skillvault 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/cli.js +6 -4
  2. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -20,7 +20,7 @@
20
20
  import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, rmSync } from 'node:fs';
21
21
  import { join } from 'node:path';
22
22
  import { createDecipheriv, createHmac, createPublicKey, diffieHellman, hkdfSync, generateKeyPairSync, } from 'node:crypto';
23
- const VERSION = '0.7.5';
23
+ const VERSION = '0.8.0';
24
24
  const HOME = process.env.HOME || process.env.USERPROFILE || '~';
25
25
  const API_URL = process.env.SKILLVAULT_API_URL || 'https://api.getskillvault.com';
26
26
  const CONFIG_DIR = join(HOME, '.skillvault');
@@ -640,7 +640,9 @@ async function fetchCEK(skillName, publisherToken, apiUrl) {
640
640
  const serverWatermarkId = body.watermark_id || '';
641
641
  const ephPub = createPublicKey({ key: Buffer.from(wc.ephemeralPublicKey, 'base64'), format: 'der', type: 'spki' });
642
642
  const shared = diffieHellman({ publicKey: ephPub, privateKey: kp.privateKey });
643
- const wrapKey = Buffer.from(hkdfSync('sha256', shared, Buffer.alloc(32, 0), Buffer.from('skillvault-cek-wrap-v1'), 32));
643
+ // Use server-provided salt, or fall back to zero salt for backward compat with old servers
644
+ const hkdfSalt = wc.salt ? Buffer.from(wc.salt, 'base64') : Buffer.alloc(32, 0);
645
+ const wrapKey = Buffer.from(hkdfSync('sha256', shared, hkdfSalt, Buffer.from('skillvault-cek-wrap-v1'), 32));
644
646
  shared.fill(0);
645
647
  const d = createDecipheriv('aes-256-gcm', wrapKey, Buffer.from(wc.iv, 'base64'), { authTagLength: 16 });
646
648
  d.setAuthTag(Buffer.from(wc.authTag, 'base64'));
@@ -726,8 +728,8 @@ function watermarkLayer4(content, id, email, publisherName) {
726
728
  const lines = content.split('\n');
727
729
  // Determine pseudo-random insertion points based on HMAC of licensee ID
728
730
  // This ensures the same licensee always gets the same positions (deterministic)
729
- const hmac = createHmac('sha256', 'skillvault-visible-v1');
730
- hmac.update(id);
731
+ const hmac = createHmac('sha256', id);
732
+ hmac.update('watermark-positions');
731
733
  const hash = hmac.digest();
732
734
  // Insert at: beginning, end, and 2-4 random points in between
733
735
  const totalLines = lines.length;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "skillvault",
3
- "version": "0.7.5",
3
+ "version": "0.8.0",
4
4
  "description": "SkillVault — secure skill distribution for Claude Code",
5
5
  "type": "module",
6
6
  "bin": {