@blamejs/core 0.15.12 → 0.15.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (365) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/index.js +2 -0
  3. package/lib/a2a-tasks.js +45 -29
  4. package/lib/acme.js +6 -5
  5. package/lib/agent-event-bus.js +18 -4
  6. package/lib/agent-idempotency.js +7 -6
  7. package/lib/agent-orchestrator.js +2 -5
  8. package/lib/agent-saga.js +3 -5
  9. package/lib/agent-snapshot.js +32 -2
  10. package/lib/agent-tenant.js +2 -5
  11. package/lib/ai-adverse-decision.js +2 -15
  12. package/lib/ai-aedt-bias-audit.js +2 -1
  13. package/lib/ai-capability.js +1 -6
  14. package/lib/ai-content-detect.js +1 -3
  15. package/lib/ai-dp.js +1 -5
  16. package/lib/ai-frontier-protocol.js +1 -1
  17. package/lib/ai-input.js +2 -2
  18. package/lib/ai-model-manifest.js +1 -1
  19. package/lib/ai-output.js +16 -7
  20. package/lib/ai-pref.js +3 -8
  21. package/lib/ai-quota.js +3 -14
  22. package/lib/api-key.js +37 -28
  23. package/lib/api-snapshot.js +4 -1
  24. package/lib/app-shutdown.js +7 -1
  25. package/lib/archive-adapters.js +2 -4
  26. package/lib/archive-entry-policy.js +32 -0
  27. package/lib/archive-gz.js +9 -0
  28. package/lib/archive-read.js +14 -24
  29. package/lib/archive-tar-read.js +56 -24
  30. package/lib/archive.js +6 -12
  31. package/lib/arg-parser.js +7 -6
  32. package/lib/asn1-der.js +70 -22
  33. package/lib/asyncapi-traits.js +2 -6
  34. package/lib/atomic-file.js +312 -33
  35. package/lib/audit-chain.js +183 -54
  36. package/lib/audit-daily-review.js +36 -16
  37. package/lib/audit-emit.js +82 -0
  38. package/lib/audit-sign.js +258 -0
  39. package/lib/audit-tools.js +108 -23
  40. package/lib/audit.js +91 -2
  41. package/lib/auth/access-lock.js +7 -29
  42. package/lib/auth/bot-challenge.js +1 -1
  43. package/lib/auth/ciba.js +43 -4
  44. package/lib/auth/dpop.js +29 -36
  45. package/lib/auth/fido-mds3.js +14 -16
  46. package/lib/auth/jwt-external.js +26 -8
  47. package/lib/auth/jwt.js +15 -17
  48. package/lib/auth/lockout.js +24 -27
  49. package/lib/auth/oauth.js +67 -45
  50. package/lib/auth/oid4vci.js +55 -32
  51. package/lib/auth/oid4vp.js +3 -2
  52. package/lib/auth/openid-federation.js +6 -6
  53. package/lib/auth/passkey.js +4 -4
  54. package/lib/auth/password.js +8 -2
  55. package/lib/auth/saml.js +70 -40
  56. package/lib/auth/sd-jwt-vc-holder.js +2 -14
  57. package/lib/auth/sd-jwt-vc-issuer.js +2 -14
  58. package/lib/auth/sd-jwt-vc.js +25 -5
  59. package/lib/auth/status-list.js +21 -9
  60. package/lib/auth/step-up.js +15 -13
  61. package/lib/auth-bot-challenge.js +27 -39
  62. package/lib/backup/bundle.js +18 -20
  63. package/lib/backup/crypto.js +23 -8
  64. package/lib/backup/index.js +55 -67
  65. package/lib/backup/manifest.js +7 -1
  66. package/lib/bounded-map.js +112 -1
  67. package/lib/breach-deadline.js +1 -11
  68. package/lib/break-glass.js +41 -22
  69. package/lib/cache.js +7 -18
  70. package/lib/cbor.js +36 -12
  71. package/lib/cdn-cache-control.js +15 -12
  72. package/lib/cert.js +8 -13
  73. package/lib/chain-writer.js +162 -47
  74. package/lib/cli.js +10 -2
  75. package/lib/client-hints.js +7 -9
  76. package/lib/cloud-events.js +43 -33
  77. package/lib/cluster-storage.js +9 -41
  78. package/lib/cms-codec.js +2 -1
  79. package/lib/codepoint-class.js +84 -1
  80. package/lib/compliance-ai-act-logging.js +1 -6
  81. package/lib/compliance-ai-act-transparency.js +2 -4
  82. package/lib/compliance-eaa.js +2 -12
  83. package/lib/compliance-sanctions-fetcher.js +21 -28
  84. package/lib/compliance-sanctions.js +11 -21
