pi-cursor-sdk 0.1.50 → 0.1.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (279) hide show
  1. package/CHANGELOG.md +31 -0
  2. package/README.md +1 -1
  3. package/docs/cursor-live-smoke-checklist.md +4 -4
  4. package/docs/cursor-model-ux-spec.md +5 -5
  5. package/docs/cursor-native-tool-replay.md +2 -2
  6. package/docs/cursor-native-tool-visual-audit.md +1 -1
  7. package/docs/cursor-testing-lessons.md +1 -1
  8. package/package.json +3 -12
  9. package/src/cursor-fallback-models.generated.ts +536 -302
  10. package/src/cursor-provider-errors.ts +29 -0
  11. package/src/cursor-provider-turn-runner.ts +1 -1
  12. package/src/cursor-provider.ts +9 -2
  13. package/src/cursor-session-turn-queue.ts +52 -0
  14. package/src/cursor-tool-manifest.ts +1 -1
  15. package/node_modules/@connectrpc/connect-node/README.md +0 -141
  16. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.d.ts +0 -15
  17. package/node_modules/@connectrpc/connect-node/dist/cjs/compression.js +0 -89
  18. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.d.ts +0 -42
  19. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-node-adapter.js +0 -61
  20. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.d.ts +0 -100
  21. package/node_modules/@connectrpc/connect-node/dist/cjs/connect-transport.js +0 -25
  22. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.d.ts +0 -96
  23. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-transport.js +0 -25
  24. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.d.ts +0 -96
  25. package/node_modules/@connectrpc/connect-node/dist/cjs/grpc-web-transport.js +0 -25
  26. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.d.ts +0 -146
  27. package/node_modules/@connectrpc/connect-node/dist/cjs/http2-session-manager.js +0 -536
  28. package/node_modules/@connectrpc/connect-node/dist/cjs/index.d.ts +0 -15
  29. package/node_modules/@connectrpc/connect-node/dist/cjs/index.js +0 -36
  30. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.d.ts +0 -45
  31. package/node_modules/@connectrpc/connect-node/dist/cjs/node-error.js +0 -154
  32. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.d.ts +0 -1
  33. package/node_modules/@connectrpc/connect-node/dist/cjs/node-headers-polyfill.js +0 -29
  34. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.d.ts +0 -89
  35. package/node_modules/@connectrpc/connect-node/dist/cjs/node-transport-options.js +0 -58
  36. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.d.ts +0 -54
  37. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-client.js +0 -326
  38. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.d.ts +0 -41
  39. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-handler.js +0 -234
  40. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.d.ts +0 -19
  41. package/node_modules/@connectrpc/connect-node/dist/cjs/node-universal-header.js +0 -97
  42. package/node_modules/@connectrpc/connect-node/dist/cjs/package.json +0 -1
  43. package/node_modules/@connectrpc/connect-node/dist/esm/compression.d.ts +0 -15
  44. package/node_modules/@connectrpc/connect-node/dist/esm/compression.js +0 -86
  45. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.d.ts +0 -42
  46. package/node_modules/@connectrpc/connect-node/dist/esm/connect-node-adapter.js +0 -58
  47. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.d.ts +0 -100
  48. package/node_modules/@connectrpc/connect-node/dist/esm/connect-transport.js +0 -22
  49. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.d.ts +0 -96
  50. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-transport.js +0 -22
  51. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.d.ts +0 -96
  52. package/node_modules/@connectrpc/connect-node/dist/esm/grpc-web-transport.js +0 -22
  53. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.d.ts +0 -146
  54. package/node_modules/@connectrpc/connect-node/dist/esm/http2-session-manager.js +0 -532
  55. package/node_modules/@connectrpc/connect-node/dist/esm/index.d.ts +0 -15
  56. package/node_modules/@connectrpc/connect-node/dist/esm/index.js +0 -23
  57. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.d.ts +0 -45
  58. package/node_modules/@connectrpc/connect-node/dist/esm/node-error.js +0 -147
  59. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.d.ts +0 -1
  60. package/node_modules/@connectrpc/connect-node/dist/esm/node-headers-polyfill.js +0 -27
  61. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.d.ts +0 -89
  62. package/node_modules/@connectrpc/connect-node/dist/esm/node-transport-options.js +0 -58
  63. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.d.ts +0 -54
  64. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-client.js +0 -324
  65. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.d.ts +0 -41
  66. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-handler.js +0 -230
  67. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.d.ts +0 -19
  68. package/node_modules/@connectrpc/connect-node/dist/esm/node-universal-header.js +0 -93
