@blamejs/core 0.13.24 → 0.13.25

package/CHANGELOG.md

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 
 ## v0.13.x
 
+- v0.13.25 (2026-05-28) — **Agent idempotency results and orchestrator/tenant registry rows are sealed at rest.** The b.agent.idempotency, b.agent.orchestrator, and b.agent.tenant primitives documented their stored rows as sealed at rest, but the values were written as plaintext JSON — a database dump could expose cached result payloads (which can carry mail-move / search data), the tenant ids that own each agent, and operator-supplied endpoint metadata. Those values are now sealed via b.cryptoField (XChaCha20-Poly1305 through the vault) before they reach the backing store and unsealed on read, when a vault is configured — which is the default in a booted app. Each ciphertext is AAD-bound to its row identity so a database-write attacker cannot copy a sealed value between rows. Reads of rows written before this release (plain JSON) continue to work unchanged, and a vault-less deployment stores rows as before. No API or call-site changes are required. **Fixed:** *`b.agent.saga` run() return/throw shape documented correctly* — The doc said `run()` resolves to `{ status: "failed", failedStep, lastCompensationError }` on failure and to a bare final state. In fact it resolves to `{ status: "completed", sagaId, state }` on success and rejects (throws) on step failure with an error carrying `failedStep`, `cause`, `compensationCause`, and `failedCompStepName`. The docs now describe the actual contract. · *`b.agent.idempotency` put() example uses the real option name* — The example passed `{ argsFingerprint: ... }`, which the function does not read; the fingerprint option is `requestFingerprint` (or `args`). The example now uses `requestFingerprint`. · *`b.agent.tenant.derivedKey` @since corrected to 0.9.26* — It was tagged `@since 0.9.25`, a version before the tenant module existed; it ships in 0.9.26 alongside `b.agent.tenant.create`. · *`b.agent.trace.injectIntoEnvelope` documented as single-argument* — The doc listed a second `currentSpan` argument the function ignores — it always injects the currently-active span's trace context. The doc now shows `injectIntoEnvelope(envelope)` and notes it should be called while the intended span is active. **Security:** *Agent idempotency / orchestrator / tenant rows sealed at rest* — `b.agent.idempotency` cached result blobs, `b.agent.orchestrator` registry rows (owning tenant id + endpoint metadata), and `b.agent.tenant` registry-row metadata are now sealed via `b.cryptoField` when a vault is configured (the default in a booted app via `b.start`). The fields were previously stored as plaintext despite the docs describing them as sealed, so a DB dump exposed cached payloads, agent↔tenant ownership, and endpoint detail. Each sealed value is AAD-bound to the row identity (the idempotency key hash / the agent name / the tenant id), so a sealed value cannot be copied between rows. Rows written before this release remain readable (a non-sealed value passes through unseal), and a vault-less deployment behaves as before. No call-site changes.
+
 - v0.13.24 (2026-05-28) — **`b.guard*` docs corrected: the compliance-posture opt key, the gate API, and validate return shapes.** Documentation corrections across the b.guard* family. The most consequential: the posture-selection option was documented as `compliance:` in many guards' @opts, but the working key is `compliancePosture:` — passing the documented `{ compliance: "hipaa" }` was silently ignored, so a compliance posture (e.g. HIPAA PII redaction) never activated. If you select a posture via the gate/validate/sanitize options, use `compliancePosture:`; `compliance:` had no effect. The guard docs now name the correct key uniformly. Also corrected: gate examples and prose that invoked the gate as a callable or via `.run` / `.inspect` (the gate is an object whose method is `.check(ctx)`), and validate() return shapes that listed `severities` / `summary` / `refusal` fields the function never returned (it returns `{ ok, issues }`). **Fixed:** *guard posture option is `compliancePosture:`, not `compliance:`* — Many `b.guard*` primitives documented the compliance-posture selector as `compliance: "hipaa"|"pci-dss"|"gdpr"|"soc2"` in their `@opts`, but the family resolver reads `compliancePosture:`. Passing `{ compliance: "hipaa" }` was accepted and silently ignored — the posture overlay (e.g. CSV `piiPolicy: "redact"` under HIPAA) never applied, leaving the default policy in force. The docs across the guard family now name `compliancePosture:` consistently (the key the resolver and `b.guardX.compliancePosture(name)` already used). Action: if you selected a posture with `compliance:`, switch to `compliancePosture:` — the posture was not taking effect before. · *guard gate is an object with `.check(ctx)`, not a callable* — Several guards' gate `@example`s and prose invoked the gate as a function (`g({...})`), via `.run(...)`, or via `.inspect(...)`, and a few described it as "an async function". `b.guardX.gate(opts)` returns an object whose async method is `.check(ctx)`; the examples and prose now use `.check`, so they run as written. · *guard validate() returns `{ ok, issues }`* — Several guards documented `validate()` as returning `{ ok, issues, severities }`, `{ ok, issues, summary }`, or `{ ok, issues, refusal? }`. The function returns `{ ok, issues }` (each issue carries its own `severity` / `kind`); the documented extra top-level fields were never present. The docs now state the actual shape.
 
