gina 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (475) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/CONTRIBUTING.md +2 -2
  3. package/README.md +10 -8
  4. package/ROADMAP.md +2 -2
  5. package/framework/v0.4.6/VERSION +1 -0
  6. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css +1 -0
  7. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  8. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  9. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +62 -0
  10. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.js +934 -42
  11. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js +571 -0
  12. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  13. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  14. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.js +62 -6
  15. package/framework/v0.4.6/core/controller/controller.render-nunjucks-async.js +788 -0
  16. package/framework/v0.4.6/core/controller/controller.render-swig-async.js +664 -0
  17. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-swig.js +52 -5
  18. package/framework/{v0.4.5 → v0.4.6}/core/gna.js +24 -0
  19. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/README.md +35 -0
  20. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/src/main.js +136 -2
  21. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/package.json +0 -3
  22. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/package.json +0 -3
  23. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/main.js +17 -4
  24. package/framework/{v0.4.5 → v0.4.6}/core/server.isaac.js +2 -2
  25. package/framework/{v0.4.5 → v0.4.6}/core/server.js +273 -97
  26. package/framework/{v0.4.5 → v0.4.6}/helpers/data/package.json +0 -3
  27. package/framework/{v0.4.5 → v0.4.6}/helpers/data/src/main.js +58 -3
  28. package/framework/{v0.4.5 → v0.4.6}/helpers/json/package.json +0 -3
  29. package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/package.json +0 -3
  30. package/framework/{v0.4.5 → v0.4.6}/lib/archiver/package.json +0 -3
  31. package/framework/{v0.4.5 → v0.4.6}/lib/cache/package.json +0 -3
  32. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link.js +16 -5
  33. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/msg.json +1 -1
  34. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/restart.js +11 -3
  35. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/start.js +5 -1
  36. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/version.js +24 -3
  37. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/helper.js +28 -9
  38. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/add.js +29 -13
  39. package/framework/{v0.4.5 → v0.4.6}/lib/collection/package.json +0 -3
  40. package/framework/{v0.4.5 → v0.4.6}/lib/cron/package.json +0 -3
  41. package/framework/{v0.4.5 → v0.4.6}/lib/domain/package.json +0 -3
  42. package/framework/{v0.4.5 → v0.4.6}/lib/index.js +7 -0
  43. package/framework/{v0.4.5 → v0.4.6}/lib/inherits/package.json +0 -3
  44. package/framework/{v0.4.5 → v0.4.6}/lib/logger/package.json +0 -3
  45. package/framework/{v0.4.5 → v0.4.6}/lib/merge/package.json +0 -3
  46. package/framework/{v0.4.5 → v0.4.6}/lib/model.js +17 -0
  47. package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/src/main.js +37 -11
  48. package/framework/{v0.4.5 → v0.4.6}/lib/routing/package.json +0 -3
  49. package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/main.js +4 -4
  50. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/package.json +0 -3
  51. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/src/main.js +45 -6
  52. package/framework/v0.4.6/lib/template-loaders/package.json +17 -0
  53. package/framework/v0.4.6/lib/template-loaders/src/loaders/http.js +272 -0
  54. package/framework/v0.4.6/lib/template-loaders/src/loaders/memory.js +75 -0
  55. package/framework/v0.4.6/lib/template-loaders/src/main.js +134 -0
  56. package/framework/{v0.4.5 → v0.4.6}/package.json +2 -2
  57. package/gna.js +4 -4
  58. package/llms.txt +32 -44
  59. package/package.json +6 -3
  60. package/playwright.config.js +35 -0
  61. package/schema/settings.json +105 -0
  62. package/types/gna.d.ts +1 -1
  63. package/framework/v0.4.5/VERSION +0 -1
  64. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -1
  65. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  66. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  67. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -555
  68. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  69. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  70. /package/framework/{v0.4.5 → v0.4.6}/AUTHORS +0 -0
  71. /package/framework/{v0.4.5 → v0.4.6}/LICENSE +0 -0
  72. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/nolayout.html +0 -0
  73. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/static.html +0 -0
  74. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-192x192.png +0 -0
  75. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-512x512.png +0 -0
  76. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/apple-touch-icon.png +0 -0
  77. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-16x16.png +0 -0
  78. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-32x32.png +0 -0
  79. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon.ico +0 -0
  80. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/README.md +0 -0
  81. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
  82. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
  83. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
  84. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
  85. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
  86. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
  87. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
  88. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
  89. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
  90. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
  91. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
  92. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
  93. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
  94. /package/framework/{v0.4.5 → v0.4.6}/core/config.js +0 -0
  95. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/index.js +0 -0
  96. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/lib/connector.js +0 -0
  97. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/index.js +0 -0
  98. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.js +0 -0
  99. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v3.js +0 -0
  100. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v4.js +0 -0
  101. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/n1ql.js +0 -0
  102. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.js +0 -0
  103. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
  104. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
  105. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/index.js +0 -0
  106. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/connector.js +0 -0
  107. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
  108. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/session-store.js +0 -0
  109. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/index.js +0 -0
  110. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/lib/connector.js +0 -0
  111. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/index.js +0 -0
  112. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/lib/connector.js +0 -0
  113. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/index.js +0 -0
  114. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/lib/session-store.js +0 -0
  115. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/index.js +0 -0
  116. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/connector.js +0 -0
  117. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/session-store.js +0 -0
  118. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sql-parser.js +0 -0
  119. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/index.js +0 -0
  120. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/connector.js +0 -0
  121. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/session-store.js +0 -0
  122. /package/framework/{v0.4.5 → v0.4.6}/core/content.encoding +0 -0
  123. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.framework.js +0 -0
  124. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-json.js +0 -0
  125. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-nunjucks.js +0 -0
  126. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-stream.js +0 -0
  127. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-v1.js +0 -0
  128. /package/framework/{v0.4.5 → v0.4.6}/core/controller/index.js +0 -0
  129. /package/framework/{v0.4.5 → v0.4.6}/core/controller/inspector-window-emit.js +0 -0
  130. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/LICENSE +0 -0
  131. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/README.md +0 -0
  132. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/index.js +0 -0
  133. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
  134. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
  135. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
  136. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/package.json +0 -0
  137. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
  138. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
  139. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/package.json +0 -0
  140. /package/framework/{v0.4.5 → v0.4.6}/core/dev/index.js +0 -0
