@blamejs/core 0.8.76 → 0.8.78

package/lib/compliance-ai-act.js

@@ -537,6 +537,162 @@ function deployerChecklist(assessment) {
   return items;
 }
 
+/**
+ * @primitive b.complianceAiAct.fundamentalRightsImpactAssessment
+ * @signature b.complianceAiAct.fundamentalRightsImpactAssessment(opts)
+ * @since     0.8.77
+ *
+ * EU AI Act Article 27 — Fundamental Rights Impact Assessment (FRIA).
+ * Mandatory for deployers of high-risk AI systems listed in Annex III
+ * §5 (creditworthiness scoring, life/health insurance risk), §6
+ * (law enforcement), §7 (migration/asylum), §8 (justice admin), public
+ * authorities, and any private body providing public services. Must
+ * be completed BEFORE the first use of the high-risk system, kept
+ * updated, and notified to the national market-surveillance authority.
+ *
+ * Returns the structured FRIA document scaffold — operator fills in
+ * the per-deployment specifics; the framework auto-populates the
+ * fields it can derive (system identification, GPAI classification
+ * if applicable, Annex IV reference, deployment-context audit hooks).
+ *
+ * @opts
+ *   {
+ *     systemId:               string,           // operator's high-risk system identifier
+ *     systemDescription:      { ... },          // forwarded to classify() for risk-tier verdict
+ *     deploymentContext:      { purpose, sector, geography, scale },
+ *     affectedPersons:        { categories: string[], estimatedCount: number },
+ *     risksToFundamentalRights: string[],       // operator-identified risks
+ *     mitigations:            string[],         // mitigations + monitoring per risk
+ *     humanOversight:         { roles: string[], escalationPath: string },
+ *     residualRisks:          string[],
+ *     reviewCadence:          string,            // e.g. "quarterly"
+ *   }
+ *
+ * @example
+ *   var fria = b.complianceAiAct.fundamentalRightsImpactAssessment({
+ *     systemId: "credit-scoring-v3",
+ *     deploymentContext: { purpose: "loan approval", sector: "financial",
+ *                          geography: "EU", scale: "1M decisions/year" },
+ *     affectedPersons:   { categories: ["EU consumers"], estimatedCount: 1000000 },
+ *     risksToFundamentalRights: ["discriminatory denial", "right to explanation"],
+ *     mitigations:       ["bias audit every 6 months", "human review threshold"],
+ *     humanOversight:    { roles: ["credit officer"], escalationPath: "ombudsman" },
+ *     reviewCadence:     "semi-annual",
+ *   });
+ */
+function fundamentalRightsImpactAssessment(opts) {
+  if (!opts || typeof opts !== "object") {
+    throw new Error("fundamentalRightsImpactAssessment: opts required");
+  }
+  validateOpts.requireNonEmptyString(opts.systemId, "systemId",
+    Error, "compliance-ai-act/no-system-id");
+  return {
+    "$schema":            "https://blamejs.com/schema/ai-act-fria-v1.json",
+    regulation:           "EU Regulation 2024/1689 — AI Act",
+    article:              "Article 27 (Fundamental Rights Impact Assessment)",
+    generatedAt:          new Date().toISOString(),
+    systemId:             opts.systemId,
+    classification:       opts.systemDescription ? classify(opts.systemDescription) : null,
+    deploymentContext:    opts.deploymentContext || {},
+    affectedPersons:      opts.affectedPersons   || { categories: [], estimatedCount: null },
+    risks:                opts.risksToFundamentalRights || [],
+    mitigations:          opts.mitigations              || [],
+    humanOversight:       opts.humanOversight           || { roles: [], escalationPath: null },
+    residualRisks:        opts.residualRisks            || [],
+    reviewCadence:        opts.reviewCadence || "annual",
+    notificationStatus:   "operator-must-notify",
+    note:                 "Notify national market-surveillance authority before first use (Art 27(3))",
+    auditHook:            "b.audit emission action='aiact.fria.completed' recommended",
+    annexIVReference:     "see b.complianceAiAct.annexIVScaffold for technical documentation",
+  };
+}
+
+/**
+ * @primitive b.complianceAiAct.gpai.trainingDataSummary
+ * @signature b.complianceAiAct.gpai.trainingDataSummary(opts)
+ * @since     0.8.77
+ *
+ * EU AI Act Article 53(1)(d) — GPAI training-data summary template
+ * compliant with the AI Office's template format (published in 2024,
+ * mandatory from 2026-08-02). The template requires categories of
+ * data, modalities, source provenance, copyright + licensing status,
