@blamejs/blamejs-shop 0.0.128 → 0.1.0

package/CHANGELOG.md

@@ -6,8 +6,14 @@ Pre-1.0 the surface is intentionally evolving — every release may
 change something operators depend on. Read each entry before
 upgrading across more than a few patches at a time.
 
+## v0.1.x
+
+- v0.1.0 (2026-05-25) — **Responsive cart + storefront cookie handling moved onto the framework primitive.** A storefront polish pass. The cart, order-confirmation, and account-history tables now reflow into stacked, labelled cards on phones and fit their column on wider screens — no more inner horizontal scroll. The quantity field reads clearly and accepts up to 99,999. The line actions (Update / Save for later / Remove) are compact with a clear hierarchy. Under the hood, all storefront cookie handling now composes the framework's cookie primitive (RFC 6265 parse/serialize plus vault-sealed read/write) instead of hand-built headers, and a malformed session cookie can no longer turn the cart — or any page that shows the cart count — into a 500. **Changed:** *Quantity field is readable and accepts up to 99,999* — The cart quantity input is wide enough to read a five-digit quantity, and the per-line maximum is raised to 99,999 (enforced on the server). · *Compact, clearly-ranked line actions* — Update is a small accent button, Save for later a quiet secondary, Remove a danger-tinted secondary — so the primary checkout call stays dominant. · *Cookie handling composes the framework primitive* — Session, authentication, WebAuthn-challenge, and payment cookies are all parsed and written through the framework cookie primitive (sealed read/write for the authenticated-session cookie), replacing hand-built Set-Cookie strings and manual header parsing. Cookie lifetimes are expressed through the framework's duration constants. **Fixed:** *Cart tables no longer scroll sideways* — The cart, order-confirmation, and account order-history tables reflow into one labelled card per row below 48rem and are sized to fit their column on wider layouts, so content is never trapped behind an inner horizontal scrollbar. · *Malformed session cookie no longer 500s the storefront* — A `shop_sid` cookie carrying a value that isn't a well-formed session id now reads as "no session" instead of reaching the cart lookup (which rejected it and surfaced a 500 on every page that renders the cart count). · *Account dashboard controls wrap on narrow screens* — The row of account actions (Wishlist / Saved for later / Recently viewed / Addresses / Returns / Sign out) now wraps instead of overflowing the viewport on a phone.
+
 ## v0.0.x
 
+- v0.0.129 (2026-05-25) — **Recently viewed — a signed-in customer's browse history at /account/recently-viewed.** Signed-in customers now have a browse history. Opening a product page records the view against the customer's account, and `/account/recently-viewed` lists those products newest-first as a grid, with a one-tap Clear history control. Recording is best-effort and never blocks the product page; archived products drop out of the grid; the page is login-gated like the rest of the account area. **Added:** *Recently viewed account page* — `GET /account/recently-viewed` renders the customer's most-recently-opened products newest-first, reusing the standard product card (image, title, price, link to the PDP). A `POST /account/recently-viewed/clear` control wipes the history. Linked from the account dashboard. · *Server-side view recording* — A signed-in customer's product-page visit records the view against their account — no client script. Recording is drop-silent: a write failure never breaks the product page. The history de-dupes per product and is capped per customer.
+
 - v0.0.128 (2026-05-25) — **Collections — browse curated and smart product lists at /collections.** The storefront now has real collection pages. `/collections` lists the shop's active collections, and `/collections/:slug` shows a collection's products as a grid — resolving both operator-curated manual collections (hand-picked members) and smart collections (rule-matched against the catalog). The footer links to it from every page, so collections are a first-class browse entry point rather than a search query. Unknown or malformed collection slugs return 404, never a 500. **Added:** *Collection browse pages* — `GET /collections` renders the active collections as cards (title, description, hero); `GET /collections/:slug` renders the collection's product grid, reusing the standard product card (image, title, price, link to the PDP). Public pages — no sign-in. · *Manual + smart resolution* — Manual collections list their hand-picked members; smart collections evaluate their stored rules against the active catalog and apply the collection's sort strategy. The page resolves each product fresh, so archived products drop out of the grid. · *Footer entry point* — The footer's Shop column links to `/collections` on every storefront page (edge- and container-rendered alike), making collections a real browse path. A bad or unknown slug is a 404.
 
