@blamejs/core 0.7.83 → 0.7.85

package/CHANGELOG.md

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 
 ## v0.7.x
 
+- **0.7.85** (2026-05-06) — `b.auth.statusList` — OAuth Token Status List (draft-ietf-oauth-status-list-20). The canonical credential-revocation mechanism for SD-JWT VC and OpenID for Verifiable Credentials. An issuer publishes a JWT-wrapped bitstring at a URL; relying parties fetch + check the bit at index N to determine if the credential whose `status_list` claim points at that URL+index is valid / invalid / suspended / application-specific. **`b.auth.statusList.create({ size, bits?, fill? })`** allocates a bit-packed buffer (`bits` ∈ {1, 2, 4, 8} per draft §6.1.1, default 1). The returned object exposes `.set(idx, status)` / `.get(idx)` / `.snapshot()` / `.toJwt({ issuer, subject, privateKey, algorithm, expiresInSec?, ... })`. **`b.auth.statusList.fromJwt(token, { publicKey | keyResolver, algorithms?, expectedIssuer?, ... })`** verifies the JWT through `b.auth.jwt.verify` and returns `{ list, claims }` — the list exposes `.get(idx)` to check status of an individual credential without decompressing into a separate Buffer. The bitstring is zlib-deflated (RFC 1951 raw deflate per draft §6.1.4) before base64url encoding so a million-entry list collapses to ~125 KB on the wire when most bits are zero. Caps the compressed payload at 1 MiB; operators publishing larger lists shard. Status constants exported as `b.auth.statusList.STATUS_{VALID,INVALID,SUSPENDED,APPLICATION_SPECIFIC}`. Foundational for the v0.7.58 EU AI Act + eIDAS 2.0 wallet slice.
+
+- **0.7.84** (2026-05-06) — `b.crypto.sri(content, { algorithm? })` — Subresource Integrity hash builder per W3C SRI 1.0. Operators emit `<script integrity="sha384-...">` and `<link integrity="sha384-...">` to defend against CDN compromise + ISP MITM injection — the browser refuses to load a resource whose actual hash diverges from the integrity attribute. Default algorithm is `sha384` (W3C §3.2 — collision margin without sha512's 64-byte overhead); `sha256` and `sha512` also accepted, anything else refused. Accepts `Buffer` / `Uint8Array` / `string` / array of those — array inputs emit multiple space-separated integrity tokens per W3C §3.3 multi-integrity (browser picks the strongest it recognizes). Returns the standard `sha###-<base64>` format ready to paste into the `integrity=""` attribute.
+
 - **0.7.83** (2026-05-06) — `b.auth.oauth.endSessionUrl()` (OpenID Connect RP-Initiated Logout) + `b.auth.oauth.pushAuthorizationRequest()` (RFC 9126 PAR). **`endSessionUrl({ idTokenHint?, postLogoutRedirectUri?, state?, logoutHint?, uiLocales?, clientId?, extraParams? })`** builds the URL the operator's `/logout` route redirects the user-agent to so the IdP terminates the session and bounces back to the operator's app. The IdP's `end_session_endpoint` is read from the OIDC discovery document or operator-supplied at `create({ endSessionEndpoint })`. **`pushAuthorizationRequest({ state?, nonce?, prompt?, loginHint?, maxAge?, extraParams? })`** POSTs the authorization-request parameters directly to the IdP's PAR endpoint (mTLS or client-secret authenticated) and returns `{ url, state, nonce, verifier, challenge, requestUri, expiresIn }` — the browser-side redirect URL is `<authorizationEndpoint>?client_id=...&request_uri=...`. Defends against authorization-request parameter tampering by an MITM at the user-agent + against URL-length overflow on long authorization requests (request_uri reference is short). The PAR endpoint is read from the discovery doc's `pushed_authorization_request_endpoint` or operator-supplied at `create({ pushedAuthorizationRequestEndpoint })`. Both helpers throw `auth-oauth/no-end-session-endpoint` / `auth-oauth/no-par-endpoint` when neither the discovery doc nor the operator opts supply the endpoint.
 
