pi-cursor-sdk 0.1.49 → 0.1.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (278) hide show
  1. package/CHANGELOG.md +36 -1
  2. package/README.md +2 -2
  3. package/docs/cursor-live-smoke-checklist.md +4 -4
  4. package/docs/cursor-model-ux-spec.md +5 -5
  5. package/docs/cursor-native-tool-replay.md +2 -2
  6. package/docs/cursor-native-tool-visual-audit.md +1 -1
  7. package/docs/cursor-testing-lessons.md +1 -1
  8. package/package.json +6 -15
  9. package/src/cursor-fallback-models.generated.ts +536 -302
  10. package/src/cursor-provider-errors.ts +29 -0
  11. package/src/cursor-provider-overflow.ts +96 -0
  12. package/src/cursor-tool-manifest.ts +1 -1
  13. package/src/index.ts +4 -1
  14. package/node_modules/@connectrpc/connect-node/README.md +0 -141
  15. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.d.ts +0 -15
  16. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.js +0 -89
  17. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.d.ts +0 -42
  18. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.js +0 -61
  19. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.d.ts +0 -100
  20. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.js +0 -25
  21. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.d.ts +0 -96
  22. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.js +0 -25
  23. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.d.ts +0 -96
  24. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.js +0 -25
  25. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.d.ts +0 -146
  26. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.js +0 -536
  27. package/node_modules/@connectrpc/connect-node/dist/cjs/index.d.ts +0 -15
  28. package/node_modules/@connectrpc/connect-node/dist/cjs/index.js +0 -36
  29. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.d.ts +0 -45
  30. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.js +0 -154
  31. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.d.ts +0 -1
  32. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.js +0 -29
  33. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.d.ts +0 -89
  34. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.js +0 -58
  35. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.d.ts +0 -54
  36. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.js +0 -326
  37. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.d.ts +0 -41
  38. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.js +0 -234
  39. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.d.ts +0 -19
  40. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.js +0 -97
  41. package/node_modules/@connectrpc/connect-node/dist/cjs/package.json +0 -1
  42. package/node_modules/@connectrpc/connect-node/dist/esm/compression.d.ts +0 -15
  43. package/node_modules/@connectrpc/connect-node/dist/esm/compression.js +0 -86
  44. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.d.ts +0 -42
  45. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.js +0 -58
  46. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.d.ts +0 -100
  47. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.js +0 -22
  48. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.d.ts +0 -96
  49. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.js +0 -22
  50. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.d.ts +0 -96
  51. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.js +0 -22
  52. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.d.ts +0 -146
  53. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.js +0 -532
  54. package/node_modules/@connectrpc/connect-node/dist/esm/index.d.ts +0 -15
  55. package/node_modules/@connectrpc/connect-node/dist/esm/index.js +0 -23
  56. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.d.ts +0 -45
  57. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.js +0 -147
  58. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.d.ts +0 -1
  59. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.js +0 -27
  60. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.d.ts +0 -89
  61. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.js +0 -58
  62. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.d.ts +0 -54
  63. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.js +0 -324
  64. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.d.ts +0 -41
  65. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.js +0 -230
  66. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.d.ts +0 -19
  67. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.js +0 -93
  68. package/node_modules/@connectrpc/connect-node/package.json +0 -46
  69. package/node_modules/undici/LICENSE +0 -21
  70. package/node_modules/undici/README.md +0 -741
  71. package/node_modules/undici/docs/docs/api/Agent.md +0 -84
  72. package/node_modules/undici/docs/docs/api/BalancedPool.md +0 -99
