npm - @blamejs/core - Versions diffs - 0.12.25 → 0.12.27 - Mend

@blamejs/core 0.12.25 → 0.12.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 ## v0.12.x
+- v0.12.27 (2026-05-24) — **`b.ai.quota` — per-tenant, per-model AI usage budgets with atomic consume-and-check.** `b.ai.quota.create(opts)` builds an enforcer that caps AI inference usage per `(tenant, model, dimension, period)` and defends OWASP LLM Top 10 2025 LLM10 (Unbounded Consumption) — the class that includes denial-of-wallet, where an attacker drives a high volume of pay-per-use inferences until the bill itself is the attack. Meter by `tokens`, `requests`, `cost-usd`, or `compute-hours` over a calendar-aligned UTC window (`second` through `month`). `consume(tenant, model, amount)` is a single atomic check-and-charge: under the default `hard` enforcement it reserves the amount only if it fits under the ceiling, otherwise it refuses without charging — the limit test and the charge are one indivisible operation, so there is no charge-then-refund window for a concurrent call to observe. The in-memory counter is per-process; multi-node deployments supply an `opts.store` adapter whose `reserve` (an atomic conditional test-and-charge — a Redis Lua script, a SQL `UPDATE ... WHERE used + :amt <= :limit RETURNING used`) and `add` are atomic on the shared backend to enforce one aggregate ceiling across the cluster without false denials under contention. Limit resolution is most-specific-first: `perTenantModel` over `perTenant` over `perModel` over the default `limit`; tenant and model identifiers are percent-encoded into the counter key so a hostile tenant name cannot collide with another tenant's budget. **Added:** *`b.ai.quota.create(opts)` — per-tenant AI usage-budget enforcer* — Returns `{ consume, check, snapshot, reset }` scoped to one `dimension` (`tokens` / `requests` / `cost-usd` / `compute-hours`) and one `period` (`second` / `minute` / `hour` / `day` / `week` (Monday-aligned) / `month` (1st-of-month), all UTC-aligned). `consume(tenant, model, amount, opts?)` returns `{ used, limit, remaining, allowed, exceeded, windowStart, resetsAt, ... }`. `check(tenant, model)` is the read-only snapshot. Spin up one enforcer per dimension you meter — a monthly `cost-usd` budget and a per-minute `tokens` burst cap coexist as two `create()` calls sharing one store. Defends OWASP LLM10:2025 Unbounded Consumption / denial-of-wallet; maps to NIST AI RMF (AI 100-1) MANAGE 2.x and EU AI Act Art. 15 (robustness / resource-exhaustion resilience). · *`hard` / `soft` / `warn` enforcement* — `hard` (default) refuses the over-budget call and throws `aiQuota/exceeded` without charging — the rejected reservation is refunded so the counter is untouched. `soft` admits the charge but reports `allowed: false` so the caller decides whether to honor it. `warn` admits and allows (advisory), flagging `exceeded: true`. A per-call `consume(..., { enforcement })` override lets one endpoint soften the mode for a trusted internal caller without a second enforcer. Every over-budget event emits `ai/quota-exceeded` through the drop-silent audit chain (`ai/quota-applied` on success), tagged with the active cluster node id for attribution. · *Cross-node aggregate budgets via `opts.store`* — The default counter is in-memory (per-process). Supply `opts.store` exposing atomic `reserve` / `add` / `get` / `reset` (a Redis Lua script, a shared SQL row) and the ceiling is enforced on the cluster-wide aggregate. `hard` mode goes through `reserve`, an atomic conditional test-and-charge that adds the amount only if it fits — so a concurrent over-budget call cannot transiently inflate the counter and falsely deny a smaller call that should fit. Per-tenant and per-model limit overrides (`perTenant` / `perModel` / `perTenantModel`) are validated at config time so a malformed cap surfaces at boot, not as a silent fall-through to the default.
