@blamejs/core 0.8.57 → 0.8.58

package/CHANGELOG.md

@@ -8,6 +8,7 @@ upgrading across more than a few patches at a time.
 
 ## v0.8.x
 
+- v0.8.58 (2026-05-09) — `b.db` query-builder + facade extensions for HermitStash-shaped migrations + adjacent gaps. **Query atoms** on `b.db.from(table)`: `.increment(column, delta)` (atomic `UPDATE col = COALESCE(col, 0) + ?`, refuses unconditional, returns rows-changed), `.whereGroup(qb => ...)` (closure-form OR composition via new `WhereBuilder` class with `.eq` / `.neq` / `.gt` / `.gte` / `.lt` / `.lte` / `.in` / `.like` AND vs `.orEq` / `.orNeq` / ... OR + `.raw`), `.orWhere(...)` (top-level OR; accepts object map / `(field, value)` / `(field, op, value)` / closure), `.search(fields, term, opts?)` (chainable LIKE-OR with `match: "substring"|"prefix"|"exact"`, `~` ESCAPE char to safely handle user-supplied `%`/`_`), `.paginate(opts)` (returns `{ items, total, limit, offset, page, totalPages }`; default limit 25, cap 1000). **Mongo facade** at `b.db.collection(name)` returning `{ insert, insertMany, find, findOne, update, updateMany, remove, count, paginate }` — maps Mongo-shape calls onto `b.db.from(name)`. Update operators: `$set` / `$inc` (composes `Query.increment`) / `$unset`. Query operators: `$eq` / `$ne` / `$gt` / `$gte` / `$lt` / `$lte` / `$in` / `$like`. Unknown operators throw at config-time. **db.init opt-outs**: `frameworkTables: false` skips provisioning `audit_log` / `consent_log` (operators with their own audit chain reuse the framework's `b.db` / `b.vault` / `b.cryptoField` primitives without the bundled chain tables — append-only triggers, chain verifies, WORM assertions, audit-signing bootstrap, checkpoint verifies, and the `audit_log` / `consent_log` reserved-name refusal all become no-ops). `auditSigning: false` (finer-grained — keep framework tables but skip the audit-signing-key bootstrap when the host manages its own signing key). **db.init path overrides**: `encryptedDbPath` (fully-qualified path to `db.enc`), `encryptedDbName` (basename under `dataDir`, default `"db.enc"`), `dbKeyPath` (encryption-key file outside `dataDir`, e.g. KMS-fronted volume). **`b.db.snapshot()`** — in-memory encrypted Buffer (same envelope `flushToDisk` writes, just held in memory; WAL checkpoint forced first so committed state captures cleanly). Plain mode returns the raw plaintext SQLite file. **`b.mtlsCa.create({ paths })` absolute-path fix** — `_resolvePaths` no longer joins absolute path entries under `dataDir`. The pre-v0.8.58 shape silently rewrote `MTLS_CA_KEY=/etc/ssl/ca.key` → `<dataDir>/etc/ssl/ca.key`, breaking operators with externally-mounted CA files. Standard `path.join` semantics already preserve absolute arguments — the always-join was an oversight. Relative entries still join under `dataDir` (back-compat). **CLAUDE.md release workflow §5** rewritten — host smoke + host wiki e2e (Phase A) run BEFORE container smoke + container wiki e2e (Phase B), sequentially, never in parallel. Both runners write to `.test-output/smoke.log` and `.test-output/wiki-e2e.log`; parallel runs clobber each other so the log of the actually-blocking failure may be overwritten by whichever leg finishes second. Phase B uses `smoke-container.log` / `wiki-e2e-container.log` so diagnose-after-failure is one file lookup. New per-primitive Layer 0 tests: `db-query-extensions.test.js` (27 checks), `db-collection.test.js` (23 checks), `db-init-extensions.test.js` (13 checks), `mtls-ca-paths.test.js` (7 checks). G7 (configurable framework-schema column names) deferred — original message cut off at the heading; re-open with the full proposal. G3 (configurable framework-table names — the `audit_log` / `consent_log` rename) deferred — `frameworkTables: false` covers the audit-conflict use case; full rename touches ~47 hardcoded SQL literals across `lib/audit*.js` / `lib/consent.js` and is its own patch with a refactor proper.
 - v0.8.57 (2026-05-09) — CI green-up for v0.8.56. The v0.8.56 npm-publish workflow's smoke gate passed but the `prepack-guard` script (`scripts/check-pack-against-gitignore.js`) rejected the tarball: it ran `git check-ignore -v` against every packed path and treated EVERY matching gitignore line as "ignored", including `!`-prefixed negation rules. The newly-tracked `lib/vendor/bimi-trust-anchors.pem` matches the `!lib/vendor/*.pem` negation rule that v0.8.54 added, but the script flagged it as "gitignored in tarball" and exited 1. Fix: filter out lines whose matching pattern starts with `!` — those are negation rules indicating the file is NOT actually ignored. No primitive surface change versus v0.8.56.
 - v0.8.56 (2026-05-09) — CI green-up for v0.8.55. macOS smoke runner failed `watcher.test.js: surface onChange for non-ignored file`; the test bumped from 80ms→300ms in v0.8.52, but macOS `fs.watch` event delivery under SMOKE_PARALLEL=64 + CI runner contention can still exceed 300ms. Bumped all four delay sites to 1500ms. Linux/Windows continue to pass on the first event-loop turn; the longer budget only matters when macOS is contended. No primitive surface change versus v0.8.55.
 - v0.8.55 (2026-05-09) — CI green-up for v0.8.54. The v0.8.54 npm-publish hit `rate-limit-cluster.test.js: cluster: 4th request blocked with 429` failing under CI contention. The test's `_waitMicrotasks(3)` helper chained 3 `setImmediate` ticks between `fire()` calls, and the cluster-backend's async `take()` against the DB hadn't finished bumping the counter yet — the 4th `fire()` read a stale count, looked like a pass, and the assertion failed. Bumped to 20 ticks (default + every call site). Linux/Alpine container runners pass on the first attempt; the budget only matters under SMOKE_PARALLEL=64 contention. No primitive surface change versus v0.8.54.