  73. package/node_modules/undici/docs/docs/api/CacheStorage.md +0 -30
  74. package/node_modules/undici/docs/docs/api/CacheStore.md +0 -164
  75. package/node_modules/undici/docs/docs/api/Client.md +0 -288
  76. package/node_modules/undici/docs/docs/api/ClientStats.md +0 -27
  77. package/node_modules/undici/docs/docs/api/Connector.md +0 -115
  78. package/node_modules/undici/docs/docs/api/ContentType.md +0 -57
  79. package/node_modules/undici/docs/docs/api/Cookies.md +0 -128
  80. package/node_modules/undici/docs/docs/api/Debug.md +0 -62
  81. package/node_modules/undici/docs/docs/api/DiagnosticsChannel.md +0 -315
  82. package/node_modules/undici/docs/docs/api/Dispatcher.md +0 -1392
  83. package/node_modules/undici/docs/docs/api/EnvHttpProxyAgent.md +0 -159
  84. package/node_modules/undici/docs/docs/api/Errors.md +0 -49
  85. package/node_modules/undici/docs/docs/api/EventSource.md +0 -45
  86. package/node_modules/undici/docs/docs/api/Fetch.md +0 -60
  87. package/node_modules/undici/docs/docs/api/GlobalInstallation.md +0 -139
  88. package/node_modules/undici/docs/docs/api/H2CClient.md +0 -263
  89. package/node_modules/undici/docs/docs/api/MockAgent.md +0 -603
  90. package/node_modules/undici/docs/docs/api/MockCallHistory.md +0 -197
  91. package/node_modules/undici/docs/docs/api/MockCallHistoryLog.md +0 -43
  92. package/node_modules/undici/docs/docs/api/MockClient.md +0 -81
  93. package/node_modules/undici/docs/docs/api/MockErrors.md +0 -12
  94. package/node_modules/undici/docs/docs/api/MockPool.md +0 -555
  95. package/node_modules/undici/docs/docs/api/Pool.md +0 -84
  96. package/node_modules/undici/docs/docs/api/PoolStats.md +0 -35
  97. package/node_modules/undici/docs/docs/api/ProxyAgent.md +0 -229
  98. package/node_modules/undici/docs/docs/api/RedirectHandler.md +0 -93
  99. package/node_modules/undici/docs/docs/api/RetryAgent.md +0 -50
  100. package/node_modules/undici/docs/docs/api/RetryHandler.md +0 -118
  101. package/node_modules/undici/docs/docs/api/RoundRobinPool.md +0 -145
  102. package/node_modules/undici/docs/docs/api/SnapshotAgent.md +0 -616
  103. package/node_modules/undici/docs/docs/api/Socks5ProxyAgent.md +0 -275
  104. package/node_modules/undici/docs/docs/api/Util.md +0 -25
  105. package/node_modules/undici/docs/docs/api/WebSocket.md +0 -141
  106. package/node_modules/undici/docs/docs/api/api-lifecycle.md +0 -91
  107. package/node_modules/undici/docs/docs/best-practices/client-certificate.md +0 -64
  108. package/node_modules/undici/docs/docs/best-practices/crawling.md +0 -58
  109. package/node_modules/undici/docs/docs/best-practices/mocking-request.md +0 -190
  110. package/node_modules/undici/docs/docs/best-practices/proxy.md +0 -127
  111. package/node_modules/undici/docs/docs/best-practices/undici-vs-builtin-fetch.md +0 -224
  112. package/node_modules/undici/docs/docs/best-practices/writing-tests.md +0 -63
  113. package/node_modules/undici/index-fetch.js +0 -65
  114. package/node_modules/undici/index.d.ts +0 -3
  115. package/node_modules/undici/index.js +0 -234
  116. package/node_modules/undici/lib/api/abort-signal.js +0 -59
  117. package/node_modules/undici/lib/api/api-connect.js +0 -110
  118. package/node_modules/undici/lib/api/api-pipeline.js +0 -252
  119. package/node_modules/undici/lib/api/api-request.js +0 -214
  120. package/node_modules/undici/lib/api/api-stream.js +0 -209
  121. package/node_modules/undici/lib/api/api-upgrade.js +0 -111
  122. package/node_modules/undici/lib/api/index.js +0 -7
  123. package/node_modules/undici/lib/api/readable.js +0 -580
  124. package/node_modules/undici/lib/cache/memory-cache-store.js +0 -234
  125. package/node_modules/undici/lib/cache/sqlite-cache-store.js +0 -461
  126. package/node_modules/undici/lib/core/connect.js +0 -153
  127. package/node_modules/undici/lib/core/constants.js +0 -143
  128. package/node_modules/undici/lib/core/diagnostics.js +0 -227
  129. package/node_modules/undici/lib/core/errors.js +0 -477
  130. package/node_modules/undici/lib/core/request.js +0 -453
  131. package/node_modules/undici/lib/core/socks5-client.js +0 -422
  132. package/node_modules/undici/lib/core/socks5-utils.js +0 -212
  133. package/node_modules/undici/lib/core/symbols.js +0 -75
  134. package/node_modules/undici/lib/core/tree.js +0 -160
  135. package/node_modules/undici/lib/core/util.js +0 -992
  136. package/node_modules/undici/lib/dispatcher/agent.js +0 -158
  137. package/node_modules/undici/lib/dispatcher/balanced-pool.js +0 -219
  138. package/node_modules/undici/lib/dispatcher/client-h1.js +0 -1722
  139. package/node_modules/undici/lib/dispatcher/client-h2.js +0 -995
  140. package/node_modules/undici/lib/dispatcher/client.js +0 -664
  141. package/node_modules/undici/lib/dispatcher/dispatcher-base.js +0 -184
  142. package/node_modules/undici/lib/dispatcher/dispatcher.js +0 -48
