@blamejs/core 0.9.12 → 0.9.15

package/lib/cli.js

@@ -34,9 +34,9 @@
  * before encryption or temporarily switch the file to plaintext.
  */
 
-var fs = require("node:fs");
+var nodeFs = require("node:fs");
 var os = require("node:os");
-var path = require("path");
+var nodePath = require("path");
 var apiSnapshot = require("./api-snapshot");
 var argParser = require("./arg-parser");
 var auditChain = require("./audit-chain");
@@ -44,9 +44,8 @@ var auditTools = require("./audit-tools");
 var backup = require("./backup");
 var canonicalJson = require("./canonical-json");
 var cliHelpers = require("./cli-helpers");
-var constants = require("./constants");
-var C = constants;
-var crypto = require("./crypto");
+var C = require("./constants");
+var bCrypto = require("./crypto");
 var dev = require("./dev");
 var fileType = require("./file-type");
 var migrations = require("./migrations");
@@ -86,8 +85,8 @@ function _parseArgs(argv) {
 
 function _resolvePath(p, cwd) {
   if (!p) return p;
-  if (path.isAbsolute(p)) return p;
-  return path.resolve(cwd || process.cwd(), p);
+  if (nodePath.isAbsolute(p)) return p;
+  return nodePath.resolve(cwd || process.cwd(), p);
 }
 
 function _openSqlite(dbPath) {
@@ -432,12 +431,12 @@ function _resolveTargetModule(modulePath, ctx) {
   // extensibility surfaces by definition can't be statically traced by a
   // bundler — anyone bundling this CLI surface into SEA/pkg accepts that
   // runtime --module=<path> arguments won't resolve. Internal framework
-  // code never reaches this path.
+  // code never reaches this nodePath.
   if (!modulePath) {
-    var root = path.resolve(__dirname, "..");
-    return require(path.join(root, "index.js"));   // allow:dynamic-require — operator-extensibility entry point
+    var root = nodePath.resolve(__dirname, "..");
+    return require(nodePath.join(root, "index.js"));   // allow:dynamic-require — operator-extensibility entry point
   }
-  var abs = path.isAbsolute(modulePath) ? modulePath : path.resolve(ctx.cwd, modulePath);
+  var abs = nodePath.isAbsolute(modulePath) ? modulePath : nodePath.resolve(ctx.cwd, modulePath);
   delete require.cache[require.resolve(abs)];
   return require(abs);                              // allow:dynamic-require — operator-extensibility entry point
 }
@@ -453,7 +452,7 @@ function _runApiSnapshot(args, ctx) {
   }
   var sub = args.pos[0];
   var file = String(args.flags.file || "./api-snapshot.json");
-  var filePath = path.isAbsolute(file) ? file : path.resolve(ctx.cwd, file);
+  var filePath = nodePath.isAbsolute(file) ? file : nodePath.resolve(ctx.cwd, file);
   var modulePathOpt = typeof args.flags.module === "string" ? args.flags.module : null;
 
   if (sub === "capture") {
@@ -559,7 +558,7 @@ function _resolvePassphrase(args, ctx) {
 
 function _resolveOutPath(p, ctx) {
   if (!p) return null;
-  return path.isAbsolute(p) ? p : path.resolve(ctx.cwd, p);
+  return nodePath.isAbsolute(p) ? p : nodePath.resolve(ctx.cwd, p);
 }
 
 async function _runAudit(args, ctx) {
@@ -782,8 +781,8 @@ function _resolveRestoreBundleSelector(args, ctx, report, requireBundle) {
   if (bundleFlag && bundleFlag !== true) {
     var bundlePath = _resolvePath(String(bundleFlag), ctx.cwd);
     return {
-      storageRoot: path.dirname(bundlePath),
-      bundleId:    path.basename(bundlePath),
+      storageRoot: nodePath.dirname(bundlePath),
+      bundleId:    nodePath.basename(bundlePath),
     };
   }
   if (storageRootFlag && storageRootFlag !== true) {
@@ -862,7 +861,7 @@ async function _runRestore(args, ctx) {
       // its closure captures them; pass placeholders since inspect doesn't
       // touch them.
       var rI = restore.create({
-        dataDir: path.join(os.tmpdir(), "blamejs-restore-inspect-noop"),
+        dataDir: nodePath.join(os.tmpdir(), "blamejs-restore-inspect-noop"),
         storage: storageI,
         passphrase: "inspect-only-not-used",
         audit: false,
@@ -943,7 +942,7 @@ async function _runRestore(args, ctx) {
     if (rollbackTarget && rollbackTarget !== true) {
       // operator can pass either a full path or just the basename inside rollback-root
       var rt = String(rollbackTarget);
-      targetPath = path.isAbsolute(rt) ? rt : path.resolve(rollbackRootR, rt);
+      targetPath = nodePath.isAbsolute(rt) ? rt : nodePath.resolve(rollbackRootR, rt);
     } else {
       // Default to most-recent rollback point (mirrors restore.create().rollback()).
       var ptsR;
@@ -1245,8 +1244,8 @@ async function _runBackup(args, ctx) {
   }
 
