@blamejs/core 0.14.6 → 0.14.8

package/lib/mcp.js

@@ -45,12 +45,12 @@ var METHOD_NAME_MAX   = 256;
 // JSON-RPC 2.0 error codes (https://www.jsonrpc.org/specification#error_object).
 // Negative numerics by spec; mapped to HTTP status for the framework's
 // HTTP-shaped reply envelope.
-var JSONRPC_PARSE_ERROR     = -32700;                                                        // allow:raw-time-literal — not seconds
-var JSONRPC_INVALID_REQUEST = -32600;                                                        // allow:raw-time-literal — not seconds
-var JSONRPC_METHOD_NOT_FOUND= -32601;                                                        // allow:raw-time-literal — not seconds
-var JSONRPC_INVALID_PARAMS  = -32602;                                                        // allow:raw-time-literal — not seconds
-var JSONRPC_INTERNAL_ERROR  = -32603;                                                        // allow:raw-time-literal — not seconds
-var JSONRPC_AUTH_REQUIRED   = -32001;                                                        // allow:raw-time-literal — not seconds
+var JSONRPC_PARSE_ERROR     = -32700;                                                        // allow:raw-time-literal — JSON-RPC error code -32700; coincidental multiple-of-60, not a time value, C.TIME N/A
+var JSONRPC_INVALID_REQUEST = -32600;
+var JSONRPC_METHOD_NOT_FOUND= -32601;
+var JSONRPC_INVALID_PARAMS  = -32602;
+var JSONRPC_INTERNAL_ERROR  = -32603;
+var JSONRPC_AUTH_REQUIRED   = -32001;
 var TOOL_NAME_RE     = /^[a-zA-Z][a-zA-Z0-9._-]{0,63}$/;
 var RESOURCE_NAME_RE = /^[a-zA-Z][a-zA-Z0-9._/-]{0,255}$/;
 
@@ -424,7 +424,7 @@ function serverGuard(opts) {
  *   var safe = b.mcp.toolResult.sanitize(toolResp, { posture: "sanitize" });
  *   // → { content: [{ type: "text", text: "<cleaned>" }] }
  */
-var DEFAULT_TOOL_OUTPUT_MAX_BYTES = 64 * 1024;                                                   // allow:raw-byte-literal — 64 KiB per content block
+var DEFAULT_TOOL_OUTPUT_MAX_BYTES = 64 * 1024;
 var PROMPT_INJECTION_MARKERS = [
   "ignore (previous|prior|all) instructions",
   "system:\\s*you are",

package/lib/mdoc.js

@@ -58,7 +58,7 @@ var { defineClass } = require("./framework-error");
 
 var MdocError = defineClass("MdocError", { alwaysPermanent: true });
 
-var HDR_X5CHAIN = 33;                                  // allow:raw-time-literal — x5chain COSE header label (RFC 9360 is a spec number, not a size/duration)
+var HDR_X5CHAIN = 33;
 var TAG_ENCODED_CBOR = 24;                             // RFC 8949 §3.4.5.1 embedded-CBOR tag
 // Tags ISO 18013-5 uses in issuer data: tdate(0), epoch(1), embedded
 // CBOR(24), full-date(1004, RFC 8943). Bounded — others are refused.

package/lib/metrics.js

@@ -143,7 +143,7 @@ function _normalizeLabelArg(callLabels, value, defaultValue) {
   };
 }
 
