@blamejs/core 0.9.15 → 0.9.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/a2a-tasks.js +2 -2
- package/lib/acme.js +2 -2
- package/lib/api-snapshot.js +1 -1
- package/lib/app-shutdown.js +2 -2
- package/lib/app.js +2 -2
- package/lib/argon2-builtin.js +1 -1
- package/lib/atomic-file.js +8 -8
- package/lib/audit-sign.js +3 -3
- package/lib/audit-tools.js +2 -2
- package/lib/auth/dpop.js +1 -1
- package/lib/auth/elevation-grant.js +4 -4
- package/lib/auth/fido-mds3.js +6 -6
- package/lib/auth/jwt-external.js +3 -3
- package/lib/auth/jwt.js +1 -1
- package/lib/auth/oauth.js +1 -1
- package/lib/auth/status-list.js +1 -1
- package/lib/backup/bundle.js +2 -2
- package/lib/backup/index.js +7 -7
- package/lib/bundler.js +4 -4
- package/lib/cli.js +1 -1
- package/lib/cloud-events.js +1 -1
- package/lib/compliance-sanctions.js +1 -1
- package/lib/compliance.js +6 -7
- package/lib/config.js +6 -6
- package/lib/credential-hash.js +4 -4
- package/lib/crypto-field.js +9 -9
- package/lib/crypto-hpke.js +1 -1
- package/lib/crypto.js +3 -3
- package/lib/daemon.js +2 -2
- package/lib/db-file-lifecycle.js +5 -5
- package/lib/db-schema.js +1 -1
- package/lib/db.js +3 -3
- package/lib/dev.js +5 -5
- package/lib/dr-runbook.js +2 -2
- package/lib/external-db-migrate.js +16 -16
- package/lib/flag-evaluation-context.js +3 -3
- package/lib/flag-providers.js +1 -1
- package/lib/http-client.js +11 -11
- package/lib/http-message-signature.js +1 -1
- package/lib/keychain.js +6 -6
- package/lib/local-db-thin.js +2 -2
- package/lib/log-stream-local.js +3 -3
- package/lib/log-stream-syslog.js +4 -4
- package/lib/log.js +2 -2
- package/lib/mail-arc-sign.js +1 -1
- package/lib/mail-dkim.js +1 -1
- package/lib/mail.js +7 -7
- package/lib/mcp-tool-registry.js +6 -6
- package/lib/middleware/asyncapi-serve.js +1 -1
- package/lib/middleware/body-parser.js +6 -6
- package/lib/middleware/openapi-serve.js +1 -1
- package/lib/middleware/require-bound-key.js +4 -4
- package/lib/middleware/require-mtls.js +4 -4
- package/lib/middleware/tus-upload.js +1 -1
- package/lib/migrations.js +3 -3
- package/lib/mtls-ca.js +4 -4
- package/lib/network-byte-quota.js +2 -2
- package/lib/network-smtp-policy.js +1 -1
- package/lib/network.js +12 -12
- package/lib/notify.js +8 -8
- package/lib/ntp-check.js +1 -1
- package/lib/object-store/azure-blob.js +3 -3
- package/lib/object-store/gcs.js +3 -3
- package/lib/object-store/http-put.js +1 -1
- package/lib/object-store/local.js +3 -3
- package/lib/object-store/sigv4-bucket-ops.js +1 -1
- package/lib/object-store/sigv4.js +3 -3
- package/lib/observability.js +1 -1
- package/lib/parsers/safe-env.js +3 -3
- package/lib/process-spawn.js +2 -2
- package/lib/restore-bundle.js +3 -3
- package/lib/restore-rollback.js +4 -4
- package/lib/restore.js +3 -3
- package/lib/retry.js +1 -1
- package/lib/router.js +16 -16
- package/lib/safe-url.js +2 -2
- package/lib/sandbox.js +1 -1
- package/lib/security-assert.js +1 -1
- package/lib/seeders.js +4 -4
- package/lib/self-update-standalone-verifier.js +2 -2
- package/lib/self-update.js +5 -5
- package/lib/session-device-binding.js +1 -1
- package/lib/storage.js +1 -1
- package/lib/template.js +2 -2
- package/lib/testing.js +2 -2
- package/lib/totp.js +1 -1
- package/lib/vault/index.js +2 -2
- package/lib/vault/passphrase-ops.js +2 -2
- package/lib/vault/passphrase-source.js +2 -2
- package/lib/vault/rotate.js +7 -7
- package/lib/vault/seal-pem-file.js +8 -8
- package/lib/vault-aad.js +5 -5
- package/lib/vendor-data.js +1 -1
- package/lib/watcher.js +5 -5
- package/lib/webhook.js +1 -1
- package/lib/websocket.js +3 -3
- package/lib/ws-client.js +8 -8
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/crypto.js
CHANGED
|
@@ -44,9 +44,9 @@
|
|
|
44
44
|
* @card
|
|
45
45
|
* The framework's PQC-first cryptography surface.
|
|
46
46
|
*/
|
|
47
|
-
var nodeCrypto = require("crypto");
|
|
48
|
-
var nodeFs = require("fs");
|
|
49
|
-
var { pipeline } = require("stream/promises");
|
|
47
|
+
var nodeCrypto = require("node:crypto");
|
|
48
|
+
var nodeFs = require("node:fs");
|
|
49
|
+
var { pipeline } = require("node:stream/promises");
|
|
50
50
|
var { xchacha20poly1305 } = require("./vendor/noble-ciphers.cjs");
|
|
51
51
|
var C = require("./constants");
|
|
52
52
|
|
package/lib/daemon.js
CHANGED
|
@@ -37,8 +37,8 @@
|
|
|
37
37
|
* Long-running process orchestration — supervisor wiring around `b.appShutdown`, foreground signal handling, detached-fork spawn via `b.processSpawn`, PID-file health probes, and a SIGTERM-then-SIGKILL restart policy on stop.
