npm - @blamejs/core - Versions diffs - 0.14.27 → 0.15.1 - Mend

@blamejs/core 0.14.27 → 0.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/CHANGELOG.md +6 -0
package/README.md +2 -2
package/index.js +4 -0
package/lib/ai-content-detect.js +9 -10
package/lib/api-key.js +158 -77
package/lib/atomic-file.js +29 -1
package/lib/audit-chain.js +47 -11
package/lib/audit-sign.js +77 -2
package/lib/audit-tools.js +79 -51
package/lib/audit.js +228 -100
package/lib/backup/index.js +13 -10
package/lib/break-glass.js +202 -144
package/lib/cache.js +174 -105
package/lib/chain-writer.js +38 -16
package/lib/cli.js +19 -14
package/lib/cluster-provider-db.js +130 -104
package/lib/cluster-storage.js +119 -22
package/lib/cluster.js +119 -71
package/lib/compliance.js +22 -0
package/lib/consent.js +82 -29
package/lib/constants.js +16 -11
package/lib/crypto-field.js +387 -91
package/lib/db-declare-row-policy.js +35 -22
package/lib/db-file-lifecycle.js +3 -2
package/lib/db-query.js +517 -256
package/lib/db-schema.js +209 -44
package/lib/db.js +202 -95
package/lib/external-db-migrate.js +229 -139
package/lib/external-db.js +25 -15
package/lib/framework-error.js +11 -0
package/lib/framework-files.js +73 -0
package/lib/framework-schema.js +695 -394
package/lib/gate-contract.js +596 -1
package/lib/guard-agent-registry.js +26 -44
package/lib/guard-all.js +1 -0
package/lib/guard-auth.js +42 -112
package/lib/guard-cidr.js +33 -154
package/lib/guard-csv.js +46 -113
package/lib/guard-domain.js +34 -157
package/lib/guard-dsn.js +27 -43
package/lib/guard-email.js +47 -69
package/lib/guard-envelope.js +19 -32
package/lib/guard-event-bus-payload.js +24 -42
package/lib/guard-event-bus-topic.js +25 -43
package/lib/guard-filename.js +42 -106
package/lib/guard-graphql.js +42 -123
package/lib/guard-html.js +53 -108
package/lib/guard-idempotency-key.js +24 -42
package/lib/guard-image.js +46 -103
package/lib/guard-imap-command.js +18 -32
package/lib/guard-jmap.js +16 -30
package/lib/guard-json.js +38 -108
package/lib/guard-jsonpath.js +38 -171
package/lib/guard-jwt.js +49 -179
package/lib/guard-list-id.js +25 -41
package/lib/guard-list-unsubscribe.js +27 -43
package/lib/guard-mail-compose.js +24 -42
package/lib/guard-mail-move.js +26 -44
package/lib/guard-mail-query.js +28 -46
package/lib/guard-mail-reply.js +24 -42
package/lib/guard-mail-sieve.js +24 -42
package/lib/guard-managesieve-command.js +17 -31
package/lib/guard-markdown.js +37 -104
package/lib/guard-message-id.js +26 -45
package/lib/guard-mime.js +39 -151
package/lib/guard-oauth.js +54 -135
package/lib/guard-pdf.js +45 -101
package/lib/guard-pop3-command.js +21 -31
package/lib/guard-posture-chain.js +24 -42
package/lib/guard-regex.js +33 -107
package/lib/guard-saga-config.js +24 -42
package/lib/guard-shell.js +42 -172
package/lib/guard-smtp-command.js +48 -54
package/lib/guard-snapshot-envelope.js +24 -42
package/lib/guard-sql.js +1491 -0
package/lib/guard-stream-args.js +24 -43
package/lib/guard-svg.js +47 -65
package/lib/guard-template.js +35 -172
package/lib/guard-tenant-id.js +26 -45
package/lib/guard-time.js +32 -154
package/lib/guard-trace-context.js +25 -44
package/lib/guard-uuid.js +32 -153
package/lib/guard-xml.js +38 -113
package/lib/guard-yaml.js +51 -163
package/lib/http-client.js +14 -0
package/lib/inbox.js +120 -107
package/lib/legal-hold.js +107 -50
package/lib/log-stream-cloudwatch.js +47 -31
package/lib/log-stream-otlp.js +32 -18
package/lib/mail-crypto-smime.js +2 -6
package/lib/mail-greylist.js +2 -6
package/lib/mail-helo.js +2 -6
package/lib/mail-journal.js +85 -64
package/lib/mail-rbl.js +2 -6
package/lib/mail-scan.js +2 -6
package/lib/mail-spam-score.js +2 -6
package/lib/mail-store.js +293 -154
package/lib/middleware/fetch-metadata.js +17 -7
package/lib/middleware/idempotency-key.js +54 -38
package/lib/middleware/rate-limit.js +102 -32
package/lib/middleware/security-headers.js +21 -5
package/lib/migrations.js +108 -66
package/lib/network-heartbeat.js +7 -0
package/lib/nonce-store.js +31 -9
package/lib/object-store/azure-blob-bucket-ops.js +9 -4
package/lib/object-store/azure-blob.js +31 -3
package/lib/object-store/sigv4.js +10 -0
package/lib/outbox.js +136 -82
package/lib/pqc-agent.js +44 -0
package/lib/pubsub-cluster.js +42 -20
package/lib/queue-local.js +202 -139
package/lib/queue-redis.js +9 -1
package/lib/queue-sqs.js +6 -0
package/lib/retention.js +82 -39
package/lib/safe-dns.js +29 -45
package/lib/safe-ical.js +18 -33
package/lib/safe-icap.js +27 -43
package/lib/safe-sieve.js +21 -40
package/lib/safe-sql.js +124 -3
package/lib/safe-vcard.js +18 -33
package/lib/scheduler.js +35 -12
package/lib/seeders.js +122 -74
package/lib/session-stores.js +42 -14
package/lib/session.js +116 -72
package/lib/sql.js +3885 -0
package/lib/static.js +45 -7
package/lib/subject.js +89 -49
package/lib/vault/index.js +3 -2
package/lib/vault/passphrase-ops.js +3 -2
package/lib/vault/rotate.js +104 -64
package/lib/vendor-data.js +2 -0
package/lib/websocket.js +16 -0
package/package.json +1 -1
package/sbom.cdx.json +6 -6

