@blamejs/core 0.13.19 → 0.13.21

package/CHANGELOG.md

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 
 ## v0.13.x
 
+- v0.13.21 (2026-05-27) — **`b.cose.exportKey` — serialize a public key as a COSE_Key, the inverse of `b.cose.importKey`.** b.cose could import a COSE_Key (RFC 9052 §7) into a node:crypto key for verification, but had no way to produce one — so a key used with b.cose.sign could not be shipped to a verifier in COSE form without hand-building the CBOR map. b.cose.exportKey(keyObject, opts?) closes the round-trip: it serializes an EC2 (P-256 / P-384 / P-521) or OKP (Ed25519) public key as the CBOR-encoded COSE_Key map, with optional alg and kid common parameters. A private key has its public half exported; unsupported curves / key types are refused rather than emitting a COSE_Key no verifier here would accept. The bytes round-trip through b.cose.importKey, and feed the mdoc MSO / COSE_Key header / SCITT / C2PA verification-key paths. **Added:** *`b.cose.exportKey(keyObject, { alg?, kid? })` — KeyObject → COSE_Key (RFC 9052 §7)* — Serialize a `node:crypto` public key as the CBOR-encoded COSE_Key map — the inverse of `b.cose.importKey`. Supports EC2 (P-256 / P-384 / P-521) and OKP (Ed25519), the same key types `b.cose.verify` accepts; `opts.alg` (e.g. `"ES256"`) and `opts.kid` populate the COSE_Key alg (label 3) and kid (label 2) common parameters. A private key exports its public half; unsupported curves / key types throw rather than producing a COSE_Key no verifier would accept. `b.cose.importKey(b.cbor.decode(exportKey(k)))` round-trips, so a key signed with `b.cose.sign` can be shipped to a verifier as bytes — the mdoc MSO / COSE_Key header / SCITT / C2PA verification-key paths.
+
+- v0.13.20 (2026-05-27) — **`b.archive.wrap` can seal an archive for a tenant with no key-pair to manage — `recipient: "tenant"`.** b.archive.wrap previously sealed only to an explicit hybrid-PQC key-pair or a peer certificate; the documented recipient: "tenant" strategy threw. It now works: pass { recipient: "tenant", tenantId } and the archive is sealed under a deterministic per-tenant key derived from the vault root (SHAKE256 KDF) with XChaCha20-Poly1305, the tenant id mixed into the AEAD additional-authenticated-data so one tenant's envelope cannot be opened under another tenant's key. There is no recipient key-pair for the operator to generate, store, or rotate — b.archive.unwrap re-derives the key from the same tenantId. Rotating the vault re-keys every tenant (rotation intent is re-seal). The derivation is exposed directly as b.agent.tenant.derivedKey(tenantId, purpose) for operators who need the raw per-tenant key for their own AEAD. Requires an initialized vault. **Added:** *`b.archive.wrap` / `b.archive.unwrap` `recipient: "tenant"` — per-tenant archive sealing, no key-pair* — `b.archive.wrap(bytes, { recipient: "tenant", tenantId })` seals under a deterministic per-tenant key derived from the vault root with XChaCha20-Poly1305 (draft-irtf-cfrg-xchacha-03) and a SHAKE256 KDF (FIPS 202); the tenant id is bound into the AEAD AAD so a tenant-A envelope cannot decrypt under tenant-B's key even if an attacker swaps envelope headers. `b.archive.unwrap(sealed, { recipient: "tenant", tenantId })` (or just `{ tenantId }`) re-derives the key and recovers the bytes — no recipient key-pair to manage. The tenant envelope carries a distinct version byte so it is never fed to the hybrid-KEM decrypt path. The static-key and peer-cert recipient strategies are unchanged. · *`b.agent.tenant.derivedKey(tenantId, purpose)` — direct per-tenant key derivation* — The deterministic, domain-separated per-tenant key derivation (vault root + tenantId + purpose, SHAKE256, NUL-separated) is now exported at the module level, returning a 64-char hex key. Previously reachable only as a method on a created tenant manager; operators who need the raw key for their own AEAD can now call it directly. Throws if the vault is not initialized.
+
 - v0.13.19 (2026-05-27) — **`auditTools` export / archive / forensic-snapshot can return the bundle as bytes — no output directory for serverless / read-only filesystems.** b.auditTools.exportSlice, b.auditTools.archive, and b.auditTools.forensicSnapshot required an `out` directory to write the encrypted bundle (rows.enc + optional checkpoint.enc + manifest.json), which is unusable on a read-only or ephemeral serverless filesystem. Each now accepts `returnBytes: true` instead of `out` and returns the bundle as an in-memory `{ filename: Buffer }` map — ready to stream to object storage or over the wire with no filesystem access. `out` and `returnBytes` are mutually exclusive. The on-disk path is unchanged. The bundle's encryption (XChaCha20-Poly1305 + Argon2id), chain-proof material, and manifest checksums are identical to the written bundle, so an in-memory bundle written to disk verifies exactly as one produced by the `out` path. **Added:** *`returnBytes` on `auditTools.exportSlice` / `archive` / `forensicSnapshot` — in-memory bundles* — Pass `returnBytes: true` (and omit `out`) to get the encrypted audit bundle as an in-memory `{ filename: Buffer }` map instead of a directory write — the read-only / serverless path. `exportSlice` / `archive` return `{ manifest, files, rowCount, range }`; `forensicSnapshot` returns `{ ...manifest, files }` where `files` carries the slice's `rows.enc` + `manifest.json` plus the `forensic-snapshot.json` incident wrapper. The encryption, chain proof, and manifest checksums match the on-disk bundle byte-for-byte, so the bytes verify with `verifyBundle` once written out. `out` and `returnBytes` are mutually exclusive (passing both throws). **Fixed:** *`auditTools.forensicSnapshot` now honors the `since` window instead of capturing the entire audit history* — `forensicSnapshot` passed its `since` bound to the slice exporter under the wrong option name, so the time filter was silently dropped and the snapshot bundled every audit row regardless of `since`. The window is now applied — a snapshot scoped to an incident window contains only that window's rows. The snapshot manifest's `auditSliceFile` field, previously always undefined, now records the slice location.
 