-// CRYPTO-18 — credential-shape detector. Operators routinely tap their
+// Credential-shape detector. Operators routinely tap their
 // own observability with `{ token: req.headers.authorization }` or
 // `{ apiKey: req.headers["x-api-key"] }`, which then leak through the
 // /metrics scrape surface to any reader of the metrics endpoint. The
@@ -199,7 +199,7 @@ function _validateLabelValue(value) {
   // counters indexed by various input types still work.
   if (value === null || value === undefined) return "";
   var coerced = String(value);
-  // CRYPTO-18 — credential-shape detector. Operators who tap their
+  // Credential-shape detector. Operators who tap their
   // observability with raw header values leak bearer tokens / API
   // keys through /metrics to every scrape reader. Refuse the value
   // and surface a redaction marker so the metric still labels (so
@@ -642,8 +642,8 @@ function create(opts) {
       // `Accept: application/openmetrics-text; version=1.0.0`. The
       // handler returns the OpenMetrics-1.0 wire format when that
       // media type has the highest q-value among supported types;
-      // defaults to Prometheus 0.0.4 otherwise. Codex P1 v0.12.5 —
-      // honor RFC 9110 §12.5.1 weighted negotiation: a client that
+      // defaults to Prometheus 0.0.4 otherwise.
+      // Honor RFC 9110 §12.5.1 weighted negotiation: a client that
       // sends `Accept: text/plain;q=1.0, application/openmetrics-
       // text;q=0.5` (or `;q=0`) gets text/plain back, even though
       // both media types are supported.
@@ -719,7 +719,7 @@ function create(opts) {
         // (Prometheus 2.x, Grafana exemplar-renderer) can pivot
         // from a slow-request bucket to the trace that produced it.
         //
-        // Codex P2 v0.12.5 — the span_id MUST be the server-handling
+        // The span_id MUST be the server-handling
         // span (created by b.middleware.spanHttpServer + stamped on
         // req.span), not the upstream `traceparent`'s parent-id.
         // The parent-id points at the CALLER's span (or nothing for
@@ -729,7 +729,7 @@ function create(opts) {
           exemplar = {
             labels:    { trace_id: req.span.traceId, span_id: req.span.spanId },
             value:     elapsedSec,
-            timestamp: Date.now() / 1000,                                         // allow:raw-time-literal — OpenMetrics §6.2 unix epoch seconds with subsecond fraction
+            timestamp: Date.now() / 1000,
           };
         } else if (req.trace && req.trace.sampled && req.trace.traceId && req.trace.spanId) {
           // Operators wiring traceparent directly without
@@ -740,7 +740,7 @@ function create(opts) {
           exemplar = {
             labels:    { trace_id: req.trace.traceId, span_id: req.trace.spanId },
             value:     elapsedSec,
-            timestamp: Date.now() / 1000,                                         // allow:raw-time-literal — OpenMetrics §6.2 unix epoch seconds with subsecond fraction
+            timestamp: Date.now() / 1000,
           };
         }
         try { requestDuration.observe(durLabels, elapsedSec, exemplar); }
@@ -986,7 +986,7 @@ function snapshotStartWriter(opts) {
   var fieldsFn   = opts.fields;
   var registry   = opts.registry || null;
   var intervalMs = opts.intervalMs;
-  // CRYPTO-6 — file mode for the atomic write. Default 0o640
+  // File mode for the atomic write. Default 0o640
   // (owner rw, group r, world none). Operators with a sidecar
   // reader in a different group override to 0o644; multi-tenant
   // hosts may even tighten to 0o600.
@@ -1019,7 +1019,7 @@ function snapshotStartWriter(opts) {
       catch (e2) { log("snapshot.metrics serialize failed: " + ((e2 && e2.message) || String(e2))); }
     }
     try {
-      // CRYPTO-6 — default 0o640 (owner rw, group r, world none) so
+      // Default 0o640 (owner rw, group r, world none) so
       // operator-supplied snapshot fields aren't world-readable on a
       // multi-tenant host. Operators with a sidecar reader running as
       // a different group override via opts.fileMode at startWriter
@@ -1078,7 +1078,7 @@ function snapshotRead(p) {
   // is well above the framework's expected snapshot size (~5-50 KiB)
   // and the safeJson absolute cap stays within reach.
   try {
-    // CRYPTO-21 — route through C.BYTES.mib(4); the raw byte literal
+    // Route through C.BYTES.mib(4); the raw byte literal
     // was a drift smell flagged by codebase-patterns.
     parsed = safeJson.parse(raw, { maxBytes: C.BYTES.mib(4) });
   } catch (e) {

package/lib/middleware/compose-pipeline.js

@@ -97,7 +97,7 @@ var CANONICAL_POSITIONS = Object.freeze({
   botGuard:      42,                                                                                      // canonical position bucket
   requireAuth:   50,                                                                                      // canonical position bucket
   attachUser:    52,                                                                                      // canonical position bucket
-  handler:       60,                                                                                      // allow:raw-time-literal — pipeline position int, not seconds
+  handler:       60,                                                                                      // allow:raw-time-literal — pipeline position bucket; coincidental multiple-of-60, C.TIME N/A
   errorHandler:  90,                                                                                      // canonical position bucket
 });
 

package/lib/middleware/csrf-protect.js

@@ -316,7 +316,7 @@ function create(opts) {
   // refuse before the token check.
   //
   // Default: enabled (defense-in-depth — same shape as bot-guard /
-  // rate-limit / CSP nonce — every default ON per Core Rule §3).
+  // rate-limit / CSP nonce — every default ON).
   // Operator opt-out: opts.checkOrigin = false.
   // Operator allowlist: opts.allowedOrigins = ["https://app.example.com"].
   var checkOrigin = opts.checkOrigin !== false;

