@blamejs/core 0.8.72 → 0.8.77

package/lib/cra-report.js

@@ -189,7 +189,111 @@ function create(opts) {
   };
 }
 
+/**
+ * @primitive b.cra.conformityAssessment
+ * @signature b.cra.conformityAssessment(opts)
+ * @since     0.8.77
+ *
+ * EU Cyber Resilience Act (Regulation 2024/2847) — Annex VIII
+ * conformity-assessment dossier scaffold. Returns the structured
+ * JSON document operators submit to the notified body (Module B/C/D/H
+ * route per Annex VII) or self-attest under Annex VI (default for
+ * non-critical products). The framework auto-fills sections it can
+ * derive from the runtime — SBOM (`sbom.cdx.json` + `sbom.vendored.cdx.json`),
+ * vulnerability-handling process (CVD per RFC 9116 + SECURITY.md),
+ * security-by-design defaults (cite SECURITY.md threat-model
+ * section), end-of-life schedule (operator-supplied) — and leaves
+ * Annex I Part II essential-cybersecurity-requirements mapping for
+ * the operator to fill (it's product-specific).
+ *
+ * Enforcement: products placed on the EU market on/after 2027-12-11
+ * require a CE marking that depends on this dossier. Notified-body
+ * review takes 60-90 days for self-certifying products. Run this
+ * primitive at release time + commit the output under `compliance/cra/`.
+ *
+ * @opts
+ *   {
+ *     manufacturer:    { name, address, contact },
+ *     product:         { name, identifier, version, description },
+ *     classification:  "default" | "important-class-I" | "important-class-II" | "critical",
+ *     sbomPaths:       string[],     // paths to attached SBOMs
+ *     supportEnd:      string,       // ISO date — manufacturer support cessation
+ *     vulnDisclosurePolicy?: string,  // URL to /.well-known/security.txt or VDP
+ *     essentialReqMapping?: object,   // operator-supplied Annex I Part II mapping
+ *   }
+ *
+ * @example
+ *   var dossier = b.cra.conformityAssessment({
+ *     manufacturer: { name: "Acme Inc.", address: "1 St", contact: "ce@acme.example" },
+ *     product:      { name: "Widget Pro", identifier: "WID-001", version: "1.0", description: "..." },
+ *     classification: "default",
+ *     supportEnd:    "2032-12-31",
+ *   });
+ */
+function conformityAssessment(opts) {
+  if (!opts || typeof opts !== "object") {
+    throw new CraReportError("cra-report/bad-conformity-opts",
+      "conformityAssessment: opts required");
+  }
+  if (!opts.manufacturer || typeof opts.manufacturer.name !== "string") {
+    throw new CraReportError("cra-report/no-manufacturer",
+      "conformityAssessment: opts.manufacturer.name required");
+  }
+  if (!opts.product || typeof opts.product.name !== "string") {
+    throw new CraReportError("cra-report/no-product",
+      "conformityAssessment: opts.product.name required");
+  }
+  var classification = opts.classification || "default";