package/lib/db-collection.js

@@ -0,0 +1,290 @@
+"use strict";
+/**
+ * @module     b.db.collection
+ * @nav        Data
+ * @title      Collection
+ * @order      210
+ * @card       Mongo-style facade over `b.db.from(name)`. Wraps the
+ *             chainable Query builder in `{ insert, find, findOne,
+ *             update, remove, count, paginate }` for codebases
+ *             migrating from MongoDB or for primitives that prefer
+ *             the document-store call shape.
+ *
+ * @intro
+ *   `b.db.collection(name)` returns a small adapter that maps Mongo-
+ *   shape calls onto the framework's query-builder primitives:
+ *
+ *     b.db.collection("users").findOne({ email: "alice@x.com" });
+ *       → b.db.from("users").where({ email: "alice@x.com" }).first();
+ *
+ *     b.db.collection("users").update({ _id }, { $set: { name } });
+ *       → b.db.from("users").where({ _id }).updateOne({ name });
+ *
+ *     b.db.collection("users").update({ _id }, { $inc: { failed: 1 } });
+ *       → b.db.from("users").where({ _id }).increment("failed", 1);
+ *
+ *   Operators migrating from a Mongo-shaped codebase (HermitStash and
+ *   peers) can drop in this facade without rewriting every call site
+ *   to the chainable builder. New code typically reaches for the
+ *   builder directly — `b.db.from(...)` is more expressive and
+ *   doesn't pretend to be Mongo.
+ *
+ *   Supported update operators: `$set` (assign), `$inc` (atomic
+ *   increment per column — composes `Query.increment`), `$unset`
+ *   (set to NULL).
+ */
+
+var lazyRequire = require("./lazy-require");
+
+// db.js → db-collection.js → db.from() would create a require cycle.
+// Defer the lookup to call-time so the binding lands after both
+// modules finish loading.
+var db = lazyRequire(function () { return require("./db"); });
+
+function _validateQueryShape(query) {
+  if (!query || typeof query !== "object" || Array.isArray(query)) {
+    throw new TypeError("collection: query must be a plain object");
+  }
+}
+
+function _applyQuery(builder, query) {
+  // Mongo-shape supports `field: value` for equality and `field:
+  // { $gt: x }` / `{ $lt: x }` / `{ $gte: x }` / `{ $lte: x }` /
+  // `{ $ne: x }` / `{ $in: [...] }` / `{ $like: "pattern" }` for
+  // operators. Anything else throws — refuse silently translating
+  // unknown operators into something that might match more rows
+  // than intended.
+  var keys = Object.keys(query);
+  for (var i = 0; i < keys.length; i += 1) {
+    var k = keys[i];
+    var v = query[k];
+    if (v !== null && typeof v === "object" && !Array.isArray(v) && !(v instanceof Date)) {
+      var opKeys = Object.keys(v);
+      for (var j = 0; j < opKeys.length; j += 1) {
+        var op = opKeys[j];
+        var val = v[op];
+        switch (op) {
+          case "$eq":  builder.where(k, "=",  val); break;
+          case "$ne":  builder.where(k, "!=", val); break;
+          case "$gt":  builder.where(k, ">",  val); break;
+          case "$gte": builder.where(k, ">=", val); break;
+          case "$lt":  builder.where(k, "<",  val); break;
+          case "$lte": builder.where(k, "<=", val); break;
+          case "$in":
+            if (!Array.isArray(val)) {
+              throw new TypeError("collection: $in requires an array (got " + typeof val + ")");
+            }
+            builder.where(k, "IN", val);
+            break;
+          case "$like":
+            if (typeof val !== "string") {
+              throw new TypeError("collection: $like requires a string");
+            }
+            builder.where(k, "LIKE", val);
+            break;
+          default:
+            throw new TypeError("collection: unsupported query operator '" + op +
+              "' on field '" + k + "' (allowed: $eq / $ne / $gt / $gte / $lt / $lte / $in / $like)");
+        }
+      }
+    } else {
+      builder.where(k, "=", v);
+    }
+  }
+}
+
+function _splitUpdateOperators(update) {
+  // Allow either Mongo-shape `{ $set: {...}, $inc: {...} }` OR plain
+  // `{ field: value, ... }` (treated as $set). Returns a tuple of
+  // sets / increments / unsets so the caller can dispatch.
+  if (!update || typeof update !== "object" || Array.isArray(update)) {
+    throw new TypeError("collection: update must be a plain object");
+  }
+  var keys = Object.keys(update);
+  var hasOperator = keys.some(function (k) { return k.charAt(0) === "$"; });
+  if (!hasOperator) {
+    return { sets: update, incs: null, unsets: null };
+  }
+  var sets = null;
+  var incs = null;
+  var unsets = null;
+  for (var i = 0; i < keys.length; i += 1) {
+    var k = keys[i];
+    if (k === "$set") {
+      if (!update[k] || typeof update[k] !== "object") {
+        throw new TypeError("collection: $set value must be an object");
+      }
+      sets = update[k];
+    } else if (k === "$inc") {
+      if (!update[k] || typeof update[k] !== "object") {
+        throw new TypeError("collection: $inc value must be an object");
+      }
+      incs = update[k];
+    } else if (k === "$unset") {
+      if (!update[k] || typeof update[k] !== "object") {
+        throw new TypeError("collection: $unset value must be an object");
+      }
+      unsets = update[k];
+    } else {
+      throw new TypeError("collection: unsupported update operator '" + k +
+        "' (allowed: $set / $inc / $unset; or pass a plain object for an implicit $set)");
+    }
+  }
+  return { sets: sets, incs: incs, unsets: unsets };
+}
+
+/**
+ * @primitive b.db.collection
+ * @signature b.db.collection(name)
+ * @since     0.8.58
+ * @status    stable