 - v0.0.127 (2026-05-24) — **Self-serve returns — customers request RMAs on their orders, operators approve and refund.** Signed-in customers can request a return against one of their own orders — pick the items and a reason at the order, then track status at /account/returns. Operators work the queue at /admin/returns: approve (with a refund amount), mark received, refund, or reject with a reason, following the pending → approved → received → refunded lifecycle. The customer request route loads the order and confirms it belongs to the signed-in customer before showing it, and builds the return lines from the order's own records, so a foreign or guessed order id returns 404 and a client can't return items it never bought. **Added:** *Customer return requests + status* — `/account/orders/:order_id/return` shows the order's items with a reason picker; `/account/returns` lists the customer's RMAs with status (pending / approved / received / refunded / rejected) and any rejection reason. The account dashboard links to it. Empty selection or a bad reason re-renders the form with the message. · *Operator return queue* — `GET /admin/returns?status=pending` lists the queue across all orders; `GET /admin/returns/:id` reads one; `POST /admin/returns/:id/approve` (with refund amount), `/received`, `/refund`, and `/reject` (with reason) walk the lifecycle. Bearer-token-gated; an illegal transition is a 409 and a bad id a 404, never a 500. · *`returns.listByStatus(status, opts)`* — Lists return authorizations across all orders by status, newest first, with the same opaque cursor as `listForCustomer`. Backs the operator queue.

package/README.md

@@ -68,6 +68,7 @@ Every primitive is composed on the vendored blamejs surface — no npm runtime d
 | **`lib/save-for-later.js`** | Per-customer cart holding list. Each cart line gets a login-gated "Save for later" control (`POST /cart/lines/:id/save` → `moveFromCart`); `/account/saved` lists items with Move-to-cart / Remove. `moveToCart` reprices to the current catalog price and stock-gates (out-of-stock + non-backorderable is refused). Composes `catalog.inventory` + `catalog.prices` + `catalog.variants`. |
 | **`lib/addresses.js`** | Per-customer address book at `/account/addresses` — add / edit / set default shipping or billing / remove. One-default-per-role invariant (promoting clears the prior). Every by-id route confirms the address belongs to the signed-in customer before acting (a guessed id returns 404). `b.guardUuid` ids, 2-char ISO country. |
 | **`lib/returns.js`** | Self-serve RMAs. Customer requests a return against their own order at `/account/orders/:id/return` (items + reason, ownership-checked, lines built from the order's own records) and tracks status at `/account/returns`. Operators work `/admin/returns` — approve (refund amount) / mark received / refund / reject — over the pending → approved → received → refunded FSM; illegal transitions are 409, bad ids 404. |
+| **`lib/recently-viewed.js`** | Signed-in customer browse history. A product-page visit records the view server-side against the customer's account (drop-silent — never blocks the page); `/account/recently-viewed` lists them newest-first as a grid with a Clear-history control. De-duped + capped per customer, archived products drop out, login-gated. Guest/session history is opt-in (a client beacon) and not shipped — the lib's `forSession` + `merge` support it. |
 | **`lib/collections.js`** | Curated + smart product groupings. `GET /collections` lists the shop's active collections; `GET /collections/:slug` renders the grid — manual collections list hand-picked members, smart collections evaluate stored rules against the active catalog and apply the collection's sort strategy. Each product resolves fresh, so archived products drop out. Public, no sign-in; a bad or unknown slug is a 404 (never a 500). Linked from the footer on every page. |
 | **`lib/subscriptions.js`** | Stripe-backed recurring billing — `subscription_plans` (interval / amount / trial) + `subscriptions` (mirrors Stripe's object byte-for-byte). `subscriptions.create` POSTs to Stripe via the payment dep, then persists the returned object locally. `handleStripeEvent` replays `customer.subscription.*` events into the local row so the shop has an authoritative view without round-tripping. |
 | **`lib/newsletter.js`** | Operator-collected email broadcast list — `signup({ email, source })` composes `b.guardEmail` for shape validation, `b.crypto.namespaceHash` for the dedup key, and `INSERT OR IGNORE` for idempotency. Storefront POST `/newsletter` route renders a designed thank-you card with separate copy for the `new` vs `dedup` branches. |
@@ -92,6 +93,7 @@ Every primitive is composed on the vendored blamejs surface — no npm runtime d
 - `migrations-d1/0026_customer_addresses.sql` — per-customer address book (default shipping/billing flags)
 - `migrations-d1/0023_returns.sql` — return authorizations + lines (RMA lifecycle FSM)
 - `migrations-d1/0043_collections.sql` — manual + smart product collections (members + rules + sort strategy)
+- `migrations-d1/0050_recently_viewed.sql` — per-customer / per-session product browse history (dedup + per-subject cap)
 
