@blamejs/blamejs-shop 0.0.129 → 0.1.1

package/lib/operator-sessions.js

@@ -140,16 +140,16 @@
 
 var TOKEN_NAMESPACE         = "operator-session-token";
 var TOKEN_BYTES             = 32;
-var DEFAULT_TTL_SECONDS     = 8 * 60 * 60;             // 8-hour shift default
+var DEFAULT_TTL_SECONDS     = 8 * 60 * 60;             // allow:raw-time-literal — TTL stored in seconds; C.TIME returns ms (8-hour shift default)
 var MIN_TTL_SECONDS         = 60;                       // refuse zero / sub-minute
-var MAX_TTL_SECONDS         = 60 * 60 * 24;             // hard ceiling — one day
+var MAX_TTL_SECONDS         = 60 * 60 * 24;             // allow:raw-time-literal — TTL stored in seconds; C.TIME returns ms (hard ceiling — one day)
 var MAX_REASON_LEN          = 64;
 var MAX_UA_CLASS_LEN        = 64;
 var MAX_IP_HASH_LEN         = 256;
 var MIN_IP_HASH_LEN         = 1;
-var DEFAULT_LOCKOUT_WINDOW  = 15 * 60;                  // 15-minute rolling window
+var DEFAULT_LOCKOUT_WINDOW  = 15 * 60;                  // allow:raw-time-literal — lockout window stored in seconds; C.TIME returns ms (15-minute rolling window)
 var DEFAULT_LOCKOUT_THRESH  = 5;                        // 5 failures trips lockout
-var MAX_LOCKOUT_WINDOW      = 24 * 60 * 60;             // sanity cap — one day
+var MAX_LOCKOUT_WINDOW      = 24 * 60 * 60;             // allow:raw-time-literal — lockout window stored in seconds; C.TIME returns ms (sanity cap — one day)
 var MIN_LOCKOUT_THRESHOLD   = 1;
 var MAX_LOCKOUT_THRESHOLD   = 1000;
 
@@ -344,7 +344,7 @@ function create(opts) {
       var tokenHash = _b().crypto.namespaceHash(TOKEN_NAMESPACE, plaintext);
       var id        = _b().uuid.v7();
       var now       = _now();
-      var expiresAt = now + (ttl * 1000);
+      var expiresAt = now + (ttl * 1000);   // allow:raw-time-literal — ttl is in seconds; * 1000 converts to ms
 
       await query(
         "INSERT INTO operator_sessions " +
@@ -615,7 +615,7 @@ function create(opts) {
     // emit a metric.
     expireOlderThan: async function (seconds) {
       _seconds(seconds, "seconds");
-      var threshold = _now() - (seconds * 1000);
+      var threshold = _now() - (seconds * 1000);   // allow:raw-time-literal — seconds arg is in seconds; * 1000 converts to ms
       var r = await query(
         "UPDATE operator_sessions " +
         "SET status = 'expired' " +
@@ -646,7 +646,7 @@ function create(opts) {
       }
       var windowSec = _lockoutWindow(lopts.window_seconds);
       var threshold = _lockoutThreshold(lopts.threshold);
-      var since     = _now() - (windowSec * 1000);
+      var since     = _now() - (windowSec * 1000);   // allow:raw-time-literal — windowSec is in seconds; * 1000 converts to ms
       var r = await query(
         "SELECT COUNT(*) AS n FROM operator_failed_logins " +
         "WHERE ip_hash = ?1 AND occurred_at >= ?2",

package/lib/order-exchanges.js

@@ -301,6 +301,7 @@ function create(opts) {
           sku:        existing.replacement_sku,
           variant_id: existing.replacement_variant_id || null,
           quantity:   existing.replacement_qty,
+          // allow:raw-time-literal — hold TTL in SECONDS (passed to holdForCart's ttl_seconds); C.TIME returns ms
           ttl_seconds: input.hold_ttl_seconds || 86400,
         });
       }

package/lib/order-timeline.js

@@ -101,6 +101,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -113,7 +114,7 @@ var DEFAULT_RECENT_LIMIT = 20;
 // pathological "no new events but the cache is stale" case still
 // recomputes after a few minutes — gives the operator dashboard
 // fresh totals even when the underlying primitives are quiet.
-var CACHE_TTL_MS = 5 * 60 * 1000;
+var CACHE_TTL_MS = C.TIME.minutes(5);
 