 - v0.13.23 (2026-05-28) — **Documentation corrected to match actual behavior across several primitives.** A set of JSDoc / doc-comment corrections where the documented contract had drifted from what the code does. No behavior changes — the implementations already behaved as now documented; only the docs were wrong. The most operator-relevant is the JWT signer doc: an expiring token signed without an explicit jti receives an auto-minted 128-bit jti (so the replay-defense path has the jti it needs), which the sign-opts doc previously denied. Also corrected: did.resolve's unsupported-method error now names did:jwk (always supported); b.cose.verify is marked stable to match its stable sign sibling and the CWT / EAT / SCITT / mdoc verifiers built on it; b.linkHeader.serialize's doc now states every parameter value is double-quoted; b.auth.saml verifyResponse's documented return shape now lists inResponseTo and issuer (both always returned); and the rate-limit custom-backend contract drops a gc member the middleware never invoked. **Fixed:** *JWT signer doc now describes the auto-minted jti on expiring tokens* — `b.auth.jwt.sign`'s opts doc claimed that omitting `jti` adds no jti. In fact, when a token carries an `exp` and no operator-supplied `jti`, the signer auto-mints a random 128-bit `jti` so a replay-protected token always carries the identifier `verify`'s replay store requires. The doc now describes this; pass an explicit `jti` for a deterministic value. Behavior is unchanged. · *`b.did.resolve` unsupported-method error now names did:jwk* — The thrown error for an unsupported DID method listed only `did:key` and `did:web`, omitting `did:jwk`, which `resolve` fully supports. The message now reads `(did:key, did:jwk, and did:web only)`. · *`b.cose.verify` marked stable* — `b.cose.verify` carried `@status experimental` while its `b.cose.sign` sibling is stable and the CWT / EAT / SCITT / mdoc verifiers that depend on it are stable and shipped. The verifier is the same maturity as the rest of the COSE_Sign1 round-trip; its status now reflects that. · *`b.linkHeader.serialize` doc matches its quoting behavior* — The doc said parameters are token-encoded when they fit RFC 7230 token grammar and double-quoted otherwise. The serializer always double-quotes every value (valid under RFC 8288, and required for space-separated multi-rel and media-type values). The doc now states that. · *`b.auth.saml` verifyResponse documented return shape lists all fields* — The prose and the example each omitted a different field that `verifyResponse` always returns. The documented shape now lists all of `nameId`, `nameIdFormat`, `sessionIndex`, `attributes`, `audience`, `inResponseTo`, and `issuer`. · *rate-limit custom-backend contract is `{ take, reset }`* — The custom-backend opts doc listed a `gc` member that the middleware never reads or invokes (the runtime contract is `take` / `reset` / `close`, and the error message already said `{ take, reset }`). The documented shape now matches; an operator-supplied `gc` was always silently ignored. · *`b.mail.agent.create` doc no longer lists consumer as a method* — The created agent's method list named `consumer`, which is not a method on the returned object — the queue consumer is the sibling export `b.mail.agent.consumer`. The doc now says so.