 ### Demo seed
 

package/lib/admin.js

@@ -84,10 +84,9 @@ function _parseLimit(str, label, max, fallback) {
 
 // ---- HTML escape + dashboard layout ------------------------------------
 
-var HTML_ESCAPE_MAP = { "&": "&amp;", "<": "&lt;", ">": "&gt;", "\"": "&quot;", "'": "&#39;" };
 function _htmlEscape(s) {
   if (s == null) return "";
-  return String(s).replace(/[&<>"']/g, function (c) { return HTML_ESCAPE_MAP[c]; });
+  return _b().template.escapeHtml(String(s));
 }
 
 // ---- bearer auth --------------------------------------------------------

package/lib/affiliates.js

@@ -135,6 +135,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- validators ---------------------------------------------------------
 
@@ -677,10 +678,10 @@ function create(opts) {
         throw paused;
       }
 
-      // Dedupe within one calendar minute (60000 ms). A refresh in
+      // Dedupe within one calendar minute. A refresh in
       // the same minute collapses to a single visit; later traffic
       // gets its own row so funnel-stats stay coherent.
-      var dedupeWindow = 60000;
+      var dedupeWindow = C.TIME.minutes(1);
       var existing = await query(
         "SELECT id FROM affiliate_visits " +
         "WHERE visitor_session_id_hash = ?1 AND code = ?2 AND occurred_at >= ?3 " +
@@ -741,7 +742,7 @@ function create(opts) {
       );
       for (var i = 0; i < r.rows.length; i += 1) {
         var row = r.rows[i];
-        var windowMs = Number(row.attribution_window_days) * 24 * 3600 * 1000;
+        var windowMs = Number(row.attribution_window_days) * C.TIME.days(1);
         if (now - Number(row.occurred_at) <= windowMs) {
           return {
             visit_id:     row.visit_id,

package/lib/analytics.js

@@ -92,9 +92,10 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
-var ONE_YEAR_MS = 365 * 24 * 60 * 60 * 1000;
-var DEFAULT_WINDOW_MS = 30 * 24 * 60 * 60 * 1000;
+var ONE_YEAR_MS = C.TIME.days(365);
+var DEFAULT_WINDOW_MS = C.TIME.days(30);
 
 // ---- validators ---------------------------------------------------------
 

package/lib/api-keys.js

@@ -76,7 +76,7 @@ var TOKEN_BYTE_LEN          = 32;
 var TOKEN_PLAINTEXT_LEN     = 43;
 var TOKEN_PLAINTEXT_RE      = /^[A-Za-z0-9_-]{43}$/;
 
-var ROTATION_GRACE_MS       = 24 * 60 * 60 * 1000;
+var ROTATION_GRACE_MS       = _b().constants.TIME.days(1);
 
 var OWNER_TYPES             = ["operator", "app", "affiliate", "tenant"];
 var STATUSES                = ["active", "rotated", "revoked", "expired"];

package/lib/assembly-instructions.js

@@ -110,6 +110,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -126,7 +127,7 @@ var MAX_LIMIT         = 500;
 var DEFAULT_LIMIT     = 50;
 var MAX_DAYS          = 3650;
 var SESSION_NAMESPACE = "assembly-instructions-session";
-var DAY_MS            = 24 * 60 * 60 * 1000;
+var DAY_MS            = C.TIME.days(1);
 
 // ---- monotonic clock ----------------------------------------------------
 //

package/lib/auto-replenish.js

@@ -91,6 +91,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -110,9 +111,9 @@ var MAX_LIMIT           = 500;
 // again. Stored as constants so tests can read them when constructing
 // "tick just-after-last-run" scenarios.
 var SCHEDULE_INTERVAL_MS = Object.freeze({
-  hourly: 60 * 60 * 1000,
-  daily:  24 * 60 * 60 * 1000,
-  weekly: 7 * 24 * 60 * 60 * 1000,
+  hourly: C.TIME.hours(1),
+  daily:  C.TIME.days(1),
+  weekly: C.TIME.days(7),
 });
 