  141. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/class.js +0 -0
  142. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/factory.js +0 -0
  143. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/tools.js +0 -0
  144. /package/framework/{v0.4.5 → v0.4.6}/core/locales/README.md +0 -0
  145. /package/framework/{v0.4.5 → v0.4.6}/core/locales/currency.json +0 -0
  146. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/en.json +0 -0
  147. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/fr.json +0 -0
  148. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/en.json +0 -0
  149. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/fr.json +0 -0
  150. /package/framework/{v0.4.5 → v0.4.6}/core/locales/index.js +0 -0
  151. /package/framework/{v0.4.5 → v0.4.6}/core/mime.types +0 -0
  152. /package/framework/{v0.4.5 → v0.4.6}/core/model/entity.js +0 -0
  153. /package/framework/{v0.4.5 → v0.4.6}/core/model/index.js +0 -0
  154. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/entityFactory.js +0 -0
  155. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/index.js +0 -0
  156. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/README.md +0 -0
  157. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/index.js +0 -0
  158. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/README.md +0 -0
  159. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/package.json +0 -0
  160. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/src/main.js +0 -0
  161. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/README.md +0 -0
  162. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/README.md +0 -0
  163. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/package.json +0 -0
  164. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
  165. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/README.md +0 -0
  166. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/package.json +0 -0
  167. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
  168. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/README.md +0 -0
  169. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/package.json +0 -0
  170. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
  171. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/package.json +0 -0
  172. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
  173. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
  174. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
  175. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/README.md +0 -0
  176. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/package.json +0 -0
  177. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
  178. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
  179. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
  180. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
  181. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/package.json +0 -0
  182. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
  183. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
  184. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
  185. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/src/main.js +0 -0
  186. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
  187. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
  188. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
  189. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
  190. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
  191. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
  192. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
  193. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
  194. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
  195. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
  196. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
  197. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
  198. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
  199. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
  200. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
  201. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
  202. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
  203. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
  204. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/README.md +0 -0
  205. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/package.json +0 -0
  206. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/src/main.js +0 -0
  207. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/README.md +0 -0
  208. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/build.json +0 -0
  209. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/src/main.js +0 -0
  210. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/README.md +0 -0
  211. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/build.json +0 -0
  212. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/form-validator.js +0 -0
  213. /package/framework/{v0.4.5 → v0.4.6}/core/router.js +0 -0
  214. /package/framework/{v0.4.5 → v0.4.6}/core/server.express.js +0 -0
  215. /package/framework/{v0.4.5 → v0.4.6}/core/status.codes +0 -0
  216. /package/framework/{v0.4.5 → v0.4.6}/core/template/_gitignore +0 -0
  217. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/app.json +0 -0
  218. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/connectors.json +0 -0
  219. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/routing.json +0 -0
  220. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.json +0 -0
  221. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
  222. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/templates.json +0 -0
  223. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/watchers.json +0 -0
  224. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
  225. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
  226. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
  227. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/index.js +0 -0
  228. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/locales/en.json +0 -0
  229. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
  230. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/default.css +0 -0
  231. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/home.css +0 -0
  232. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
  233. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
  234. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
  235. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
  236. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/readme.md +0 -0
  237. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/sw.js +0 -0
  238. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
  239. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
  240. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
  241. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
  242. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
  243. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.bat.tpl +0 -0
  244. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.tpl +0 -0
  245. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/env.json +0 -0
  246. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/manifest.json +0 -0
  247. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/package.json +0 -0
  248. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/settings.json +0 -0
  249. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/statics.json +0 -0
  250. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/templates.json +0 -0
  251. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/401.json +0 -0
  252. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/403.json +0 -0
  253. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/404.json +0 -0
  254. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/html/50x.html +0 -0
  255. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/500.json +0 -0
  256. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/503.json +0 -0
  257. /package/framework/{v0.4.5 → v0.4.6}/core/template/extensions/logger/config.json +0 -0
  258. /package/framework/{v0.4.5 → v0.4.6}/helpers/console.js +0 -0
  259. /package/framework/{v0.4.5 → v0.4.6}/helpers/context.js +0 -0
  260. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/LICENSE +0 -0
  261. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/README.md +0 -0
  262. /package/framework/{v0.4.5 → v0.4.6}/helpers/dateFormat.js +0 -0
  263. /package/framework/{v0.4.5 → v0.4.6}/helpers/index.js +0 -0
  264. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/LICENSE +0 -0
  265. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/README.md +0 -0
  266. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/src/main.js +0 -0
  267. /package/framework/{v0.4.5 → v0.4.6}/helpers/path.js +0 -0
  268. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/README.md +0 -0
  269. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/api-error.js +0 -0
  270. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/main.js +0 -0
  271. /package/framework/{v0.4.5 → v0.4.6}/helpers/prototypes.js +0 -0
  272. /package/framework/{v0.4.5 → v0.4.6}/helpers/task.js +0 -0
  273. /package/framework/{v0.4.5 → v0.4.6}/helpers/text.js +0 -0
  274. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/README.md +0 -0
  275. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/build.json +0 -0
  276. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/dep/jszip.min.js +0 -0
