@blamejs/core 0.12.23 → 0.12.25

package/CHANGELOG.md

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 
 ## v0.12.x
 
+- v0.12.25 (2026-05-24) — **`b.ai.disclosure.applyAll(scenario)` — bundle Art. 50(1) / 50(3) / 50(4) disclosures for mixed-modality AI systems.** Composes the three v0.12.12 disclosure primitives (chatbot / deepfake / emotion) into a single bundled emit. Operators running mixed-modality AI systems (e.g. a chatbot that also generates images, or an emotion-recognition system embedded in a chat flow) declare which Art. 50 obligations apply via `scenario.kinds` and the primitive fans out to the per-obligation emit calls in one pass. Shared opts (jurisdiction, language, audit, correlationId) propagate to every per-kind emission so the cross-walk + audit-chain entries stay correlated across the bundle. **Added:** *`b.ai.disclosure.applyAll(scenario)` — multi-obligation bundled emit* — `scenario.kinds: ["chatbot", "deepfake", "emotion"]` (subset) selects which Art. 50 obligations to satisfy. Per-kind required fields (session for chatbot, content + contentType for deepfake) refused upfront when missing. Returns `{ disclosures: { chatbot?, deepfake?, emotion? } }` with each entry being the corresponding primitive's emission payload. Shared opts propagate: `scenario.jurisdiction` / `scenario.language` / `scenario.audit` / `scenario.correlationId` reach every per-kind call so a US-CA deployment serving chat + image gets both the AB-853 cross-walk AND the Art. 50(1) audit event under the same correlationId.
+
+- v0.12.24 (2026-05-24) — **`bundleAdapterStorage.findBundles(predicate, opts?)` — predicate-based filtering over listBundles entries.** Small helper that composes with listBundles for operators wanting to filter the bundle set without hand-rolling the walk. `storage.findBundles(predicate, opts?)` iterates listBundles + returns entries where `predicate(entry)` is truthy. Predicate sees the listBundles entry shape (`{ bundleId, format, createdAt, size }`); `opts.withStats: true` enables `createdAt` + `size` for predicates that need them. Common operator filters — by format (`b => b.format === "tar.gz"`), by age (`b => Date.parse(b.createdAt) < cutoff`), by size — now read as a single call. **Added:** *`storage.findBundles(predicate, opts?)` — predicate-based bundle filter* — Operator-supplied predicate runs against every listBundles entry; matches accumulate into the returned array. `opts.withStats: true` is forwarded to listBundles so predicates relying on `createdAt` / `size` see populated values. Non-function predicate refused upfront with `backup/bad-arg`. Predicate throws bubble up to the caller (operators see their own filter errors, not swallowed). Stable ordering is whatever listBundles produces (reverse-chronological by bundleId).
+
 - v0.12.23 (2026-05-24) — **`bundleAdapterStorage.cloneBundle(src, dst, opts?)` — same-storage byte-verbatim bundle clone for pre-rotation snapshots.** `storage.cloneBundle(srcBundleId, dstBundleId, opts?)` copies a bundle's adapter payload (bundle.tar / bundle.tar.gz / every directory key) from src to dst WITHOUT touching the envelope or inner archive. Encrypted bundles are cloned byte-verbatim — the new bundleId carries the same envelope under the same recipient/passphrase. Operators preserving a known-good snapshot before a destructive operation (rewrap, key rotation, schema migration, manual operator-side editing) get a single-call atomic clone instead of a manual readBundle → writeBundle cycle (which would re-encode through the envelope and adapter contracts, breaking byte-identity). **Added:** *`storage.cloneBundle(src, dst, opts?)` — byte-verbatim payload clone* — Reads the source bundle's storage keys + writes them under the destination bundleId without invoking the wrap layer, gunzip path, or tar walker. Encrypted bundles produce byte-identical clones (a tar.gz wrap-recipient envelope cloned via cloneBundle has bit-for-bit equal bytes to the source). Returns `{ srcBundleId, dstBundleId, format, keysCopied, bytesCopied }`. `opts.overwrite` (default false) gates whether to refuse if dstBundleId already exists. Same-id clones refused upfront with `backup/clone-same-id`.
 
