@blamejs/blamejs-shop 0.1.12 → 0.1.14

package/lib/assembly-instructions.js

@@ -105,12 +105,8 @@
  * @related   b.uuid, b.guardUuid, b.crypto.namespaceHash, b.safeUrl, b.template.escapeHtml
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
-var C = _b().constants;
+var b = require("./vendor/blamejs");
+var C = b.constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -185,7 +181,7 @@ function _id(s, label) {
 
 function _uuid(s, label) {
   try {
-    return _b().guardUuid.sanitize(s, { profile: "strict" });
+    return b.guardUuid.sanitize(s, { profile: "strict" });
   } catch (e) {
     throw new TypeError("assembly-instructions: " + label + " - " + (e && e.message || "invalid UUID"));
   }
@@ -199,7 +195,7 @@ function _sessionId(s) {
 }
 
 function _hashSession(s) {
-  return _b().crypto.namespaceHash(SESSION_NAMESPACE, s);
+  return b.crypto.namespaceHash(SESSION_NAMESPACE, s);
 }
 
 // content_url is HTTPS-only - PDFs / videos / external_link rows all
@@ -211,7 +207,7 @@ function _contentUrl(s) {
     throw new TypeError("assembly-instructions: content_url must be a non-empty string <= " + MAX_URL_LEN + " chars");
   }
   try {
-    _b().safeUrl.parse(s, { allowedProtocols: ["https:"] });
+    b.safeUrl.parse(s, { allowedProtocols: ["https:"] });
   } catch (e) {
     throw new TypeError("assembly-instructions: content_url - " + (e && e.message || "https-only URL required"));
   }
@@ -258,7 +254,7 @@ function _days(n) {
 // order-detail page can render the markdown variant without composing
 // a separate renderer.
 function _esc(s) {
-  return _b().template.escapeHtml(s);
+  return b.template.escapeHtml(s);
 }
 
 function _renderMarkdown(src) {
@@ -316,7 +312,7 @@ function create(opts) {
   void catalog;
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   function _shapeInstruction(row) {
@@ -435,7 +431,7 @@ function create(opts) {
       }
 
       var ts = _now();
-      var id = _b().uuid.v7({ now: ts });
+      var id = b.uuid.v7({ now: ts });
       await query(
         "INSERT INTO product_instructions " +
         "(id, sku, kind, content_url, content_markdown, locale, version, published, archived_at, created_at, updated_at) " +
@@ -566,7 +562,7 @@ function create(opts) {
       var customerId = hasCustomer ? _uuid(input.customer_id, "customer_id") : null;
       var sessionHash = hasSession  ? _hashSession(_sessionId(input.session_id)) : null;
       var occurredAt = input.occurred_at == null ? _now() : _epochMs(input.occurred_at, "occurred_at");
-      var id = _b().uuid.v7({ now: _now() });
+      var id = b.uuid.v7({ now: _now() });
       await query(
         "INSERT INTO product_instruction_views " +
         "(id, instruction_id, order_id, customer_id, session_id_hash, occurred_at) " +

package/lib/auto-discount.js

@@ -216,11 +216,7 @@ var ALLOWED_PATCH_COLUMNS = Object.freeze([
   "active",
 ]);
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 // ---- validators ---------------------------------------------------------
 
@@ -595,7 +591,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
   var catalog          = opts.catalog          || null;
   var customerSegments = opts.customerSegments || null;
@@ -1055,7 +1051,7 @@ function create(opts) {
       throw new TypeError("autoDiscount.recordApplication: rule_slug " + JSON.stringify(slug) + " not found");
     }
 
-    var id = _b().uuid.v7();
+    var id = b.uuid.v7();
     await query(
       "INSERT INTO auto_discount_applications (id, rule_slug, order_id, customer_id, savings_minor, applied_at) " +
       "VALUES (?1, ?2, ?3, ?4, ?5, ?6)",

package/lib/auto-replenish.js

@@ -86,12 +86,8 @@
  *   the typed reason, not a drop.
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
-var C = _b().constants;
+var b = require("./vendor/blamejs");
+var C = b.constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -305,7 +301,7 @@ function create(opts) {
 
