@blamejs/core 0.14.22 → 0.14.25

package/lib/middleware/idempotency-key.js

@@ -309,25 +309,33 @@ function dbStore(opts) {
     });
   }
 
-  // Derive a per-vault HMAC secret for fingerprint sealing.
-  // The vault root key is the trust root; without it the secret is
-  // unrecoverable. Lazy: only derived when fpSealOn is enabled AND the
-  // vault is ready, so test fixtures that haven't initialized the
-  // vault still construct a dbStore (the fingerprint then falls back
-  // to bare sha3-256 with a single audit warning).
+  // Derive a per-vault HMAC secret for fingerprint sealing. Seed off the
+  // SEALED per-deployment MAC key (vault.getDerivedHashMacKey, sealed at
+  // rest under the vault root) — NOT getDerivedHashSalt, which sits in
+  // PLAINTEXT on disk. With the salt-derived seed an attacker who read
+  // the disk could recompute the HMAC key and forge / correlate request
+  // fingerprints; the sealed MAC key closes that (the vault root is the
+  // trust root, so the secret is unrecoverable without it). Lazy: only
+  // derived when fpSealOn is enabled AND the vault is ready, so test
+  // fixtures that haven't initialized the vault still construct a
+  // dbStore (the fingerprint then falls back to bare sha3-256 with a
+  // single audit warning).
   var fpHmacSecret = null;
   if (fpSealOn) {
     try {
-      // Use vault.aad.buildContextAad as a stable derivation input;
-      // the derivedHashSalt is per-deployment so the same dbStore
-      // instance across hosts converges on the same HMAC key.
-      var fpDeriveInput = "idempotency.fingerprint:" + tableNameRaw + ":" +
-        vault.getDerivedHashSalt().toString("hex");
-      fpHmacSecret = bCrypto.kdf(Buffer.from(fpDeriveInput, "utf8"), C.BYTES.bytes(32));
+      // The MAC key is per-deployment + sealed, so the same dbStore
+      // instance across hosts converges on the same HMAC key while disk
+      // access alone cannot recover it. The table name domain-separates
+      // the fingerprint secret from other consumers of the MAC key.
+      var fpDeriveInput = Buffer.concat([
+        vault.getDerivedHashMacKey(),
+        Buffer.from("idempotency.fingerprint:" + tableNameRaw, "utf8"),
+      ]);
+      fpHmacSecret = bCrypto.kdf(fpDeriveInput, C.BYTES.bytes(32));
     } catch (_fpErr) {
       _emitAudit("idempotency.fingerprint_seal_skipped_no_vault",
         { tableName: tableNameRaw,
-          reason: "vault.getDerivedHashSalt() unavailable; fingerprint falls back to plain sha3-256" },
+          reason: "vault.getDerivedHashMacKey() unavailable; fingerprint falls back to plain sha3-256" },
         "warning");
       fpHmacSecret = null;
     }

package/lib/retention.js

@@ -274,8 +274,18 @@ function create(opts) {
     values.push(row._id);
     var upd2 = db.prepare("UPDATE \"" + table + "\" SET " + setClauses.join(", ") + " WHERE _id = ?");
     upd2.run.apply(upd2, values);
+    // Per-row-key tables (declarePerRowKey): NULLing the sealed columns
+    // is not enough — WAL / replica residuals keep the old K_row cells.
+    // Destroy the row's wrapped secret so K_row is unrecoverable and the
+    // residual ciphertext reads as absent (crypto-shred, GDPR Art. 17).
+    // rowId is row._id, the same identity materialize / eraseHard use.
+    var perRowKeysDestroyed = 0;
+    if (cryptoField.hasPerRowKey(table)) {
+      var dr = cryptoField.destroyPerRowKey(table, row._id, db);
+      perRowKeysDestroyed = (dr && dr.destroyed) || 0;
+    }
     void erased;
-    return { erased: 1, sealedFieldCount: sealedFields.length };
+    return { erased: 1, sealedFieldCount: sealedFields.length, perRowKeysDestroyed: perRowKeysDestroyed };
   }
 
   function _cascade(rule, rowId, dryRun) {

package/lib/vault-aad.js

@@ -304,6 +304,12 @@ module.exports = {
   isAadSealed:        isAadSealed,
   buildColumnAad:     buildColumnAad,
   buildContextAad:    buildContextAad,
+  // canonicalizeAad — the length-prefixed, sorted-keys AAD-bytes
+  // encoder. Exported (internal) so a sibling primitive that runs its
+  // own AEAD (crypto-field's per-row K_row cells) threads byte-identical
+  // AAD into encryptPacked/decryptPacked as this module does for its
+  // own seal/unseal — one canonical encoder, no drift.
+  canonicalizeAad:    _canonicalize,
   AAD_PREFIX:         AAD_PREFIX,
   AAD_VERSION:        AAD_VERSION,
   VaultAadError:      VaultAadError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.14.22",
+  "version": "0.14.25",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:6a454186-ef0a-43dd-8780-6900d4f1daf5",
+  "serialNumber": "urn:uuid:a667e112-0ef6-4c72-b5b8-839233b6e4a6",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-06-05T17:23:40.587Z",
+    "timestamp": "2026-06-06T17:19:53.413Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.14.22",
+      "bom-ref": "@blamejs/core@0.14.25",
       "type": "application",
       "name": "blamejs",
-      "version": "0.14.22",
+      "version": "0.14.25",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.14.22",
+      "purl": "pkg:npm/%40blamejs/core@0.14.25",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.14.22",
+      "ref": "@blamejs/core@0.14.25",
       "dependsOn": []
     }
   ]