 // ---- monotonic clock ----------------------------------------------------

package/lib/backorder.js

@@ -82,13 +82,14 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
 var SKU_RE          = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 var MAX_MESSAGE_LEN = 280;
 var MAX_REASON_LEN  = 280;
-var WEEK_MS         = 7 * 24 * 60 * 60 * 1000;
+var WEEK_MS         = C.TIME.days(7);
 
 var BACKORDER_STATUSES = Object.freeze(["pending", "fulfilled", "cancelled"]);
 

package/lib/business-hours.js

@@ -69,6 +69,13 @@
  * @related   shop.deliveryEstimate
  */
 
+var bShop;
+function _b() {
+  if (!bShop) bShop = require("./index");
+  return bShop.framework;
+}
+var C = _b().constants;
+
 var MAX_SLUG_LEN     = 64;
 var SLUG_RE          = /^[a-z0-9][a-z0-9_-]{0,63}$/;
 
@@ -81,7 +88,7 @@ var YMD_RE           = /^\d{4}-\d{2}-\d{2}$/;
 var MAX_WEEKLY_HOURS = 64;       // 7 days x 8 split-shifts each is more than any real schedule needs
 var MAX_NAME_LEN     = 200;
 
-var DAY_MS           = 24 * 60 * 60 * 1000;
+var DAY_MS           = C.TIME.days(1);
 var SEARCH_DAYS      = 366 * 2;  // worst-case "find next open" walk — 2 calendar years of closures
 
 // ---- validators ---------------------------------------------------------

package/lib/carrier-accounts.js

@@ -99,7 +99,7 @@ var CARRIERS = Object.freeze([
 
 var STATUSES = Object.freeze(["active", "disabled", "rotating"]);
 
-var ROTATION_GRACE_MS = 24 * 60 * 60 * 1000;
+var ROTATION_GRACE_MS = _b().constants.TIME.days(1);
 
 var NS_ACCOUNT_NUMBER = "carrier-account-account-number";
 var NS_API_KEY        = "carrier-account-api-key";

package/lib/carrier-rates.js

@@ -70,7 +70,7 @@ var DEFAULT_RECENT_LIMIT  = 25;
 var MAX_RECENT_LIMIT      = 200;
 
 var MAX_DIMENSION_MM      = 5000;       // 5 m — generous, catches absurd input
-var MAX_WEIGHT_GRAMS      = 1000 * 1000; // 1 t — generous, catches absurd input
+var MAX_WEIGHT_GRAMS      = 1000 * 1000; // allow:raw-time-literal — grams, not a duration (1 t — generous, catches absurd input)
 
 // Lazy framework handle — matches the pattern every other shop
 // primitive uses; avoids the require cycle that would arise from

package/lib/cart-abandonment.js

@@ -53,6 +53,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -71,8 +72,8 @@ var SKIP_REASONS = Object.freeze([
   "opted-out",
 ]);
 
-var DEFAULT_IDLE_THRESHOLD_MS = 24 * 60 * 60 * 1000;          // 24h
-var DEFAULT_MAX_AGE_MS        = 30 * 24 * 60 * 60 * 1000;     // 30d
+var DEFAULT_IDLE_THRESHOLD_MS = C.TIME.days(1);              // 24h
+var DEFAULT_MAX_AGE_MS        = C.TIME.days(30);             // 30d
 var DEFAULT_MAX_CARTS         = 500;
 var MAX_MAX_CARTS             = 5000;
 

package/lib/cart-bulk-ops.js

@@ -64,6 +64,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var SLUG_RE     = /^[a-z0-9](?:[a-z0-9-]{0,198}[a-z0-9])?$/;
 var SKU_RE      = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
@@ -530,7 +531,7 @@ function create(opts) {
         var groupKey = groupOrder[gi];
         var childId = _b().uuid.v7();
         var childSession = "sess_" + _b().uuid.v7().replace(/-/g, "").slice(0, 24);
-        var childExpires = ts + 24 * 60 * 60 * 1000;
+        var childExpires = ts + C.TIME.days(1);
         await query(
           "INSERT INTO carts (id, session_id, customer_id, currency, status, created_at, updated_at, expires_at) " +
           "VALUES (?1, ?2, ?3, ?4, 'active', ?5, ?5, ?6)",