 - v0.13.18 (2026-05-27) — **`bodyParser` multipart can buffer uploads in memory — no tmp directory for serverless / read-only filesystems.** The multipart/form-data sub-parser previously streamed every file part to a tmp directory on disk (os.tmpdir() by default), which fails on a read-only or ephemeral serverless filesystem. A new multipart.storage option selects where file parts land: "disk" (default, unchanged — req.files[].path points at a tmp file cleaned up on response end) or "memory" (req.files[].buffer holds the assembled bytes, with no filesystem access at all). Both modes enforce the same per-file (fileSize), per-field, and total-request (totalSize) caps, so memory mode adds no new memory-exhaustion surface. The file object shape is stable across both modes — disk sets path with buffer null, memory sets buffer with path null — so a handler branches on whichever is non-null. An invalid storage value is rejected when the middleware is constructed. **Added:** *`bodyParser` multipart `storage: "memory"` — buffer uploads in RAM instead of a tmp directory* — `b.middleware.bodyParser({ multipart: { storage: "memory" } })` buffers each uploaded file part in memory and exposes it as `req.files[].buffer` (a Buffer), with no `os.tmpdir()` write and no tmp-file cleanup — the read-only / serverless path. The default `storage: "disk"` is unchanged: file parts stream to a tmp file, `req.files[].path` points at it, and it is removed when the response finishes. Both modes apply the existing `fileSize` / per-field `maxBytes` / `totalSize` caps and SHA3-512 hash each part during streaming, so memory mode is bounded by the same limits and adds no new DoS surface. The `req.files[]` shape is stable across modes (disk: `path` set, `buffer` null; memory: `buffer` set, `path` null). A `storage` value other than `"disk"` or `"memory"` throws a `TypeError` at construction.