  85. package/lib/compliance.js +3 -10
  86. package/lib/config-drift.js +24 -20
  87. package/lib/content-credentials.js +11 -8
  88. package/lib/content-digest.js +21 -12
  89. package/lib/cookies.js +15 -13
  90. package/lib/cose.js +39 -11
  91. package/lib/cra-report.js +1 -11
  92. package/lib/crdt.js +2 -1
  93. package/lib/crypto-field.js +34 -33
  94. package/lib/crypto.js +138 -7
  95. package/lib/csp.js +239 -3
  96. package/lib/daemon.js +46 -42
  97. package/lib/data-act.js +46 -13
  98. package/lib/db-file-lifecycle.js +14 -6
  99. package/lib/db-query.js +75 -49
  100. package/lib/db.js +66 -27
  101. package/lib/dbsc.js +5 -6
  102. package/lib/ddl-change-control.js +18 -14
  103. package/lib/deprecate.js +4 -5
  104. package/lib/did.js +6 -2
  105. package/lib/dora.js +43 -13
  106. package/lib/dr-runbook.js +1 -1
  107. package/lib/dsa.js +2 -1
  108. package/lib/dsr.js +30 -20
  109. package/lib/early-hints.js +19 -0
  110. package/lib/eat.js +5 -1
  111. package/lib/external-db-migrate.js +21 -22
  112. package/lib/external-db.js +74 -30
  113. package/lib/fda-21cfr11.js +42 -13
  114. package/lib/fdx.js +22 -18
  115. package/lib/file-upload.js +80 -66
  116. package/lib/flag-evaluation-context.js +5 -8
  117. package/lib/flag-providers.js +6 -2
  118. package/lib/forms.js +1 -1
  119. package/lib/framework-error.js +12 -0
  120. package/lib/framework-schema.js +19 -0
  121. package/lib/fsm.js +7 -12
  122. package/lib/gate-contract.js +911 -39
  123. package/lib/gdpr-ropa.js +22 -22
  124. package/lib/graphql-federation.js +18 -5
  125. package/lib/guard-agent-registry.js +2 -1
  126. package/lib/guard-all.js +3 -2
  127. package/lib/guard-archive.js +9 -30
  128. package/lib/guard-auth.js +23 -80
  129. package/lib/guard-cidr.js +20 -96
  130. package/lib/guard-csv.js +135 -196
  131. package/lib/guard-domain.js +23 -106
  132. package/lib/guard-dsn.js +17 -14
  133. package/lib/guard-email.js +46 -53
  134. package/lib/guard-envelope.js +2 -2
  135. package/lib/guard-event-bus-topic.js +2 -1
  136. package/lib/guard-filename.js +12 -60
  137. package/lib/guard-graphql.js +28 -75
  138. package/lib/guard-html-wcag.js +15 -2
  139. package/lib/guard-html.js +74 -128
  140. package/lib/guard-idempotency-key.js +2 -1
  141. package/lib/guard-image.js +280 -77
  142. package/lib/guard-imap-command.js +9 -10
  143. package/lib/guard-jmap.js +1 -1
  144. package/lib/guard-json.js +101 -109
  145. package/lib/guard-jsonpath.js +20 -88
  146. package/lib/guard-jwt.js +32 -114
  147. package/lib/guard-list-id.js +2 -7
  148. package/lib/guard-list-unsubscribe.js +2 -7
  149. package/lib/guard-mail-compose.js +5 -6
  150. package/lib/guard-mail-move.js +3 -2
  151. package/lib/guard-mail-query.js +5 -3
  152. package/lib/guard-mail-sieve.js +6 -7
  153. package/lib/guard-managesieve-command.js +6 -5
  154. package/lib/guard-markdown.js +76 -110
  155. package/lib/guard-message-id.js +5 -6
  156. package/lib/guard-mime.js +20 -99
  157. package/lib/guard-oauth.js +19 -73
  158. package/lib/guard-pdf.js +65 -72
  159. package/lib/guard-pop3-command.js +13 -14
  160. package/lib/guard-posture-chain.js +2 -1
  161. package/lib/guard-regex.js +24 -99
  162. package/lib/guard-saga-config.js +2 -1
  163. package/lib/guard-shell.js +22 -87
  164. package/lib/guard-smtp-command.js +9 -12
  165. package/lib/guard-sql.js +15 -13
  166. package/lib/guard-stream-args.js +2 -1
  167. package/lib/guard-svg.js +103 -149
  168. package/lib/guard-template.js +23 -80
  169. package/lib/guard-tenant-id.js +2 -1
  170. package/lib/guard-text.js +592 -0
