@blamejs/core 0.8.52 → 0.8.58

package/lib/framework-error.js

@@ -378,6 +378,19 @@ var SmtpPolicyError       = defineClass("SmtpPolicyError",       { alwaysPermane
 // record shape, fetch failures, missing keys, alignment issues.
 // Permanent — DNS-config / message-shape errors, not transient.
 var MailAuthError         = defineClass("MailAuthError",         { alwaysPermanent: true });
+// MailArfError covers RFC 5965 Abuse Reporting Format ingest failures:
+// missing required Feedback-Type / User-Agent fields, malformed
+// multipart/report, message/feedback-report MIME-type mismatch, parse
+// errors. Permanent — the report shape is operator-supplied input.
+var MailArfError          = defineClass("MailArfError",          { alwaysPermanent: true });
+// MailBimiError covers RFC 9091 BIMI VMC / CMC chain validation
+// + Tiny-PS SVG profile violations: VMC fetch failures, X.509 chain
+// validation failures, subjectAltName URI / BIMI domain mismatch,
+// missing BIMI policy OID (1.3.6.1.5.5.7.3.31 mark verification),
+// Tiny-PS SVG profile violations (root, version, baseProfile, scripts,
+// external refs, viewBox, byte cap). Permanent — every case is a
+// brand / certificate / asset shape error.
+var MailBimiError         = defineClass("MailBimiError",         { alwaysPermanent: true });
 // SseError covers Server-Sent Events stream-shape violations: newline
 // or CR or NUL injection in event:/id:/data: fields (CVE-2026-33128
 // h3, CVE-2026-29085 Hono, CVE-2026-44217 sse-channel — newline in
@@ -553,10 +566,47 @@ var DaemonError           = defineClass("DaemonError",           { alwaysPermane
 // framework refuses to coerce. Operators wrap the call in their own
 // retry policy when polling against a flaky CDN.
 var SelfUpdateError       = defineClass("SelfUpdateError",       { alwaysPermanent: true });
+// MailUnsubscribeError — b.mail.unsubscribe (lib/mail-unsubscribe.js).
+// RFC 8058 / RFC 2369 / RFC 2919 List-* header builder violations:
+// non-https URL in url/help/archive, non-mailto in mailto/owner,
+// invalid list-id shape per RFC 2919 §3, control bytes / over-length
+// header values. alwaysPermanent — every case is operator-misconfig
+// at config-time the framework refuses to coerce.
+var MailUnsubscribeError  = defineClass("MailUnsubscribeError",  { alwaysPermanent: true });
+// FidoMds3Error — b.auth.fidoMds3 (lib/auth/fido-mds3.js). FIDO MDS3
+// metadata BLOB verification + AAGUID lookup violations: BLOB fetch
+// failure (non-2xx, oversize, network), JWS shape mismatch, certificate
+// chain validation failure against the FIDO Alliance MDS3 root,
+// signature verification failure, payload schema violation
+// (missing entries / nextUpdate / no), nextUpdate parse failure,
+// AAGUID lookup against an authenticator carrying a REVOKED /
+// USER_KEY_PHYSICAL_COMPROMISE / USER_KEY_REMOTE_COMPROMISE status
+// report. alwaysPermanent — every case is configuration / network /
+// signing-shape errors that retry alone won't recover.
+var FidoMds3Error         = defineClass("FidoMds3Error",         { alwaysPermanent: true });
+// PublicSuffixError — b.publicSuffix (lib/public-suffix.js). Bad
+// domain input at lookup time (non-string, empty, overlong, control-
+// byte-bearing, IDN-normalization failure) and missing-vendored-data
+// at module-init are both alwaysPermanent — every case is operator-
+// shaped (caller passed garbage) or packaging-shaped (vendored .dat
+// missing). Codes: `public-suffix/invalid-domain`,
+// `public-suffix/not-loaded`.
+var PublicSuffixError     = defineClass("PublicSuffixError",     { alwaysPermanent: true });
+// MailMdnError — b.mailMdn (lib/mail-mdn.js). RFC 3798 / RFC 8098
+// Message Disposition Notification builder + parser violations: bad
+// opts at build/parse, malformed multipart/report shape, missing
+// required fields (Original-Recipient / Final-Recipient / Disposition),
+// disposition / action-mode / sending-mode token allowlist drift,
+// auto-generation refusal when the inbound message demanded user
+// confirmation (RFC 3798 §2.1) and the operator did not opt in.
+// alwaysPermanent — every case is operator-shape or message-shape
+// errors that retry will not recover.
+var MailMdnError          = defineClass("MailMdnError",          { alwaysPermanent: true });
 