 // BCP-47 shape: 2-3 alpha primary subtag, optional region/script
 // subtags. Matches the shape gift-options uses for the same purpose.

package/lib/payment-retries.js

@@ -133,6 +133,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -146,7 +147,7 @@ var MAX_SCHEDULE_STEPS    = 64;
 var MAX_ATTEMPTS_CAP      = 64;
 var MAX_LIST_LIMIT        = 500;
 var DEFAULT_LIST_LIMIT    = 100;
-var MS_PER_HOUR           = 60 * 60 * 1000;
+var MS_PER_HOUR           = C.TIME.hours(1);
 
 var SLUG_RE          = /^[a-z](?:[a-z0-9-]*[a-z0-9])?$/;
 var FAILURE_CODE_RE  = /^[a-z](?:[a-z0-9_]*[a-z0-9])?$/;

package/lib/payment.js

@@ -28,6 +28,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var STRIPE_API_BASE_DEFAULT  = "https://api.stripe.com/v1";
 var STRIPE_WEBHOOK_TOLERANCE = 300;   // ± 5 minutes (Stripe default)
@@ -38,7 +39,7 @@ var CURRENCY_RE              = /^[a-z]{3}$/;   // Stripe wants lowercase ISO 421
 // expires on the same window — operators who run `cleanupExpired()`
 // on a daily schedule keep the table small without ever shortening
 // the replay window below Stripe's own retention.
-var IDEMPOTENCY_TTL_MS       = 24 * 60 * 60 * 1000;
+var IDEMPOTENCY_TTL_MS       = C.TIME.days(1);
 var IDEMPOTENCY_NAMESPACE    = "payment-idempotency-body";
 var IDEMPOTENT_OPERATIONS    = {
   "payment_intent.create": true,
@@ -124,8 +125,8 @@ async function _verifyWebhook(headers, rawBody, secret, opts) {
   if (!headerVal) return { ok: false, reason: "no-signature" };
 
   var toleranceMs = opts.toleranceSeconds == null
-    ? STRIPE_WEBHOOK_TOLERANCE * 1000
-    : opts.toleranceSeconds * 1000;
+    ? STRIPE_WEBHOOK_TOLERANCE * 1000 // allow:raw-time-literal — seconds value; *1000 converts to ms
+    : opts.toleranceSeconds * 1000;   // allow:raw-time-literal — runtime seconds value; *1000 converts to ms
   if (typeof toleranceMs !== "number" || !isFinite(toleranceMs) || toleranceMs <= 0) {
     throw new TypeError("payment.verifyWebhook: toleranceSeconds must be a positive number");
   }
@@ -138,7 +139,7 @@ async function _verifyWebhook(headers, rawBody, secret, opts) {
       body:        rawBody,
       toleranceMs: toleranceMs,
       nonceStore:  opts.nonceStore || undefined,
-      _nowMs:      opts.now != null ? opts.now * 1000 : undefined,
+      _nowMs:      opts.now != null ? opts.now * 1000 : undefined, // allow:raw-time-literal — opts.now is a runtime seconds value; *1000 converts to ms
     });
   } catch (e) {
     var code = (e && e.code) || "";

package/lib/pixel-events.js

@@ -103,6 +103,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -159,11 +160,11 @@ var PHONE_RAW_RE    = /^\+?[0-9 ().\-]{7,32}$/;
 // request — runaway retries against a permanently-broken provider
 // credential would otherwise saturate the worker tick.
 var RETRY_BACKOFF_MS = [
-  60 * 1000,
-  5 * 60 * 1000,
-  30 * 60 * 1000,
-  2 * 60 * 60 * 1000,
-  12 * 60 * 60 * 1000,
+  C.TIME.minutes(1),
+  C.TIME.minutes(5),
+  C.TIME.minutes(30),
+  C.TIME.hours(2),
+  C.TIME.hours(12),
 ];
 