package/lib/middleware/dpop.js

@@ -119,7 +119,7 @@ function _nonceManager(rotateSec) {
       if (previous && bCrypto.timingSafeEqual(n, previous.nonce)) return true;
       return false;
     },
-    // AUTH-36 — hot-reload coexistence. Operators redeploying without
+    // Hot-reload coexistence. Operators redeploying without
     // a clean process restart need a way to drain in-flight clients
     // before swapping the middleware instance. shutdown() returns no
     // fresh nonces and refuses every presented nonce, so the
@@ -156,7 +156,7 @@ function _reconstructHtu(req, mopts) {
   //
   // Default: ignore X-Forwarded-* and derive proto/host from the
   // socket. Operators with a confirmed-trusted front proxy opt in
-  // via opts.trustForwardedHeaders: true. (Audit 2026-05-11.)
+  // via opts.trustForwardedHeaders: true.
   mopts = mopts || {};
   var trustForwarded = mopts.trustForwardedHeaders === true;
   var proto;
@@ -229,7 +229,7 @@ function create(opts) {
     "getAccessToken", "getNonce", "getHtu", "audit",
     "nonceStore", "nonceWindowSec", "nonceRotateSec", "requireNonce",
     // v0.9.4 — opt-in trust gate for X-Forwarded-Proto/Host when
-    // reconstructing htu. Default off (audit 2026-05-11); operators
+    // reconstructing htu. Default off; operators
     // with a confirmed-trusted front proxy set this to `true`.
     "trustForwardedHeaders", "onDeny", "problemDetails",
   ], "middleware.dpop");
@@ -287,7 +287,7 @@ function create(opts) {
       return _writeUnauthorized(req, res, "invalid_dpop_proof",
         "multiple DPoP headers are not allowed", null, onDeny, problemMode);
     }
-    // AUTH-15 — RFC 9449 §4.1 single-value invariant. node:http
+    // RFC 9449 §4.1 single-value invariant. node:http
     // collapses repeated headers into a comma-joined string when the
     // client ships `DPoP: proof1, DPoP: proof2`; the Array.isArray
     // check above catches the multi-value array shape but a
@@ -399,7 +399,7 @@ function create(opts) {
     return next();
   };
 
-  // AUTH-36 — surface the nonce manager's lifecycle hooks on the
+  // Surface the nonce manager's lifecycle hooks on the
   // returned middleware so hot-reload deploys can drain in-flight
   // clients before swapping instances. shutdown() refuses every
   // subsequent proof + issues no fresh nonces; revoke() rotates the

package/lib/middleware/idempotency-key.js

@@ -175,7 +175,7 @@ function memoryStore(opts) {
  *     headers. Requires `b.vault.init(...)` to have run; falls back to
  *     plain-text with a one-shot audit warning when vault isn't ready,
  *     so test-fixture / boot-script callers still work.
- *   - `aad: true` (since 0.9.58 — CRYPTO-1) — sealed columns are bound
+ *   - `aad: true` (since 0.9.58) — sealed columns are bound
  *     via Additional Authenticated Data to (table, k, column,
  *     schemaVersion) so a DB-write attacker can't copy a sealed
  *     header/body cell from one row to another (which previously
@@ -184,12 +184,12 @@ function memoryStore(opts) {
  *     detects the envelope shape; lazy re-seal on next `set()` upgrades
  *     each row to AAD form. Operators wanting a one-shot migration
  *     call `b.middleware.idempotencyKey.resealMigrate(store)`.
- *   - `fingerprintSeal: true` (since 0.9.58 — CRYPTO-4) — the request
+ *   - `fingerprintSeal: true` (since 0.9.58) — the request
  *     `fingerprint` column carries an HMAC under a vault-derived
  *     secret instead of a bare SHA3-256 of method+path+body. The
  *     compare path is constant-time so the column doubles as a
  *     mismatch oracle without offline-brute-force exposure.
- *   - `bodyFingerprintFallback: "deny"` (since 0.9.58 — SUBSTRATE-13) —
+ *   - `bodyFingerprintFallback: "deny"` (since 0.9.58) —
  *     when neither `bodyFingerprint` nor `req._rawBody`/`req.body` is
  *     populated for a body-bearing method, the middleware previously
  *     silently degraded the fingerprint to method+path. Set to
@@ -228,8 +228,8 @@ function memoryStore(opts) {
  *   init?:      boolean,  // default true — run CREATE TABLE IF NOT EXISTS at construction
  *   hashKeys?:  boolean,  // default true — store sha3-512 namespace-hash of the key, not the raw key
  *   seal?:      boolean,  // default true — seal headers + body via b.cryptoField when vault is ready
- *   aad?:       boolean,  // default true — AAD-bind seal to (table,k,column) so a DB-write attacker can't cross-row swap (CRYPTO-1)
- *   fingerprintSeal?: boolean, // default true — HMAC fingerprint under a vault-derived secret instead of bare sha3-256 (CRYPTO-4)
+ *   aad?:       boolean,  // default true — AAD-bind seal to (table,k,column) so a DB-write attacker can't cross-row swap
+ *   fingerprintSeal?: boolean, // default true — HMAC fingerprint under a vault-derived secret instead of bare sha3-256
  *
  * @example
  *   // single-process daemon, framework's internal sqlite, both defaults on:
@@ -264,11 +264,11 @@ function dbStore(opts) {
   var doInit   = opts.init     !== false;
   var hashKeys = opts.hashKeys !== false;
   var sealReq  = opts.seal     !== false;
-  // CRYPTO-1 — AAD-bind sealing to (table, k, column) by default.
+  // AAD-bind sealing to (table, k, column) by default.
   // Forms a defense-in-depth pair with seal: cross-row swap fails
   // Poly1305 even when the attacker controls the DB layer.
   var aadOn    = opts.aad      !== false;
-  // CRYPTO-4 — HMAC the fingerprint under a vault-derived secret by
+  // HMAC the fingerprint under a vault-derived secret by
   // default. Bare SHA3-256 of method+path+body is offline-brute-
   // forceable for any DB-dump attacker; HMAC under a vault secret
   // forces them to break the vault first.
@@ -297,7 +297,7 @@ function dbStore(opts) {
 