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   async function _getPolicyRaw(slug) {
@@ -347,7 +343,7 @@ function create(opts) {
   // Execute the per-policy aggregation + compose. Returns the run row
   // (already inserted) so tickReplenishment can collect summaries.
   async function _runPolicyOnce(policy, now) {
-    var runId  = _b().uuid.v7();
+    var runId  = b.uuid.v7();
     var runRow = {
       id:             runId,
       policy_slug:    policy.slug,
@@ -824,7 +820,7 @@ function create(opts) {
           JSON.stringify(policySlug) + " not found");
       }
       var runRow = {
-        id:             _b().uuid.v7(),
+        id:             b.uuid.v7(),
         policy_slug:    policySlug,
         po_id:          poId,
         qty_proposed:   qtyProposed,

package/lib/backorder.js

@@ -77,12 +77,8 @@
  *   the real catalog created at boot.
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
-var C = _b().constants;
+var b = require("./vendor/blamejs");
+var C = b.constants;
 
 // ---- constants ----------------------------------------------------------
 
@@ -97,7 +93,7 @@ var BACKORDER_STATUSES = Object.freeze(["pending", "fulfilled", "cancelled"]);
 
 function _uuid(s, label) {
   try {
-    return _b().guardUuid.sanitize(s, { profile: "strict" });
+    return b.guardUuid.sanitize(s, { profile: "strict" });
   } catch (e) {
     throw new TypeError("backorder: " + label + " — " + (e && e.message || "invalid UUID"));
   }
@@ -149,7 +145,7 @@ function create(opts) {
   var catalog = opts.catalog;
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   // Read the per-SKU config row. Returns null on miss so callers can
@@ -273,7 +269,7 @@ function create(opts) {
         }
       }
 
-      var id = _b().uuid.v7();
+      var id = b.uuid.v7();
       var ts = _now();
       try {
         await query(

package/lib/banner-ab-tests.js

@@ -134,11 +134,7 @@ var ZERO_WIDTH_RE = new RegExp(
   "[\\u200B-\\u200F\\u202A-\\u202E\\u2060-\\u2064\\u2066-\\u2069\\uFEFF\\u061C]"
 );
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 // ---- monotonic clock ----------------------------------------------------
 //
@@ -325,7 +321,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
   // Optional `promoBanners` handle. When supplied, defineTest verifies
   // each variant's banner_slug references an existing, non-archived
@@ -335,13 +331,13 @@ function create(opts) {
   var promo = opts.promoBanners || null;
 
   function _hashSession(sessionId) {
-    return _b().crypto.namespaceHash(SESSION_NAMESPACE, sessionId);
+    return b.crypto.namespaceHash(SESSION_NAMESPACE, sessionId);
   }
 
   function _assignVariant(testSlug, sessionHash, variants) {
     var cw = 0;
     for (var i = 0; i < variants.length; i += 1) cw += variants[i].weight;
-    var keyHash = _b().crypto.namespaceHash(ASSIGN_NAMESPACE, testSlug + ":" + sessionHash);
+    var keyHash = b.crypto.namespaceHash(ASSIGN_NAMESPACE, testSlug + ":" + sessionHash);
     var bucket  = _modCumulativeWeight(keyHash, cw);
     var acc = 0;
     for (var j = 0; j < variants.length; j += 1) {
@@ -520,7 +516,7 @@ function create(opts) {
 
       var sessionHash = _hashSession(input.session_id);
       var variant     = _assignVariant(test.slug, sessionHash, test.variants);
-      var id          = _b().uuid.v7();
+      var id          = b.uuid.v7();
       await query(
         "INSERT INTO banner_ab_test_events " +
         "(id, test_slug, variant_slug, session_id_hash, event_kind, value, occurred_at) " +
@@ -595,13 +591,13 @@ function create(opts) {
     }
     for (var i = 0; i < countRows.length; i += 1) {
       var cr = countRows[i];
-      var b  = byVariant[cr.variant_slug];
-      if (!b) continue;
+      var bv = byVariant[cr.variant_slug];
+      if (!bv) continue;
       var n  = Number(cr.n);
-      if (cr.event_kind === "impression") b.impressions       = n;
-      else if (cr.event_kind === "click")  b.clicks            = n;
-      else                                  b.conversions       = n;
-      if (cr.event_kind === "conversion")  b.conversion_value  = Number(cr.value_sum);
+      if (cr.event_kind === "impression") bv.impressions       = n;
+      else if (cr.event_kind === "click")  bv.clicks            = n;
+      else                                  bv.conversions       = n;
+      if (cr.event_kind === "conversion")  bv.conversion_value  = Number(cr.value_sum);
     }
     for (var d = 0; d < distinctRows.length; d += 1) {
       var dr = distinctRows[d];

