@blamejs/core 0.9.12 → 0.9.15

package/lib/backup/bundle.js

@@ -46,10 +46,10 @@
  * compressor (gzip, zstd) downstream of the framework primitive.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("../atomic-file");
-var backupCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var backupManifest = require("./manifest");
 var validateOpts = require("../validate-opts");
 var { defineClass } = require("../framework-error");
@@ -68,19 +68,19 @@ function _emit(cb, ev) {
 function _encryptedPathFor(relativePath) {
   // POSIX-normalize separators in the bundle so manifests written on
   // Windows and Linux look the same on disk.
-  var posix = relativePath.split(path.sep).join("/");
+  var posix = relativePath.split(nodePath.sep).join("/");
   return "files/" + posix + ".enc";
 }
 
 async function create(opts) {
   var t0 = Date.now();
   opts = opts || {};
-  if (typeof opts.dataDir !== "string" || !fs.existsSync(opts.dataDir)) {
+  if (typeof opts.dataDir !== "string" || !nodeFs.existsSync(opts.dataDir)) {
     throw new BackupBundleError("backup-bundle/no-datadir",
       "create: opts.dataDir is required and must exist");
   }
   validateOpts.requireNonEmptyString(opts.outDir, "create: opts.outDir", BackupBundleError, "backup-bundle/no-outdir");
-  if (fs.existsSync(opts.outDir)) {
+  if (nodeFs.existsSync(opts.outDir)) {
     throw new BackupBundleError("backup-bundle/outdir-exists",
       "create: outDir already exists: " + opts.outDir +
       " (refusing to overwrite — pick a fresh path)");
@@ -104,11 +104,11 @@ async function create(opts) {
   var progress = opts.progressCallback;
 
   atomicFile.ensureDir(outDir);
-  atomicFile.ensureDir(path.join(outDir, "files"));
+  atomicFile.ensureDir(nodePath.join(outDir, "files"));
 
   // 1. Encrypt the vault key JSON
   _emit(progress, { phase: "wrap_vault_key" });
-  var wrappedVk = await backupCrypto.encryptWithFreshSalt(opts.vaultKeyJson, passphrase);
+  var wrappedVk = await bCrypto.encryptWithFreshSalt(opts.vaultKeyJson, passphrase);
 
   // 2. Walk each include entry, encrypt the bytes, emit a blob
   var fileEntries = [];
@@ -124,8 +124,8 @@ async function create(opts) {
       throw new BackupBundleError("backup-bundle/bad-include",
         "create: files[" + i + "].relativePath must be a relative path (got '" + entry.relativePath + "')");
     }
-    var srcPath = path.join(dataDir, entry.relativePath);
-    if (!fs.existsSync(srcPath)) {
+    var srcPath = nodePath.join(dataDir, entry.relativePath);
+    if (!nodeFs.existsSync(srcPath)) {
       if (entry.required) {
         throw new BackupBundleError("backup-bundle/missing-required",
           "create: required file missing: " + entry.relativePath);
@@ -133,7 +133,7 @@ async function create(opts) {
       _emit(progress, { phase: "skip_missing", relativePath: entry.relativePath });
       continue;
     }
-    var stat = fs.statSync(srcPath);
+    var stat = nodeFs.statSync(srcPath);
     if (!stat.isFile()) {
       // Directories aren't supported in this slice — the bundler
       // operates on a flat list of files. Operator wanting a recursive
@@ -143,12 +143,12 @@ async function create(opts) {
     }
 
     _emit(progress, { phase: "read", relativePath: entry.relativePath, size: stat.size });
-    var plain = fs.readFileSync(srcPath);
-    var checksum = backupCrypto.checksum(plain);
-    var encResult = await backupCrypto.encryptWithFreshSalt(plain, passphrase);
+    var plain = nodeFs.readFileSync(srcPath);
+    var checksum = bCrypto.checksum(plain);
+    var encResult = await bCrypto.encryptWithFreshSalt(plain, passphrase);
     var encPath = _encryptedPathFor(entry.relativePath);
-    var destFull = path.join(outDir, encPath);
-    atomicFile.ensureDir(path.dirname(destFull));
+    var destFull = nodePath.join(outDir, encPath);
+    atomicFile.ensureDir(nodePath.dirname(destFull));
     atomicFile.writeSync(destFull, encResult.encrypted, { fileMode: 0o600 });
 
     var kind = entry.kind || "raw";
@@ -217,7 +217,7 @@ async function create(opts) {
       }
     }
   }
-  var manifestPath = path.join(outDir, "manifest.json");
+  var manifestPath = nodePath.join(outDir, "manifest.json");
   atomicFile.writeSync(manifestPath, backupManifest.serialize(manifest), { fileMode: 0o600 });
 
   var durationMs = Date.now() - t0;

package/lib/backup/index.js

@@ -48,10 +48,10 @@
  *   PQC-encrypted backup bundles — sealed columns + audit chain + keyring.
  */
 