 - **0.7.82** (2026-05-06) — `b.mail.bimi` — BIMI record builder + verifier (RFC 9091). BIMI publishes a sender's brand logo URL in DNS so receiving MTAs can render it next to the message in supported clients (Gmail, Yahoo, Apple Mail). **`b.mail.bimi.recordShape({ logoUrl, vmcUrl?, selector? })`** produces the canonical `v=BIMI1; l=https://...; a=https://...` TXT-record string per RFC 9091 §4. Both `l=` (SVG logo URL) and `a=` (Verified Mark Certificate URL per RFC 9091 §6) are HTTPS-required (refuses `http://`). All field values are CR/LF/NUL/semicolon-screened so a hostile URL can't inject a record-separator into the published TXT. **`b.mail.bimi.fetchPolicy(domain, { selector?, dnsLookup? })`** queries `<selector>._bimi.<domain>` (default selector `"default"`) and returns the structured record `{ v, l, a }` or `null` when no policy is published / record is malformed. **`b.mail.bimi.parseRecord(text)`** parses any operator-supplied TXT body — semicolon-separated `key=value` pairs per RFC 9091 §4. The framework does NOT validate the SVG / VMC contents against the RFC §5/§6 profiles — operators feed those to their own asset pipeline; the fetch primitive is a thin DNS lookup that returns the structured record so an operator dashboard or SMTP send-time preflight can verify the publication. BIMI is layered on a passing DMARC posture (the receiver requires DMARC quarantine/reject); operators with the existing `b.mail.dmarc` posture set up benefit from BIMI rendering immediately on receivers that honor it.

package/index.js

@@ -139,6 +139,7 @@ var auth = {
   lockout:  require("./lib/auth/lockout"),
   dpop:     require("./lib/auth/dpop"),
   aal:      require("./lib/auth/aal"),
+  statusList: require("./lib/auth/status-list"),
 };
 var template = require("./lib/template");
 var render = require("./lib/render");

