skillvault 0.7.4 → 0.8.0

package/dist/cli.js

@@ -20,7 +20,7 @@
 import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, rmSync } from 'node:fs';
 import { join } from 'node:path';
 import { createDecipheriv, createHmac, createPublicKey, diffieHellman, hkdfSync, generateKeyPairSync, } from 'node:crypto';
-const VERSION = '0.7.4';
+const VERSION = '0.8.0';
 const HOME = process.env.HOME || process.env.USERPROFILE || '~';
 const API_URL = process.env.SKILLVAULT_API_URL || 'https://api.getskillvault.com';
 const CONFIG_DIR = join(HOME, '.skillvault');
@@ -507,7 +507,7 @@ async function installSkillStubs() {
             let frontmatter = '';
             let frontmatterFields = {};
             try {
-                const { cek } = await fetchCEK(skillName, pub.token);
+                const { cek } = await fetchCEK(skillName, pub.token, config.api_url || API_URL);
                 const vaultData = readFileSync(vaultPath);
                 const vault = decryptVault(vaultData, cek);
                 cek.fill(0);
@@ -533,17 +533,9 @@ async function installSkillStubs() {
             // Build frontmatter for stub — copy all fields except body-related ones
             let stubFrontmatter = `name: ${stubName}\n`;
             stubFrontmatter += `description: "${stubDescription.replace(/"/g, '\\"')}"\n`;
-            // Preserve publisher's allowed-tools, trigger config, etc. but always include our load tool
-            const publisherAllowedTools = frontmatterFields['allowed-tools'] || '';
-            const loadTool = `"Bash(npx skillvault@${VERSION} --load *)"`;
-            if (publisherAllowedTools && !publisherAllowedTools.includes('skillvault')) {
-                // Merge publisher's allowed-tools with ours
-                const merged = publisherAllowedTools.replace(/\]$/, `, ${loadTool}]`);
-                stubFrontmatter += `allowed-tools: ${merged}\n`;
-            }
-            else {
-                stubFrontmatter += `allowed-tools: [${loadTool}]\n`;
-            }
+            // Only allow our specific load tool — do NOT merge publisher-specified allowed-tools
+            const loadTool = `"Bash(npx skillvault@${VERSION} --load ${skillName})"`;
+            stubFrontmatter += `allowed-tools: [${loadTool}]\n`;
             // Copy through other frontmatter fields the publisher set (for Claude triggering)
             for (const [key, value] of Object.entries(frontmatterFields)) {
                 if (!['name', 'description', 'allowed-tools'].includes(key)) {
@@ -633,10 +625,10 @@ function resolveSkillPublisher(skillName, config) {
     }
     return null;
 }
-async function fetchCEK(skillName, publisherToken) {
+async function fetchCEK(skillName, publisherToken, apiUrl) {
     const kp = generateKeyPairSync('x25519');
     const pub = kp.publicKey.export({ type: 'spki', format: 'der' }).toString('base64');
-    const res = await fetch(`${API_URL}/v1/skills/${skillName}/cek`, {
+    const res = await fetch(`${apiUrl}/v1/skills/${skillName}/cek`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${publisherToken}` },
         body: JSON.stringify({ companion_public_key: pub }),
@@ -648,7 +640,9 @@ async function fetchCEK(skillName, publisherToken) {
     const serverWatermarkId = body.watermark_id || '';
     const ephPub = createPublicKey({ key: Buffer.from(wc.ephemeralPublicKey, 'base64'), format: 'der', type: 'spki' });
     const shared = diffieHellman({ publicKey: ephPub, privateKey: kp.privateKey });
-    const wrapKey = Buffer.from(hkdfSync('sha256', shared, Buffer.alloc(32, 0), Buffer.from('skillvault-cek-wrap-v1'), 32));
+    // Use server-provided salt, or fall back to zero salt for backward compat with old servers
+    const hkdfSalt = wc.salt ? Buffer.from(wc.salt, 'base64') : Buffer.alloc(32, 0);
+    const wrapKey = Buffer.from(hkdfSync('sha256', shared, hkdfSalt, Buffer.from('skillvault-cek-wrap-v1'), 32));
     shared.fill(0);
     const d = createDecipheriv('aes-256-gcm', wrapKey, Buffer.from(wc.iv, 'base64'), { authTagLength: 16 });
     d.setAuthTag(Buffer.from(wc.authTag, 'base64'));
@@ -689,8 +683,8 @@ function watermarkLayer2(content, id) {
 }
 /** Layer 3: Structural fingerprint — HMAC comment tag in code blocks */
 function watermarkLayer3(content, id) {
-    const hmac = createHmac('sha256', 'skillvault-structural-v1');
-    hmac.update(id);
+    const hmac = createHmac('sha256', id);
+    hmac.update('skillvault-structural-v1');
     const tag = `// sv:${hmac.digest('hex').slice(0, 12)}`;
     const lines = content.split('\n');
     const result = [];
@@ -734,8 +728,8 @@ function watermarkLayer4(content, id, email, publisherName) {
     const lines = content.split('\n');
     // Determine pseudo-random insertion points based on HMAC of licensee ID
     // This ensures the same licensee always gets the same positions (deterministic)
-    const hmac = createHmac('sha256', 'skillvault-visible-v1');
-    hmac.update(id);
+    const hmac = createHmac('sha256', id);
+    hmac.update('watermark-positions');
     const hash = hmac.digest();
     // Insert at: beginning, end, and 2-4 random points in between
     const totalLines = lines.length;
@@ -904,7 +898,7 @@ async function loadSkill(skillName) {
     let cek;
     let licenseeId;
     try {
-        const cekResult = await fetchCEK(skillName, resolved.publisher.token);
+        const cekResult = await fetchCEK(skillName, resolved.publisher.token, config.api_url || API_URL);
         cek = cekResult.cek;
         // Use server-provided watermark ID (includes grant ID, customer ID, timestamp)
         // Falls back to local composite if server didn't provide one

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillvault",
-  "version": "0.7.4",
+  "version": "0.8.0",
   "description": "SkillVault — secure skill distribution for Claude Code",
   "type": "module",
   "bin": {