package/README.md

@@ -141,7 +141,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **JSON / SQL / schema** — `b.safeJson` (with `maxKeys` cap defending CVE-2026-21717 V8 HashDoS), `b.safeBuffer`, `b.safeSql`, `b.safeSchema`
 - **URL + path** — `b.safeUrl` (IDN mixed-script / homograph refuse); `b.safeJsonPath` (refuses filter `?(...)`, deep-scan `$..`, script-shape `(@.x)` for safe Postgres JSONB ops)
 - **Binary codec** — `b.cbor` bounded deterministic CBOR (RFC 8949 §4.2): depth/size caps, indefinite-length + reserved-info + tag + duplicate-key refusal, `requireDeterministic` canonical-form check; the in-tree substrate under COSE / CWT / SCITT / WebAuthn attestation
-- **COSE messages** — `b.cose` the full RFC 9052 message-type set over `b.cbor`: COSE_Sign1 sign/verify (attached or detached payload), COSE_Encrypt0 single-recipient AEAD, COSE_Mac0 shared-key HMAC (mac0/macVerify0), plus `importKey` (COSE_Key → KeyObject). Signatures use classical ES256/384/512 + EdDSA (final COSE ids, interoperable today) plus ML-DSA-87 (PQC-forward, draft id); bounded + alg-allowlisted + crit-bypass-checked verification; AEAD ChaCha20/Poly1305 default (AES-GCM opt-in); the signed-statement substrate under SCITT / CWT / mdoc / C2PA
+- **COSE messages** — `b.cose` the full RFC 9052 message-type set over `b.cbor`: COSE_Sign1 sign/verify (attached or detached payload), COSE_Encrypt0 single-recipient AEAD, COSE_Mac0 shared-key HMAC (mac0/macVerify0), plus `importKey` (COSE_Key → KeyObject) and `exportKey` (KeyObject → COSE_Key, the inverse — ship a verification key as RFC 9052 §7 bytes). Signatures use classical ES256/384/512 + EdDSA (final COSE ids, interoperable today) plus ML-DSA-87 (PQC-forward, draft id); bounded + alg-allowlisted + crit-bypass-checked verification; AEAD ChaCha20/Poly1305 default (AES-GCM opt-in); the signed-statement substrate under SCITT / CWT / mdoc / C2PA
 - **CBOR Web Token** — `b.cwt` CWT sign/verify (RFC 8392) over `b.cose`: standard-claim mapping (iss/sub/aud/exp/nbf/iat/cti) + `exp`/`nbf` clock-skew enforcement + `iss`/`aud` matching; the CBOR-native JWT for constrained / IoT / FIDO / verifiable-credential contexts
 - **Entity Attestation Token** — `b.eat` EAT sign/verify (RFC 9711) over `b.cwt`: device + software attestation claims (ueid / oemid / hwmodel / measurements / submods) with verifier-nonce freshness binding, `dbgstat` debug-status policy, and `eat_profile` pinning
 - **SCITT signed statements** — `b.scitt` sign/verify a signed, attributable claim about an artifact (signed SBOM, build attestation, release approval) over `b.cose`: the issuer + subject bind in the integrity-protected CWT_Claims header (RFC 9597); verification refuses any statement missing the iss/sub binding. The issuer side, on finalized RFCs; the transparency receipt (COSE Receipts draft) opts in on publication
@@ -228,7 +228,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **i18n** — CLDR plural rules, Accept-Language negotiation, Intl formatters, RTL (`b.i18n`)
 - **CSV** — RFC 4180 with Excel formula-injection prevention (`b.csv`)
 - **IDs + slugs** — RFC 9562 UUID v4 + v7 (`b.uuid`); URL-safe slugs (`b.slug`)
-- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); in-memory extraction with no disk write for read-only / serverless filesystems (`b.archive.read.zip(...).extractEntries()` / `.tar`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`)
+- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); in-memory extraction with no disk write for read-only / serverless filesystems (`b.archive.read.zip(...).extractEntries()` / `.tar`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`); recipient-sealed envelopes — hybrid-PQC key-pair, peer certificate, or per-tenant key with no key-pair to manage (`b.archive.wrap({ recipient: "tenant", tenantId })`)
 - **Pagination + forms** — HMAC-signed cursor pagination (`b.pagination`); HTML form rendering + validation + CSRF (`b.forms`)
 
 ### Production

package/lib/agent-tenant.js

@@ -386,6 +386,35 @@ function _deriveTenantKeyBytes(tenantId, purpose) {
   return bCrypto.kdf(input, TENANT_KEY_BYTES);
 }
 
