@blamejs/core 0.13.42 → 0.13.44

package/lib/mcp.js

@@ -81,30 +81,30 @@ function parseRequest(body, opts) {
   try {
     parsed = typeof body === "string" ? safeJson.parse(body, { maxBytes: C.BYTES.mib(1) }) : body;                                  // allow:JSON.parse — routed via safeJson.parse
   } catch (_e) {
-    throw errorClass.factory("BAD_JSON",
+    throw errorClass.factory("mcp/bad-json",
       "mcp.parseRequest: body is not valid JSON");
   }
   if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
-    throw errorClass.factory("BAD_ENVELOPE",
+    throw errorClass.factory("mcp/bad-envelope",
       "mcp.parseRequest: request must be a JSON-RPC object");
   }
   if (parsed.jsonrpc !== "2.0") {
-    throw errorClass.factory("BAD_VERSION",
+    throw errorClass.factory("mcp/bad-version",
       "mcp.parseRequest: jsonrpc must be \"2.0\"");
   }
   if (typeof parsed.method !== "string" || parsed.method.length === 0 ||
       parsed.method.length > METHOD_NAME_MAX) {
-    throw errorClass.factory("BAD_METHOD",
+    throw errorClass.factory("mcp/bad-method",
       "mcp.parseRequest: method must be a non-empty string under 256 bytes");
   }
   if (parsed.id !== undefined && parsed.id !== null &&
       typeof parsed.id !== "string" && typeof parsed.id !== "number") {
-    throw errorClass.factory("BAD_ID",
+    throw errorClass.factory("mcp/bad-id",
       "mcp.parseRequest: id must be string, number, or null");
   }
   if (parsed.params !== undefined && parsed.params !== null &&
       typeof parsed.params !== "object") {
-    throw errorClass.factory("BAD_PARAMS",
+    throw errorClass.factory("mcp/bad-params",
       "mcp.parseRequest: params must be object or array");
   }
   return parsed;
@@ -167,7 +167,7 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
       try { collector.push(chunk); }
       catch (_e) {
         req.destroy();
-        reject(errorClass.factory("BODY_TOO_LARGE",
+        reject(errorClass.factory("mcp/body-too-large",
           "mcp: request body exceeds " + maxBytes + " bytes"));
       }
     });
@@ -178,17 +178,17 @@ function _readBodyBuffered(req, maxBytes, errorClass) {
 
 function _checkRedirectUri(uri, allowlist, errorClass) {
   if (typeof uri !== "string") {
-    throw errorClass.factory("BAD_REDIRECT_URI",
+    throw errorClass.factory("mcp/bad-redirect-uri",
       "mcp: redirect_uri must be a string");
   }
   if (!Array.isArray(allowlist) || allowlist.indexOf(uri) === -1) {
-    throw errorClass.factory("REDIRECT_URI_REFUSED",
+    throw errorClass.factory("mcp/redirect-uri-refused",
       "mcp: redirect_uri not in allowlist (OAuth 2.1 / RFC 9700 sec 4.1.1)");
   }
   var parsed;
   try { parsed = safeUrl.parse(uri); }
   catch (_e) {
-    throw errorClass.factory("BAD_REDIRECT_URI",
+    throw errorClass.factory("mcp/bad-redirect-uri",
       "mcp: redirect_uri did not parse");
   }
   var isHttps = parsed.protocol === "https:";
@@ -205,7 +205,7 @@ function _checkRedirectUri(uri, allowlist, errorClass) {
   }
   var isLocal = rawHost === "localhost" || rawHost === "127.0.0.1" || rawHost === "::1";
   if (!isHttps && !isLocal) {
-    throw errorClass.factory("INSECURE_REDIRECT_URI",
+    throw errorClass.factory("mcp/insecure-redirect-uri",
       "mcp: redirect_uri must be HTTPS (or localhost; RFC 9700 sec 4.1.1)");
   }
 }
@@ -257,7 +257,7 @@ function serverGuard(opts) {
   var requireBearer = opts.requireBearer !== false;
   var verifyBearer  = opts.verifyBearer || null;
   if (requireBearer && typeof verifyBearer !== "function") {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("mcp/bad-opts",
       "mcp.serverGuard: verifyBearer required when requireBearer=true");
   }
   var redirectUriAllowlist = Array.isArray(opts.redirectUriAllowlist)
@@ -266,7 +266,7 @@ function serverGuard(opts) {
   var registerClientAllowlist = typeof opts.registerClientAllowlist === "function"
     ? opts.registerClientAllowlist : null;
   if (allowDynamicRegister && !registerClientAllowlist) {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("mcp/bad-opts",
       "mcp.serverGuard: allowDynamicRegister=true requires registerClientAllowlist function");
   }
   var toolAllowlist     = Array.isArray(opts.toolAllowlist)     ? opts.toolAllowlist     : null;