+  var validClasses = ["default", "important-class-I", "important-class-II", "critical"];
+  if (validClasses.indexOf(classification) === -1) {
+    throw new CraReportError("cra-report/bad-classification",
+      "conformityAssessment: classification must be one of " + validClasses.join(", "));
+  }
+  return {
+    "$schema":      "https://blamejs.com/schema/cra-conformity-assessment-v1.json",
+    regulation:     "EU 2024/2847 (Cyber Resilience Act)",
+    annex:          "Annex VIII (technical documentation)",
+    generatedAt:    new Date().toISOString(),
+    manufacturer:   opts.manufacturer,
+    product:        opts.product,
+    classification: classification,
+    assessmentRoute:
+      classification === "default"             ? "Module A (Annex VI — internal control)" :
+      classification === "important-class-I"   ? "Module B+C (Annex VII — EU-type examination)" :
+      classification === "important-class-II"  ? "Module H (Annex VII — full quality assurance)" :
+                                                  "Module H + notified-body for critical (Annex VII)",
+    sections: {
+      annexI_part1_essentialRequirements: {
+        status: "operator-supplied",
+        mapping: opts.essentialReqMapping || null,
+        note:    "Annex I Part I essential cybersecurity requirements — operator supplies the mapping",
+      },
+      annexI_part2_vulnerabilityHandling: {
+        status: "framework-derived",
+        sbomAttached: Array.isArray(opts.sbomPaths) ? opts.sbomPaths : ["sbom.cdx.json", "sbom.vendored.cdx.json"],
+        vulnDisclosurePolicy: opts.vulnDisclosurePolicy || "https://blamejs.com/.well-known/security.txt",
+        cvdProcess:           "Coordinated Vulnerability Disclosure per ISO/IEC 29147 + 30111",
+        incidentReporter:     "b.cra (24h early warning + 14d intermediate + 1m final per Art 14)",
+      },
+      annexII_userInformation: {
+        status: "operator-supplied",
+        note:   "Operator emits per-product handover docs",
+      },
+      supportPeriod: {
+        end:  opts.supportEnd || null,
+        note: "Manufacturer support-cessation date triggers end-of-life obligations per Art 13(8)",
+      },
+    },
+    declarations: {
+      ceMarking:           classification === "critical" ? "requires notified body" : "self-attest eligible",
+      eolNotification:     "Manufacturer commits to 60-day pre-EOL notification per Art 13(8)",
+      vulnReporting:       "Active exploitation reported within 24h to ENISA per Art 14(2)",
+    },
+  };
+}
+
 module.exports = {
-  create:           create,
-  CraReportError:   CraReportError,
+  create:                 create,
+  conformityAssessment:   conformityAssessment,
+  CraReportError:         CraReportError,
 };