 // ---- monotonic clock ---------------------------------------------------

package/lib/preorder.js

@@ -108,6 +108,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -116,7 +117,7 @@ var SKU_RE          = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 var CURRENCY_RE     = /^[A-Z]{3}$/;
 var MAX_COPY_LEN    = 2000;
 var MAX_REASON_LEN  = 280;
-var DAY_MS          = 24 * 60 * 60 * 1000;
+var DAY_MS          = C.TIME.days(1);
 
 var CAMPAIGN_STATUSES    = Object.freeze(["active", "launched", "closed"]);
 var RESERVATION_STATUSES = Object.freeze(["active", "converted", "cancelled"]);

package/lib/print-queue.js

@@ -113,6 +113,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -573,7 +574,7 @@ function create(opts) {
         throw new TypeError("print-queue.cleanupCompleted: input object required");
       }
       _hours(input.older_than_hours, "older_than_hours");
-      var cutoff = _now() - Math.floor(input.older_than_hours * 60 * 60 * 1000);
+      var cutoff = _now() - Math.floor(C.TIME.hours(input.older_than_hours));
       var r = await query(
         "DELETE FROM print_jobs WHERE status IN ('complete', 'cancelled', 'failed') " +
         "AND COALESCE(completed_at, failed_at, created_at) < ?1",

package/lib/product-compare.js

@@ -80,6 +80,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -775,7 +776,7 @@ function create(opts) {
     // dashboard can render the sweep's footprint.
     cleanupOlderThan: async function (days) {
       _days(days);
-      var threshold = _now() - (days * 24 * 60 * 60 * 1000);
+      var threshold = _now() - C.TIME.days(days);
       var lists = await query(
         "DELETE FROM compare_lists WHERE updated_at < ?1",
         [threshold],

package/lib/product-qa.js

@@ -91,6 +91,7 @@ function _b() {
   if (!bShop) { bShop = require("./index"); }
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- monotonic clock ---------------------------------------------------
 //
@@ -689,7 +690,7 @@ function create(opts) {
   // attached to non-rejected questions.
   async function cleanupRejected(days) {
     var d = _cleanupDays(days);
-    var cutoff = _now() - (d * 24 * 60 * 60 * 1000);
+    var cutoff = _now() - C.TIME.days(d);
 
     var qDel = await query(
       "DELETE FROM product_qa_questions WHERE status = 'rejected' AND occurred_at < ?1",

package/lib/push-notifications.js

@@ -73,6 +73,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -108,11 +109,11 @@ var MAX_PROV_MSG_ID_LEN  = 256;
 // to compute `next_retry_at`; once the schedule is exhausted the row
 // terminates as failed regardless of the caller's `retry` request.
 var RETRY_BACKOFF_MS = [
-  60 * 1000,
-  5 * 60 * 1000,
-  30 * 60 * 1000,
-  2 * 60 * 60 * 1000,
-  12 * 60 * 60 * 1000,
+  C.TIME.minutes(1),
+  C.TIME.minutes(5),
+  C.TIME.minutes(30),
+  C.TIME.hours(2),
+  C.TIME.hours(12),
 ];
 
 var SLUG_RE         = /^[a-z](?:[a-z0-9-]*[a-z0-9])?$/;

package/lib/recently-viewed.js

@@ -76,10 +76,15 @@
  * @related   b.guardUuid, b.crypto.namespaceHash, b.uuid
  */
 
+// `_b()` is a hoisted function declaration (defined below); resolving the
+// framework constants here at module-eval is safe — the index entry point
+// exposes `framework` before the require cascade.
+var C = _b().constants;
+
 var DEFAULT_LIMIT       = 20;
 var MAX_LIMIT           = 100;
 var PER_SUBJECT_CAP     = 20;
-var DEDUP_WINDOW_MS     = 5 * 60 * 1000;
+var DEDUP_WINDOW_MS     = C.TIME.minutes(5);
 var SESSION_NAMESPACE   = "recently-viewed-session";
 var SESSION_ID_RE       = /^[A-Za-z0-9_-]{16,64}$/;
 var RECOMMEND_LIMIT     = 10;
@@ -479,7 +484,7 @@ function create(opts) {
     // shopper population grows.
     cleanupOlderThan: async function (days) {
       _days(days);
-      var threshold = Date.now() - (days * 24 * 60 * 60 * 1000);
+      var threshold = Date.now() - C.TIME.days(days);
       var r = await query(
         "DELETE FROM recently_viewed WHERE last_viewed_at < ?1",
         [threshold],

package/lib/recommendations.js

@@ -106,13 +106,18 @@
  *            shop.recentlyViewed, shop.analytics, shop.catalog
  */
 