 - v0.12.22 (2026-05-24) — **`bundleAdapterStorage.rewrapAllBundles(opts)` — bounded-parallel batch envelope rotation with mixed-storage skip semantics.** Batch wrapper over the v0.12.21 rewrapBundle primitive. `storage.rewrapAllBundles(opts?)` iterates `listBundles()` + rotates each bundle's wrap envelope through a bounded-parallel pool (default 4 workers). Plaintext bundles + directory-format bundles get skipped cleanly (recorded as `status: "skipped"` with a `reason` field); rewrap failures get bucketed into `status: "failed"`. Operators completing a key-rotation event across an entire backup repository now have a single call that handles mixed-strategy storage correctly. `opts.newRecipient` / `opts.newPassphrase` / `opts.oldRecipient` / `opts.oldPassphrase` / `opts.concurrency` / `opts.stopOnFirstFailure` mirror the verifyAllBundles + rewrapBundle surface. **Added:** *`storage.rewrapAllBundles(opts?)` — batch envelope rotation* — Iterates listBundles() + dispatches each bundle through rewrapBundle with the operator-supplied new key. Returns `{ total, rotated, skipped, failed, results }` where the per-bundle results carry `{ status: "rotated" | "skipped" | "failed", oldEnvelopeKind, newEnvelopeKind, reason }`. Bounded-parallel fan-out (default 4) keeps the storage backend under control; opts.stopOnFirstFailure short-circuits on the first rotation that throws an unexpected error (skips don't trip the short-circuit — they're expected for mixed-strategy storage). Plaintext + directory bundles skipped with `reason: "format-not-wrappable"` / `reason: "no-envelope"` rather than reported as failures.

package/lib/ai-disclosure.js

@@ -339,10 +339,117 @@ function _emitAudit(opts, action, outcome, metadata) {
   }
 }
 
+/**
+ * @primitive b.ai.disclosure.applyAll
+ * @signature b.ai.disclosure.applyAll(scenario)
+ * @since     0.12.25
+ * @status    stable
+ * @compliance eu-ai-act, ca-ab-853, cac-genai-label
+ * @related   b.ai.disclosure.chatbot, b.ai.disclosure.deepfake, b.ai.disclosure.emotion
+ *
+ * Bundles multiple Art. 50 disclosures into a single call.
+ * Operators with mixed-modality AI systems (e.g. a chatbot that
+ * also generates images) declare which obligations apply via
+ * `scenario.kinds` and the primitive composes the per-obligation
+ * emit calls in one pass. Returns `{ disclosures: { chatbot?,
+ * deepfake?, emotion? } }` with each entry being the per-
+ * primitive emission payload.
+ *
+ * @opts
+ *   scenario.kinds:        ["chatbot", "deepfake", "emotion"]      // required (subset)
+ *   scenario.session:      object,            // required when "chatbot" is included
+ *   scenario.content:      string | Buffer,   // required when "deepfake" is included
+ *   scenario.contentType:  string,            // required when "deepfake" is included
+ *   scenario.jurisdiction: string,            // forwarded to all
+ *   scenario.language:     string,
+ *   scenario.audit:        object,
+ *   scenario.correlationId: string,
+ *
+ * @example
+ *   var bundle = b.ai.disclosure.applyAll({
+ *     kinds:        ["chatbot", "deepfake"],
+ *     session:      { id: "s1" },
+ *     content:      imageBytes,
+ *     contentType:  "image",
+ *     jurisdiction: "us-ca",
+ *   });
+ *   // bundle.disclosures.chatbot.text  → "You are interacting with an AI system."
+ *   // bundle.disclosures.deepfake.label → "This content has been ..."
+ */
+function applyAll(scenario) {
+  if (!scenario || typeof scenario !== "object") {
+    throw new AiDisclosureError("ai-disclosure/bad-scenario",
+      "applyAll: scenario must be an object with kinds + per-kind required fields");
+  }
+  if (!Array.isArray(scenario.kinds) || scenario.kinds.length === 0) {
+    throw new AiDisclosureError("ai-disclosure/bad-scenario",
+      "applyAll: scenario.kinds must be a non-empty array of " +
+      "\"chatbot\" / \"deepfake\" / \"emotion\"");
+  }
+  // Codex P1 on v0.12.25 PR #176 — validate every kind +
+  // per-kind required field UP FRONT, before any emission.
+  // Previously a later-kind failure (e.g. deepfake missing
+  // contentType, unknown trailing kind) ran AFTER earlier kinds
+  // had already mutated session.aiDisclosureEmitted + emitted
+  // audit events — non-atomic execution suppressed future
+  // first-message disclosures even though applyAll threw.
+  var SUPPORTED_KINDS = ["chatbot", "deepfake", "emotion"];
+  for (var vi = 0; vi < scenario.kinds.length; vi += 1) {
+    var vk = scenario.kinds[vi];
+    if (SUPPORTED_KINDS.indexOf(vk) === -1) {
+      throw new AiDisclosureError("ai-disclosure/bad-scenario",
+        "applyAll: unknown kind " + JSON.stringify(vk) +
+        " — supported: \"chatbot\" / \"deepfake\" / \"emotion\"");
+    }
+    if (vk === "chatbot" && !scenario.session) {
+      throw new AiDisclosureError("ai-disclosure/bad-scenario",
+        "applyAll: scenario.session is required when kinds includes \"chatbot\"");
+    }
+    if (vk === "deepfake" &&
+        (scenario.content === undefined || scenario.content === null)) {
+      throw new AiDisclosureError("ai-disclosure/bad-scenario",
+        "applyAll: scenario.content is required when kinds includes \"deepfake\"");
+    }
+    if (vk === "deepfake" &&
+        (typeof scenario.contentType !== "string" || scenario.contentType.length === 0)) {
+      throw new AiDisclosureError("ai-disclosure/bad-scenario",
+        "applyAll: scenario.contentType is required (string) when kinds includes \"deepfake\"");
+    }
+  }
+  // Shared opts forwarded to each per-kind call.
+  var shared = {
+    jurisdiction:  scenario.jurisdiction,
+    language:      scenario.language,
+    audit:         scenario.audit,
+    correlationId: scenario.correlationId,
+  };
+  var out = { disclosures: {} };
+  for (var i = 0; i < scenario.kinds.length; i += 1) {
+    var kind = scenario.kinds[i];
+    if (kind === "chatbot") {
+      out.disclosures.chatbot = chatbot(scenario.session, Object.assign({
+        placement: scenario.chatbotPlacement,
+        requested: scenario.chatbotRequested,
+      }, shared));
+    } else if (kind === "deepfake") {
+      out.disclosures.deepfake = deepfake(scenario.content, Object.assign({
+        contentType: scenario.contentType,
+        placement:   scenario.deepfakePlacement,
+      }, shared));
+    } else if (kind === "emotion") {
+      out.disclosures.emotion = emotion(Object.assign({
+        systemType: scenario.emotionSystemType,
+      }, shared));
+    }
+  }
+  return out;
+}
+
 module.exports = {
   chatbot:                  chatbot,
   deepfake:                 deepfake,
   emotion:                  emotion,
+  applyAll:                 applyAll,
   AiDisclosureError:        AiDisclosureError,
   SUPPORTED_JURISDICTIONS:  Object.freeze(SUPPORTED_JURISDICTIONS.slice()),
   DEEPFAKE_CONTENT_TYPES:   Object.freeze(DEEPFAKE_CONTENT_TYPES.slice()),