-var fs = require("fs");
+var nodeFs = require("fs");
 var os = require("os");
-var path = require("path");
-var crypto = require("../crypto");
+var nodePath = require("path");
+var bCrypto = require("../crypto");
 var atomicFile = require("../atomic-file");
 var backupBundle = require("./bundle");
 var backupManifest = require("./manifest");
@@ -93,16 +93,16 @@ function _isValidBundleId(s) {
 }
 
 function _generateBundleId() {
-  return atomicFile.pathTimestamp() + "-" + crypto.generateToken(4);
+  return atomicFile.pathTimestamp() + "-" + bCrypto.generateToken(4);
 }
 
 function _dirSize(p) {
   var total = 0;
-  var entries = fs.readdirSync(p, { withFileTypes: true });
+  var entries = nodeFs.readdirSync(p, { withFileTypes: true });
   for (var i = 0; i < entries.length; i++) {
-    var f = path.join(p, entries[i].name);
+    var f = nodePath.join(p, entries[i].name);
     if (entries[i].isDirectory()) total += _dirSize(f);
-    else if (entries[i].isFile()) total += fs.statSync(f).size;
+    else if (entries[i].isFile()) total += nodeFs.statSync(f).size;
   }
   return total;
 }
@@ -150,7 +150,7 @@ function localStorage(opts) {
       throw new BackupError("backup/bad-bundle-id",
         "bundleId must match the framework's timestamp+suffix format");
     }
-    return path.join(root, bundleId);
+    return nodePath.join(root, bundleId);
   }
 