+ * dataset sizes, dates of collection, and steps taken to identify +
+ * mitigate biases.
+ *
+ * Returns the JSON document operators publish under their `/.well-known/
+ * ai-training-data-summary` endpoint or attach to model cards.
+ *
+ * @opts
+ *   modelId:           string,    // required
+ *   modelVersion:      string,    // optional
+ *   provider:          object,    // { name, address, contact }
+ *   dataCategories:    string[],  // ["web-crawl", "books", "code", "synthetic", ...]
+ *   modalities:        string[],  // ["text", "image", "audio", "video"]
+ *   sources:           object[],  // { identifier, url, type, licenseStatus, size, collectedFrom, collectedTo }
+ *   copyrightStatus:   object,    // { respectsRightReservations, machineReadableSignalsObserved, tdmExceptionUsed }
+ *   biasMitigation:    object,    // { methodsApplied, auditCadence, remediations }
+ *   contentProvenance: object,    // { synthIdEmbed, c2paManifestEmbed, watermarkProvider }
+ *
+ * @example
+ *   var summary = b.complianceAiAct.gpai.trainingDataSummary({
+ *     modelId:        "acme-llm-7b",
+ *     modelVersion:   "1.0",
+ *     provider:       { name: "Acme AI", address: "1 St", contact: "ai@acme.example" },
+ *     dataCategories: ["web-crawl", "books", "code"],
+ *     modalities:     ["text"],
+ *     sources: [
+ *       { identifier: "CommonCrawl-2024", type: "web-crawl", licenseStatus: "permitted" },
+ *     ],
+ *     biasMitigation: { methodsApplied: ["demographic-balance"], auditCadence: "quarterly" },
+ *   });
+ */
+function trainingDataSummary(opts) {
+  if (!opts || typeof opts !== "object") {
+    throw new Error("trainingDataSummary: opts required");
+  }
+  validateOpts.requireNonEmptyString(opts.modelId, "modelId",
+    Error, "compliance-ai-act/no-model-id");
+  return {
+    "$schema":           "https://blamejs.com/schema/ai-act-gpai-training-summary-v1.json",
+    regulation:          "EU Regulation 2024/1689 — AI Act",
+    article:             "Article 53(1)(d) (GPAI training data summary)",
+    template:            "AI Office GPAI Training Data Summary Template",
+    generatedAt:         new Date().toISOString(),
+    modelId:             opts.modelId,
+    modelVersion:        opts.modelVersion || null,
+    provider:            opts.provider     || { name: null, address: null, contact: null },
+    dataCategories:      opts.dataCategories || [],            // ["web-crawl", "books", "code", "synthetic", ...]
+    modalities:          opts.modalities     || [],            // ["text", "image", "audio", "video"]
+    sources: (opts.sources || []).map(function (s) {
+      return {
+        identifier:    s.identifier,
+        url:           s.url || null,
+        type:          s.type || "unknown",
+        licenseStatus: s.licenseStatus || "unknown",
+        size:          s.size || null,
+        collectedFrom: s.collectedFrom || null,
+        collectedTo:   s.collectedTo   || null,
+      };
+    }),
+    copyrightStatus:     opts.copyrightStatus || {
+      respectsRightReservations: null,
+      machineReadableSignalsObserved: null,
+      tdmExceptionUsed: null,
+    },
+    biasMitigation: opts.biasMitigation || {
+      methodsApplied: [],
+      auditCadence:   "annual",
+      remediations:   [],
+    },
+    contentProvenance: opts.contentProvenance || {
+      synthIdEmbed:        false,
+      c2paManifestEmbed:   false,
+      watermarkProvider:   null,
+    },
+    note: "Publish at /.well-known/ai-training-data-summary or model card per AI Office template (mandatory 2026-08-02)",
+  };
+}
+
 module.exports = {
   classify:                  classify,
   deployerChecklist:         deployerChecklist,
@@ -545,9 +701,10 @@ module.exports = {
   transparency:              transparency,
   logging:                   logging,
   gpai: {
-    classify:        gpaiClassify,
-    listObligations: listGpaiObligations,
-    OBLIGATIONS:     GPAI_OBLIGATIONS,
+    classify:             gpaiClassify,
+    listObligations:      listGpaiObligations,
+    trainingDataSummary:  trainingDataSummary,
+    OBLIGATIONS:          GPAI_OBLIGATIONS,
   },
   articleObligations:        articleObligations,
   listArticles:              listArticles,
@@ -555,4 +712,5 @@ module.exports = {
   DEADLINES:                 DEADLINES,
   emitClassificationAudit:   emitClassificationAudit,
   annexIVScaffold:           annexIVScaffold,
+  fundamentalRightsImpactAssessment: fundamentalRightsImpactAssessment,
 };