package/lib/backup/index.js

@@ -1541,6 +1541,23 @@ function bundleAdapterStorage(opts) {
     // bytesRewritten }`. Refuses cross-kind rotation (recipient ↔
     // passphrase) — that's a separate migration the operator
     // configures explicitly.
+    // findBundles(predicate, opts?) — v0.12.24 query helper.
+    // Iterates listBundles() + returns every entry where
+    // predicate(entry) is truthy. Predicate sees the listBundles
+    // shape: `{ bundleId, format, createdAt, size }` (size +
+    // createdAt populated when opts.withStats === true).
+    async findBundles(predicate, findOpts) {
+      if (typeof predicate !== "function") {
+        throw new BackupError("backup/bad-arg",
+          "findBundles: predicate must be a function (entry) => boolean");
+      }
+      var list = await this.listBundles(findOpts || {});
+      var out = [];
+      for (var i = 0; i < list.length; i += 1) {
+        if (predicate(list[i])) out.push(list[i]);
+      }
+      return out;
+    },
     // cloneBundle(srcBundleId, dstBundleId, opts?) — v0.12.23
     // same-storage bundle clone. Copies the bundle's adapter
     // payload (bundle.tar / bundle.tar.gz / every directory key)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.12.23",
+  "version": "0.12.25",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:913ec1d4-c11d-49fe-922b-3738c93f2aad",
+  "serialNumber": "urn:uuid:aa862c44-8a5c-4f04-a375-88786c3e2443",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-24T08:56:20.519Z",
+    "timestamp": "2026-05-24T10:04:34.547Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.12.23",
+      "bom-ref": "@blamejs/core@0.12.25",
       "type": "application",
       "name": "blamejs",
-      "version": "0.12.23",
+      "version": "0.12.25",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.12.23",
+      "purl": "pkg:npm/%40blamejs/core@0.12.25",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.12.23",
+      "ref": "@blamejs/core@0.12.25",
       "dependsOn": []
     }
   ]