  69. package/node_modules/@connectrpc/connect-node/package.json +0 -46
  70. package/node_modules/undici/LICENSE +0 -21
  71. package/node_modules/undici/README.md +0 -741
  72. package/node_modules/undici/docs/docs/api/Agent.md +0 -84
  73. package/node_modules/undici/docs/docs/api/BalancedPool.md +0 -99
  74. package/node_modules/undici/docs/docs/api/CacheStorage.md +0 -30
  75. package/node_modules/undici/docs/docs/api/CacheStore.md +0 -164
  76. package/node_modules/undici/docs/docs/api/Client.md +0 -288
  77. package/node_modules/undici/docs/docs/api/ClientStats.md +0 -27
  78. package/node_modules/undici/docs/docs/api/Connector.md +0 -115
  79. package/node_modules/undici/docs/docs/api/ContentType.md +0 -57
  80. package/node_modules/undici/docs/docs/api/Cookies.md +0 -128
  81. package/node_modules/undici/docs/docs/api/Debug.md +0 -62
  82. package/node_modules/undici/docs/docs/api/DiagnosticsChannel.md +0 -315
  83. package/node_modules/undici/docs/docs/api/Dispatcher.md +0 -1392
  84. package/node_modules/undici/docs/docs/api/EnvHttpProxyAgent.md +0 -159
  85. package/node_modules/undici/docs/docs/api/Errors.md +0 -49
  86. package/node_modules/undici/docs/docs/api/EventSource.md +0 -45
  87. package/node_modules/undici/docs/docs/api/Fetch.md +0 -60
  88. package/node_modules/undici/docs/docs/api/GlobalInstallation.md +0 -139
  89. package/node_modules/undici/docs/docs/api/H2CClient.md +0 -263
  90. package/node_modules/undici/docs/docs/api/MockAgent.md +0 -603
  91. package/node_modules/undici/docs/docs/api/MockCallHistory.md +0 -197
  92. package/node_modules/undici/docs/docs/api/MockCallHistoryLog.md +0 -43
  93. package/node_modules/undici/docs/docs/api/MockClient.md +0 -81
  94. package/node_modules/undici/docs/docs/api/MockErrors.md +0 -12
  95. package/node_modules/undici/docs/docs/api/MockPool.md +0 -555
  96. package/node_modules/undici/docs/docs/api/Pool.md +0 -84
  97. package/node_modules/undici/docs/docs/api/PoolStats.md +0 -35
  98. package/node_modules/undici/docs/docs/api/ProxyAgent.md +0 -229
  99. package/node_modules/undici/docs/docs/api/RedirectHandler.md +0 -93
  100. package/node_modules/undici/docs/docs/api/RetryAgent.md +0 -50
  101. package/node_modules/undici/docs/docs/api/RetryHandler.md +0 -118
  102. package/node_modules/undici/docs/docs/api/RoundRobinPool.md +0 -145
  103. package/node_modules/undici/docs/docs/api/SnapshotAgent.md +0 -616
  104. package/node_modules/undici/docs/docs/api/Socks5ProxyAgent.md +0 -275
  105. package/node_modules/undici/docs/docs/api/Util.md +0 -25
  106. package/node_modules/undici/docs/docs/api/WebSocket.md +0 -141
  107. package/node_modules/undici/docs/docs/api/api-lifecycle.md +0 -91
  108. package/node_modules/undici/docs/docs/best-practices/client-certificate.md +0 -64
  109. package/node_modules/undici/docs/docs/best-practices/crawling.md +0 -58
  110. package/node_modules/undici/docs/docs/best-practices/mocking-request.md +0 -190
  111. package/node_modules/undici/docs/docs/best-practices/proxy.md +0 -127
  112. package/node_modules/undici/docs/docs/best-practices/undici-vs-builtin-fetch.md +0 -224
  113. package/node_modules/undici/docs/docs/best-practices/writing-tests.md +0 -63
  114. package/node_modules/undici/index-fetch.js +0 -65
  115. package/node_modules/undici/index.d.ts +0 -3
  116. package/node_modules/undici/index.js +0 -234
  117. package/node_modules/undici/lib/api/abort-signal.js +0 -59
  118. package/node_modules/undici/lib/api/api-connect.js +0 -110
  119. package/node_modules/undici/lib/api/api-pipeline.js +0 -252
  120. package/node_modules/undici/lib/api/api-request.js +0 -214
  121. package/node_modules/undici/lib/api/api-stream.js +0 -209
  122. package/node_modules/undici/lib/api/api-upgrade.js +0 -111
  123. package/node_modules/undici/lib/api/index.js +0 -7
  124. package/node_modules/undici/lib/api/readable.js +0 -580
  125. package/node_modules/undici/lib/cache/memory-cache-store.js +0 -234
  126. package/node_modules/undici/lib/cache/sqlite-cache-store.js +0 -461
  127. package/node_modules/undici/lib/core/connect.js +0 -153
  128. package/node_modules/undici/lib/core/constants.js +0 -143
  129. package/node_modules/undici/lib/core/diagnostics.js +0 -227
  130. package/node_modules/undici/lib/core/errors.js +0 -477
  131. package/node_modules/undici/lib/core/request.js +0 -453
  132. package/node_modules/undici/lib/core/socks5-client.js +0 -422
  133. package/node_modules/undici/lib/core/socks5-utils.js +0 -212
  134. package/node_modules/undici/lib/core/symbols.js +0 -75
  135. package/node_modules/undici/lib/core/tree.js +0 -160
  136. package/node_modules/undici/lib/core/util.js +0 -992
  137. package/node_modules/undici/lib/dispatcher/agent.js +0 -158
  138. package/node_modules/undici/lib/dispatcher/balanced-pool.js +0 -219
  139. package/node_modules/undici/lib/dispatcher/client-h1.js +0 -1722
  140. package/node_modules/undici/lib/dispatcher/client-h2.js +0 -995