package/lib/compliance.js

@@ -110,6 +110,32 @@ var KNOWN_POSTURES = Object.freeze([
   "nydfs-500",       // NYDFS 23 NYCRR 500 Amendment 2 — financial cybersecurity (multi-factor + asset inventory + governance)
   "hipaa-2026",      // HHS HIPAA Security Rule 2026-Q4 final — extends hipaa with mandatory MFA + asset inventory + 72h restoration testing
   "quebec-25",       // Quebec Law 25 final phase (effective 2026-09-22) — DPIA + automated-decision opt-out
+  // ---- v0.8.77 expansion — US state consumer-privacy postures ----
+  // Each posture carries per-state cure-period, profiling opt-out
+  // and minor-consent metadata via b.dsr.stateRules(state). The
+  // generic DSR primitive (b.dsr.submit) covers ~80% of the surface;
+  // these postures fill in the per-state drift.
+  "vcdpa",           // Virginia Consumer Data Protection Act
+  "co-cpa",          // Colorado Privacy Act
+  "ctdpa",           // Connecticut Data Privacy Act
+  "ucpa",            // Utah Consumer Privacy Act
+  "tdpsa",           // Texas Data Privacy and Security Act
+  "or-cpa",          // Oregon Consumer Privacy Act
+  "mt-cdpa",         // Montana Consumer Data Privacy Act
+  "ia-icdpa",        // Iowa Consumer Data Protection Act
+  "in-indpa",        // Indiana Consumer Data Protection Act
+  "de-dpdpa",        // Delaware Personal Data Privacy Act
+  "nh-nhpa",         // New Hampshire SB 255 Consumer Privacy Act
+  "nj-njdpa",        // New Jersey Data Privacy Act
+  "ky-kcdpa",        // Kentucky Consumer Data Protection Act
+  "tn-tipa",         // Tennessee Information Protection Act
+  "mn-mncdpa",       // Minnesota Consumer Data Privacy Act
+  "ri-ricpa",        // Rhode Island Consumer Privacy Act
+  "ne-dpa",          // Nebraska Data Privacy Act
+  "nv-sb370",        // Nevada SB 370 Consumer Health Data Privacy
+  "ca-aadc",         // California Age-Appropriate Design Code (partial preliminary injunction; track for re-enforcement)
+  "ct-sb3",          // Connecticut SB 3 Consumer Health Data
+  "tx-cubi",         // Texas Capture or Use of Biometric Identifier
 ]);
 