+/**
+ * @primitive b.agent.tenant.derivedKey
+ * @signature b.agent.tenant.derivedKey(tenantId, purpose)
+ * @since     0.9.25
+ * @status    stable
+ * @compliance hipaa, pci-dss, gdpr, soc2
+ * @related   b.agent.tenant.create, b.archive.wrap, b.vault
+ *
+ * Derive a deterministic, domain-separated 32-byte key for a tenant
+ * and a named purpose, returned as a 64-char hex string. The key is a
+ * SHAKE256 KDF over the vault root (the master keypair PEM hashed),
+ * the `tenantId`, and the `purpose`, with NUL separators so distinct
+ * `(tenantId, purpose)` pairs cannot collide. The same inputs always
+ * produce the same key, so a value sealed under
+ * `derivedKey(t, "archive-wrap")` is recoverable later from the same
+ * tenant + purpose with no key escrow. Rotating the vault
+ * (`b.vaultRotate.rotate`) changes the root and therefore every
+ * derived key — by design, rotation intent is re-seal.
+ *
+ * Throws if the vault has not been initialized (keys cannot be derived
+ * before bootstrap) or if `purpose` is empty. This is the same
+ * derivation the per-tenant `sealField` / archive `recipient: "tenant"`
+ * paths use internally; call it directly when you need the raw key for
+ * your own AEAD.
+ *
+ * @example
+ *   var key = b.agent.tenant.derivedKey("acme-corp", "archive-wrap");
+ *   // → "9f3c…" (64 hex chars; deterministic per tenant + purpose)
+ */
 function _derivedKey(tenantId, purpose) {
   // Public API — returns hex so the existing wire shape (operators
   // storing the derived key string in their DB) is unchanged. Internal
@@ -624,6 +653,7 @@ function _inMemoryBackend() {
 
 module.exports = {
   create:                    create,
+  derivedKey:                _derivedKey,
   CROSS_TENANT_ADMIN_SCOPE:  CROSS_TENANT_ADMIN_SCOPE,
   AgentTenantError:          AgentTenantError,
   guards: {

package/lib/archive-wrap.js

@@ -15,10 +15,11 @@
  *   var bytes  = b.archive.unwrap(sealed, { recipient: privKeys });
  *   var reader = b.archive.read.tar(b.archive.adapters.buffer(bytes));
  *
- * Builder-fluent composition (`tarBuilder.toAdapter(s3, { wrap: ... })`)
- * + per-entry ZIP wrap (Flavor 2) land in v0.12.11 alongside the
- * backup-crypto refactor; this patch ships the recipient substrate
- * + the b.backup `cryptoStrategy: "recipient"` opt that consumes it.
+ * Three recipient strategies: a static hybrid-PQC key-pair, a peer
+ * certificate, and `"tenant"` — a deterministic per-tenant symmetric
+ * seal keyed by the vault root (no key-pair to manage; unwrap
+ * re-derives from the tenant id). b.backup's `cryptoStrategy:
+ * "recipient"` consumes the same substrate.
  */
 
 var C = require("./constants");
@@ -29,13 +30,23 @@ var ArchiveWrapError = defineClass("ArchiveWrapError", { alwaysPermanent: true }
 
 var bCrypto = lazyRequire(function () { return require("./crypto"); });
 var backupCrypto = lazyRequire(function () { return require("./backup/crypto"); });
+var agentTenant = lazyRequire(function () { return require("./agent-tenant"); });
 