+ * @related   b.db.from, b.db
+ *
+ * Returns a Mongo-style adapter for the named table. Each method
+ * dispatches to `b.db.from(name)` under the hood; sealed-column
+ * semantics, derived-hash translation, and audit emission carry
+ * through unchanged.
+ *
+ * @example
+ *   var b = require("@blamejs/core");
+ *   await b.db.init({ dataDir: "/tmp/data", schema: [{
+ *     name: "users",
+ *     columns: { _id: "TEXT PRIMARY KEY", email: "TEXT", failed: "INTEGER NOT NULL DEFAULT 0" },
+ *   }] });
+ *   var users = b.db.collection("users");
+ *   users.insert({ _id: "u1", email: "alice@x.com" });
+ *   users.findOne({ email: "alice@x.com" });
+ *   users.update({ _id: "u1" }, { $inc: { failed: 1 } });
+ *   users.update({ _id: "u1" }, { $set: { failed: 0 } });
+ *   users.remove({ _id: "u1" });
+ */
+function collection(name) {
+  if (typeof name !== "string" || name.length === 0) {
+    throw new TypeError("collection(name): name must be a non-empty string");
+  }
+  return {
+    name: name,
+
+    // Insert one document. Returns the inserted row with `_id` filled
+    // in (if absent on input). Composes Query.insertOne.
+    insert: function (doc) {
+      return db().from(name).insertOne(doc);
+    },
+
+    // Insert many. Returns array of inserted rows.
+    insertMany: function (docs) {
+      return db().from(name).insertMany(docs);
+    },
+
+    // Find rows matching the query. Returns an array. Pass `opts.limit`
+    // / `opts.offset` / `opts.orderBy` / `opts.orderDir` for paging.
+    find: function (query, opts) {
+      _validateQueryShape(query || {});
+      var q = db().from(name);
+      _applyQuery(q, query || {});
+      if (opts && opts.orderBy) q.orderBy(opts.orderBy, opts.orderDir || "asc");
+      if (opts && opts.limit !== undefined) q.limit(opts.limit);
+      if (opts && opts.offset !== undefined) q.offset(opts.offset);
+      return q.all();
+    },
+
+    // Find one row, or null. Equivalent to `.find(...).all()[0]` but
+    // emits `LIMIT 1` so the engine doesn't materialise the rest.
+    findOne: function (query) {
+      _validateQueryShape(query);
+      var q = db().from(name);
+      _applyQuery(q, query);
+      return q.first() || null;
+    },
+
+    // Update rows matching the query. Accepts Mongo `{ $set, $inc,
+    // $unset }` operator form OR a plain field-map (treated as $set).
+    // Returns the number of rows changed.
+    //
+    // `$inc` composes Query.increment so the SQL is
+    //   UPDATE table SET col = COALESCE(col, 0) + ? WHERE ...
+    // — atomic across concurrent writers, no fetch/mutate/store race.
+    update: function (query, update, opts) {
+      _validateQueryShape(query || {});
+      var split = _splitUpdateOperators(update);
+      var single = !(opts && opts.many === true);
+      var changed = 0;
+
+      // $inc — apply increments per column. Each call shares the
+      // where-clause but is its own UPDATE statement (one SQL per
+      // bumped column). The where filter must be re-built per call
+      // because Query is single-shot.
+      if (split.incs) {
+        var incCols = Object.keys(split.incs);
+        for (var i = 0; i < incCols.length; i += 1) {
+          var qInc = db().from(name);
+          _applyQuery(qInc, query || {});
+          var delta = split.incs[incCols[i]];
+          if (typeof delta !== "number" || !Number.isInteger(delta)) {
+            throw new TypeError("collection.update: $inc.'" + incCols[i] + "' must be an integer");
+          }
+          changed += qInc.increment(incCols[i], delta);
+        }
+      }
+
+      // $set / plain-object form — single UPDATE with the merged
+      // changes object.
+      var setObj = null;
+      if (split.sets) setObj = Object.assign({}, split.sets);
+      if (split.unsets) {
+        if (!setObj) setObj = {};
+        Object.keys(split.unsets).forEach(function (k) { setObj[k] = null; });
+      }
+      if (setObj && Object.keys(setObj).length > 0) {
+        var qSet = db().from(name);
+        _applyQuery(qSet, query || {});
+        if (single) {
+          changed += (qSet.updateOne(setObj) ? 1 : 0);
+        } else {
+          changed += qSet.updateMany(setObj);
+        }
+      }
+
+      return changed;
+    },
+
+    // Convenience — `updateMany(query, update)` shorthand for
+    // `update(query, update, { many: true })`.
+    updateMany: function (query, update) {
+      return this.update(query, update, { many: true });
+    },
+
+    // Remove rows matching the query. Returns the number of rows
+    // deleted. Default deletes ONE row; pass `{ many: true }` to
+    // delete all matches (matches the framework's `deleteMany` rule
+    // — no unconditional deletes).
+    remove: function (query, opts) {
+      _validateQueryShape(query || {});
+      var q = db().from(name);
+      _applyQuery(q, query || {});
+      if (opts && opts.many === true) {
+        return q.deleteMany();
+      }
+      return q.deleteOne() ? 1 : 0;
+    },
+
+    // Count rows matching the query.
+    count: function (query) {
+      _validateQueryShape(query || {});
+      var q = db().from(name);
+      _applyQuery(q, query || {});
+      return q.count();
+    },
+
+    // Paginate — `{ items, total, limit, offset, page, totalPages }`.
+    // Composes Query.paginate.
+    paginate: function (query, opts) {
+      _validateQueryShape(query || {});
+      var q = db().from(name);
+      _applyQuery(q, query || {});
+      return q.paginate(opts || {});
+    },
+  };
+}
+
+module.exports = { collection: collection };

