Defensive parse: tries JSON.parse, then shape-validates every top-level and
nested field (napplets map, matchers array, burstGuard, defaultRate, and
unfocusedMultiplier). Rebuilds a validated config from the parsed data.
On ANY failure (invalid JSON, missing fields, wrong types, invalid action
values, malformed nested structures) falls through to defaultConfig().
This function NEVER throws.
Security control for T-80-01 (Tampering — persisted config string):
the config string is the only untrusted input to @kehto/firewall. Poisoned
or malformed strings always produce a safe, valid default config.
Deserialize a FirewallConfig from a JSON string.
Defensive parse: tries JSON.parse, then shape-validates every top-level and nested field (napplets map, matchers array, burstGuard, defaultRate, and unfocusedMultiplier). Rebuilds a validated config from the parsed data.
On ANY failure (invalid JSON, missing fields, wrong types, invalid action values, malformed nested structures) falls through to
defaultConfig(). This function NEVER throws.Security control for T-80-01 (Tampering — persisted config string): the config string is the only untrusted input to @kehto/firewall. Poisoned or malformed strings always produce a safe, valid default config.