|
|
38
38
|
*/
|
|
39
39
|
|
|
40
|
-
var nodeFs = require("fs");
|
|
41
|
-
var nodePath = require("path");
|
|
40
|
+
var nodeFs = require("node:fs");
|
|
41
|
+
var nodePath = require("node:path");
|
|
42
42
|
var numericBounds = require("./numeric-bounds");
|
|
43
43
|
var appShutdown = require("./app-shutdown");
|
|
44
44
|
var processSpawn = require("./process-spawn");
|
package/lib/db-file-lifecycle.js
CHANGED
|
@@ -57,9 +57,9 @@
|
|
|
57
57
|
* bun:sqlite).
|
|
58
58
|
*/
|
|
59
59
|
|
|
60
|
-
var nodeFs = require("fs");
|
|
61
|
-
var os = require("os");
|
|
62
|
-
var nodePath = require("path");
|
|
60
|
+
var nodeFs = require("node:fs");
|
|
61
|
+
var os = require("node:os");
|
|
62
|
+
var nodePath = require("node:path");
|
|
63
63
|
var atomicFile = require("./atomic-file");
|
|
64
64
|
var C = require("./constants");
|
|
65
65
|
var { generateBytes, generateToken, encryptPacked, decryptPacked } = require("./crypto");
|
|
@@ -115,8 +115,8 @@ function _resolveTmpDir(operatorTmpDir, allowDiskFallback) {
|
|
|
115
115
|
* Returns an encrypted-DB-file lifecycle handle. Methods:
|
|
116
116
|
*
|
|
117
117
|
* - `decryptToTmp()` — decrypt the encrypted DB file to a fresh
|
|
118
|
-
* tmpfs path and return the
|
|
119
|
-
* return the existing
|
|
118
|
+
* tmpfs path and return the path. Idempotent: subsequent calls
|
|
119
|
+
* return the existing path.
|
|
120
120
|
* - `dbPath` — the resolved plaintext-tmpfs path (set after
|
|
121
121
|
* `decryptToTmp()` runs).
|
|
122
122
|
* - `startFlushTimer(db, opts?)` — start a periodic flush timer
|
package/lib/db-schema.js
CHANGED
package/lib/db.js
CHANGED
|
@@ -41,8 +41,8 @@
|
|
|
41
41
|
* @card
|
|
42
42
|
* Database core — SQLite (node:sqlite) wrapped in encrypted-at-rest storage, sealed-column field-level crypto, append-only audit-chain integration, declarative schema reconcile, and run-once migrations.
|
|
43
43
|
*/
|
|
44
|
-
var nodeFs = require("fs");
|
|
45
|
-
var nodePath = require("path");
|
|
44
|
+
var nodeFs = require("node:fs");
|
|
45
|
+
var nodePath = require("node:path");
|
|
46
46
|
var { DatabaseSync } = require("node:sqlite");
|
|
47
47
|
var { Readable } = require("node:stream");
|
|
48
48
|
var atomicFile = require("./atomic-file");
|
|
@@ -1479,7 +1479,7 @@ function stream(sql) {
|
|
|
1479
1479
|
this.destroy(new DbError("db/stream-limit-exceeded",
|
|
1480
1480
|
"db.stream: emitted " + emitted + " rows, exceeding streamLimit " +
|
|
1481
1481
|
perCallLimit + ". Pass opts.streamLimit higher OR raise via " +
|
|
1482
|
-
"db.init({ streamLimit }) after auditing the export
|
|
1482
|
+
"db.init({ streamLimit }) after auditing the export path."));
|
|
1483
1483
|
return;
|
|
1484
1484
|
}
|
|
1485
1485
|
var step = iter.next();
|
package/lib/dev.js
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* spawned app's logs unchanged.
|
|
12
12
|
*
|
|
13
13
|
* The hot-reload loop spawns the app as a child process, watches the
|
|
14
|
-
* source directories with `
|
|
14
|
+
* source directories with `fs.watch({ recursive: true })`, and
|
|
15
15
|
* restarts the child when an unignored file changes. On-disk state
|
|
16
16
|
* (vault keys, encrypted DB, sealed cookies) survives the restart
|
|
17
17
|
* because the child re-opens the files; only in-process state is
|
|
@@ -41,15 +41,15 @@
|
|
|
41
41
|
*
|
|
42
42
|
* Test seams: `opts._spawn(cmd, args, sopts)` and
|
|
43
43
|
* `opts._watch(dir, wopts, listener)` default to `child_process.spawn`
|
|
44
|
-
* and `
|
|
44
|
+
* and `fs.watch`; unit tests pass fakes to drive the engine without
|
|
45
45
|
* real subprocesses.
|
|
46
46
|
*
|
|
47
47
|
* @card
|
|
48
48
|
* Dev-mode helpers — hot-reload signal (file watch + child-process restart), route-list dump exposed via `dev.stats()`, and a request inspector courtesy of `stdio: 'inherit'` so the operator sees the spawned app's logs unchanged.