+- v0.12.26 (2026-05-24) — **`b.compliance` posture cascades — `eu-ai-act` + `ca-ab-853` + `cac-genai-label` POSTURE_DEFAULTS + backup encryption refusal.** Three new posture cascades wired into `b.compliance.POSTURE_DEFAULTS` + `KNOWN_POSTURES` + `REGIME_MAP` so operators globally pinning the EU AI Act / California AB-853 / China CAC GenAI postures get the right floors automatically: backupEncryptionRequired:true, auditChainSignedRequired:true, tlsMinVersion:TLSv1.3, requireVacuumAfterErase:true. `b.backup.bundleAdapterStorage` extends the encryption-required posture list to include the three new postures so `cryptoStrategy: "none"` is refused upfront under any of them (parity with HIPAA + PCI-DSS, which the operator surface has carried since v0.12.10). The canonical `eu-ai-act` posture is the production name; the legacy `ai-act` short name stays in KNOWN_POSTURES for back-compat with operators who pinned it pre-v0.12.26. **Added:** *`eu-ai-act` posture cascade — Regulation (EU) 2024/1689* — POSTURE_DEFAULTS entry: backupEncryptionRequired:true (Art. 12 logging + Art. 15 robustness/cybersecurity demand encryption-at-rest for high-risk system training logs), auditChainSignedRequired:true (Art. 12 + Art. 13 audit-chain integrity), tlsMinVersion:TLSv1.3, requireVacuumAfterErase:true (Art. 50(4) synthetic-content provenance — residual EXIF / metadata pointing at the generating model must be cleared on erase). REGIME_MAP entry under jurisdiction:"EU" domain:"ai-governance". KNOWN_POSTURES carries both `eu-ai-act` (canonical) and `ai-act` (legacy short name). · *`ca-ab-853` posture cascade — California AB-853 effective 2026* — Same encryption + audit floor as eu-ai-act; jurisdiction:"US-CA". Model-generated content watermarking + disclosure regime. Operators serving California traffic pin this posture for the AB-853 §22949.91 obligations the v0.12.12 deepfake primitive's crossWalk references. · *`cac-genai-label` posture cascade — China CAC GenAI Service Measures* — Synthetic-content labelling per Art. 12 + algorithm filing per Art. 4. Same backup encryption + signed audit chain floor. Operators serving Chinese traffic pin this posture so the bundleAdapterStorage refuses plaintext bundles and the disclosure primitive's `jurisdiction: "cn"` cross-walk produces the right legal-reference array. · *`bundleAdapterStorage` BACKUP_ENCRYPTION_REQUIRED_POSTURES extended* — `hipaa` + `pci-dss` (the v0.12.10 baseline) joined by the three AI postures. `cryptoStrategy: "none"` refused upfront under any of `eu-ai-act` / `ca-ab-853` / `cac-genai-label` with `backup/posture-requires-encryption`. Operators wiring backup storage in a regulated AI deployment now get the same posture-driven gate that the storage primitive has always applied to health + payment data.
 - v0.12.25 (2026-05-24) — **`b.ai.disclosure.applyAll(scenario)` — bundle Art. 50(1) / 50(3) / 50(4) disclosures for mixed-modality AI systems.** Composes the three v0.12.12 disclosure primitives (chatbot / deepfake / emotion) into a single bundled emit. Operators running mixed-modality AI systems (e.g. a chatbot that also generates images, or an emotion-recognition system embedded in a chat flow) declare which Art. 50 obligations apply via `scenario.kinds` and the primitive fans out to the per-obligation emit calls in one pass. Shared opts (jurisdiction, language, audit, correlationId) propagate to every per-kind emission so the cross-walk + audit-chain entries stay correlated across the bundle. **Added:** *`b.ai.disclosure.applyAll(scenario)` — multi-obligation bundled emit* — `scenario.kinds: ["chatbot", "deepfake", "emotion"]` (subset) selects which Art. 50 obligations to satisfy. Per-kind required fields (session for chatbot, content + contentType for deepfake) refused upfront when missing. Returns `{ disclosures: { chatbot?, deepfake?, emotion? } }` with each entry being the corresponding primitive's emission payload. Shared opts propagate: `scenario.jurisdiction` / `scenario.language` / `scenario.audit` / `scenario.correlationId` reach every per-kind call so a US-CA deployment serving chat + image gets both the AB-853 cross-walk AND the Art. 50(1) audit event under the same correlationId.
 - v0.12.24 (2026-05-24) — **`bundleAdapterStorage.findBundles(predicate, opts?)` — predicate-based filtering over listBundles entries.** Small helper that composes with listBundles for operators wanting to filter the bundle set without hand-rolling the walk. `storage.findBundles(predicate, opts?)` iterates listBundles + returns entries where `predicate(entry)` is truthy. Predicate sees the listBundles entry shape (`{ bundleId, format, createdAt, size }`); `opts.withStats: true` enables `createdAt` + `size` for predicates that need them. Common operator filters — by format (`b => b.format === "tar.gz"`), by age (`b => Date.parse(b.createdAt) < cutoff`), by size — now read as a single call. **Added:** *`storage.findBundles(predicate, opts?)` — predicate-based bundle filter* — Operator-supplied predicate runs against every listBundles entry; matches accumulate into the returned array. `opts.withStats: true` is forwarded to listBundles so predicates relying on `createdAt` / `size` see populated values. Non-function predicate refused upfront with `backup/bad-arg`. Predicate throws bubble up to the caller (operators see their own filter errors, not swallowed). Stable ordering is whatever listBundles produces (reverse-chronological by bundleId).

package/README.md CHANGED Viewed

@@ -162,6 +162,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **Prompt-injection classification** — OWASP LLM01:2025 / NIST COSAIS RFI (`b.ai.input.classify`)
 - **Agent identity** — A2A signed agent-card primitive (Linux Foundation Agentic AI Foundation v1.x, ML-DSA-87) (`b.a2a`)
 - **Content provenance** — C2PA 2.1 + California SB-942 / AB-853 manifest builder for AI-generated media (provider, model id + version, timestamp, content ID, signed) (`b.contentCredentials`)
+- **AI usage quotas** — per-tenant / per-model budgets metered by tokens / requests / cost-usd / compute-hours over calendar-aligned windows, with an atomic conditional reserve (no charge-then-refund race) + hard/soft/warn enforcement and an optional cross-node store; defends OWASP LLM10:2025 unbounded consumption / denial-of-wallet (`b.ai.quota`)
 ### Compliance regimes
 - **Posture coordinator** — `b.compliance` cascades operator-declared regime into retention / audit / db / cryptoField via POSTURE_DEFAULTS:

package/index.js CHANGED Viewed

@@ -443,6 +443,7 @@ module.exports = {
     aiContentDetect: require("./lib/ai-content-detect"),
     modelManifest:   require("./lib/ai-model-manifest"),
     disclosure:      require("./lib/ai-disclosure"),
+    quota:           require("./lib/ai-quota"),
   },
   promisePool:      require("./lib/promise-pool"),
   sdNotify:         require("./lib/sd-notify"),

package/lib/ai-quota.js ADDED Viewed

@@ -0,0 +1,526 @@
+"use strict";
+/**
+ * @module b.ai.quota
+ * @nav    Compliance
+ * @title  AI usage quota
+ *
+ * @intro
+ *   Per-tenant, per-model usage budgets for AI inference endpoints.