   // Register the table with cryptoField. registerTable is idempotent
   // — subsequent dbStore() calls with the same tableName re-declare
-  // the same sealedFields and no-op. CRYPTO-1: when aad is on,
+  // the same sealedFields and no-op. When aad is on,
   // (table, k, column) is threaded into the AEAD AAD so a DB-write
   // attacker can't copy a sealed value between rows.
   if (sealEnabled) {
@@ -309,7 +309,7 @@ function dbStore(opts) {
     });
   }
 
-  // CRYPTO-4 — derive a per-vault HMAC secret for fingerprint sealing.
+  // Derive a per-vault HMAC secret for fingerprint sealing.
   // The vault root key is the trust root; without it the secret is
   // unrecoverable. Lazy: only derived when fpSealOn is enabled AND the
   // vault is ready, so test fixtures that haven't initialized the
@@ -349,7 +349,7 @@ function dbStore(opts) {
   // so audit/forensic SELECTs don't have to unseal-everything. The
   // `k` column is selected even when not strictly needed for read
   // because cryptoField.unsealRow uses it as the rowId in AAD when
-  // the table is AAD-bound (CRYPTO-1).
+  // the table is AAD-bound.
   var stmtGet = db.prepare(
     "SELECT k, fingerprint, status_code, headers, body, expires_at FROM " +
     qTable + " WHERE k = ?");
@@ -372,7 +372,7 @@ function dbStore(opts) {
     return bCrypto.namespaceHash("idempotency-key", rawKey);
   }
 
-  // CRYPTO-4 — emit / compare HMAC-shape fingerprints. The store
+  // Emit / compare HMAC-shape fingerprints. The store
   // round-trips the column as plain text (no transformation per-get);
   // sealing happens at MINT time (when the middleware builds the
   // fingerprint and hands it to set()). The store's responsibility is
@@ -391,7 +391,7 @@ function dbStore(opts) {
       if (sealEnabled) {
         try { liveRow = cryptoField.unsealRow(tableNameRaw, row); }
         catch (_unsealErr) {
-          // CRYPTO-13 — decryption failure used to delete the row,
+          // Decryption failure used to delete the row,
           // which let an attacker probe key presence via a "tamper +
           // observe subsequent SELECT" oracle. The fix: emit audit,
           // return null, do NOT delete. TTL sweeps stale rows out
@@ -407,7 +407,7 @@ function dbStore(opts) {
       }
       var headersObj;
       try {
-        // CRYPTO-22 — route through C.BYTES.mib(4); raw `4 * 1024 * 1024`
+        // Route through C.BYTES.mib(4); raw `4 * 1024 * 1024`
         // was a drift smell flagged by codebase-patterns. 4 MiB ceiling
         // unchanged.
         headersObj = safeJson.parse(liveRow.headers, { maxBytes: C.BYTES.mib(4) });
@@ -421,7 +421,6 @@ function dbStore(opts) {
         //      DELETING it would clobber another process's cache and
         //      turn a hit into a miss with potential side-effect re-
         //      execution. Treat as miss + LEAVE the row in place.
-        //      Per Codex P1 on PR #45.
         var lookedSealed = typeof liveRow.headers === "string" &&
           (liveRow.headers.indexOf("vault:") === 0 ||
            liveRow.headers.indexOf("vault.aad:") === 0);
@@ -456,7 +455,7 @@ function dbStore(opts) {
     delete: function (rawKey) {
       stmtDelete.run(_k(rawKey));
     },
-    // CRYPTO-4 — the middleware consults this hook to HMAC the
+    // The middleware consults this hook to HMAC the
     // method+path+body digest under a vault-derived secret before
     // insert + compare. Returns null when fpSeal is disabled OR the
     // vault wasn't ready at construction; the middleware then falls
@@ -466,7 +465,7 @@ function dbStore(opts) {
       return nodeCrypto.createHmac("sha3-256", fpHmacSecret)
         .update(preimageBytes).digest("hex");
     },
-    // CRYPTO-1 — operator helper: walk the table and reseal every row
+    // Operator helper: walk the table and reseal every row
     // under the AAD form. Existing v0.9.15-v0.9.57 rows continue to
     // read on a per-row basis (unsealRow auto-detects shape), but
     // operators wanting an explicit migration step call this once.
@@ -526,7 +525,7 @@ function _fingerprintRequest(req, bodyBytes, store) {
   // Fingerprint preimage = method + path + body. Per the draft §4.3,
   // a key+body mismatch is a client-side mistake; our preimage covers
   // method + path so a client reusing a key across different
-  // endpoints is also caught. CRYPTO-4: when the store exposes a
+  // endpoints is also caught. When the store exposes a
   // `fingerprintHmac` hook (dbStore with fingerprintSeal:true + vault
   // ready), the preimage is HMAC'd under a vault-derived secret so a
   // DB dump leaks neither the preimage nor a brute-forceable digest.
@@ -602,7 +601,7 @@ function _emitAudit(action, metadata, outcome) {
  *   requireIdempotencyKey: boolean,  // default: false — refuse missing-key
  *   bodyFingerprint:       function, // (req) => Buffer|string|object|null — operator-supplied body extractor
  *   maxBodyBytes:          number,   // default: 1 MiB — replay-cache body cap
- *   bodyFingerprintFallback: string, // default "deny" (SUBSTRATE-13) — when neither
+ *   bodyFingerprintFallback: string, // default "deny" — when neither
  *                                    // bodyFingerprint nor req._rawBody / req.body is
  *                                    // available for POST/PUT/PATCH, refuse with HTTP 400
  *                                    // idempotency/missing-body-fingerprint instead of
@@ -669,7 +668,7 @@ function create(opts) {
     opts.bodyFingerprint, "idempotencyKey.bodyFingerprint",
     IdempotencyError, "idempotency/bad-body-fingerprint"
   ) || null;
-  // SUBSTRATE-13 — default "deny" refuses body-bearing requests that
+  // Default "deny" refuses body-bearing requests that
   // arrive with neither req._rawBody / req.body NOR an operator-
   // supplied bodyFingerprint hook. The silent-degrade-to-method+path
   // path was a §4.3 violation (same key + different body returned
@@ -762,7 +761,7 @@ function create(opts) {
     // Misordered-mount detector — body-bearing method reached us
     // with neither a parsed body nor a raw-body buffer. Most likely
     // body-parser hasn't run yet, which used to silently degrade the
-    // fingerprint to method+path; SUBSTRATE-13 (v0.9.58) makes that
+    // fingerprint to method+path; v0.9.58 makes that
     // case refuse with HTTP 400 by default. The audit emit fires in
     // both fallback modes so operator review surfaces the
     // misconfiguration regardless of the chosen fallback.
@@ -929,8 +928,8 @@ function _redactKey(key) {
  * @related   b.middleware.idempotencyKey.dbStore
  *
  * One-shot operator helper that walks a dbStore's table and reseals
- * every row under the AAD-bound envelope shape introduced in v0.9.58
- * (CRYPTO-1). Existing v0.9.15-v0.9.57 rows continue to read on a
+ * every row under the AAD-bound envelope shape introduced in v0.9.58.
+ * Existing v0.9.15-v0.9.57 rows continue to read on a
  * per-row basis (unsealRow auto-detects shape) so a deploy without
  * this call is correct, but operators who want to upgrade in bulk
  * call this once after upgrading.

