doc: update for latest changes

docs/SECURITY.md

@@ -53,18 +53,28 @@ NOMYO.js implements end-to-end encryption for OpenAI-compatible chat completions
    - Automatic key generation on first use
    - File-based persistence (Node.js)
    - In-memory keys (browsers)
-   - Password protection via PBKDF2 + AES-256-CBC
+   - Password protection via PBKDF2 + AES-256-CBC (minimum 8-character password enforced)
+   - Automatic periodic key rotation (default: 24 hours, configurable, or disabled with `keyRotationInterval: 0`)
+   - `dispose()` method severs in-memory key references and cancels the rotation timer
 
 4. **Transport Security**
-   - HTTPS enforcement (with warnings for HTTP)
+   - HTTPS enforcement using proper URL parsing (`new URL()`) — not string prefix matching
    - Certificate validation (browsers/Node.js)
    - Optional HTTP for local development (explicit opt-in)
+   - API key validated to reject CR/LF characters (prevents HTTP header injection)
+   - Server error detail truncated to 100 printable characters (prevents log injection)
 
 5. **Memory Protection (Pure JavaScript)**
    - Immediate zeroing of sensitive buffers
-   - Context managers for automatic cleanup
+   - Context managers for automatic cleanup (`SecureByteContext`) with guarded `finally` blocks
+   - Intermediate crypto buffers (password bytes, salt, IV) wrapped in `SecureByteContext` during key encryption
+   - HTTP request body (`ArrayBuffer`) zeroed after data is handed to the socket
    - Best-effort memory management
 
+6. **Response Integrity**
+   - Decrypted response validated against required `ChatCompletionResponse` schema fields before use
+   - Generic error messages from all crypto operations (no internal engine details leaked)
+
 ### ⚠️ Limitations (Pure JavaScript)
 
 1. **No OS-Level Memory Locking**
@@ -94,9 +104,10 @@ NOMYO.js implements end-to-end encryption for OpenAI-compatible chat completions
 ✅ **DO:**
 - Use HTTPS in production (enforced by default)
 - Enable secure memory protection (default: `secureMemory: true`)
-- Use password-protected private keys in Node.js
+- Use password-protected private keys in Node.js (minimum 8 characters)
 - Set private key file permissions to 600 (owner-only)
-- Rotate keys periodically
+- Rely on automatic key rotation (`keyRotationInterval`, default 24h) to limit fingerprint lifetime
+- Call `dispose()` when the client is no longer needed
 - Validate server public key fingerprint on first use
 
 ❌ **DON'T:**
@@ -248,9 +259,12 @@ class SecureByteContext {
     try {
       return await fn(this.data);
     } finally {
-      // Always zero, even if exception occurs
+      // Always zero, even if exception occurs.
+      // zeroMemory failure is swallowed so it cannot mask the original error.
       if (this.useSecure) {
-        new Uint8Array(this.data).fill(0);
+        try {
+          this.secureMemory.zeroMemory(this.data);
+        } catch (_zeroErr) { /* intentional */ }
       }
     }
   }
@@ -328,6 +342,11 @@ npm install nomyo-native
 ✅ **Timing Attacks (Partial)**
 - Web Crypto API uses constant-time operations
 - No length leakage in comparisons
+- Generic error messages from all crypto operations (RSA, AES) — internal engine errors not forwarded
+
+✅ **Concurrent Key Generation Race**
+- Promise-chain mutex serialises all `ensureKeys()` callers
+- No risk of multiple simultaneous key generations overwriting each other
 
 ✅ **Key Compromise (Forward Secrecy)**
 - Ephemeral AES keys