package/lib/cart-recovery.js

@@ -30,9 +30,9 @@
  *       slug:  "default-recovery",
  *       title: "Default 3-step recovery",
  *       steps: [
- *         { step_index: 0, offset_ms:  1 * 3600 * 1000, kind: "reminder"    },
- *         { step_index: 1, offset_ms: 24 * 3600 * 1000, kind: "discount"    },
- *         { step_index: 2, offset_ms: 72 * 3600 * 1000, kind: "last_chance" },
+ *         { step_index: 0, offset_ms: C.TIME.hours(1),  kind: "reminder"    },
+ *         { step_index: 1, offset_ms: C.TIME.hours(24), kind: "discount"    },
+ *         { step_index: 2, offset_ms: C.TIME.hours(72), kind: "last_chance" },
  *       ],
  *     });
  *
@@ -115,6 +115,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -732,7 +733,7 @@ function create(opts) {
             "UPDATE cart_recovery_enrollments SET " +
             "next_step_at = ?1, updated_at = ?2 " +
             "WHERE id = ?3 AND status = 'enrolled'",
-            [now + 3600 * 1000, now, enr.id],
+            [now + C.TIME.hours(1), now, enr.id],
           );
         } else {
           // Clean send. Advance.

package/lib/cart.js

@@ -29,10 +29,14 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+// Framework constants (C.TIME / C.BYTES duration + byte helpers). The
+// index entry point exposes `framework` before the require cascade, so
+// resolving this at module-eval is safe.
+var C = _b().constants;
 
 var CART_STATUSES   = Object.freeze(["active", "abandoned", "converted"]);
-var DEFAULT_TTL_MS  = 30 * 24 * 60 * 60 * 1000;   // 30 days
-var MAX_QTY         = 9999;
+var DEFAULT_TTL_MS  = C.TIME.days(30);
+var MAX_QTY         = 99999;
 var SESSION_ID_RE   = /^[A-Za-z0-9_-]{16,64}$/;   // shape-only; sealed-cookie origin
 var CURRENCY_RE     = /^[A-Z]{3}$/;
 

package/lib/catalog-drafts.js

@@ -104,7 +104,7 @@ var MAX_LIST_LIMIT   = 200;
 var MAX_TAG_LEN      = 64;
 var MAX_CHANGES_PER_DRAFT = 5000;
 
-var ROLLBACK_WINDOW_MS = 7 * 24 * 60 * 60 * 1000;
+var ROLLBACK_WINDOW_MS = _b().constants.TIME.days(7);
 
 // Slug shape matches the project's recurring slug convention used
 // across coupon-stacking / refund-policy / customer-segments — alnum

package/lib/click-and-collect.js

@@ -97,6 +97,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -107,8 +108,8 @@ var MAX_NAME_LEN        = 200;
 var MAX_REASON_LEN      = 280;
 var MAX_SIGNATURE_LEN   = 8192;
 var MAX_LIST_LIMIT      = 200;
-var HOUR_MS             = 3600 * 1000;
-var NO_SHOW_ESCALATE_MS = 7 * 24 * 60 * 60 * 1000;
+var HOUR_MS             = C.TIME.hours(1);
+var NO_SHOW_ESCALATE_MS = C.TIME.days(7);
 var SIGNATURE_NAMESPACE = "click-and-collect-signature";
 
 var PICKUP_STATUSES = Object.freeze([

package/lib/clickstream.js

@@ -98,6 +98,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -124,8 +125,8 @@ var MAX_FUNNEL_STEPS    = 16;
 var MAX_CLEANUP_DAYS    = 365 * 5;
 var MIN_CLEANUP_DAYS    = 1;
 
-var ONE_YEAR_MS         = 365 * 24 * 60 * 60 * 1000;
-var DEFAULT_WINDOW_MS   = 30  * 24 * 60 * 60 * 1000;
+var ONE_YEAR_MS         = C.TIME.days(365);
+var DEFAULT_WINDOW_MS   = C.TIME.days(30);
 
 // Raw-PII shapes refused at every write site (mirrors the analytics
 // guard). A hashed identifier is hex / base64url and never trips
@@ -679,7 +680,7 @@ function create(opts) {
         throw new TypeError("clickstream.cleanupOlderThan: days must be an integer in [" +
                             MIN_CLEANUP_DAYS + ", " + MAX_CLEANUP_DAYS + "]");
       }
-      var cutoff = Date.now() - (days * 24 * 60 * 60 * 1000);
+      var cutoff = Date.now() - (days * C.TIME.days(1));
       var pv = await query(
         "DELETE FROM clickstream_pageviews WHERE occurred_at < ?1",
         [cutoff],

package/lib/config.js

@@ -31,9 +31,10 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var KEY_RE         = /^[a-z][a-z0-9._]{0,63}$/;
-var CACHE_TTL_MS   = 30 * 1000;
+var CACHE_TTL_MS   = C.TIME.seconds(30);
 var MAX_VALUE_LEN  = 64 * 1024;       // 64 KiB — fits even a long jurisdiction table
 
 function _validateKey(k) {

package/lib/cookie-consent.js

@@ -149,6 +149,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- validators --------------------------------------------------------
 