 // Envelope magic — 5-byte ASCII prefix the safe-archive sniffer
 // recognises. Distinct from b.crypto.encrypt's base64 envelope so
 // archive-wrap output can carry an unambiguous "this is an archive
 // wrap envelope" magic before the operator-controlled payload.
 var ARCH_WRAP_MAGIC = "BAWRP";                                                       // allow:raw-byte-literal — 5-byte ASCII archive-wrap recipient envelope magic
-var ARCH_WRAP_VERSION = 0x01;                                                        // allow:raw-byte-literal — recipient version byte
+var ARCH_WRAP_VERSION = 0x01;                                                        // allow:raw-byte-literal — recipient version byte (hybrid-KEM envelope)
+// Tenant strategy uses the same BAWRP magic with a distinct version
+// byte: the body is a symmetric XChaCha20-Poly1305 packed ciphertext
+// (b.crypto.encryptPacked) keyed by the tenant's vault-derived key,
+// not a hybrid-KEM envelope. unwrap dispatches on the version byte so
+// a tenant envelope is never fed to the KEM decrypt path.
+var ARCH_WRAP_VERSION_TENANT = 0x02;                                                 // allow:raw-byte-literal — tenant symmetric-seal version byte
+// Purpose label for the per-tenant key derivation (domain-separates
+// the archive-wrap key from a tenant's seal / audit / session keys).
+var TENANT_KEY_PURPOSE = "archive-wrap";
 var ARCH_WRAP_HEADER_BYTES = C.BYTES.bytes(6);                                        // magic(5) + version(1)
 // Passphrase variant — wire format: magic(5) + version(1) + saltLen(1)
 // + salt(saltLen bytes) + encrypted bytes (24-byte nonce + ciphertext+tag
@@ -66,10 +77,14 @@ var ARCH_PASSPHRASE_HEADER_BYTES = C.BYTES.bytes(7);
  *   - peer cert   — `{ recipient: { peerCertDer, peerKemPubkey } }` composes
  *                   `b.crypto.encryptEnvelopeAsCertPeer` (extracts the
  *                   P-384 half from the cert).
- *   - tenant      — `{ recipient: "tenant", tenantId: "alpha" }` resolves
- *                   the tenant's KEM keypair via `b.vault.derivedKey`
- *                   (deferred to v0.12.11 alongside the backup
- *                   `cryptoStrategy: "recipient"` adoption).
+ *   - tenant      — `{ recipient: "tenant", tenantId: "alpha" }` seals
+ *                   under a deterministic per-tenant key derived from the
+ *                   vault root (`b.agent.tenant.derivedKey`) with
+ *                   XChaCha20-Poly1305, the tenant id mixed into the AEAD
+ *                   AAD so one tenant's envelope cannot open under
+ *                   another's key. No recipient key-pair to manage;
+ *                   `unwrap` re-derives from the same `tenantId`. Requires
+ *                   an initialized vault.
  *
  * @opts
  *   recipient:  object | string,   // see strategies above; required
@@ -96,15 +111,16 @@ function wrap(bytes, opts) {
     throw new ArchiveWrapError("archive-wrap/no-recipient",
       "wrap: opts.recipient is required (static key object | \"tenant\" string | peer-cert object)");
   }
-  var envelope = _encryptForRecipient(bytes, opts);
-  // envelope is a base64 string from b.crypto.encrypt. Buffer it and
-  // prepend the 6-byte archive-wrap header so safeArchive's sniffer
-  // can identify it without attempting decryption.
-  var envelopeBuf = Buffer.from(envelope, "utf-8");
+  var enc = _encryptForRecipient(bytes, opts);
+  // enc.body is the envelope bytes (base64 KEM envelope for static /
+  // peer-cert recipients, symmetric packed ciphertext for tenant).
+  // Prepend the 6-byte archive-wrap header stamped with the strategy's
+  // version byte so safeArchive's sniffer + unwrap can identify the
+  // envelope (and pick the right decrypt path) without trial decryption.
   var header = Buffer.alloc(ARCH_WRAP_HEADER_BYTES);
   header.write(ARCH_WRAP_MAGIC, 0, 5, "ascii");
-  header[5] = ARCH_WRAP_VERSION;
-  return Buffer.concat([header, envelopeBuf]);
+  header[5] = enc.version;
+  return Buffer.concat([header, enc.body]);
 }
 
 /**
@@ -121,11 +137,14 @@ function wrap(bytes, opts) {
  * than a crypto-level error.
  *
  * @opts
- *   recipient:  object,   // { privateKey, ecPrivateKey } | { certPrivateKey, kemSecret }; required
+ *   recipient:  object | "tenant",  // { privateKey, ecPrivateKey } | { certPrivateKey, kemSecret } | "tenant"
+ *   tenantId:   string,             // required when the envelope was sealed with recipient: "tenant"
  *
  * @example
  *   var bytes  = b.archive.unwrap(sealed, { recipient: privPair });
  *   var reader = b.archive.read.tar(b.archive.adapters.buffer(bytes));
+ *   // tenant envelope:
+ *   var t = b.archive.unwrap(sealedForTenant, { recipient: "tenant", tenantId: "alpha" });
  */
 function unwrap(sealed, opts) {
   opts = opts || {};
@@ -145,6 +164,27 @@ function unwrap(sealed, opts) {
       JSON.stringify(ARCH_WRAP_MAGIC) + "; got " + JSON.stringify(magic));
   }
   var version = buf[5];
+  // Tenant strategy: symmetric packed ciphertext keyed by the
+  // vault-derived per-tenant key. Re-derive from opts.tenantId and
+  // decrypt under the same tenant-bound AAD that wrap sealed with.
+  if (version === ARCH_WRAP_VERSION_TENANT) {
+    if (opts.recipient !== undefined && opts.recipient !== "tenant") {
+      throw new ArchiveWrapError("archive-wrap/recipient-mismatch",
+        "unwrap: this envelope was sealed with recipient: \"tenant\" — pass opts.tenantId " +
+        "(and either omit opts.recipient or set it to \"tenant\"), not a key-pair recipient");
+    }
+    var tenantKey = _tenantKey(opts.tenantId);
+    var packedBody = buf.slice(ARCH_WRAP_HEADER_BYTES);
+    try {
+      return bCrypto().decryptPacked(packedBody, tenantKey, _tenantAad(opts.tenantId));
+    } catch (e) {
+      var terr = new ArchiveWrapError("archive-wrap/decrypt-failed",
+        "unwrap: tenant envelope decryption refused (wrong tenantId or rotated vault?): " +
+        ((e && e.message) || String(e)));
+      terr.cause = e;
+      throw terr;
+    }
+  }
   if (version !== ARCH_WRAP_VERSION) {
     throw new ArchiveWrapError("archive-wrap/bad-version",
       "unwrap: archive-wrap version " + version + " not supported by this build");
@@ -152,7 +192,8 @@ function unwrap(sealed, opts) {
   if (!opts.recipient || typeof opts.recipient !== "object") {
     throw new ArchiveWrapError("archive-wrap/no-recipient",
       "unwrap: opts.recipient is required ({ privateKey, ecPrivateKey } " +
-      "for the static-key path, { certPrivateKey, kemSecret } for the peer-cert path)");
+      "for the static-key path, { certPrivateKey, kemSecret } for the peer-cert path, " +
+      "or \"tenant\" + opts.tenantId for the tenant path)");
   }
   var envelope = buf.slice(ARCH_WRAP_HEADER_BYTES).toString("utf-8");
   var plaintext;
@@ -183,28 +224,52 @@ function unwrap(sealed, opts) {
   return Buffer.isBuffer(plaintext) ? plaintext : Buffer.from(plaintext);
 }
 