   return {
@@ -158,7 +158,7 @@ function localStorage(opts) {
     async writeBundle(bundleId, sourceDir) {
       atomicFile.ensureDir(root);
       var dest = _bundlePath(bundleId);
-      if (fs.existsSync(dest)) {
+      if (nodeFs.existsSync(dest)) {
         throw new BackupError("backup/bundle-exists",
           "writeBundle: bundle '" + bundleId + "' already exists in storage");
       }
@@ -166,26 +166,26 @@ function localStorage(opts) {
     },
     async readBundle(bundleId, destDir) {
       var src = _bundlePath(bundleId);
-      if (!fs.existsSync(src)) {
+      if (!nodeFs.existsSync(src)) {
         throw new BackupError("backup/bundle-not-found",
           "readBundle: '" + bundleId + "' not in storage at " + root);
       }
-      if (fs.existsSync(destDir)) {
+      if (nodeFs.existsSync(destDir)) {
         throw new BackupError("backup/dest-exists",
           "readBundle: destDir already exists: " + destDir);
       }
       atomicFile.copyDirRecursive(src, destDir);
     },
     async listBundles() {
-      if (!fs.existsSync(root)) return [];
-      var entries = fs.readdirSync(root, { withFileTypes: true });
+      if (!nodeFs.existsSync(root)) return [];
+      var entries = nodeFs.readdirSync(root, { withFileTypes: true });
       var out = [];
       for (var i = 0; i < entries.length; i++) {
         if (!entries[i].isDirectory()) continue;
         if (!_isValidBundleId(entries[i].name)) continue;
-        var p = path.join(root, entries[i].name);
+        var p = nodePath.join(root, entries[i].name);
         var stat;
-        try { stat = fs.statSync(p); } catch (_e) { continue; }
+        try { stat = nodeFs.statSync(p); } catch (_e) { continue; }
         var size;
         try { size = _dirSize(p); } catch (_e) { size = 0; }
         out.push({
@@ -200,11 +200,11 @@ function localStorage(opts) {
     },
     async deleteBundle(bundleId) {
       var p = _bundlePath(bundleId);
-      if (!fs.existsSync(p)) return;
-      fs.rmSync(p, { recursive: true, force: true });
+      if (!nodeFs.existsSync(p)) return;
+      nodeFs.rmSync(p, { recursive: true, force: true });
     },
     async hasBundle(bundleId) {
-      try { return fs.existsSync(_bundlePath(bundleId)); }
+      try { return nodeFs.existsSync(_bundlePath(bundleId)); }
       catch (_e) { return false; }
     },
   };
@@ -285,10 +285,10 @@ async function _resolveVaultKeyJson(vaultKeyJsonOpt) {
  *   var path   = require("node:path");
  *   var os     = require("node:os");
  *
- *   var dataDir = fs.mkdtempSync(path.join(os.tmpdir(), "backup-data-"));
- *   var root    = fs.mkdtempSync(path.join(os.tmpdir(), "backup-root-"));
- *   fs.writeFileSync(path.join(dataDir, "db.enc"),     Buffer.from([1, 2, 3]));
- *   fs.writeFileSync(path.join(dataDir, "db.key.enc"), Buffer.from([4, 5, 6]));
+ *   var dataDir = nodeFs.mkdtempSync(nodePath.join(os.tmpdir(), "backup-data-"));
+ *   var root    = nodeFs.mkdtempSync(nodePath.join(os.tmpdir(), "backup-root-"));
+ *   nodeFs.writeFileSync(nodePath.join(dataDir, "db.enc"),     Buffer.from([1, 2, 3]));
+ *   nodeFs.writeFileSync(nodePath.join(dataDir, "db.key.enc"), Buffer.from([4, 5, 6]));
  *
  *   var engine = b.backup.create({
  *     dataDir:      dataDir,
@@ -308,7 +308,7 @@ async function _resolveVaultKeyJson(vaultKeyJsonOpt) {
  */
 function create(opts) {
   opts = opts || {};
-  if (typeof opts.dataDir !== "string" || !fs.existsSync(opts.dataDir)) {
+  if (typeof opts.dataDir !== "string" || !nodeFs.existsSync(opts.dataDir)) {
     throw new BackupError("backup/no-datadir",
       "create: opts.dataDir is required and must exist");
   }
@@ -456,7 +456,7 @@ function create(opts) {
     runOpts = runOpts || {};
     var t0 = Date.now();
     var bundleId = _generateBundleId();
-    var stagingDir = path.join(os.tmpdir(),
+    var stagingDir = nodePath.join(os.tmpdir(),
       "blamejs-backup-staging-" + bundleId.replace(/[:.]/g, "-"));
 
     // Flush the live DB to disk so the snapshot is current. Default
@@ -500,7 +500,7 @@ function create(opts) {
         progressCallback: runOpts.progressCallback,
       });
     } catch (e) {
-      try { fs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
       _emitAudit("backup.failure",
         { bundleId: bundleId, reason: (e && e.message) || String(e) }, "failure");
       throw e;
@@ -509,7 +509,7 @@ function create(opts) {
     try {
       await storage.writeBundle(bundleId, stagingDir);
     } catch (e) {
-      try { fs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
       _emitAudit("backup.failure",
         { bundleId: bundleId, reason: "storage.writeBundle: " + ((e && e.message) || String(e)) },
         "failure");
@@ -517,7 +517,7 @@ function create(opts) {
         "writing bundle to storage failed: " + ((e && e.message) || String(e)));
     }
 
-    try { fs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort */ }
+    try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort */ }
 
