap
+      .toSql();
+    var rows = opts.db.runSql(esBuilt.sql, esBuilt.params);
     _emit("mail.journal.expire_surface", "success", { count: rows ? rows.length : 0, now: now });
     return (rows || []).map(function (r) {
       return {
@@ -409,10 +429,11 @@ function create(opts) {
       throw new MailJournalError("mail-journal/bad-id",
         "mail.journal.setLegalHold: journalId required");
     }
-    opts.db.runSql(
-      "UPDATE " + qTable + " SET legal_hold = ? WHERE journal_id = ?;",
-      [onHold ? 1 : 0, journalId]
-    );
+    var lhBuilt = _t("update")
+      .set("legal_hold", onHold ? 1 : 0)
+      .where("journal_id", journalId)
+      .toSql();
+    opts.db.runSql(lhBuilt.sql, lhBuilt.params);
     _emit("mail.journal.legal_hold_change", "success", { journalId: journalId, onHold: !!onHold });
   }
 

package/lib/mail-rbl.js

@@ -86,6 +86,7 @@ var C                  = require("./constants");
 var { defineClass }    = require("./framework-error");
 var lazyRequire        = require("./lazy-require");
 var ipUtils            = require("./ip-utils");
+var gateContract       = require("./gate-contract");
 
 var audit              = lazyRequire(function () { return require("./audit"); });
 
@@ -105,12 +106,7 @@ var PROFILES = Object.freeze({
   permissive: { maxConcurrent: 32, perListTimeoutMs: C.TIME.seconds(20), maxListsPerQuery: 64 },         // list-count cap
 });
 
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 
 /**
  * @primitive b.mail.rbl.create

package/lib/mail-scan.js

@@ -85,6 +85,7 @@ var lazyRequire       = require("./lazy-require");
 var validateOpts      = require("./validate-opts");
 var numericBounds     = require("./numeric-bounds");
 var safeIcap          = require("./safe-icap");
+var gateContract = require("./gate-contract");
 
 var audit             = lazyRequire(function () { return require("./audit"); });
 var guardArchive      = lazyRequire(function () { return require("./guard-archive"); });
@@ -107,12 +108,7 @@ var PROFILES = Object.freeze({
   permissive: { timeoutMs: C.TIME.seconds(120), maxMessageBytes: C.BYTES.mib(150), maxResponseBytes: C.BYTES.mib(300) },  // operator-facing default mailbox cap
 });
 
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 
 var ALLOWED_PROTOCOLS = Object.freeze({
   "icap":            true,

package/lib/mail-spam-score.js

@@ -70,6 +70,7 @@
 var { defineClass }   = require("./framework-error");
 var lazyRequire       = require("./lazy-require");
 var validateOpts      = require("./validate-opts");
+var gateContract      = require("./gate-contract");
 
 var audit = lazyRequire(function () { return require("./audit"); });
 
@@ -90,12 +91,7 @@ var PROFILES = Object.freeze({
   permissive: { threshold: 10.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES },
 });
 
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 
 /**
  * @primitive b.mail.spamScore.create