  143. package/node_modules/undici/lib/dispatcher/env-http-proxy-agent.js +0 -146
  144. package/node_modules/undici/lib/dispatcher/fixed-queue.js +0 -135
  145. package/node_modules/undici/lib/dispatcher/h2c-client.js +0 -51
  146. package/node_modules/undici/lib/dispatcher/pool-base.js +0 -214
  147. package/node_modules/undici/lib/dispatcher/pool.js +0 -118
  148. package/node_modules/undici/lib/dispatcher/proxy-agent.js +0 -319
  149. package/node_modules/undici/lib/dispatcher/retry-agent.js +0 -35
  150. package/node_modules/undici/lib/dispatcher/round-robin-pool.js +0 -137
  151. package/node_modules/undici/lib/dispatcher/socks5-proxy-agent.js +0 -260
  152. package/node_modules/undici/lib/encoding/index.js +0 -33
  153. package/node_modules/undici/lib/global.js +0 -59
  154. package/node_modules/undici/lib/handler/cache-handler.js +0 -578
  155. package/node_modules/undici/lib/handler/cache-revalidation-handler.js +0 -124
  156. package/node_modules/undici/lib/handler/decorator-handler.js +0 -67
  157. package/node_modules/undici/lib/handler/deduplication-handler.js +0 -460
  158. package/node_modules/undici/lib/handler/redirect-handler.js +0 -238
  159. package/node_modules/undici/lib/handler/retry-handler.js +0 -394
  160. package/node_modules/undici/lib/handler/unwrap-handler.js +0 -106
  161. package/node_modules/undici/lib/handler/wrap-handler.js +0 -105
  162. package/node_modules/undici/lib/interceptor/cache.js +0 -495
  163. package/node_modules/undici/lib/interceptor/decompress.js +0 -259
  164. package/node_modules/undici/lib/interceptor/deduplicate.js +0 -117
  165. package/node_modules/undici/lib/interceptor/dns.js +0 -571
  166. package/node_modules/undici/lib/interceptor/dump.js +0 -112
  167. package/node_modules/undici/lib/interceptor/redirect.js +0 -21
  168. package/node_modules/undici/lib/interceptor/response-error.js +0 -95
  169. package/node_modules/undici/lib/interceptor/retry.js +0 -19
  170. package/node_modules/undici/lib/llhttp/.gitkeep +0 -0
  171. package/node_modules/undici/lib/llhttp/constants.d.ts +0 -195
  172. package/node_modules/undici/lib/llhttp/constants.js +0 -531
  173. package/node_modules/undici/lib/llhttp/llhttp-wasm.js +0 -15
  174. package/node_modules/undici/lib/llhttp/llhttp_simd-wasm.js +0 -15
  175. package/node_modules/undici/lib/llhttp/utils.d.ts +0 -2
  176. package/node_modules/undici/lib/llhttp/utils.js +0 -12
  177. package/node_modules/undici/lib/mock/mock-agent.js +0 -232
  178. package/node_modules/undici/lib/mock/mock-call-history.js +0 -248
  179. package/node_modules/undici/lib/mock/mock-client.js +0 -68
  180. package/node_modules/undici/lib/mock/mock-errors.js +0 -29
  181. package/node_modules/undici/lib/mock/mock-interceptor.js +0 -209
  182. package/node_modules/undici/lib/mock/mock-pool.js +0 -68
  183. package/node_modules/undici/lib/mock/mock-symbols.js +0 -32
  184. package/node_modules/undici/lib/mock/mock-utils.js +0 -486
  185. package/node_modules/undici/lib/mock/pending-interceptors-formatter.js +0 -43
  186. package/node_modules/undici/lib/mock/snapshot-agent.js +0 -353
  187. package/node_modules/undici/lib/mock/snapshot-recorder.js +0 -588
  188. package/node_modules/undici/lib/mock/snapshot-utils.js +0 -158
  189. package/node_modules/undici/lib/util/cache.js +0 -414
  190. package/node_modules/undici/lib/util/date.js +0 -653
  191. package/node_modules/undici/lib/util/promise.js +0 -28
  192. package/node_modules/undici/lib/util/runtime-features.js +0 -124
  193. package/node_modules/undici/lib/util/stats.js +0 -32
  194. package/node_modules/undici/lib/util/timers.js +0 -425
  195. package/node_modules/undici/lib/web/cache/cache.js +0 -864
  196. package/node_modules/undici/lib/web/cache/cachestorage.js +0 -152
  197. package/node_modules/undici/lib/web/cache/util.js +0 -45
  198. package/node_modules/undici/lib/web/cookies/constants.js +0 -12
  199. package/node_modules/undici/lib/web/cookies/index.js +0 -199
  200. package/node_modules/undici/lib/web/cookies/parse.js +0 -314
  201. package/node_modules/undici/lib/web/cookies/util.js +0 -282
  202. package/node_modules/undici/lib/web/eventsource/eventsource-stream.js +0 -399
  203. package/node_modules/undici/lib/web/eventsource/eventsource.js +0 -501
  204. package/node_modules/undici/lib/web/eventsource/util.js +0 -29
  205. package/node_modules/undici/lib/web/fetch/LICENSE +0 -21
  206. package/node_modules/undici/lib/web/fetch/body.js +0 -509
  207. package/node_modules/undici/lib/web/fetch/constants.js +0 -131
  208. package/node_modules/undici/lib/web/fetch/data-url.js +0 -596
  209. package/node_modules/undici/lib/web/fetch/formdata-parser.js +0 -586
  210. package/node_modules/undici/lib/web/fetch/formdata.js +0 -259
  211. package/node_modules/undici/lib/web/fetch/global.js +0 -40
  212. package/node_modules/undici/lib/web/fetch/headers.js +0 -719
  213. package/node_modules/undici/lib/web/fetch/index.js +0 -2413