  171. package/lib/guard-time.js +27 -95
  172. package/lib/guard-uuid.js +21 -93
  173. package/lib/guard-xml.js +76 -106
  174. package/lib/guard-yaml.js +24 -60
  175. package/lib/html-balance.js +7 -3
  176. package/lib/http-client-cache.js +5 -12
  177. package/lib/http-client-cookie-jar.js +35 -16
  178. package/lib/http-client.js +233 -74
  179. package/lib/http-message-signature.js +3 -2
  180. package/lib/i18n-messageformat.js +5 -7
  181. package/lib/i18n.js +83 -26
  182. package/lib/iab-tcf.js +3 -2
  183. package/lib/importmap-integrity.js +41 -1
  184. package/lib/inbox.js +8 -8
  185. package/lib/incident-report.js +12 -27
  186. package/lib/ip-utils.js +49 -6
  187. package/lib/jobs.js +3 -2
  188. package/lib/json-patch.js +1 -1
  189. package/lib/json-path.js +24 -3
  190. package/lib/jtd.js +2 -2
  191. package/lib/keychain.js +6 -18
  192. package/lib/legal-hold.js +30 -23
  193. package/lib/log-stream-cloudwatch.js +44 -112
  194. package/lib/log-stream-otlp-grpc.js +17 -14
  195. package/lib/log-stream-otlp.js +16 -80
  196. package/lib/log-stream-webhook.js +20 -92
  197. package/lib/log.js +2 -2
  198. package/lib/mail-agent.js +2 -2
  199. package/lib/mail-arc-sign.js +8 -3
  200. package/lib/mail-arf.js +4 -3
  201. package/lib/mail-auth.js +43 -69
  202. package/lib/mail-bimi.js +35 -55
  203. package/lib/mail-bounce.js +3 -3
  204. package/lib/mail-crypto-pgp.js +3 -2
  205. package/lib/mail-crypto-smime.js +71 -6
  206. package/lib/mail-dav.js +8 -35
  207. package/lib/mail-deploy.js +15 -14
  208. package/lib/mail-dkim.js +19 -38
  209. package/lib/mail-greylist.js +17 -30
  210. package/lib/mail-helo.js +4 -7
  211. package/lib/mail-journal.js +13 -9
  212. package/lib/mail-mdn.js +12 -7
  213. package/lib/mail-rbl.js +7 -12
  214. package/lib/mail-scan.js +5 -7
  215. package/lib/mail-send-deliver.js +33 -20
  216. package/lib/mail-server-imap.js +32 -87
  217. package/lib/mail-server-jmap.js +39 -52
  218. package/lib/mail-server-managesieve.js +29 -83
  219. package/lib/mail-server-mx.js +33 -74
  220. package/lib/mail-server-net.js +177 -0
  221. package/lib/mail-server-pop3.js +30 -83
  222. package/lib/mail-server-rate-limit.js +30 -6
  223. package/lib/mail-server-registry.js +1 -1
  224. package/lib/mail-server-submission.js +34 -73
  225. package/lib/mail-server-tls.js +98 -2
  226. package/lib/mail-spam-score.js +9 -12
  227. package/lib/mail-store-fts.js +1 -1
  228. package/lib/mail-store.js +3 -2
  229. package/lib/mail.js +28 -13
  230. package/lib/markup-escape.js +31 -0
  231. package/lib/markup-tokenizer.js +78 -0
  232. package/lib/mcp-tool-registry.js +26 -23
  233. package/lib/mcp.js +7 -5
  234. package/lib/mdoc.js +36 -14
  235. package/lib/metrics.js +46 -33
  236. package/lib/middleware/age-gate.js +3 -23
  237. package/lib/middleware/api-encrypt.js +13 -24
  238. package/lib/middleware/assetlinks.js +2 -7
  239. package/lib/middleware/bearer-auth.js +2 -1
  240. package/lib/middleware/body-parser.js +41 -52
  241. package/lib/middleware/bot-disclose.js +7 -10
  242. package/lib/middleware/bot-guard.js +28 -28
  243. package/lib/middleware/clear-site-data.js +5 -1
  244. package/lib/middleware/compression.js +9 -0
  245. package/lib/middleware/cors.js +32 -23
  246. package/lib/middleware/csrf-protect.js +73 -23
  247. package/lib/middleware/daily-byte-quota.js +12 -30
  248. package/lib/middleware/deny-response.js +19 -1
  249. package/lib/middleware/fetch-metadata.js +35 -4
  250. package/lib/middleware/idempotency-key.js +4 -20
  251. package/lib/middleware/network-allowlist.js +61 -30