package/lib/barcodes.js

@@ -44,11 +44,7 @@
  *     var svg = await bc.renderSvg({ sku: "WIDGET-A" });
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 var KINDS = ["upc_a", "ean_13", "code_128", "gtin_14"];
 
@@ -367,7 +363,7 @@ function _renderSvg(modules, label, opts) {
   }
   var labelXml = "";
   if (label) {
-    var safe = _b().template.escapeHtml(String(label));
+    var safe = b.template.escapeHtml(String(label));
     labelXml = "<text x=\"" + (totalW / 2).toFixed(3) + "\" y=\"" + (heightPx - 2) +
                "\" font-family=\"monospace\" font-size=\"10\" text-anchor=\"middle\" fill=\"#000\">" + safe + "</text>";
   }
@@ -387,7 +383,7 @@ function create(opts) {
   var catalog = opts.catalog;
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   async function _verifySku(sku) {
@@ -399,7 +395,7 @@ function create(opts) {
   }
 
   async function _assignRow(sku, kind, value) {
-    var id = _b().uuid.v7();
+    var id = b.uuid.v7();
     var ts = _now();
     try {
       await query(
@@ -590,7 +586,7 @@ function create(opts) {
         }
         ownerCompany = input.owner_company;
       }
-      var id = _b().uuid.v7();
+      var id = b.uuid.v7();
       var ts = _now();
       await query(
         "INSERT INTO barcode_ranges (id, kind, prefix, next_value, max_value, owner_company, created_at) " +

package/lib/bin-locations.js

@@ -106,11 +106,7 @@ var CONDITIONS = Object.freeze([
 // operator has not used an `{` or beyond as a leading byte.
 var NO_ASSIGN_SORT_KEY = "￿";
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 // ---- monotonic clock ---------------------------------------------------
 //
@@ -280,7 +276,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   // inventoryLocations is optional — when wired, every assign /
@@ -394,7 +390,7 @@ function create(opts) {
           "INSERT INTO bin_assignments (id, sku, location_code, bin_label, " +
           "aisle, shelf, level, is_primary, assigned_at, archived_at) " +
           "VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, NULL)",
-          [_b().uuid.v7(), sku, locCode, binLabel,
+          [b.uuid.v7(), sku, locCode, binLabel,
             aisle, shelf, level, isPrimary ? 1 : 0, now],
         );
       } catch (e) {
@@ -704,7 +700,7 @@ function create(opts) {
       // input order.
       var expectedSorted = expected.slice().sort();
       var actualSorted   = actual.slice().sort();
-      var id = _b().uuid.v7();
+      var id = b.uuid.v7();
       await query(
         "INSERT INTO bin_audits (id, location_code, bin_label, audited_by, " +
         "expected_skus_json, actual_skus_json, variance_json, occurred_at) " +

package/lib/blog-articles.js

@@ -167,11 +167,7 @@ var ZERO_WIDTH_RE = new RegExp(
   "[\\u200B-\\u200F\\u202A-\\u202E\\u2060-\\u2064\\u2066-\\u2069\\uFEFF\\u061C]"
 );
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 // ---- monotonic clock ---------------------------------------------------
 //
@@ -323,7 +319,7 @@ function _heroImageUrl(s) {
     return s;
   }
   try {
-    _b().safeUrl.parse(s, { allowedProtocols: ["https:"] });
+    b.safeUrl.parse(s, { allowedProtocols: ["https:"] });
   } catch (e) {
     throw new TypeError("blogArticles: hero_image_url — " + (e && e.message || "must be https:// or a /-rooted absolute path"));
   }
@@ -423,7 +419,7 @@ function _hydrateRow(r) {
 // byte is HTML-escaped before it reaches the `<article>` of the page.
 