|
|
49
49
|
*/
|
|
50
50
|
|
|
51
|
-
var nodePath = require("path");
|
|
52
|
-
var nodeFs = require("fs");
|
|
51
|
+
var nodePath = require("node:path");
|
|
52
|
+
var nodeFs = require("node:fs");
|
|
53
53
|
var lazyRequire = require("./lazy-require");
|
|
54
54
|
var logModule = require("./log");
|
|
55
55
|
var numericBounds = require("./numeric-bounds");
|
|
@@ -65,7 +65,7 @@ var { FrameworkError } = require("./framework-error");
|
|
|
65
65
|
// inspecting a deployed bundle don't see it as a top-level dep of an
|
|
66
66
|
// otherwise hermetic framework. Production deployments additionally
|
|
67
67
|
// refuse to construct dev.create() — see _refuseInProduction below.
|
|
68
|
-
var childProcess = lazyRequire(function () { return require("child_process"); });
|
|
68
|
+
var childProcess = lazyRequire(function () { return require("node:child_process"); });
|
|
69
69
|
|
|
70
70
|
class DevError extends FrameworkError {
|
|
71
71
|
constructor(code, message) {
|
package/lib/dr-runbook.js
CHANGED
|
@@ -42,8 +42,8 @@
|
|
|
42
42
|
* Disaster-recovery runbook executor — composes pre-recorded regulatory steps, operator confirmation gates, and the framework's audit chain into a posture-appropriate Markdown runbook a regulator can read alongside `b.audit`.
|
|
43
43
|
*/
|
|
44
44
|
|
|
45
|
-
var nodeFs = require("fs");
|
|
46
|
-
var nodePath = require("path");
|
|
45
|
+
var nodeFs = require("node:fs");
|
|
46
|
+
var nodePath = require("node:path");
|
|
47
47
|
var C = require("./constants");
|
|
48
48
|
var atomicFile = require("./atomic-file");
|
|
49
49
|
var lazyRequire = require("./lazy-require");
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
* - externaldb.migrate.lock.acquired { holder }
|
|
49
49
|
* - externaldb.migrate.lock.released { holder }
|
|
50
50
|
*/
|
|
51
|
-
var nodePath = require("path");
|
|
51
|
+
var nodePath = require("node:path");
|
|
52
52
|
var atomicFile = require("./atomic-file");
|
|
53
53
|
var canonicalJson = require("./canonical-json");
|
|
54
54
|
var { sha3Hash } = require("./crypto");
|
|
@@ -64,7 +64,7 @@ var ExternalDbMigrateError = defineClass("ExternalDbMigrateError", { alwaysPerma
|
|
|
64
64
|
|
|
65
65
|
// Lazy require — external-db imports back into this module via its
|
|
66
66
|
// public `migrate` namespace; load-order would cycle without lazy.
|
|
67
|
-
var
|
|
67
|
+
var externalDb = lazyRequire(function () { return require("./external-db"); });
|
|
68
68
|
|
|
69
69
|
var TRACKING_TABLE = "_blamejs_externaldb_migrations";
|
|
70
70
|
var LOCK_TABLE = "_blamejs_externaldb_migrations_lock";
|
|
@@ -327,7 +327,7 @@ function _resolveBackendName(opts) {
|
|
|
327
327
|
}
|
|
328
328
|
// Default to the externalDb's defaultBackend; throw clear if not initialized.
|
|
329
329
|
var listed;
|
|
330
|
-
try { listed =
|
|
330
|
+
try { listed = externalDb().listBackends(); }
|
|
331
331
|
catch (_e) {
|
|
332
332
|
throw _err("externaldb-migrate/not-initialized",
|
|
333
333
|
"externalDb is not initialized — call b.externalDb.init({ backends }) first");
|
|
@@ -363,14 +363,14 @@ function create(opts) {
|
|
|
363
363
|
|
|
364
364
|
function _ctx(backendName) {
|
|
365
365
|
return {
|
|
366
|
-
externalDb:
|
|
366
|
+
externalDb: externalDb(),
|
|
367
367
|
backendName: backendName,
|
|
368
368
|
};
|
|
369
369
|
}
|
|
370
370
|
|
|
371
371
|
async function status() {
|
|
372
372
|
var backendName = _resolveBackendName(opts);
|
|
373
|
-
return await
|
|
373
|
+
return await externalDb().transaction(async function (xdb) {
|
|
374
374
|
await _ensureTrackingTable(xdb);
|
|
375
375
|
var res = await xdb.query(
|
|
376
376
|
"SELECT name, description, appliedAt FROM " + Q_TRACKING +
|
|
@@ -394,7 +394,7 @@ function create(opts) {
|
|
|
394
394
|
var backendName = _resolveBackendName(opts);
|
|
395
395
|
var ctx = _ctx(backendName);
|
|
396
396
|
|
|
397
|
-
return await
|
|
397
|
+
return await externalDb().transaction(async function (xdb) {
|
|
398
398
|
await _ensureTrackingTable(xdb);
|
|
399
399
|
await _ensureLockTable(xdb);
|
|
400
400
|
await _ensureHistoryTable(xdb);
|
|
@@ -404,7 +404,7 @@ function create(opts) {
|
|
|
404
404
|
// pool acquisition for the lock connection — the migrate runner
|
|
405
405
|
// serializes apply order, so this single-connection lock is
|
|
406
406
|
// sufficient.
