@blamejs/core 0.13.18 → 0.13.20

package/CHANGELOG.md

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 
 ## v0.13.x
 
+- v0.13.20 (2026-05-27) — **`b.archive.wrap` can seal an archive for a tenant with no key-pair to manage — `recipient: "tenant"`.** b.archive.wrap previously sealed only to an explicit hybrid-PQC key-pair or a peer certificate; the documented recipient: "tenant" strategy threw. It now works: pass { recipient: "tenant", tenantId } and the archive is sealed under a deterministic per-tenant key derived from the vault root (SHAKE256 KDF) with XChaCha20-Poly1305, the tenant id mixed into the AEAD additional-authenticated-data so one tenant's envelope cannot be opened under another tenant's key. There is no recipient key-pair for the operator to generate, store, or rotate — b.archive.unwrap re-derives the key from the same tenantId. Rotating the vault re-keys every tenant (rotation intent is re-seal). The derivation is exposed directly as b.agent.tenant.derivedKey(tenantId, purpose) for operators who need the raw per-tenant key for their own AEAD. Requires an initialized vault. **Added:** *`b.archive.wrap` / `b.archive.unwrap` `recipient: "tenant"` — per-tenant archive sealing, no key-pair* — `b.archive.wrap(bytes, { recipient: "tenant", tenantId })` seals under a deterministic per-tenant key derived from the vault root with XChaCha20-Poly1305 (draft-irtf-cfrg-xchacha-03) and a SHAKE256 KDF (FIPS 202); the tenant id is bound into the AEAD AAD so a tenant-A envelope cannot decrypt under tenant-B's key even if an attacker swaps envelope headers. `b.archive.unwrap(sealed, { recipient: "tenant", tenantId })` (or just `{ tenantId }`) re-derives the key and recovers the bytes — no recipient key-pair to manage. The tenant envelope carries a distinct version byte so it is never fed to the hybrid-KEM decrypt path. The static-key and peer-cert recipient strategies are unchanged. · *`b.agent.tenant.derivedKey(tenantId, purpose)` — direct per-tenant key derivation* — The deterministic, domain-separated per-tenant key derivation (vault root + tenantId + purpose, SHAKE256, NUL-separated) is now exported at the module level, returning a 64-char hex key. Previously reachable only as a method on a created tenant manager; operators who need the raw key for their own AEAD can now call it directly. Throws if the vault is not initialized.
+
+- v0.13.19 (2026-05-27) — **`auditTools` export / archive / forensic-snapshot can return the bundle as bytes — no output directory for serverless / read-only filesystems.** b.auditTools.exportSlice, b.auditTools.archive, and b.auditTools.forensicSnapshot required an `out` directory to write the encrypted bundle (rows.enc + optional checkpoint.enc + manifest.json), which is unusable on a read-only or ephemeral serverless filesystem. Each now accepts `returnBytes: true` instead of `out` and returns the bundle as an in-memory `{ filename: Buffer }` map — ready to stream to object storage or over the wire with no filesystem access. `out` and `returnBytes` are mutually exclusive. The on-disk path is unchanged. The bundle's encryption (XChaCha20-Poly1305 + Argon2id), chain-proof material, and manifest checksums are identical to the written bundle, so an in-memory bundle written to disk verifies exactly as one produced by the `out` path. **Added:** *`returnBytes` on `auditTools.exportSlice` / `archive` / `forensicSnapshot` — in-memory bundles* — Pass `returnBytes: true` (and omit `out`) to get the encrypted audit bundle as an in-memory `{ filename: Buffer }` map instead of a directory write — the read-only / serverless path. `exportSlice` / `archive` return `{ manifest, files, rowCount, range }`; `forensicSnapshot` returns `{ ...manifest, files }` where `files` carries the slice's `rows.enc` + `manifest.json` plus the `forensic-snapshot.json` incident wrapper. The encryption, chain proof, and manifest checksums match the on-disk bundle byte-for-byte, so the bytes verify with `verifyBundle` once written out. `out` and `returnBytes` are mutually exclusive (passing both throws). **Fixed:** *`auditTools.forensicSnapshot` now honors the `since` window instead of capturing the entire audit history* — `forensicSnapshot` passed its `since` bound to the slice exporter under the wrong option name, so the time filter was silently dropped and the snapshot bundled every audit row regardless of `since`. The window is now applied — a snapshot scoped to an incident window contains only that window's rows. The snapshot manifest's `auditSliceFile` field, previously always undefined, now records the slice location.
+
 - v0.13.18 (2026-05-27) — **`bodyParser` multipart can buffer uploads in memory — no tmp directory for serverless / read-only filesystems.** The multipart/form-data sub-parser previously streamed every file part to a tmp directory on disk (os.tmpdir() by default), which fails on a read-only or ephemeral serverless filesystem. A new multipart.storage option selects where file parts land: "disk" (default, unchanged — req.files[].path points at a tmp file cleaned up on response end) or "memory" (req.files[].buffer holds the assembled bytes, with no filesystem access at all). Both modes enforce the same per-file (fileSize), per-field, and total-request (totalSize) caps, so memory mode adds no new memory-exhaustion surface. The file object shape is stable across both modes — disk sets path with buffer null, memory sets buffer with path null — so a handler branches on whichever is non-null. An invalid storage value is rejected when the middleware is constructed. **Added:** *`bodyParser` multipart `storage: "memory"` — buffer uploads in RAM instead of a tmp directory* — `b.middleware.bodyParser({ multipart: { storage: "memory" } })` buffers each uploaded file part in memory and exposes it as `req.files[].buffer` (a Buffer), with no `os.tmpdir()` write and no tmp-file cleanup — the read-only / serverless path. The default `storage: "disk"` is unchanged: file parts stream to a tmp file, `req.files[].path` points at it, and it is removed when the response finishes. Both modes apply the existing `fileSize` / per-field `maxBytes` / `totalSize` caps and SHA3-512 hash each part during streaming, so memory mode is bounded by the same limits and adds no new DoS surface. The `req.files[]` shape is stable across modes (disk: `path` set, `buffer` null; memory: `buffer` set, `path` null). A `storage` value other than `"disk"` or `"memory"` throws a `TypeError` at construction.
 