  252. package/lib/middleware/rate-limit.js +45 -44
  253. package/lib/middleware/scim-server.js +5 -3
  254. package/lib/middleware/security-headers.js +33 -7
  255. package/lib/middleware/security-txt.js +2 -6
  256. package/lib/middleware/speculation-rules.js +6 -3
  257. package/lib/middleware/tus-upload.js +14 -29
  258. package/lib/middleware/web-app-manifest.js +2 -7
  259. package/lib/migrations.js +4 -13
  260. package/lib/mime-parse.js +34 -17
  261. package/lib/module-loader.js +44 -0
  262. package/lib/money.js +105 -0
  263. package/lib/mtls-ca.js +125 -41
  264. package/lib/network-byte-quota.js +4 -18
  265. package/lib/network-dane.js +8 -6
  266. package/lib/network-dns-resolver.js +98 -7
  267. package/lib/network-dns.js +9 -2
  268. package/lib/network-dnssec.js +18 -17
  269. package/lib/network-heartbeat.js +3 -2
  270. package/lib/network-smtp-policy.js +52 -46
  271. package/lib/network-tls.js +67 -47
  272. package/lib/network-tsig.js +2 -2
  273. package/lib/nis2-report.js +2 -12
  274. package/lib/nist-crosswalk.js +1 -1
  275. package/lib/nonce-store.js +81 -3
  276. package/lib/ntp-check.js +28 -0
  277. package/lib/numeric-bounds.js +31 -8
  278. package/lib/object-store/azure-blob-bucket-ops.js +2 -6
  279. package/lib/object-store/azure-blob.js +6 -47
  280. package/lib/object-store/gcs-bucket-ops.js +4 -2
  281. package/lib/object-store/gcs.js +14 -75
  282. package/lib/object-store/http-put.js +2 -7
  283. package/lib/object-store/http-request.js +157 -0
  284. package/lib/object-store/local.js +37 -17
  285. package/lib/object-store/sigv4-bucket-ops.js +2 -1
  286. package/lib/object-store/sigv4.js +10 -79
  287. package/lib/observability-otlp-exporter.js +29 -29
  288. package/lib/observability.js +95 -0
  289. package/lib/openapi-paths-builder.js +7 -3
  290. package/lib/otel-export.js +7 -10
  291. package/lib/outbox.js +54 -41
  292. package/lib/pagination.js +11 -15
  293. package/lib/parsers/safe-env.js +5 -4
  294. package/lib/parsers/safe-ini.js +10 -4
  295. package/lib/parsers/safe-toml.js +11 -9
  296. package/lib/parsers/safe-xml.js +3 -3
  297. package/lib/parsers/safe-yaml.js +28 -9
  298. package/lib/pick.js +63 -5
  299. package/lib/pipl-cn.js +69 -59
  300. package/lib/privacy-pass.js +8 -6
  301. package/lib/problem-details.js +2 -5
  302. package/lib/pubsub.js +4 -8
  303. package/lib/queue-local.js +10 -3
  304. package/lib/redact.js +9 -4
  305. package/lib/render.js +4 -2
  306. package/lib/request-helpers.js +334 -29
  307. package/lib/resource-access-lock.js +3 -3
  308. package/lib/restore-bundle.js +46 -18
  309. package/lib/restore-rollback.js +10 -4
  310. package/lib/restore.js +24 -22
  311. package/lib/retention.js +23 -9
  312. package/lib/router.js +17 -4
  313. package/lib/safe-async.js +457 -0
  314. package/lib/safe-buffer.js +137 -6
  315. package/lib/safe-decompress.js +2 -1
  316. package/lib/safe-dns.js +2 -1
  317. package/lib/safe-ical.js +14 -28
  318. package/lib/safe-icap.js +1 -1
  319. package/lib/safe-json.js +51 -8
  320. package/lib/safe-jsonpath.js +6 -5
  321. package/lib/safe-mime.js +25 -29
  322. package/lib/safe-redirect.js +2 -5
  323. package/lib/safe-schema.js +7 -6
  324. package/lib/safe-sieve.js +1 -1
  325. package/lib/safe-sql.js +126 -0
  326. package/lib/safe-vcard.js +13 -27
  327. package/lib/sandbox-worker.js +15 -2
  328. package/lib/sandbox.js +4 -3
  329. package/lib/scheduler.js +22 -13
  330. package/lib/sec-cyber.js +82 -37
  331. package/lib/seeders.js +4 -11
  332. package/lib/self-update-standalone-verifier.js +16 -0
  333. package/lib/self-update.js +92 -69