@@ -572,7 +573,7 @@ function create(opts) {
     // out the same way an active one does.
     cleanupOlderThan: async function (days) {
       _positiveInt(days, "days");
-      var cutoff = _now() - (days * 86400 * 1000);
+      var cutoff = _now() - (days * C.TIME.days(1));
       // The subquery picks the freshest row for each
       // `session_id_hash`; the outer DELETE removes every row older
       // than the cutoff that isn't on that survivor list.

package/lib/credit-limits.js

@@ -95,6 +95,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var BILLING_CYCLES = ["weekly", "biweekly", "monthly"];
 var STATUSES       = ["active", "suspended", "closed"];
@@ -106,7 +107,7 @@ var MAX_REF_LEN = 128;
 // injection cover has no legitimate place in a one-line column.
 var PRINTABLE_RE = /^[^\x00-\x1f\x7f]*$/;
 
-var MS_PER_DAY = 86400 * 1000;
+var MS_PER_DAY = C.TIME.days(1);
 
 // Aging buckets. The boundary days are reported as part of the
 // agingReport return shape so downstream invoice rendering doesn't

package/lib/currency-display.js

@@ -56,9 +56,10 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var CURRENCY_RE = /^[A-Z]{3}$/;
-var DEFAULT_TTL_MS = 24 * 60 * 60 * 1000;
+var DEFAULT_TTL_MS = C.TIME.days(1);
 var DEFAULT_SUPPORTED = [
   "USD", "EUR", "GBP", "JPY", "CAD", "AUD", "CHF",
   "SEK", "NOK", "DKK", "NZD", "INR", "BRL", "MXN",

package/lib/customer-activity.js

@@ -95,6 +95,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -103,7 +104,7 @@ var DEFAULT_LIMIT     = 50;
 var MAX_INACTIVE_LIMIT = 500;
 var DEFAULT_INACTIVE_LIMIT = 100;
 
-var MS_PER_DAY = 86400000;
+var MS_PER_DAY = C.TIME.days(1);
 var WINDOW_30D  = 30 * MS_PER_DAY;
 var WINDOW_90D  = 90 * MS_PER_DAY;
 var WINDOW_365D = 365 * MS_PER_DAY;
@@ -111,7 +112,7 @@ var WINDOW_365D = 365 * MS_PER_DAY;
 // Cache freshness window. summarize() returns the cached row when
 // computed_at is within this window AND no source has a newer event
 // than last_activity_at. Same posture as order-timeline's cache.
-var CACHE_TTL_MS = 5 * 60 * 1000;
+var CACHE_TTL_MS = C.TIME.minutes(5);
 
 // Order-FSM events → canonical English titles. Events not in this
 // map fall through with the raw event name as the title.

package/lib/customer-impersonation.js

@@ -137,9 +137,9 @@
 
 var TOKEN_NAMESPACE         = "customer-impersonation-token";
 var TOKEN_BYTES             = 32;
-var DEFAULT_TTL_SECONDS     = 60 * 60;                  // 60-minute default
+var DEFAULT_TTL_SECONDS     = 60 * 60;                  // allow:raw-time-literal — seconds value; C.TIME returns ms (60-minute default)
 var MIN_TTL_SECONDS         = 60;                       // refuse sub-minute
-var MAX_TTL_SECONDS         = 8 * 60 * 60;              // hard ceiling — eight hours
+var MAX_TTL_SECONDS         = 8 * 60 * 60;              // allow:raw-time-literal — seconds value; C.TIME returns ms (hard ceiling — eight hours)
 var MAX_REASON_LEN          = 280;
 var MAX_END_REASON_LEN      = 280;
 var MAX_ENDED_BY_LEN        = 64;
@@ -348,7 +348,7 @@ function create(opts) {
       var tokenHash = _b().crypto.namespaceHash(TOKEN_NAMESPACE, plaintext);
       var id        = _b().uuid.v7();
       var now       = _now();
-      var expiresAt = now + (ttl * 1000);
+      var expiresAt = now + (ttl * 1000); // allow:raw-time-literal — ttl is a runtime seconds value; *1000 converts to ms
 