  214. package/node_modules/undici/lib/web/fetch/request.js +0 -1115
  215. package/node_modules/undici/lib/web/fetch/response.js +0 -641
  216. package/node_modules/undici/lib/web/fetch/util.js +0 -1522
  217. package/node_modules/undici/lib/web/infra/index.js +0 -229
  218. package/node_modules/undici/lib/web/subresource-integrity/Readme.md +0 -9
  219. package/node_modules/undici/lib/web/subresource-integrity/subresource-integrity.js +0 -307
  220. package/node_modules/undici/lib/web/webidl/index.js +0 -1006
  221. package/node_modules/undici/lib/web/websocket/connection.js +0 -329
  222. package/node_modules/undici/lib/web/websocket/constants.js +0 -126
  223. package/node_modules/undici/lib/web/websocket/events.js +0 -331
  224. package/node_modules/undici/lib/web/websocket/frame.js +0 -133
  225. package/node_modules/undici/lib/web/websocket/permessage-deflate.js +0 -100
  226. package/node_modules/undici/lib/web/websocket/receiver.js +0 -507
  227. package/node_modules/undici/lib/web/websocket/sender.js +0 -109
  228. package/node_modules/undici/lib/web/websocket/stream/websocketerror.js +0 -104
  229. package/node_modules/undici/lib/web/websocket/stream/websocketstream.js +0 -498
  230. package/node_modules/undici/lib/web/websocket/util.js +0 -347
  231. package/node_modules/undici/lib/web/websocket/websocket.js +0 -758
  232. package/node_modules/undici/package.json +0 -152
  233. package/node_modules/undici/scripts/strip-comments.js +0 -10
  234. package/node_modules/undici/types/README.md +0 -6
  235. package/node_modules/undici/types/agent.d.ts +0 -32
  236. package/node_modules/undici/types/api.d.ts +0 -43
  237. package/node_modules/undici/types/balanced-pool.d.ts +0 -30
  238. package/node_modules/undici/types/cache-interceptor.d.ts +0 -179
  239. package/node_modules/undici/types/cache.d.ts +0 -36
  240. package/node_modules/undici/types/client-stats.d.ts +0 -15
  241. package/node_modules/undici/types/client.d.ts +0 -139
  242. package/node_modules/undici/types/connector.d.ts +0 -36
  243. package/node_modules/undici/types/content-type.d.ts +0 -21
  244. package/node_modules/undici/types/cookies.d.ts +0 -30
  245. package/node_modules/undici/types/diagnostics-channel.d.ts +0 -74
  246. package/node_modules/undici/types/dispatcher.d.ts +0 -275
  247. package/node_modules/undici/types/env-http-proxy-agent.d.ts +0 -22
  248. package/node_modules/undici/types/errors.d.ts +0 -177
  249. package/node_modules/undici/types/eventsource.d.ts +0 -66
  250. package/node_modules/undici/types/fetch.d.ts +0 -231
  251. package/node_modules/undici/types/formdata.d.ts +0 -114
  252. package/node_modules/undici/types/global-dispatcher.d.ts +0 -9
  253. package/node_modules/undici/types/global-origin.d.ts +0 -7
  254. package/node_modules/undici/types/h2c-client.d.ts +0 -73
  255. package/node_modules/undici/types/handlers.d.ts +0 -14
  256. package/node_modules/undici/types/header.d.ts +0 -160
  257. package/node_modules/undici/types/index.d.ts +0 -91
  258. package/node_modules/undici/types/interceptors.d.ts +0 -80
  259. package/node_modules/undici/types/mock-agent.d.ts +0 -68
  260. package/node_modules/undici/types/mock-call-history.d.ts +0 -111
  261. package/node_modules/undici/types/mock-client.d.ts +0 -27
  262. package/node_modules/undici/types/mock-errors.d.ts +0 -12
  263. package/node_modules/undici/types/mock-interceptor.d.ts +0 -94
  264. package/node_modules/undici/types/mock-pool.d.ts +0 -27
  265. package/node_modules/undici/types/patch.d.ts +0 -29
  266. package/node_modules/undici/types/pool-stats.d.ts +0 -19
  267. package/node_modules/undici/types/pool.d.ts +0 -41
  268. package/node_modules/undici/types/proxy-agent.d.ts +0 -29
  269. package/node_modules/undici/types/readable.d.ts +0 -68
  270. package/node_modules/undici/types/retry-agent.d.ts +0 -8
  271. package/node_modules/undici/types/retry-handler.d.ts +0 -125
  272. package/node_modules/undici/types/round-robin-pool.d.ts +0 -41
  273. package/node_modules/undici/types/snapshot-agent.d.ts +0 -109
  274. package/node_modules/undici/types/socks5-proxy-agent.d.ts +0 -25
  275. package/node_modules/undici/types/util.d.ts +0 -18
  276. package/node_modules/undici/types/utility.d.ts +0 -7
  277. package/node_modules/undici/types/webidl.d.ts +0 -347
  278. package/node_modules/undici/types/websocket.d.ts +0 -188
@@ -1,229 +0,0 @@
1
- 'use strict'
2
-
3
- const assert = require('node:assert')
4
- const { utf8DecodeBytes } = require('../../encoding')
5
-
6
- /**
7
- * @param {(char: string) => boolean} condition
8
- * @param {string} input
9
- * @param {{ position: number }} position
10
- * @returns {string}
11
- *
12
- * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
13
- */
14
- function collectASequenceOfCodePoints (condition, input, position) {
15
- // 1. Let result be the empty string.