   if (sub === "verify") {
-    var stagingDir = path.join(os.tmpdir(),
-      "blamejs-backup-verify-" + crypto.generateToken(C.BYTES.bytes(8)));
+    var stagingDir = nodePath.join(os.tmpdir(),
+      "blamejs-backup-verify-" + bCrypto.generateToken(C.BYTES.bytes(8)));
     try {
       var r = await restoreBundle.extract({
         bundleDir:  bundleDir,
@@ -1260,7 +1259,7 @@ async function _runBackup(args, ctx) {
     } catch (e) {
       return report.error((e && e.message) || String(e));
     } finally {
-      try { fs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort */ }
+      try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort */ }
     }
   }
 
@@ -1461,7 +1460,7 @@ async function _runMtls(args, ctx) {
           validityDays: daysP,
         });
         if (outPath) {
-          fs.writeFileSync(outPath, p12.p12, { mode: 0o600 });
+          nodeFs.writeFileSync(outPath, p12.p12, { mode: 0o600 });
           report.write("p12 written: " + outPath);
         } else {
           // No --out: stream the bytes to stdout for piping. Operators
@@ -1838,7 +1837,7 @@ function _runFileType(args, ctx) {
   if (!file) return report.error("file path is required (positional arg after 'detect')", 2);
   var resolved = _resolvePath(String(file), ctx.cwd);
   var buf;
-  try { buf = fs.readFileSync(resolved); }
+  try { buf = nodeFs.readFileSync(resolved); }
   catch (e) {
     return report.error("read failed: " + ((e && e.message) || String(e)));
   }
@@ -1915,7 +1914,7 @@ async function _runPassword(args, ctx) {
   }
   var plaintext;
   if (args.flags.stdin) {
-    try { plaintext = fs.readFileSync(0, "utf8").replace(/\r?\n$/, ""); }
+    try { plaintext = nodeFs.readFileSync(0, "utf8").replace(/\r?\n$/, ""); }
     catch (e) { return report.error("stdin read failed: " + ((e && e.message) || String(e))); }
   } else if (args.flags.plaintext && args.flags.plaintext !== true) {
     plaintext = String(args.flags.plaintext);
@@ -2231,7 +2230,7 @@ async function main(argv, opts) {
 
   // Top-level flags handled before subcommand dispatch
   if (args.flags.version || args.flags.v) {
-    _writeLine(ctx.stdout, constants.version);
+    _writeLine(ctx.stdout, C.version);
     return 0;
   }
 
@@ -2246,7 +2245,7 @@ async function main(argv, opts) {
   //                                 subcommand's per-command usage
   //                                 reachable via `--help` without
   //                                 each handler having to special-case
-  //                                 the flag-only-no-subcommand path.
+  //                                 the flag-only-no-subcommand nodePath.
   if (cmd === undefined) { _printTopHelp(ctx); return 0; }
   if (args.flags.help || args.flags.h) {
     args = _parseArgs(["help", cmd]);
@@ -2273,7 +2272,7 @@ async function main(argv, opts) {
     _printTopHelp(ctx);
     return 0;
   }
-  if (cmd === "version") { _writeLine(ctx.stdout, constants.version); return 0; }
+  if (cmd === "version") { _writeLine(ctx.stdout, C.version); return 0; }
 
   var rest = { pos: args.pos.slice(1), flags: args.flags };
   if (cmd === "migrate")      return await _runMigrate(rest, ctx);

package/lib/cluster.js

@@ -45,7 +45,7 @@
  */
 var C = require("./constants");
 var clusterProviderDb = require("./cluster-provider-db");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var { boot } = require("./log");
 var safeAsync = require("./safe-async");
@@ -428,7 +428,7 @@ function _vaultKeyFingerprint() {
   if (!keys || !keys.publicKey || !keys.ecPublicKey) return null;
   // Domain-separation prefix so this fingerprint can't be confused
   // with a hash of the same bytes computed elsewhere in the framework.
-  return crypto.sha3Hash("blamejs/cluster-state/v1\n" +
+  return bCrypto.sha3Hash("blamejs/cluster-state/v1\n" +
                          keys.publicKey + "\n" +
                          keys.ecPublicKey);
 }