package/lib/agent-idempotency.js

@@ -12,10 +12,13 @@
  *   generic agent-shaped surface:
  *
  *     - **`instance.get(method, actorId, key)`** — returns cached
- *       result envelope or `null`. Sealed columns unseal via
- *       `b.cryptoField`.
+ *       result envelope or `null`. The result blob unseals via
+ *       `b.cryptoField` when a vault is configured.
  *     - **`instance.put(method, actorId, key, result, opts?)`** —
- *       serialize (`b.safeJson.stringify`) + seal + persist with TTL.
+ *       serialize (`b.safeJson.stringify`), seal the result blob at rest
+ *       via `b.cryptoField` (when a vault is configured — the default in
+ *       a booted app; vault-less, the blob is stored as-is), persist
+ *       with TTL.
  *       Refuses if the same `(method, actorId, key)` already has a
  *       cached entry whose `requestFingerprint` differs from the
  *       supplied args fingerprint (defends key-reuse-different-args
@@ -67,11 +70,35 @@ var guardIdempotencyKey = require("./guard-idempotency-key");
 var agentAudit        = require("./agent-audit");
 
 var audit             = lazyRequire(function () { return require("./audit"); });
+var cryptoField       = lazyRequire(function () { return require("./crypto-field"); });
+var vault             = lazyRequire(function () { return require("./vault"); });
 
 var AgentIdempotencyError = defineClass("AgentIdempotencyError", { alwaysPermanent: true });
 
 var DEFAULT_TTL_MS        = C.TIME.hours(24);
 var MAX_RESULT_BYTES      = C.BYTES.mib(1);
+
+// At-rest sealing of the cached result. The result envelope can hold
+// mail-move / search payloads, so the serialized blob is sealed via
+// b.cryptoField before it reaches the backing store and unsealed on
+// read — when a vault is configured (the default in a booted app via
+// b.start). Without a vault there is no key, so the blob is stored
+// as-is, the same vault-less mode the orchestrator's salted-FNV
+// fallback supports. AAD binds each ciphertext to its keyHash (the row
+// identity) so a DB-write attacker cannot copy a sealed result between
+// rows. Rows written while vault-less (or before sealing landed) are
+// plain JSON; unsealRow passes a non-`vault:` value through unchanged.
+var SEAL_TABLE = "agent_idempotency";
+var _sealTableRegistered = false;
+function _ensureSealTable() {
+  if (_sealTableRegistered) return;
+  cryptoField().registerTable(SEAL_TABLE, {
+    sealedFields: ["resultBlob"],
+    aad:          true,
+    rowIdField:   "keyHash",
+  });
+  _sealTableRegistered = true;
+}
 // Parse ceiling tracks the operator's configured maxResultBytes (set
 // per-instance via opts.maxResultBytes) — see _get. A static parse cap
 // would silently lose entries when operators raise the write cap.
@@ -99,7 +126,7 @@ var MAX_RESULT_BYTES      = C.BYTES.mib(1);
  *   var existing = await idem.get("move", "u1", "jmap-req-abc");
  *   if (existing) return existing.result;
  *   var result = await mailAgent.move(args);
- *   await idem.put("move", "u1", "jmap-req-abc", result, { argsFingerprint: "..." });
+ *   await idem.put("move", "u1", "jmap-req-abc", result, { requestFingerprint: "..." });
  */
 function create(opts) {
   opts = opts || {};
@@ -242,17 +269,22 @@ async function _get(store, method, actorId, key, auditImpl, ttlMs, maxResultByte
       { method: method, actorIdHash: _truncHash(_actorIdHash(actorId)) });
     return null;
   }
-  // Deserialize the sealed result blob. v0.9.22 ships a simple
-  // safeJson re-parse since the result was JSON-stringified at put().
-  // v0.9.25 tenant integration will swap this for per-tenant sealRow
-  // unseal when the row is sealed at rest.
+  // Unseal the result blob into a copy (when a vault is configured;
+  // vault-less or pre-sealing rows are plain JSON and used as-is). The
+  // original sealed `row` is preserved so the replay-count re-put below
+  // cannot round-trip plaintext back to the store.
+  var unsealed = row;
+  if (vault().isInitialized()) {
+    _ensureSealTable();
+    unsealed = cryptoField().unsealRow(SEAL_TABLE, row);
+  }
   var result;
   try {
     // Parse cap mirrors the operator's configured maxResultBytes (the
     // same cap put() enforced on write) — a static parse ceiling would
     // turn valid cached entries into permanent replay errors when the
     // operator raises the write cap.
-    result = safeJson.parse(row.resultBlob, { maxBytes: maxResultBytes });
+    result = safeJson.parse(unsealed.resultBlob, { maxBytes: maxResultBytes });
   } catch (e) {
     throw new AgentIdempotencyError("agent-idempotency/corrupt-result",
       "get: cached result failed to parse — " + (e && e.message ? e.message : String(e)));
@@ -333,7 +365,15 @@ async function _put(store, method, actorId, key, result, putOpts, ttlMs, maxResu
     replayCount:        existing ? (existing.replayCount || 0) : 0,
     expiresAt:          now + ttlMs,
   };
-  await store.put(method, actorId, hash, row);
+  // Seal the result blob at rest when a vault is configured (keyHash is
+  // populated above, so the AAD binding resolves). resultBlob stays the
+  // plaintext local for the audit byte-count below.
+  var sealedRow = row;
+  if (vault().isInitialized()) {
+    _ensureSealTable();
+    sealedRow = cryptoField().sealRow(SEAL_TABLE, row);
+  }
+  await store.put(method, actorId, hash, sealedRow);
   _safeAudit(auditImpl, "agent.idempotency.put", null, {
     method: method, actorIdHash: _truncHash(row.actorIdHash),
     resultBytes: Buffer.byteLength(resultBlob, "utf8"),