+ *   OWASP LLM Top 10 2025 ranks <strong>LLM10: Unbounded
+ *   Consumption</strong> — the class that includes "denial of
+ *   wallet" (DoW), where an attacker drives a high volume of
+ *   pay-per-use inferences until the bill itself becomes the
+ *   attack — as a top application risk. A single misbehaving (or
+ *   compromised) tenant can saturate context windows, exhaust GPU
+ *   minutes, or run up an unbounded cloud-inference bill long
+ *   before a human notices.
+ *
+ *   This primitive enforces a hard ceiling per
+ *   <code>(tenant, model, dimension, period)</code>:
+ *
+ *   - <code>dimension</code> — what is being metered:
+ *     <code>"tokens"</code> (context + completion tokens),
+ *     <code>"requests"</code> (inference calls),
+ *     <code>"cost-usd"</code> (provider spend), or
+ *     <code>"compute-hours"</code> (GPU / accelerator time).
+ *   - <code>period</code> — the budget window, calendar-aligned in
+ *     UTC: <code>"second"</code>, <code>"minute"</code>,
+ *     <code>"hour"</code>, <code>"day"</code>, <code>"week"</code>
+ *     (Monday-aligned), or <code>"month"</code> (1st-of-month).
+ *   - <code>enforcement</code> — <code>"hard"</code> (default,
+ *     refuse the over-budget call), <code>"soft"</code> (admit but
+ *     report <code>allowed:false</code> so the caller decides), or
+ *     <code>"warn"</code> (admit + audit only).
+ *
+ *   <code>consume(tenant, model, amount)</code> is the single
+ *   atomic check-and-charge entry point: in <code>"hard"</code>
+ *   mode it reserves <code>amount</code> only if it fits under the
+ *   limit, otherwise it refuses without charging. There is no
+ *   separate "check then add" two-call shape to race against — the
+ *   reservation and the limit test happen in one operation.
+ *
+ *   <strong>Single-process by default; cross-node via store.</strong>
+ *   The in-memory counter is per-process. Multi-node deployments
+ *   that need an aggregate ceiling across the cluster supply an
+ *   <code>opts.store</code> adapter whose <code>reserve</code> (an
+ *   atomic conditional test-and-charge — "add only if current +
+ *   amount fits under the limit") and <code>add</code> are atomic on
+ *   the shared backend: a Redis Lua script, or a SQL
+ *   <code>UPDATE ... SET used = used + :amt WHERE used + :amt &lt;= :limit
+ *   RETURNING used</code>. The conditional reserve is what keeps
+ *   <code>hard</code> enforcement correct under cross-node
+ *   contention — there is no charge-then-refund window for a
+ *   concurrent call to observe. The framework records the active
+ *   cluster node id on every breach event so a denial-of-wallet
+ *   spike is attributable.
+ *
+ *   Limit resolution is most-specific-first:
+ *   <code>perTenantModel[t|m]</code> →
+ *   <code>perTenant[t]</code> → <code>perModel[m]</code> →
+ *   <code>limit</code> (the default). Tenant and model identifiers
+ *   are percent-encoded into the counter key so a hostile tenant
+ *   name cannot collide with another tenant's budget.
+ *
+ *   Audit emissions (drop-silent via <code>b.audit.safeEmit</code>):
+ *     - <code>ai/quota-applied</code>  — a consume succeeded.
+ *     - <code>ai/quota-exceeded</code> — a consume hit the ceiling
+ *       (refused under <code>"hard"</code>; reported under
+ *       <code>"soft"</code> / <code>"warn"</code>).
+ *
+ *   NIST AI RMF (AI 100-1) MANAGE 2.x ("AI system performance and
+ *   trustworthiness are monitored") and EU AI Act Art. 15
+ *   (accuracy, robustness and cybersecurity of high-risk systems —
+ *   resource-exhaustion resilience) map onto this primitive;
+ *   operators wire its emissions into the same audit chain auditors
+ *   read.
+ *
+ * @card
+ *   Per-tenant, per-model AI usage budgets (tokens / requests /
+ *   cost-usd / compute-hours) with atomic consume-and-check.
+ *   Defends OWASP LLM10 unbounded consumption / denial-of-wallet.