package/lib/middleware/protected-resource-metadata.js

@@ -94,7 +94,7 @@ function create(opts) {
       "middleware/protected-resource-metadata/no-as",
       "authorizationServers must be a non-empty array of issuer URLs");
   }
-  // AUTH-17 — RFC 9728 §3 + RFC 8414 §3.1: authorizationServers entries
+  // RFC 9728 §3 + RFC 8414 §3.1: authorizationServers entries
   // are issuer URLs and MUST be https://. Pre-v0.9.x only required
   // non-empty string, so an operator typo could ship `http://idp.test`
   // (or, worse, `javascript:` / `data:`) to clients via the well-known
@@ -156,7 +156,7 @@ function create(opts) {
   if (opts.dpopBoundAccessTokensRequired === true) doc.dpop_bound_access_tokens_required = true;
   if (opts.mtlsBoundAccessTokensRequired === true) doc.tls_client_certificate_bound_access_tokens = true;
 
-  // AUTH-18 — RFC 9728 §3.2 signed_metadata. Operators with an
+  // RFC 9728 §3.2 signed_metadata. Operators with an
   // anti-tamper requirement pass `signMetadata: { key, alg, kid }`;
   // the middleware emits `application/jwt` carrying the JWS-signed
   // metadata. Default output remains cleartext `application/json`.

package/lib/network-dns-resolver.js

@@ -126,7 +126,7 @@ var DEFAULT_MAX_TTL_MS    = C.TIME.hours(24);
 var DEFAULT_MIN_TTL_MS    = C.TIME.seconds(60);
 var DEFAULT_STALE_WINDOW  = C.TIME.hours(6);
 var DEFAULT_PROFILE       = "strict";
-// BUG-1 / MAIL-26 — CWE-400/770. Bound the cache so a hostile peer
+// CWE-400/770. Bound the cache so a hostile peer
 // that can drive query-name selection (e.g. inbound SMTP forwarding
 // DKIM `s=` / `d=` tag-controlled lookups) cannot inflate the Map to
 // OOM. Default 5000 entries: a parsed-response object ~100 bytes ×
@@ -216,7 +216,7 @@ function create(opts) {
 
   var cache = new Map();                  // key → { response, parsed, ttl, expiresAt, staleUntil }
 