package/lib/crypto-field.js

@@ -895,6 +895,11 @@ module.exports = {
   getSealedFields:  getSealedFields,
   sealRow:          sealRow,
   unsealRow:        unsealRow,
+  // Doc-shaped aliases — operators / tests preparing a JS document
+  // object (vs. a SQL row) reach for sealDoc / unsealDoc naming. Same
+  // function, identical shape, returns a new object (input untouched).
+  sealDoc:          sealRow,
+  unsealDoc:        unsealRow,
   eraseRow:         eraseRow,
   applyPosture:     applyPosture,
   getActivePosture: getActivePosture,

package/lib/dsr.js

@@ -1071,6 +1071,100 @@ function dbTicketStore(opts) {
   };
 }
 
+// ---- v0.8.77 — US state-law DSR drift registry -------------------
+//
+// Each US state consumer-privacy law expresses the same DSR core
+// (access / deletion / correction / portability) but with per-state
+// drift on three knobs: cure-period (days between operator-receipt
+// and statutory-deadline-to-respond), profiling-opt-out
+// (right-to-limit-automated-decision-making variants), and minor-
+// consent (age threshold + opt-in vs. opt-out vs. parental-VPC).
+//
+// `b.dsr.stateRules(state)` returns the metadata; operators feed it
+// into their own DSR ticket-routing layer to surface "this VA
+// resident's correction request must be acknowledged within 45 days
+// with one 45-day extension".
+
+// State DSR rule table — `responseDays` / `extensionDays` / `cureDays`
+// are integer day-counts from per-state statutes (not durations in
+// seconds/ms). allow:raw-time-literal — statute-defined day counts.
+var STATE_RULES = Object.freeze({
+  "vcdpa":     { posture: "vcdpa",     state: "VA", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Cure right sunset 2025-01-01" },                                                                          // allow:raw-time-literal
+  "co-cpa":    { posture: "co-cpa",    state: "CO", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Cure right sunset 2025-01-01; UOOM (GPC) mandatory" },                                                    // allow:raw-time-literal
+  "ctdpa":     { posture: "ctdpa",     state: "CT", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Cure right sunset 2025-01-01; GPC mandatory" },                                                           // allow:raw-time-literal
+  "ucpa":      { posture: "ucpa",      state: "UT", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: false, minorOptIn: 13,  notes: "Narrowest scope; no cure-period sunset" },                                                                // allow:raw-time-literal
+  "tdpsa":     { posture: "tdpsa",     state: "TX", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Small-business carve-out applies" },                                                                      // allow:raw-time-literal
+  "or-cpa":    { posture: "or-cpa",    state: "OR", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Specific-third-party-name DSR enhancement" },                                                             // allow:raw-time-literal
+  "mt-cdpa":   { posture: "mt-cdpa",   state: "MT", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Cure period sunsets 2026-04-01" },                                                                        // allow:raw-time-literal
+  "ia-icdpa":  { posture: "ia-icdpa",  state: "IA", responseDays: 90, extensionDays: 45, cureDays: 90,  profilingOptOut: false, minorOptIn: null, notes: "Weakest framework — longest response, no profiling opt-out" },                                            // allow:raw-time-literal
+  "in-indpa":  { posture: "in-indpa",  state: "IN", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-01-01" },                                                                                  // allow:raw-time-literal
+  "de-dpdpa":  { posture: "de-dpdpa",  state: "DE", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-01-01" },                                                                                  // allow:raw-time-literal
+  "nh-nhpa":   { posture: "nh-nhpa",   state: "NH", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-01-01; cure right sunset 2026-01-01" },                                                    // allow:raw-time-literal
+  "nj-njdpa":  { posture: "nj-njdpa",  state: "NJ", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 17,  notes: "Under-17 opt-in default" },                                                                                // allow:raw-time-literal
+  "ky-kcdpa":  { posture: "ky-kcdpa",  state: "KY", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-01-01" },                                                                                  // allow:raw-time-literal