+ */
+var C = require("./constants");
+var lazyRequire = require("./lazy-require");
+var validateOpts = require("./validate-opts");
+var { defineClass } = require("./framework-error");
+var AiQuotaError = defineClass("AiQuotaError", { alwaysPermanent: true });
+var audit = lazyRequire(function () { return require("./audit"); });
+var observability = lazyRequire(function () { return require("./observability"); });
+var cluster = lazyRequire(function () { return require("./cluster"); });
+var DIMENSIONS   = ["tokens", "requests", "cost-usd", "compute-hours"];
+var PERIODS      = ["second", "minute", "hour", "day", "week", "month"];
+var ENFORCEMENTS = ["hard", "soft", "warn"];
+// ---- Calendar-aligned period windows (UTC) ----
+//
+// Fixed-duration periods (second / minute) align to the epoch, which
+// is itself UTC midnight, so a modulo is exact. Hour / day / week /
+// month align to human UTC boundaries via Date.UTC truncation —
+// week starts Monday, month starts on the 1st — so "100k tokens per
+// day" resets at 00:00 UTC, not at a rolling 24h offset from first
+// use.
+function _windowStartFor(period, now) {
+  var d = new Date(now);
+  switch (period) {
+    case "second": return now - (now % C.TIME.seconds(1));
+    case "minute": return now - (now % C.TIME.minutes(1));
+    case "hour":
+      return Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate(), d.getUTCHours());
+    case "day":
+      return Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate());
+    case "week": {
+      var dayMid = Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate());
+      var dow = new Date(dayMid).getUTCDay();            // 0=Sun .. 6=Sat
+      var sinceMonday = (dow + 6) % 7;                   // 0=Mon .. 6=Sun
+      return dayMid - sinceMonday * C.TIME.days(1);
+    }
+    case "month":
+      return Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), 1);
+    default:
+      // unreachable — period validated at create()
+      return now;
+  }
+}
+function _resetsAtFor(period, windowStart) {
+  var d = new Date(windowStart);
+  switch (period) {
+    case "second": return windowStart + C.TIME.seconds(1);
+    case "minute": return windowStart + C.TIME.minutes(1);
+    case "hour":   return windowStart + C.TIME.hours(1);
+    case "day":    return windowStart + C.TIME.days(1);
+    case "week":   return windowStart + C.TIME.weeks(1);
+    case "month":  return Date.UTC(d.getUTCFullYear(), d.getUTCMonth() + 1, 1);
+    default:       return windowStart;
+  }
+}
+// ---- Default in-memory atomic counter store ----
+//
+// Single-threaded JS makes each operation below one indivisible step,
+// so a concurrent caller never observes a partial update. Entries
+// self-expire at the window boundary; reads past expiry return 0 (a
+// fresh window). _keysWithPrefix backs the reset(tenant) enumeration
+// the default store can satisfy without an external scan.
+function _memoryStore() {
+  var m = new Map();                                     // key -> { value, expiresAt }
+  function _slot(key, windowMs) {
+    var now = Date.now();
+    var e = m.get(key);
+    if (!e || e.expiresAt <= now) {
+      e = { value: 0, expiresAt: now + windowMs };
+      m.set(key, e);
+    }
+    return e;
+  }
+  return {
+    // Atomic conditional reserve — tests current + amount <= limit and
+    // charges only if it fits, as one indivisible operation. Returns
+    // { allowed, used }; on refusal the amount is NOT charged, so a
+    // concurrent over-budget call cannot transiently inflate the
+    // counter and falsely deny a smaller call that should fit.
+    reserve: function (key, amount, limit, windowMs) {
+      var e = _slot(key, windowMs);
+      if (e.value + amount > limit) return { allowed: false, used: e.value };
+      e.value += amount;
+      return { allowed: true, used: e.value };
+    },
+    // Unconditional add — for soft / warn modes, which always charge.
+    add: function (key, amount, windowMs) {
+      var e = _slot(key, windowMs);
+      e.value += amount;
+      return e.value;
+    },
+    get: function (key) {
+      var e = m.get(key);
+      if (!e || e.expiresAt <= Date.now()) return 0;
+      return e.value;
+    },
+    reset: function (key) {
+      m.delete(key);
+    },
+    _keysWithPrefix: function (prefix) {
+      var out = [];
+      m.forEach(function (_e, k) { if (k.indexOf(prefix) === 0) out.push(k); });
+      return out;
+    },
+    _clear: function () { m.clear(); },
+  };
+}
+/**
+ * @primitive b.ai.quota.create
+ * @signature b.ai.quota.create(opts)
+ * @since     0.12.27
+ * @status    stable
+ * @compliance soc2, gdpr
+ * @related   b.tenantQuota.budget, b.ai.disclosure.chatbot
+ *
+ * Build a per-tenant AI usage-budget enforcer scoped to one
+ * <code>dimension</code> and one <code>period</code>. Returns an
+ * object exposing <code>consume(tenant, model, amount, opts?)</code>
+ * (the atomic check-and-charge), <code>check(tenant, model)</code>
+ * (read-only snapshot), <code>snapshot(tenant, model)</code> (alias
+ * of <code>check</code>), and <code>reset(tenant?, model?)</code>
+ * (drop the current window's counters).
+ *
+ * Spin up one enforcer per dimension you meter — e.g. a
+ * <code>"cost-usd"</code> monthly budget and a
+ * <code>"tokens"</code> per-minute burst cap can coexist as two
+ * <code>create()</code> calls sharing the same store.