+// Resolve a tenant's deterministic 32-byte archive-wrap key from the
+// vault root. Throws a clear archive-wrap error (rather than a deep
+// agent-tenant one) when tenantId is missing; the vault-not-initialized
+// case surfaces from agentTenant.derivedKey unchanged.
+function _tenantKey(tenantId) {
+  if (typeof tenantId !== "string" || tenantId.length === 0) {
+    throw new ArchiveWrapError("archive-wrap/no-tenant-id",
+      "recipient: \"tenant\" requires opts.tenantId (a non-empty string)");
+  }
+  return Buffer.from(agentTenant().derivedKey(tenantId, TENANT_KEY_PURPOSE), "hex");
+}
+
+// AAD context-binds the symmetric envelope to the tenant: the Poly1305
+// tag covers this, so a tenant-A envelope cannot be decrypted under
+// tenant-B's key even if an attacker swaps headers between envelopes.
+function _tenantAad(tenantId) {
+  return Buffer.from("archive-wrap|tenant|" + tenantId, "utf8");
+}
+
+// Returns { version, body } so wrap() can stamp the right version byte:
+// hybrid-KEM recipients use ARCH_WRAP_VERSION with a base64 envelope
+// body; the tenant strategy uses ARCH_WRAP_VERSION_TENANT with a
+// symmetric packed-ciphertext body.
 function _encryptForRecipient(bytes, opts) {
   var r = opts.recipient;
   if (typeof r === "string") {
     if (r === "tenant") {
-      // tenant strategy lands in v0.12.11 alongside the backup
-      // cryptoStrategy adoption — refuse cleanly for v0.12.10 so
-      // operators see the deferred-shape contract.
-      throw new ArchiveWrapError("archive-wrap/tenant-strategy-deferred",
-        "wrap: recipient: \"tenant\" lands in v0.12.11 alongside b.backup cryptoStrategy: \"recipient\" + per-tenant key resolution. For v0.12.10, pass an explicit { publicKey, ecPublicKey } recipient");
+      var tenantKey = _tenantKey(opts.tenantId);
+      var packed = bCrypto().encryptPacked(Buffer.from(bytes), tenantKey, _tenantAad(opts.tenantId));
+      return { version: ARCH_WRAP_VERSION_TENANT, body: packed };
     }
     throw new ArchiveWrapError("archive-wrap/bad-recipient",
-      "wrap: recipient string " + JSON.stringify(r) + " not recognised; \"tenant\" deferred to v0.12.11");
+      "wrap: recipient string " + JSON.stringify(r) + " not recognised; the only string recipient is \"tenant\" (with opts.tenantId)");
   }
   if (r.peerCertDer || r.peerKemPubkey) {
     if (!r.peerCertDer || !r.peerKemPubkey) {
       throw new ArchiveWrapError("archive-wrap/bad-recipient",
         "wrap: peer-cert strategy requires BOTH peerCertDer + peerKemPubkey");
     }
-    return bCrypto().encryptEnvelopeAsCertPeer(bytes, {
-      peerCertDer:    r.peerCertDer,
-      peerKemPubkey:  r.peerKemPubkey,
-    });
+    return {
+      version: ARCH_WRAP_VERSION,
+      body: Buffer.from(bCrypto().encryptEnvelopeAsCertPeer(bytes, {
+        peerCertDer:    r.peerCertDer,
+        peerKemPubkey:  r.peerKemPubkey,
+      }), "utf-8"),
+    };
   }
   if (r.publicKey) {
     // Codex P2 on v0.12.10 PR #161 — b.crypto.encrypt falls back to
@@ -221,10 +286,13 @@ function _encryptForRecipient(bytes, opts) {
         "and ecPublicKey (P-384 ECDH PEM). Partial recipients trip b.crypto.encrypt's " +
         "ML-KEM-only fallback which silently degrades the hybrid contract this primitive promises.");
     }
-    return bCrypto().encrypt(bytes, {
-      publicKey:    r.publicKey,
-      ecPublicKey:  r.ecPublicKey,
-    });
+    return {
+      version: ARCH_WRAP_VERSION,
+      body: Buffer.from(bCrypto().encrypt(bytes, {
+        publicKey:    r.publicKey,
+        ecPublicKey:  r.ecPublicKey,
+      }), "utf-8"),
+    };
   }
   throw new ArchiveWrapError("archive-wrap/bad-recipient",
     "wrap: recipient must be { publicKey, ecPublicKey } | { peerCertDer, peerKemPubkey } | \"tenant\"");