package/lib/agent-orchestrator.js

@@ -13,9 +13,10 @@
  *
  *     - **Registry** (`register` / `lookup` / `unregister` / `list`)
  *       — pluggable backend; in-memory default, durable via operator-
- *       supplied `b.config.loadDbBacked` for restart-survival. Sealed
- *       rows so tenant names + endpoint metadata don't leak in DB
- *       dumps.
+ *       supplied `b.config.loadDbBacked` for restart-survival. Rows are
+ *       sealed at rest via `b.cryptoField` when a vault is configured
+ *       (the default in a booted app), so tenant names + endpoint
+ *       metadata don't leak in DB dumps.
  *     - **Sharded topics** (`spawnConsumers`) — consistent-hash route
  *       per-shard so each tenant's traffic owns one shard's ordering.
  *     - **Leader-elected singletons** (`elect`) — composes `b.cluster`
@@ -61,9 +62,59 @@ var agentAudit        = require("./agent-audit");
 var audit             = lazyRequire(function () { return require("./audit"); });
 var cluster           = lazyRequire(function () { return require("./cluster"); });
 var vault             = lazyRequire(function () { return require("./vault"); });
+var cryptoField       = lazyRequire(function () { return require("./crypto-field"); });
+var safeJson          = require("./safe-json");
 
 var AgentOrchestratorError = defineClass("AgentOrchestratorError", { alwaysPermanent: true });
 