  277. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/main.js +0 -0
  278. /package/framework/{v0.4.5 → v0.4.6}/lib/async/package.json +0 -0
  279. /package/framework/{v0.4.5 → v0.4.6}/lib/async/src/main.js +0 -0
  280. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/README.md +0 -0
  281. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/build.json +0 -0
  282. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/src/main.js +0 -0
  283. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/aliases.json +0 -0
  284. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/add.js +0 -0
  285. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/arguments.json +0 -0
  286. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/build.js +0 -0
  287. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/copy.js +0 -0
  288. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/cp.js +0 -0
  289. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.js +0 -0
  290. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.txt +0 -0
  291. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
  292. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/list.js +0 -0
  293. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp-start.js +0 -0
  294. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp.js +0 -0
  295. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/oas.js +0 -0
  296. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/openapi.js +0 -0
  297. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/remove.js +0 -0
  298. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rename.js +0 -0
  299. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/restart.js +0 -0
  300. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rm.js +0 -0
  301. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/start.js +0 -0
  302. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/status.js +0 -0
  303. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/stop.js +0 -0
  304. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/cache/stats.js +0 -0
  305. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/add.js +0 -0
  306. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/arguments.json +0 -0
  307. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.js +0 -0
  308. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.txt +0 -0
  309. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/list.js +0 -0
  310. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/migrate.js +0 -0
  311. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/remove.js +0 -0
  312. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/rm.js +0 -0
  313. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/add.js +0 -0
  314. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/get.js +0 -0
  315. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.js +0 -0
  316. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.txt +0 -0
  317. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/link-dev.js +0 -0
  318. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/list.js +0 -0
  319. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/remove.js +0 -0
  320. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/rm.js +0 -0
  321. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/set.js +0 -0
  322. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/unset.js +0 -0
  323. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/use.js +0 -0
  324. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/arguments.json +0 -0
  325. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/build.js +0 -0
  326. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/dot.js +0 -0
  327. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/get.js +0 -0
  328. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.js +0 -0
  329. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.txt +0 -0
  330. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/init.js +0 -0
  331. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link-node-modules.js +0 -0
  332. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/open.js +0 -0
  333. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/set.js +0 -0
  334. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/status.js +0 -0
  335. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/stop.js +0 -0
  336. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/tail.js +0 -0
  337. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/update.js +0 -0
  338. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-dev.1.md +0 -0
  339. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-framework.1.md +0 -0
  340. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina.1.md +0 -0
  341. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/add.js +0 -0
  342. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/arguments.json +0 -0
  343. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/export.js +0 -0
  344. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.js +0 -0
  345. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.txt +0 -0
  346. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/import.js +0 -0
  347. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/scan.js +0 -0
  348. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/index.js +0 -0
  349. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.js +0 -0
  350. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.txt +0 -0
  351. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/open.js +0 -0
  352. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/arguments.json +0 -0
  353. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.js +0 -0
  354. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.txt +0 -0
  355. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/kill.js +0 -0
  356. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/list.js +0 -0
  357. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/msg.json +0 -0
  358. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.js +0 -0
  359. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.txt +0 -0
  360. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/inc/scan.js +0 -0
  361. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/list.js +0 -0
  362. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/reset.js +0 -0
  363. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/set.js +0 -0
  364. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/arguments.json +0 -0
  365. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/build.js +0 -0
  366. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.js +0 -0
  367. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.txt +0 -0
  368. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/import.js +0 -0
  369. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/list.js +0 -0
  370. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/move.js +0 -0
  371. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/remove.js +0 -0
  372. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rename.js +0 -0
  373. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/restart.js +0 -0
  374. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rm.js +0 -0
  375. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/start.js +0 -0
  376. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/status.js +0 -0
  377. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/stop.js +0 -0
  378. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/arguments.json +0 -0
  379. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.js +0 -0
  380. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.txt +0 -0
  381. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/list.js +0 -0
  382. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/remove.js +0 -0
  383. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/set.js +0 -0
  384. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/add.js +0 -0
  385. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.js +0 -0
  386. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.txt +0 -0
  387. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-local.js +0 -0
  388. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-production.js +0 -0
  389. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/list.js +0 -0
  390. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/remove.js +0 -0
  391. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/rm.js +0 -0
  392. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/use.js +0 -0
  393. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/arguments.json +0 -0
  394. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/check.js +0 -0
  395. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.js +0 -0
  396. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.txt +0 -0
  397. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/scan.js +0 -0
  398. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.js +0 -0
  399. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.txt +0 -0
  400. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/list.js +0 -0
  401. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/start.js +0 -0
  402. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/view/add.js +0 -0
  403. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/package.json +0 -0
  404. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/src/main.js +0 -0
  405. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/README.md +0 -0