       await query(
         "INSERT INTO impersonations " +

package/lib/customer-merge.js

@@ -158,7 +158,7 @@ var DEFAULT_LIST_LIMIT   = 50;
 var MAX_CANDIDATE_LIMIT  = 200;
 var DEFAULT_CAND_LIMIT   = 25;
 var MAX_REASON_LEN       = 280;
-var ROLLBACK_WINDOW_MS   = 7 * 24 * 60 * 60 * 1000;
+var ROLLBACK_WINDOW_MS   = _b().constants.TIME.days(7);
 var DEFAULT_SIMILARITY   = 0.85;
 var MIN_SIMILARITY       = 0.50;
 var MAX_SIMILARITY       = 1.00;
@@ -187,6 +187,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- monotonic clock ---------------------------------------------------
 //
@@ -747,8 +748,8 @@ function create(opts) {
       var now = _now();
       if (now - Number(row.executed_at) > ROLLBACK_WINDOW_MS) {
         var winErr = new Error("customerMerge.rollbackMerge: merge_id " + mergeId +
-          " executed " + Math.floor((now - Number(row.executed_at)) / (24 * 60 * 60 * 1000)) +
-          " days ago, past the " + (ROLLBACK_WINDOW_MS / (24 * 60 * 60 * 1000)) +
+          " executed " + Math.floor((now - Number(row.executed_at)) / C.TIME.days(1)) +
+          " days ago, past the " + (ROLLBACK_WINDOW_MS / C.TIME.days(1)) +
           "-day rollback window");
         winErr.code = "CUSTOMER_MERGE_ROLLBACK_WINDOW_EXPIRED";
         throw winErr;

package/lib/customer-portal.js

@@ -75,8 +75,8 @@
 
 var TOKEN_NAMESPACE      = "customer-portal-token";
 var TOKEN_BYTES          = 32;
-var DEFAULT_TTL_SECONDS  = 15 * 60;
-var MAX_TTL_SECONDS      = 60 * 60 * 24;            // hard ceiling — one day
+var DEFAULT_TTL_SECONDS  = 15 * 60;                 // allow:raw-time-literal — seconds value; C.TIME returns ms
+var MAX_TTL_SECONDS      = 60 * 60 * 24;            // allow:raw-time-literal — seconds value; C.TIME returns ms (hard ceiling — one day)
 var MIN_TTL_SECONDS      = 30;                       // refuse zero / negative / sub-30s
 var MAX_REASON_LEN       = 64;
 var MAX_UA_CLASS_LEN     = 64;
@@ -196,7 +196,7 @@ function create(opts) {
       var tokenHash = _b().crypto.namespaceHash(TOKEN_NAMESPACE, plaintext);
       var id        = _b().uuid.v7();
       var now       = _now();
-      var expiresAt = now + (ttl * 1000);
+      var expiresAt = now + (ttl * 1000); // allow:raw-time-literal — ttl is a runtime seconds value; *1000 converts to ms
 
       await query(
         "INSERT INTO customer_portal_sessions " +
@@ -338,7 +338,7 @@ function create(opts) {
     //   worker layer can emit a metric.
     expireOlderThan: async function (seconds) {
       _seconds(seconds, "seconds");
-      var threshold = _now() - (seconds * 1000);
+      var threshold = _now() - (seconds * 1000); // allow:raw-time-literal — seconds is a runtime seconds value; *1000 converts to ms
       var r = await query(
         "UPDATE customer_portal_sessions " +
         "SET status = 'expired' " +

package/lib/customer-risk-profile.js

@@ -120,6 +120,7 @@ function _b() {
   }
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -149,7 +150,7 @@ var BANDS = Object.freeze({
 // score (their lifetime count still reflects them). 90 days matches
 // the typical card-network chargeback-evidence cycle: anything older
 // has already gone through dispute and is settled.
-var RECENT_WINDOW_MS = 90 * 86400 * 1000;
+var RECENT_WINDOW_MS = C.TIME.days(90);
 