+// At-rest sealing of registry rows. The owning tenant id and the
+// operator-supplied endpoint metadata are sealed via b.cryptoField
+// before a row reaches the backend, so a DB dump does not leak which
+// tenants own which agents or their endpoint detail — when a vault is
+// configured (the default in a booted app via b.start). Without a vault
+// there is no key, so rows are stored as-is (the same vault-less mode
+// the salted-FNV shard fallback below supports). AAD binds each
+// ciphertext to the agent `name` (the row identity). `metadata` is an
+// object, so it is JSON-serialized before sealing and parsed back on
+// read; `tenantId` may be null (sealRow leaves null fields untouched).
+// Vault-less or pre-sealing rows carry plain values; unsealRow passes a
+// non-sealed value through, so they still read.
+var SEAL_TABLE = "agent_orchestrator_registry";
+var _sealTableRegistered = false;
+var SEAL_METADATA_MAX_BYTES = C.BYTES.mib(1);
+function _ensureSealTable() {
+  if (_sealTableRegistered) return;
+  cryptoField().registerTable(SEAL_TABLE, {
+    sealedFields: ["tenantId", "metadata"],
+    aad:          true,
+    rowIdField:   "name",
+  });
+  _sealTableRegistered = true;
+}
+function _sealRegistryRow(row) {
+  if (!vault().isInitialized()) return row;          // vault-less: store as-is (no key)
+  _ensureSealTable();
+  var pre = Object.assign({}, row);
+  if (pre.metadata !== undefined && pre.metadata !== null && typeof pre.metadata !== "string") {
+    pre.metadata = safeJson.stringify(pre.metadata);
+  }
+  return cryptoField().sealRow(SEAL_TABLE, pre);
+}
+function _unsealRegistryRow(row) {
+  if (!row) return row;
+  if (!vault().isInitialized()) return row;          // vault-less: rows are plain
+  _ensureSealTable();
+  var out = cryptoField().unsealRow(SEAL_TABLE, row);
+  // New rows stored metadata as a sealed JSON string; legacy rows stored
+  // it as a plain object (which passes through unseal untouched). Only
+  // the string form needs parsing back to an object.
+  if (typeof out.metadata === "string") {
+    try { out.metadata = safeJson.parse(out.metadata, { maxBytes: SEAL_METADATA_MAX_BYTES }); }
+    catch (_e) { /* leave as-is — operator-stored raw string metadata */ }
+  }
+  return out;
+}
+
 var DEFAULT_DRAIN_TIMEOUT_MS = C.TIME.minutes(2);
 var STREAM_ID_RAND_BYTES     = 8;                                                                     // allow:raw-byte-literal — stream-id random-suffix byte length, not a size cap
 var DEFAULT_PER_CONSUMER_STOP_MS = C.TIME.seconds(5);
@@ -278,7 +329,9 @@ async function _register(ctx, name, agent, regOpts) {
     registeredAt:   Date.now(),
     metadata:       regOpts.metadata || {},
   };
-  await ctx.backend.set(name, row);
+  // Seal tenantId + metadata at rest (name is populated, so the AAD
+  // binding resolves). The plaintext `row` is kept for the audit below.
+  await ctx.backend.set(name, _sealRegistryRow(row));
   ctx.liveAgents.set(name, agent);
   _safeAudit(ctx, "agent.orchestrator.registered", regOpts.actor, {
     name: name, agentKind: regOpts.agentKind, tenantId: row.tenantId,
@@ -326,7 +379,7 @@ async function _lookup(ctx, name, args) {
 async function _list(ctx, args) {
   guardAgentRegistry.validate({ kind: "list" }, {});
   _checkPermission(ctx, args.actor, "agent-registry:read");
-  var rows = await ctx.backend.list();
+  var rows = (await ctx.backend.list()).map(_unsealRegistryRow);
   return rows.filter(function (r) {
     if (args.kind && r.kind !== args.kind) return false;
     if (args.tenantId && r.tenantId !== args.tenantId) return false;