+ *
+ * @opts
+ *   {
+ *     dimension:        string,    // required, one of:
+ *                                  //   "tokens" | "requests" |
+ *                                  //   "cost-usd" | "compute-hours"
+ *     period:           string,    // required, one of:
+ *                                  //   "second" | "minute" | "hour" |
+ *                                  //   "day" | "week" | "month"
+ *     limit:            number,    // required, default ceiling (> 0)
+ *     perTenant?:       { [tenantId: string]: number },
+ *     perModel?:        { [model: string]: number },
+ *     perTenantModel?:  { [tenantPipeModel: string]: number },
+ *                                  // key is `tenantId + "|" + model`
+ *     enforcement?:     string,    // "hard" (default) | "soft" | "warn"
+ *     store?:           object,    // { reserve, add, get, reset };
+ *                                  // default in-memory (per-process)
+ *     audit?:           boolean,   // default: true
+ *   }
+ *
+ * @example
+ *   var budget = b.ai.quota.create({
+ *     dimension:  "cost-usd",
+ *     period:     "month",
+ *     limit:      500,
+ *     perTenant:  { "tenant-vip": 5000 },
+ *     enforcement: "hard",
+ *   });
+ *   var r = await budget.consume("tenant-acme", "opus-4", 0.42);
+ *   // → { tenantId: "tenant-acme", model: "opus-4",
+ *   //     dimension: "cost-usd", period: "month", used: 0.42,
+ *   //     limit: 500, remaining: 499.58, allowed: true,
+ *   //     exceeded: false, windowStart: ..., resetsAt: ... }
+ */
+function create(opts) {
+  validateOpts.requireObject(opts, "ai.quota.create", AiQuotaError);
+  validateOpts(opts, [
+    "dimension", "period", "limit", "perTenant", "perModel",
+    "perTenantModel", "enforcement", "store", "audit",
+  ], "ai.quota.create");
+  var dimension = opts.dimension;
+  if (DIMENSIONS.indexOf(dimension) === -1) {
+    throw new AiQuotaError("aiQuota/bad-dimension",
+      "ai.quota.create: dimension must be one of " + DIMENSIONS.join(" / ") +
+      " (got " + JSON.stringify(dimension) + ")");
+  }
+  var period = opts.period;
+  if (PERIODS.indexOf(period) === -1) {
+    throw new AiQuotaError("aiQuota/bad-period",
+      "ai.quota.create: period must be one of " + PERIODS.join(" / ") +
+      " (got " + JSON.stringify(period) + ")");
+  }
+  if (typeof opts.limit !== "number" || !isFinite(opts.limit) || opts.limit <= 0) {
+    throw new AiQuotaError("aiQuota/bad-limit",
+      "ai.quota.create: limit must be a positive finite number");
+  }
+  var defaultLimit = opts.limit;
+  var perTenant      = _validateLimitMap(opts.perTenant, "perTenant");
+  var perModel       = _validateLimitMap(opts.perModel, "perModel");
+  var perTenantModel = _validateLimitMap(opts.perTenantModel, "perTenantModel");
+  var enforcement = (opts.enforcement == null) ? "hard" : opts.enforcement;
+  if (ENFORCEMENTS.indexOf(enforcement) === -1) {
+    throw new AiQuotaError("aiQuota/bad-enforcement",
+      "ai.quota.create: enforcement must be one of " + ENFORCEMENTS.join(" / ") +
+      " (got " + JSON.stringify(enforcement) + ")");
+  }
+  var store = opts.store || _memoryStore();
+  _validateStore(store);
+  var storeIsDefault = !opts.store;
+  var auditOn = opts.audit !== false;
+  function _limitFor(tenantId, model) {
+    var tmKey = tenantId + "|" + model;
+    if (Object.prototype.hasOwnProperty.call(perTenantModel, tmKey)) return perTenantModel[tmKey];
+    if (Object.prototype.hasOwnProperty.call(perTenant, tenantId))   return perTenant[tenantId];
+    if (Object.prototype.hasOwnProperty.call(perModel, model))       return perModel[model];
+    return defaultLimit;
+  }
+  // Counter key — tenant + model percent-encoded so a value
+  // containing the ":" separator cannot collide with another
+  // (tenant, model) pair's budget.
+  function _keyFor(tenantId, model, windowStart) {
+    return "aiq:" + dimension + ":" + period + ":" +
+      encodeURIComponent(tenantId) + ":" + encodeURIComponent(model) + ":" + windowStart;
+  }
+  function _keyPrefixForTenant(tenantId) {
+    return "aiq:" + dimension + ":" + period + ":" + encodeURIComponent(tenantId) + ":";
+  }
+  function _nodeId() {
+    try {
+      if (cluster().isClusterMode()) return cluster().currentNodeId();
+    } catch (_e) { /* cluster optional */ }
+    return null;
+  }
+  function _emitAudit(action, outcome, metadata) {
+    if (!auditOn) return;
+    try {
+      audit().safeEmit({ action: action, outcome: outcome, metadata: metadata || {} });
+    } catch (_e) { /* audit best-effort — drop-silent */ }
+  }
+  function _emitMetric(name, n) {
+    try { observability().safeEvent(name, n || 1, {}); }
+    catch (_e) { /* drop-silent */ }
+  }
+  // `mode` is the enforcement actually applied to this call (the
+  // per-call override when present, else the instance default) so the
+  // returned `enforcement` reflects how the call was evaluated.