|
|
407
|
-
var lockResult = await
|
|
407
|
+
var lockResult = await externalDb().transaction(async function (xdb) {
|
|
408
408
|
return await _acquireLock(xdb, opts);
|
|
409
409
|
}, { backend: backendName });
|
|
410
410
|
var lockHolder = lockResult.holder;
|
|
@@ -421,7 +421,7 @@ function create(opts) {
|
|
|
421
421
|
}
|
|
422
422
|
|
|
423
423
|
try {
|
|
424
|
-
var appliedRes = await
|
|
424
|
+
var appliedRes = await externalDb().query(
|
|
425
425
|
"SELECT name FROM " + Q_TRACKING, [], { backend: backendName }
|
|
426
426
|
);
|
|
427
427
|
var appliedSet = new Set(((appliedRes && appliedRes.rows) || []).map(function (r) { return r.name; }));
|
|
@@ -435,7 +435,7 @@ function create(opts) {
|
|
|
435
435
|
var mod = _loadMigration(file, dir);
|
|
436
436
|
var t0 = Date.now();
|
|
437
437
|
try {
|
|
438
|
-
await
|
|
438
|
+
await externalDb().transaction(async function (xdb) {
|
|
439
439
|
await mod.up(xdb, ctx);
|
|
440
440
|
var ranAt = new Date().toISOString();
|
|
441
441
|
await xdb.query(
|
|
@@ -489,7 +489,7 @@ function create(opts) {
|
|
|
489
489
|
return { applied: applied, skipped: skipped, backend: backendName };
|
|
490
490
|
} finally {
|
|
491
491
|
try {
|
|
492
|
-
await
|
|
492
|
+
await externalDb().transaction(async function (xdb) {
|
|
493
493
|
await _releaseLock(xdb, lockHolder);
|
|
494
494
|
}, { backend: backendName });
|
|
495
495
|
_emit(audit, "externaldb.migrate.lock.released", "success",
|
|
@@ -509,12 +509,12 @@ function create(opts) {
|
|
|
509
509
|
var backendName = _resolveBackendName(opts);
|
|
510
510
|
var ctx = _ctx(backendName);
|
|
511
511
|
|
|
512
|
-
await
|
|
512
|
+
await externalDb().transaction(async function (xdb) {
|
|
513
513
|
await _ensureTrackingTable(xdb);
|
|
514
514
|
await _ensureLockTable(xdb);
|
|
515
515
|
}, { backend: backendName });
|
|
516
516
|
|
|
517
|
-
var lockResultDown = await
|
|
517
|
+
var lockResultDown = await externalDb().transaction(async function (xdb) {
|
|
518
518
|
return await _acquireLock(xdb, opts);
|
|
519
519
|
}, { backend: backendName });
|
|
520
520
|
var lockHolder = lockResultDown.holder;
|
|
@@ -528,7 +528,7 @@ function create(opts) {
|
|
|
528
528
|
}
|
|
529
529
|
|
|
530
530
|
try {
|
|
531
|
-
var appliedRes = await
|
|
531
|
+
var appliedRes = await externalDb().query(
|
|
532
532
|
"SELECT name FROM " + Q_TRACKING + " ORDER BY appliedAt DESC, name DESC LIMIT $1",
|
|
533
533
|
[steps], { backend: backendName }
|
|
534
534
|
);
|
|
@@ -543,7 +543,7 @@ function create(opts) {
|
|
|
543
543
|
}
|
|
544
544
|
var t0 = Date.now();
|
|
545
545
|
try {
|
|
546
|
-
await
|
|
546
|
+
await externalDb().transaction(async function (xdb) {
|
|
547
547
|
await mod.down(xdb, ctx);
|
|
548
548
|
await xdb.query(
|
|
549
549
|
"DELETE FROM " + Q_TRACKING + " WHERE name = $1",
|
|
@@ -564,7 +564,7 @@ function create(opts) {
|
|
|
564
564
|
return { reverted: reverted, backend: backendName };
|
|
565
565
|
} finally {
|
|
566
566
|
try {
|
|
567
|
-
await
|
|
567
|
+
await externalDb().transaction(async function (xdb) {
|
|
568
568
|
await _releaseLock(xdb, lockHolder);
|
|
569
569
|
}, { backend: backendName });
|
|
570
570
|
_emit(audit, "externaldb.migrate.lock.released", "success",
|
|
@@ -588,7 +588,7 @@ function create(opts) {
|
|
|
588
588
|
async function history(historyOpts) {
|
|
589
589
|
historyOpts = historyOpts || {};
|
|
590
590
|
var backendName = _resolveBackendName(opts);
|
|
591
|
-
return await
|
|
591
|
+
return await externalDb().transaction(async function (xdb) {
|
|
592
592
|
await _ensureHistoryTable(xdb);
|
|
593
593
|
var res = await xdb.query(
|
|
594
594
|
"SELECT version, ranAt, ranBy, schemaIntrospectionHash, signature, publicKeyFingerprint " +
|
|
@@ -16,13 +16,13 @@
|
|
|
16
16
|
* then evaluate.
|
|
17
17
|
*/
|
|
18
18
|
|
|
19
|
-
var nodeCrypto = require("crypto");
|
|
19
|
+
var nodeCrypto = require("node:crypto");
|
|
20
20
|
var validateOpts = require("./validate-opts");
|
|
21
21
|
var lazyRequire = require("./lazy-require");
|
|
22
22
|
var { defineClass } = require("./framework-error");
|
|
23
23
|
var FlagError = defineClass("FlagError", { alwaysPermanent: true });
|
|
24
24
|
|
|
25
|
-
var
|
|
25
|
+
var bCrypto = lazyRequire(function () { return require("./crypto"); });
|
|
26
26
|
|
|
27
27
|
function _normalize(input, label) {
|
|
28
28
|
if (input == null) return {};
|
|
@@ -96,7 +96,7 @@ function fromRequest(req, opts) {
|
|
|
96
96
|
headers["x-forwarded-for"].split(",")[0].trim()) ||
|
|
97
97
|
(req.connection && req.connection.remoteAddress) || "";
|
|
98
98
|
var ua = headers["user-agent"] || "";
|
|
99
|
-
tk = "anon:" +
|
|
99
|
+
tk = "anon:" + bCrypto().sha3Hash(ip + ":" + ua).slice(0, 16); // allow:raw-byte-literal — base16 prefix len
|
|
100
100
|
}
|
|
101
101
|
ctx.targetingKey = tk;
|
|
102
102
|
|
package/lib/flag-providers.js
CHANGED
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
* provider.kind -> "local-file" | "memory" | "environment" | <operator-defined>
|
|
37
37
|
*/
|
|
38
38
|
|
|
39
|
-
var nodeFs = require("fs");
|
|
39
|
+
var nodeFs = require("node:fs");
|
|
40
40
|
var validateOpts = require("./validate-opts");
|
|
41
41
|
var lazyRequire = require("./lazy-require");
|
|
42
42
|
var safeJson = require("./safe-json");
|
package/lib/http-client.js
CHANGED
|
@@ -35,15 +35,15 @@
|
|
|
35
35
|
* Outbound HTTP client with SSRF gate, retry, circuit breaker, wall-clock + idle timeouts, AbortSignal propagation, connection pooling, streaming, and ALPN-negotiated HTTP/2.