  406. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/build.json +0 -0
  407. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/src/main.js +0 -0
  408. /package/framework/{v0.4.5 → v0.4.6}/lib/config.js +0 -0
  409. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/package.json +0 -0
  410. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/src/main.js +0 -0
  411. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/README.md +0 -0
  412. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/src/main.js +0 -0
  413. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/LICENSE +0 -0
  414. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/README.md +0 -0
  415. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/src/main.js +0 -0
  416. /package/framework/{v0.4.5 → v0.4.6}/lib/generator/index.js +0 -0
  417. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/package.json +0 -0
  418. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/src/main.js +0 -0
  419. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/LICENSE +0 -0
  420. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/README.md +0 -0
  421. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/src/main.js +0 -0
  422. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/package.json +0 -0
  423. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/src/main.js +0 -0
  424. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/package.json +0 -0
  425. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/src/main.js +0 -0
  426. /package/framework/{v0.4.5 → v0.4.6}/lib/job/package.json +0 -0
  427. /package/framework/{v0.4.5 → v0.4.6}/lib/job/src/main.js +0 -0
  428. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/README.md +0 -0
  429. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/default/index.js +0 -0
  430. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/index.js +0 -0
  431. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
  432. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
  433. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/index.js +0 -0
  434. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/listener.js +0 -0
  435. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/speaker.js +0 -0
  436. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/helper.js +0 -0
  437. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/main.js +0 -0
  438. /package/framework/{v0.4.5 → v0.4.6}/lib/math/index.js +0 -0
  439. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/package.json +0 -0
  440. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/src/main.js +0 -0
  441. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/package.json +0 -0
  442. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/src/main.js +0 -0
  443. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/package.json +0 -0
  444. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/src/main.js +0 -0
  445. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/README.md +0 -0
  446. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/src/main.js +0 -0
  447. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/package.json +0 -0
  448. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/src/main.js +0 -0
  449. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/README.md +0 -0
  450. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/package.json +0 -0
  451. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/package.json +0 -0
  452. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/src/main.js +0 -0
  453. /package/framework/{v0.4.5 → v0.4.6}/lib/proc.js +0 -0
  454. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/README.md +0 -0
  455. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/build.json +0 -0
  456. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/radix.js +0 -0
  457. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/package.json +0 -0
  458. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/src/main.js +0 -0
  459. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/package.json +0 -0
  460. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/backends/env.js +0 -0
  461. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/main.js +0 -0
  462. /package/framework/{v0.4.5 → v0.4.6}/lib/session-store.js +0 -0
  463. /package/framework/{v0.4.5 → v0.4.6}/lib/shell.js +0 -0
  464. /package/framework/{v0.4.5 → v0.4.6}/lib/state.js +0 -0
  465. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/README.md +0 -0
  466. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/package.json +0 -0
  467. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/src/main.js +0 -0
  468. /package/framework/{v0.4.5 → v0.4.6}/lib/url/README.md +0 -0
  469. /package/framework/{v0.4.5 → v0.4.6}/lib/url/index.js +0 -0
  470. /package/framework/{v0.4.5 → v0.4.6}/lib/url/routing.json +0 -0
  471. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/package.json +0 -0
  472. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/src/main.js +0 -0
  473. /package/framework/{v0.4.5 → v0.4.6}/lib/validator.js +0 -0
  474. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/package.json +0 -0
  475. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/src/main.js +0 -0
@@ -210,7 +210,9 @@ module.exports = async function render(userData, displayInspector, errOptions, d
210
210
  // Using server cache to cache compiledTemplates
211
211
  cache.from(self.serverInstance._cached);
212
212
 
213
- cachePath = self.serverInstance._cachePath;
213
+ // #TPL2 — cachePath (the layout-cache root) is derived IN-ROOT below, once
214
+ // localOptions is resolved; see the assignment before the layout-cache prime.
215
+ // Was: self.serverInstance._cachePath (a sibling, out-of-root tree).
214
216
 
215
217
  var err = null;
216
218
  // localOptions must be resolved before the isRenderingCustomError check below
@@ -408,6 +410,16 @@ module.exports = async function render(userData, displayInspector, errOptions, d
408
410
  var subFolder = path.split(/\//g).slice(0, -1).join('/').replace(localOptions.template.html, '') || '';
409
411
  var hasSubFolder = (subFolder && subFolder != '') ? true : false;
410
412
 
413
+ // #TPL2 — the processed-layout cache lives IN-ROOT, under the bundle templates
414
+ // root, so the {% extends %} rewrite below resolves inside the swig loader's
415
+ // basepath and swig-core's confinement (CVE-2023-25345) accepts it without an
416
+ // allowOutsideRoot opt-out. The leading-dot dir rides gina's existing
417
+ // dotfile-skip convention (the public/errors/forms scans in config.js), so the
418
+ // cache is never served as a static asset nor enumerated by template discovery.
419
+ // localOptions (not local.options) so the custom-error render path caches under
420
+ // its own template root.
421
+ cachePath = localOptions.template.html + '/.gina-layout-cache';
422
+
411
423
  if (
412
424
  !isWithoutLayout
413
425
  && !isRenderingCustomError
@@ -458,6 +470,16 @@ module.exports = async function render(userData, displayInspector, errOptions, d
458
470
  newLayoutDirObj.mkdirSync()
459
471
  }
460
472
  newLayoutDirObj = null;
473
+ // #TPL2 — keep the in-root layout cache out of a bundle's git:
474
+ // drop a self-ignoring .gitignore ('*') at the cache root so the
475
+ // .gina-layout-cache tree never surfaces as untracked in a
476
+ // consumer repo (the old out-of-root cache lived under the
477
+ // project `cache/` dir consumers already ignore). Written once,
478
+ // existsSync-guarded; best-effort.
479
+ var _cacheIgnore = cachePath + '/.gitignore';
480
+ if ( !fs.existsSync(_cacheIgnore) ) {
481
+ try { fs.writeFileSync(_cacheIgnore, '*\n'); } catch (_giErr) { /* best effort */ }
482
+ }
461
483
  // [CVE-2023-25345] The layoutPath is extracted from the raw {% extends "..." %}
462
484
  // directive in the template file. Without a boundary check, a template containing
463
485
  // {% extends "../../../etc/passwd" %} would cause readFileSync to read arbitrary
@@ -973,7 +995,7 @@ module.exports = async function render(userData, displayInspector, errOptions, d
973
995
  + 'if(u&&u.environment&&u.environment.metrics){u.environment.metrics.weightBytes=' + _cacheWeightBytes + ';u.environment.metrics.serverMs=' + _cacheServerMsFinal + ';}'
974
996
  + 'if(g&&g.environment&&g.environment.metrics){g.environment.metrics.weightBytes=' + _cacheWeightBytes + ';g.environment.metrics.serverMs=' + _cacheServerMsFinal + ';}'
975
997
  + '}(window.__ginaData));</script>';
976
- htmlContent = htmlContent.replace(/<\/body>/i, _cachePatchScript + '</body>');
998
+ htmlContent = htmlContent.replace(/<\/body>/i, function () { return _cachePatchScript + '</body>'; });
977
999
  }
978
1000
  }
979
1001
 
@@ -1299,11 +1321,28 @@ module.exports = async function render(userData, displayInspector, errOptions, d
1299
1321
  + '};});'
1300
1322
  + '}(window));</script>\n';
1301
1323
 
1324
+ // #TPL2 — inline the statusbar template body instead of {% include %}-ing
1325
+ // it from the framework core dir. That include target is OUTSIDE the
1326
+ // bundle templates root, which the swig loader now confines
1327
+ // (CVE-2023-25345, allowOutsideRoot=false). statusbar.html is a leaf
1328
+ // (only {% if page.cspNonce %} + {{ }} tags, no nested include/extends),
1329
+ // so its body compiles identically when spliced into the layout in place
1330
+ // of the include. Read per-render so dev edits hot-reload; this block is
1331
+ // dev/debug-gated above, so there is no production read.