 module.exports = {
   FrameworkError:         FrameworkError,
   defineClass:            defineClass,
+  MailUnsubscribeError:   MailUnsubscribeError,
   ObjectStoreError:       ObjectStoreError,
   LogStreamError:         LogStreamError,
   QueueError:             QueueError,
@@ -613,6 +663,8 @@ module.exports = {
   ComplianceError:        ComplianceError,
   SmtpPolicyError:        SmtpPolicyError,
   MailAuthError:          MailAuthError,
+  MailArfError:           MailArfError,
+  MailBimiError:          MailBimiError,
   SseError:               SseError,
   McpError:               McpError,
   AiInputError:           AiInputError,
@@ -641,4 +693,7 @@ module.exports = {
   ArgParserError:         ArgParserError,
   DaemonError:            DaemonError,
   SelfUpdateError:        SelfUpdateError,
+  FidoMds3Error:          FidoMds3Error,
+  PublicSuffixError:      PublicSuffixError,
+  MailMdnError:           MailMdnError,
 };

package/lib/guard-cidr.js

@@ -48,6 +48,7 @@ var lazyRequire = require("./lazy-require");
 var gateContract = require("./gate-contract");
 var C = require("./constants");
 var numericBounds = require("./numeric-bounds");
+var safeBuffer = require("./safe-buffer");
 var { GuardCidrError } = require("./framework-error");
 
 var observability = lazyRequire(function () { return require("./observability"); });
@@ -202,7 +203,7 @@ function _parseIpv6(s) {
     var out = [];
     for (var i = 0; i < parts.length; i += 1) {
       var p = parts[i];
-      if (!/^[0-9a-fA-F]{1,4}$/.test(p)) return null;
+      if (!safeBuffer.IPV6_HEXTET_RE.test(p)) return null;
       out.push(p.toLowerCase());
     }
     return out;

package/lib/guard-jwt.js

@@ -437,7 +437,7 @@ function _detectIssues(input, opts) {
  * @since      0.7.49
  * @status     stable
  * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardJwt.sanitize, b.guardJwt.gate, b.auth.jwt.verifyExternal
+ * @related    b.guardJwt.sanitize, b.guardJwt.gate
  *
  * Apply the full guard-jwt threat catalog to a JWT compact-
  * serialization string. Returns `{ ok, issues, refusal? }` per
@@ -697,7 +697,7 @@ var loadRulePack = _jwtRulePacks.load;
  * @since      0.7.49
  * @status     stable
  * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardJwt.validate, b.auth.jwt.verifyExternal
+ * @related    b.guardJwt.validate
  *
  * Throw on any `kid` value that contains path-traversal indicators
  * (`..`, `/`, `\`, percent-encoded variants) or non-printable

package/lib/guard-oauth.js

@@ -349,7 +349,7 @@ function _detectIssues(flow, opts) {
  * @since      0.7.49
  * @status     stable
  * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardOauth.sanitize, b.guardOauth.gate, b.auth.oauth
+ * @related    b.guardOauth.sanitize, b.guardOauth.gate
  *
  * Apply the full guard-oauth threat catalog to a flow bundle.
  * Returns `{ ok, issues, refusal? }` per
@@ -461,7 +461,7 @@ function sanitize(input, opts) {
  * @since      0.7.49
  * @status     stable
  * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardOauth.validate, b.guardOauth.sanitize, b.auth.oauth
+ * @related    b.guardOauth.validate, b.guardOauth.sanitize
  *
  * Build a `gateContract.buildGuardGate`-shaped gate that pulls
  * `ctx.oauthFlow` (or `ctx.flow`) and dispatches to `validate`.