package/lib/db-query.js

@@ -484,6 +484,175 @@ class Query {
     return this._delete(false);
   }
 
+  // Atomic counter increment.
+  //
+  // `from(table).where(filter).increment("col", 1)` emits
+  // `UPDATE table SET col = col + ? WHERE ...` so concurrent writers
+  // can't collide on a fetch/mutate/store sequence (which would lose
+  // increments under racing transactions). Pass a negative delta to
+  // decrement.
+  //
+  // Returns the number of rows changed (matches updateMany shape).
+  increment(column, delta) {
+    if (typeof column !== "string" || column.length === 0) {
+      throw new Error("increment(column, delta): column must be a non-empty string");
+    }
+    _validateField(column);
+    if (delta === undefined) delta = 1;
+    if (typeof delta !== "number" || !Number.isFinite(delta) || !Number.isInteger(delta)) {
+      throw new Error("increment(column, delta): delta must be a finite integer (default 1)");
+    }
+    if (this._where.length === 0) {
+      throw new Error("refusing unconditional increment — call where(...) first");
+    }
+    var whereSql = this._where.join(" AND ");
+    var qt = this._quotedTable();
+    var qc = '"' + column + '"';
+    // Use COALESCE so a NULL counter starts at 0 instead of producing
+    // NULL + delta = NULL silently (which would silently drop the
+    // operation under SQLite's NULL-arithmetic rules).
+    var sql = "UPDATE " + qt + " SET " + qc + " = COALESCE(" + qc + ", 0) + ? WHERE " + whereSql;
+    var allParams = [delta].concat(this._whereParams);
+    var stmt = this._db.prepare(sql);
+    var info = stmt.run.apply(stmt, allParams);
+    return info.changes;
+  }
+
+  // `.where(closure)` for grouped expressions, including OR
+  // composition. Pass a function `(qb) => qb.eq(col, val).orEq(...)`;
+  // the inner closure builds an expression that becomes a single
+  // parenthesised AND-leaf in the outer where chain.
+  //
+  // The closure receives a `WhereBuilder` exposing `.eq` / `.neq` /
+  // `.gt` / `.gte` / `.lt` / `.lte` / `.in` / `.like` plus `.orEq`,
+  // `.orNeq`, `.orGt`, `.orGte`, `.orLt`, `.orLte`, `.orIn`,
+  // `.orLike`, and `.raw(sql, params)`. Each non-`or` call ANDs the
+  // expression; each `or*` call ORs it.
+  whereGroup(closure) {
+    if (typeof closure !== "function") {
+      throw new Error("whereGroup(closure): expected function (qb) => ...");
+    }
+    var sub = new WhereBuilder();
+    closure(sub);
+    var built = sub.build();
+    if (!built.sql) return this;
+    this._where.push("(" + built.sql + ")");
+    for (var i = 0; i < built.params.length; i++) this._whereParams.push(built.params[i]);
+    return this;
+  }
+
+  // Top-level OR — extends the existing where-chain so
+  // `.where(a).orWhere(b)` produces `WHERE (a) OR (b)` rather than
+  // `WHERE (a) AND (b)`. Accepts the same arg shapes as `.where`:
+  // object-literal map, `(field, value)`, `(field, op, value)`, or a
+  // `(qb) => ...` closure.
+  orWhere(fieldOrObjOrFn, op, value) {
+    if (this._where.length === 0) {
+      throw new Error("orWhere(...): no prior where(...) — start the chain with where(...)");
+    }
+    if (typeof fieldOrObjOrFn === "function") {
+      var sub = new WhereBuilder();
+      fieldOrObjOrFn(sub);
+      var built = sub.build();
+      if (!built.sql) return this;
+      var prev = this._where.pop();
+      this._where.push("(" + prev + " OR (" + built.sql + "))");
+      for (var i = 0; i < built.params.length; i++) this._whereParams.push(built.params[i]);
+      return this;
+    }
+    // For non-closure shapes, build a transient single-leaf Query and
+    // splice it. We compile to a `WhereBuilder` for symmetry.
+    var sub2 = new WhereBuilder();
+    if (fieldOrObjOrFn !== null && typeof fieldOrObjOrFn === "object" && !Array.isArray(fieldOrObjOrFn)) {
+      Object.keys(fieldOrObjOrFn).forEach(function (k) { sub2.eq(k, fieldOrObjOrFn[k]); });
+    } else if (op === undefined) {
+      sub2.eq(fieldOrObjOrFn, /* value */ arguments[1]);
+    } else {
+      sub2._push("AND", fieldOrObjOrFn, op, value);
+    }
+    var built2 = sub2.build();
+    if (!built2.sql) return this;
+    var prev2 = this._where.pop();
+    this._where.push("(" + prev2 + " OR (" + built2.sql + "))");
+    for (var j = 0; j < built2.params.length; j++) this._whereParams.push(built2.params[j]);
+    return this;
+  }
+
+  // `.search(fields, term)` — chainable LIKE-OR helper. Adds
+  // `(field1 LIKE ? OR field2 LIKE ? ...)` ANDed onto the existing
+  // where-chain. Empty term is a no-op (so `?search=` from a query-
+  // string flows through cleanly).
+  //
+  // `term` is wrapped with `%` on both sides for substring match by
+  // default; pass `{ match: "prefix" }` for `term%` only or
+  // `{ match: "exact" }` to LIKE the term verbatim (for operators
+  // who need to keep `%`/`_` in the user-supplied query).
+  search(fields, term, opts) {
+    if (!Array.isArray(fields) || fields.length === 0) {
+      throw new Error("search(fields, term): fields must be a non-empty array of column names");
+    }
+    fields.forEach(_validateField);
+    if (term === undefined || term === null) return this;
+    if (typeof term !== "string") {
+      throw new Error("search(fields, term): term must be a string");
+    }
+    if (term.length === 0) return this;
+    var match = (opts && opts.match) || "substring";
+    // Escape the operator's term so SQL LIKE wildcards in user input
+    // don't widen the match. Use `~` as the ESCAPE char (SQLite's
+    // ESCAPE clause requires a single character — picking `~` rather
+    // than `\` avoids JS-string-literal escaping headaches; `~` rarely
+    // appears in user-supplied search terms).
+    var escaped = String(term).replace(/[~%_]/g, function (c) { return "~" + c; });
+    var pattern;
+    if (match === "exact")        pattern = escaped;
+    else if (match === "prefix")  pattern = escaped + "%";
+    else if (match === "substring") pattern = "%" + escaped + "%";
+    else throw new Error("search: opts.match must be 'substring' | 'prefix' | 'exact'");
+    var clauses = fields.map(function (f) { return '"' + f + '" LIKE ? ESCAPE \'~\''; });
+    var sql = "(" + clauses.join(" OR ") + ")";
+    var params = fields.map(function () { return pattern; });
+    this._where.push(sql);
+    for (var i = 0; i < params.length; i++) this._whereParams.push(params[i]);
+    return this;
+  }
+
+  // `.paginate(opts)` — page envelope. Composes the existing
+  // `.orderBy().limit().offset().all()` + a separate `.count()` so
+  // operators get `{ items, total, limit, offset, page, totalPages }`
+  // in one call.
+  //
+  // Defaults: `limit = 25`, `offset = 0`. `orderBy` is required when
+  // the underlying query has no order — otherwise SQLite returns
+  // rows in storage order (not stable across page calls).
+  paginate(opts) {
+    opts = opts || {};
+    var limit = opts.limit === undefined ? 25 : opts.limit;
+    var offset = opts.offset === undefined ? 0 : opts.offset;
+    if (!Number.isInteger(limit) || limit <= 0 || limit > 1000) {                          // allow:raw-byte-literal — paginate page-size cap, not bytes
+      throw new Error("paginate: limit must be a positive integer ≤ 1000 (default 25)");
+    }
+    if (!Number.isInteger(offset) || offset < 0) {
+      throw new Error("paginate: offset must be a non-negative integer");
+    }
+    if (opts.orderBy) {
+      var dir = opts.orderDir || (opts.orderDirection || "asc");
+      this.orderBy(opts.orderBy, dir);
+    }
+    var total = this.count();
+    var items = this.limit(limit).offset(offset).all();
+    var totalPages = Math.max(1, Math.ceil(total / limit));
+    var page = Math.floor(offset / limit) + 1;
+    return {
+      items:      items,
+      total:      total,
+      limit:      limit,
+      offset:     offset,
+      page:       page,
+      totalPages: totalPages,
+    };
+  }
+
   _delete(single) {
     if (this._where.length === 0) {
       throw new Error("refusing unconditional delete — call where(...) first");
@@ -503,6 +672,82 @@ class Query {
   }
 }
 