1332
+ var _statusbarTpl = '';
1333
+ try {
1334
+ _statusbarTpl = await fs.promises.readFile(
1335
+ getPath('gina').core + '/asset/plugin/dist/vendor/gina/html/statusbar.html', 'utf8'
1336
+ );
1337
+ } catch (_sbErr) {
1338
+ console.warn('[render] Inspector statusbar template unavailable: ' + (_sbErr.message || _sbErr));
1339
+ }
1340
+
1302
1341
  plugin = '\t'
1303
1342
  + '{# Gina Inspector #}'
1304
1343
  + __logsScript
1305
1344
  + __gdScript
1306
- + '{%- include "'+ getPath('gina').core +'/asset/plugin/dist/vendor/gina/html/statusbar.html" -%}'// jshint ignore:line
1345
+ + _statusbarTpl
1307
1346
  + '{# END Gina Inspector #}'
1308
1347
  ;
1309
1348
 
@@ -1334,7 +1373,15 @@ module.exports = async function render(userData, displayInspector, errOptions, d
1334
1373
  localOptions.debugMode
1335
1374
  && !/\{\# Gina Inspector \#\}/.test(layout)
1336
1375
  ) {
1337
- layout = layout.replace(/<\/body>/i, plugin + '\n\t</body>');
1376
+ // $-safe splice. With a STRING replacement, String.prototype.replace expands
1377
+ // dollar patterns: $` is the text BEFORE the match, $' the text AFTER it
1378
+ // (also $&, $n). The inlined #TPL2 statusbar body literally contains both
1379
+ // (a `$` followed by a backtick in a comment, and `$'` in a regex literal),
1380
+ // so the old string form spliced the whole pre/post-</body> document INTO
1381
+ // the statusbar <script> — a SyntaxError that killed the dev Inspector
1382
+ // statusbar + launch link on any content-heavy page. A function replacer
1383
+ // returns the text verbatim, with no dollar-pattern expansion.
1384
+ layout = layout.replace(/<\/body>/i, function () { return plugin + '\n\t</body>'; });
1338
1385
  }
1339
1386
 
1340
1387
  // adding javascripts
@@ -1704,7 +1751,7 @@ module.exports = async function render(userData, displayInspector, errOptions, d
1704
1751
  + 'if(u&&u.environment&&u.environment.metrics){u.environment.metrics.weightBytes=' + _weightBytesFinal + ';u.environment.metrics.serverMs=' + _serverMsFinal + ';}'
1705
1752
  + 'if(g&&g.environment&&g.environment.metrics){g.environment.metrics.weightBytes=' + _weightBytesFinal + ';g.environment.metrics.serverMs=' + _serverMsFinal + ';}'
1706
1753
  + '}(window.__ginaData));</script>';
1707
- htmlContent = htmlContent.replace(/<\/body>/i, _patchScript + '</body>');
1754
+ htmlContent = htmlContent.replace(/<\/body>/i, function () { return _patchScript + '</body>'; });
1708
1755
  }
1709
1756
  }
1710
1757
 
@@ -2001,6 +2001,30 @@ gna.run = run;
2001
2001
  */
2002
2002
  gna.encodeRFC5987ValueChars = encodeRFC5987ValueChars;
2003
2003
 
2004
+ /**
2005
+ * Percent-decode a string, returning it unchanged on a malformed `%` escape
2006
+ * (`decodeURIComponent` would throw `URIError`). Crash-safe decode for the
2007
+ * server request path — see {@link safeDecodeURIComponent} in helpers/data (#B30).
2008
+ *
2009
+ * @param {string} str - Value to decode
2010
+ * @returns {string} Decoded value, or the original string on URIError
2011
+ * @example
2012
+ * safeDecodeURIComponent('100%'); // "100%" (decodeURIComponent would throw)
2013
+ */
2014
+ gna.safeDecodeURIComponent = safeDecodeURIComponent;
2015
+
2016
+ /**
2017
+ * Whole-URI variant of {@link safeDecodeURIComponent} — wraps `decodeURI`
2018
+ * (leaves `/ ? #` intact) and returns the input unchanged on a malformed `%`
2019
+ * escape, so the routing / error paths cannot crash on a bad URL (#B30).
2020
+ *
2021
+ * @param {string} str - Value to decode
2022
+ * @returns {string} Decoded value, or the original string on URIError
2023
+ * @example
2024
+ * safeDecodeURI('/a%E0%A'); // "/a%E0%A" (decodeURI would throw)
2025
+ */
2026
+ gna.safeDecodeURI = safeDecodeURI;
2027
+
2004
2028
  /**
2005
2029
  * Parse a form/body string (`application/x-www-form-urlencoded` or JSON) into
2006
2030
  * a nested object. Recognises PHP-style `foo[bar][0]` keys.
@@ -154,6 +154,40 @@ require('gina').plugins.Csp({
154
154
  });
155
155
  ```
156
156
 
157
+ ### Report-only-inert directives are omitted automatically
158
+
159
+ The `sandbox` directive has **no effect** in a `Content-Security-Policy-Report-Only`
160
+ header — it applies a document-level restriction rather than a load decision, so
161
+ every engine ignores it there (the CSP Level 2 spec says it outright: *"The
162
+ sandbox directive will be ignored when monitoring a policy"*) and logs
163
+ *"Ignoring sandbox directive when delivered in a report-only policy"*. When `reportOnly: true`, the plugin therefore **omits**
164
+ `sandbox` from the emitted header and logs one line at startup naming what was
165
+ dropped. The omission is functionally identical (the directive does nothing in
166
+ report-only) and keeps the browser console clean. `sandbox` remains in your
167
+ configured `directives`, so an enforcing factory (`reportOnly: false`) built from
168
+ the same config still emits it — you can keep **one directive set across both
169
+ modes** without remove-then-re-add churn.