package/lib/middleware/require-step-up.js

@@ -123,11 +123,11 @@ function create(opts) {
   ], "middleware.requireStepUp");
 
   if (!opts.requirement || typeof opts.requirement !== "object") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       "middleware.requireStepUp: opts.requirement must be an object");
   }
   validateOpts.optionalFunction(opts.getClaims,
-    "middleware.requireStepUp: getClaims", AuthError, "auth-stepUp/bad-opt");
+    "middleware.requireStepUp: getClaims", AuthError, "auth-step-up/bad-opt");
 
   var realm        = (typeof opts.realm === "string" && opts.realm.length > 0)
     ? opts.realm : "api";
@@ -146,7 +146,7 @@ function create(opts) {
   // on the first hot-path request.
   var probe = stepUp().evaluate({ claims: { acr: "0" }, requirement: opts.requirement });
   if (probe.error === "bad_requirement" || probe.error === "unknown_acr") {
-    throw new AuthError("auth-stepUp/bad-requirement",
+    throw new AuthError("auth-step-up/bad-requirement",
       "middleware.requireStepUp: " + (probe.reason || probe.error));
   }
 

package/lib/mtls-ca.js

@@ -517,8 +517,8 @@ function create(opts) {
     opts3 = opts3 || {};
     if (typeof engine.generateCrl !== "function") {
       throw new MtlsCaError("mtls-ca/engine-no-crl",
-        "configured engine does not implement generateCrl(); the bundled " +
-        "engine ships in v0.6.45+");
+        "configured engine does not implement generateCrl(); use the " +
+        "framework's bundled CA engine, which supports it");
     }
     var ca = await initCA();
     var revocations = _loadRevocations().revocations;

package/lib/safe-archive.js

@@ -22,10 +22,11 @@
  *   pipeline manually.
  *
  *   Format auto-detection sniffs the first ~512 bytes for magic
- *   signatures. v0.12.7 ships ZIP detection (LFH magic `0x04034b50`
- *   + EOCD magic `0x06054b50`); tar / gz / ae2 / `b.crypto.encryptPacked`-
- *   wrapped formats are flagged as `safe-archive/format-unsupported`
- *   in this patch — tar lands v0.12.8, gz v0.12.9, encryption v0.12.10/11.
+ *   signatures: ZIP (LFH magic `0x04034b50` + EOCD magic `0x06054b50`),
+ *   tar (`ustar` at offset 257), gzip / tar.gz (RFC 1952 magic), and
+ *   `b.crypto.encryptPacked`-wrapped envelopes (auto-unwrapped before
+ *   format detection). Unrecognized inputs are flagged
+ *   `safe-archive/format-unsupported`.
  *
  *   The orchestrator refuses the WHOLE archive on any single critical
  *   guard issue — no partial extraction. Cleanup is `fs.rm`-recursive
@@ -148,7 +149,7 @@ async function _collectSourceBytes(source) {
  * @opts
  *   source:           b.archive.adapters.* | Buffer | string,
  *   destination:      string (target directory; created if missing),
- *   format:           "auto" | "zip"        (v0.12.7 — tar v0.12.8, gz v0.12.9),
+ *   format:           "auto" | "zip" | "tar" | "tar.gz",
  *   bombPolicy:       b.guardArchive.zipBombPolicy(...) | { ... },
  *   entryTypePolicy:  b.guardArchive.entryTypePolicy(...) | { ... },
  *   guardProfile:     "strict" | "balanced" | "permissive" | "hipaa" | ...,
@@ -275,8 +276,8 @@ async function extract(opts) {
       });
     } else {
       throw new SafeArchiveError("safe-archive/format-unsupported",
-        "extract: format=" + JSON.stringify(format) + " — v0.12.9 ships ZIP + tar + tar.gz; " +
-        "v0.12.10/v0.12.11 added wrap-recipient + wrap-passphrase envelopes (auto-unwrap as of v0.12.15)");
+        "extract: format=" + JSON.stringify(format) + " — supported formats are " +
+        "zip, tar, tar.gz; b.crypto.encryptPacked-wrapped archives are auto-unwrapped first");
     }
     var result = await reader.extract({
       destination:    opts.destination,