+  function _result(tenantId, model, used, limit, windowStart, resetsAt, mode, allowed, exceeded) {
+    var remaining = limit - used;
+    return {
+      tenantId:    tenantId,
+      model:       model,
+      dimension:   dimension,
+      period:      period,
+      used:        used,
+      limit:       limit,
+      remaining:   remaining < 0 ? 0 : remaining,
+      allowed:     allowed,
+      exceeded:    exceeded,
+      enforcement: mode,
+      windowStart: windowStart,
+      resetsAt:    resetsAt,
+    };
+  }
+  function consume(tenantId, model, amount, consumeOpts) {
+    validateOpts.requireNonEmptyString(tenantId,
+      "ai.quota.consume: tenantId", AiQuotaError, "aiQuota/bad-tenant");
+    validateOpts.requireNonEmptyString(model,
+      "ai.quota.consume: model", AiQuotaError, "aiQuota/bad-model");
+    if (typeof amount !== "number" || !isFinite(amount) || amount < 0) {
+      throw new AiQuotaError("aiQuota/bad-amount",
+        "ai.quota.consume: amount must be a non-negative finite number");
+    }
+    consumeOpts = consumeOpts || {};
+    // Per-call enforcement override lets a single endpoint dial a
+    // softer mode for a trusted internal caller without a second
+    // enforcer; still validated against the allowlist.
+    var mode = (consumeOpts.enforcement == null) ? enforcement : consumeOpts.enforcement;
+    if (ENFORCEMENTS.indexOf(mode) === -1) {
+      throw new AiQuotaError("aiQuota/bad-enforcement",
+        "ai.quota.consume: enforcement override must be one of " + ENFORCEMENTS.join(" / "));
+    }
+    var now = Date.now();
+    var windowStart = _windowStartFor(period, now);
+    var resetsAt = _resetsAtFor(period, windowStart);
+    var windowMs = resetsAt - windowStart;
+    var limit = _limitFor(tenantId, model);
+    var key = _keyFor(tenantId, model, windowStart);
+    if (mode === "hard") {
+      // Atomic conditional reserve — the store tests current + amount
+      // <= limit and charges only if it fits, as one indivisible
+      // operation. Charging first and refunding the overage (a
+      // read-then-add or add-then-refund shape) would let a concurrent
+      // over-budget call transiently inflate the counter and falsely
+      // deny a smaller call that should fit; the conditional reserve
+      // never charges on refusal, so there is no transient to race.
+      var rv = store.reserve(key, amount, limit, windowMs);
+      if (rv.allowed) {
+        _emitAudit("ai/quota-applied", "allowed", {
+          tenantId: tenantId, model: model, dimension: dimension,
+          period: period, amount: amount, used: rv.used, limit: limit,
+          nodeId: _nodeId(),
+        });
+        _emitMetric("ai.quota.applied", 1);
+        return _result(tenantId, model, rv.used, limit, windowStart, resetsAt, mode, true, false);
+      }
+      _emitAudit("ai/quota-exceeded", "denied", {
+        tenantId: tenantId, model: model, dimension: dimension,
+        period: period, amount: amount, used: rv.used, limit: limit,
+        enforcement: mode, nodeId: _nodeId(),
+      });
+      _emitMetric("ai.quota.exceeded", 1);
+      throw new AiQuotaError("aiQuota/exceeded",
+        "ai.quota.consume: tenant '" + tenantId + "' model '" + model +
+        "' is at " + rv.used + " of " + limit + " " + dimension +
+        " this " + period + "; consuming " + amount + " would exceed the budget — call refused");
+    }
+    // soft / warn always charge — the call proceeds regardless of the
+    // ceiling; the mode only changes how the overage is reported.
+    var used = store.add(key, amount, windowMs);
+    if (used > limit) {
+      _emitAudit("ai/quota-exceeded", "allowed", {
+        tenantId: tenantId, model: model, dimension: dimension,
+        period: period, amount: amount, used: used, limit: limit,
+        enforcement: mode, nodeId: _nodeId(),
+      });
+      _emitMetric("ai.quota.exceeded", 1);
+      // soft reports allowed:false so the caller can choose to honor
+      // the ceiling; warn reports allowed:true (advisory only).
+      return _result(tenantId, model, used, limit, windowStart, resetsAt, mode, mode === "warn", true);
+    }
+    _emitAudit("ai/quota-applied", "allowed", {
+      tenantId: tenantId, model: model, dimension: dimension,
+      period: period, amount: amount, used: used, limit: limit,
+      nodeId: _nodeId(),
+    });
+    _emitMetric("ai.quota.applied", 1);
+    return _result(tenantId, model, used, limit, windowStart, resetsAt, mode, true, false);
+  }
+  function check(tenantId, model) {
+    validateOpts.requireNonEmptyString(tenantId,
+      "ai.quota.check: tenantId", AiQuotaError, "aiQuota/bad-tenant");
+    validateOpts.requireNonEmptyString(model,
+      "ai.quota.check: model", AiQuotaError, "aiQuota/bad-model");
+    var now = Date.now();
+    var windowStart = _windowStartFor(period, now);
+    var resetsAt = _resetsAtFor(period, windowStart);
+    var limit = _limitFor(tenantId, model);
+    var used = store.get(_keyFor(tenantId, model, windowStart));
+    return _result(tenantId, model, used, limit, windowStart, resetsAt, enforcement, used < limit, used >= limit);
+  }
+  function reset(tenantId, model) {
+    var now = Date.now();
+    var windowStart = _windowStartFor(period, now);
+    if (tenantId === undefined) {
+      // Clear everything. The default store supports a full clear;
+      // an external store gets a no-arg reset() if it offers one.