-  // CWE-400/770 / BUG-1 — LRU eviction on insert when the cache is at
+  // CWE-400/770. LRU eviction on insert when the cache is at
   // capacity. v8 Map preserves insertion order; oldest key is the
   // first entry returned by Map.keys().next().
   function _evictIfFull() {

package/lib/network-dns.js

@@ -39,8 +39,7 @@ var STATE = {
   // Default-on secure DNS (DoH via Cloudflare) when neither doh nor dot
   // is operator-configured AND no opt-out env var is set. Operators
   // who explicitly want the system resolver call useSystemResolver()
-  // or set BLAMEJS_DNS_TRANSPORT=system. Default-on per Core Rule §3
-  // ("security defaults are not opt-in").
+  // or set BLAMEJS_DNS_TRANSPORT=system. Default-on (security defaults are not opt-in).
   systemResolver: false,
 };
 

package/lib/network-dnssec.js

@@ -293,7 +293,7 @@ function verifyRrset(opts) {
   } else {
     atMs = Date.now();
   }
-  var nowSec = Math.floor(atMs / 1000);                       // allow:raw-time-literal — ms→NumericDate seconds (RRSIG inception/expiration are seconds since epoch, RFC 4034 §3.1.5)
+  var nowSec = Math.floor(atMs / 1000);
   if (nowSec < (rrsig.inception >>> 0)) throw new DnssecError("dnssec/not-yet-valid", "dnssec.verifyRrset: RRSIG inception is in the future");
   if (nowSec > (rrsig.expiration >>> 0)) throw new DnssecError("dnssec/expired", "dnssec.verifyRrset: RRSIG has expired");
 
@@ -349,7 +349,7 @@ var BASE32HEX = "0123456789ABCDEFGHIJKLMNOPQRSTUV";          // RFC 4648 §7 ext
 var TYPE_DS = 43;                                            // IANA RR type DS
 var TYPE_CNAME = 5;
 var NSEC3_HASH_SHA1 = 1;                                     // RFC 5155 §5 — the only registered NSEC3 hash
-var DEFAULT_MAX_NSEC3_ITERATIONS = 150;                      // allow:raw-time-literal — DoS ceiling on iterated SHA-1; matches BIND 9.16.33+/Unbound 1.17.1 post-CVE-2023-50868 (RFC 9276 wants 0; deployed zones still use >0)
+var DEFAULT_MAX_NSEC3_ITERATIONS = 150;
 
 // KeyTrap (CVE-2023-50387) amplification caps. A hostile zone can publish
 // many DNSKEYs sharing one 16-bit key tag and many RRSIGs, forcing a

package/lib/network-smtp-policy.js

@@ -716,7 +716,7 @@ async function tlsRptSubmit(report, opts) {
 // tlsRpt.recordShape / tlsRpt.submit on the send side.
 
 var TLS_RPT_MAX_REPORT_BYTES = C.BYTES.mib(8);
-var TLS_RPT_MAX_POLICIES_PER_REPORT = 1024;                                       // allow:raw-time-literal — count cap, not seconds
+var TLS_RPT_MAX_POLICIES_PER_REPORT = 1024;
 
 function tlsRptParseReport(body, opts) {
   opts = opts || {};

package/lib/network-tls.js

@@ -837,7 +837,7 @@ function _parseTime(node) {
   if (s.length === 13 && s.charAt(12) === "Z") {                                 // UTCTime length per X.690
     // UTCTime YYMMDDhhmmssZ — 50+ → 19xx, else 20xx (RFC 5280 §4.1.2.5).
     year  = parseInt(s.slice(0, 2), 10);
-    year += year >= 50 ? 1900 : 2000;                                            // allow:raw-time-literal — RFC 5280 century pivot, calendar years
+    year += year >= 50 ? 1900 : 2000;
     month = parseInt(s.slice(2, 4), 10);
     day   = parseInt(s.slice(4, 6), 10);
     hour  = parseInt(s.slice(6, 8), 10);                                         // UTCTime hour-byte offsets
@@ -1136,7 +1136,6 @@ function evaluateOcspResponse(ocspDer, opts) {
     // length inputs but fast-paths on length mismatch; not security-
     // critical here (the OCSP response is CA-signed and signature
     // already verified) but matches the project discipline.
-    // (Audit 2026-05-11.)
     if (!bCrypto.timingSafeEqual(parsed.basic.nonce, opts.expectedNonce)) {
       return { ok: false, status: parsed.status, signatureValid: true,
                errors: ["OCSP nonce mismatch — possible replay or wrong responder"] };

package/lib/network-tsig.js

@@ -41,7 +41,7 @@ var TsigError = defineClass("TsigError", { alwaysPermanent: true });
 
 var TYPE_TSIG = 250;                                        // IANA RR type TSIG
 var CLASS_ANY = 255;                                        // TSIG RRs use CLASS ANY
-var DEFAULT_FUDGE = 300;                                    // allow:raw-time-literal — RFC 8945 recommended fudge window (seconds)
+var DEFAULT_FUDGE = 300;
 