16
- let result = ''
17
-
18
- // 2. While position doesn’t point past the end of input and the
19
- // code point at position within input meets the condition condition:
20
- while (position.position < input.length && condition(input[position.position])) {
21
- // 1. Append that code point to the end of result.
22
- result += input[position.position]
23
-
24
- // 2. Advance position by 1.
25
- position.position++
26
- }
27
-
28
- // 3. Return result.
29
- return result
30
- }
31
-
32
- /**
33
- * A faster collectASequenceOfCodePoints that only works when comparing a single character.
34
- * @param {string} char
35
- * @param {string} input
36
- * @param {{ position: number }} position
37
- * @returns {string}
38
- *
39
- * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
40
- */
41
- function collectASequenceOfCodePointsFast (char, input, position) {
42
- const idx = input.indexOf(char, position.position)
43
- const start = position.position
44
-
45
- if (idx === -1) {
46
- position.position = input.length
47
- return input.slice(start)
48
- }
49
-
50
- position.position = idx
51
- return input.slice(start, position.position)
52
- }
53
-
54
- const ASCII_WHITESPACE_REPLACE_REGEX = /[\u0009\u000A\u000C\u000D\u0020]/g // eslint-disable-line no-control-regex
55
-
56
- /**
57
- * @param {string} data
58
- * @returns {Uint8Array | 'failure'}
59
- *
60
- * @see https://infra.spec.whatwg.org/#forgiving-base64-decode
61
- */
62
- function forgivingBase64 (data) {
63
- // 1. Remove all ASCII whitespace from data.
64
- data = data.replace(ASCII_WHITESPACE_REPLACE_REGEX, '')
65
-
66
- let dataLength = data.length
67
- // 2. If data’s code point length divides by 4 leaving
68
- // no remainder, then:
69
- if (dataLength % 4 === 0) {
70
- // 1. If data ends with one or two U+003D (=) code points,
71
- // then remove them from data.
72
- if (data.charCodeAt(dataLength - 1) === 0x003D) {
73
- --dataLength
74
- if (data.charCodeAt(dataLength - 1) === 0x003D) {
75
- --dataLength
76
- }
77
- }
78
- }
79
-
80
- // 3. If data’s code point length divides by 4 leaving
81
- // a remainder of 1, then return failure.
82
- if (dataLength % 4 === 1) {
83
- return 'failure'
84
- }
85
-
86
- // 4. If data contains a code point that is not one of
87
- // U+002B (+)
88
- // U+002F (/)
89
- // ASCII alphanumeric
90
- // then return failure.
91
- if (/[^+/0-9A-Za-z]/.test(data.length === dataLength ? data : data.substring(0, dataLength))) {
92
- return 'failure'
93
- }
94
-
95
- const buffer = Buffer.from(data, 'base64')
96
- return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength)
97
- }
98
-
99
- /**
100
- * @param {number} char
101
- * @returns {boolean}
102
- *
103
- * @see https://infra.spec.whatwg.org/#ascii-whitespace
104
- */
105
- function isASCIIWhitespace (char) {
106
- return (
107
- char === 0x09 || // \t
108
- char === 0x0a || // \n
109
- char === 0x0c || // \f
110
- char === 0x0d || // \r
111
- char === 0x20 // space
112
- )
113
- }
114
-
115
- /**
116
- * @param {Uint8Array} input
117
- * @returns {string}
118
- *
119
- * @see https://infra.spec.whatwg.org/#isomorphic-decode
120
- */
121
- function isomorphicDecode (input) {
122
- // 1. To isomorphic decode a byte sequence input, return a string whose code point
123
- // length is equal to input’s length and whose code points have the same values
124
- // as the values of input’s bytes, in the same order.
125
- const length = input.length
126
- if ((2 << 15) - 1 > length) {
127
- return String.fromCharCode.apply(null, input)
128
- }
129
- let result = ''
130
- let i = 0
131
- let addition = (2 << 15) - 1
132
- while (i < length) {
133
- if (i + addition > length) {
134
- addition = length - i
135
- }
136
- result += String.fromCharCode.apply(null, input.subarray(i, i += addition))
137
- }
138
- return result
139
- }
140
-
141
- const invalidIsomorphicEncodeValueRegex = /[^\x00-\xFF]/ // eslint-disable-line no-control-regex
142
-
143
- /**
144
- * @param {string} input
145
- * @returns {string}
146
- *
147
- * @see https://infra.spec.whatwg.org/#isomorphic-encode
148
- */
149
- function isomorphicEncode (input) {
150
- // 1. Assert: input contains no code points greater than U+00FF.