+  "tn-tipa":   { posture: "tn-tipa",   state: "TN", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "NIST CSF safe-harbor available" },                                                                        // allow:raw-time-literal
+  "mn-mncdpa": { posture: "mn-mncdpa", state: "MN", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-07-31; profiling opt-out for consequential decisions" },                                   // allow:raw-time-literal
+  "ri-ricpa":  { posture: "ri-ricpa",  state: "RI", responseDays: 45, extensionDays: 45, cureDays: 0,   profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2026-01-01; no cure period" },                                                                  // allow:raw-time-literal
+  "ne-dpa":    { posture: "ne-dpa",    state: "NE", responseDays: 45, extensionDays: 45, cureDays: 30,  profilingOptOut: true,  minorOptIn: 13,  notes: "Effective 2025-01-01" },                                                                                  // allow:raw-time-literal
+  "nv-sb370":  { posture: "nv-sb370",  state: "NV", responseDays: 60, extensionDays: 30, cureDays: 0,   profilingOptOut: false, minorOptIn: null, notes: "Consumer-health data only" },                                                                            // allow:raw-time-literal
+  "ca-aadc":   { posture: "ca-aadc",   state: "CA", responseDays: 0,  extensionDays: 0,  cureDays: 90,  profilingOptOut: true,  minorOptIn: 18,  notes: "Under-18 default-high-privacy; partial preliminary injunction NetChoice v. Bonta" },                       // allow:raw-time-literal
+  "ct-sb3":    { posture: "ct-sb3",    state: "CT", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: false, minorOptIn: null, notes: "Consumer-health data only" },                                                                            // allow:raw-time-literal
+  "tx-cubi":   { posture: "tx-cubi",   state: "TX", responseDays: 0,  extensionDays: 0,  cureDays: 0,   profilingOptOut: false, minorOptIn: null, notes: "Biometric-only; private-right-of-action absent" },                                                       // allow:raw-time-literal
+  "modpa":     { posture: "modpa",     state: "MD", responseDays: 45, extensionDays: 45, cureDays: 60,  profilingOptOut: true,  minorOptIn: 13,  notes: "Strict data-minimization; effective 2026-10-01" },                                                       // allow:raw-time-literal
+  "quebec-25": { posture: "quebec-25", state: "QC", responseDays: 30, extensionDays: 30, cureDays: 0,   profilingOptOut: true,  minorOptIn: 14,  notes: "DPIA + automated-decision opt-out; FR-language obligations" },                                            // allow:raw-time-literal
+});
+
+/**
+ * @primitive b.dsr.stateRules
+ * @signature b.dsr.stateRules(state)
+ * @since     0.8.77
+ * @related   b.compliance.describe
+ *
+ * Returns per-state DSR rules: response window, extension period,
+ * cure period (statutory grace before enforcement attaches),
+ * profiling-opt-out availability, and minor-consent age threshold.
+ * `state` accepts either the posture name (`"vcdpa"`) or the
+ * 2-letter state abbreviation (`"VA"`). Returns null when unknown.
+ *
+ * @example
+ *   var rules = b.dsr.stateRules("vcdpa");
+ *   // rules.responseDays    → 45
+ *   // rules.cureDays        → 30
+ *   // rules.profilingOptOut → true
+ */
+function stateRules(state) {
+  if (typeof state !== "string" || state.length === 0) return null;
+  // Direct posture-name lookup first
+  if (STATE_RULES[state]) return Object.assign({}, STATE_RULES[state]);
+  // 2-letter state abbreviation lookup (case-insensitive)
+  var u = state.toUpperCase();
+  var keys = Object.keys(STATE_RULES);
+  for (var i = 0; i < keys.length; i++) {
+    if (STATE_RULES[keys[i]].state === u) {
+      return Object.assign({}, STATE_RULES[keys[i]]);
+    }
+  }
+  return null;
+}
+
+/**
+ * @primitive b.dsr.listStateRules
+ * @signature b.dsr.listStateRules()
+ * @since     0.8.77
+ *
+ * Returns every state-rule entry as an array (useful for admin UI
+ * cure-period dashboards / operator-facing matrices).
+ *
+ * @example
+ *   var all = b.dsr.listStateRules();
+ *   // → [{ posture: "vcdpa", state: "VA", responseDays: 45, ... }, ...]
+ */
+function listStateRules() {
+  return Object.keys(STATE_RULES).map(function (k) {
+    return Object.assign({}, STATE_RULES[k]);
+  });
+}
+
 module.exports = {
   create:                    create,
   memoryTicketStore:         memoryTicketStore,
@@ -1080,5 +1174,7 @@ module.exports = {
   VALID_VERIFICATION_LEVELS: VALID_VERIFICATION_LEVELS,
   TYPE_MIN_VERIFICATION:     TYPE_MIN_VERIFICATION,
   POSTURE_DEADLINE_MS:       POSTURE_DEADLINE_MS,
+  stateRules:                stateRules,
+  listStateRules:            listStateRules,
   DsrError:                  DsrError,
 };