     var summary = {
       bundleId:   bundleId,
@@ -675,11 +675,11 @@ function create(opts) {
         }
         // Newest bundle (storage.listBundles returns newest first).
         var bundleId = bundles[0].bundleId;
-        var stagingDir = path.join(testOpts.restoreTo,
+        var stagingDir = nodePath.join(testOpts.restoreTo,
           "test-" + bundleId.replace(/[:.]/g, "-"));
         // Refuse to overwrite an existing dir — operators get a fresh
         // restore every drill.
-        if (fs.existsSync(stagingDir)) {
+        if (nodeFs.existsSync(stagingDir)) {
           _emitAudit("backup.test.failed",
             { bundleId: bundleId, reason: "stagingDir already exists: " + stagingDir },
             "failure");
@@ -688,12 +688,12 @@ function create(opts) {
         var manifestPath, manifest, sigVerification;
         try {
           await storage.readBundle(bundleId, stagingDir);
-          manifestPath = path.join(stagingDir, "manifest.json");
-          if (!fs.existsSync(manifestPath)) {
+          manifestPath = nodePath.join(stagingDir, "manifest.json");
+          if (!nodeFs.existsSync(manifestPath)) {
             throw new BackupError("backup/test-no-manifest",
               "manifest.json missing under restored bundle " + bundleId);
           }
-          manifest = backupManifest.parse(fs.readFileSync(manifestPath, "utf8"));
+          manifest = backupManifest.parse(nodeFs.readFileSync(manifestPath, "utf8"));
           // Verify the manifest signature so a tampered backup test
           // surfaces here, not as a regulator finding later.
           sigVerification = backupManifest.verifySignature(manifest, {
@@ -740,7 +740,7 @@ function create(opts) {
           // Best-effort cleanup so the staging dir doesn't accumulate
           // across drills.
           if (testOpts.cleanup !== false) {
-            try { fs.rmSync(stagingDir, { recursive: true, force: true }); }
+            try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); }
             catch (_e) { /* tmpdir cleanup best-effort */ }
           }
         }
@@ -804,12 +804,12 @@ function verifyManifestSignature(target, opts) {
   opts = opts || {};
   var manifest;
   if (typeof target === "string") {
-    var manifestPath = path.join(target, "manifest.json");
-    if (!fs.existsSync(manifestPath)) {
+    var manifestPath = nodePath.join(target, "manifest.json");
+    if (!nodeFs.existsSync(manifestPath)) {
       throw new BackupError("backup/no-manifest",
         "verifyManifestSignature: manifest.json missing at " + manifestPath);
     }
-    try { manifest = backupManifest.parse(fs.readFileSync(manifestPath, "utf8")); }
+    try { manifest = backupManifest.parse(nodeFs.readFileSync(manifestPath, "utf8")); }
     catch (e) {
       throw new BackupError("backup/bad-manifest",
         "verifyManifestSignature: parse failed: " + ((e && e.message) || String(e)));

package/lib/budr.js

@@ -24,7 +24,7 @@
  *   Backup / Disaster-Recovery RTO/RPO declaration primitive for regulated workloads (HIPAA / DORA / ISO 22301:2019 / NIST SP 800-34).
  */
 
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var validateOpts = require("./validate-opts");
 var audit = require("./audit");
 var { defineClass } = require("./framework-error");
@@ -85,8 +85,8 @@ function declare(opts) {
     throw BudrError.factory("BAD_SERVICE",
       "budr.declare: service must match " + SERVICE_RE);
   }
-  nb.requirePositiveFiniteIntIfPresent(opts.rtoMs, "budr.declare: rtoMs", BudrError, "BAD_RTO");
-  nb.requirePositiveFiniteIntIfPresent(opts.rpoMs, "budr.declare: rpoMs", BudrError, "BAD_RPO");
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.rtoMs, "budr.declare: rtoMs", BudrError, "BAD_RTO");
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.rpoMs, "budr.declare: rpoMs", BudrError, "BAD_RPO");
   if (typeof opts.rtoMs !== "number" || typeof opts.rpoMs !== "number") {
     throw BudrError.factory("BAD_TARGETS",
       "budr.declare: rtoMs and rpoMs are required positive integer milliseconds");

package/lib/bundler.js

@@ -26,7 +26,7 @@
  *   override via `opts.hashLen` between 4 and 64). Source maps written
  *   by an engine land as `<hashed>.<ext>.map` siblings.
  *
- *   Watch mode: `bundler.watch(callback)` arms `fs.watch` on each
+ *   Watch mode: `bundler.watch(callback)` arms `nodeFs.watch` on each
  *   entry's directory, debounces bursts via `opts.graceMs` (default
  *   100 ms), and rebuilds the entire entry set on change.
  *
@@ -43,12 +43,12 @@
  *   Client-side asset bundler — produces content-hashed `dist/<name>.<hash>.<ext>` files plus a `manifest.json` mapping logical name to hashed filename.
  */
 