 var STATE = { posture: null, setAt: null };
@@ -493,6 +519,28 @@ var REGIME_MAP = Object.freeze({
     jurisdiction: "CA-QC",
     domain:      "privacy",
   },
+  // v0.8.77 — US state consumer-privacy postures
+  "vcdpa":     { name: "Virginia Consumer Data Protection Act",       citation: "Va. Code §59.1-575 et seq. (effective 2023-01-01)", jurisdiction: "US-VA", domain: "privacy" },
+  "co-cpa":    { name: "Colorado Privacy Act",                         citation: "C.R.S. §6-1-1301 et seq. (effective 2023-07-01)", jurisdiction: "US-CO", domain: "privacy" },
+  "ctdpa":     { name: "Connecticut Data Privacy Act",                 citation: "Conn. Gen. Stat. §42-515 et seq. (effective 2023-07-01)", jurisdiction: "US-CT", domain: "privacy" },
+  "ucpa":      { name: "Utah Consumer Privacy Act",                    citation: "Utah Code §13-61-101 et seq. (effective 2023-12-31)", jurisdiction: "US-UT", domain: "privacy" },
+  "tdpsa":     { name: "Texas Data Privacy and Security Act",          citation: "Tex. Bus. & Com. Code §541.001 et seq. (effective 2024-07-01)", jurisdiction: "US-TX", domain: "privacy" },
+  "or-cpa":    { name: "Oregon Consumer Privacy Act",                  citation: "Or. Rev. Stat. §646A.570 et seq. (effective 2024-07-01)", jurisdiction: "US-OR", domain: "privacy" },
+  "mt-cdpa":   { name: "Montana Consumer Data Privacy Act",            citation: "Mont. Code §30-14-2801 et seq. (effective 2024-10-01)", jurisdiction: "US-MT", domain: "privacy" },
+  "ia-icdpa":  { name: "Iowa Consumer Data Protection Act",            citation: "Iowa Code §715D (effective 2025-01-01)", jurisdiction: "US-IA", domain: "privacy" },
+  "in-indpa":  { name: "Indiana Consumer Data Protection Act",         citation: "Ind. Code §24-15 (effective 2026-01-01)", jurisdiction: "US-IN", domain: "privacy" },
+  "de-dpdpa":  { name: "Delaware Personal Data Privacy Act",           citation: "6 Del. Code Ch. 12D (effective 2026-01-01)", jurisdiction: "US-DE", domain: "privacy" },
+  "nh-nhpa":   { name: "New Hampshire SB 255 Consumer Privacy Act",    citation: "NH RSA Chapter 507-H (effective 2026-01-01)", jurisdiction: "US-NH", domain: "privacy" },
+  "nj-njdpa":  { name: "New Jersey Data Privacy Act",                  citation: "N.J. Rev. Stat. §56:8-166.4 et seq. (effective 2026-01-15)", jurisdiction: "US-NJ", domain: "privacy" },
+  "ky-kcdpa":  { name: "Kentucky Consumer Data Protection Act",        citation: "Ky. Rev. Stat. §367.3611 et seq. (effective 2026-01-01)", jurisdiction: "US-KY", domain: "privacy" },
+  "tn-tipa":   { name: "Tennessee Information Protection Act",         citation: "Tenn. Code §47-18-3201 et seq. (effective 2025-07-01)", jurisdiction: "US-TN", domain: "privacy" },
+  "mn-mncdpa": { name: "Minnesota Consumer Data Privacy Act",          citation: "Minn. Stat. §325O (effective 2026-07-31)", jurisdiction: "US-MN", domain: "privacy" },
+  "ri-ricpa":  { name: "Rhode Island Consumer Privacy Act",            citation: "R.I. Gen. Laws §6-48.1 (effective 2026-01-01)", jurisdiction: "US-RI", domain: "privacy" },
+  "ne-dpa":    { name: "Nebraska Data Privacy Act",                    citation: "Neb. Rev. Stat. §87-1101 et seq. (effective 2025-01-01)", jurisdiction: "US-NE", domain: "privacy" },
+  "nv-sb370":  { name: "Nevada SB 370 Consumer Health Data Privacy",   citation: "Nev. Rev. Stat. §603A (consumer-health amendments, effective 2024-03-31)", jurisdiction: "US-NV", domain: "health" },
+  "ca-aadc":   { name: "California Age-Appropriate Design Code Act",   citation: "Cal. Civ. Code §1798.99.28 et seq. (partial preliminary injunction NetChoice v. Bonta)", jurisdiction: "US-CA", domain: "privacy" },
+  "ct-sb3":    { name: "Connecticut SB 3 Consumer Health Data",        citation: "Conn. P.A. 23-56 (effective 2023-07-01)", jurisdiction: "US-CT", domain: "health" },
+  "tx-cubi":   { name: "Texas Capture or Use of Biometric Identifier", citation: "Tex. Bus. & Com. Code §503.001 (effective 2009-09-01)", jurisdiction: "US-TX", domain: "biometric" },
 });
 
 /**

package/lib/config.js

@@ -185,14 +185,25 @@ function create(opts) {
     return value;
   }
 
-  return {
-    value:     value,
+  // `.value` is a getter, not a captured property. Without this,
+  // `cfg.value.X` reads from the object that was current at create()
+  // and never reflects subsequent reload() updates — operators looking
+  // at `cfg.value.FEATURE_X` would see stale values forever, while
+  // `cfg.get("FEATURE_X")` saw fresh ones. The @primitive docs
+  // (loadDbBacked example) promise `cfg.value.X` always works, so the
+  // getter is the contract.
+  var handle = {
     get:       function (key) { return value[key]; },
     has:       function (key) { return Object.prototype.hasOwnProperty.call(value, key); },
     redacted:  redactedView,
     subscribe: subscribe,
     reload:    reload,
   };
+  Object.defineProperty(handle, "value", {
+    get: function () { return value; },
+    enumerable: true,
+  });
+  return handle;
 }
 