package/lib/mcp.js

@@ -694,11 +694,244 @@ function _validateToolInput(toolName, input, schema) {
   return input;
 }
 
+// ---- MCP 2025-11-25 spec — sampling / elicitation / protocol version ----
+
+var MCP_PROTOCOL_VERSIONS_ACCEPTED = ["2024-11-05", "2025-03-26", "2025-06-18", "2025-11-25"];
+
+/**
+ * @primitive b.mcp.assertProtocolVersion
+ * @signature b.mcp.assertProtocolVersion(req, opts?)
+ * @since     0.8.77
+ * @related   b.mcp.serverGuard
+ *
+ * MCP 2025-11-25 spec §4.1 — every HTTP request after `initialize`
+ * MUST carry an `MCP-Protocol-Version` header naming a version the
+ * server supports. Returns the resolved version on success; throws
+ * with a tagged refusal when the header is missing OR names an
+ * unsupported version. Clients pre-negotiation (before `initialize`)
+ * may omit the header — the resolved value is `null` in that case.
+ *
+ * @opts
+ *   {
+ *     accepted?:  string[],   // override the default acceptance set
+ *     allowMissing?: boolean, // true → return null when header absent
+ *   }
+ *
+ * @example
+ *   var version = b.mcp.assertProtocolVersion(req, { allowMissing: false });
+ *   // throws if missing/unsupported; returns e.g. "2025-11-25" on success.
+ */
+function _assertProtocolVersion(req, opts) {
+  opts = opts || {};
+  var accepted = Array.isArray(opts.accepted) && opts.accepted.length > 0
+    ? opts.accepted : MCP_PROTOCOL_VERSIONS_ACCEPTED;
+  var hdr = req && req.headers && req.headers["mcp-protocol-version"];
+  if (typeof hdr !== "string" || hdr.length === 0) {
+    if (opts.allowMissing === true) return null;
+    throw new McpError("mcp/missing-protocol-version",
+      "assertProtocolVersion: request missing MCP-Protocol-Version header " +
+      "(MCP 2025-11-25 §4.1 requires it on every post-initialize request)");
+  }
+  if (accepted.indexOf(hdr) === -1) {
+    throw new McpError("mcp/unsupported-protocol-version",
+      "assertProtocolVersion: '" + hdr + "' not in accepted set: " +
+      accepted.join(", "));
+  }
+  return hdr;
+}
+
+var SAMPLING_DEFAULTS = {
+  maxRequestsPerSession:   10,
+  maxMessagesPerRequest:   20,
+  maxTokensPerRequest:     4096,                  // allow:raw-byte-literal — LLM token count, not bytes
+  allowedModelHint:        null,    // null = allow all
+  refuseStopSequences:     false,
+};
+
+/**
+ * @primitive b.mcp.sampling.guard
+ * @signature b.mcp.sampling.guard(opts?)
+ * @since     0.8.77
+ * @related   b.mcp.toolResult.sanitize
+ *
+ * MCP server-initiated `sampling/createMessage` gate — the highest-
+ * risk surface in the protocol. A compromised tool can issue
+ * `sampling/createMessage` to make the host model emit attacker-
+ * chosen text. This primitive returns a guard function the operator
+ * wraps around the sampling endpoint that refuses requests violating
+ * size caps, allow-listed models, or budget-per-session.
+ *
+ * Returns `{ enforce(samplingRequest, sessionId), reset(sessionId) }`.
+ * `enforce` throws on violation; the operator wraps the actual model
+ * call only after `enforce` returns.
+ *
+ * @opts
+ *   {
+ *     maxRequestsPerSession?: number,   // default 10
+ *     maxMessagesPerRequest?: number,   // default 20
+ *     maxTokensPerRequest?:   number,   // default 4096
+ *     allowedModelHints?:     string[], // null → allow all
+ *     refuseStopSequences?:   boolean,  // refuse client-supplied stop sequences
+ *   }
+ *
+ * @example
+ *   var guard = b.mcp.sampling.guard({ maxRequestsPerSession: 5 });
+ *   server.on("sampling/createMessage", function (req, sid) {
+ *     guard.enforce(req, sid);     // throws on violation
+ *     return invokeModel(req);
+ *   });
+ */
+function _samplingGuard(opts) {
+  opts = opts || {};
+  var maxReq    = opts.maxRequestsPerSession || SAMPLING_DEFAULTS.maxRequestsPerSession;