-var path = require("path");
-var fs = require("fs");
-var crypto = require("./crypto");
+var nodePath = require("path");
+var nodeFs = require("fs");
+var bCrypto = require("./crypto");
 var atomicFile = require("./atomic-file");
 var logModule = require("./log");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
@@ -67,7 +67,7 @@ var DEFAULT_GRACE_MS = 100;
 function _hashContent(buf, hexLen) {
   // SHA3-512 → take the first hexLen hex chars. Same family as the
   // framework's other content fingerprints (no SHA-256 for new code).
-  return crypto.sha3Hash(buf).slice(0, hexLen);
+  return bCrypto.sha3Hash(buf).slice(0, hexLen);
 }
 
 function _hashedName(baseName, hash, ext) {
@@ -200,7 +200,7 @@ function _validateEngine(eng) {
  * Build a content-hashed asset pipeline for a fixed set of named
  * entries. The returned object exposes `build()` (one-shot rebuild,
  * resolves to `{ outputs, manifestPath, manifest, durationMs }`),
- * `watch(callback)` (arm `fs.watch` and debounce-rebuild on change),
+ * `watch(callback)` (arm `nodeFs.watch` and debounce-rebuild on change),
  * and `close()` (drop watchers and pending timers).
  *
  * Throws `BundlerError` at config time on missing / malformed entries,
@@ -257,7 +257,7 @@ function create(opts) {
 
   var entries     = Object.assign({}, opts.entries);
   var cwd         = opts.cwd || process.cwd();
-  var outdir      = path.isAbsolute(opts.outdir) ? opts.outdir : path.resolve(cwd, opts.outdir);
+  var outdir      = nodePath.isAbsolute(opts.outdir) ? opts.outdir : nodePath.resolve(cwd, opts.outdir);
   var manifestName = (opts.manifest === false || opts.manifest === null)
     ? null
     : (typeof opts.manifest === "string" && opts.manifest.length > 0
@@ -266,24 +266,24 @@ function create(opts) {
   var hashOn   = opts.hash !== false;
   var hashLen  = DEFAULT_HASH_LEN;
   if (opts.hashLen !== undefined) {
-    if (!nb.isPositiveFiniteInt(opts.hashLen) ||
+    if (!numericBounds.isPositiveFiniteInt(opts.hashLen) ||
         opts.hashLen < MIN_HASH_LEN || opts.hashLen > MAX_HASH_LEN) {
       throw new BundlerError("bundler/bad-hash-len",
         "bundler.create: opts.hashLen must be a positive finite integer " +
         "between " + MIN_HASH_LEN + " and " + MAX_HASH_LEN +
-        "; got " + nb.shape(opts.hashLen));
+        "; got " + numericBounds.shape(opts.hashLen));
     }
     hashLen = opts.hashLen;
   }
   var log      = opts.log || null;
 
-  // Test seam: tests pass a fake watcher so we don't actually fs.watch
+  // Test seam: tests pass a fake watcher so we don't actually nodeFs.watch
   var watchFn = opts._watch || function (dirOrFile, wopts, listener) {
-    return fs.watch(dirOrFile, wopts, listener);
+    return nodeFs.watch(dirOrFile, wopts, listener);
   };
   var setTimeoutFn  = opts._setTimeout  || setTimeout;
   var clearTimeoutFn = opts._clearTimeout || clearTimeout;
-  nb.requireNonNegativeFiniteIntIfPresent(opts.graceMs,
+  numericBounds.requireNonNegativeFiniteIntIfPresent(opts.graceMs,
     "bundler.create: opts.graceMs", BundlerError, "bundler/bad-grace-ms");
   var graceMs = opts.graceMs !== undefined ? opts.graceMs : DEFAULT_GRACE_MS;
 
@@ -292,7 +292,7 @@ function create(opts) {
   var watching      = false;
 
   function _resolveEntry(p) {
-    return path.isAbsolute(p) ? p : path.resolve(cwd, p);
+    return nodePath.isAbsolute(p) ? p : nodePath.resolve(cwd, p);
   }
 