 /**
@@ -209,16 +220,45 @@ function create(opts) {
  * via the underlying handle's `reload`, and re-validates. Reload
  * failures emit a `config.reload.failed` audit row but DO NOT
  * clobber the previous value — the running app stays on the
- * last-good config. The returned handle is the same shape as
- * `create()` plus a `.stop()` method that halts the poller.
+ * last-good config.
+ *
+ * Returns immediately with a synchronous handle, but kicks off one
+ * immediate hydration tick on construction so the first DB read
+ * happens at t=0 rather than t=intervalMs. Callers that need to wait
+ * for first-data-applied can `await handle.hydrated` before the app
+ * starts serving traffic; the Promise resolves after the first tick
+ * settles (success OR audit-on-failure path) and never rejects, so
+ * the boot path never deadlocks on a temporarily-unreachable DB.
+ *
+ * The returned handle is the same shape as `create()` plus:
+ *   - `.hydrated` — Promise<void> for the first tick
+ *   - `.refresh()`— run one tick on demand (save-triggered reload);
+ *                   returns Promise<void> that never rejects
+ *   - `.stop()`   — halts the poller
+ *
+ * Three tiers of precedence (highest wins): the DB-row overlay
+ * resolved at each `_tick` > the `opts.env` baseline > defaults
+ * declared on the schema (`s.string().default(...)` and friends).
+ * The `.subscribe(fn)` callback registered through `create()` fires
+ * synchronously inside every successful reload — operators reach for
+ * it to invalidate caches, recompute derived state, or hot-rebuild
+ * middleware that closed over the previous config value.
  *
  * @opts
- *   schema:      b.safeSchema instance (required),
- *   env:         object  (env baseline; default process.env),
- *   redactKeys:  Array<string>,
- *   fetchRows:   async () => Array<{ key: string, value: string }>  (required),
- *   intervalMs:  number   (positive finite poll interval),
- *   audit:       boolean  (default true; reserved for future per-poll audit),
+ *   schema:         b.safeSchema instance (required),
+ *   env:            object  (env baseline; default process.env),
+ *   redactKeys:     Array<string>,
+ *   fetchRows:      async () => Array<{ key: string, value: string }>  (required),
+ *   intervalMs:     number   (positive finite poll interval),
+ *   transformValue: (row) => string | Promise<string>   (optional per-row
+ *                   transform — receives `{ key, value, ...rest }` so the
+ *                   row can carry envelope metadata; returns the value
+ *                   that flows into the schema. Common shape: unseal a
+ *                   `b.vault`-sealed ciphertext column before validation.
+ *                   Rows whose transform throws or returns a non-string
+ *                   are skipped with a `config.reload.failed` audit so a
+ *                   single bad row never crashes the poller),
+ *   audit:          boolean  (default true; reserved for future per-poll audit),
  *
  * @example
  *   var s = b.safeSchema;
@@ -234,10 +274,42 @@ function create(opts) {
  *   });
  *   cfg.value.FEATURE_X;    // → false  (until first poll tick lands)
  *   cfg.stop();             // halt the poller on shutdown
+ *
+ * @example
+ *   // Sealed values — column stores `b.vault.seal(plain)` ciphertext.
+ *   var cfg = b.config.loadDbBacked({
+ *     schema:     s.object({ STRIPE_SECRET: s.string() }),
+ *     fetchRows:  async function () {
+ *       return await db.all("SELECT key, sealed FROM _config WHERE sealed IS NOT NULL");
+ *     },
+ *     transformValue: function (row) {
+ *       return b.vault.unseal(row.sealed).toString("utf8");
+ *     },
+ *     intervalMs: 30 * 1000,
+ *   });
+ *
+ * @example
+ *   // Save-triggered reload — admin UI writes a row, fires refresh()
+ *   // so the new value is active immediately without waiting for
+ *   // intervalMs. cfg.subscribe(...) sees the change inline.
+ *   var cfg = b.config.loadDbBacked({
+ *     schema:     s.object({ FEATURE_X: b.config.coerce.boolean().default(false) }),
+ *     fetchRows:  async function () { return await db.all("SELECT key, value FROM _config"); },