  141. package/node_modules/undici/lib/dispatcher/client.js +0 -664
  142. package/node_modules/undici/lib/dispatcher/dispatcher-base.js +0 -184
  143. package/node_modules/undici/lib/dispatcher/dispatcher.js +0 -48
  144. package/node_modules/undici/lib/dispatcher/env-http-proxy-agent.js +0 -146
  145. package/node_modules/undici/lib/dispatcher/fixed-queue.js +0 -135
  146. package/node_modules/undici/lib/dispatcher/h2c-client.js +0 -51
  147. package/node_modules/undici/lib/dispatcher/pool-base.js +0 -214
  148. package/node_modules/undici/lib/dispatcher/pool.js +0 -118
  149. package/node_modules/undici/lib/dispatcher/proxy-agent.js +0 -319
  150. package/node_modules/undici/lib/dispatcher/retry-agent.js +0 -35
  151. package/node_modules/undici/lib/dispatcher/round-robin-pool.js +0 -137
  152. package/node_modules/undici/lib/dispatcher/socks5-proxy-agent.js +0 -260
  153. package/node_modules/undici/lib/encoding/index.js +0 -33
  154. package/node_modules/undici/lib/global.js +0 -59
  155. package/node_modules/undici/lib/handler/cache-handler.js +0 -578
  156. package/node_modules/undici/lib/handler/cache-revalidation-handler.js +0 -124
  157. package/node_modules/undici/lib/handler/decorator-handler.js +0 -67
  158. package/node_modules/undici/lib/handler/deduplication-handler.js +0 -460
  159. package/node_modules/undici/lib/handler/redirect-handler.js +0 -238
  160. package/node_modules/undici/lib/handler/retry-handler.js +0 -394
  161. package/node_modules/undici/lib/handler/unwrap-handler.js +0 -106
  162. package/node_modules/undici/lib/handler/wrap-handler.js +0 -105
  163. package/node_modules/undici/lib/interceptor/cache.js +0 -495
  164. package/node_modules/undici/lib/interceptor/decompress.js +0 -259
  165. package/node_modules/undici/lib/interceptor/deduplicate.js +0 -117
  166. package/node_modules/undici/lib/interceptor/dns.js +0 -571
  167. package/node_modules/undici/lib/interceptor/dump.js +0 -112
  168. package/node_modules/undici/lib/interceptor/redirect.js +0 -21
  169. package/node_modules/undici/lib/interceptor/response-error.js +0 -95
  170. package/node_modules/undici/lib/interceptor/retry.js +0 -19
  171. package/node_modules/undici/lib/llhttp/.gitkeep +0 -0
  172. package/node_modules/undici/lib/llhttp/constants.d.ts +0 -195
  173. package/node_modules/undici/lib/llhttp/constants.js +0 -531
  174. package/node_modules/undici/lib/llhttp/llhttp-wasm.js +0 -15
  175. package/node_modules/undici/lib/llhttp/llhttp_simd-wasm.js +0 -15
  176. package/node_modules/undici/lib/llhttp/utils.d.ts +0 -2
  177. package/node_modules/undici/lib/llhttp/utils.js +0 -12
  178. package/node_modules/undici/lib/mock/mock-agent.js +0 -232
  179. package/node_modules/undici/lib/mock/mock-call-history.js +0 -248
  180. package/node_modules/undici/lib/mock/mock-client.js +0 -68
  181. package/node_modules/undici/lib/mock/mock-errors.js +0 -29
  182. package/node_modules/undici/lib/mock/mock-interceptor.js +0 -209
  183. package/node_modules/undici/lib/mock/mock-pool.js +0 -68
  184. package/node_modules/undici/lib/mock/mock-symbols.js +0 -32
  185. package/node_modules/undici/lib/mock/mock-utils.js +0 -486
  186. package/node_modules/undici/lib/mock/pending-interceptors-formatter.js +0 -43
  187. package/node_modules/undici/lib/mock/snapshot-agent.js +0 -353
  188. package/node_modules/undici/lib/mock/snapshot-recorder.js +0 -588
  189. package/node_modules/undici/lib/mock/snapshot-utils.js +0 -158
  190. package/node_modules/undici/lib/util/cache.js +0 -414
  191. package/node_modules/undici/lib/util/date.js +0 -653
  192. package/node_modules/undici/lib/util/promise.js +0 -28
  193. package/node_modules/undici/lib/util/runtime-features.js +0 -124
  194. package/node_modules/undici/lib/util/stats.js +0 -32
  195. package/node_modules/undici/lib/util/timers.js +0 -425
  196. package/node_modules/undici/lib/web/cache/cache.js +0 -864
  197. package/node_modules/undici/lib/web/cache/cachestorage.js +0 -152
  198. package/node_modules/undici/lib/web/cache/util.js +0 -45
  199. package/node_modules/undici/lib/web/cookies/constants.js +0 -12
  200. package/node_modules/undici/lib/web/cookies/index.js +0 -199
  201. package/node_modules/undici/lib/web/cookies/parse.js +0 -314
  202. package/node_modules/undici/lib/web/cookies/util.js +0 -282
  203. package/node_modules/undici/lib/web/eventsource/eventsource-stream.js +0 -399
  204. package/node_modules/undici/lib/web/eventsource/eventsource.js +0 -501
  205. package/node_modules/undici/lib/web/eventsource/util.js +0 -29
  206. package/node_modules/undici/lib/web/fetch/LICENSE +0 -21
  207. package/node_modules/undici/lib/web/fetch/body.js +0 -509
  208. package/node_modules/undici/lib/web/fetch/constants.js +0 -131
  209. package/node_modules/undici/lib/web/fetch/data-url.js +0 -596
  210. package/node_modules/undici/lib/web/fetch/formdata-parser.js +0 -586
  211. package/node_modules/undici/lib/web/fetch/formdata.js +0 -259
  212. package/node_modules/undici/lib/web/fetch/global.js +0 -40