package/lib/compliance-sanctions.js

@@ -483,9 +483,9 @@ function create(opts) {
   // ignorable for the audit-trail use case (operators store the
   // ruleVersion + entry count alongside).
   function snapshot() {
-    var crypto = require("crypto");
+    var nodeCrypto = require("crypto");
     var ids = index.map(function (e) { return e.id; }).sort();
-    var hash = crypto.createHash("sha3-512");
+    var hash = nodeCrypto.createHash("sha3-512");
     for (var i = 0; i < ids.length; i++) hash.update(ids[i]);
     return {
       algorithm:    algorithm,

package/lib/config-drift.js

@@ -35,11 +35,11 @@
  * @card
  *   Monitor + alert when runtime config diverges from a declared baseline.
  */
-var fs = require("node:fs");
-var path = require("node:path");
+var nodeFs = require("node:fs");
+var nodePath = require("node:path");
 var auditSign = require("./audit-sign");
 var canonicalJson = require("./canonical-json");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
@@ -57,12 +57,12 @@ var SIDECAR_VERSION = 1;
 // Deterministic key order so the same snapshot always hashes to the same
 // digest. Pre-v0.6.67 the in-line implementation silently lost Date /
 // Map / Set / Buffer / BigInt content; the shared walker handles all
-// of those + circular refs. Same bytes as audit-chain / audit-tools /
+// of those + circular renodeFs. Same bytes as audit-chain / audit-tools /
 // pagination would produce for the same input.
 function _stableStringify(value) { return canonicalJson.stringify(value); }
 
 function _hashSnapshot(snapshot) {
-  return crypto.sha3Hash(_stableStringify(snapshot));
+  return bCrypto.sha3Hash(_stableStringify(snapshot));
 }
 
 function _diffShallow(prev, next) {
@@ -155,7 +155,7 @@ function create(opts) {
   // (e.g. operator-tracked metadata that legitimately changes per
   // boot). Captured in the snapshot but never flagged.
   var ignoreKeys = Array.isArray(opts.ignoreKeys) ? opts.ignoreKeys.slice() : [];
-  var sidecarPath = path.join(dataDir,
+  var sidecarPath = nodePath.join(dataDir,
     baselineName === "default" ? SIDECAR_NAME : ("config-baseline-" + baselineName + ".sig"));
 
   function _emit(action, info, outcome) {
@@ -172,9 +172,9 @@ function create(opts) {
   }
 
   function _readSidecar() {
-    if (!fs.existsSync(sidecarPath)) return null;
+    if (!nodeFs.existsSync(sidecarPath)) return null;
     var raw;
-    try { raw = fs.readFileSync(sidecarPath, "utf8"); }
+    try { raw = nodeFs.readFileSync(sidecarPath, "utf8"); }
     catch (_e) { return null; }
     var parsed;
     try { parsed = safeJson.parse(raw); }
@@ -200,8 +200,8 @@ function create(opts) {
       snapshot:         snapshot,
     };
     var tmp = sidecarPath + ".tmp";
-    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
-    fs.renameSync(tmp, sidecarPath);
+    nodeFs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
+    nodeFs.renameSync(tmp, sidecarPath);
   }
 
   function _verifySidecar(parsed) {
@@ -366,10 +366,10 @@ function create(opts) {
  */
 function verifyVendorIntegrity(opts) {
   opts = opts || {};
-  var libVendorDir  = opts.libVendorDir  || path.join(process.cwd(), "lib", "vendor");
-  var manifestPath  = opts.manifestPath  || path.join(libVendorDir, "MANIFEST.json");
+  var libVendorDir  = opts.libVendorDir  || nodePath.join(process.cwd(), "lib", "vendor");
+  var manifestPath  = opts.manifestPath  || nodePath.join(libVendorDir, "MANIFEST.json");
   var raw;
-  try { raw = fs.readFileSync(manifestPath, "utf8"); }
+  try { raw = nodeFs.readFileSync(manifestPath, "utf8"); }
   catch (_e) {
     throw _err("VENDOR_MANIFEST_MISSING",
       "vendor MANIFEST.json missing at " + manifestPath, true);
@@ -389,10 +389,10 @@ function verifyVendorIntegrity(opts) {
       var rel = files[kind];
       var expected = hashes[kind];
       if (typeof rel !== "string" || typeof expected !== "string") return;
-      var abs = path.isAbsolute(rel) ? rel : path.join(process.cwd(), rel);
+      var abs = nodePath.isAbsolute(rel) ? rel : nodePath.join(process.cwd(), rel);
       var actual;
       try {
-        var bytes = fs.readFileSync(abs);
+        var bytes = nodeFs.readFileSync(abs);
         actual = "sha256:" + require("node:crypto")
           .createHash("sha256").update(bytes).digest("hex");
       } catch (_e) {