+// WhereBuilder — sub-expression builder used by Query.whereGroup() and
+// Query.orWhere((qb) => ...) to compose grouped AND/OR predicates that
+// the bare .where() chain (which only ANDs) can't express.
+//
+// Each `.eq` / `.neq` / `.gt` / `.gte` / `.lt` / `.lte` / `.in` /
+// `.like` call ANDs an expression; `.orEq` / `.orNeq` / `.orGt` /
+// `.orGte` / `.orLt` / `.orLte` / `.orIn` / `.orLike` ORs an
+// expression. `.raw(sql, params)` AND's an arbitrary fragment.
+//
+// `.build()` returns `{ sql, params }`. Empty builder → `{ sql: "",
+// params: [] }`.
+class WhereBuilder {
+  constructor() {
+    this._parts = [];   // [{ joiner: "AND"|"OR", sql: "...", params: [...] }]
+  }
+  _push(joiner, field, op, value) {
+    if (typeof field !== "string" || field.length === 0) {
+      throw new Error("WhereBuilder: field must be a non-empty string");
+    }
+    _validateField(field);
+    var qf = '"' + field + '"';
+    if (op === "IN" || op === "NOT IN") {
+      if (!Array.isArray(value) || value.length === 0) {
+        throw new Error("WhereBuilder: " + op + " requires a non-empty array of values");
+      }
+      var placeholders = value.map(function () { return "?"; }).join(", ");
+      this._parts.push({ joiner: joiner, sql: qf + " " + op + " (" + placeholders + ")", params: value.slice() });
+      return this;
+    }
+    if (!ALLOWED_OPS.has(op)) {
+      throw new Error("WhereBuilder: invalid operator '" + op + "'");
+    }
+    this._parts.push({ joiner: joiner, sql: qf + " " + op + " ?", params: [value] });
+    return this;
+  }
+  eq(f, v)   { return this._push("AND", f, "=",  v); }
+  neq(f, v)  { return this._push("AND", f, "!=", v); }
+  gt(f, v)   { return this._push("AND", f, ">",  v); }
+  gte(f, v)  { return this._push("AND", f, ">=", v); }
+  lt(f, v)   { return this._push("AND", f, "<",  v); }
+  lte(f, v)  { return this._push("AND", f, "<=", v); }
+  in(f, vs)  { return this._push("AND", f, "IN", vs); }
+  like(f, v) { return this._push("AND", f, "LIKE", v); }
+  orEq(f, v)   { return this._push("OR", f, "=",  v); }
+  orNeq(f, v)  { return this._push("OR", f, "!=", v); }
+  orGt(f, v)   { return this._push("OR", f, ">",  v); }
+  orGte(f, v)  { return this._push("OR", f, ">=", v); }
+  orLt(f, v)   { return this._push("OR", f, "<",  v); }
+  orLte(f, v)  { return this._push("OR", f, "<=", v); }
+  orIn(f, vs)  { return this._push("OR", f, "IN", vs); }
+  orLike(f, v) { return this._push("OR", f, "LIKE", v); }
+  raw(sql, params) {
+    if (typeof sql !== "string" || sql.length === 0) {
+      throw new Error("WhereBuilder.raw: sql must be a non-empty string");
+    }
+    var p = Array.isArray(params) ? params : (params == null ? [] : [params]);
+    if (_countPlaceholders(sql) !== p.length) {
+      throw new Error("WhereBuilder.raw: placeholder count mismatch");
+    }
+    this._parts.push({ joiner: "AND", sql: "(" + sql + ")", params: p });
+    return this;
+  }
+  build() {
+    if (this._parts.length === 0) return { sql: "", params: [] };
+    var sql = this._parts[0].sql;
+    var params = this._parts[0].params.slice();
+    for (var i = 1; i < this._parts.length; i += 1) {
+      sql = sql + " " + this._parts[i].joiner + " " + this._parts[i].sql;
+      for (var j = 0; j < this._parts[i].params.length; j += 1) {
+        params.push(this._parts[i].params[j]);
+      }
+    }
+    return { sql: sql, params: params };
+  }
+}
+
 // Count `?` placeholders outside string literals + comments.
 // Tracks SQL single-quoted, double-quoted, line-comment, and block-
 // comment state to avoid counting `?` characters that are part of

package/lib/db.js

@@ -645,8 +645,12 @@ function resolveTmpDir(optsTmpDir) {
 
 // ---- DB encryption key management ----
 
-function loadOrCreateDbKey(dataDirPath) {
-  var keyPath = path.join(dataDirPath, "db.key.enc");
+function loadOrCreateDbKey(dataDirPath, keyPathOverride) {
+  // Operator opt: `opts.dbKeyPath` — useful when the encryption key
+  // needs to live outside `dataDir` (e.g. a separate volume mounted
+  // from a KMS-fronted secret store). Default places it next to the
+  // encrypted DB so backup capture is one-tarball.
+  var keyPath = keyPathOverride || path.join(dataDirPath, "db.key.enc");
   if (fs.existsSync(keyPath)) {
     var sealed = atomicFile.readSync(keyPath, { encoding: "utf8" }).trim();
     var b64 = vault.unseal(sealed);
@@ -703,6 +707,50 @@ function encryptToDisk() {
   atomicFile.writeSync(encPath, encryptPacked(fs.readFileSync(dbPath), encKey, _dbEncAad(dataDir)));
 }
 