 function _esc(s) {
-  return _b().template.escapeHtml(s);
+  return b.template.escapeHtml(s);
 }
 
 function _safeLinkUrl(url) {
@@ -435,7 +431,7 @@ function _safeLinkUrl(url) {
     return url;
   }
   try {
-    _b().safeUrl.parse(url, { allowedProtocols: ["https:"] });
+    b.safeUrl.parse(url, { allowedProtocols: ["https:"] });
   } catch (_e) {
     return null;
   }
@@ -573,7 +569,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
   // `customers` is reserved for future cross-primitive composition
   // (e.g. byline -> customer-of-record lookups). The factory accepts
@@ -598,7 +594,7 @@ function create(opts) {
       throw new TypeError("blogArticles." + label + ": cursor must be an opaque string or null");
     }
     try {
-      var state = _b().pagination.decodeCursor(cursor, cursorSecret);
+      var state = b.pagination.decodeCursor(cursor, cursorSecret);
       if (JSON.stringify(state.orderKey) !== JSON.stringify(LIST_ORDER_KEY)) {
         throw new TypeError("blogArticles." + label + ": cursor orderKey mismatch");
       }
@@ -612,7 +608,7 @@ function create(opts) {
   function _encodeNext(rows, limit) {
     var last = rows[rows.length - 1];
     if (!last || rows.length < limit) return null;
-    return _b().pagination.encodeCursor({
+    return b.pagination.encodeCursor({
       orderKey: LIST_ORDER_KEY,
       vals:     [Number(last.published_at), last.slug],
       forward:  true,
@@ -705,11 +701,11 @@ function create(opts) {
     var idx    = 1;
 
     if (cursorVals) {
-      var a = idx;
-      var b = idx + 1;
+      var pPublished = idx;
+      var pSlug = idx + 1;
       where.push(
-        "(published_at < ?" + a + " OR " +
-        "(published_at = ?" + a + " AND slug < ?" + b + "))"
+        "(published_at < ?" + pPublished + " OR " +
+        "(published_at = ?" + pPublished + " AND slug < ?" + pSlug + "))"
       );
       params.push(cursorVals[0], cursorVals[1]);
       idx += 2;
@@ -1064,13 +1060,13 @@ function create(opts) {
     }
     var sessionHash = null;
     if (input.session_id != null) {
-      sessionHash = _b().crypto.namespaceHash(VIEW_NAMESPACE, _sessionIdRaw(input.session_id));
+      sessionHash = b.crypto.namespaceHash(VIEW_NAMESPACE, _sessionIdRaw(input.session_id));
     }
     var ts = _now();
     await query(
       "INSERT INTO blog_article_views (id, slug, session_id_hash, occurred_at) " +
       "VALUES (?1, ?2, ?3, ?4)",
-      [_b().uuid.v7(), slug, sessionHash, ts],
+      [b.uuid.v7(), slug, sessionHash, ts],
     );
     await query(
       "UPDATE blog_articles SET view_count = view_count + 1 WHERE slug = ?1",

package/lib/bundles.js

@@ -50,11 +50,7 @@
  *     an `extraReferenceCheck` callback to the factory.
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+var b = require("./vendor/blamejs");
 