package/lib/content-credentials.js

@@ -28,7 +28,7 @@
  *   C2PA 2.1 content provenance — sign assets with a manifest declaring origin, edits, AI involvement.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var canonicalJson = require("./canonical-json");
 var validateOpts = require("./validate-opts");
 var audit = require("./audit");
@@ -234,7 +234,7 @@ function sign(manifest, opts) {
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
     "contentCredentials.sign: privateKeyPem", ContentCredentialsError, "BAD_KEY");
   var canonical = canonicalJson.stringify(manifest);
-  var signature = crypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
+  var signature = bCrypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
   var auditOn = opts.audit !== false;
   if (auditOn) {
     audit.safeEmit({
@@ -299,7 +299,7 @@ function verify(envelope, publicKeyPem, opts) {
   catch (_e) {
     return { valid: false, claims: null, reason: "signature-base64-bad" };
   }
-  var ok = crypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
+  var ok = bCrypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
   if (!ok) {
     return { valid: false, claims: null, reason: "signature-mismatch" };
   }
@@ -519,7 +519,7 @@ function signCose(manifest, opts) {
   var toBeSigned = Buffer.concat(sigStructureBufs);
 
   // Sign with framework's b.crypto.sign — algorithm picked from the PEM.
-  var signature = crypto.sign(toBeSigned, opts.privateKeyPem);
+  var signature = bCrypto.sign(toBeSigned, opts.privateKeyPem);
 
   // COSE_Sign1 = tagged-18 array [protected, unprotected, payload, signature]
   var coseSign1 = Buffer.concat([

package/lib/credential-hash.js

@@ -41,7 +41,7 @@
  *   Derive a deterministic, verifiable hash for credential lookup (API-key secret, shared bearer token, webhook signing key) without storing the credential itself.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var { FrameworkError } = require("./framework-error");
@@ -73,7 +73,7 @@ function _shake256(secret, length) {
   // crypto.kdf wraps SHAKE256 with arbitrary output length. That's the
   // exact primitive we need — the framework's KDF and credential-hash
   // share one underlying XOF.
-  return crypto.kdf(secret, length);
+  return bCrypto.kdf(secret, length);
 }
 
 
@@ -291,7 +291,7 @@ async function verify(secret, envelope) {
       return false;
     }
     var expected = _shake256(secret, decoded.payload.length);
-    var ok = crypto.timingSafeEqual(expected, decoded.payload);
+    var ok = bCrypto.timingSafeEqual(expected, decoded.payload);
     _emitEvent("credentialHash.verify", 1,
       { outcome: ok ? "success" : "failure", algo: algoName });
     return ok;

package/lib/crypto.js

@@ -147,6 +147,150 @@ function hashFile(filePath, algorithm) {
   return hashStream(nodeFs.createReadStream(filePath), algorithm);
 }
 