+      if (storeIsDefault) { store._clear(); return; }
+      if (typeof store.reset === "function") { store.reset(); return; }
+      return;
+    }
+    validateOpts.requireNonEmptyString(tenantId,
+      "ai.quota.reset: tenantId", AiQuotaError, "aiQuota/bad-tenant");
+    if (model !== undefined) {
+      validateOpts.requireNonEmptyString(model,
+        "ai.quota.reset: model", AiQuotaError, "aiQuota/bad-model");
+      store.reset(_keyFor(tenantId, model, windowStart));
+      return;
+    }
+    // tenant-wide reset needs key enumeration. The default in-memory
+    // store can scan its own keys; an external store would need a
+    // server-side prefix delete the framework can't portably issue.
+    if (storeIsDefault) {
+      var prefix = _keyPrefixForTenant(tenantId);
+      var keys = store._keysWithPrefix(prefix);
+      for (var i = 0; i < keys.length; i++) store.reset(keys[i]);
+      return;
+    }
+    throw new AiQuotaError("aiQuota/reset-unsupported",
+      "ai.quota.reset: tenant-wide reset with an external store requires " +
+      "an explicit model argument (per-key) or a store-side prefix delete");
+  }
+  return {
+    consume:   consume,
+    check:     check,
+    snapshot:  check,
+    reset:     reset,
+    dimension: dimension,
+    period:    period,
+  };
+}
+// Per-tenant / per-model / per-tenant-model limit-override maps are
+// validated at config time so a typo (negative cap, NaN) surfaces at
+// boot, not as a silent fall-through to the default ceiling.
+function _validateLimitMap(map, label) {
+  if (map == null) return {};
+  if (typeof map !== "object" || Array.isArray(map)) {
+    throw new AiQuotaError("aiQuota/bad-override",
+      "ai.quota.create: " + label + " must be a plain object { key: limit }");
+  }
+  var keys = Object.keys(map);
+  for (var i = 0; i < keys.length; i++) {
+    var v = map[keys[i]];
+    if (typeof v !== "number" || !isFinite(v) || v <= 0) {
+      throw new AiQuotaError("aiQuota/bad-override",
+        "ai.quota.create: " + label + "['" + keys[i] +
+        "'] must be a positive finite number");
+    }
+  }
+  return map;
+}
+function _validateStore(store) {
+  if (!store || typeof store !== "object" ||
+      typeof store.reserve !== "function" ||
+      typeof store.add !== "function" ||
+      typeof store.get !== "function" ||
+      typeof store.reset !== "function") {
+    throw new AiQuotaError("aiQuota/bad-store",
+      "ai.quota.create: store must expose reserve / add / get / reset functions");
+  }
+}
+module.exports = {
+  create:       create,
+  DIMENSIONS:   DIMENSIONS,
+  PERIODS:      PERIODS,
+  ENFORCEMENTS: ENFORCEMENTS,
+  AiQuotaError: AiQuotaError,
+};

package/lib/backup/index.js CHANGED Viewed

@@ -76,8 +76,19 @@ var BackupError = defineClass("BackupError");
 // and encrypted") and HIPAA §164.310(d)(2)(iv) ("create a retrievable,
 // exact copy of ePHI" — encryption strongly implied by §164.312(a)(2)
 // (iv) addressable encryption standard).
+// v0.12.26 — the AI Act / AB-853 / CAC postures all carry
+// `backupEncryptionRequired: true` in POSTURE_DEFAULTS (per
+// compliance.js); list them here so bundleAdapterStorage's
+// posture check refuses plaintext bundles under these regimes
+// alongside the long-standing HIPAA + PCI-DSS pair.
+// Codex P1 on v0.12.26 PR #177 — the legacy `ai-act` short
+// name MUST appear in the backup encryption-required list too,
+// otherwise a deployment pinned to `posture: "ai-act"` (the
+// stated back-compat path) bypasses the cryptoStrategy refusal
+// and writes plaintext bundles under what should be an EU AI
+// Act gate. Both names share the cascade.