package/lib/auth/status-list.js

@@ -0,0 +1,271 @@
+"use strict";
+/**
+ * OAuth Token Status List (draft-ietf-oauth-status-list-20).
+ *
+ * An issuer publishes a JWT-wrapped bitstring at a URL; relying
+ * parties fetch + check the bit at index N to determine if the
+ * credential whose `status_list` claim points at that URL + index
+ * has been revoked / suspended / is still valid. The format is the
+ * canonical replacement for the older "status list" mechanisms in
+ * SD-JWT VC and OpenID for Verifiable Credentials.
+ *
+ * Status values per draft §4.2:
+ *   0 = VALID
+ *   1 = INVALID
+ *   2 = SUSPENDED
+ *   3 = APPLICATION_SPECIFIC
+ *   ... (1-bit / 2-bit / 4-bit / 8-bit `bits` size — operator picks)
+ *
+ *   var list = b.auth.statusList.create({ size: 1024, bits: 1 });
+ *   list.set(42, 1);                                  // mark idx 42 INVALID
+ *   var jwt = await list.toJwt({
+ *     issuer:     "https://issuer.example.com",
+ *     subject:    "https://issuer.example.com/status/list/1",
+ *     privateKey: env("STATUS_LIST_PRIVATE_KEY_PEM"),
+ *     algorithm:  "ML-DSA-87",      // matches b.auth.jwt's PQC default
+ *   });
+ *
+ *   // Receive side:
+ *   var rv = await b.auth.statusList.fromJwt(jwt, { publicKey: pem });
+ *   rv.list.get(42)   // → 1 (INVALID)
+ *
+ * The JWT payload shape per draft §6.1:
+ *   {
+ *     iss: "<issuer>",
+ *     sub: "<this-list-uri>",
+ *     iat: <issued-at>,
+ *     exp: <optional-expires>,
+ *     ttl: <optional-cache-ttl>,
+ *     status_list: { bits: 1|2|4|8, lst: "<base64url(zlib(bitstring))>" },
+ *   }
+ *
+ * The bitstring is zlib-deflated (RFC 1951 raw deflate per draft
+ * §6.1.4) before base64url encoding so a million-entry list collapses
+ * to a few KB on the wire when most bits are zero.
+ */
+
+var nodeCrypto = require("crypto");
+var zlib = require("node:zlib");
+var safeJson = require("../safe-json");
+var validateOpts = require("../validate-opts");
+var C = require("../constants");
+var jwt = require("./jwt");
+var { defineClass } = require("../framework-error");
+
+var StatusListError = defineClass("StatusListError", { alwaysPermanent: true });
+
+var SUPPORTED_BIT_SIZES = { 1: 1, 2: 1, 4: 1, 8: 1 };                            // allow:raw-byte-literal — bit-size enum (1/2/4/8 bits per status), not bytes
+var STATUS_VALID                = 0;
+var STATUS_INVALID              = 1;
+var STATUS_SUSPENDED            = 2;
+var STATUS_APPLICATION_SPECIFIC = 3;
+
+// Cap the on-the-wire compressed payload at 1 MiB (a million 1-bit
+// entries compress to ~125 KB when most are zero; 8 MiB on the wire
+// is more than the spec's expected use). Operators publishing larger
+// status lists should shard.
+var MAX_LIST_BYTES = C.BYTES.mib(1);
+
+function _b64url(buf) {
+  return buf.toString("base64").replace(/=+$/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+
+function _fromB64url(s) {
+  var padded = s.replace(/-/g, "+").replace(/_/g, "/");
+  while (padded.length % 4) padded += "=";                                       // allow:raw-byte-literal — base64 quartet padding
+  return Buffer.from(padded, "base64");
+}
+
+function _validateBits(bits) {
+  if (!SUPPORTED_BIT_SIZES[bits]) {
+    throw new StatusListError("status-list/bad-bits",
+      "statusList: bits must be 1, 2, 4, or 8 (draft §6.1.1) — got " + bits);
+  }
+}
+
+function _validateStatus(status, bits) {
+  if (typeof status !== "number" || !isFinite(status) || status < 0 || (status >> 0) !== status) {
+    throw new StatusListError("status-list/bad-status",
+      "statusList: status must be a non-negative integer — got " + status);
+  }
+  var max = (1 << bits) - 1;
+  if (status > max) {
+    throw new StatusListError("status-list/bad-status",
+      "statusList: status " + status + " exceeds bits=" + bits + " ceiling " + max);
+  }
+}
+
+function create(opts) {
+  validateOpts.requireObject(opts, "statusList.create", StatusListError);
+  validateOpts(opts, ["size", "bits", "fill"], "statusList.create");
+  var size = opts.size;
+  if (typeof size !== "number" || !isFinite(size) || size <= 0 || (size >> 0) !== size) {
+    throw new StatusListError("status-list/bad-size",
+      "statusList.create: size must be a positive integer — got " + size);
+  }
+  var bits = opts.bits === undefined ? 1 : opts.bits;
+  _validateBits(bits);
+  // Allocate the bit-packed buffer up front. byteCount = ceil(size*bits/8).
+  var bitBytes = Math.ceil((size * bits) / 8);                                   // allow:raw-byte-literal — bits-per-byte conversion
+  var bytes = Buffer.alloc(bitBytes);
+  if (opts.fill !== undefined && opts.fill !== 0) {
+    _validateStatus(opts.fill, bits);
+    for (var i = 0; i < size; i += 1) _setAt(bytes, bits, i, opts.fill);
+  }
+
+  function set(idx, status) {
+    if (typeof idx !== "number" || idx < 0 || idx >= size || (idx >> 0) !== idx) {
+      throw new StatusListError("status-list/bad-index",
+        "statusList.set: idx out of range — got " + idx + ", size=" + size);
+    }
+    _validateStatus(status, bits);
+    _setAt(bytes, bits, idx, status);
+  }
+
+  function get(idx) {
+    if (typeof idx !== "number" || idx < 0 || idx >= size || (idx >> 0) !== idx) {
+      throw new StatusListError("status-list/bad-index",
+        "statusList.get: idx out of range — got " + idx + ", size=" + size);
+    }
+    return _getAt(bytes, bits, idx);
+  }
+
+  function snapshot() {
+    return { size: size, bits: bits, bytes: Buffer.from(bytes) };
+  }
+
+  // ---- JWT issuance ----
+  // Returns the canonical JWT payload + signed compact form per
+  // draft §6.1. The signing key is operator-supplied; the framework
