> ... since there is no mention of other claims or parties to the mix [like company A]. That means the company [B] owns the copyright to the added code and is free to comply with the contract (license).
I'm also not sure whether the confidentiality clause would weigh heavier than a 'must provide source on request' clause, perhaps it could be resolved by not distributing the part that's covered by the confidentiality clause since another standalone library is clearly not a derivative work of the GPL-licensed library. Then only B has to distribute what they made for everyone's benefit.
Company B uses that library and a GPL library in a product. They distribute the product.
Company B has no right to relive se Company A’s commercially licensed library under the GPL. Hence, stop distribution and replace GPL library.