 - v0.13.17 (2026-05-27) — **Template engine can render from a string with no views directory — for serverless / read-only filesystems.** b.template.create previously required a viewsDir that exists on disk, and rendering always read the template (and its layout/partials) from that directory — unusable on a read-only or ephemeral serverless filesystem where the templates aren't on disk. The engine now accepts a source string directly: viewsDir is optional, and the returned engine exposes renderString(source, data?, opts?) and compileString(source, opts?) that compile and render from a string with no disk read. {% extends %} and {{> partial}} in a string source resolve through an operator-supplied opts.resolve(name) -> string callback (without it, an extends throws a clear error and a missing partial inlines empty, matching the file path). The same HTML-escaping, expression grammar, and extends/partial-depth caps apply. The file-backed render / compile / precompileAll still work exactly as before when a viewsDir is configured, and now refuse with a clear error when one isn't. **Added:** *`engine.renderString` / `engine.compileString` — render templates from a string, no viewsDir* — `b.template.create({})` (no `viewsDir`) returns a string-only engine; `renderString(source, data?, { resolve })` and `compileString(source, { resolve })` compile and render from a source string with zero filesystem access — the read-only / serverless path. `{% extends %}` and `{{> partial}}` resolve through `opts.resolve(name) -> string`. The HTML escaping, grammar, and depth caps are identical to the file path. When a `viewsDir` IS configured, `render`/`compile`/`precompileAll` behave exactly as before; without one they refuse with `viewsDir not configured`. `renderString(source, { resolve })` may omit the data argument — an opts object carrying a function `resolve` is recognized as opts, not data. **Security:** *Vendored `@simplewebauthn/server` refreshed 13.3.0 → 13.3.1* — The vendored WebAuthn server bundle (`b.auth.passkey`'s registration/authentication verification) is refreshed to the latest upstream patch, with the MANIFEST version, CPE, and SHA-256 integrity hashes updated and the bundle re-verified.

package/README.md

@@ -221,14 +221,14 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **PII redaction** — `b.redact`
 - **Decoy detection** — canary-credential / decoy-record framework auditing every positive lookup as `honeytoken.tripped` (`b.honeytoken`)
 - **Boot assertions** — operator-callable security policy assertions (`b.security.assertProduction`); tamper-evident config-baseline drift detection signed with audit-signing key + at-boot vendor-bundle SHA-256 integrity verification across `lib/vendor/*` (`b.configDrift`, `b.configDrift.verifyVendorIntegrity`)
-- **CSP reports + forensic export** — `b.middleware.cspReport`; post-incident audit-bundle composer (`b.auditTools.forensicSnapshot`)
+- **CSP reports + forensic export** — `b.middleware.cspReport`; post-incident audit-bundle composer (`b.auditTools.forensicSnapshot`); audit export / archive / forensic snapshot write to disk or return the encrypted bundle in memory (`returnBytes`) for read-only / serverless filesystems
 
 ### i18n + format helpers
 
 - **i18n** — CLDR plural rules, Accept-Language negotiation, Intl formatters, RTL (`b.i18n`)
 - **CSV** — RFC 4180 with Excel formula-injection prevention (`b.csv`)
 - **IDs + slugs** — RFC 9562 UUID v4 + v7 (`b.uuid`); URL-safe slugs (`b.slug`)
-- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); in-memory extraction with no disk write for read-only / serverless filesystems (`b.archive.read.zip(...).extractEntries()` / `.tar`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`)
+- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); in-memory extraction with no disk write for read-only / serverless filesystems (`b.archive.read.zip(...).extractEntries()` / `.tar`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`); recipient-sealed envelopes — hybrid-PQC key-pair, peer certificate, or per-tenant key with no key-pair to manage (`b.archive.wrap({ recipient: "tenant", tenantId })`)
 - **Pagination + forms** — HMAC-signed cursor pagination (`b.pagination`); HTML form rendering + validation + CSRF (`b.forms`)
 
 ### Production

package/lib/agent-tenant.js

@@ -386,6 +386,35 @@ function _deriveTenantKeyBytes(tenantId, purpose) {
   return bCrypto.kdf(input, TENANT_KEY_BYTES);
 }
 