package/lib/sec-cyber.js

@@ -91,13 +91,13 @@ function _addBusinessDays(startMs, days) {
 
 function eightKArtifact(opts) {
   if (!opts || typeof opts !== "object") {
-    throw SecCyberError.factory("BAD_OPTS",
+    throw SecCyberError.factory("sec-cyber/bad-opts",
       "secCyber.eightKArtifact: opts required");
   }
   validateOpts.requireNonEmptyString(opts.incidentId,
     "secCyber.eightKArtifact: incidentId", SecCyberError, "BAD_INCIDENT_ID");
   if (!opts.registrant || typeof opts.registrant !== "object") {
-    throw SecCyberError.factory("BAD_REGISTRANT",
+    throw SecCyberError.factory("sec-cyber/bad-registrant",
       "secCyber.eightKArtifact: registrant object required");
   }
   validateOpts.requireNonEmptyString(opts.registrant.name,
@@ -110,7 +110,7 @@ function eightKArtifact(opts) {
     "secCyber.eightKArtifact: materialityDeterminedAt", SecCyberError, "BAD_MAT_AT");
 
   if (FINDINGS.indexOf(opts.materialityFinding) === -1) {
-    throw SecCyberError.factory("BAD_FINDING",
+    throw SecCyberError.factory("sec-cyber/bad-finding",
       "secCyber.eightKArtifact: materialityFinding must be one of " + FINDINGS.join(", "));
   }
   validateOpts.requireNonEmptyString(opts.materialityReasoning,

package/lib/sse.js

@@ -89,7 +89,7 @@ function _validateRetry(retry, errorClass) {
   if (retry === undefined || retry === null) return null;
   if (typeof retry !== "number" || !isFinite(retry) || retry < 0 ||
       Math.floor(retry) !== retry) {
-    throw errorClass.factory("BAD_RETRY",
+    throw errorClass.factory("sse/bad-retry",
       "sse.send: retry must be a non-negative finite integer (got " +
       JSON.stringify(retry) + ")");
   }
@@ -98,14 +98,14 @@ function _validateRetry(retry, errorClass) {
 
 function _refuseInjection(field, value, errorClass) {
   if (typeof value !== "string") {
-    throw errorClass.factory("BAD_FIELD",
+    throw errorClass.factory("sse/bad-field",
       "sse.send: " + field + " must be a string");
   }
   // Length-bound BEFORE the regex test — _capField applies a tighter
   // cap further along, but the regex itself runs against the full
   // value so we bound here too.
   if (value.length > MAX_DATA_BYTES) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.send: " + field + " too large for injection scan");
   }
   if (INJECTION_RE.test(value)) {                                                          // allow:regex-no-length-cap — value length capped above
@@ -114,7 +114,7 @@ function _refuseInjection(field, value, errorClass) {
       outcome:  "denied",
       metadata: { field: field, length: value.length },
     });
-    throw errorClass.factory("INJECTION",
+    throw errorClass.factory("sse/injection",
       "sse.send: " + field + " contains LF/CR/NUL — refused " +
       "(CVE-2026-33128 / 29085 / 44217 class)");
   }
@@ -130,7 +130,7 @@ var MAX_DATA_BYTES  = C.BYTES.mib(1);
 function _capField(field, value, capBytes, errorClass) {
   var len = Buffer.byteLength(value, "utf8");
   if (len > capBytes) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.send: " + field + " exceeds cap (" + len + " > " +
       capBytes + " bytes)");
   }
@@ -139,7 +139,7 @@ function _capField(field, value, capBytes, errorClass) {
 function serializeEvent(opts, errorClass) {
   errorClass = errorClass || SseError;
   if (!opts || typeof opts !== "object") {
-    throw errorClass.factory("BAD_OPTS", "sse.serializeEvent: opts required");
+    throw errorClass.factory("sse/bad-opts", "sse.serializeEvent: opts required");
   }
   var out = "";
   // Field order: id, event, retry, data — matches the framework's
@@ -162,7 +162,7 @@ function serializeEvent(opts, errorClass) {
   }
   if (opts.data !== undefined && opts.data !== null) {
     if (typeof opts.data !== "string") {
-      throw errorClass.factory("BAD_FIELD",
+      throw errorClass.factory("sse/bad-field",
         "sse.send: data must be a string");
     }
     _capField("data", opts.data, MAX_DATA_BYTES, errorClass);
@@ -174,7 +174,7 @@ function serializeEvent(opts, errorClass) {
         outcome:  "denied",
         metadata: { field: "data", length: opts.data.length, char: "cr-or-nul" },
       });
-      throw errorClass.factory("INJECTION",
+      throw errorClass.factory("sse/injection",
         "sse.send: data contains CR or NUL — refused");
     }
     var lines = opts.data.split("\n");
@@ -189,11 +189,11 @@ function serializeEvent(opts, errorClass) {
 