package/lib/agent-saga.js

@@ -51,8 +51,10 @@
  *
  *   Compensations that throw emit `agent.saga.compensation_failed`
  *   audit at CRITICAL severity and halt further compensations
- *   (operator alert; manual intervention needed). The saga returns
- *   `{ status: "failed", failedStep, lastCompensationError }`.
+ *   (operator alert; manual intervention needed). On step failure the
+ *   saga REJECTS (throws) rather than resolving — the thrown error
+ *   carries `failedStep`, `cause` (the originating step error),
+ *   `compensationCause`, and `failedCompStepName`.
  *
  *   ## No saga-level retry
  *
@@ -87,8 +89,10 @@ var SAGA_ID_RAND_BYTES = 8;
  * @status    stable
  * @related   b.agent.idempotency.create, b.outbox.enqueue
  *
- * Create a saga definition. Returns an instance with `run(ctx,
- * initialState, opts) → Promise<finalState>`.
+ * Create a saga definition. Returns an instance whose `run(ctx,
+ * initialState, opts)` resolves to `{ status: "completed", sagaId,
+ * state }` on success and rejects (throws) on step failure with an
+ * error carrying the failed-step + compensation detail (see the intro).
  *
  * @opts
  *   name:    string,                       // required (audit label)

package/lib/agent-tenant.js

@@ -11,8 +11,9 @@
  *   tends to leak across handlers, with one centralized scope:
  *
  *     - **Registry** — `register(tenantId, config)` declares a tenant
- *       boundary at boot. Sealed registry rows so tenant metadata
- *       doesn't leak in DB dumps.
+ *       boundary at boot. The row's metadata is sealed at rest via
+ *       `b.cryptoField` when a vault is configured (the default in a
+ *       booted app), so tenant metadata doesn't leak in DB dumps.
  *     - **Cross-tenant gate** — `check(actor, agentTenantId)` refuses
  *       calls where `actor.tenantId !== agentTenantId` unless the
  *       actor holds the `framework.cross-tenant-admin` scope.
@@ -51,10 +52,12 @@
  */
 
 var lazyRequire      = require("./lazy-require");
+var C                = require("./constants");
 var { defineClass }  = require("./framework-error");
 var guardTenantId    = require("./guard-tenant-id");
 var bCrypto          = require("./crypto");
 var agentAudit       = require("./agent-audit");
+var safeJson         = require("./safe-json");
 
 var audit            = lazyRequire(function () { return require("./audit"); });
 var cryptoField      = lazyRequire(function () { return require("./crypto-field"); });
@@ -62,6 +65,52 @@ var vault            = lazyRequire(function () { return require("./vault"); });
 
 var AgentTenantError = defineClass("AgentTenantError", { alwaysPermanent: true });
 
+// At-rest sealing of the tenant registry row's metadata. The registry
+// maps a tenantId to its config; the operator-supplied `metadata` is
+// sealed via b.cryptoField before reaching the backend so a DB dump
+// does not leak it — when a vault is configured (the default in a
+// booted app via b.start). Without a vault there is no key, so the row
+// is stored as-is. The registry is framework-owned coordination state,
+// so it uses the singleton vault key (cryptoField.sealRow) — the
+// per-tenant `sealRowForTenant` path below is for tenant DATA tables
+// where cross-tenant cryptographic isolation matters. AAD binds the
+// ciphertext to the tenantId (the row identity); `metadata` is an
+// object, so it is JSON-serialized before sealing and parsed on read.
+// Rows written before sealing landed carry a plain object; unsealRow
+// passes a non-sealed value through, so they still read.
+var SEAL_TABLE = "agent_tenant_registry";
+var _sealTableRegistered = false;
+var SEAL_METADATA_MAX_BYTES = C.BYTES.mib(1);
+function _ensureSealTable() {
+  if (_sealTableRegistered) return;
+  cryptoField().registerTable(SEAL_TABLE, {
+    sealedFields: ["metadata"],
+    aad:          true,
+    rowIdField:   "tenantId",
+  });
+  _sealTableRegistered = true;
+}
+function _sealRegistryRow(row) {
+  if (!vault().isInitialized()) return row;          // vault-less: store as-is (no key)
+  _ensureSealTable();
+  var pre = Object.assign({}, row);
+  if (pre.metadata !== undefined && pre.metadata !== null && typeof pre.metadata !== "string") {
+    pre.metadata = safeJson.stringify(pre.metadata);
+  }
+  return cryptoField().sealRow(SEAL_TABLE, pre);
+}
+function _unsealMetadata(row) {
+  if (!row) return row;
+  if (!vault().isInitialized()) return row;          // vault-less: row is plain
+  _ensureSealTable();
+  var out = cryptoField().unsealRow(SEAL_TABLE, row);
+  if (typeof out.metadata === "string") {
+    try { out.metadata = safeJson.parse(out.metadata, { maxBytes: SEAL_METADATA_MAX_BYTES }); }
+    catch (_e) { /* legacy raw-string metadata — leave as-is */ }
+  }
+  return out;
+}
+
 var CROSS_TENANT_ADMIN_SCOPE = "framework-cross-tenant-admin";
 