package/lib/cose.js

@@ -743,9 +743,15 @@ function macVerify0(coseMac0, opts) {
 // secp256k1 key be verified under ES256, breaking the COSE alg/curve
 // binding (RFC 9053). Re-add with an explicit ES256K algorithm.
 var COSE_EC2_CRV = { 1: "P-256", 2: "P-384", 3: "P-521" };
+// Reverse of COSE_EC2_CRV — JWK crv name → COSE EC2 curve id, for exportKey.
+var COSE_EC2_CRV_ID = { "P-256": 1, "P-384": 2, "P-521": 3 };
 var COSE_KTY_OKP = 1;
 var COSE_KTY_EC2 = 2;
 var COSE_OKP_ED25519 = 6;                                                    // allow:raw-byte-literal — COSE OKP Ed25519 crv id (RFC 9053)
+// COSE_Key common-parameter labels (RFC 9052 §7.1): 1=kty, 2=kid, 3=alg.
+var COSE_KEY_LABEL_KTY = 1;
+var COSE_KEY_LABEL_KID = 2;
+var COSE_KEY_LABEL_ALG = 3;
 
 function _coseKeyBytes(v, what) {
   if (Buffer.isBuffer(v)) return v;
@@ -804,6 +810,83 @@ function importKey(coseKey) {
   catch (e) { throw new CoseError("cose/bad-cose-key", "cose.importKey: could not import COSE_Key: " + ((e && e.message) || e)); }
 }
 