 // SKU shape is shared with the catalog primitive — same alphabet, same
 // length cap. Component lookup goes through the catalog, so the two
@@ -109,7 +105,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
   var catalog = opts.catalog;
   if (!catalog || !catalog.variants || typeof catalog.variants.bySku !== "function") {
@@ -305,7 +301,7 @@ function create(opts) {
         throw new TypeError("bundles.listBundles: cursor must be an opaque string or null");
       }
       try {
-        var state = _b().pagination.decodeCursor(input.cursor, cursorSecret);
+        var state = b.pagination.decodeCursor(input.cursor, cursorSecret);
         if (JSON.stringify(state.orderKey) !== JSON.stringify(BUNDLE_ORDER_KEY)) {
           throw new TypeError("bundles.listBundles: cursor orderKey mismatch");
         }
@@ -328,7 +324,7 @@ function create(opts) {
     var last = r.rows[r.rows.length - 1];
     var next = null;
     if (last && r.rows.length === limit) {
-      next = _b().pagination.encodeCursor({
+      next = b.pagination.encodeCursor({
         orderKey: BUNDLE_ORDER_KEY,
         vals:     [last.updated_at, last.bundle_sku],
         forward:  true,
@@ -472,8 +468,8 @@ function create(opts) {
       // Allow-list defense even though the column name is a literal —
       // a future refactor that introduces a dynamic patch key path
       // can't widen the surface to an attacker-controlled column.
-      _b().safeSql.assertOneOf(col, ALLOWED_BUNDLE_COLUMNS);
-      sets.push(_b().safeSql.quoteIdentifier(col, "sqlite") + " = ?" + (idx++));
+      b.safeSql.assertOneOf(col, ALLOWED_BUNDLE_COLUMNS);
+      sets.push(b.safeSql.quoteIdentifier(col, "sqlite") + " = ?" + (idx++));
       params.push(val);
     }
     if (patch.title !== undefined) {

package/lib/business-hours.js

@@ -69,12 +69,8 @@
  * @related   shop.deliveryEstimate
  */
 
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
-var C = _b().constants;
+var b = require("./vendor/blamejs");
+var C = b.constants;
 
 var MAX_SLUG_LEN     = 64;
 var SLUG_RE          = /^[a-z0-9][a-z0-9_-]{0,63}$/;
@@ -369,7 +365,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return require("./index").framework.externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   function _hydrateSchedule(row) {

package/lib/captcha-gate.js

@@ -175,14 +175,8 @@ var ALLOWED_PATCH_COLUMNS = Object.freeze([
   "active",
 ]);
 
-// Lazy framework handle — same shape as the rest of the shop
-// primitives; avoids a require cycle that would otherwise arise from
-// importing `./index` at module-eval time.
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
+// Framework handle (the vendored blamejs); index.js re-exports this as .framework.
+var b = require("./vendor/blamejs");
 
 // ---- validators --------------------------------------------------------
 
@@ -258,7 +252,7 @@ function _secretKeyRaw(s) {
 }
 
 function _hashSecret(normalizedSecret) {
-  return _b().crypto.namespaceHash(SECRET_HASH_NAMESPACE, normalizedSecret);
+  return b.crypto.namespaceHash(SECRET_HASH_NAMESPACE, normalizedSecret);
 }
 
 function _thresholdScore(n, kind) {
@@ -368,7 +362,7 @@ function _optionalSessionId(s) {
 }
 
 function _hashSession(rawSessionId) {
-  return _b().crypto.namespaceHash("captcha-session", rawSessionId);
+  return b.crypto.namespaceHash("captcha-session", rawSessionId);
 }
 
 function _tsBound(n, label) {
@@ -443,7 +437,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   async function _getProviderRow(slug) {

package/lib/carrier-accounts.js

@@ -99,7 +99,10 @@ var CARRIERS = Object.freeze([
 
 var STATUSES = Object.freeze(["active", "disabled", "rotating"]);
 
-var ROTATION_GRACE_MS = _b().constants.TIME.days(1);
+// Framework handle (the vendored blamejs); index.js re-exports this as .framework.
+var b = require("./vendor/blamejs");
+
+var ROTATION_GRACE_MS = b.constants.TIME.days(1);
 
 var NS_ACCOUNT_NUMBER = "carrier-account-account-number";
 var NS_API_KEY        = "carrier-account-api-key";
@@ -141,15 +144,6 @@ var API_KEY_RE = /^[\x21-\x7e]+$/;
 
 var OPERATION_RE = /^[a-z0-9][a-z0-9._:-]{0,63}$/;
 