 // Per-tenant key derivation domain separators. NIST SP 800-108 r1 §5.1
@@ -146,7 +195,9 @@ async function _register(ctx, tenantId, regOpts) {
     metadata:       regOpts.metadata || {},
     registeredAt:   Date.now(),
   };
-  await ctx.backend.set(tenantId, row);
+  // Seal metadata at rest (tenantId is populated, so the AAD binding
+  // resolves). The plaintext `row` is kept for the audit below.
+  await ctx.backend.set(tenantId, _sealRegistryRow(row));
   agentAudit.safeAudit(ctx.audit, "agent.tenant.registered", regOpts.actor, {
     tenantId: tenantId, posture: row.posture,
   });
@@ -213,6 +264,7 @@ async function _lookup(ctx, tenantId, args) {
   guardTenantId.validate(tenantId);
   var row = await ctx.backend.get(tenantId);
   if (!row) return null;
+  row = _unsealMetadata(row);
   return {
     tenantId:      row.tenantId,
     posture:       row.posture,
@@ -389,7 +441,7 @@ function _deriveTenantKeyBytes(tenantId, purpose) {
 /**
  * @primitive b.agent.tenant.derivedKey
  * @signature b.agent.tenant.derivedKey(tenantId, purpose)
- * @since     0.9.25
+ * @since     0.9.26
  * @status    stable
  * @compliance hipaa, pci-dss, gdpr, soc2
  * @related   b.agent.tenant.create, b.archive.wrap, b.vault

package/lib/agent-trace.js

@@ -14,9 +14,10 @@
  *   The substrate at v0.9.29 ships the integration surface:
  *
  *     - `startSpan(name, opts)` — wrap an agent method call in a span
- *     - `injectIntoEnvelope(envelope, currentSpan)` — inject W3C
- *       `traceparent` + `tracestate` into queue / event-bus / sub-
- *       agent envelopes so the consumer can continue the trace
+ *     - `injectIntoEnvelope(envelope)` — inject the currently-active
+ *       span's W3C `traceparent` + `tracestate` into queue / event-bus
+ *       / sub-agent envelopes so the consumer can continue the trace
+ *       (call inside the `startSpan` callback so the right span is live)
  *     - `extractFromEnvelope(envelope)` — parse the envelope's
  *       trace context (refused via `b.guardTraceContext` if
  *       malformed)

package/lib/vault/index.js

@@ -625,6 +625,7 @@ module.exports = {
   getKeysJson:           getKeysJson,
   getCurrentPassphrase:  getCurrentPassphrase,
   getMode:               getMode,
+  isInitialized:         function () { return initialized; },
   VaultError:            VaultError,
   sealPemFile:           sealPemFileModule.sealPemFile,
   SealPemFileError:      sealPemFileModule.SealPemFileError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.24",
+  "version": "0.13.25",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:be8cbd49-821e-4e0e-92d5-ea42e8aff583",
+  "serialNumber": "urn:uuid:47754ab4-658d-4a84-ac31-adda479b6281",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-28T11:47:50.484Z",
+    "timestamp": "2026-05-28T12:35:12.333Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.24",
+      "bom-ref": "@blamejs/core@0.13.25",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.24",
+      "version": "0.13.25",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.24",
+      "purl": "pkg:npm/%40blamejs/core@0.13.25",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.24",
+      "ref": "@blamejs/core@0.13.25",
       "dependsOn": []
     }
   ]