+/**
+ * @primitive b.cose.exportKey
+ * @signature b.cose.exportKey(keyObject, opts?)
+ * @since     0.13.20
+ * @status    stable
+ * @related   b.cose.importKey, b.cose.verify, b.cbor.encode
+ *
+ * Serialize a <code>node:crypto</code> public key as a COSE_Key
+ * (RFC 9052 §7) — the CBOR-map, integer-labelled form embedded in an
+ * mdoc MSO, a COSE_Key header, or a SCITT / C2PA verification-key
+ * field. The inverse of <code>b.cose.importKey</code>: a key signed
+ * with <code>b.cose.sign</code> can be shipped to a verifier as bytes
+ * and re-imported. Returns the CBOR-encoded bytes (like the other COSE
+ * producers); pass the decoded map to <code>importKey</code> to round-trip.
+ *
+ * Accepts the same key types <code>importKey</code> / <code>verify</code>
+ * understand: EC2 (P-256 / P-384 / P-521) and OKP (Ed25519). A private
+ * key has its public half exported. Other curves / key types are
+ * refused rather than emitting a COSE_Key no verifier here would accept.
+ *
+ * @opts
+ *   alg:   string,          // optional COSE alg label (e.g. "ES256") → COSE_Key label 3
+ *   kid:   Buffer | string, // optional key id → COSE_Key label 2 (bstr; string encoded UTF-8)
+ *
+ * @example
+ *   var bytes = b.cose.exportKey(pubKey, { alg: "ES256", kid: "key-1" });
+ *   var key   = b.cose.importKey(b.cbor.decode(bytes));   // round-trips
+ */
+function exportKey(keyObject, opts) {
+  opts = opts || {};
+  if (!keyObject || typeof keyObject.export !== "function" || typeof keyObject.type !== "string") {
+    throw new CoseError("cose/bad-key", "cose.exportKey: expected a node:crypto KeyObject");
+  }
+  // A private key exports its public half — a COSE_Key here is a
+  // verification key, never the secret.
+  var pub = keyObject.type === "private" ? nodeCrypto.createPublicKey(keyObject) : keyObject;
+  var jwk;
+  try { jwk = pub.export({ format: "jwk" }); }
+  catch (e) { throw new CoseError("cose/bad-key", "cose.exportKey: could not export key to JWK: " + ((e && e.message) || e)); }
+
+  var coseKey = new Map();
+  if (jwk.kty === "OKP") {
+    if (jwk.crv !== "Ed25519") {
+      throw new CoseError("cose/unsupported-key", "cose.exportKey: only OKP curve Ed25519 is supported (got " + jwk.crv + ")");
+    }
+    coseKey.set(COSE_KEY_LABEL_KTY, COSE_KTY_OKP);
+    coseKey.set(-1, COSE_OKP_ED25519);
+    coseKey.set(-2, Buffer.from(jwk.x, "base64url"));
+  } else if (jwk.kty === "EC") {
+    var crvId = COSE_EC2_CRV_ID[jwk.crv];
+    if (!crvId) {
+      throw new CoseError("cose/unsupported-key", "cose.exportKey: unsupported EC curve " + jwk.crv + " (only P-256 / P-384 / P-521)");
+    }
+    coseKey.set(COSE_KEY_LABEL_KTY, COSE_KTY_EC2);
+    coseKey.set(-1, crvId);
+    coseKey.set(-2, Buffer.from(jwk.x, "base64url"));
+    coseKey.set(-3, Buffer.from(jwk.y, "base64url"));
+  } else {
+    throw new CoseError("cose/unsupported-key", "cose.exportKey: kty must be OKP or EC (got " + jwk.kty + ")");
+  }
+
+  if (opts.kid !== undefined) {
+    var kid = Buffer.isBuffer(opts.kid) ? opts.kid
+      : (typeof opts.kid === "string" ? Buffer.from(opts.kid, "utf8") : null);
+    if (!kid) throw new CoseError("cose/bad-kid", "cose.exportKey: opts.kid must be a Buffer or string");
+    coseKey.set(COSE_KEY_LABEL_KID, kid);
+  }
+  if (opts.alg !== undefined) {
+    var algId = ALG_NAME_TO_ID[opts.alg];
+    if (algId === undefined) {
+      throw new CoseError("cose/unknown-alg", "cose.exportKey: opts.alg '" + opts.alg + "' not recognized");
+    }
+    coseKey.set(COSE_KEY_LABEL_ALG, algId);
+  }
+  return cbor.encode(coseKey);
+}
+
 module.exports = {
   sign:        sign,
   verify:      verify,
@@ -812,6 +895,7 @@ module.exports = {
   mac0:        mac0,
   macVerify0:  macVerify0,
   importKey:   importKey,
+  exportKey:   exportKey,
   ALGORITHMS:  ALG_NAME_TO_ID,
   MAC_ALGORITHMS: HMAC_NAME_TO_ID,
   COSE_MAC0_TAG: COSE_MAC0_TAG,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.19",
+  "version": "0.13.21",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:bcf724d0-38ac-437e-86b3-47da5e8b72dc",
+  "serialNumber": "urn:uuid:28562fda-52a1-4d96-ad78-e3c056763938",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-27T21:23:48.501Z",
+    "timestamp": "2026-05-27T23:30:24.926Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.19",
+      "bom-ref": "@blamejs/core@0.13.21",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.19",
+      "version": "0.13.21",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.19",
+      "purl": "pkg:npm/%40blamejs/core@0.13.21",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.19",
+      "ref": "@blamejs/core@0.13.21",
       "dependsOn": []
     }
   ]