+/**
+ * @primitive b.agent.tenant.derivedKey
+ * @signature b.agent.tenant.derivedKey(tenantId, purpose)
+ * @since     0.9.25
+ * @status    stable
+ * @compliance hipaa, pci-dss, gdpr, soc2
+ * @related   b.agent.tenant.create, b.archive.wrap, b.vault
+ *
+ * Derive a deterministic, domain-separated 32-byte key for a tenant
+ * and a named purpose, returned as a 64-char hex string. The key is a
+ * SHAKE256 KDF over the vault root (the master keypair PEM hashed),
+ * the `tenantId`, and the `purpose`, with NUL separators so distinct
+ * `(tenantId, purpose)` pairs cannot collide. The same inputs always
+ * produce the same key, so a value sealed under
+ * `derivedKey(t, "archive-wrap")` is recoverable later from the same
+ * tenant + purpose with no key escrow. Rotating the vault
+ * (`b.vaultRotate.rotate`) changes the root and therefore every
+ * derived key — by design, rotation intent is re-seal.
+ *
+ * Throws if the vault has not been initialized (keys cannot be derived
+ * before bootstrap) or if `purpose` is empty. This is the same
+ * derivation the per-tenant `sealField` / archive `recipient: "tenant"`
+ * paths use internally; call it directly when you need the raw key for
+ * your own AEAD.
+ *
+ * @example
+ *   var key = b.agent.tenant.derivedKey("acme-corp", "archive-wrap");
+ *   // → "9f3c…" (64 hex chars; deterministic per tenant + purpose)
+ */
 function _derivedKey(tenantId, purpose) {
   // Public API — returns hex so the existing wire shape (operators
   // storing the derived key string in their DB) is unchanged. Internal
@@ -624,6 +653,7 @@ function _inMemoryBackend() {
 
 module.exports = {
   create:                    create,
+  derivedKey:                _derivedKey,
   CROSS_TENANT_ADMIN_SCOPE:  CROSS_TENANT_ADMIN_SCOPE,
   AgentTenantError:          AgentTenantError,
   guards: {

package/lib/archive-wrap.js

@@ -15,10 +15,11 @@
  *   var bytes  = b.archive.unwrap(sealed, { recipient: privKeys });
  *   var reader = b.archive.read.tar(b.archive.adapters.buffer(bytes));
  *
- * Builder-fluent composition (`tarBuilder.toAdapter(s3, { wrap: ... })`)
- * + per-entry ZIP wrap (Flavor 2) land in v0.12.11 alongside the
- * backup-crypto refactor; this patch ships the recipient substrate
- * + the b.backup `cryptoStrategy: "recipient"` opt that consumes it.
+ * Three recipient strategies: a static hybrid-PQC key-pair, a peer
+ * certificate, and `"tenant"` — a deterministic per-tenant symmetric
+ * seal keyed by the vault root (no key-pair to manage; unwrap
+ * re-derives from the tenant id). b.backup's `cryptoStrategy:
+ * "recipient"` consumes the same substrate.
  */
 
 var C = require("./constants");
@@ -29,13 +30,23 @@ var ArchiveWrapError = defineClass("ArchiveWrapError", { alwaysPermanent: true }
 
 var bCrypto = lazyRequire(function () { return require("./crypto"); });
 var backupCrypto = lazyRequire(function () { return require("./backup/crypto"); });
+var agentTenant = lazyRequire(function () { return require("./agent-tenant"); });
 