+/**
+ * @primitive b.db.snapshot
+ * @signature b.db.snapshot()
+ * @since     0.8.58
+ * @status    stable
+ * @related   b.db.flushToDisk, b.backup
+ *
+ * In-memory encrypted snapshot — same envelope shape that
+ * `flushToDisk` writes, just held in memory. Operators capturing a
+ * backup mid-flight (`b.backup` wrapping a hot DB) get a Buffer they
+ * can stream onward to object storage without touching the on-disk
+ * encPath. Forces a WAL checkpoint first so the snapshot reflects
+ * committed state, not pre-WAL pages.
+ *
+ * Under `atRest: 'plain'` returns the raw plaintext SQLite file as a
+ * Buffer (no envelope), since there's no encryption key to apply —
+ * operators wanting an encrypted snapshot under plain mode wrap with
+ * their own `b.crypto.encryptPacked` at the call site.
+ *
+ * @example
+ *   var b = require("@blamejs/core");
+ *   var snap = b.db.snapshot();
+ *   await b.objectStore.put("backups/" + Date.now() + ".enc", snap);
+ */
+function snapshot() {
+  _requireInit();
+  // WAL checkpoint flushes committed transactions into the main DB file
+  // so the snapshot reflects the current logical state, not just the
+  // pre-WAL pages.
+  try { runSql(database, "PRAGMA wal_checkpoint(TRUNCATE)"); } catch (_e) { /* best effort */ }
+  if (!fs.existsSync(dbPath)) {
+    throw _dbErr("db/snapshot-no-source",
+      "snapshot: plaintext DB at " + dbPath + " is missing — did init complete?");
+  }
+  var plain = fs.readFileSync(dbPath);
+  if (!encPath || !encKey) {
+    // atRest: 'plain' — return the raw bytes. Operators wanting an
+    // encrypted snapshot under plain mode wrap with their own
+    // b.crypto.encryptPacked at the call site.
+    return plain;
+  }
+  return encryptPacked(plain, encKey, _dbEncAad(dataDir));
+}
+
 // Remove the plaintext DB + WAL/SHM sidecar files. On Windows these can't be
 // unlinked while the SQLite handle is open, so this MUST be called after
 // database.close().
@@ -846,9 +894,14 @@ async function init(opts) {
       }
     }
 
-    encPath = path.join(dataDir, "db.enc");
+    // Operator overrides for the encrypted-DB on-disk path. `opts.encryptedDbPath`
+    // takes a fully-qualified path; `opts.encryptedDbName` overrides
+    // just the basename under `dataDir` (default "db.enc"). Helps when
+    // multiple framework-shaped instances share a dataDir.
+    encPath = opts.encryptedDbPath ||
+              path.join(dataDir, opts.encryptedDbName || "db.enc");
     dbPath  = path.join(tmpDir, "blamejs-" + generateToken(C.BYTES.bytes(16)) + ".db");
-    encKey  = loadOrCreateDbKey(dataDir);
+    encKey  = loadOrCreateDbKey(dataDir, opts.dbKeyPath);
 
     cleanStaleTmpDbs(tmpDir);
     decryptToTmp();
@@ -945,14 +998,27 @@ async function init(opts) {
   // framework would silently provision it next to the reserved
   // namespace, allowing a row-by-row look-alike attack against audit
   // archive tooling.
+  // Under `frameworkTables: false` the framework's own audit_log /
+  // consent_log are NOT provisioned, so an operator naming a table
+  // `audit_log` (or `consent_log`) doesn't collide. The `_blamejs_*`
+  // prefix stays reserved unconditionally — those names are
+  // hard-claimed by other framework primitives (sessions, jobs,
+  // migrations, rate-limit-counters, …) which still get provisioned
+  // by their respective subsystems.
+  var frameworkTablesEarly = opts.frameworkTables !== false;
+  var FRAMEWORK_NAMED_RESERVED = frameworkTablesEarly
+    ? RESERVED_TABLE_NAMES
+    : new Set();   // empty — fall back to the prefix check only
   for (var ri = 0; ri < opts.schema.length; ri++) {
     var appName = opts.schema[ri].name;
-    if (RESERVED_TABLE_NAMES.has(appName) ||
+    if (FRAMEWORK_NAMED_RESERVED.has(appName) ||
         (typeof appName === "string" && appName.indexOf("_blamejs_") === 0)) {
       throw new DbError("db/reserved-table-name",
         "table name '" + appName + "' is reserved by the framework. " +
         "Pick a different name (the framework provisions audit_log, consent_log, " +
-        "and any '_blamejs_*'-prefixed tables automatically).");
+        "and any '_blamejs_*'-prefixed tables automatically). " +
+        "Pass opts.frameworkTables: false to skip provisioning audit_log/consent_log " +
+        "when the host application owns its own audit chain.");
     }
   }
 
@@ -1019,10 +1085,31 @@ async function init(opts) {
     }
   }
 
+  // Operator opt-out for the framework's own tables + audit/consent
+  // chain machinery + WORM assertion + audit-signing bootstrap. Set
+  // `frameworkTables: false` when the host application maintains its
+  // own audit/consent semantics and just wants the framework's
+  // primitives (vault / db / cryptoField / etc.) without the bundled
+  // chain tables. When OFF, every framework-table-dependent step
+  // below is a no-op. Append-only triggers are scoped to the
+  // framework tables only, so they're skipped too.
+  //
+  // `auditSigning: false` is a finer-grained gate — keep the
+  // framework tables but skip the audit-signing-key bootstrap (HS-
+  // shape deployments that already manage their own signing key).
+  //
+  // Defaults match v0.8.57 behavior: both ON.
+  var frameworkTablesEnabled = opts.frameworkTables !== false;
+  var auditSigningEnabled    = opts.auditSigning    !== false;
+
   // Build the full schema = framework-baked tables + app tables.
   // Framework tables come FIRST so audit_log/consent_log exist before any
-  // app migration can reference them.
-  var fullSchema = FRAMEWORK_SCHEMA.concat(opts.schema);
+  // app migration can reference them. When `frameworkTables: false`,
+  // skip the concat so the operator's own `audit_log` (or whatever
+  // shape) doesn't collide with the framework's.
+  var fullSchema = frameworkTablesEnabled
+    ? FRAMEWORK_SCHEMA.concat(opts.schema)
+    : opts.schema.slice();
 