-// Lazy framework handle — matches the pattern used by every other shop
-// primitive; avoids the require cycle that would arise from importing
-// `./index` at module-eval time.
-var bShop;
-function _b() {
-  if (!bShop) bShop = require("./index");
-  return bShop.framework;
-}
-
 // ---- monotonic clock ---------------------------------------------------
 //
 // Operator-driven rotations + disables can land in the same millisecond
@@ -169,7 +163,7 @@ function _now() {
 // ---- validators --------------------------------------------------------
 
 function _uuid(s, label) {
-  try { return _b().guardUuid.sanitize(s, { profile: "strict" }); }
+  try { return b.guardUuid.sanitize(s, { profile: "strict" }); }
   catch (e) {
     throw new TypeError("carrier-accounts: " + label + " — " +
       (e && e.message || "invalid UUID"));
@@ -328,21 +322,21 @@ function _shipFromAddress(a) {
 // Node built-in `base64url` encoding) instead of the polynomial-
 // ReDoS-shaped `.replace(/=+$/, "")` strip.
 function _generateSecret() {
-  var buf = _b().crypto.generateBytes(SECRET_BYTE_LEN);
-  return _b().crypto.toBase64Url(buf);
+  var buf = b.crypto.generateBytes(SECRET_BYTE_LEN);
+  return b.crypto.toBase64Url(buf);
 }
 
 function _hashAccountNumber(plain) {
-  return _b().crypto.namespaceHash(NS_ACCOUNT_NUMBER, plain);
+  return b.crypto.namespaceHash(NS_ACCOUNT_NUMBER, plain);
 }
 function _hashApiKey(plain) {
-  return _b().crypto.namespaceHash(NS_API_KEY, plain);
+  return b.crypto.namespaceHash(NS_API_KEY, plain);
 }
 function _hashApiSecret(plain) {
-  return _b().crypto.namespaceHash(NS_API_SECRET, plain);
+  return b.crypto.namespaceHash(NS_API_SECRET, plain);
 }
 function _hashMeterNumber(plain) {
-  return _b().crypto.namespaceHash(NS_METER_NUMBER, plain);
+  return b.crypto.namespaceHash(NS_METER_NUMBER, plain);
 }
 
 // ---- percentile --------------------------------------------------------
@@ -362,7 +356,7 @@ function create(opts) {
   opts = opts || {};
   var query = opts.query;
   if (!query) {
-    query = function (sql, params) { return _b().externalDb.query(sql, params); };
+    query = function (sql, params) { return b.externalDb.query(sql, params); };
   }
 
   async function _getRaw(id) {
@@ -475,7 +469,7 @@ function create(opts) {
           [hashAN, normAcct, hashAK, hashAS, hashMN, addrJson, now, id],
         );
       } else {
-        id = _b().uuid.v7();
+        id = b.uuid.v7();
         await query(
           "INSERT INTO carrier_accounts " +
           "(id, carrier, account_label, account_number_hash, " +
@@ -667,7 +661,7 @@ function create(opts) {
       if (current.status === "disabled") return { ok: false, reason: "disabled" };
 
       var supplied = _hashApiKey(input.plaintext_key);
-      var live     = _b().crypto.timingSafeEqual(current.api_key_hash, supplied);
+      var live     = b.crypto.timingSafeEqual(current.api_key_hash, supplied);
       if (live) {
         return { ok: true, matched: "live", account_id: id };
       }
@@ -689,7 +683,7 @@ function create(opts) {
                         (now - rotatedAt) <= ROTATION_GRACE_MS;
 
       if (prev != null && withinGrace) {
-        var matchedPrev = _b().crypto.timingSafeEqual(prev, supplied);
+        var matchedPrev = b.crypto.timingSafeEqual(prev, supplied);
         if (matchedPrev) {
           return { ok: true, matched: "previous", account_id: id,
             grace_expires_at: rotatedAt + ROTATION_GRACE_MS };
@@ -719,7 +713,7 @@ function create(opts) {
         throw miss;
       }
       var ts    = _now();
-      var rowId = _b().uuid.v7();
+      var rowId = b.uuid.v7();
       await query(
         "INSERT INTO carrier_usage_log (id, account_id, operation, " +
         "success, ms_elapsed, occurred_at) VALUES (?1, ?2, ?3, ?4, ?5, ?6)",