  334. package/lib/session-device-binding.js +112 -66
  335. package/lib/session.js +219 -7
  336. package/lib/sql.js +228 -81
  337. package/lib/sse.js +6 -10
  338. package/lib/static.js +201 -111
  339. package/lib/storage.js +4 -2
  340. package/lib/structured-fields.js +275 -16
  341. package/lib/template.js +7 -5
  342. package/lib/tenant-quota.js +53 -38
  343. package/lib/tsa.js +16 -17
  344. package/lib/validate-opts.js +154 -8
  345. package/lib/vault/index.js +5 -0
  346. package/lib/vault/passphrase-ops.js +22 -26
  347. package/lib/vault/passphrase-source.js +8 -3
  348. package/lib/vault/rotate.js +13 -18
  349. package/lib/vault/seal-pem-file.js +34 -49
  350. package/lib/vault-aad.js +3 -2
  351. package/lib/vc.js +3 -8
  352. package/lib/vendor/MANIFEST.json +10 -10
  353. package/lib/vendor/public-suffix-list.dat +23 -10
  354. package/lib/vendor/public-suffix-list.data.js +5498 -5494
  355. package/lib/vex.js +35 -13
  356. package/lib/web-push-vapid.js +23 -20
  357. package/lib/webhook-dispatcher.js +706 -0
  358. package/lib/webhook.js +59 -19
  359. package/lib/websocket-channels.js +9 -7
  360. package/lib/websocket.js +8 -4
  361. package/lib/worm.js +3 -4
  362. package/lib/ws-client.js +65 -56
  363. package/lib/x509-chain.js +44 -0
  364. package/package.json +1 -1
  365. package/sbom.cdx.json +6 -6
package/lib/guard-yaml.js CHANGED
@@ -69,7 +69,6 @@ var codepointClass = require("./codepoint-class");
69
69
  var lazyRequire = require("./lazy-require");
70
70
  var gateContract = require("./gate-contract");
71
71
  var C = require("./constants");
72
- var numericBounds = require("./numeric-bounds");
73
72
  var safeYamlLazy = lazyRequire(function () { return require("./parsers/safe-yaml"); });
74
73
  var { GuardYamlError } = require("./framework-error");
75
74
 
@@ -120,10 +119,7 @@ var PROFILES = Object.freeze({
120
119
  leadingZeroPolicy: "reject",
121
120
  duplicateKeyPolicy: "reject",
122
121
  mergeKeyPolicy: "reject",
123
- bidiPolicy: "reject",
124
- controlPolicy: "reject",
125
- nullBytePolicy: "reject",
126
- zeroWidthPolicy: "reject",
122
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
127
123
  safeCoreTagsAllowed: false,
128
124
  maxBytes: C.BYTES.mib(2),
129
125
  maxDepth: 8, // recursion depth, not byte size
@@ -177,37 +173,13 @@ var PROFILES = Object.freeze({
177
173
  },
178
174
  });
179
175
 
180
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
181
- mode: "enforce",
182
- maxRuntimeMs: C.TIME.seconds(10),
183
- }));
184
-
185
- var COMPLIANCE_POSTURES = Object.freeze({
186
- "hipaa": Object.assign({}, PROFILES["strict"], {
187
- forensicSnippetBytes: C.BYTES.bytes(256),
188
- }),
189
- "pci-dss": Object.assign({}, PROFILES["strict"], {
190
- forensicSnippetBytes: C.BYTES.bytes(256),
191
- }),
192
- "gdpr": Object.assign({}, PROFILES["balanced"], {
193
- forensicSnippetBytes: C.BYTES.bytes(128),
194
- }),
195
- "soc2": Object.assign({}, PROFILES["strict"], {
196
- forensicSnippetBytes: C.BYTES.bytes(512),
197
- }),
176
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
177
+ maxRuntimeMs: C.TIME.seconds(10),
198
178
  });
199
179
 
200
- // ---- Helpers ----
180
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
201
181
 
202
- function _resolveOpts(opts) {
203
- return gateContract.resolveProfileAndPosture(opts, {
204
- profiles: PROFILES,
205
- compliancePostures: COMPLIANCE_POSTURES,
206
- defaults: DEFAULTS,
207
- errorClass: GuardYamlError,
208
- errCodePrefix: "yaml",
209
- });
210
- }
182
+ // ---- Helpers ----
211
183
 
212
184
  function _isDangerousTag(tag) {
213
185