package/lib/db-declare-row-policy.js CHANGED Viewed

@@ -54,6 +54,7 @@
  *   }
  */
 var safeSql = require("./safe-sql");
+var sql = require("./sql");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
@@ -64,6 +65,8 @@ var ALLOWED_OPTS = [
   "using", "withCheck", "command", "permissive", "backend",
 ];
+// allow:hand-rolled-sql — RLS FOR-<command> keyword allowlist, not SQL text;
+// the policy itself is composed through b.sql.createPolicy.
 var ALLOWED_COMMANDS = ["ALL", "SELECT", "INSERT", "UPDATE", "DELETE"];
 function _err(code, message) {
@@ -192,9 +195,9 @@ function _ensureBackendIsPostgres(externalDb, backendName) {
 function declareRowPolicy(opts) {
   var spec = _validateOpts(opts);
-  var qTable  = safeSql.quoteQualified([spec.schema, spec.table], "postgres");
-  var qPolicy = safeSql.quoteIdentifier(spec.name, "postgres");
-  var qRole   = spec.role ? safeSql.quoteIdentifier(spec.role, "postgres") : null;
+  // The dotted "schema.table" form b.sql's RLS builders accept (each
+  // segment validated + quoted by construction inside b.sql).
+  var tableRef = spec.schema + "." + spec.table;
   var description = "declareRowPolicy " + spec.schema + "." + spec.table + "." + spec.name;
@@ -206,13 +209,18 @@ function declareRowPolicy(opts) {
     // Idempotent ENABLE — Postgres has no IF NOT EXISTS for this. Read
     // the current setting from pg_class and skip the ALTER when already
     // on, so re-running a migration set in a partially-applied state
-    // doesn't fail with a no-op error from the lock acquisition.
-    var rlsCheck = await xdb.query(
-      "SELECT relrowsecurity FROM pg_class c " +
-      "JOIN pg_namespace n ON n.oid = c.relnamespace " +
-      "WHERE n.nspname = $1 AND c.relname = $2",
-      [spec.schema, spec.table]
-    );
+    // doesn't fail with a no-op error from the lock acquisition. The
+    // pg_class / pg_namespace catalog join is composed through b.sql with
+    // a guarded raw join (system-catalog columns are outside any operator
+    // schema, so a column gate has no set to check); the schema + table
+    // names bind as parameters, never interpolate.
+    var rlsQuery = sql.select("pg_class", { dialect: "postgres", alias: "c" })
+      .columns(["c.relrowsecurity"])
+      .joinRaw("JOIN pg_namespace n ON n.oid = c.relnamespace")
+      .whereRaw("n.nspname = ?", [spec.schema])
+      .whereRaw("c.relname = ?", [spec.table])
+      .toExternalSql("postgres");
+    var rlsCheck = await xdb.query(rlsQuery.sql, rlsQuery.params);
     var rows = (rlsCheck && rlsCheck.rows) || [];
     if (rows.length === 0) {
       throw _err("declare-row-policy/table-not-found",
@@ -220,19 +228,23 @@ function declareRowPolicy(opts) {
         "' not found (does it exist? does the migration role have visibility?)");
     }
     if (!rows[0].relrowsecurity) {
-      await xdb.query("ALTER TABLE " + qTable + " ENABLE ROW LEVEL SECURITY", []);
+      var enableStmt = sql.enableRowLevelSecurity(tableRef, { dialect: "postgres" });