+// `_b()` is a hoisted function declaration (defined below); resolving the
+// framework constants here at module-eval is safe — the index entry point
+// exposes `framework` before the require cascade.
+var C = _b().constants;
+
 var DEFAULT_LIMIT      = 8;
 var MAX_LIMIT          = 50;
 var MAX_CART_PRODUCTS  = 50;
 var DEFAULT_WEIGHT     = 100;
 var MAX_WEIGHT         = 1000000;
-var ONE_YEAR_MS        = 365 * 24 * 60 * 60 * 1000;
-var DEFAULT_WINDOW_MS  = 30 * 24 * 60 * 60 * 1000;
+var ONE_YEAR_MS        = C.TIME.days(365);
+var DEFAULT_WINDOW_MS  = C.TIME.days(30);
 var KINDS              = ["product", "cart", "customer", "category"];
 var EVENT_TYPES        = ["impression", "click", "conversion"];
 var SESSION_NAMESPACE  = "recommendations-session";

package/lib/referral-leaderboard.js

@@ -83,6 +83,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var TIERS = ["bronze", "silver", "gold", "platinum"];
 
@@ -100,7 +101,7 @@ var DEFAULT_TIER_BONUS_POINTS = {
   platinum: 10000,
 };
 
-var MS_PER_DAY = 24 * 60 * 60 * 1000;
+var MS_PER_DAY = C.TIME.days(1);
 var ROLLING_WINDOW_DAYS = 90;
 
 var MAX_LEADERBOARD_LIMIT = 100;

package/lib/refund-automation.js

@@ -122,7 +122,7 @@ var MAX_PRIORITY              = 1000000;
 var MAX_LIST_LIMIT            = 200;
 var MAX_REASONS_PER_RULE      = 32;
 var MAX_CURRENCIES_PER_RULE   = 32;
-var MS_PER_YEAR               = 365 * 24 * 60 * 60 * 1000;
+var MS_PER_YEAR               = _b().constants.TIME.days(365);
 
 // Slug shape matches coupon-stacking / refund-policy convention.
 var SLUG_RE       = /^[A-Za-z0-9][A-Za-z0-9._-]{0,79}$/;

package/lib/refund-policy.js

@@ -81,7 +81,7 @@ var MAX_STATUS_LEN        = 64;
 var MAX_WINDOW_DAYS       = 36500;          // ~100 years; refuses absurd values
 var MAX_PRIORITY          = 1000000;
 var MAX_LIST_LIMIT        = 200;
-var MS_PER_DAY            = 24 * 60 * 60 * 1000;
+var MS_PER_DAY            = _b().constants.TIME.days(1);
 
 // Slug shape matches coupon-stacking / promo-banners / customer-segments
 // convention — alnum + hyphen + underscore + dot, leading char alnum,

package/lib/reorder-reminders.js

@@ -101,13 +101,14 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
 var SKU_RE              = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 var SLUG_RE             = /^[a-z0-9][a-z0-9._-]{0,127}$/;
 var ID_RE               = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
-var DAY_MS              = 24 * 60 * 60 * 1000;
+var DAY_MS              = C.TIME.days(1);
 var MAX_INTERVAL_DAYS   = 3650;        // 10 years — same envelope as supplier lead times; refuses Number.MAX_SAFE_INTEGER typos
 var MAX_BATCH_SIZE      = 500;
 var DEFAULT_BATCH_SIZE  = 100;