 function _validateComment(text, errorClass) {
   if (typeof text !== "string") {
-    throw errorClass.factory("BAD_FIELD",
+    throw errorClass.factory("sse/bad-field",
       "sse.comment: text must be a string");
   }
   if (text.length > MAX_DATA_BYTES) {
-    throw errorClass.factory("FIELD_TOO_LARGE",
+    throw errorClass.factory("sse/field-too-large",
       "sse.comment: text too large for injection scan");
   }
   if (INJECTION_RE.test(text)) {                                                            // allow:regex-no-length-cap — text length capped above
@@ -202,7 +202,7 @@ function _validateComment(text, errorClass) {
       outcome:  "denied",
       metadata: { field: "comment", length: text.length },
     });
-    throw errorClass.factory("INJECTION",
+    throw errorClass.factory("sse/injection",
       "sse.comment: text contains LF/CR/NUL — refused");
   }
 }
@@ -224,14 +224,14 @@ function create(req, res, opts) {
   opts = opts || {};
   var errorClass = opts.errorClass || SseError;
   if (!res || typeof res.write !== "function" || typeof res.end !== "function") {
-    throw errorClass.factory("BAD_RES",
+    throw errorClass.factory("sse/bad-res",
       "sse.create: res must be a writable response stream");
   }
   var heartbeatMs = opts.heartbeatMs;
   if (heartbeatMs === undefined) heartbeatMs = C.TIME.seconds(15);
   if (typeof heartbeatMs !== "number" || !isFinite(heartbeatMs) ||
       heartbeatMs < 0 || Math.floor(heartbeatMs) !== heartbeatMs) {
-    throw errorClass.factory("BAD_OPTS",
+    throw errorClass.factory("sse/bad-opts",
       "sse.create: heartbeatMs must be a non-negative integer ms (got " +
       JSON.stringify(heartbeatMs) + ")");
   }
@@ -264,7 +264,7 @@ function create(req, res, opts) {
 
   function _writeRaw(s) {
     if (closed) {
-      throw errorClass.factory("CLOSED",
+      throw errorClass.factory("sse/closed",
         "sse.send: channel closed");
     }
     res.write(s);

package/lib/tcpa-10dlc.js

@@ -72,11 +72,11 @@ var records = new Map();   // phoneE164 → record
 
 function recordConsent(opts) {
   if (!opts || typeof opts !== "object") {
-    throw Tcpa10dlcError.factory("BAD_OPTS",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-opts",
       "tcpa10dlc.recordConsent: opts required");
   }
   if (typeof opts.phoneE164 !== "string" || !E164_RE.test(opts.phoneE164)) {
-    throw Tcpa10dlcError.factory("BAD_PHONE",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
       "tcpa10dlc.recordConsent: phoneE164 must match " + E164_RE);
   }
   validateOpts.requireNonEmptyString(opts.brand,
@@ -86,7 +86,7 @@ function recordConsent(opts) {
   validateOpts.requireNonEmptyString(opts.formUrl,
     "tcpa10dlc.recordConsent: formUrl", Tcpa10dlcError, "BAD_FORM_URL");
   if (DISCLOSURE_PARTIES.indexOf(opts.disclosurePartyKind) === -1) {
-    throw Tcpa10dlcError.factory("BAD_DISCLOSURE_PARTY",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-disclosure-party",
       "tcpa10dlc.recordConsent: disclosurePartyKind must be one of " +
       DISCLOSURE_PARTIES.join(", "));
   }
@@ -133,12 +133,12 @@ function lookup(phoneE164) {
 