 // Algorithm name → Node hash. The strong HMAC-SHA-2 family is the safe set;
 // HMAC-MD5 and HMAC-SHA-1 are refused unless allowLegacy (kept only for
@@ -225,7 +225,7 @@ function sign(message, opts) {
   var secret = _secretBuf(opts.secret);
   var fudge = opts.fudge == null ? DEFAULT_FUDGE : opts.fudge;
   if (typeof fudge !== "number" || !isFinite(fudge) || fudge < 0 || fudge > 0xffff) throw new TsigError("tsig/bad-opt", "tsig.sign: fudge must be 0..65535 seconds");   // 16-bit fudge field
-  var time = opts.time == null ? Math.floor(Date.now() / 1000) : opts.time;   // allow:raw-time-literal — ms→s
+  var time = opts.time == null ? Math.floor(Date.now() / 1000) : opts.time;
   if (typeof time !== "number" || !isFinite(time) || time < 0) throw new TsigError("tsig/bad-opt", "tsig.sign: time must be a non-negative Unix-seconds number");
   var error = opts.error == null ? 0 : opts.error;
   var otherData = Buffer.isBuffer(opts.otherData) ? opts.otherData : Buffer.alloc(0);
@@ -379,7 +379,7 @@ function verify(message, opts) {
     macValid = timingSafeEqual(rr.mac, expected.slice(0, rr.mac.length));
   }
 
-  var now = opts.now == null ? Math.floor(Date.now() / 1000) : opts.now;   // allow:raw-time-literal — ms→s
+  var now = opts.now == null ? Math.floor(Date.now() / 1000) : opts.now;
   var timeValid = Math.abs(now - rr.timeSigned) <= rr.fudge;
 
   var reason = null;

package/lib/outbox.js

@@ -342,7 +342,7 @@ function create(opts) {
   var stopping = false;
   var inFlight = null;
 
-  // SUBSTRATE-23 — `FOR UPDATE SKIP LOCKED` is Postgres / MySQL 8+ only.
+  // `FOR UPDATE SKIP LOCKED` is Postgres / MySQL 8+ only.
   // SQLite (single-writer at the DB level, but WAL mode lets multiple
   // processes share the file with concurrent SELECTs) doesn't support
   // SKIP LOCKED — feeding it Postgres syntax silently double-publishes

package/lib/pqc-agent.js

@@ -322,7 +322,7 @@ function _getDefaultAgent() {
  *   logger.info("pqc-agent reloaded", res);
  */
 function reload() {
-  // CRYPTO-9 — null the cached agent BEFORE calling destroy. The
+  // Null the cached agent BEFORE calling destroy. The
   // previous order let a concurrent _getDefaultAgent() see the
   // destroyed-not-null agent and hand it to a caller; the caller
   // then tries to issue a request through a torn-down keep-alive

package/lib/retention.js

@@ -569,7 +569,7 @@ function complianceFloor(posture, candidateTtlMs) {
   return candidateTtlMs > floor ? candidateTtlMs : floor;
 }
 
-// applyPosture — F-POSTURE-1 cascade hook. b.compliance.set(posture)
+// applyPosture — cascade hook. b.compliance.set(posture)
 // calls this to merge posture defaults into retention's state. The
 // retention module itself doesn't carry per-instance global defaults;
 // the cascade's job here is to surface the posture's audit-log

package/lib/retry.js

@@ -275,7 +275,7 @@ function backoffDelay(attempt, opts) {
   opts = opts || DEFAULT_RETRY;
   var base = opts.baseDelayMs * Math.pow(2, attempt - 1);
   var capped = Math.min(base, opts.maxDelayMs);
-  // CRYPTO-12 — jitter exists to spread retry storms across the
+  // Jitter exists to spread retry storms across the
   // millisecond window so N peer clients waking from the same
   // upstream outage don't all hit the recovering service at the same
   // tick. The value is observable to every client by construction

package/lib/rfc3339.js

@@ -25,11 +25,11 @@ function isValidDateTime(s) {
   if (!m) return false;
   var mo = +m[2], d = +m[3], h = +m[4], mi = +m[5], se = +m[6];
   if (mo < 1 || mo > 12 || d < 1 || d > 31 || h > 23 || mi > 59 || se > 60) return false;   // allow:raw-time-literal — RFC 3339 field ranges (60 = leap second)
-  var days = [31, ((+m[1] % 4 === 0 && +m[1] % 100 !== 0) || +m[1] % 400 === 0) ? 29 : 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31];   // allow:raw-time-literal — days per month (Gregorian)
+  var days = [31, ((+m[1] % 4 === 0 && +m[1] % 100 !== 0) || +m[1] % 400 === 0) ? 29 : 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31];
   if (d > days[mo - 1]) return false;
   var tz = m[8];
   if (tz !== "Z" && tz !== "z") {
-    if (+tz.slice(1, 3) > 23 || +tz.slice(4, 6) > 59) return false;   // allow:raw-time-literal — RFC 3339 offset hour/minute ranges
+    if (+tz.slice(1, 3) > 23 || +tz.slice(4, 6) > 59) return false;
   }
   return true;
 }