|
|
36
36
|
*/
|
|
37
37
|
|
|
38
|
-
var nodeFs = require("fs");
|
|
39
|
-
var http = require("http");
|
|
40
|
-
var https = require("https");
|
|
41
|
-
var http2 = require("http2");
|
|
42
|
-
var nodeCrypto = require("crypto");
|
|
43
|
-
var nodePath = require("path");
|
|
38
|
+
var nodeFs = require("node:fs");
|
|
39
|
+
var http = require("node:http");
|
|
40
|
+
var https = require("node:https");
|
|
41
|
+
var http2 = require("node:http2");
|
|
42
|
+
var nodeCrypto = require("node:crypto");
|
|
43
|
+
var nodePath = require("node:path");
|
|
44
44
|
var nodeStream = require("node:stream");
|
|
45
45
|
var streamPromises = require("node:stream/promises");
|
|
46
|
-
var { URL } = require("url");
|
|
46
|
+
var { URL } = require("node:url");
|
|
47
47
|
var atomicFile = require("./atomic-file");
|
|
48
48
|
var C = require("./constants");
|
|
49
49
|
var bCrypto = require("./crypto");
|
|
@@ -476,9 +476,9 @@ function _attachJarCookie(headers, jar, url) {
|
|
|
476
476
|
function _buildMultipartBody(spec) {
|
|
477
477
|
var boundary = "----blamejs-mp-" + bCrypto.generateToken(C.BYTES.bytes(16));
|
|
478
478
|
var CRLF = "\r\n";
|
|
479
|
-
var nodeFs = require("fs"); // allow:inline-require — only on multipart paths that touch the filesystem
|
|
480
|
-
var path = require("path"); // allow:inline-require — same
|
|
481
|
-
var nodeStream = require("stream"); // allow:inline-require — Readable subclass only when streaming
|
|
479
|
+
var nodeFs = require("node:fs"); // allow:inline-require — only on multipart paths that touch the filesystem
|
|
480
|
+
var path = require("node:path"); // allow:inline-require — same
|
|
481
|
+
var nodeStream = require("node:stream"); // allow:inline-require — Readable subclass only when streaming
|
|
482
482
|
|
|
483
483
|
// Each entry is { headerBytes, source } where source is one of:
|
|
484
484
|
// { kind: "buffer", buf: Buffer }
|
|
@@ -1959,7 +1959,7 @@ function _validateUploadOpts(opts) {
|
|
|
1959
1959
|
*
|
|
1960
1960
|
* POSTs a file body via `multipart/form-data` without buffering the
|
|
1961
1961
|
* file in memory. Streams from disk through the request body using
|
|
1962
|
-
* `
|
|
1962
|
+
* `fs.createReadStream` + `node:stream/promises` pipeline. Throws
|
|
1963
1963
|
* `httpclient/missing-file` when `opts.file.path` doesn't exist or
|
|
1964
1964
|
* isn't a regular file. Composes through `request()` so SSRF gating,
|
|
1965
1965
|
* proxy routing, and the per-origin transport cache apply unchanged.
|
|
@@ -59,7 +59,7 @@
|
|
|
59
59
|
* // → { valid, label, keyid, alg, covered, reason? }
|
|
60
60
|
*/
|
|
61
61
|
|
|
62
|
-
var nodeCrypto = require("crypto");
|
|
62
|
+
var nodeCrypto = require("node:crypto");
|
|
63
63
|
var safeUrl = require("./safe-url");
|
|
64
64
|
var safeBuffer = require("./safe-buffer");
|
|
65
65
|
var C = require("./constants");
|
package/lib/keychain.js
CHANGED
|
@@ -43,8 +43,8 @@
|
|
|
43
43
|
* OS keychain abstraction with encrypted-file fallback — stores / retrieves / removes a `(service, account) -> password` binding via the host operating system's native credential store.