170
+
171
+ `frame-ancestors` is **not** omitted — its report-only behaviour is
172
+ **engine-divergent**: the CSP3 spec, Firefox (Gecko) and Chrome (Blink) evaluate
173
+ it and send violation reports without enforcing, while Safari (WebKit) ignores
174
+ it, logs *"The Content Security Policy directive 'frame-ancestors' is ignored
175
+ when delivered in a report-only policy"* and sends no report (WebKit retains the
176
+ CSP Level 2 rule — *"The frame-ancestors directive MUST be ignored when
177
+ monitoring a policy"* — which CSP Level 3 dropped; CSP3 only restricts `<meta>`
178
+ delivery, which a report-only policy never uses). The plugin keeps it so the
179
+ observation phase still reports on Chrome and Firefox. If you serve a
180
+ WebKit-heavy audience and want a clean Safari console, leave `frame-ancestors`
181
+ out of your report-only directive set — clickjacking protection stays enforced
182
+ by `X-Frame-Options` and/or an enforcing-mode `frame-ancestors`. (Chrome caveat:
183
+ frame-ancestors violation reports are delivered via `report-uri`; known Chromium
184
+ bugs leave them undelivered via `report-to`.) A report-only policy whose every
185
+ directive is report-only-inert (e.g. only `sandbox`) **throws at factory call
186
+ time**, since it would report nothing.
187
+
188
+ The omitted set is intentionally conservative — `sandbox` is the only directive
189
+ confirmed ignored in report-only across all engines.
190
+
157
191
  ## Per-response CSP nonce (`useNonce`)
158
192
 
159
193
  Set `useNonce: true` to drop `'unsafe-inline'` from `script-src` without
@@ -217,6 +251,7 @@ console at runtime. Gina favours fail-fast.
217
251
  | Source-list directive array contains a non-string entry | Factory throws with index in message |
218
252
  | All directives resolve to `false` (omitted) | Factory throws — empty CSP is invalid |
219
253
  | `reportOnly` is non-boolean | Factory throws |
254
+ | `reportOnly:true` with only report-only-inert directives | Factory throws — a report-only policy would report nothing |
220
255
  | Plugin not registered | Header not emitted; browser applies no CSP |
221
256
  | Header already set by an earlier middleware | Existing value preserved (idempotent) |
222
257
  | Response already sent (`res.headersSent === true`) | Node's `setHeader` no-ops; request resumes |
@@ -78,6 +78,24 @@
78
78
  * useful for non-enforcing migration testing. The browser reports
79
79
  * violations but does not block any resources.
80
80
  *
81
+ * In report-only mode the plugin also OMITS directives that browsers ignore
82
+ * there (`REPORT_ONLY_IGNORED_DIRECTIVES` — currently just `sandbox`, which
83
+ * every engine ignores in report-only: it applies a restriction but produces
84
+ * no violation report and triggers a browser console warning). The omission
85
+ * is functionally identical (the directive does nothing in report-only) and
86
+ * silences that console warning; a one-time factory-time `console.warn`
87
+ * names what was dropped. The omitted directives remain in the configured
88
+ * set, so an enforcing factory built from the same config still emits them.
89
+ * `frame-ancestors` is NOT omitted — its report-only behaviour is
90
+ * engine-divergent: the CSP3 spec, Gecko and Blink evaluate it and send
91
+ * violation reports (without enforcing), while WebKit alone ignores it with
92
+ * a console warning and no report (it retains CSP2's rule that the directive
93
+ * MUST be ignored when monitoring, which CSP3 dropped). Keeping it preserves
94
+ * the observation-phase signal on Chrome + Firefox; WebKit-heavy consumers
95
+ * can leave it out of their own report-only directive set. A report-only
96
+ * policy whose every directive is inert (e.g. only `sandbox`) throws at
97
+ * factory call time.
98
+ *
81
99
  * Opens Phase 2 of the gina security-headers track (Phase 1 = HDR1-4 +
82
100
  * HDR7 shipped in 0.3.15-alpha). Single-header plugin shape — composes
83
101
  * cleanly under the future `SecurityHeaders` combined wrapper (#HDR15).
@@ -162,6 +180,52 @@ var HYBRID_DIRECTIVES = [
162
180
  'sandbox'
163
181
  ];
164
182
 
183
+ /**
184
+ * Directives that browsers IGNORE when delivered in a
185
+ * `Content-Security-Policy-Report-Only` header. A report-only policy monitors
186
+ * and reports violations but enforces nothing; `sandbox` applies a
187
+ * document-level restriction that produces no reportable violation, so the
188
+ * browser drops it in report-only mode AND emits a console warning
189
+ * ("Ignoring sandbox directive when delivered in a report-only policy"). It
190
+ * therefore contributes browser-console noise and zero monitoring value, so
191
+ * the plugin omits it from a report-only header (see the `reportOnly` notes in
192
+ * the module docstring above).
193
+ *
194
+ * Deliberately conservative — `sandbox` is the only directive confirmed
195
+ * ignored in report-only across ALL engines: CSP2 spec text ("The sandbox
196
+ * directive will be ignored when monitoring a policy"), MDN's Report-Only
197
+ * page ("supports all Content-Security-Policy directives except sandbox,
198
+ * which is ignored"), Chromium's SupportedInReportOnly() (false for
199
+ * Sandbox), and WebKit's console warning. Intentionally NOT included:
200
+ * - `frame-ancestors` — report-only behaviour is ENGINE-DIVERGENT. The CSP3
201
+ * spec, Gecko and Blink evaluate it and send violation reports without
202
+ * enforcing (Chromium's SupportedInReportOnly() is true for
203
+ * FrameAncestors; the WPT report-only frame-ancestors test asserts the
204
+ * report). WebKit alone ignores it, logs "The Content Security Policy
205
+ * directive 'frame-ancestors' is ignored when delivered in a report-only
206
+ * policy." and sends no report — it retains CSP2's "MUST be ignored when
207
+ * monitoring a policy", which CSP3 dropped (CSP3 restricts only `<meta>`
208
+ * delivery, which a report-only policy cannot use anyway). Omitting it
209
+ * would discard the observation-phase signal on Chrome + Firefox;
210
+ * consumers serving WebKit-heavy audiences that want a clean Safari
211
+ * console can omit it from their own report-only directive set
212
+ * (clickjacking stays enforced by X-Frame-Options and/or an enforcing
213
+ * frame-ancestors regardless).