 // Envelope magic — 5-byte ASCII prefix the safe-archive sniffer
 // recognises. Distinct from b.crypto.encrypt's base64 envelope so
 // archive-wrap output can carry an unambiguous "this is an archive
 // wrap envelope" magic before the operator-controlled payload.
 var ARCH_WRAP_MAGIC = "BAWRP";                                                       // allow:raw-byte-literal — 5-byte ASCII archive-wrap recipient envelope magic
-var ARCH_WRAP_VERSION = 0x01;                                                        // allow:raw-byte-literal — recipient version byte
+var ARCH_WRAP_VERSION = 0x01;                                                        // allow:raw-byte-literal — recipient version byte (hybrid-KEM envelope)
+// Tenant strategy uses the same BAWRP magic with a distinct version
+// byte: the body is a symmetric XChaCha20-Poly1305 packed ciphertext
+// (b.crypto.encryptPacked) keyed by the tenant's vault-derived key,
+// not a hybrid-KEM envelope. unwrap dispatches on the version byte so
+// a tenant envelope is never fed to the KEM decrypt path.
+var ARCH_WRAP_VERSION_TENANT = 0x02;                                                 // allow:raw-byte-literal — tenant symmetric-seal version byte
+// Purpose label for the per-tenant key derivation (domain-separates
+// the archive-wrap key from a tenant's seal / audit / session keys).
+var TENANT_KEY_PURPOSE = "archive-wrap";
 var ARCH_WRAP_HEADER_BYTES = C.BYTES.bytes(6);                                        // magic(5) + version(1)
 // Passphrase variant — wire format: magic(5) + version(1) + saltLen(1)
 // + salt(saltLen bytes) + encrypted bytes (24-byte nonce + ciphertext+tag
@@ -66,10 +77,14 @@ var ARCH_PASSPHRASE_HEADER_BYTES = C.BYTES.bytes(7);
  *   - peer cert   — `{ recipient: { peerCertDer, peerKemPubkey } }` composes
  *                   `b.crypto.encryptEnvelopeAsCertPeer` (extracts the
  *                   P-384 half from the cert).
- *   - tenant      — `{ recipient: "tenant", tenantId: "alpha" }` resolves
- *                   the tenant's KEM keypair via `b.vault.derivedKey`
- *                   (deferred to v0.12.11 alongside the backup
- *                   `cryptoStrategy: "recipient"` adoption).
+ *   - tenant      — `{ recipient: "tenant", tenantId: "alpha" }` seals
+ *                   under a deterministic per-tenant key derived from the
+ *                   vault root (`b.agent.tenant.derivedKey`) with
+ *                   XChaCha20-Poly1305, the tenant id mixed into the AEAD
+ *                   AAD so one tenant's envelope cannot open under
+ *                   another's key. No recipient key-pair to manage;
+ *                   `unwrap` re-derives from the same `tenantId`. Requires
+ *                   an initialized vault.
  *
  * @opts
  *   recipient:  object | string,   // see strategies above; required
@@ -96,15 +111,16 @@ function wrap(bytes, opts) {
     throw new ArchiveWrapError("archive-wrap/no-recipient",
       "wrap: opts.recipient is required (static key object | \"tenant\" string | peer-cert object)");
   }
-  var envelope = _encryptForRecipient(bytes, opts);
-  // envelope is a base64 string from b.crypto.encrypt. Buffer it and
-  // prepend the 6-byte archive-wrap header so safeArchive's sniffer
-  // can identify it without attempting decryption.
-  var envelopeBuf = Buffer.from(envelope, "utf-8");
+  var enc = _encryptForRecipient(bytes, opts);
+  // enc.body is the envelope bytes (base64 KEM envelope for static /
+  // peer-cert recipients, symmetric packed ciphertext for tenant).
+  // Prepend the 6-byte archive-wrap header stamped with the strategy's
+  // version byte so safeArchive's sniffer + unwrap can identify the
+  // envelope (and pick the right decrypt path) without trial decryption.
   var header = Buffer.alloc(ARCH_WRAP_HEADER_BYTES);
   header.write(ARCH_WRAP_MAGIC, 0, 5, "ascii");
-  header[5] = ARCH_WRAP_VERSION;
-  return Buffer.concat([header, envelopeBuf]);
+  header[5] = enc.version;
+  return Buffer.concat([header, enc.body]);
 }
 
 /**
@@ -121,11 +137,14 @@ function wrap(bytes, opts) {
  * than a crypto-level error.
  *
  * @opts
- *   recipient:  object,   // { privateKey, ecPrivateKey } | { certPrivateKey, kemSecret }; required
+ *   recipient:  object | "tenant",  // { privateKey, ecPrivateKey } | { certPrivateKey, kemSecret } | "tenant"
+ *   tenantId:   string,             // required when the envelope was sealed with recipient: "tenant"
  *
  * @example
  *   var bytes  = b.archive.unwrap(sealed, { recipient: privPair });
  *   var reader = b.archive.read.tar(b.archive.adapters.buffer(bytes));
+ *   // tenant envelope:
+ *   var t = b.archive.unwrap(sealedForTenant, { recipient: "tenant", tenantId: "alpha" });
  */
 function unwrap(sealed, opts) {
   opts = opts || {};
@@ -145,6 +164,27 @@ function unwrap(sealed, opts) {
       JSON.stringify(ARCH_WRAP_MAGIC) + "; got " + JSON.stringify(magic));
   }
   var version = buf[5];
+  // Tenant strategy: symmetric packed ciphertext keyed by the
+  // vault-derived per-tenant key. Re-derive from opts.tenantId and
+  // decrypt under the same tenant-bound AAD that wrap sealed with.
+  if (version === ARCH_WRAP_VERSION_TENANT) {
+    if (opts.recipient !== undefined && opts.recipient !== "tenant") {
+      throw new ArchiveWrapError("archive-wrap/recipient-mismatch",
+        "unwrap: this envelope was sealed with recipient: \"tenant\" — pass opts.tenantId " +
+        "(and either omit opts.recipient or set it to \"tenant\"), not a key-pair recipient");
+    }
+    var tenantKey = _tenantKey(opts.tenantId);
+    var packedBody = buf.slice(ARCH_WRAP_HEADER_BYTES);
+    try {
+      return bCrypto().decryptPacked(packedBody, tenantKey, _tenantAad(opts.tenantId));
+    } catch (e) {
+      var terr = new ArchiveWrapError("archive-wrap/decrypt-failed",
+        "unwrap: tenant envelope decryption refused (wrong tenantId or rotated vault?): " +
+        ((e && e.message) || String(e)));
+      terr.cause = e;
+      throw terr;
+    }
+  }
   if (version !== ARCH_WRAP_VERSION) {
     throw new ArchiveWrapError("archive-wrap/bad-version",
       "unwrap: archive-wrap version " + version + " not supported by this build");
@@ -152,7 +192,8 @@ function unwrap(sealed, opts) {
   if (!opts.recipient || typeof opts.recipient !== "object") {
     throw new ArchiveWrapError("archive-wrap/no-recipient",
       "unwrap: opts.recipient is required ({ privateKey, ecPrivateKey } " +
-      "for the static-key path, { certPrivateKey, kemSecret } for the peer-cert path)");
+      "for the static-key path, { certPrivateKey, kemSecret } for the peer-cert path, " +
+      "or \"tenant\" + opts.tenantId for the tenant path)");
   }
   var envelope = buf.slice(ARCH_WRAP_HEADER_BYTES).toString("utf-8");
   var plaintext;
@@ -183,28 +224,52 @@ function unwrap(sealed, opts) {
   return Buffer.isBuffer(plaintext) ? plaintext : Buffer.from(plaintext);
 }
 