  213. package/node_modules/undici/lib/web/fetch/headers.js +0 -719
  214. package/node_modules/undici/lib/web/fetch/index.js +0 -2413
  215. package/node_modules/undici/lib/web/fetch/request.js +0 -1115
  216. package/node_modules/undici/lib/web/fetch/response.js +0 -641
  217. package/node_modules/undici/lib/web/fetch/util.js +0 -1522
  218. package/node_modules/undici/lib/web/infra/index.js +0 -229
  219. package/node_modules/undici/lib/web/subresource-integrity/Readme.md +0 -9
  220. package/node_modules/undici/lib/web/subresource-integrity/subresource-integrity.js +0 -307
  221. package/node_modules/undici/lib/web/webidl/index.js +0 -1006
  222. package/node_modules/undici/lib/web/websocket/connection.js +0 -329
  223. package/node_modules/undici/lib/web/websocket/constants.js +0 -126
  224. package/node_modules/undici/lib/web/websocket/events.js +0 -331
  225. package/node_modules/undici/lib/web/websocket/frame.js +0 -133
  226. package/node_modules/undici/lib/web/websocket/permessage-deflate.js +0 -100
  227. package/node_modules/undici/lib/web/websocket/receiver.js +0 -507
  228. package/node_modules/undici/lib/web/websocket/sender.js +0 -109
  229. package/node_modules/undici/lib/web/websocket/stream/websocketerror.js +0 -104
  230. package/node_modules/undici/lib/web/websocket/stream/websocketstream.js +0 -498
  231. package/node_modules/undici/lib/web/websocket/util.js +0 -347
  232. package/node_modules/undici/lib/web/websocket/websocket.js +0 -758
  233. package/node_modules/undici/package.json +0 -152
  234. package/node_modules/undici/scripts/strip-comments.js +0 -10
  235. package/node_modules/undici/types/README.md +0 -6
  236. package/node_modules/undici/types/agent.d.ts +0 -32
  237. package/node_modules/undici/types/api.d.ts +0 -43
  238. package/node_modules/undici/types/balanced-pool.d.ts +0 -30
  239. package/node_modules/undici/types/cache-interceptor.d.ts +0 -179
  240. package/node_modules/undici/types/cache.d.ts +0 -36
  241. package/node_modules/undici/types/client-stats.d.ts +0 -15
  242. package/node_modules/undici/types/client.d.ts +0 -139
  243. package/node_modules/undici/types/connector.d.ts +0 -36
  244. package/node_modules/undici/types/content-type.d.ts +0 -21
  245. package/node_modules/undici/types/cookies.d.ts +0 -30
  246. package/node_modules/undici/types/diagnostics-channel.d.ts +0 -74
  247. package/node_modules/undici/types/dispatcher.d.ts +0 -275
  248. package/node_modules/undici/types/env-http-proxy-agent.d.ts +0 -22
  249. package/node_modules/undici/types/errors.d.ts +0 -177
  250. package/node_modules/undici/types/eventsource.d.ts +0 -66
  251. package/node_modules/undici/types/fetch.d.ts +0 -231
  252. package/node_modules/undici/types/formdata.d.ts +0 -114
  253. package/node_modules/undici/types/global-dispatcher.d.ts +0 -9
  254. package/node_modules/undici/types/global-origin.d.ts +0 -7
  255. package/node_modules/undici/types/h2c-client.d.ts +0 -73
  256. package/node_modules/undici/types/handlers.d.ts +0 -14
  257. package/node_modules/undici/types/header.d.ts +0 -160
  258. package/node_modules/undici/types/index.d.ts +0 -91
  259. package/node_modules/undici/types/interceptors.d.ts +0 -80
  260. package/node_modules/undici/types/mock-agent.d.ts +0 -68
  261. package/node_modules/undici/types/mock-call-history.d.ts +0 -111
  262. package/node_modules/undici/types/mock-client.d.ts +0 -27
  263. package/node_modules/undici/types/mock-errors.d.ts +0 -12
  264. package/node_modules/undici/types/mock-interceptor.d.ts +0 -94
  265. package/node_modules/undici/types/mock-pool.d.ts +0 -27
  266. package/node_modules/undici/types/patch.d.ts +0 -29
  267. package/node_modules/undici/types/pool-stats.d.ts +0 -19
  268. package/node_modules/undici/types/pool.d.ts +0 -41
  269. package/node_modules/undici/types/proxy-agent.d.ts +0 -29
  270. package/node_modules/undici/types/readable.d.ts +0 -68
  271. package/node_modules/undici/types/retry-agent.d.ts +0 -8
  272. package/node_modules/undici/types/retry-handler.d.ts +0 -125
  273. package/node_modules/undici/types/round-robin-pool.d.ts +0 -41
  274. package/node_modules/undici/types/snapshot-agent.d.ts +0 -109
  275. package/node_modules/undici/types/socks5-proxy-agent.d.ts +0 -25
  276. package/node_modules/undici/types/util.d.ts +0 -18
  277. package/node_modules/undici/types/utility.d.ts +0 -7
  278. package/node_modules/undici/types/webidl.d.ts +0 -347
  279. package/node_modules/undici/types/websocket.d.ts +0 -188
@@ -1,229 +0,0 @@
1
- 'use strict'
2
-
3
- const assert = require('node:assert')
4
- const { utf8DecodeBytes } = require('../../encoding')
5
-
6
- /**
7
- * @param {(char: string) => boolean} condition
8
- * @param {string} input
9
- * @param {{ position: number }} position
10
- * @returns {string}
11
- *
12
- * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
13
- */
14
- function collectASequenceOfCodePoints (condition, input, position) {
15
- // 1. Let result be the empty string.