package/lib/reorder-thresholds.js

@@ -113,6 +113,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -120,7 +121,7 @@ var SKU_RE              = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 var CODE_RE             = /^[A-Za-z0-9][A-Za-z0-9._-]{0,63}$/;
 var SLUG_RE             = /^[a-z0-9][a-z0-9-]{0,63}$/;
 var ID_RE               = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
-var DAY_MS              = 24 * 60 * 60 * 1000;
+var DAY_MS              = C.TIME.days(1);
 var VELOCITY_WINDOW_DAYS = 30;
 var MAX_LIMIT           = 500;
 var MAX_LEAD_TIME_DAYS  = 3650;   // 10 years — high enough to cover any real-world supplier promise; low enough to refuse a Number.MAX_SAFE_INTEGER typo

package/lib/robots-config.js

@@ -91,6 +91,7 @@ var MAX_PATH_LEN        = 512;
 var MAX_PATHS_PER_RULE  = 200;
 var MAX_SITEMAP_URL_LEN = 2048;
 var MAX_HOST_LEN        = 255;
+// allow:raw-time-literal — robots.txt Crawl-delay is a seconds value; C.TIME returns ms
 var MAX_CRAWL_DELAY     = 86400;     // 24 h — anything larger is a typo
 var MAX_PRIORITY        = 1000000;
 var MAX_RULE_ID_LEN     = 80;

package/lib/sales-reports.js

@@ -101,10 +101,11 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
-var ONE_YEAR_MS  = 365 * 24 * 60 * 60 * 1000;
-var DEFAULT_WINDOW_MS = 30 * 24 * 60 * 60 * 1000;
-var DAY_MS       = 24 * 60 * 60 * 1000;
+var ONE_YEAR_MS  = C.TIME.days(365);
+var DEFAULT_WINDOW_MS = C.TIME.days(30);
+var DAY_MS       = C.TIME.days(1);
 
 // Cache TTL by report key. Operator can override per-call via
 // `cache_ttl_ms`; these are the safe defaults — short enough that a
@@ -112,17 +113,17 @@ var DAY_MS       = 24 * 60 * 60 * 1000;
 // hammering the dashboard doesn't re-scan the orders table on every
 // keystroke.
 var DEFAULT_CACHE_TTL_MS = {
-  revenue_by_day:           60 * 1000,
-  revenue_by_week:          5 * 60 * 1000,
-  revenue_by_month:         10 * 60 * 1000,
-  top_products:             5 * 60 * 1000,
-  top_customers:            5 * 60 * 1000,
-  revenue_by_country:       5 * 60 * 1000,
-  revenue_by_payment:       5 * 60 * 1000,
-  customer_cohort:          15 * 60 * 1000,
-  aov:                      60 * 1000,
-  refund_rate:              60 * 1000,
-  funnel:                   60 * 1000,
+  revenue_by_day:           C.TIME.minutes(1),
+  revenue_by_week:          C.TIME.minutes(5),
+  revenue_by_month:         C.TIME.minutes(10),
+  top_products:             C.TIME.minutes(5),
+  top_customers:            C.TIME.minutes(5),
+  revenue_by_country:       C.TIME.minutes(5),
+  revenue_by_payment:       C.TIME.minutes(5),
+  customer_cohort:          C.TIME.minutes(15),
+  aov:                      C.TIME.minutes(1),
+  refund_rate:              C.TIME.minutes(1),
+  funnel:                   C.TIME.minutes(1),
 };
 
 var CACHE_NAMESPACE = "sales-report-cache";
@@ -663,7 +664,9 @@ function create(opts) {
           // Calendar-month arithmetic on the cohort string. SQLite
           // can do this natively via the modifier shape
           // `'YYYY-MM-01', '+N months'`.
+          // allow:raw-time-literal — SQL strftime('%s') returns unix seconds; * 1000 converts to ms in SQLite
           var rangeStartSql = "strftime('%s', ?1 || '-01', '+' || ?2 || ' months') * 1000";
+          // allow:raw-time-literal — SQL strftime('%s') returns unix seconds; * 1000 converts to ms in SQLite
           var rangeEndSql   = "strftime('%s', ?1 || '-01', '+' || (?2 + 1) || ' months') * 1000";
           var rangeRow = await query(
             "SELECT " + rangeStartSql + " AS rs, " + rangeEndSql + " AS re",