   // Register schema with field-crypto + capture table metadata snapshot
   // (framework tables included so getTableMetadata covers everything).
@@ -1055,8 +1142,8 @@ async function init(opts) {
   // or malicious tampering — independent of the API surface's discipline.
   // Operator-driven retention purge (when implemented) must drop these
   // triggers explicitly inside a transaction, perform the purge, and
-  // recreate them.
-  _installAppendOnlyTriggers(database);
+  // recreate them. Skipped under `frameworkTables: false`.
+  if (frameworkTablesEnabled) _installAppendOnlyTriggers(database);
 
   // Imperative migrations (run once each, in order)
   if (opts.migrationDir) {
@@ -1081,29 +1168,33 @@ async function init(opts) {
   // means tamper-evidence has been compromised — the framework refuses
   // to continue under any circumstances. Recovery is operator-driven
   // (restore from backup or manual chain rebuild); the framework only
-  // detects-and-fails.
-  var auditResult = await audit.verify();
-  if (!auditResult.ok) {
-    // Fire the breach event BEFORE throwing so operator listeners get
-    // a chance at sync I/O (file flag, console alert) before init
-    // unwinds.
-    events.emit(events.EVENTS.AUDIT_CHAIN_BREAK, { table: "audit_log", result: auditResult });
-    throw _dbErr("db/audit-chain-break",
-      "FATAL: audit_log chain integrity broken at row " + auditResult.breakAt +
-      " (" + auditResult.reason + "); break row _id: " + auditResult.breakRowId +
-      "; expected: " + auditResult.expected + "; actual: " + auditResult.actual +
-      ". Refusing to boot. Compliance requires that any tamper-detection signal halt service. " +
-      "Recovery is manual: restore from backup, or rebuild the audit chain from a verified earlier snapshot.");
-  }
-  var consentResult = await consent.verify();
-  if (!consentResult.ok) {
-    events.emit(events.EVENTS.AUDIT_CHAIN_BREAK, { table: "consent_log", result: consentResult });
-    throw _dbErr("db/consent-chain-break",
-      "FATAL: consent_log chain integrity broken at row " + consentResult.breakAt +
-      " (" + consentResult.reason + "); break row _id: " + consentResult.breakRowId +
-      ". Refusing to boot.");
-  }
-  log("audit chain ok (" + auditResult.rowsVerified + " rows), consent chain ok (" + consentResult.rowsVerified + " rows)");
+  // detects-and-fails. Skipped under `frameworkTables: false` (the
+  // framework's audit_log / consent_log don't exist for an operator
+  // running their own audit subsystem).
+  if (frameworkTablesEnabled) {
+    var auditResult = await audit.verify();
+    if (!auditResult.ok) {
+      // Fire the breach event BEFORE throwing so operator listeners
+      // get a chance at sync I/O (file flag, console alert) before
+      // init unwinds.
+      events.emit(events.EVENTS.AUDIT_CHAIN_BREAK, { table: "audit_log", result: auditResult });
+      throw _dbErr("db/audit-chain-break",
+        "FATAL: audit_log chain integrity broken at row " + auditResult.breakAt +
+        " (" + auditResult.reason + "); break row _id: " + auditResult.breakRowId +
+        "; expected: " + auditResult.expected + "; actual: " + auditResult.actual +
+        ". Refusing to boot. Compliance requires that any tamper-detection signal halt service. " +
+        "Recovery is manual: restore from backup, or rebuild the audit chain from a verified earlier snapshot.");
+    }
+    var consentResult = await consent.verify();
+    if (!consentResult.ok) {
+      events.emit(events.EVENTS.AUDIT_CHAIN_BREAK, { table: "consent_log", result: consentResult });
+      throw _dbErr("db/consent-chain-break",
+        "FATAL: consent_log chain integrity broken at row " + consentResult.breakAt +
+        " (" + consentResult.reason + "); break row _id: " + consentResult.breakRowId +
+        ". Refusing to boot.");
+    }
+    log("audit chain ok (" + auditResult.rowsVerified + " rows), consent chain ok (" + consentResult.rowsVerified + " rows)");
+  }
 
   // ---- Rollback detection (audit.tip sidecar) ----
   // The framework writes <dataDir>/audit.tip on each checkpoint. At boot we
@@ -1116,11 +1207,15 @@ async function init(opts) {
   // MUST have declared row-level WORM on at least one business-record
   // table. Refuse boot otherwise so missing-declaration drift is
   // surfaced at start-up, not on the first delete.
-  try { _assertWormUnderPosture(); }
-  catch (e) {
-    // The assertion throws under regulated postures; let it
-    // propagate. Outside regulated postures it's a no-op.
-    throw e;
+  // Skipped under `frameworkTables: false` — WORM declarations are
+  // an operator-side concern when the framework isn't owning audit.
+  if (frameworkTablesEnabled) {
+    try { _assertWormUnderPosture(); }
+    catch (e) {
+      // The assertion throws under regulated postures; let it
+      // propagate. Outside regulated postures it's a no-op.
+      throw e;
+    }
   }
 