+  // wraps b.auth.jwt.sign with the status-list-specific claim shape.
+  async function toJwt(jwtOpts) {
+    validateOpts.requireObject(jwtOpts, "statusList.toJwt", StatusListError);
+    validateOpts(jwtOpts, [
+      "issuer", "subject", "privateKey", "algorithm",
+      "expiresInSec", "notBeforeSec", "now", "ttl",
+    ], "statusList.toJwt");
+    validateOpts.requireNonEmptyString(jwtOpts.issuer,
+      "statusList.toJwt: issuer", StatusListError, "status-list/bad-issuer");
+    validateOpts.requireNonEmptyString(jwtOpts.subject,
+      "statusList.toJwt: subject", StatusListError, "status-list/bad-subject");
+    var deflated = zlib.deflateRawSync(bytes);
+    if (deflated.length > MAX_LIST_BYTES) {
+      throw new StatusListError("status-list/too-large",
+        "statusList.toJwt: compressed list exceeds " + MAX_LIST_BYTES + " bytes — shard the list");
+    }
+    var lst = _b64url(deflated);
+    var claims = {
+      iss:         jwtOpts.issuer,
+      sub:         jwtOpts.subject,
+      status_list: { bits: bits, lst: lst },
+    };
+    if (typeof jwtOpts.ttl === "number") claims.ttl = jwtOpts.ttl;
+    return await jwt.sign(claims, {
+      privateKey:   jwtOpts.privateKey,
+      algorithm:    jwtOpts.algorithm,
+      typ:          "statuslist+jwt",
+      expiresInSec: jwtOpts.expiresInSec,
+      notBeforeSec: jwtOpts.notBeforeSec,
+      now:          jwtOpts.now,
+    });
+  }
+
+  return {
+    set:        set,
+    get:        get,
+    size:       size,
+    bits:       bits,
+    snapshot:   snapshot,
+    toJwt:      toJwt,
+  };
+}
+
+// ---- bit-packed helpers ----
+
+function _setAt(bytes, bits, idx, status) {
+  if (bits === 8) { bytes[idx] = status & 0xff; return; }                        // allow:raw-byte-literal — byte mask
+  var bitOffset = idx * bits;
+  var byteIdx   = Math.floor(bitOffset / 8);                                     // allow:raw-byte-literal — bits-per-byte
+  var bitInByte = bitOffset % 8;                                                 // allow:raw-byte-literal — bits-per-byte
+  var mask      = ((1 << bits) - 1) << bitInByte;
+  bytes[byteIdx] = (bytes[byteIdx] & ~mask) | ((status << bitInByte) & mask);
+}
+
+function _getAt(bytes, bits, idx) {
+  if (bits === 8) return bytes[idx];                                             // allow:raw-byte-literal — 8-bit fast path
+  var bitOffset = idx * bits;
+  var byteIdx   = Math.floor(bitOffset / 8);                                     // allow:raw-byte-literal — bits-per-byte
+  var bitInByte = bitOffset % 8;                                                 // allow:raw-byte-literal — bits-per-byte
+  var mask      = (1 << bits) - 1;
+  return (bytes[byteIdx] >> bitInByte) & mask;
+}
+
+// ---- JWT verification ----
+
+async function fromJwt(token, opts) {
+  validateOpts.requireObject(opts, "statusList.fromJwt", StatusListError);
+  if (typeof token !== "string" || token.length === 0) {
+    throw new StatusListError("status-list/bad-token",
+      "statusList.fromJwt: token must be a non-empty string");
+  }
+  // Verify the JWT signature using the framework's b.auth.jwt verifier.
+  // Allow operator-supplied algorithms (defaults to PQC list).
+  var claims = await jwt.verify(token, {
+    publicKey:    opts.publicKey,
+    keyResolver:  opts.keyResolver,
+    algorithms:   opts.algorithms,
+    issuer:       opts.expectedIssuer,
+    audience:     opts.expectedAudience,
+    clockToleranceSec: opts.clockToleranceSec,
+    now:          opts.now,
+  });
+  var sl = claims.status_list;
+  if (!sl || typeof sl !== "object" || typeof sl.lst !== "string") {
+    throw new StatusListError("status-list/bad-claims",
+      "statusList.fromJwt: payload missing status_list.lst (draft §6.1)");
+  }
+  var bits = sl.bits === undefined ? 1 : sl.bits;
+  _validateBits(bits);
+  var deflated;
+  try { deflated = _fromB64url(sl.lst); }
+  catch (e) {
+    throw new StatusListError("status-list/bad-base64",
+      "statusList.fromJwt: lst is not valid base64url: " + ((e && e.message) || String(e)));
+  }
+  if (deflated.length > MAX_LIST_BYTES) {
+    throw new StatusListError("status-list/too-large",
+      "statusList.fromJwt: compressed list exceeds " + MAX_LIST_BYTES + " bytes");
+  }
+  var inflated;
+  try { inflated = zlib.inflateRawSync(deflated, { maxOutputLength: MAX_LIST_BYTES * 8 }); }      // allow:raw-byte-literal — 8x compression-ratio cap
+  catch (e) {
+    throw new StatusListError("status-list/inflate-failed",
+      "statusList.fromJwt: zlib inflate failed: " + ((e && e.message) || String(e)));
+  }
+  // Reconstruct the list object pointing at the inflated bytes.
+  var size = (inflated.length * 8) / bits;                                       // allow:raw-byte-literal — bits-per-byte
+  return {
+    list: {
+      size:     size,
+      bits:     bits,
+      get:      function (idx) { return _getAt(inflated, bits, idx); },
+      snapshot: function () { return { size: size, bits: bits, bytes: Buffer.from(inflated) }; },
+    },
+    claims: claims,
+  };
+}
+
+// Provide structured-error helpers so a tree-shake-friendly consumer
+// can write switch(status) { case b.auth.statusList.STATUS_VALID: ... }.
+void safeJson;                                                                   // imported for symmetry; reserved for future helpers
+void nodeCrypto;
+
+module.exports = {
+  create:      create,
+  fromJwt:     fromJwt,
+  STATUS_VALID:                 STATUS_VALID,
+  STATUS_INVALID:               STATUS_INVALID,
+  STATUS_SUSPENDED:             STATUS_SUSPENDED,
+  STATUS_APPLICATION_SPECIFIC:  STATUS_APPLICATION_SPECIFIC,
+  StatusListError:              StatusListError,
+};