|
|
44
44
|
*/
|
|
45
45
|
|
|
46
|
-
var nodeFs = require("fs");
|
|
47
|
-
var nodePath = require("path");
|
|
46
|
+
var nodeFs = require("node:fs");
|
|
47
|
+
var nodePath = require("node:path");
|
|
48
48
|
|
|
49
49
|
var atomicFile = require("./atomic-file");
|
|
50
50
|
var C = require("./constants");
|
|
@@ -161,7 +161,7 @@ function _validateFallbackFile(filepath, primitive) {
|
|
|
161
161
|
KeychainError, "keychain/bad-fallback-file");
|
|
162
162
|
if (!nodePath.isAbsolute(filepath)) {
|
|
163
163
|
throw new KeychainError("keychain/relative-fallback-file",
|
|
164
|
-
primitive + ": fallbackFile must be an absolute
|
|
164
|
+
primitive + ": fallbackFile must be an absolute path; got " + filepath);
|
|
165
165
|
}
|
|
166
166
|
}
|
|
167
167
|
|
|
@@ -613,7 +613,7 @@ function _isFallbackError(e) {
|
|
|
613
613
|
* service: string, // required, no NUL/CR/LF bytes
|
|
614
614
|
* account: string, // required, no NUL/CR/LF bytes
|
|
615
615
|
* password: string, // required, non-empty
|
|
616
|
-
* fallbackFile?: string, // absolute
|
|
616
|
+
* fallbackFile?: string, // absolute path; required if file fallback may engage
|
|
617
617
|
* passphrase?: string, // required when fallbackFile engages (Argon2id-derived KEK)
|
|
618
618
|
* preferFile?: boolean, // default: false
|
|
619
619
|
* audit?: boolean, // default: true (emits keychain.stored)
|
|
@@ -685,7 +685,7 @@ async function store(opts) {
|
|
|
685
685
|
* {
|
|
686
686
|
* service: string, // required
|
|
687
687
|
* account: string, // required
|
|
688
|
-
* fallbackFile?: string, // absolute
|
|
688
|
+
* fallbackFile?: string, // absolute path; required for file-backend lookup
|
|
689
689
|
* passphrase?: string, // required when fallbackFile engages
|
|
690
690
|
* preferFile?: boolean, // default: false
|
|
691
691
|
* audit?: boolean, // default: true (emits keychain.retrieved)
|
|
@@ -781,7 +781,7 @@ async function retrieve(opts) {
|
|
|
781
781
|
* {
|
|
782
782
|
* service: string, // required
|
|
783
783
|
* account: string, // required
|
|
784
|
-
* fallbackFile?: string, // absolute
|
|
784
|
+
* fallbackFile?: string, // absolute path; required for file-backend cleanup
|
|
785
785
|
* passphrase?: string, // required when fallbackFile engages
|
|
786
786
|
* preferFile?: boolean, // default: false
|
|
787
787
|
* audit?: boolean, // default: true (emits keychain.removed)
|
package/lib/local-db-thin.js
CHANGED
|
@@ -53,8 +53,8 @@
|
|
|
53
53
|
* localdb.thin.closed { file }
|
|
54
54
|
*/
|
|
55
55
|
|
|
56
|
-
var nodeFs = require("fs");
|
|
57
|
-
var nodePath = require("path");
|
|
56
|
+
var nodeFs = require("node:fs");
|
|
57
|
+
var nodePath = require("node:path");
|
|
58
58
|
var lazyRequire = require("./lazy-require");
|
|
59
59
|
var validateOpts = require("./validate-opts");
|
|
60
60
|
var safeSql = require("./safe-sql");
|
package/lib/log-stream-local.js
CHANGED
|
@@ -23,9 +23,9 @@
|
|
|
23
23
|
* fileNamePrefix: 'blamejs'
|
|
24
24
|
* }
|
|
25
25
|
*/
|
|
26
|
-
var nodeFs = require("fs");
|
|
27
|
-
var nodePath = require("path");
|
|
28
|
-
var zlib = require("zlib");
|
|
26
|
+
var nodeFs = require("node:fs");
|
|
27
|
+
var nodePath = require("node:path");
|
|
28
|
+
var zlib = require("node:zlib");
|
|
29
29
|
var atomicFile = require("./atomic-file");
|
|
30
30
|
var C = require("./constants");
|
|
31
31
|
var { boot } = require("./log");
|
package/lib/log-stream-syslog.js
CHANGED
|
@@ -27,10 +27,10 @@
|
|
|
27
27
|
* reconnect and replay them on the new connection. UDP is best-effort
|
|
28
28
|
* (datagrams that race a closed socket are dropped to onDrop).
|
|
29
29
|
*/
|
|
30
|
-
var dgram = require("dgram");
|
|
31
|
-
var net = require("net");
|
|
32
|
-
var os = require("os");
|
|
33
|
-
var nodeTls = require("tls");
|
|
30
|
+
var dgram = require("node:dgram");
|
|
31
|
+
var net = require("node:net");
|
|
32
|
+
var os = require("node:os");
|
|
33
|
+
var nodeTls = require("node:tls");
|
|
34
34
|
var C = require("./constants");
|
|
35
35
|
var { boot } = require("./log");
|
|
36
36
|
var safeAsync = require("./safe-async");
|
package/lib/log.js
CHANGED
|
@@ -72,7 +72,7 @@ var { FrameworkError } = require("./framework-error");
|
|
|
72
72
|
// pulling the whole crypto bundle into the framework's earliest
|
|
73
73
|
// boot path (request-id middleware needs only generateToken).
|
|
74
74
|
var safeEnv = lazyRequire(function () { return require("./parsers/safe-env"); });
|
|
75
|
-
var
|
|
75
|
+
var bCrypto = lazyRequire(function () { return require("./crypto"); });
|
|
76
76
|
|
|
77
77
|
// Request-id correlation token — 8 bytes hex-encoded (16 chars). Short
|
|
78
78
|
// enough to read in a log line, long enough to keep collisions far below
|
|
@@ -384,7 +384,7 @@ function create(opts) {
|
|
|
384
384
|
// 16 random hex chars — short, sufficient correlation entropy.
|
|
385
385
|
// Routes through the framework token primitive so the entropy
|
|
386
386
|
// source matches the rest of the codebase.