16
- let result = ''
17
-
18
- // 2. While position doesn’t point past the end of input and the
19
- // code point at position within input meets the condition condition:
20
- while (position.position < input.length && condition(input[position.position])) {
21
- // 1. Append that code point to the end of result.
22
- result += input[position.position]
23
-
24
- // 2. Advance position by 1.
25
- position.position++
26
- }
27
-
28
- // 3. Return result.
29
- return result
30
- }
31
-
32
- /**
33
- * A faster collectASequenceOfCodePoints that only works when comparing a single character.
34
- * @param {string} char
35
- * @param {string} input
36
- * @param {{ position: number }} position
37
- * @returns {string}
38
- *
39
- * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
40
- */
41
- function collectASequenceOfCodePointsFast (char, input, position) {
42
- const idx = input.indexOf(char, position.position)
43
- const start = position.position
44
-
45
- if (idx === -1) {
46
- position.position = input.length
47
- return input.slice(start)
48
- }
49
-
50
- position.position = idx
51
- return input.slice(start, position.position)
52
- }
53
-
54
- const ASCII_WHITESPACE_REPLACE_REGEX = /[\u0009\u000A\u000C\u000D\u0020]/g // eslint-disable-line no-control-regex
55
-
56
- /**
57
- * @param {string} data
58
- * @returns {Uint8Array | 'failure'}
59
- *
60
- * @see https://infra.spec.whatwg.org/#forgiving-base64-decode
61
- */
62
- function forgivingBase64 (data) {
63
- // 1. Remove all ASCII whitespace from data.
64
- data = data.replace(ASCII_WHITESPACE_REPLACE_REGEX, '')
65
-
66
- let dataLength = data.length
67
- // 2. If data’s code point length divides by 4 leaving
68
- // no remainder, then:
69
- if (dataLength % 4 === 0) {
70
- // 1. If data ends with one or two U+003D (=) code points,
71
- // then remove them from data.
72
- if (data.charCodeAt(dataLength - 1) === 0x003D) {
73
- --dataLength
74
- if (data.charCodeAt(dataLength - 1) === 0x003D) {
75
- --dataLength
76
- }
77
- }
78
- }
79
-
80
- // 3. If data’s code point length divides by 4 leaving
81
- // a remainder of 1, then return failure.
82
- if (dataLength % 4 === 1) {
83
- return 'failure'
84
- }
85
-
86
- // 4. If data contains a code point that is not one of
87
- // U+002B (+)
88
- // U+002F (/)
89
- // ASCII alphanumeric
90
- // then return failure.
91
- if (/[^+/0-9A-Za-z]/.test(data.length === dataLength ? data : data.substring(0, dataLength))) {
92
- return 'failure'
93
- }
94
-
95
- const buffer = Buffer.from(data, 'base64')
96
- return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength)
97
- }
98
-
99
- /**
100
- * @param {number} char
101
- * @returns {boolean}
102
- *
103
- * @see https://infra.spec.whatwg.org/#ascii-whitespace
104
- */
105
- function isASCIIWhitespace (char) {
106
- return (
107
- char === 0x09 || // \t
108
- char === 0x0a || // \n
109
- char === 0x0c || // \f
110
- char === 0x0d || // \r
111
- char === 0x20 // space
112
- )
113
- }
114
-
115
- /**
116
- * @param {Uint8Array} input
117
- * @returns {string}
118
- *
119
- * @see https://infra.spec.whatwg.org/#isomorphic-decode
120
- */
121
- function isomorphicDecode (input) {
122
- // 1. To isomorphic decode a byte sequence input, return a string whose code point
123
- // length is equal to input’s length and whose code points have the same values
124
- // as the values of input’s bytes, in the same order.