+// Resolve a tenant's deterministic 32-byte archive-wrap key from the
+// vault root. Throws a clear archive-wrap error (rather than a deep
+// agent-tenant one) when tenantId is missing; the vault-not-initialized
+// case surfaces from agentTenant.derivedKey unchanged.
+function _tenantKey(tenantId) {
+  if (typeof tenantId !== "string" || tenantId.length === 0) {
+    throw new ArchiveWrapError("archive-wrap/no-tenant-id",
+      "recipient: \"tenant\" requires opts.tenantId (a non-empty string)");
+  }
+  return Buffer.from(agentTenant().derivedKey(tenantId, TENANT_KEY_PURPOSE), "hex");
+}
+
+// AAD context-binds the symmetric envelope to the tenant: the Poly1305
+// tag covers this, so a tenant-A envelope cannot be decrypted under
+// tenant-B's key even if an attacker swaps headers between envelopes.
+function _tenantAad(tenantId) {
+  return Buffer.from("archive-wrap|tenant|" + tenantId, "utf8");
+}
+
+// Returns { version, body } so wrap() can stamp the right version byte:
+// hybrid-KEM recipients use ARCH_WRAP_VERSION with a base64 envelope
+// body; the tenant strategy uses ARCH_WRAP_VERSION_TENANT with a
+// symmetric packed-ciphertext body.
 function _encryptForRecipient(bytes, opts) {
   var r = opts.recipient;
   if (typeof r === "string") {
     if (r === "tenant") {
-      // tenant strategy lands in v0.12.11 alongside the backup
-      // cryptoStrategy adoption — refuse cleanly for v0.12.10 so
-      // operators see the deferred-shape contract.
-      throw new ArchiveWrapError("archive-wrap/tenant-strategy-deferred",
-        "wrap: recipient: \"tenant\" lands in v0.12.11 alongside b.backup cryptoStrategy: \"recipient\" + per-tenant key resolution. For v0.12.10, pass an explicit { publicKey, ecPublicKey } recipient");
+      var tenantKey = _tenantKey(opts.tenantId);
+      var packed = bCrypto().encryptPacked(Buffer.from(bytes), tenantKey, _tenantAad(opts.tenantId));
+      return { version: ARCH_WRAP_VERSION_TENANT, body: packed };
     }
     throw new ArchiveWrapError("archive-wrap/bad-recipient",
-      "wrap: recipient string " + JSON.stringify(r) + " not recognised; \"tenant\" deferred to v0.12.11");
+      "wrap: recipient string " + JSON.stringify(r) + " not recognised; the only string recipient is \"tenant\" (with opts.tenantId)");
   }
   if (r.peerCertDer || r.peerKemPubkey) {
     if (!r.peerCertDer || !r.peerKemPubkey) {
       throw new ArchiveWrapError("archive-wrap/bad-recipient",
         "wrap: peer-cert strategy requires BOTH peerCertDer + peerKemPubkey");
     }
-    return bCrypto().encryptEnvelopeAsCertPeer(bytes, {
-      peerCertDer:    r.peerCertDer,
-      peerKemPubkey:  r.peerKemPubkey,
-    });
+    return {
+      version: ARCH_WRAP_VERSION,
+      body: Buffer.from(bCrypto().encryptEnvelopeAsCertPeer(bytes, {
+        peerCertDer:    r.peerCertDer,
+        peerKemPubkey:  r.peerKemPubkey,
+      }), "utf-8"),
+    };
   }
   if (r.publicKey) {
     // Codex P2 on v0.12.10 PR #161 — b.crypto.encrypt falls back to
@@ -221,10 +286,13 @@ function _encryptForRecipient(bytes, opts) {
         "and ecPublicKey (P-384 ECDH PEM). Partial recipients trip b.crypto.encrypt's " +
         "ML-KEM-only fallback which silently degrades the hybrid contract this primitive promises.");
     }
-    return bCrypto().encrypt(bytes, {
-      publicKey:    r.publicKey,
-      ecPublicKey:  r.ecPublicKey,
-    });
+    return {
+      version: ARCH_WRAP_VERSION,
+      body: Buffer.from(bCrypto().encrypt(bytes, {
+        publicKey:    r.publicKey,
+        ecPublicKey:  r.ecPublicKey,
+      }), "utf-8"),
+    };
   }
   throw new ArchiveWrapError("archive-wrap/bad-recipient",
     "wrap: recipient must be { publicKey, ecPublicKey } | { peerCertDer, peerKemPubkey } | \"tenant\"");