 var BACKUP_ENCRYPTION_REQUIRED_POSTURES = Object.freeze([
-  "hipaa", "pci-dss",
+  "hipaa", "pci-dss", "ai-act", "eu-ai-act", "ca-ab-853", "cac-genai-label",
 ]);
 // "2026-04-27T14-00-00-123Z-a8f30b21" — atomicFile.pathTimestamp() form

package/lib/compliance.js CHANGED Viewed

@@ -72,7 +72,10 @@ var KNOWN_POSTURES = Object.freeze([
   "dora",        // EU Digital Operational Resilience Act
   "nis2",        // EU Network and Information Security Directive 2 (added 2026)
   "cra",         // EU Cyber Resilience Act (added 2026)
-  "ai-act",      // EU AI Act (added 2026)
+  "ai-act",      // EU AI Act (added 2026 — legacy short name)
+  "eu-ai-act",   // EU AI Act (canonical name; v0.12.26 added with Art. 50 cascade)
+  "ca-ab-853",   // California AB-853 model-generated content watermarking (effective 2026; v0.12.26)
+  "cac-genai-label", // China CAC GenAI Service Measures synthetic-content labelling (v0.12.26)
   // ---- Latin America / APAC ----
   "lgpd-br",     // Brazil Lei Geral de Proteção de Dados (added 2026)
   "pipl-cn",     // China Personal Information Protection Law (added 2026)
@@ -647,6 +650,24 @@ var REGIME_MAP = Object.freeze({
     jurisdiction: "EU",
     domain:     "ai-governance",
   },
+  "eu-ai-act": {
+    name:       "Artificial Intelligence Act",
+    citation:   "Regulation (EU) 2024/1689",
+    jurisdiction: "EU",
+    domain:     "ai-governance",
+  },
+  "ca-ab-853": {
+    name:       "Model-Generated Content Disclosure Act",
+    citation:   "California AB-853 (effective 2026)",
+    jurisdiction: "US-CA",
+    domain:     "ai-governance",
+  },
+  "cac-genai-label": {
+    name:       "Generative AI Service Measures (synthetic-content labelling)",
+    citation:   "China CAC Order; effective 2023-08, 2024 labelling amendment",
+    jurisdiction: "CN",
+    domain:     "ai-governance",
+  },
   "lgpd-br": {
     name:       "Lei Geral de Proteção de Dados",
     citation:   "Lei nº 13.709/2018",
@@ -1294,6 +1315,32 @@ var POSTURE_DEFAULTS = Object.freeze({
   // present as "nyc-ll144"); 2024 amendment adds annual re-audit
   // signing.
   "nyc-ll144-2024":          Object.freeze({ backupEncryptionRequired: false, auditChainSignedRequired: true, tlsMinVersion: "TLSv1.3", requireVacuumAfterErase: false }),
+  // Regulation (EU) 2024/1689 (EU AI Act) — Art. 50 transparency
+  // obligations enter force 2026-08-02 (v0.12.12 disclosure
+  // primitives). High-risk system providers must audit-chain
+  // every model-training + deployment event (Art. 12 logging) +
+  // sign the chain (Art. 15 cybersecurity / accuracy /
+  // robustness). Vacuum-after-erase covers Art. 50(4) synthetic-
+  // content provenance — when a model-generated image is
+  // erased from a system's storage, the residual EXIF / metadata
+  // entries pointing at the model must be cleared too.
+  "eu-ai-act":               Object.freeze({ backupEncryptionRequired: true,  auditChainSignedRequired: true, tlsMinVersion: "TLSv1.3", requireVacuumAfterErase: true  }),
+  // Codex P1 on v0.12.26 PR #177 — the legacy `ai-act` short
+  // name carries the SAME cascade as `eu-ai-act` so deployments
+  // pinned to the legacy alias get the new encryption / audit /
+  // TLS / vacuum floors instead of falling through to null. The
+  // back-compat KNOWN_POSTURES entry exists; the POSTURE_DEFAULTS
+  // row was missing.
+  "ai-act":                  Object.freeze({ backupEncryptionRequired: true,  auditChainSignedRequired: true, tlsMinVersion: "TLSv1.3", requireVacuumAfterErase: true  }),
+  // California AB-853 (effective 2026) — model-generated content
+  // watermarking + provenance. Same encryption + audit posture
+  // as eu-ai-act (these regimes line up); requireVacuumAfterErase
+  // tracks the erase-of-watermarked-content invariant.
+  "ca-ab-853":               Object.freeze({ backupEncryptionRequired: true,  auditChainSignedRequired: true, tlsMinVersion: "TLSv1.3", requireVacuumAfterErase: true  }),
+  // China CAC Generative AI Service Measures (effective 2023-08;
+  // 2024 mandatory-labelling amendment). Synthetic-content
+  // labelling per Art. 12 + algorithm filing per Art. 4.
+  "cac-genai-label":         Object.freeze({ backupEncryptionRequired: true,  auditChainSignedRequired: true, tlsMinVersion: "TLSv1.3", requireVacuumAfterErase: true  }),
 });
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.12.25",
+  "version": "0.12.27",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json CHANGED Viewed

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:aa862c44-8a5c-4f04-a375-88786c3e2443",
+  "serialNumber": "urn:uuid:a1889d46-3ca4-496a-b702-7def3d36c9f8",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-24T10:04:34.547Z",
+    "timestamp": "2026-05-24T15:36:49.117Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.12.25",
+      "bom-ref": "@blamejs/core@0.12.27",
       "type": "application",
       "name": "blamejs",
-      "version": "0.12.25",
+      "version": "0.12.27",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.12.25",
+      "purl": "pkg:npm/%40blamejs/core@0.12.27",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.12.25",
+      "ref": "@blamejs/core@0.12.27",
       "dependsOn": []
     }
   ]