214
+ * - `upgrade-insecure-requests` / `block-all-mixed-content` — not confirmed
215
+ * inert across engines: Chromium ignores-and-warns
216
+ * `upgrade-insecure-requests` in report-only but supports
217
+ * `block-all-mixed-content` there, and Gecko/WebKit behaviour is
218
+ * unverified; excluded under uncertainty (omitting a directive that may
219
+ * still act/report would lose behaviour or signal). Expanding this list
220
+ * requires an empirical per-engine check first.
221
+ *
222
+ * @constant
223
+ * @type {string[]}
224
+ */
225
+ var REPORT_ONLY_IGNORED_DIRECTIVES = [
226
+ 'sandbox'
227
+ ];
228
+
165
229
 
166
230
  /**
167
231
  * Read the active bundle's `settings.json > csp.*` block and return the
@@ -416,6 +480,32 @@ function buildHeaderValue(normalised, nonce, nonceTarget) {
416
480
  }
417
481
 
418
482
 
483
+ /**
484
+ * Return a shallow copy of the normalised directive dict with the
485
+ * report-only-inert directives (`REPORT_ONLY_IGNORED_DIRECTIVES`) removed.
486
+ * Used only when `reportOnly` is true. Pure — never mutates the input, so the
487
+ * full configured set survives for an enforcing factory built from the same
488
+ * directives.
489
+ *
490
+ * @param {object} normalised — validated directive dict from resolveDirectives.
491
+ * @returns {object} a new dict without the report-only-ignored directives.
492
+ * @inner
493
+ * @private
494
+ */
495
+ function stripReportOnlyIgnored(normalised) {
496
+ var out = {};
497
+ var keys = Object.keys(normalised);
498
+ for (var i = 0; i < keys.length; i++) {
499
+ var name = keys[i];
500
+ if (REPORT_ONLY_IGNORED_DIRECTIVES.indexOf(name) !== -1) {
501
+ continue;
502
+ }
503
+ out[name] = normalised[name];
504
+ }
505
+ return out;
506
+ }
507
+
508
+
419
509
  /**
420
510
  * Coerce `useNonce` to a strict boolean. Defaults to `false` (static header,
421
511
  * no per-request nonce). `true` opts into per-response nonce generation.
@@ -538,10 +628,52 @@ function Csp(opts) {
538
628
  var reportOnly = resolveReportOnly(merged.reportOnly);
539
629
  var useNonce = resolveUseNonce(merged.useNonce);
540
630
 
631
+ // Report-only mode: drop directives browsers ignore in a report-only
632
+ // header (REPORT_ONLY_IGNORED_DIRECTIVES — currently `sandbox`). They apply
633
+ // no restriction and emit no violation report there, so omitting them is
634
+ // functionally identical while silencing the browser console warning. They
635
+ // survive in `directives`, so an enforcing factory built from the same
636
+ // config still emits them.
637
+ var emitDirectives = directives;
638
+ if (reportOnly) {
639
+ emitDirectives = stripReportOnlyIgnored(directives);
640
+ var dropped = Object.keys(directives).filter(function (d) {
641
+ return !Object.prototype.hasOwnProperty.call(emitDirectives, d);
642
+ });
643
+ if (Object.keys(emitDirectives).length === 0) {
644
+ // Mirrors the all-omitted throw in resolveDirectives: an empty CSP
645
+ // is invalid, and a report-only policy made entirely of inert
646
+ // directives reports nothing — surface it at factory (boot) time.
647
+ throw new Error(
648
+ '[gina.plugins.Csp] reportOnly:true but every configured directive is '
649
+ + 'ignored by browsers in report-only mode (' + dropped.join(', ') + '). '
650
+ + 'A report-only policy needs at least one directive that produces '
651
+ + 'violation reports (e.g. script-src / default-src / frame-ancestors). '
652
+ + 'sandbox applies a restriction but reports nothing, so it is dropped '
653
+ + 'in report-only mode.'
654
+ );
655
+ }
656
+ if (dropped.length > 0) {
657
+ // Transparency: the emitted header diverges from the configured
658
+ // directives. One line at factory (boot) time — per call, no
659
+ // module-level latch — so the operator knows why a configured
660
+ // directive is absent from the wire.
661
+ console.warn(
662
+ '[gina.plugins.Csp] reportOnly:true — omitting directive(s) ignored by '
663
+ + 'browsers in report-only mode: ' + dropped.join(', ') + '. They apply no '
664
+ + 'restriction and emit a browser console warning in report-only mode; they '
665
+ + 'are included automatically when reportOnly is false.'
666
+ );
667
+ }
668
+ }
669
+
541
670
  var headerName = reportOnly ? HEADER_NAME_REPORT_ONLY : HEADER_NAME;
542
671
  // Static value — reused on every response when useNonce is off.
543
- var headerValue = buildHeaderValue(directives);
672
+ var headerValue = buildHeaderValue(emitDirectives);
544
673
  // Fail-fast at factory time: a nonce needs a script-governing directive.
674
+ // Resolved from `directives` (not emitDirectives) — the nonce target is
675
+ // always script-src/default-src, which are never report-only-stripped, so
676
+ // the two sets agree; the middleware still serialises emitDirectives.