|
|
387
|
-
return
|
|
387
|
+
return bCrypto().generateToken(REQUEST_ID_BYTES);
|
|
388
388
|
};
|
|
389
389
|
return function logRequestIdMiddleware(req, res, next) {
|
|
390
390
|
var inbound = req.headers && req.headers[headerName];
|
package/lib/mail-arc-sign.js
CHANGED
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
* hop: `dkim.arc.signed`.
|
|
49
49
|
*/
|
|
50
50
|
|
|
51
|
-
var nodeCrypto = require("crypto");
|
|
51
|
+
var nodeCrypto = require("node:crypto");
|
|
52
52
|
var lazyRequire = require("./lazy-require");
|
|
53
53
|
var validateOpts = require("./validate-opts");
|
|
54
54
|
var safeBuffer = require("./safe-buffer");
|
package/lib/mail-dkim.js
CHANGED
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
*/
|
|
41
41
|
var lazyRequire = require("./lazy-require");
|
|
42
42
|
var audit = lazyRequire(function () { return require("./audit"); });
|
|
43
|
-
var nodeCrypto = require("crypto");
|
|
43
|
+
var nodeCrypto = require("node:crypto");
|
|
44
44
|
var safeBuffer = require("./safe-buffer");
|
|
45
45
|
var validateOpts = require("./validate-opts");
|
|
46
46
|
var { FrameworkError } = require("./framework-error");
|
package/lib/mail.js
CHANGED
|
@@ -68,11 +68,11 @@ var dkim = require("./mail-dkim");
|
|
|
68
68
|
var mailAuth = require("./mail-auth");
|
|
69
69
|
var mailBimi = require("./mail-bimi");
|
|
70
70
|
var mailUnsubscribe = require("./mail-unsubscribe");
|
|
71
|
-
var net = lazyRequire(function () { return require("net"); });
|
|
71
|
+
var net = lazyRequire(function () { return require("node:net"); });
|
|
72
72
|
var networkDns = lazyRequire(function () { return require("./network-dns"); });
|
|
73
|
-
var nodeUrl = require("url");
|
|
73
|
+
var nodeUrl = require("node:url");
|
|
74
74
|
var numericBounds = require("./numeric-bounds");
|
|
75
|
-
var
|
|
75
|
+
var nodeTls = lazyRequire(function () { return require("node:tls"); });
|
|
76
76
|
var safeJson = require("./safe-json");
|
|
77
77
|
var safeSchema = require("./safe-schema");
|
|
78
78
|
var validateOpts = require("./validate-opts");
|
|
@@ -221,7 +221,7 @@ async function reverseDns(ip) {
|
|
|
221
221
|
// the original input. RFC 8601 §3 says the forward query must use
|
|
222
222
|
// the same family as the source; mismatched families don't count
|
|
223
223
|
// as confirmation.
|
|
224
|
-
var net = require("net");
|
|
224
|
+
var net = require("node:net");
|
|
225
225
|
var forwardAddrs = [];
|
|
226
226
|
try {
|
|
227
227
|
if (net.isIPv6(ip)) {
|
|
@@ -916,7 +916,7 @@ function _messageRequires8BitMime(message) {
|
|
|
916
916
|
// resultOrder applies).
|
|
917
917
|
function _autoDetectFamily() {
|
|
918
918
|
try {
|
|
919
|
-
var os = require("os");
|
|
919
|
+
var os = require("node:os");
|
|
920
920
|
var ifaces = os.networkInterfaces();
|
|
921
921
|
var hasV6 = false;
|
|
922
922
|
var hasV4 = false;
|
|
@@ -1142,7 +1142,7 @@ function _smtpSend(message, cfg) {
|
|
|
1142
1142
|
tlsConnectOpts.host = cfg.host;
|
|
1143
1143
|
tlsConnectOpts.port = cfg.port;
|
|
1144
1144
|
if (family === 4 || family === 6) tlsConnectOpts.family = family;
|
|
1145
|
-
attachSocket(
|
|
1145
|
+
attachSocket(nodeTls().connect(tlsConnectOpts));
|
|
1146
1146
|
} else {
|
|
1147
1147
|
var netOpts = { host: cfg.host, port: cfg.port };
|
|
1148
1148
|
if (family === 4 || family === 6) netOpts.family = family;
|
|
@@ -1211,7 +1211,7 @@ function _smtpSend(message, cfg) {
|
|
|
1211
1211
|
if (code !== 220) { fail("starttls-rejected (code " + code + ")"); return; }
|
|
1212
1212
|
var tlsConnectOpts = Object.assign({ socket: socket }, cfg.tlsOpts);
|
|
1213
1213
|
if (cfg.servername) tlsConnectOpts.servername = cfg.servername;
|
|
1214
|
-
var tlsSocket =
|
|
1214
|
+
var tlsSocket = nodeTls().connect(tlsConnectOpts, function () {
|
|
1215
1215
|
upgradedToTLS = true;
|
|
1216
1216
|
try { socket.removeAllListeners("data"); } catch (_e) { /* listeners migrate to upgraded socket */ }
|
|
1217
1217
|
attachSocket(tlsSocket);
|
package/lib/mcp-tool-registry.js
CHANGED
|
@@ -64,7 +64,7 @@ var lazyRequire = require("./lazy-require");
|
|
|
64
64
|
var validateOpts = require("./validate-opts");
|
|
65
65
|
var { McpError } = require("./framework-error");
|
|
66
66
|
|
|
67
|
-
var
|
|
67
|
+
var bCrypto = lazyRequire(function () { return require("./crypto"); });
|
|
68
68
|
var audit = lazyRequire(function () { return require("./audit"); });