package/lib/atomic-file.js

@@ -146,14 +146,18 @@ function fsync(fd) {
  *   b.atomicFile.fsyncDir("/var/lib/blamejs/data");
  */
 function fsyncDir(dirPath) {
-  // CodeQL js/insecure-temporary-file: dirPath is an operator-supplied
-  // framework data directory (e.g. /var/lib/blamejs/data) — never an
-  // os.tmpdir-reachable path. The fd is used solely for fsync and is
-  // closed immediately; no read or write occurs through it, so the
-  // tmp-file heuristic does not apply. Owner-only 0o700 dataDir
-  // perms are set by ensureDir.
+  // CodeQL js/insecure-temporary-file: this is a read-only open of an
+  // EXISTING directory to fsync its inode — no file is created, so the
+  // predictable-temp-name / symlink-race the query targets does not
+  // apply. The fd is opened "r", fsynced, and closed immediately; no
+  // write goes through it. The directory itself is created 0o700 by
+  // ensureDir. dirPath is normally an operator data dir (e.g.
+  // /var/lib/blamejs/data); when a caller fsyncs a dir under os.tmpdir
+  // (test fixtures via fs.mkdtempSync, or an audit bundle written to a
+  // tmp `out`), mkdtempSync already guarantees a unique 0o700 dir, so
+  // there is still no race surface.
   try {
-    var fd = nodeFs.openSync(dirPath, "r");
+    var fd = nodeFs.openSync(dirPath, "r"); // lgtm[js/insecure-temporary-file] — read-only fsync of an existing dir; no temp file created
     try { nodeFs.fsyncSync(fd); } catch (_e) { /* Windows rejects directory fsync */ }
     finally { nodeFs.closeSync(fd); }
   } catch (_e) { /* dir fsync is best-effort across filesystems */ }

package/lib/audit-tools.js

@@ -291,36 +291,43 @@ async function _defaultReadPredecessorRowHash(firstCounter) {
 
 // ---- Bundle writer ----
 
-async function _writeBundle(args) {
-  var outDir       = args.outDir;
+// Assemble the encrypted bundle entirely in memory: returns the
+// manifest plus an ordered { filename: Buffer } map. Pure — no
+// filesystem touch — so it backs both the on-disk writer and the
+// returnBytes / serverless path. The bundle is always the same 2-3
+// files (rows.enc, optional checkpoint.enc, manifest.json) whether it
+// lands on disk or ships as bytes.
+async function _buildBundle(args) {
   var kind         = args.kind;
   var rows         = args.rows;
   var checkpoint   = args.checkpoint || null;
   var passphrase   = args.passphrase;
   var predecessorRowHash = args.predecessorRowHash;
 
-  atomicFile.ensureDir(outDir);
-
   var firstRow = rows[0];
   var lastRow  = rows[rows.length - 1];
+  var files = {};
 
   // 1. Encrypt the rows JSONL
   var jsonl = rows.map(function (r) {
     return JSON.stringify(_rowToWireForm(r));
   }).join("\n") + "\n";
   var rowsEnc = await backupCrypto.encryptWithFreshSalt(jsonl, passphrase);
-  atomicFile.writeSync(nodePath.join(outDir, "rows.enc"), rowsEnc.encrypted, { fileMode: 0o600 });
+  files["rows.enc"] = rowsEnc.encrypted;
 
   // 2. (archive) Encrypt the checkpoint JSON
   var checkpointSalt = null;
+  var checkpointEncrypted = null;
   if (checkpoint) {
     var ckptJson = _canonicalize(_rowToWireForm(checkpoint));
     var ckptEnc = await backupCrypto.encryptWithFreshSalt(ckptJson, passphrase);
-    atomicFile.writeSync(nodePath.join(outDir, "checkpoint.enc"), ckptEnc.encrypted, { fileMode: 0o600 });
+    files["checkpoint.enc"] = ckptEnc.encrypted;
     checkpointSalt = ckptEnc.salt;
+    checkpointEncrypted = ckptEnc.encrypted;
   }
 
-  // 3. Build manifest
+  // 3. Build manifest — checksums computed from the in-memory buffers
+  // (no read-back of what we just wrote).
   var manifest = {
     format:         BUNDLE_FORMAT,
     kind:           kind,
@@ -342,8 +349,8 @@ async function _writeBundle(args) {
     },
     checksum: {
       rowsSha3_512:       backupCrypto.checksum(rowsEnc.encrypted),
-      checkpointSha3_512: checkpointSalt
-        ? backupCrypto.checksum(nodeFs.readFileSync(nodePath.join(outDir, "checkpoint.enc")))
+      checkpointSha3_512: checkpointEncrypted
+        ? backupCrypto.checksum(checkpointEncrypted)
         : null,
     },
   };
@@ -355,9 +362,22 @@ async function _writeBundle(args) {
       checkpointId:         String(checkpoint._id),
     };
   }
+  files["manifest.json"] = Buffer.from(_canonicalize(manifest), "utf8");
+  return { manifest: manifest, files: files };
+}
+
+async function _writeBundle(args) {
+  var outDir = args.outDir;
+  var built  = await _buildBundle(args);
+
+  atomicFile.ensureDir(outDir);
+  atomicFile.writeSync(nodePath.join(outDir, "rows.enc"), built.files["rows.enc"], { fileMode: 0o600 });
+  if (built.files["checkpoint.enc"]) {
+    atomicFile.writeSync(nodePath.join(outDir, "checkpoint.enc"), built.files["checkpoint.enc"], { fileMode: 0o600 });
+  }
   var manifestPath = nodePath.join(outDir, "manifest.json");
-  atomicFile.writeSync(manifestPath, _canonicalize(manifest), { fileMode: 0o600 });
-  return { manifest: manifest, manifestPath: manifestPath };
+  atomicFile.writeSync(manifestPath, built.files["manifest.json"], { fileMode: 0o600 });
+  return { manifest: built.manifest, manifestPath: manifestPath };
 }
 