  for (var i = 0; i < DANGEROUS_TAG_PREFIXES.length; i += 1) {
@@ -237,16 +209,9 @@ function _scanTags(text) {
237
209
  }
238
210
 
239
211
  function _detectIssues(input, opts) {
240
- var issues = [];
241
- if (typeof input !== "string") {
242
- return [{ kind: "bad-input", severity: "high",
243
- snippet: "input is not a string" }];
244
- }
245
- if (input.length > opts.maxBytes) {
246
- return [{ kind: "too-large", severity: "high", ruleId: "yaml.too-large",
247
- snippet: "input " + input.length +
248
- " bytes exceeds maxBytes " + opts.maxBytes }];
249
- }
212
+ var pre = gateContract.detectStringInput(input, opts, { name: "yaml", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
213
+ if (pre.done) return pre.issues;
214
+ var issues = pre.issues;
250
215
 
251
216
  // 1. Tag-injection scan.
252
217
  var tagHits = _scanTags(input);
@@ -496,21 +461,12 @@ function _detectDuplicateKeysYaml(text) {
496
461
  * rv.ok; // → false
497
462
  * rv.issues.some(function (i) { return i.kind === "dangerous-tag"; }); // → true
498
463
  */
499
- function validate(input, opts) {
500
- opts = _resolveOpts(opts);
501
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
502
- ["maxBytes", "maxDepth", "maxAnchors", "maxAliasDepth",
503
- "maxDocuments", "maxNodes", "maxScalarLength"],
504
- "guardYaml.validate", GuardYamlError, "yaml.bad-opt");
505
- if (typeof input !== "string") {
506
- return {
507
- ok: false,
508
- issues: [{ kind: "bad-input", severity: "high",
509
- snippet: "input is not a string" }],
510
- };
511
- }
512
- return gateContract.aggregateIssues(_detectIssues(input, opts));
513
- }
464
+ // validate is assembled by gateContract.defineGuard from `detect`
465
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
466
+ // input, resolveOpts(opts)))`, with the positive-finite-int opt caps declared
467
+ // via `intOpts`. A non-string input refuses through `_detectIssues`'s own
468
+ // bad-input branch, so the result shape is unchanged. The @primitive block
469
+ // above documents the resulting public ABI.
514
470
 
515
471
  /**
516
472
  * @primitive b.guardYaml.parse
@@ -548,7 +504,13 @@ function validate(input, opts) {
548
504
  * safe.age; // → 30
549
505
  */
550
506
  function parse(input, opts) {
551
- opts = _resolveOpts(opts);
507
+ opts = gateContract.resolveProfileAndPosture(opts, {
508
+ profiles: PROFILES,
509
+ compliancePostures: COMPLIANCE_POSTURES,
510
+ defaults: DEFAULTS,
511
+ errorClass: GuardYamlError,
512
+ errCodePrefix: "yaml",
513
+ });
552
514
  if (typeof input !== "string") {
553
515
  throw _err("yaml.bad-input", "parse requires string input");
554
516
  }
@@ -605,7 +567,9 @@ module.exports = gateContract.defineGuard({
605
567
  mimeTypes: ["application/yaml", "application/x-yaml", "text/yaml", "text/x-yaml"],
606
568
  extensions: [".yml", ".yaml"],
607
569
  integrationFixtures: INTEGRATION_FIXTURES,
608
- validate: validate,
570
+ detect: _detectIssues,
571
+ intOpts: ["maxBytes", "maxDepth", "maxAnchors", "maxAliasDepth",
572
+ "maxDocuments", "maxNodes", "maxScalarLength"],
609
573
  extra: {
610
574
  parse: parse,
611
575
  DANGEROUS_TAG_PREFIXES: DANGEROUS_TAG_PREFIXES,
@@ -110,7 +110,10 @@ function check(html) {
110
110
  html.charCodeAt(i + 1) === 0x21 /* ! */ &&
111
111
  html.charCodeAt(i + 2) === 0x2D &&
112
112
  html.charCodeAt(i + 3) === 0x2D) {
113
- var endComment = html.indexOf("-->", i + 4);
113
+ // WHATWG comment end ("--!>" + abrupt "<!-->" / "<!--->"), not only
114
+ // "-->", so the structural scan agrees with a browser on where the
115
+ // comment ends (the comment-parser differential).