|
|
69
69
|
var C = require("./constants");
|
|
70
70
|
|
|
@@ -202,7 +202,7 @@ function create(opts) {
|
|
|
202
202
|
outputSchema: tool.outputSchema || null,
|
|
203
203
|
alg: alg,
|
|
204
204
|
});
|
|
205
|
-
var sig =
|
|
205
|
+
var sig = bCrypto().sign(Buffer.from(payload, "utf8"), signingKey);
|
|
206
206
|
return {
|
|
207
207
|
tool: tool.name,
|
|
208
208
|
description: tool.description || "",
|
|
@@ -254,7 +254,7 @@ function create(opts) {
|
|
|
254
254
|
}),
|
|
255
255
|
issuedAt: new Date().toISOString(),
|
|
256
256
|
});
|
|
257
|
-
var sig =
|
|
257
|
+
var sig = bCrypto().sign(Buffer.from(manifestBody, "utf8"), signingKey);
|
|
258
258
|
return {
|
|
259
259
|
body: manifestBody,
|
|
260
260
|
signature: sig.toString("base64"),
|
|
@@ -309,7 +309,7 @@ function create(opts) {
|
|
|
309
309
|
}
|
|
310
310
|
var nonce = typeof callOpts.nonce === "string" && callOpts.nonce.length > 0
|
|
311
311
|
? callOpts.nonce
|
|
312
|
-
:
|
|
312
|
+
: bCrypto().generateToken(16); // allow:raw-byte-literal — 128-bit nonce, not byte arithmetic on a payload
|
|
313
313
|
var iat = new Date();
|
|
314
314
|
var exp = new Date(iat.getTime() + ttlMs);
|
|
315
315
|
var envelope = {
|
|
@@ -320,7 +320,7 @@ function create(opts) {
|
|
|
320
320
|
exp: exp.toISOString(),
|
|
321
321
|
};
|
|
322
322
|
var payload = Buffer.from(canonicalJson.stringify(envelope), "utf8");
|
|
323
|
-
var sig =
|
|
323
|
+
var sig = bCrypto().sign(payload, signingKey);
|
|
324
324
|
_emitAudit("mcp.tool_registry.call_signed",
|
|
325
325
|
{ tool: envelope.tool, nonce: nonce, alg: alg });
|
|
326
326
|
return {
|
|
@@ -438,7 +438,7 @@ function create(opts) {
|
|
|
438
438
|
"verifyCall: signature not valid base64");
|
|
439
439
|
}
|
|
440
440
|
var ok;
|
|
441
|
-
try { ok =
|
|
441
|
+
try { ok = bCrypto().verify(payload, sigBuf, verifyingKey); }
|
|
442
442
|
catch (verifyErr) {
|
|
443
443
|
_emitAudit("mcp.tool_registry.call_verify_error",
|
|
444
444
|
{ tool: env.tool, nonce: env.nonce, error: String(verifyErr.message || verifyErr) }, "denied");
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
* paths / methods.
|
|
20
20
|
*/
|
|
21
21
|
|
|
22
|
-
var nodeCrypto = require("crypto");
|
|
22
|
+
var nodeCrypto = require("node:crypto");
|
|
23
23
|
var validateOpts = require("../validate-opts");
|
|
24
24
|
var lazyRequire = require("../lazy-require");
|
|
25
25
|
var { defineClass } = require("../framework-error");
|
|
@@ -100,7 +100,7 @@
|
|
|
100
100
|
* dots collapsed, control characters stripped, length capped at 255.
|
|
101
101
|
* Tmp file path is generated by the framework, never derived from
|
|
102
102
|
* the operator-supplied filename — so a malicious filename can't
|
|
103
|
-
* collide with a sensitive
|
|
103
|
+
* collide with a sensitive path.
|
|
104
104
|
* - Multipart parser refuses fields whose `name` is in POISONED_KEYS
|
|
105
105
|
* (consistent with the JSON path).
|
|
106
106
|
* - Tmp files set with mode 0o600, parent dir created with 0o700.
|
|
@@ -108,9 +108,9 @@
|
|
|
108
108
|
* error) so a crashing handler doesn't leak files.
|
|
109
109
|
*/
|
|
110
110
|
|
|
111
|
-
var nodeFs = require("fs");
|
|
112
|
-
var os = require("os");
|
|
113
|
-
var nodePath = require("path");
|
|
111
|
+
var nodeFs = require("node:fs");
|
|
112
|
+
var os = require("node:os");
|
|
113
|
+
var nodePath = require("node:path");
|
|
114
114
|
var nodeCrypto = require("node:crypto");
|
|
115
115
|
var atomicFile = require("../atomic-file");
|
|
116
116
|
var bCrypto = require("../crypto");
|
|
@@ -123,7 +123,7 @@ var validateOpts = require("../validate-opts");
|
|
|
123
123
|
var C = require("../constants");
|
|
124
124
|
var { defineClass } = require("../framework-error");
|
|
125
125
|
|
|
126
|
-
var
|
|
126
|
+
var audit = lazyRequire(function () { return require("../audit"); });
|
|
127
127
|
|
|
128
128
|
// Node's HTTP parser surfaces malformed chunked-transfer-encoding via a
|
|
129
129
|
// stable family of HPE_* codes. RFC 9112 §7.1 — when a server rejects a
|
|
@@ -1294,7 +1294,7 @@ function create(opts) {
|
|
|
1294
1294
|
? "http.chunked.extension.refused"
|
|
1295
1295
|
: "http.chunked.malformed.refused";
|
|
1296
1296
|
try {
|
|
1297
|
-
|
|
1297
|
+
audit().safeEmit({
|
|
1298
1298
|
action: chunkAction,
|
|
1299
1299
|
outcome: "denied",
|
|
1300
1300
|
metadata: {
|