package/lib/sales-tax-filings.js

@@ -108,6 +108,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -766,7 +767,7 @@ function create(opts) {
     }
     var days = _daysAhead(input.days_ahead);
     var nowTs = input.now == null ? _now() : _epoch(input.now, "now");
-    var horizon = nowTs + (days * 24 * 60 * 60 * 1000);
+    var horizon = nowTs + C.TIME.days(days);
 
     var r = await query(
       "SELECT * FROM sales_tax_filings " +

package/lib/save-for-later.js

@@ -76,6 +76,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 function _uuid(s, label) {
   try { return _b().guardUuid.sanitize(s, { profile: "strict" }); }
@@ -649,7 +650,7 @@ function create(opts) {
     // cron / scheduled-worker layer can emit a metric.
     expireOlderThan: async function (days) {
       _days(days);
-      var threshold = _now() - (days * 24 * 60 * 60 * 1000);
+      var threshold = _now() - C.TIME.days(days);
       var r = await query(
         "DELETE FROM save_for_later WHERE saved_at < ?1",
         [threshold],

package/lib/search-suggestions.js

@@ -76,7 +76,7 @@ var MAX_PREFIX_LEN        = 100;
 var MAX_DISPLAY_TEXT_LEN  = 200;
 var MAX_LINK_URL_LEN      = 2048;
 var MAX_RESULT_COUNT      = 1000000;
-var POPULAR_WINDOW_MS     = 30 * 24 * 60 * 60 * 1000;
+var POPULAR_WINDOW_MS     = _b().constants.TIME.days(30);
 var FEATURED_STATUSES     = ["active", "expired", "draft"];
 var ALLOWED_FEATURED_COLS = [
   "prefix", "display_text", "link_url", "priority",

package/lib/shipping-insurance.js

@@ -98,6 +98,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ---------------------------------------------------------
 
@@ -109,7 +110,7 @@ var MAX_NAME_LEN     = 200;
 var MAX_AMOUNT_MINOR = 1000000000;   // $10,000,000.00 — sane upper cap
 var MAX_RATE_BPS     = 10000;        // 100% — exclusive ceiling
 var MAX_CLAIM_DAYS   = 3650;         // 10 years — sane upper cap
-var DAY_MS           = 24 * 60 * 60 * 1000;
+var DAY_MS           = C.TIME.days(1);
 
 var CLAIM_TYPES = Object.freeze(["lost", "damaged", "stolen", "not_delivered"]);
 var INSURANCE_STATUSES = Object.freeze(["active", "cancelled", "expired"]);

package/lib/shipping-labels.js

@@ -63,6 +63,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -90,7 +91,7 @@ var MAX_CUSTOMS_LINES     = 100;
 var DEFAULT_PENDING_LIMIT = 25;
 var MAX_PENDING_LIMIT     = 200;
 
-var VOID_WINDOW_MS        = 30 * 24 * 60 * 60 * 1000; // 30 days
+var VOID_WINDOW_MS        = C.TIME.days(30); // 30 days
 
 // ---- validators ---------------------------------------------------------
 
@@ -407,7 +408,7 @@ function create(opts) {
       // when it forwards the void to the broker.
       if (ts - row.purchased_at > VOID_WINDOW_MS) {
         var werr = new Error("shipping-labels.voidLabel: refused — label was purchased more than 30 days ago (" +
-          Math.floor((ts - row.purchased_at) / 86400000) + " days)");
+          Math.floor((ts - row.purchased_at) / C.TIME.days(1)) + " days)");
         werr.code = "SHIPPING_LABELS_VOID_WINDOW_EXPIRED";
         throw werr;
       }

package/lib/shipping-zones.js

@@ -81,6 +81,7 @@ var REGION_RE             = /^[A-Z0-9]{1,3}$/;
 var MAX_RATES             = 256;
 var MAX_SERVICE_LABEL_LEN = 128;
 