+  var maxMsg    = opts.maxMessagesPerRequest || SAMPLING_DEFAULTS.maxMessagesPerRequest;
+  var maxTokens = opts.maxTokensPerRequest   || SAMPLING_DEFAULTS.maxTokensPerRequest;
+  var allowedModels  = Array.isArray(opts.allowedModelHints) ? opts.allowedModelHints.slice() : null;
+  var refuseStop     = opts.refuseStopSequences === true;
+  var sessionCounts  = new Map();
+
+  function enforce(samplingRequest, sessionId) {
+    if (!samplingRequest || typeof samplingRequest !== "object") {
+      throw new McpError("mcp/sampling-bad-request",
+        "sampling.guard: request must be an object");
+    }
+    var sid = sessionId || "_anonymous";
+    var n = (sessionCounts.get(sid) || 0) + 1;
+    if (n > maxReq) {
+      throw new McpError("mcp/sampling-session-budget-exceeded",
+        "sampling.guard: session '" + sid + "' exceeded " + maxReq + " sampling requests");
+    }
+    sessionCounts.set(sid, n);
+    var messages = samplingRequest.messages;
+    if (!Array.isArray(messages) || messages.length === 0) {
+      throw new McpError("mcp/sampling-no-messages",
+        "sampling.guard: request.messages must be a non-empty array");
+    }
+    if (messages.length > maxMsg) {
+      throw new McpError("mcp/sampling-too-many-messages",
+        "sampling.guard: " + messages.length + " messages > maxMessagesPerRequest=" + maxMsg);
+    }
+    if (typeof samplingRequest.maxTokens === "number" && samplingRequest.maxTokens > maxTokens) {
+      throw new McpError("mcp/sampling-too-many-tokens",
+        "sampling.guard: requested maxTokens " + samplingRequest.maxTokens +
+        " > cap " + maxTokens);
+    }
+    if (refuseStop && samplingRequest.stopSequences) {
+      throw new McpError("mcp/sampling-stop-sequences-refused",
+        "sampling.guard: client-supplied stopSequences refused by policy");
+    }
+    if (allowedModels && samplingRequest.modelPreferences &&
+        samplingRequest.modelPreferences.hints) {
+      var hints = samplingRequest.modelPreferences.hints;
+      if (Array.isArray(hints)) {
+        hints.forEach(function (h, i) {
+          if (h && typeof h.name === "string" && allowedModels.indexOf(h.name) === -1) {
+            throw new McpError("mcp/sampling-model-not-allowed",
+              "sampling.guard: modelPreferences.hints[" + i + "].name='" + h.name +
+              "' not in allowedModelHints: " + allowedModels.join(", "));
+          }
+        });
+      }
+    }
+  }
+
+  function reset(sessionId) {
+    if (sessionId) sessionCounts.delete(sessionId);
+    else           sessionCounts.clear();
+  }
+
+  return { enforce: enforce, reset: reset };
+}
+
+/**
+ * @primitive b.mcp.elicitation.guard
+ * @signature b.mcp.elicitation.guard(opts?)
+ * @since     0.8.77
+ * @related   b.mcp.sampling.guard
+ *
+ * MCP 2025-11-25 `elicitation/create` gate — server-initiated user
+ * prompt requests. Refuses prompts whose `message` contains
+ * prompt-injection markers OR `requestedSchema` shape is missing.
+ * The risk class is symmetric to `sampling`: a compromised tool can
+ * elicit credentials / approval-text from the user. This guard
+ * applies the same prompt-injection scan `toolResult.sanitize` does,
+ * plus an allow-listed `requestedSchema.type` set.
+ *
+ * @opts
+ *   {
+ *     maxMessageBytes?:   number,   // default 8 KiB
+ *     allowedSchemaTypes?: string[], // default ["object"]
+ *     posture?: "refuse" | "sanitize" | "audit-only",
+ *   }
+ *
+ * @example
+ *   var guard = b.mcp.elicitation.guard({ posture: "refuse" });
+ *   guard.enforce({
+ *     message: "What's your name?",
+ *     requestedSchema: { type: "object", properties: { name: { type: "string" } } },
+ *   });
+ */
+function _elicitationGuard(opts) {
+  opts = opts || {};