 // detail_json byte ceiling. Operators routinely embed order ids,
 // amounts, a few human-readable notes — 8 KiB after JSON-encoding

package/lib/customer-segments.js

@@ -113,6 +113,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var DEFAULT_LIMIT = 100;
 var MAX_LIMIT     = 1000;
@@ -398,7 +399,7 @@ function create(opts) {
       var lastAt = Number(row.last_order_at || 0);
       var aov = orderCount > 0 ? Math.floor(gross / orderCount) : 0;
       var refundBps = orderCount > 0 ? Math.floor((refunded * 10000) / orderCount) : 0;
-      var recencyDays = lastAt > 0 ? Math.floor((nowTs - lastAt) / (24 * 60 * 60 * 1000)) : null;
+      var recencyDays = lastAt > 0 ? Math.floor((nowTs - lastAt) / C.TIME.days(1)) : null;
       out.push({
         customer_id:    row.customer_id,
         order_count:    orderCount,

package/lib/customer-surveys.js

@@ -73,6 +73,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -579,7 +580,7 @@ function create(opts) {
     var plaintext   = _generateToken();
     var tokenHash   = _hashToken(plaintext);
     var issuedAt    = _now();
-    var expiresAt   = issuedAt + (expiresHours * 60 * 60 * 1000);
+    var expiresAt   = issuedAt + (expiresHours * C.TIME.hours(1));
 
     await query(
       "INSERT INTO survey_invitations " +
@@ -904,7 +905,8 @@ function create(opts) {
       out.csat = csatTotal === 0
         ? { positive_pct: 0, mean: 0, positives: 0, neutrals: 0, negatives: 0 }
         : {
-            positive_pct: Math.round((pos / csatTotal) * 1000) / 10,
+            positive_pct: Math.round((pos / csatTotal) * 1000) / 10, // allow:raw-time-literal — percentage scaling factor, not a duration
+
             mean:         Math.round(primary.mean * 100) / 100,
             positives:    pos,
             neutrals:     neu,
@@ -923,7 +925,8 @@ function create(opts) {
         ? { mean: 0, agree_pct: 0, agree: 0 }
         : {
             mean:      Math.round(primary.mean * 100) / 100,
-            agree_pct: Math.round((cesAgree / primary.count) * 1000) / 10,
+            agree_pct: Math.round((cesAgree / primary.count) * 1000) / 10, // allow:raw-time-literal — percentage scaling factor, not a duration
+
             agree:     cesAgree,
           };
     }

package/lib/delivery-estimate.js

@@ -124,9 +124,9 @@ var POSTAL_RE             = /^[A-Za-z0-9][A-Za-z0-9 -]{0,15}$/;
 
 var COUNTRY_RE            = /^[A-Z]{2}$/;
 
-var MAX_WEIGHT_GRAMS      = 1000 * 1000;
+var MAX_WEIGHT_GRAMS      = 1000 * 1000; // allow:raw-time-literal — grams (1000 kg), not a duration
 
-var DAY_MS                = 24 * 60 * 60 * 1000;
+var DAY_MS                = _b().constants.TIME.days(1);
 
 // Lazy framework handle — matches the convention every other shop
 // primitive uses; avoids the require cycle that would arise from

package/lib/demand-forecast.js

@@ -104,6 +104,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -127,7 +128,7 @@ var MAX_UNITS_SOLD      = 1000000000;
 var DEFAULT_WINDOW_DAYS = 30;
 var DEFAULT_ALPHA       = 0.3;
 
-var DAY_MS              = 24 * 60 * 60 * 1000;
+var DAY_MS              = C.TIME.days(1);
 
 // Weekly-seasonality needs at least two full weeks of history to
 // avoid claiming a pattern from one cycle. Monthly-seasonality needs

package/lib/discount-analytics.js

@@ -124,8 +124,8 @@ var MAX_SESSION_LEN  = 256;
 var MAX_TIER_ID_LEN  = 128;
 var MAX_LIMIT        = 200;
 
-var ONE_YEAR_MS       = 365 * 24 * 60 * 60 * 1000;
-var DEFAULT_WINDOW_MS = 30 * 24 * 60 * 60 * 1000;
+var ONE_YEAR_MS       = _b().constants.TIME.days(365);
+var DEFAULT_WINDOW_MS = _b().constants.TIME.days(30);
 
 // Coupon-code shape — alnum + dot/dash/underscore plus a `:` to
 // admit the `tier:<id>` convention. Length-capped so a giant string