151
- assert(!invalidIsomorphicEncodeValueRegex.test(input))
152
-
153
- // 2. Return a byte sequence whose length is equal to input’s code
154
- // point length and whose bytes have the same values as the
155
- // values of input’s code points, in the same order
156
- return input
157
- }
158
-
159
- /**
160
- * @see https://infra.spec.whatwg.org/#parse-json-bytes-to-a-javascript-value
161
- * @param {Uint8Array} bytes
162
- */
163
- function parseJSONFromBytes (bytes) {
164
- return JSON.parse(utf8DecodeBytes(bytes))
165
- }
166
-
167
- /**
168
- * @param {string} str
169
- * @param {boolean} [leading=true]
170
- * @param {boolean} [trailing=true]
171
- * @returns {string}
172
- *
173
- * @see https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace
174
- */
175
- function removeASCIIWhitespace (str, leading = true, trailing = true) {
176
- return removeChars(str, leading, trailing, isASCIIWhitespace)
177
- }
178
-
179
- /**
180
- * @param {string} str
181
- * @param {boolean} leading
182
- * @param {boolean} trailing
183
- * @param {(charCode: number) => boolean} predicate
184
- * @returns {string}
185
- */
186
- function removeChars (str, leading, trailing, predicate) {
187
- let lead = 0
188
- let trail = str.length - 1
189
-
190
- if (leading) {
191
- while (lead < str.length && predicate(str.charCodeAt(lead))) lead++
192
- }
193
-
194
- if (trailing) {
195
- while (trail > 0 && predicate(str.charCodeAt(trail))) trail--
196
- }
197
-
198
- return lead === 0 && trail === str.length - 1 ? str : str.slice(lead, trail + 1)
199
- }
200
-
201
- // https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string
202
- function serializeJavascriptValueToJSONString (value) {
203
- // 1. Let result be ? Call(%JSON.stringify%, undefined, « value »).
204
- const result = JSON.stringify(value)
205
-
206
- // 2. If result is undefined, then throw a TypeError.
207
- if (result === undefined) {
208
- throw new TypeError('Value is not JSON serializable')
209
- }
210
-
211
- // 3. Assert: result is a string.
212
- assert(typeof result === 'string')
213
-
214
- // 4. Return result.
215
- return result
216
- }
217
-
218
- module.exports = {
219
- collectASequenceOfCodePoints,
220
- collectASequenceOfCodePointsFast,
221
- forgivingBase64,
222
- isASCIIWhitespace,
223
- isomorphicDecode,
224
- isomorphicEncode,
225
- parseJSONFromBytes,
226
- removeASCIIWhitespace,
227
- removeChars,
228
- serializeJavascriptValueToJSONString
229
- }
@@ -1,9 +0,0 @@
1
- # Subresource Integrity
2
-
3
- based on Editor’s Draft, 12 June 2025
4
-
5
- This module provides support for Subresource Integrity (SRI) in the context of web fetch operations. SRI is a security feature that allows clients to verify that fetched resources are delivered without unexpected manipulation.
6
-
7
- ## Links
8
-
9
- - [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/)
@@ -1,307 +0,0 @@
1
- 'use strict'
2
-
3
- const assert = require('node:assert')
4
- const { runtimeFeatures } = require('../../util/runtime-features.js')
5
-
6
- /**
7
- * @typedef {object} Metadata
8
- * @property {SRIHashAlgorithm} alg - The algorithm used for the hash.
9
- * @property {string} val - The base64-encoded hash value.
10
- */
11
-
12
- /**
13
- * @typedef {Metadata[]} MetadataList
14
- */
15
-
16
- /**
17
- * @typedef {('sha256' | 'sha384' | 'sha512')} SRIHashAlgorithm
18
- */
19
-
20
- /**
21
- * @type {Map<SRIHashAlgorithm, number>}
22
- *
23
- * The valid SRI hash algorithm token set is the ordered set « "sha256",
24
- * "sha384", "sha512" » (corresponding to SHA-256, SHA-384, and SHA-512
25
- * respectively). The ordering of this set is meaningful, with stronger
26
- * algorithms appearing later in the set.
27
- *
28
- * @see https://w3c.github.io/webappsec-subresource-integrity/#valid-sri-hash-algorithm-token-set
29
- */
30
- const validSRIHashAlgorithmTokenSet = new Map([['sha256', 0], ['sha384', 1], ['sha512', 2]])
31
-
32
- // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
33
- /** @type {import('node:crypto')} */
34
- let crypto
35
-
36
- if (runtimeFeatures.has('crypto')) {
37
- crypto = require('node:crypto')
38
- const cryptoHashes = crypto.getHashes()
39
-
40
- // If no hashes are available, we cannot support SRI.