545
677
  var nonceTarget = useNonce ? resolveNonceTarget(directives) : null;
546
678
 
547
679
  return function ginaCsp(req, res, next) {
@@ -553,7 +685,7 @@ function Csp(opts) {
553
685
  // render delegates can mirror it onto framework inline <script>s.
554
686
  var nonce = crypto.randomBytes(NONCE_BYTES).toString('base64');
555
687
  if (req) { req._ginaCspNonce = nonce; }
556
- res.setHeader(headerName, buildHeaderValue(directives, nonce, nonceTarget));
688
+ res.setHeader(headerName, buildHeaderValue(emitDirectives, nonce, nonceTarget));
557
689
  } else {
558
690
  res.setHeader(headerName, headerValue);
559
691
  }
@@ -578,5 +710,7 @@ Csp._resolveReportOnly = resolveReportOnly;
578
710
  Csp._resolveUseNonce = resolveUseNonce;
579
711
  Csp._resolveNonceTarget = resolveNonceTarget;
580
712
  Csp._buildHeaderValue = buildHeaderValue;
713
+ Csp._REPORT_ONLY_IGNORED_DIRECTIVES = REPORT_ONLY_IGNORED_DIRECTIVES;
714
+ Csp._stripReportOnlyIgnored = stripReportOnlyIgnored;
581
715
 
582
716
  module.exports = Csp;
@@ -13,9 +13,6 @@
13
13
  "node": ">=0.10.22"
14
14
  },
15
15
  "main": "src/main",
16
- "scripts": {
17
- "test": "nodeunit test"
18
- },
19
16
  "license": "MIT",
20
17
  "readmeFilename": "README.md"
21
18
  }
@@ -17,9 +17,6 @@
17
17
  "node": ">=0.10.22"
18
18
  },
19
19
  "main": "src/main",
20
- "scripts": {
21
- "test": "nodeunit test"
22
- },
23
20
  "license": "MIT",
24
21
  "readmeFilename": "README.md"
25
22
  }
@@ -1969,8 +1969,18 @@ function ValidatorPlugin(rules, data, formId) {
1969
1969
  }
1970
1970
  //console.debug('sending -> ', data);
1971
1971
  if (!hasBinaries) {
1972
- if (typeof (enctype) != 'undefined' && enctype != null && enctype != '') {
1973
- xhr.setRequestHeader('Content-Type', enctype);
1972
+ // #FORMCT the non-binary body is JSON (JSON.stringify'd above). Honor an
1973
+ // EXPLICIT form `enctype` if set; otherwise send application/json — NOT the
1974
+ // urlencoded default — or the server url-decodes the JSON body ('+' -> space,
1975
+ // decodeURIComponent) and corrupts values such as email "+aliases".
1976
+ var explicitEnctype = $target.getAttribute('enctype');
1977
+ var sendContentType = (explicitEnctype && explicitEnctype != '')
1978
+ ? explicitEnctype
1979
+ : ( (typeof(data) == 'string' && /^[\[{]/.test(data.trim()))
1980
+ ? 'application/json; charset=UTF-8'
1981
+ : enctype );
1982
+ if (typeof (sendContentType) != 'undefined' && sendContentType != null && sendContentType != '') {
1983
+ xhr.setRequestHeader('Content-Type', sendContentType);
1974
1984
  }
1975
1985
  xhr.send(data)
1976
1986
  }
@@ -2346,8 +2356,11 @@ function ValidatorPlugin(rules, data, formId) {
2346
2356
  method: method,
2347
2357
  isSynchrone: isSynchrone,
2348
2358
  headers : {
2349
- // to upload, use `multipart/form-data` for `enctype`
2350
- 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
2359
+ // #FORMCT the body sent below is JSON (JSON.stringify({ files })).
2360
+ // Send application/json — NOT the urlencoded default — or the server
2361
+ // url-decodes the JSON body ('+' -> space, decodeURIComponent) and
2362
+ // corrupts '+'/'%' in removed-file keys.
2363
+ 'Content-Type': 'application/json; charset=UTF-8',
2351
2364
  // cross domain is enabled by default, but you need to setup `Access-Control-Allow-Origin`
2352
2365
  'X-Requested-With': 'XMLHttpRequest' // in case of cross domain origin
2353
2366
  }
@@ -1615,7 +1615,7 @@ function ServerEngineClass(options) {
1615
1615
  else if (a[1] && (a[1].indexOf('+') > -1 || a[1].indexOf('%') > -1)) {
1616
1616
  // #B17: '+' → space per WHATWG URL form-urlencoded parser; must run before decodeURIComponent (which does NOT decode '+').
1617
1617
  if (a[1].indexOf('+') > -1) a[1] = a[1].replace(/\+/g, ' ');
1618
- if (a[1].indexOf('%') > -1) a[1] = decodeURIComponent(a[1]);
1618
+ if (a[1].indexOf('%') > -1) a[1] = safeDecodeURIComponent(a[1]); // #B30: malformed-%-safe (raw fallback) — an unguarded decodeURIComponent here crashes the bundle
1619
1619
  }
1620
1620
 
1621
1621
  if (a[1] && typeof a[1] === 'string' && (a[1].charAt(0) === '{' || a[1].charAt(0) === '[') ) {
@@ -1639,7 +1639,7 @@ function ServerEngineClass(options) {
1639
1639
  else if (a[1] && (a[1].indexOf('+') > -1 || a[1].indexOf('%') > -1)) {
1640
1640
  // #B17: '+' → space per WHATWG URL form-urlencoded parser; must run before decodeURIComponent (which does NOT decode '+').
1641
1641
  if (a[1].indexOf('+') > -1) a[1] = a[1].replace(/\+/g, ' ');
1642
- if (a[1].indexOf('%') > -1) a[1] = decodeURIComponent(a[1]);
1642
+ if (a[1].indexOf('%') > -1) a[1] = safeDecodeURIComponent(a[1]); // #B30: malformed-%-safe (raw fallback) — an unguarded decodeURIComponent here crashes the bundle
1643
1643
  }
1644
1644
 
1645
1645
  request.query[ a[0] ] = a[1]