+      await xdb.query(enableStmt.sql, enableStmt.params);
     }
-    // CREATE POLICY assembled in canonical order: name → table → AS
-    // PERMISSIVE/RESTRICTIVE → FOR command → TO role → USING → WITH CHECK.
-    var sql = "CREATE POLICY " + qPolicy + " ON " + qTable;
-    sql += " AS " + (spec.permissive ? "PERMISSIVE" : "RESTRICTIVE");
-    sql += " FOR " + spec.command;
-    if (qRole) sql += " TO " + qRole;
-    sql += " USING (" + spec.using + ")";
-    if (spec.withCheck) sql += " WITH CHECK (" + spec.withCheck + ")";
-    await xdb.query(sql, []);
+    // CREATE POLICY assembled in canonical order by b.sql.createPolicy:
+    // name → table → AS PERMISSIVE/RESTRICTIVE → FOR command → TO role →
+    // USING → WITH CHECK. The using / withCheck boolean predicates ride
+    // b.sql's guarded raw-fragment path (the same b.guardSql gate the
+    // operator-facing whereRaw uses).
+    var policyStmt = sql.createPolicy(spec.name, tableRef, {
+      command:    spec.command,
+      permissive: spec.permissive,
+      role:       spec.role || undefined,
+      using:      spec.using,
+      withCheck:  spec.withCheck || undefined,
+    }, { dialect: "postgres" });
+    await xdb.query(policyStmt.sql, policyStmt.params);
     return {
       policy:       spec.schema + "." + spec.table + "." + spec.name,
@@ -248,7 +260,8 @@ function declareRowPolicy(opts) {
     if (ctx && ctx.externalDb && ctx.backendName) {
       _ensureBackendIsPostgres(ctx.externalDb, ctx.backendName);
     }
-    await xdb.query("DROP POLICY IF EXISTS " + qPolicy + " ON " + qTable, []);
+    var dropStmt = sql.dropPolicy(spec.name, tableRef, { dialect: "postgres", ifExists: true });
+    await xdb.query(dropStmt.sql, dropStmt.params);
   }
   return {

package/lib/db-file-lifecycle.js CHANGED Viewed

@@ -63,6 +63,7 @@ var nodePath = require("node:path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var { generateBytes, generateToken, encryptPacked, decryptPacked } = require("./crypto");
+var frameworkFiles = require("./framework-files");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
@@ -162,13 +163,13 @@ function fileLifecycle(opts) {
     DbFileLifecycleError, "db-file-lifecycle/bad-flush-interval");
   var label = opts.label || "default";
-  var encName = opts.encryptedDbName || "db.enc";
+  var encName = opts.encryptedDbName || frameworkFiles.fileName("dbEnc");
   var encPath = opts.encryptedDbPath
     ? nodePath.resolve(opts.encryptedDbPath)
     : nodePath.join(opts.dataDir, encName);
   var keyPath = opts.dbKeyPath
     ? nodePath.resolve(opts.dbKeyPath)
-    : nodePath.join(opts.dataDir, "db.key.enc");
+    : nodePath.join(opts.dataDir, frameworkFiles.fileName("dbKeyEnc"));
   var flushIntervalMs = opts.flushIntervalMs || DEFAULT_FLUSH_INTERVAL_MS;
   var tmpDir = _resolveTmpDir(opts.tmpDir, opts.allowDiskFallback === true);
   if (!nodeFs.existsSync(tmpDir)) nodeFs.mkdirSync(tmpDir, { recursive: true });