125
- const length = input.length
126
- if ((2 << 15) - 1 > length) {
127
- return String.fromCharCode.apply(null, input)
128
- }
129
- let result = ''
130
- let i = 0
131
- let addition = (2 << 15) - 1
132
- while (i < length) {
133
- if (i + addition > length) {
134
- addition = length - i
135
- }
136
- result += String.fromCharCode.apply(null, input.subarray(i, i += addition))
137
- }
138
- return result
139
- }
140
-
141
- const invalidIsomorphicEncodeValueRegex = /[^\x00-\xFF]/ // eslint-disable-line no-control-regex
142
-
143
- /**
144
- * @param {string} input
145
- * @returns {string}
146
- *
147
- * @see https://infra.spec.whatwg.org/#isomorphic-encode
148
- */
149
- function isomorphicEncode (input) {
150
- // 1. Assert: input contains no code points greater than U+00FF.
151
- assert(!invalidIsomorphicEncodeValueRegex.test(input))
152
-
153
- // 2. Return a byte sequence whose length is equal to input’s code
154
- // point length and whose bytes have the same values as the
155
- // values of input’s code points, in the same order
156
- return input
157
- }
158
-
159
- /**
160
- * @see https://infra.spec.whatwg.org/#parse-json-bytes-to-a-javascript-value
161
- * @param {Uint8Array} bytes
162
- */
163
- function parseJSONFromBytes (bytes) {
164
- return JSON.parse(utf8DecodeBytes(bytes))
165
- }
166
-
167
- /**
168
- * @param {string} str
169
- * @param {boolean} [leading=true]
170
- * @param {boolean} [trailing=true]
171
- * @returns {string}
172
- *
173
- * @see https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace
174
- */
175
- function removeASCIIWhitespace (str, leading = true, trailing = true) {
176
- return removeChars(str, leading, trailing, isASCIIWhitespace)
177
- }
178
-
179
- /**
180
- * @param {string} str
181
- * @param {boolean} leading
182
- * @param {boolean} trailing
183
- * @param {(charCode: number) => boolean} predicate
184
- * @returns {string}
185
- */
186
- function removeChars (str, leading, trailing, predicate) {
187
- let lead = 0
188
- let trail = str.length - 1
189
-
190
- if (leading) {
191
- while (lead < str.length && predicate(str.charCodeAt(lead))) lead++
192
- }
193
-
194
- if (trailing) {
195
- while (trail > 0 && predicate(str.charCodeAt(trail))) trail--
196
- }
197
-
198
- return lead === 0 && trail === str.length - 1 ? str : str.slice(lead, trail + 1)
199
- }
200
-
201
- // https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string
202
- function serializeJavascriptValueToJSONString (value) {
203
- // 1. Let result be ? Call(%JSON.stringify%, undefined, « value »).
204
- const result = JSON.stringify(value)
205
-
206
- // 2. If result is undefined, then throw a TypeError.
207
- if (result === undefined) {
208
- throw new TypeError('Value is not JSON serializable')
209
- }
210
-
211
- // 3. Assert: result is a string.
212
- assert(typeof result === 'string')
213
-
214
- // 4. Return result.
215
- return result
216
- }
217
-
218
- module.exports = {
219
- collectASequenceOfCodePoints,
220
- collectASequenceOfCodePointsFast,
221
- forgivingBase64,
222
- isASCIIWhitespace,
223
- isomorphicDecode,
224
- isomorphicEncode,
225
- parseJSONFromBytes,
226
- removeASCIIWhitespace,
227
- removeChars,
228
- serializeJavascriptValueToJSONString
229
- }
@@ -1,9 +0,0 @@
1
- # Subresource Integrity
2
-
3
- based on Editor’s Draft, 12 June 2025
4
-
5
- This module provides support for Subresource Integrity (SRI) in the context of web fetch operations. SRI is a security feature that allows clients to verify that fetched resources are delivered without unexpected manipulation.
6
-
7
- ## Links
8
-
9
- - [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/)
@@ -1,307 +0,0 @@
1
- 'use strict'
2
-
3
- const assert = require('node:assert')
4
- const { runtimeFeatures } = require('../../util/runtime-features.js')
5
-
6
- /**
7
- * @typedef {object} Metadata
8
- * @property {SRIHashAlgorithm} alg - The algorithm used for the hash.
9
- * @property {string} val - The base64-encoded hash value.
10
- */
11
-
12
- /**
13
- * @typedef {Metadata[]} MetadataList
14
- */
15
-
16
- /**
17
- * @typedef {('sha256' | 'sha384' | 'sha512')} SRIHashAlgorithm
18
- */
19
-
20
- /**
21
- * @type {Map<SRIHashAlgorithm, number>}
22
- *
23
- * The valid SRI hash algorithm token set is the ordered set « "sha256",
24
- * "sha384", "sha512" » (corresponding to SHA-256, SHA-384, and SHA-512
25
- * respectively). The ordering of this set is meaningful, with stronger
26
- * algorithms appearing later in the set.