   var _logVia = logModule.makeViaOrFallback(log, bootLog);
@@ -308,9 +308,9 @@ function create(opts) {
     for (var i = 0; i < names.length; i++) {
       var name = names[i];
       var entryPath = _resolveEntry(entries[name]);
-      var ext = path.extname(entryPath);
+      var ext = nodePath.extname(entryPath);
       var raw;
-      try { raw = fs.readFileSync(entryPath); }
+      try { raw = nodeFs.readFileSync(entryPath); }
       catch (e) {
         throw new BundlerError("bundler/read-failed",
           "could not read entry '" + name + "' at " + entryPath +
@@ -333,7 +333,7 @@ function create(opts) {
       var sourceMap = transformed && transformed.sourceMap;
       var hash = hashOn ? _hashContent(content, hashLen) : null;
       var outName = hashOn ? _hashedName(name, hash, ext) : (name + ext);
-      var outPath = path.join(outdir, outName);
+      var outPath = nodePath.join(outdir, outName);
       // atomic-file write so a concurrent reader (the http server
       // serving outdir) never sees a partial file
       atomicFile.writeSync(outPath, content, { mode: 0o644 });
@@ -360,7 +360,7 @@ function create(opts) {
 
     var manifestPath = null;
     if (manifestName) {
-      manifestPath = path.join(outdir, manifestName);
+      manifestPath = nodePath.join(outdir, manifestName);
       atomicFile.writeSync(
         manifestPath,
         safeJson.stringify(manifest, null, 2) + "\n",
@@ -407,8 +407,8 @@ function create(opts) {
         // Watch the entry's directory (single-file watches are flaky
         // across editors that write-then-rename). Filter events to the
         // entry's basename only.
-        var dir = path.dirname(entryPath);
-        var base = path.basename(entryPath);
+        var dir = nodePath.dirname(entryPath);
+        var base = nodePath.basename(entryPath);
         var w;
         try {
           w = watchFn(dir, { persistent: false }, function (eventType, filename) {

package/lib/circuit-breaker.js

@@ -24,7 +24,7 @@
  *   Top-level circuit-breaker primitive.
  */
 
-var retry = require("./retry");
+var retryHelper = require("./retry");
 
 /**
  * @primitive b.circuitBreaker.create
@@ -34,11 +34,18 @@ var retry = require("./retry");
  * @related   b.retry, b.httpClient
  *
  * Build a circuit-breaker. Returns a CircuitBreaker instance with
- * `wrap(fn)` (executes `fn` if the breaker is closed; throws RetryError
- * with `code: "retry/circuit-open"` when open), `state()`, `reset()`,
- * and `onStateChange(handler)` listener registration. Pass-through
- * factory: identical instance shape to `b.retry.CircuitBreaker`, with
- * the framework's `create(opts)` vocabulary.
+ * `wrap(fn)` (executes `fn` if the breaker is closed; throws an
+ * `Error` with `code: "CIRCUIT_OPEN"` + `isObjectStoreError: true` +
+ * `permanent: false` when open), `state()`, `reset()`, and
+ * `onStateChange(handler)` listener registration. Pass-through
+ * factory: identical instance shape to `b.retry.CircuitBreaker`,
+ * with the framework's `create(opts)` vocabulary.
+ *
+ * The `CIRCUIT_OPEN` error code is a pre-v1 artifact — every other
+ * framework error class uses namespaced codes (`retry/...`). The
+ * rename is deferred to v0.10 with a deprecation cycle so existing
+ * operators who match `err.code === "CIRCUIT_OPEN"` aren't broken
+ * in a patch.
  *
  * @opts
  *   name:             string,    // identifier used in audit + state-change events
@@ -65,14 +72,22 @@ var retry = require("./retry");
  *   result.value;     // → 42
  */
 function create(opts) {
-  return new retry.CircuitBreaker(opts || {});
+  // The CircuitBreaker class constructor is `(name, opts)` — passing a
+  // single opts object lands it in the positional `name` slot, and the
+  // validator throws "name must be a non-empty string, got object."
+  // The factory's documented shape is `create({ name, ...opts })`;
+  // split the name out of opts before invoking the constructor.
+  // Caught by hermitstash-sync operator review against v0.9.12.
+  opts = opts || {};
+  var name = (opts && typeof opts.name === "string") ? opts.name : "";
+  return new retryHelper.CircuitBreaker(name, opts);
 }
 
 module.exports = {
   create:         create,
-  CircuitBreaker: retry.CircuitBreaker,
+  CircuitBreaker: retryHelper.CircuitBreaker,
   // Forward the error class so operators catching breaker rejections
   // can `instanceof` against the framework's RetryError without
   // requiring a separate b.retry import.
-  RetryError:     retry.RetryError,
+  RetryError:     retryHelper.RetryError,
 };