 function revoke(phoneE164, reason) {
   if (typeof phoneE164 !== "string" || !E164_RE.test(phoneE164)) {
-    throw Tcpa10dlcError.factory("BAD_PHONE",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/bad-phone",
       "tcpa10dlc.revoke: phoneE164 must match " + E164_RE);
   }
   var existing = records.get(phoneE164);
   if (!existing) {
-    throw Tcpa10dlcError.factory("NO_RECORD",
+    throw Tcpa10dlcError.factory("tcpa-10dlc/no-record",
       "tcpa10dlc.revoke: no consent record for " + phoneE164);
   }
   if (existing.revoked) {

package/lib/tenant-quota.js

@@ -113,23 +113,23 @@ function create(opts) {
 
   if (!opts.db || typeof opts.db.from !== "function" ||
       typeof opts.db.getTableMetadata !== "function") {
-    throw new TenantQuotaError("tenantQuota/bad-db",
+    throw new TenantQuotaError("tenant-quota/bad-db",
       "tenantQuota.create: opts.db must be the framework's b.db namespace");
   }
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.create: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.create: tenantField", TenantQuotaError, "tenant-quota/bad-field");
 
   var defaultBytesCap = (opts.defaultBytesCap == null)
     ? DEFAULT_BYTES_CAP
     : opts.defaultBytesCap;
   if (typeof defaultBytesCap !== "number" || !isFinite(defaultBytesCap) || defaultBytesCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-cap",
+    throw new TenantQuotaError("tenant-quota/bad-cap",
       "tenantQuota.create: defaultBytesCap must be a positive finite number");
   }
 
   var perTenantBytesCap = opts.perTenantBytesCap || {};
   if (typeof perTenantBytesCap !== "object" || Array.isArray(perTenantBytesCap)) {
-    throw new TenantQuotaError("tenantQuota/bad-per-tenant",
+    throw new TenantQuotaError("tenant-quota/bad-per-tenant",
       "tenantQuota.create: perTenantBytesCap must be a plain object {tenantId: bytes}");
   }
   // Validate every per-tenant override at config time so a typo
@@ -138,7 +138,7 @@ function create(opts) {
   for (var pi = 0; pi < ptKeys.length; pi++) {
     var v = perTenantBytesCap[ptKeys[pi]];
     if (typeof v !== "number" || !isFinite(v) || v <= 0) {
-      throw new TenantQuotaError("tenantQuota/bad-per-tenant",
+      throw new TenantQuotaError("tenant-quota/bad-per-tenant",
         "tenantQuota.create: perTenantBytesCap['" + ptKeys[pi] +
         "'] must be a positive finite number");
     }
@@ -147,7 +147,7 @@ function create(opts) {
   var auditOn = opts.audit !== false;
   var cacheTtlMs = (opts.cacheTtlMs == null) ? DEFAULT_CACHE_TTL_MS : opts.cacheTtlMs;
   if (typeof cacheTtlMs !== "number" || !isFinite(cacheTtlMs) || cacheTtlMs < 0) {
-    throw new TenantQuotaError("tenantQuota/bad-ttl",
+    throw new TenantQuotaError("tenant-quota/bad-ttl",
       "tenantQuota.create: cacheTtlMs must be a non-negative finite number");
   }
 
@@ -230,7 +230,7 @@ function create(opts) {
 
   async function snapshot(tenantId) {
     validateOpts.requireNonEmptyString(tenantId,
-      "tenantQuota.snapshot: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+      "tenantQuota.snapshot: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
     var now = Date.now();
     var cached = cache.get(tenantId);
     var bytesUsed;
@@ -258,7 +258,7 @@ function create(opts) {
         bytesCap:  snap.bytesCap,
       });
       _emitMetric("tenant.quota.exceeded", 1);
-      throw new TenantQuotaError("tenantQuota/exceeded",
+      throw new TenantQuotaError("tenant-quota/exceeded",
         "tenantQuota.assert: tenant '" + tenantId + "' is at " +
         snap.bytesUsed + " of " + snap.bytesCap + " bytes; insert refused");
     }
@@ -344,21 +344,21 @@ function budget(opts) {
   ], "tenantQuota.budget");
 