27
- *
28
- * @see https://w3c.github.io/webappsec-subresource-integrity/#valid-sri-hash-algorithm-token-set
29
- */
30
- const validSRIHashAlgorithmTokenSet = new Map([['sha256', 0], ['sha384', 1], ['sha512', 2]])
31
-
32
- // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
33
- /** @type {import('node:crypto')} */
34
- let crypto
35
-
36
- if (runtimeFeatures.has('crypto')) {
37
- crypto = require('node:crypto')
38
- const cryptoHashes = crypto.getHashes()
39
-
40
- // If no hashes are available, we cannot support SRI.
41
- if (cryptoHashes.length === 0) {
42
- validSRIHashAlgorithmTokenSet.clear()
43
- }
44
-
45
- for (const algorithm of validSRIHashAlgorithmTokenSet.keys()) {
46
- // If the algorithm is not supported, remove it from the list.
47
- if (cryptoHashes.includes(algorithm) === false) {
48
- validSRIHashAlgorithmTokenSet.delete(algorithm)
49
- }
50
- }
51
- } else {
52
- // If crypto is not available, we cannot support SRI.
53
- validSRIHashAlgorithmTokenSet.clear()
54
- }
55
-
56
- /**
57
- * @typedef GetSRIHashAlgorithmIndex
58
- * @type {(algorithm: SRIHashAlgorithm) => number}
59
- * @param {SRIHashAlgorithm} algorithm
60
- * @returns {number} The index of the algorithm in the valid SRI hash algorithm
61
- * token set.
62
- */
63
-
64
- const getSRIHashAlgorithmIndex = /** @type {GetSRIHashAlgorithmIndex} */ (Map.prototype.get.bind(
65
- validSRIHashAlgorithmTokenSet))
66
-
67
- /**
68
- * @typedef IsValidSRIHashAlgorithm
69
- * @type {(algorithm: string) => algorithm is SRIHashAlgorithm}
70
- * @param {*} algorithm
71
- * @returns {algorithm is SRIHashAlgorithm}
72
- */
73
-
74
- const isValidSRIHashAlgorithm = /** @type {IsValidSRIHashAlgorithm} */ (
75
- Map.prototype.has.bind(validSRIHashAlgorithmTokenSet)
76
- )
77
-
78
- /**
79
- * @param {Uint8Array} bytes
80
- * @param {string} metadataList
81
- * @returns {boolean}
82
- *
83
- * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist
84
- */
85
- const bytesMatch = runtimeFeatures.has('crypto') === false || validSRIHashAlgorithmTokenSet.size === 0
86
- // If node is not built with OpenSSL support, we cannot check
87
- // a request's integrity, so allow it by default (the spec will
88
- // allow requests if an invalid hash is given, as precedence).
89
- ? () => true
90
- : (bytes, metadataList) => {
91
- // 1. Let parsedMetadata be the result of parsing metadataList.
92
- const parsedMetadata = parseMetadata(metadataList)
93
-
94
- // 2. If parsedMetadata is empty set, return true.
95
- if (parsedMetadata.length === 0) {
96
- return true
97
- }
98
-
99
- // 3. Let metadata be the result of getting the strongest
100
- // metadata from parsedMetadata.
101
- const metadata = getStrongestMetadata(parsedMetadata)
102
-
103
- // 4. For each item in metadata:
104
- for (const item of metadata) {
105
- // 1. Let algorithm be the item["alg"].
106
- const algorithm = item.alg
107
-
108
- // 2. Let expectedValue be the item["val"].
109
- const expectedValue = item.val
110
-
111
- // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
112
- // "be liberal with padding". This is annoying, and it's not even in the spec.
113
-
114
- // 3. Let actualValue be the result of applying algorithm to bytes .
115
- const actualValue = applyAlgorithmToBytes(algorithm, bytes)
116
-
117
- // 4. If actualValue is a case-sensitive match for expectedValue,
118
- // return true.
119
- if (caseSensitiveMatch(actualValue, expectedValue)) {
120
- return true
121
- }
122
- }
123
-
124
- // 5. Return false.
125
- return false
126
- }
127
-
128
- /**
129
- * @param {MetadataList} metadataList
130
- * @returns {MetadataList} The strongest hash algorithm from the metadata list.
131
- */
132
- function getStrongestMetadata (metadataList) {
133
- // 1. Let result be the empty set and strongest be the empty string.
134
- const result = []
135
- /** @type {Metadata|null} */
136
- let strongest = null
137
-
138
- // 2. For each item in set:
139
- for (const item of metadataList) {
140
- // 1. Assert: item["alg"] is a valid SRI hash algorithm token.
141
- assert(isValidSRIHashAlgorithm(item.alg), 'Invalid SRI hash algorithm token')
142
-
143
- // 2. If result is the empty set, then:
144
- if (result.length === 0) {
145
- // 1. Append item to result.
146
- result.push(item)
147
-
148
- // 2. Set strongest to item.
149
- strongest = item
150
-
151
- // 3. Continue.
152
- continue
153
- }
154
-
155
- // 3. Let currentAlgorithm be strongest["alg"], and currentAlgorithmIndex be
156
- // the index of currentAlgorithm in the valid SRI hash algorithm token set.
157
- const currentAlgorithm = /** @type {Metadata} */ (strongest).alg
158
- const currentAlgorithmIndex = getSRIHashAlgorithmIndex(currentAlgorithm)
159
-
160
- // 4. Let newAlgorithm be the item["alg"], and newAlgorithmIndex be the
161
- // index of newAlgorithm in the valid SRI hash algorithm token set.