+  var maxBytes    = opts.maxMessageBytes || (8 * 1024);                                          // allow:raw-byte-literal — 8 KiB elicitation message cap
+  var allowedSchemaTypes = Array.isArray(opts.allowedSchemaTypes) && opts.allowedSchemaTypes.length > 0
+    ? opts.allowedSchemaTypes : ["object"];
+  var posture     = opts.posture || "refuse";
+
+  function enforce(elicitRequest) {
+    if (!elicitRequest || typeof elicitRequest !== "object") {
+      throw new McpError("mcp/elicitation-bad-request",
+        "elicitation.guard: request must be an object");
+    }
+    var message = elicitRequest.message;
+    if (typeof message !== "string" || message.length === 0) {
+      throw new McpError("mcp/elicitation-no-message",
+        "elicitation.guard: request.message must be a non-empty string");
+    }
+    if (Buffer.byteLength(message, "utf8") > maxBytes) {
+      throw new McpError("mcp/elicitation-message-too-large",
+        "elicitation.guard: message exceeds " + maxBytes + " bytes");
+    }
+    var schema = elicitRequest.requestedSchema;
+    if (!schema || typeof schema !== "object") {
+      throw new McpError("mcp/elicitation-no-schema",
+        "elicitation.guard: request.requestedSchema must be an object");
+    }
+    if (allowedSchemaTypes.indexOf(schema.type) === -1) {
+      throw new McpError("mcp/elicitation-bad-schema-type",
+        "elicitation.guard: requestedSchema.type '" + schema.type +
+        "' not in allowed: " + allowedSchemaTypes.join(", "));
+    }
+    // Prompt-injection scan over the prompt-to-user message.
+    var regexInput = Buffer.byteLength(message, "utf8") > maxBytes
+      ? Buffer.from(message, "utf8").subarray(0, maxBytes).toString("utf8")
+      : message;
+    if (INJECTION_RE.test(regexInput)) {                                                          // allow:regex-no-length-cap regexInput byteLength bounded above
+      if (posture === "refuse") {
+        throw new McpError("mcp/elicitation-injection-refused",
+          "elicitation.guard: message contains prompt-injection markers");
+      }
+      if (posture === "sanitize") {
+        return Object.assign({}, elicitRequest, {
+          message: message.replace(INJECTION_RE, "[REDACTED]"),
+        });
+      }
+    }
+    return elicitRequest;
+  }
+
+  return { enforce: enforce };
+}
+
 module.exports = {
-  serverGuard:    serverGuard,
-  parseRequest:   parseRequest,
-  refuse:         refuse,
-  toolResult:     { sanitize: _toolResultSanitize },
-  capability:     { create: _capabilityCreate },
-  validateToolInput: _validateToolInput,
+  serverGuard:        serverGuard,
+  parseRequest:       parseRequest,
+  refuse:             refuse,
+  toolResult:         { sanitize: _toolResultSanitize },
+  capability:         { create: _capabilityCreate },
+  validateToolInput:  _validateToolInput,
+  assertProtocolVersion: _assertProtocolVersion,
+  sampling:           { guard: _samplingGuard },
+  elicitation:        { guard: _elicitationGuard },
+  MCP_PROTOCOL_VERSIONS_ACCEPTED: MCP_PROTOCOL_VERSIONS_ACCEPTED,
 };

package/lib/middleware/index.js

@@ -64,6 +64,8 @@ var traceLogCorrelation = require("./trace-log-correlation");
 var tracePropagate = require("./trace-propagate");
 var tusUpload = require("./tus-upload");
 var webAppManifest = require("./web-app-manifest");
+var protectedResourceMetadata = require("./protected-resource-metadata");
+var scimServer = require("./scim-server");
 
 module.exports = {
   requestId:        requestId.create,
@@ -114,6 +116,8 @@ module.exports = {
   clearSiteData:    clearSiteData.create,
   nel:              nel.create,
   speculationRules: speculationRules.create,
+  protectedResourceMetadata: protectedResourceMetadata.create,
+  scimServer:       scimServer.create,
 
   // Module exports for advanced use (constants, raw factory access)
   _modules: {