package/lib/safe-archive.js

@@ -225,7 +225,7 @@ async function extract(opts) {
         }
         inner = await archiveWrap().unwrapWithPassphrase(sealedBytes, { passphrase: opts.passphrase });
       }
-      // Codex P1 on v0.12.15 PR #166 — close the original source
+      // Close the original source
       // adapter BEFORE replacing it. When opts.source was a string
       // path, the fs adapter opened a file descriptor; overwriting
       // `source` loses the close reference and the descriptor
@@ -236,7 +236,7 @@ async function extract(opts) {
       if (typeof source.close === "function" && typeof opts.source === "string") {
         try { source.close(); } catch (_e) { /* drop-silent */ }
       }
-      // Codex P2 on v0.12.15 PR #166 — forward opts.signal to the
+      // Forward opts.signal to the
       // inner buffer adapter so abort propagation stays intact
       // across the unwrap boundary. Without it, an abort raised
       // after unwrapping would no longer cancel inner range()

package/lib/safe-decompress.js

@@ -105,7 +105,7 @@ var _algorithms = {
 // classic bomb shapes (1000:1) while leaving headroom for legitimate
 // text / JSON / XML payloads (which compress 20-50:1 commonly). Per
 // RFC 8460 §5.2 community guidance for TLS-RPT report decompression.
-var DEFAULT_MAX_RATIO = 50;                                                          // allow:raw-time-literal — RFC number not seconds
+var DEFAULT_MAX_RATIO = 50;
 
 // Default input cap when operator omits opts.maxCompressedBytes —
 // 4 MiB matches the TLS-RPT receive surface and is a reasonable

package/lib/safe-ical.js

@@ -251,9 +251,9 @@ function parse(text, opts) {
   var vcal = consumed.component;
   // RFC 5545 §3.4 — a stream may carry multiple VCALENDAR objects.
   // Walk the remainder so trailing objects are validated under the
-  // same caps + control-char + property allowlist (Codex P2 — without
+  // same caps + control-char + property allowlist; without
   // this, CalDAV ingest can pass validation on the first object while
-  // trailing malformed objects ride through untouched).
+  // trailing malformed objects ride through untouched.
   var vcalendars = [_shapeVcalendar(vcal)];
   var cursor = consumed.nextIdx;
   while (cursor < lines.length) {

package/lib/safe-mime.js

@@ -549,7 +549,7 @@ function _splitMultipart(buf, boundary) {
     // Per RFC 2046 §5.1.1 a boundary delimiter is `--<value>` preceded
     // by CRLF (or LF) — OR at the very start of the body. A boundary-
     // shaped sequence elsewhere in a part's body MUST NOT be treated
-    // as a delimiter. Per Codex P1 on PR #49.
+    // as a delimiter.
     var idx = _findBoundaryAtLineStart(buf, delimiter, pos);
     if (idx < 0) break;
     if (buf[idx + delimiter.length] === 0x2D && buf[idx + delimiter.length + 1] === 0x2D) {

package/lib/self-update-standalone-verifier.js

@@ -208,7 +208,7 @@ function verify(assetPath, signaturePath, pubkeyPem) {
   // produces. 64 KiB chunks match the framework's hash-while-streaming
   // convention elsewhere.
   //
-  // CRYPTO-2 hardening (v0.9.58): fstat the asset BEFORE the read loop
+  // Hardening (v0.9.58): fstat the asset BEFORE the read loop
   // for every alg path, clamp every readSync to (assetStat.size -
   // fullOff), and reject if the final fullOff diverges from
   // assetStat.size. A grow-during-read race (writer appends as we

package/lib/self-update.js

@@ -115,7 +115,7 @@ function _normalizeTag(tag) {
  * Missing numeric components on either side are treated as `"0"` so
  * `"1.0"` and `"1.0.0"` compare equal.
  *
- * CRYPTO-20 (v0.9.58) — pre-v0.9.58 the pre-release segment fell back
+ * Hardening (v0.9.58) — pre-v0.9.58 the pre-release segment fell back
  * to lexicographic comparison, which silently misordered `"1.0.0-alpha.10"`
  * (the strict-§11 LARGER pre-release) and `"1.0.0-alpha.9"`: as strings
  * "10" < "9" so `alpha.10 < alpha.9`, and a downstream consumer polling
@@ -294,7 +294,7 @@ function _matchAsset(name, pattern, fallback) {
  *   timeoutMs:        number,    // request timeout (default 15s)
  *   headers:          object,    // additional request headers
  *   etag:             string,    // last-seen etag for If-None-Match
- *                                  // (CRYPTO-16 — etags are RFC 9110 §13.1.1
+ *                                  // (etags are RFC 9110 §13.1.1
  *                                  // per-resource; an etag captured for
  *                                  // releasesUrl=A is meaningless against
  *                                  // releasesUrl=B. Operators rotating