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.budget: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.budget: tenantField", TenantQuotaError, "tenant-quota/bad-field");
 
   var qpsCap = (opts.perTenantQpsCap == null) ? DEFAULT_QPS_CAP : opts.perTenantQpsCap;
   if (typeof qpsCap !== "number" || !isFinite(qpsCap) || qpsCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-qps",
+    throw new TenantQuotaError("tenant-quota/bad-qps",
       "tenantQuota.budget: perTenantQpsCap must be a positive finite number");
   }
   var rowsCap = (opts.perTenantTotalRowsRead == null) ? DEFAULT_ROWS_READ : opts.perTenantTotalRowsRead;
   if (typeof rowsCap !== "number" || !isFinite(rowsCap) || rowsCap <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-rows",
+    throw new TenantQuotaError("tenant-quota/bad-rows",
       "tenantQuota.budget: perTenantTotalRowsRead must be a positive finite number");
   }
   var windowMs = (opts.window == null) ? DEFAULT_WINDOW_MS : opts.window;
   if (typeof windowMs !== "number" || !isFinite(windowMs) || windowMs <= 0) {
-    throw new TenantQuotaError("tenantQuota/bad-window",
+    throw new TenantQuotaError("tenant-quota/bad-window",
       "tenantQuota.budget: window must be a positive finite number");
   }
   var auditOn = opts.audit !== false;
@@ -393,7 +393,7 @@ function budget(opts) {
 
   function observe(tenantId, info) {
     validateOpts.requireNonEmptyString(tenantId,
-      "tenantQuota.budget.observe: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+      "tenantQuota.budget.observe: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
     info = info || {};
     var rowsRead = (typeof info.rowsRead === "number" && info.rowsRead >= 0) ? info.rowsRead : 0;
     var now = Date.now();
@@ -411,7 +411,7 @@ function budget(opts) {
         windowMs: windowMs,
       });
       _emitMetric("tenant.budget.exceeded", 1);
-      throw new TenantQuotaError("tenantQuota/budget-exceeded",
+      throw new TenantQuotaError("tenant-quota/budget-exceeded",
         "tenantQuota.budget: tenant '" + tenantId + "' exceeded budget " +
         "(calls=" + c.calls + "/" + maxCalls + ", rowsRead=" + c.rowsRead +
         "/" + rowsCap + ", windowMs=" + windowMs + ")");
@@ -486,7 +486,7 @@ function budget(opts) {
  */
 function instrumentQuery(opts) {
   if (!opts || typeof opts !== "object") {
-    throw new TenantQuotaError("tenantQuota/bad-instr",
+    throw new TenantQuotaError("tenant-quota/bad-instr",
       "tenantQuota.instrumentQuery: opts object is required");
   }
   validateOpts(opts, [
@@ -494,13 +494,13 @@ function instrumentQuery(opts) {
   ], "tenantQuota.instrumentQuery");
 
   if (!Array.isArray(opts.rows)) {
-    throw new TenantQuotaError("tenantQuota/bad-rows",
+    throw new TenantQuotaError("tenant-quota/bad-rows",
       "tenantQuota.instrumentQuery: rows must be an array");
   }
   validateOpts.requireNonEmptyString(opts.tenantField,
-    "tenantQuota.instrumentQuery: tenantField", TenantQuotaError, "tenantQuota/bad-field");
+    "tenantQuota.instrumentQuery: tenantField", TenantQuotaError, "tenant-quota/bad-field");
   validateOpts.requireNonEmptyString(opts.tenantId,
-    "tenantQuota.instrumentQuery: tenantId", TenantQuotaError, "tenantQuota/bad-tenant");
+    "tenantQuota.instrumentQuery: tenantId", TenantQuotaError, "tenant-quota/bad-tenant");
   var auditOn = opts.audit !== false;
 
   var crossover = [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.42",
+  "version": "0.13.44",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:57bde5fd-6321-44f5-9f42-0bb7c66aa56f",
+  "serialNumber": "urn:uuid:43cf0213-9944-42ad-9695-86dbc4acd548",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-29T19:13:48.640Z",
+    "timestamp": "2026-05-30T00:54:18.743Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.42",
+      "bom-ref": "@blamejs/core@0.13.44",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.42",
+      "version": "0.13.44",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.42",
+      "purl": "pkg:npm/%40blamejs/core@0.13.44",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.42",
+      "ref": "@blamejs/core@0.13.44",
       "dependsOn": []
     }
   ]