162
- const newAlgorithm = item.alg
163
- const newAlgorithmIndex = getSRIHashAlgorithmIndex(newAlgorithm)
164
-
165
- // 5. If newAlgorithmIndex is less than currentAlgorithmIndex, then continue.
166
- if (newAlgorithmIndex < currentAlgorithmIndex) {
167
- continue
168
-
169
- // 6. Otherwise, if newAlgorithmIndex is greater than
170
- // currentAlgorithmIndex:
171
- } else if (newAlgorithmIndex > currentAlgorithmIndex) {
172
- // 1. Set strongest to item.
173
- strongest = item
174
-
175
- // 2. Set result to « item ».
176
- result[0] = item
177
- result.length = 1
178
-
179
- // 7. Otherwise, newAlgorithmIndex and currentAlgorithmIndex are the same
180
- // value. Append item to result.
181
- } else {
182
- result.push(item)
183
- }
184
- }
185
-
186
- // 3. Return result.
187
- return result
188
- }
189
-
190
- /**
191
- * @param {string} metadata
192
- * @returns {MetadataList}
193
- *
194
- * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
195
- */
196
- function parseMetadata (metadata) {
197
- // 1. Let result be the empty set.
198
- /** @type {MetadataList} */
199
- const result = []
200
-
201
- // 2. For each item returned by splitting metadata on spaces:
202
- for (const item of metadata.split(' ')) {
203
- // 1. Let expression-and-options be the result of splitting item on U+003F (?).
204
- const expressionAndOptions = item.split('?', 1)
205
-
206
- // 2. Let algorithm-expression be expression-and-options[0].
207
- const algorithmExpression = expressionAndOptions[0]
208
-
209
- // 3. Let base64-value be the empty string.
210
- let base64Value = ''
211
-
212
- // 4. Let algorithm-and-value be the result of splitting algorithm-expression on U+002D (-).
213
- const algorithmAndValue = [algorithmExpression.slice(0, 6), algorithmExpression.slice(7)]
214
-
215
- // 5. Let algorithm be algorithm-and-value[0].
216
- const algorithm = algorithmAndValue[0]
217
-
218
- // 6. If algorithm is not a valid SRI hash algorithm token, then continue.
219
- if (!isValidSRIHashAlgorithm(algorithm)) {
220
- continue
221
- }
222
-
223
- // 7. If algorithm-and-value[1] exists, set base64-value to
224
- // algorithm-and-value[1].
225
- if (algorithmAndValue[1]) {
226
- base64Value = algorithmAndValue[1]
227
- }
228
-
229
- // 8. Let metadata be the ordered map
230
- // «["alg" → algorithm, "val" → base64-value]».
231
- const metadata = {
232
- alg: algorithm,
233
- val: base64Value
234
- }
235
-
236
- // 9. Append metadata to result.
237
- result.push(metadata)
238
- }
239
-
240
- // 3. Return result.
241
- return result
242
- }
243
-
244
- /**
245
- * Applies the specified hash algorithm to the given bytes
246
- *
247
- * @typedef {(algorithm: SRIHashAlgorithm, bytes: Uint8Array) => string} ApplyAlgorithmToBytes
248
- * @param {SRIHashAlgorithm} algorithm
249
- * @param {Uint8Array} bytes
250
- * @returns {string}
251
- */
252
- const applyAlgorithmToBytes = (algorithm, bytes) => {
253
- return crypto.hash(algorithm, bytes, 'base64')
254
- }
255
-
256
- /**
257
- * Compares two base64 strings, allowing for base64url
258
- * in the second string.
259
- *
260
- * @param {string} actualValue base64 encoded string
261
- * @param {string} expectedValue base64 or base64url encoded string
262
- * @returns {boolean}
263
- */
264
- function caseSensitiveMatch (actualValue, expectedValue) {
265
- // Ignore padding characters from the end of the strings by
266
- // decreasing the length by 1 or 2 if the last characters are `=`.
267
- let actualValueLength = actualValue.length
268
- if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
269
- actualValueLength -= 1
270
- }
271
- if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
272
- actualValueLength -= 1
273
- }
274
- let expectedValueLength = expectedValue.length
275
- if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
276
- expectedValueLength -= 1
277
- }
278
- if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
279
- expectedValueLength -= 1
280
- }
281
-
282
- if (actualValueLength !== expectedValueLength) {
283
- return false
284
- }
285
-
286
- for (let i = 0; i < actualValueLength; ++i) {
287
- if (
288
- actualValue[i] === expectedValue[i] ||
289
- (actualValue[i] === '+' && expectedValue[i] === '-') ||
290
- (actualValue[i] === '/' && expectedValue[i] === '_')
291
- ) {
292
- continue
293
- }
294
- return false
295
- }
296
-
297
- return true
298
- }
299
-
300
- module.exports = {
301
- applyAlgorithmToBytes,
302
- bytesMatch,
303
- caseSensitiveMatch,
304
- isValidSRIHashAlgorithm,
305
- getStrongestMetadata,
306
- parseMetadata
307
- }