   // ---- Audit-signing key + checkpoint subsystem ----
@@ -1132,37 +1227,46 @@ async function init(opts) {
   // SHAKE-family hash posture); ML-DSA-87 is the throughput-focused
   // opt-in. Existing key files take their algorithm from disk; this
   // option only matters on first generation.
-  var auditSigningMode = (opts.auditSigning && opts.auditSigning.mode)
-    ? opts.auditSigning.mode
-    : safeEnv.readVar("BLAMEJS_AUDIT_SIGNING_MODE", {
-        default: "wrapped",
-        enum:    ["wrapped", "plaintext"],
-      });
-  var auditSigningAlg = opts.auditSigning && opts.auditSigning.algorithm
-    ? opts.auditSigning.algorithm
-    : null;
-  await auditSign.init({
-    dataDir:   dataDir,
-    mode:      auditSigningMode,
-    algorithm: auditSigningAlg || undefined,
-  });
-
-  // Verify all existing checkpoint signatures (defense against signature
-  // forgery attempt + key-rotation gone wrong). Refuse to boot on failure.
-  var ckptResult = await audit.verifyCheckpoints();
-  if (!ckptResult.ok) {
-    events.emit(events.EVENTS.AUDIT_CHECKPOINT_BREAK, { result: ckptResult });
-    throw _dbErr("db/audit-checkpoint-break",
-      "FATAL: audit checkpoint verification failed at row " +
-      ckptResult.breakAt + " (" + ckptResult.reason + "); checkpoint _id: " +
-      ckptResult.checkpointId + ". Refusing to boot. Either the audit-signing key " +
-      "was rotated without retaining the prior pubkey, or a forged checkpoint was inserted.");
+  // Operator opt-out via `auditSigning: false` skips the signing
+  // bootstrap entirely. Also implicitly skipped when frameworkTables
+  // are off (no audit_log to sign checkpoints over).
+  if (auditSigningEnabled && frameworkTablesEnabled) {
+    var auditSigningMode = (opts.auditSigning && opts.auditSigning.mode)
+      ? opts.auditSigning.mode
+      : safeEnv.readVar("BLAMEJS_AUDIT_SIGNING_MODE", {
+          default: "wrapped",
+          enum:    ["wrapped", "plaintext"],
+        });
+    var auditSigningAlg = opts.auditSigning && opts.auditSigning.algorithm
+      ? opts.auditSigning.algorithm
+      : null;
+    await auditSign.init({
+      dataDir:   dataDir,
+      mode:      auditSigningMode,
+      algorithm: auditSigningAlg || undefined,
+    });
   }
-  log("audit checkpoints ok (" + ckptResult.checkpointsVerified + " signed)");
 
-  // Anchor a fresh checkpoint at boot if there's any new audit activity
-  // since the last checkpoint (else no-op).
-  await audit.checkpoint({ skipIfUnchanged: true });
+  // Verify all existing checkpoint signatures (defense against
+  // signature forgery attempt + key-rotation gone wrong). Refuse to
+  // boot on failure. Skipped under `frameworkTables: false` /
+  // `auditSigning: false`.
+  if (frameworkTablesEnabled && auditSigningEnabled) {
+    var ckptResult = await audit.verifyCheckpoints();
+    if (!ckptResult.ok) {
+      events.emit(events.EVENTS.AUDIT_CHECKPOINT_BREAK, { result: ckptResult });
+      throw _dbErr("db/audit-checkpoint-break",
+        "FATAL: audit checkpoint verification failed at row " +
+        ckptResult.breakAt + " (" + ckptResult.reason + "); checkpoint _id: " +
+        ckptResult.checkpointId + ". Refusing to boot. Either the audit-signing key " +
+        "was rotated without retaining the prior pubkey, or a forged checkpoint was inserted.");
+    }
+    log("audit checkpoints ok (" + ckptResult.checkpointsVerified + " signed)");
+
+    // Anchor a fresh checkpoint at boot if there's any new audit
+    // activity since the last checkpoint (else no-op).
+    await audit.checkpoint({ skipIfUnchanged: true });
+  }
 
   // ---- NTP drift check ----
   // Best-effort; unreachable NTP doesn't fail boot, but >= 1hr drift does
@@ -2761,6 +2865,7 @@ module.exports = {
   getActivePosture:    getActivePosture,
   vacuumAfterErase:    vacuumAfterErase,
   from:                from,
+  collection:          require("./db-collection").collection,                              // allow:inline-require — db-collection lazy-requires db.js back; the inline require here breaks the cycle without needing a stub
   prepare:             prepare,
   stream:              stream,
   // D-M5 — runtime read-only accessor so Query.stream picks up the
@@ -2782,6 +2887,7 @@ module.exports = {
   // the snapshot source. Safe to call any time; no-op when no encPath
   // (plain mode) or when the plaintext DB doesn't exist.
   flushToDisk:         encryptToDisk,
+  snapshot:            snapshot,
   // integrityCheck — runs PRAGMA integrity_check against the live db
   // and returns "ok" on success, an array of corruption lines
   // otherwise. Operators wire this into a periodic monitor or a

package/lib/mtls-ca.js

@@ -97,14 +97,24 @@ var DEFAULT_PATHS = {
 
 var VALID_SEAL_MODES = { required: 1, disabled: 1 };
 
+// Resolve relative path entries under `dataDir`; pass absolute paths
+// through unchanged. The pre-v0.8.58 shape always joined under
+// dataDir, which silently overrode an operator-supplied absolute
+// path (e.g. `MTLS_CA_KEY=/etc/ssl/ca.key` → `<dataDir>/etc/ssl/ca.key`).
+// Standard Node `path.join` semantics already preserve absolute
+// arguments — the always-join was an oversight, not by design.
+function _absoluteOrUnderDataDir(dataDir, p) {
+  return path.isAbsolute(p) ? p : path.join(dataDir, p);
+}
+
 function _resolvePaths(dataDir, paths) {
   var p = Object.assign({}, DEFAULT_PATHS, paths || {});
   return {
-    caKey:        path.join(dataDir, p.caKey),
-    caKeySealed:  path.join(dataDir, p.caKeySealed),
-    caCert:       path.join(dataDir, p.caCert),
-    revocations:  path.join(dataDir, p.revocations),
-    crl:          path.join(dataDir, p.crl),
+    caKey:        _absoluteOrUnderDataDir(dataDir, p.caKey),
+    caKeySealed:  _absoluteOrUnderDataDir(dataDir, p.caKeySealed),
+    caCert:       _absoluteOrUnderDataDir(dataDir, p.caCert),
+    revocations:  _absoluteOrUnderDataDir(dataDir, p.revocations),
+    crl:          _absoluteOrUnderDataDir(dataDir, p.crl),
   };
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.8.57",
+  "version": "0.8.58",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cyclonedx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:e7403a73-fc4f-40d0-ac54-feff61e9d996",
+  "serialNumber": "urn:uuid:61ec0413-0749-49b2-a43c-f6557db2156d",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-09T22:59:08.864Z",
+    "timestamp": "2026-05-09T23:55:32.085Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.8.57",
+      "bom-ref": "@blamejs/core@0.8.58",
       "type": "library",
       "name": "blamejs",
-      "version": "0.8.57",
+      "version": "0.8.58",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.8.57",
+      "purl": "pkg:npm/%40blamejs/core@0.8.58",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.8.57",
+      "ref": "@blamejs/core@0.8.58",
       "dependsOn": []
     }
   ]