package/lib/crypto.js

@@ -95,6 +95,46 @@ function kdf(input, outputLength) { return hash(input, "shake256", outputLength)
 function generateBytes(byteLength) { return Buffer.from(random(byteLength)); }
 function generateToken(byteLength) { return random(byteLength || 32).toString("hex"); }
 
+// ---- Subresource Integrity (W3C SRI 1.0) ----
+//
+// b.crypto.sri(content, { algorithm? }) — returns a `sha###-base64`
+// integrity attribute string operators paste into <script integrity="...">
+// or <link integrity="..."> tags. Defends against CDN compromise + ISP
+// MITM injection — the browser refuses to load the resource when its
+// hash diverges from the integrity attribute.
+//
+// W3C SRI 1.0 §3.2 lists sha256 / sha384 / sha512 as the supported
+// digest algorithms; sha384 is the recommended default (collision
+// margin without sha512's 64-byte overhead).
+//
+//   b.crypto.sri(scriptBuffer, { algorithm: "sha384" })
+//   → "sha384-AbCdEf...="
+//
+//   b.crypto.sri(["a", "b"], { algorithm: "sha384" })   // array → multi-hash
+//   → "sha384-X1... sha384-X2..."   (per W3C §3.3 multi-integrity)
+var SRI_ALGORITHMS = { "sha256": "sha256", "sha384": "sha384", "sha512": "sha512" };
+
+function sri(content, opts) {
+  opts = opts || {};
+  var algorithm = (opts.algorithm || "sha384").toLowerCase();
+  if (!SRI_ALGORITHMS[algorithm]) {
+    throw new Error("crypto.sri: unsupported algorithm '" + algorithm +
+      "' (W3C SRI 1.0 §3.2 supports sha256/sha384/sha512)");
+  }
+  // Array input — emit multiple integrity tokens space-separated per
+  // W3C §3.3 (browser picks the strongest one it recognizes).
+  if (Array.isArray(content)) {
+    return content.map(function (c) { return sri(c, opts); }).join(" ");
+  }
+  var buf;
+  if (Buffer.isBuffer(content)) buf = content;
+  else if (typeof content === "string") buf = Buffer.from(content, "utf8");
+  else if (content instanceof Uint8Array) buf = Buffer.from(content);
+  else throw new Error("crypto.sri: content must be a Buffer, Uint8Array, string, or array of those");
+  var digest = nodeCrypto.createHash(algorithm).update(buf).digest("base64");
+  return algorithm + "-" + digest;
+}
+
 // ---- Key generation ----
 function generateEncryptionKeyPair() {
   var mlkem = generateKeyPair("ml-kem-1024");
@@ -454,6 +494,7 @@ var SUPPORTED_KEM_ALGORITHMS = Object.freeze([
 ]);
 
 module.exports = {
+  sri:                          sri,
   // Hashing
   sha3Hash:                    sha3Hash,
   hmacSha3:                    hmacSha3,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.7.83",
+  "version": "0.7.85",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cyclonedx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:2bb408b6-50d7-4fb3-acf9-332f7472bd70",
+  "serialNumber": "urn:uuid:c3167b3e-7af4-4368-b131-46f9d9c44ccc",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-06T06:03:44.811Z",
+    "timestamp": "2026-05-06T06:22:16.402Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.7.83",
+      "bom-ref": "@blamejs/core@0.7.85",
       "type": "library",
       "name": "blamejs",
-      "version": "0.7.83",
+      "version": "0.7.85",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.7.83",
+      "purl": "pkg:npm/%40blamejs/core@0.7.85",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.7.83",
+      "ref": "@blamejs/core@0.7.85",
       "dependsOn": []
     }
   ]