41
- if (cryptoHashes.length === 0) {
42
- validSRIHashAlgorithmTokenSet.clear()
43
- }
44
-
45
- for (const algorithm of validSRIHashAlgorithmTokenSet.keys()) {
46
- // If the algorithm is not supported, remove it from the list.
47
- if (cryptoHashes.includes(algorithm) === false) {
48
- validSRIHashAlgorithmTokenSet.delete(algorithm)
49
- }
50
- }
51
- } else {
52
- // If crypto is not available, we cannot support SRI.
53
- validSRIHashAlgorithmTokenSet.clear()
54
- }
55
-
56
- /**
57
- * @typedef GetSRIHashAlgorithmIndex
58
- * @type {(algorithm: SRIHashAlgorithm) => number}
59
- * @param {SRIHashAlgorithm} algorithm
60
- * @returns {number} The index of the algorithm in the valid SRI hash algorithm
61
- * token set.
62
- */
63
-
64
- const getSRIHashAlgorithmIndex = /** @type {GetSRIHashAlgorithmIndex} */ (Map.prototype.get.bind(
65
- validSRIHashAlgorithmTokenSet))
66
-
67
- /**
68
- * @typedef IsValidSRIHashAlgorithm
69
- * @type {(algorithm: string) => algorithm is SRIHashAlgorithm}
70
- * @param {*} algorithm
71
- * @returns {algorithm is SRIHashAlgorithm}
72
- */
73
-
74
- const isValidSRIHashAlgorithm = /** @type {IsValidSRIHashAlgorithm} */ (
75
- Map.prototype.has.bind(validSRIHashAlgorithmTokenSet)
76
- )
77
-
78
- /**
79
- * @param {Uint8Array} bytes
80
- * @param {string} metadataList
81
- * @returns {boolean}
82
- *
83
- * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist
84
- */
85
- const bytesMatch = runtimeFeatures.has('crypto') === false || validSRIHashAlgorithmTokenSet.size === 0
86
- // If node is not built with OpenSSL support, we cannot check
87
- // a request's integrity, so allow it by default (the spec will
88
- // allow requests if an invalid hash is given, as precedence).
89
- ? () => true
90
- : (bytes, metadataList) => {
91
- // 1. Let parsedMetadata be the result of parsing metadataList.
92
- const parsedMetadata = parseMetadata(metadataList)
93
-
94
- // 2. If parsedMetadata is empty set, return true.
95
- if (parsedMetadata.length === 0) {
96
- return true
97
- }
98
-
99
- // 3. Let metadata be the result of getting the strongest
100
- // metadata from parsedMetadata.
101
- const metadata = getStrongestMetadata(parsedMetadata)
102
-
103
- // 4. For each item in metadata:
104
- for (const item of metadata) {
105
- // 1. Let algorithm be the item["alg"].
106
- const algorithm = item.alg
107
-
108
- // 2. Let expectedValue be the item["val"].
109
- const expectedValue = item.val
110
-
111
- // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
112
- // "be liberal with padding". This is annoying, and it's not even in the spec.
113
-
114
- // 3. Let actualValue be the result of applying algorithm to bytes .
115
- const actualValue = applyAlgorithmToBytes(algorithm, bytes)
116
-
117
- // 4. If actualValue is a case-sensitive match for expectedValue,
118
- // return true.
119
- if (caseSensitiveMatch(actualValue, expectedValue)) {
120
- return true
121
- }
122
- }
123
-
124
- // 5. Return false.
125
- return false
126
- }
127
-
128
- /**
129
- * @param {MetadataList} metadataList
130
- * @returns {MetadataList} The strongest hash algorithm from the metadata list.
131
- */
132
- function getStrongestMetadata (metadataList) {
133
- // 1. Let result be the empty set and strongest be the empty string.
134
- const result = []
135
- /** @type {Metadata|null} */
136
- let strongest = null
137
-
138
- // 2. For each item in set:
139
- for (const item of metadataList) {
140
- // 1. Assert: item["alg"] is a valid SRI hash algorithm token.
141
- assert(isValidSRIHashAlgorithm(item.alg), 'Invalid SRI hash algorithm token')
142
-
143
- // 2. If result is the empty set, then:
144
- if (result.length === 0) {
145
- // 1. Append item to result.
146
- result.push(item)
147
-
148
- // 2. Set strongest to item.
149
- strongest = item
150
-
151
- // 3. Continue.
152
- continue
153
- }
154
-
155
- // 3. Let currentAlgorithm be strongest["alg"], and currentAlgorithmIndex be
156
- // the index of currentAlgorithm in the valid SRI hash algorithm token set.
157
- const currentAlgorithm = /** @type {Metadata} */ (strongest).alg
158
- const currentAlgorithmIndex = getSRIHashAlgorithmIndex(currentAlgorithm)
159
-
160
- // 4. Let newAlgorithm be the item["alg"], and newAlgorithmIndex be the
161
- // index of newAlgorithm in the valid SRI hash algorithm token set.