116
+ var endComment = markupTokenizer.htmlCommentEnd(html, i);
114
117
  if (endComment === -1) {
115
118
  var pos = _posToLineColumn(html, i);
116
119
  return {
@@ -121,7 +124,7 @@ function check(html) {
121
124
  column: pos.column,
122
125
  };
123
126
  }
124
- i = endComment + 3;
127
+ i = endComment;
125
128
  continue;
126
129
  }
127
130
 
@@ -218,7 +221,7 @@ function check(html) {
218
221
  // Open tag (or self-closing).
219
222
  if (selfClose || VOID_TAGS[tag]) {
220
223
  // No push.
221
- } else if (RAW_TEXT_TAGS[tag]) {
224
+ } else if (Object.prototype.hasOwnProperty.call(RAW_TEXT_TAGS, tag)) {
222
225
  // Skip raw-text content AND its closing tag entirely. Inside
223
226
  // <script>/<style>/<textarea>/<title> the `<` characters are
224
227
  // text, not markup — re-entering the tag scanner on
@@ -294,6 +297,7 @@ function check(html) {
294
297
  // distinguish a structural problem from a content-safety reject.
295
298
  var lazyRequire = require("./lazy-require");
296
299
  var _guardHtml = lazyRequire(function () { return require("./guard-html"); });
300
+ var markupTokenizer = require("./markup-tokenizer");
297
301
 
298
302
  /**
299
303
  * @primitive b.htmlBalance.checkSafe
@@ -47,6 +47,7 @@ var canonicalJson = require("./canonical-json");
47
47
  var safeUrl = require("./safe-url");
48
48
  var structuredFields = require("./structured-fields");
49
49
  var validateOpts = require("./validate-opts");
50
+ var numericBounds = require("./numeric-bounds");
50
51
  var { HttpClientError } = require("./framework-error");
51
52
 
52
53
  // ---- Tunables ----------------------------------------------------------
@@ -393,18 +394,10 @@ function memoryStore(opts) {
393
394
  if (typeof opts !== "object") {
394
395
  throw _hcErr("httpclient/cache-bad-opts", "memoryStore: opts must be an object");
395
396
  }
396
- if (opts.maxBytes !== undefined &&
397
- (typeof opts.maxBytes !== "number" || !isFinite(opts.maxBytes) ||
398
- opts.maxBytes <= 0 || Math.floor(opts.maxBytes) !== opts.maxBytes)) {
399
- throw _hcErr("httpclient/cache-bad-opts",
400
- "memoryStore: maxBytes must be a positive integer");
401
- }
402
- if (opts.maxEntries !== undefined &&
403
- (typeof opts.maxEntries !== "number" || !isFinite(opts.maxEntries) ||
404
- opts.maxEntries <= 0 || Math.floor(opts.maxEntries) !== opts.maxEntries)) {
405
- throw _hcErr("httpclient/cache-bad-opts",
406
- "memoryStore: maxEntries must be a positive integer");
407
- }
397
+ numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
398
+ "memoryStore: maxBytes", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
399
+ numericBounds.requirePositiveFiniteIntIfPresent(opts.maxEntries,
400
+ "memoryStore: maxEntries", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
408
401
  if (opts.evictionPolicy !== undefined && opts.evictionPolicy !== "lru") {
409
402
  throw _hcErr("httpclient/cache-bad-opts",
410
403
  "memoryStore: evictionPolicy must be 'lru' (got " + JSON.stringify(opts.evictionPolicy) + ")");
@@ -60,9 +60,9 @@
60
60
  * }
61
61
  */
62
62
 
63
- var nodeFs = require("node:fs");
64
63
  var nodePath = require("node:path");
65
64
  var C = require("./constants");
65
+ var atomicFile = require("./atomic-file");
66
66
  var numericBounds = require("./numeric-bounds");
67
67
  var safeAsync = require("./safe-async");
68
68