+// allow:raw-time-literal — grams (1 t), not a duration; the `* 1000` is a mass conversion
 var MAX_WEIGHT_GRAMS      = 1000 * 1000;   // 1 t — generous, refuses absurd input
 var MAX_ORDER_MINOR       = 1e12;          // 10 billion in the minor unit — generous
 

package/lib/shrinkage-report.js

@@ -134,10 +134,11 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
-var DAY_MS          = 24 * 60 * 60 * 1000;
+var DAY_MS          = C.TIME.days(1);
 var TWO_YEARS_MS    = 730 * DAY_MS;
 var MAX_LIMIT       = 100;
 var DEFAULT_LIMIT   = 10;
@@ -152,13 +153,13 @@ var CACHE_NAMESPACE = "shrinkage-report-cache";
 // computation is the heaviest and the operator response time on a
 // red-flag alert is minutes-not-seconds.
 var DEFAULT_CACHE_TTL_MS = Object.freeze({
-  report:               60 * 1000,
-  top_locations:        5 * 60 * 1000,
-  top_skus:             5 * 60 * 1000,
-  category_comparison:  5 * 60 * 1000,
-  monthly_trend:        10 * 60 * 1000,
-  reason_pie:           5 * 60 * 1000,
-  anomalies:            15 * 60 * 1000,
+  report:               C.TIME.minutes(1),
+  top_locations:        C.TIME.minutes(5),
+  top_skus:             C.TIME.minutes(5),
+  category_comparison:  C.TIME.minutes(5),
+  monthly_trend:        C.TIME.minutes(10),
+  reason_pie:           C.TIME.minutes(5),
+  anomalies:            C.TIME.minutes(15),
 });
 
 // Reason-category mapping. Frozen at module load so the operator-

package/lib/sms-dispatcher.js

@@ -66,6 +66,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -95,11 +96,11 @@ var MAX_PROVIDER_REF_LEN = 256;
 // to compute `next_retry_at`; once the schedule is exhausted the row
 // terminates as failed regardless of the caller's `retry` request.
 var RETRY_BACKOFF_MS = [
-  60 * 1000,
-  5 * 60 * 1000,
-  30 * 60 * 1000,
-  2 * 60 * 60 * 1000,
-  12 * 60 * 60 * 1000,
+  C.TIME.minutes(1),
+  C.TIME.minutes(5),
+  C.TIME.minutes(30),
+  C.TIME.hours(2),
+  C.TIME.hours(12),
 ];
 
 var SLUG_RE          = /^[a-z](?:[a-z0-9-]*[a-z0-9])?$/;

package/lib/stock-alerts.js

@@ -57,7 +57,7 @@ var TOKEN_NAMESPACE = "stock-alert-token";
 var TOKEN_BYTES     = 24;                // 24 raw bytes → 32 base64url chars
 var TOKEN_LEN       = 32;
 var TOKEN_RE        = /^[A-Za-z0-9_-]{32}$/;
-var DEFAULT_TTL_MS  = 1000 * 60 * 60 * 24 * 90;   // 90 days
+var DEFAULT_TTL_MS  = _b().constants.TIME.days(90);   // 90 days
 var SKU_RE          = /^[A-Za-z0-9][A-Za-z0-9._-]{0,127}$/;
 var MAX_LIST_LIMIT  = 200;
 var DEFAULT_LIMIT   = 50;

package/lib/stock-receipts.js

@@ -74,6 +74,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -385,7 +386,7 @@ function create(opts) {
     var plaintext = _generateToken();
     var tokenHash = _hashToken(plaintext);
     var nowTs     = _now();
-    var expiresAt = nowTs + (expiresHours * 60 * 60 * 1000);
+    var expiresAt = nowTs + C.TIME.hours(expiresHours);
 
     if (existing) {
       await query(

package/lib/store-credit.js

@@ -65,6 +65,7 @@ function _b() {
   if (!bShop) bShop = require("./index");
   return bShop.framework;
 }
+var C = _b().constants;
 
 var KINDS   = ["credit", "debit", "expire"];
 var SOURCES = ["refund", "goodwill", "promotional", "manual", "loyalty_redemption"];
@@ -76,7 +77,7 @@ var MAX_SOURCE_REF_LEN = 128;
 var PRINTABLE_RE = /^[^\x00-\x1f\x7f]*$/;
 
 var MAX_BULK_IDS = 500;
-var MS_PER_DAY   = 86400 * 1000;
+var MS_PER_DAY   = C.TIME.days(1);
 
 // ---- validators ---------------------------------------------------------