+ *     intervalMs: 5 * 60 * 1000,                  // safety-net interval
+ *   });
+ *   await cfg.hydrated;                            // boot path waits
+ *   cfg.subscribe(function (next) { cache.invalidate(); });
+ *
+ *   adminApp.post("/settings", async function (req, res) {
+ *     await db.run("INSERT OR REPLACE INTO _config(key,value) VALUES (?,?)",
+ *                  req.body.key, req.body.value);
+ *     await cfg.refresh();                         // active immediately
+ *     res.json({ ok: true });
+ *   });
  */
 function loadDbBacked(opts) {
   opts = opts || {};
-  validateOpts(opts, ["schema", "env", "redactKeys", "fetchRows", "intervalMs", "audit"],
+  validateOpts(opts, ["schema", "env", "redactKeys", "fetchRows", "intervalMs", "transformValue", "audit"],
     "config.loadDbBacked");
   if (typeof opts.fetchRows !== "function") {
     throw new ConfigError("config/bad-fetch-rows",
@@ -247,6 +319,9 @@ function loadDbBacked(opts) {
     throw new ConfigError("config/bad-interval",
       "loadDbBacked: opts.intervalMs must be a positive finite number");
   }
+  var transformValue = validateOpts.optionalFunction(
+    opts.transformValue, "loadDbBacked: opts.transformValue",
+    ConfigError, "config/bad-transform-value") || null;
   var cfg = create({ schema: opts.schema, env: opts.env, redactKeys: opts.redactKeys });
   var stopped = false;
   async function _tick() {
@@ -265,9 +340,32 @@ function loadDbBacked(opts) {
     if (!Array.isArray(rows)) return;
     var overlay = {};
     for (var i = 0; i < rows.length; i++) {
-      if (rows[i] && typeof rows[i].key === "string") {
-        overlay[rows[i].key] = rows[i].value;
+      var row = rows[i];
+      if (!row || typeof row.key !== "string") continue;
+      var value = row.value;
+      if (transformValue) {
+        try {
+          value = await transformValue(row);
+        } catch (e) {
+          try {
+            lazyAudit().safeEmit({
+              action: "config.reload.failed", outcome: "failure",
+              metadata: { phase: "transform", key: row.key, reason: e && e.message },
+            });
+          } catch (_e) { /* audit best-effort */ }
+          continue;
+        }
+        if (typeof value !== "string") {
+          try {
+            lazyAudit().safeEmit({
+              action: "config.reload.failed", outcome: "failure",
+              metadata: { phase: "transform", key: row.key, reason: "transformValue did not return a string" },
+            });
+          } catch (_e) { /* audit best-effort */ }
+          continue;
+        }
       }
+      overlay[row.key] = value;
     }
     try { cfg.reload(overlay); }
     catch (e) {
@@ -279,7 +377,25 @@ function loadDbBacked(opts) {
       } catch (_e) { /* audit best-effort */ }
     }
   }
+  // Fire one immediate hydration before the interval kicks in so
+  // callers can `await cfg.hydrated` and not get an empty config window
+  // (env defaults only) for the first intervalMs of process lifetime.
+  // The interval still fires every intervalMs afterwards for ongoing
+  // drift detection. The hydration Promise NEVER rejects — _tick
+  // swallows fetch / transform / validate failures via audit, matching
+  // the established "last-good config stays in place" contract.
+  cfg.hydrated = _tick();
   var handle = safeAsync.repeating(_tick, opts.intervalMs, { name: "config-db-reload" });
+  // Save-triggered reload — admin save handlers / settings-management
+  // UIs invoke cfg.refresh() right after writing a row to drop the
+  // intervalMs-worth of staleness latency between save and active.
+  // Returns the same Promise<void> shape as cfg.hydrated: resolves
+  // after the tick settles (success OR audit-on-failure), never
+  // rejects so the save handler never deadlocks on a flaky DB.
+  // Subscribers fire synchronously inside cfg.reload() within the
+  // tick, matching the save-then-invalidate-cache pattern operators
+  // expect when an admin flips a feature flag.
+  cfg.refresh = function () { return _tick(); };
   cfg.stop = function () { stopped = true; if (handle) { handle.stop(); handle = null; } };
   return cfg;
 }