 // ---- Bundle reader ----
@@ -437,8 +457,14 @@ async function _readBundle(inDir, passphrase) {
  * Refuses if `opts.out` exists, no rows match, or no signed
  * checkpoint covers the slice (run `b.audit.checkpoint()` first).
  *
+ * Pass `returnBytes: true` instead of `out` for the bundle as an
+ * in-memory `{ filename: Buffer }` map (`rows.enc` + `checkpoint.enc`
+ * + `manifest.json`) — the read-only / serverless path. `out` and
+ * `returnBytes` are mutually exclusive.
+ *
  * @opts
- *   out:        string,         // fresh directory path for the bundle
+ *   out:        string,         // fresh directory path (omit when returnBytes)
+ *   returnBytes:boolean,        // true → return { manifest, files } in memory, no disk
  *   before:     number|Date|string,  // archive rows recordedAt < this
  *   passphrase: Buffer|string,  // bundle-encryption passphrase
  *
@@ -455,7 +481,12 @@ async function _readBundle(inDir, passphrase) {
 async function archive(opts) {
   opts = opts || {};
   _requirePassphrase(opts.passphrase);
-  _requireOutDir(opts.out, "archive");
+  var returnBytes = opts.returnBytes === true;
+  if (returnBytes && opts.out !== undefined) {
+    throw new AuditToolsError("audit-tools/out-and-return-bytes",
+      "archive: specify either opts.out (write to disk) or opts.returnBytes (in-memory bytes), not both");
+  }
+  if (!returnBytes) _requireOutDir(opts.out, "archive");
   var beforeMs = _toMs(opts.before);
   if (beforeMs == null) {
     throw new AuditToolsError("audit-tools/no-before",
@@ -482,6 +513,22 @@ async function archive(opts) {
 
   var predecessorRowHash = await readPredecessorHash(firstCounter);
 
+  if (returnBytes) {
+    var built = await _buildBundle({
+      kind:       KIND_ARCHIVE,
+      rows:       rows,
+      checkpoint: checkpoint,
+      passphrase: opts.passphrase,
+      predecessorRowHash: predecessorRowHash,
+    });
+    return {
+      manifest: built.manifest,
+      files:    built.files,
+      rowCount: rows.length,
+      range:    built.manifest.range,
+    };
+  }
+
   var written = await _writeBundle({
     outDir:     opts.out,
     kind:       KIND_ARCHIVE,
@@ -517,8 +564,15 @@ async function archive(opts) {
  * action filter that drops intermediate counters is rejected with
  * `audit-tools/non-contiguous`.
  *
+ * Pass `returnBytes: true` instead of `out` to get the bundle as an
+ * in-memory `{ filename: Buffer }` map (`rows.enc` + `manifest.json`)
+ * with no filesystem touch — the read-only / serverless path; ship it
+ * to object storage or over the wire. `out` and `returnBytes` are
+ * mutually exclusive.
+ *
  * @opts
- *   out:        string,                // fresh directory path
+ *   out:        string,                // fresh directory path (omit when returnBytes)
+ *   returnBytes:boolean,               // true → return { manifest, files } in memory, no disk
  *   from:       number|Date|string,    // recordedAt >= this (inclusive)
  *   to:         number|Date|string,    // recordedAt <= this (inclusive)
  *   action:     string,                // exact action match (optional)
@@ -536,7 +590,12 @@ async function archive(opts) {
 async function exportSlice(opts) {
   opts = opts || {};
   _requirePassphrase(opts.passphrase);
-  _requireOutDir(opts.out, "export");
+  var returnBytes = opts.returnBytes === true;
+  if (returnBytes && opts.out !== undefined) {
+    throw new AuditToolsError("audit-tools/out-and-return-bytes",
+      "export: specify either opts.out (write to disk) or opts.returnBytes (in-memory bytes), not both");
+  }
+  if (!returnBytes) _requireOutDir(opts.out, "export");
   var fromMs = _toMs(opts.from);
   var toMs   = _toMs(opts.to);
   var readRows = opts.readRows || _defaultReadRows;
@@ -567,6 +626,22 @@ async function exportSlice(opts) {
   var firstCounter = Number(rows[0].monotonicCounter);
   var predecessorRowHash = await readPredecessorHash(firstCounter);
 