  var safeJson = require("./safe-json");
@@ -170,10 +170,8 @@ function create(opts) {
170
170
  }
171
171
  var vault = opts.vault || null;
172
172
  if (persist === "vault") {
173
- if (!vault || typeof vault.seal !== "function" || typeof vault.unseal !== "function") {
174
- throw _err("BAD_OPT",
175
- "cookieJar.create: persist: 'vault' requires opts.vault with seal/unseal (pass b.vault)");
176
- }
173
+ validateOpts.requireMethods(vault, ["seal", "unseal"],
174
+ "cookieJar.create: persist: 'vault' opts.vault (pass b.vault)", CookieJarError, "BAD_OPT");
177
175
  }
178
176
  var filePath = null;
179
177
  if (persist === "file") {
@@ -441,7 +439,10 @@ function create(opts) {
441
439
  var rows = getAll();
442
440
  var serialized = JSON.stringify(rows);
443
441
  var blob = vault ? vault.seal(serialized) : serialized;
444
- nodeFs.writeFileSync(filePath, blob);
442
+ // Atomic, symlink-refusing write: a bare writeFileSync follows a symlink
443
+ // planted at filePath (CWE-59) and can leave a torn jar if the process
444
+ // dies mid-write. writeSync stages into a no-follow exclusive temp + renames.
445
+ atomicFile.writeSync(filePath, blob, { fileMode: 0o600 });
445
446
  }
446
447
  var flushScheduler = safeAsync.makeScheduledFlush(flushDebounceMs, function () {
447
448
  if (!filePath) return;
@@ -477,18 +478,36 @@ function create(opts) {
477
478
  // Persist file may be operator-tampered (or vault-sealed) — route through
478
479
  // safeJson with an explicit byte cap so a maliciously-large file can't
479
480
  // OOM the process before the parse fails.
480
- if (filePath && nodeFs.existsSync(filePath)) {
481
+ if (filePath) {
482
+ // Capped fd-bound read (no existsSync check-then-read window): the cap now
483
+ // precedes the file allocation so a maliciously-large persist file can't OOM
484
+ // the process before parse. refuseSymlink+inodeCheck: the jar file is
485
+ // operator-local + may hold a vault-sealed (secret) blob, and is never a
486
+ // k8s-style projected-secret mount. A MISSING file is the normal first run.
487
+ var raw = null;
481
488
  try {
482
- var raw = nodeFs.readFileSync(filePath, "utf8");
483
- var serialized = vault ? vault.unseal(raw) : raw;
484
- if (serialized && serialized.length > 0) {
485
- var rows = safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) });
486
- setFromSerialized(rows);
487
- }
489
+ raw = atomicFile.fdSafeReadSync(filePath, {
490
+ maxBytes: C.BYTES.mib(16), encoding: "utf8", refuseSymlink: true, inodeCheck: true,
491
+ });
488
492
  } catch (e) {
489
- throw _err("LOAD_FAILED",
490
- "cookieJar.create: failed to load persist file '" + filePath + "': " +
491
- (e.message || String(e)));
493
+ if (e && e.code === "ENOENT") { raw = null; } // first run — no persist file yet
494
+ else {
495
+ throw _err("LOAD_FAILED",
496
+ "cookieJar.create: failed to load persist file '" + filePath + "': " +
497
+ (e.message || String(e)));
498
+ }
499
+ }
500
+ if (raw !== null) {
501
+ try {
502
+ var serialized = vault ? vault.unseal(raw) : raw;
503
+ if (serialized && serialized.length > 0) {
504
+ setFromSerialized(safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) }));
505
+ }
506
+ } catch (e) {
507
+ throw _err("LOAD_FAILED",
508
+ "cookieJar.create: failed to load persist file '" + filePath + "': " +
509
+ (e.message || String(e)));
510
+ }
492
511
  }
493
512
  }
494
513