162
- const newAlgorithm = item.alg
163
- const newAlgorithmIndex = getSRIHashAlgorithmIndex(newAlgorithm)
164
-
165
- // 5. If newAlgorithmIndex is less than currentAlgorithmIndex, then continue.
166
- if (newAlgorithmIndex < currentAlgorithmIndex) {
167
- continue
168
-
169
- // 6. Otherwise, if newAlgorithmIndex is greater than
170
- // currentAlgorithmIndex:
171
- } else if (newAlgorithmIndex > currentAlgorithmIndex) {
172
- // 1. Set strongest to item.
173
- strongest = item
174
-
175
- // 2. Set result to « item ».
176
- result[0] = item
177
- result.length = 1
178
-
179
- // 7. Otherwise, newAlgorithmIndex and currentAlgorithmIndex are the same
180
- // value. Append item to result.
181
- } else {
182
- result.push(item)
183
- }
184
- }
185
-
186
- // 3. Return result.
187
- return result
188
- }
189
-
190
- /**
191
- * @param {string} metadata
192
- * @returns {MetadataList}
193
- *
194
- * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
195
- */
196
- function parseMetadata (metadata) {
197
- // 1. Let result be the empty set.
198
- /** @type {MetadataList} */
199
- const result = []
200
-
201
- // 2. For each item returned by splitting metadata on spaces:
202
- for (const item of metadata.split(' ')) {
203
- // 1. Let expression-and-options be the result of splitting item on U+003F (?).
204
- const expressionAndOptions = item.split('?', 1)
205
-
206
- // 2. Let algorithm-expression be expression-and-options[0].
207
- const algorithmExpression = expressionAndOptions[0]
208
-
209
- // 3. Let base64-value be the empty string.
210
- let base64Value = ''
211
-
212
- // 4. Let algorithm-and-value be the result of splitting algorithm-expression on U+002D (-).
213
- const algorithmAndValue = [algorithmExpression.slice(0, 6), algorithmExpression.slice(7)]
214
-
215
- // 5. Let algorithm be algorithm-and-value[0].
216
- const algorithm = algorithmAndValue[0]
217
-
218
- // 6. If algorithm is not a valid SRI hash algorithm token, then continue.
219
- if (!isValidSRIHashAlgorithm(algorithm)) {
220
- continue
221
- }
222
-
223
- // 7. If algorithm-and-value[1] exists, set base64-value to
224
- // algorithm-and-value[1].
225
- if (algorithmAndValue[1]) {
226
- base64Value = algorithmAndValue[1]
227
- }
228
-
229
- // 8. Let metadata be the ordered map
230
- // «["alg" → algorithm, "val" → base64-value]».
231
- const metadata = {
232
- alg: algorithm,
233
- val: base64Value
234
- }
235
-
236
- // 9. Append metadata to result.
237
- result.push(metadata)
238
- }
239
-
240
- // 3. Return result.
241
- return result
242
- }
243
-
244
- /**
245
- * Applies the specified hash algorithm to the given bytes
246
- *
247
- * @typedef {(algorithm: SRIHashAlgorithm, bytes: Uint8Array) => string} ApplyAlgorithmToBytes
248
- * @param {SRIHashAlgorithm} algorithm
249
- * @param {Uint8Array} bytes
250
- * @returns {string}
251
- */
252
- const applyAlgorithmToBytes = (algorithm, bytes) => {
253
- return crypto.hash(algorithm, bytes, 'base64')
254
- }
255
-
256
- /**
257
- * Compares two base64 strings, allowing for base64url
258
- * in the second string.
259
- *
260
- * @param {string} actualValue base64 encoded string
261
- * @param {string} expectedValue base64 or base64url encoded string
262
- * @returns {boolean}
263
- */
264
- function caseSensitiveMatch (actualValue, expectedValue) {
265
- // Ignore padding characters from the end of the strings by
266
- // decreasing the length by 1 or 2 if the last characters are `=`.
267
- let actualValueLength = actualValue.length
268
- if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
269
- actualValueLength -= 1
270
- }
271
- if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
272
- actualValueLength -= 1
273
- }
274
- let expectedValueLength = expectedValue.length
275
- if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
276
- expectedValueLength -= 1
277
- }
278
- if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
279
- expectedValueLength -= 1
280
- }
281
-
282
- if (actualValueLength !== expectedValueLength) {
283
- return false
284
- }
285
-
286
- for (let i = 0; i < actualValueLength; ++i) {
287
- if (
288
- actualValue[i] === expectedValue[i] ||
289
- (actualValue[i] === '+' && expectedValue[i] === '-') ||
290
- (actualValue[i] === '/' && expectedValue[i] === '_')
291
- ) {
292
- continue
293
- }
294
- return false
295
- }
296
-
297
- return true
298
- }
299
-
300
- module.exports = {
301
- applyAlgorithmToBytes,
302
- bytesMatch,
303
- caseSensitiveMatch,
304
- isValidSRIHashAlgorithm,
305
- getStrongestMetadata,
306
- parseMetadata
307
- }