+  if (returnBytes) {
+    var built = await _buildBundle({
+      kind:       KIND_EXPORT,
+      rows:       rows,
+      checkpoint: null,
+      passphrase: opts.passphrase,
+      predecessorRowHash: predecessorRowHash,
+    });
+    return {
+      manifest: built.manifest,
+      files:    built.files,
+      rowCount: rows.length,
+      range:    built.manifest.range,
+    };
+  }
+
   var written = await _writeBundle({
     outDir:     opts.out,
     kind:       KIND_EXPORT,
@@ -852,9 +927,15 @@ async function _defaultApplyPurge(args) {
  * `audit.forensic_snapshot.composed` audit event so the act of
  * composing the snapshot is itself on-chain.
  *
+ * Pass `returnBytes: true` instead of `out` for the snapshot as an
+ * in-memory `{ filename: Buffer }` map (the slice's `rows.enc` +
+ * `manifest.json` plus `forensic-snapshot.json`) — the read-only /
+ * serverless path. `out` and `returnBytes` are mutually exclusive.
+ *
  * @opts
- *   out:        string,               // fresh directory path
- *   since:      number|Date|string,   // include rows recordedAt >= this
+ *   out:        string,               // fresh directory path (omit when returnBytes)
+ *   returnBytes:boolean,              // true → return { ...manifest, files } in memory, no disk
+ *   since:      number|Date|string,   // include rows recordedAt >= this (windowed since → now)
  *   passphrase: Buffer|string,        // bundle-encryption passphrase
  *   reason:     string,               // required incident-context reason
  *   incidentId: string,               // optional ticket / incident id
@@ -874,29 +955,39 @@ async function _defaultApplyPurge(args) {
 async function forensicSnapshot(opts) {
   opts = opts || {};
   _requirePassphrase(opts.passphrase);
-  _requireOutDir(opts.out, "forensicSnapshot");
+  var returnBytes = opts.returnBytes === true;
+  if (returnBytes && opts.out !== undefined) {
+    throw new AuditToolsError("audit-tools/out-and-return-bytes",
+      "forensicSnapshot: specify either opts.out (write to disk) or opts.returnBytes (in-memory bytes), not both");
+  }
+  if (!returnBytes) _requireOutDir(opts.out, "forensicSnapshot");
   var sinceMs = _toMs(opts.since);
   if (sinceMs == null) {
     throw new AuditToolsError("audit-tools/no-since",
       "forensicSnapshot: opts.since is required");
   }
   validateOpts.requireNonEmptyString(opts.reason, "reason", AuditToolsError, "audit-tools/no-reason");
+  // exportSlice windows by from/to — pass the requested `since` as `from`
+  // and now as `to` so the snapshot captures only the incident window
+  // rather than the entire audit history.
   var sliceResult = await exportSlice({
-    out:        opts.out,
-    since:      sinceMs,
-    until:      Date.now(),
-    passphrase: opts.passphrase,
-    readRows:   opts.readRows,
+    out:         returnBytes ? undefined : opts.out,
+    returnBytes: returnBytes,
+    from:        sinceMs,
+    to:          Date.now(),
+    passphrase:  opts.passphrase,
+    readRows:    opts.readRows,
     readCoveringCheckpoint: opts.readCoveringCheckpoint,
   });
-  // Compose snapshot manifest with operator-supplied IR context.
+  // Compose snapshot manifest with operator-supplied IR context. The
+  // audit slice lands as rows.enc inside the bundle either way.
   var manifest = {
     snapshotKind:      "forensic",
     incidentId:        opts.incidentId || null,
     reason:            opts.reason,
     actor:             opts.actor || null,
     composedAt:        new Date().toISOString(),
-    auditSliceFile:    sliceResult && sliceResult.path,
+    auditSliceFile:    returnBytes ? "rows.enc" : (sliceResult && sliceResult.manifestPath),
     auditSliceCount:   sliceResult && sliceResult.rowCount,
     runtime: {
       nodeVersion: process.version,
@@ -906,14 +997,18 @@ async function forensicSnapshot(opts) {
       uptimeSec:   Math.round(process.uptime()),
     },
   };
-  var manifestPath = require("node:path").join(opts.out, "forensic-snapshot.json");
-  require("node:fs").writeFileSync(manifestPath, _canonicalize(manifest), "utf8");
+  var manifestBytes = Buffer.from(_canonicalize(manifest), "utf8");
+  var manifestPath = null;
+  if (!returnBytes) {
+    manifestPath = nodePath.join(opts.out, "forensic-snapshot.json");
+    atomicFile.writeSync(manifestPath, manifestBytes, { fileMode: 0o600 });
+  }
   try {
     require("./audit").safeEmit({
       action:  "audit.forensic_snapshot.composed",
       outcome: "success",
       metadata: {
-        out:               opts.out,
+        out:               returnBytes ? null : opts.out,
         incidentId:        manifest.incidentId,
         reason:            opts.reason,
         actor:             opts.actor || null,
@@ -921,6 +1016,12 @@ async function forensicSnapshot(opts) {
       },
     });
   } catch (_e) { /* audit best-effort */ }
+  if (returnBytes) {
+    // Mirror the on-disk layout: the slice's files plus the IR wrapper.
+    var files = Object.assign({}, sliceResult.files);
+    files["forensic-snapshot.json"] = manifestBytes;
+    return Object.assign({}, manifest, { files: files });
+  }
   return Object.assign({}, manifest, { manifestPath: manifestPath });
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.18",
+  "version": "0.13.20",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:85f02e1d-6e57-4585-9067-a882fb442bc0",
+  "serialNumber": "urn:uuid:aca0caec-3bdf-4b4b-bfd8-436286cc5bbf",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-27T19:52:58.359Z",
+    "timestamp": "2026-05-27T22:48:58.698Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.18",
+      "bom-ref": "@blamejs/core@0.13.20",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.18",
+      "version": "0.13.20",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.18",
+      "purl": "pkg:npm/%40blamejs/core@0.13.20",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.18",
+      "ref": "@blamejs/core@0.13.20",
       "dependsOn": []
     }
   ]