+// _hashFileMulti — single-pass stream of a file through N hashers in
+// parallel. Returns { path, byteLength, <alg>: hex } for every
+// `algorithms` entry. Used by hashFilesParallel below; not exported
+// directly because the common case is the parallel-many shape.
+function _hashFileMulti(filePath, algorithms) {
+  return new Promise(function (resolve, reject) {
+    var hashers = new Array(algorithms.length);
+    for (var i = 0; i < algorithms.length; i += 1) {
+      try { hashers[i] = nodeCrypto.createHash(algorithms[i]); }
+      catch (e) {
+        reject(new Error("crypto.hashFilesParallel: unknown algorithm '" +
+          algorithms[i] + "': " + (e && e.message ? e.message : String(e))));
+        return;
+      }
+    }
+    var byteLength = 0;
+    var stream = nodeFs.createReadStream(filePath);
+    stream.on("error", reject);
+    stream.on("data", function (chunk) {
+      byteLength += chunk.length;
+      for (var j = 0; j < hashers.length; j += 1) hashers[j].update(chunk);
+    });
+    stream.on("end", function () {
+      var out = { path: filePath, byteLength: byteLength };
+      for (var k = 0; k < hashers.length; k += 1) {
+        // Field name = algorithm with `-` → `_` so "sha3-512" surfaces
+        // as `out.sha3_512` (matches the standalone-verifier shape).
+        out[algorithms[k].replace(/-/g, "_")] = hashers[k].digest("hex");
+      }
+      resolve(out);
+    });
+  });
+}
+
+/**
+ * @primitive b.crypto.hashFilesParallel
+ * @signature b.crypto.hashFilesParallel(filePaths, opts?)
+ * @since     0.9.14
+ * @status    stable
+ * @related   b.crypto.hashFile, b.crypto.hashStream
+ *
+ * Hash many files in parallel, streaming each one through one or
+ * more digest algorithms in a single read pass. Returns an array of
+ * `{ path, byteLength, sha256, sha3_512, ... }` records in the same
+ * order as `filePaths`. Concurrency is operator-tunable; the default
+ * (`min(8, filePaths.length)`) matches the framework's
+ * hash-while-streaming convention elsewhere without saturating the
+ * fs read queue on spinning-disk hosts.
+ *
+ * The common consumer-side reason to reach for this primitive is
+ * SBOM regeneration / vendor-data integrity sweeps / release-asset
+ * bundling — situations where N files each need both SHA-256 (legacy
+ * compat) and SHA-3-512 (PQC-first) digests and rolling a worker
+ * pool by hand has cost a downstream consumer (`hermitstash-sync`
+ * 2026-05-13) the same two-loop, capture-N-promises, settle-Q boilerplate
+ * every release.
+ *
+ * @opts
+ *   algorithms?:  string[], // default ["sha256", "sha3-512"]; any node:crypto-known digest
+ *   concurrency?: number,   // default min(8, filePaths.length); 1..256
+ *   onProgress?:  function (completed, total) // best-effort; thrown errors swallowed
+ *
+ * @example
+ *   var rows = await b.crypto.hashFilesParallel(
+ *     ["/var/lib/blamejs/asset-a.bin",
+ *      "/var/lib/blamejs/asset-b.bin"],
+ *     { algorithms: ["sha256", "sha3-512"], concurrency: 4 }
+ *   );
+ *   // rows[0] → { path: "...asset-a.bin", byteLength: 4096,
+ *   //            sha256: "...", sha3_512: "..." }
+ */
+function hashFilesParallel(filePaths, opts) {
+  if (!Array.isArray(filePaths)) {
+    return Promise.reject(new TypeError(
+      "crypto.hashFilesParallel: filePaths must be an array of non-empty strings"
+    ));
+  }
+  for (var i = 0; i < filePaths.length; i += 1) {
+    if (typeof filePaths[i] !== "string" || filePaths[i].length === 0) {
+      return Promise.reject(new TypeError(
+        "crypto.hashFilesParallel: filePaths[" + i + "] must be a non-empty string"
+      ));
+    }
+  }
+  opts = opts || {};
+  var algorithms = opts.algorithms !== undefined
+    ? opts.algorithms : ["sha256", "sha3-512"];
+  if (!Array.isArray(algorithms) || algorithms.length === 0) {
+    return Promise.reject(new TypeError(
+      "crypto.hashFilesParallel: opts.algorithms must be a non-empty array"
+    ));
+  }
+  for (var ai = 0; ai < algorithms.length; ai += 1) {
+    if (typeof algorithms[ai] !== "string" || algorithms[ai].length === 0) {
+      return Promise.reject(new TypeError(
+        "crypto.hashFilesParallel: opts.algorithms[" + ai + "] must be a non-empty string"
+      ));
+    }
+  }
+  var concurrency = opts.concurrency !== undefined
+    ? opts.concurrency
+    : Math.min(8, Math.max(1, filePaths.length));                                                  // allow:raw-byte-literal — worker fan-out cap, not bytes
+  if (typeof concurrency !== "number" || !isFinite(concurrency) ||
+      concurrency < 1 || concurrency > 256 ||                                                       // allow:raw-byte-literal — concurrency upper cap
+      Math.floor(concurrency) !== concurrency) {
+    return Promise.reject(new TypeError(
+      "crypto.hashFilesParallel: opts.concurrency must be an integer in [1, 256], got " + concurrency
+    ));
+  }
+  var onProgress = opts.onProgress;
+  if (onProgress !== undefined && typeof onProgress !== "function") {
+    return Promise.reject(new TypeError(
+      "crypto.hashFilesParallel: opts.onProgress must be a function when supplied"
+    ));
+  }
+  if (filePaths.length === 0) return Promise.resolve([]);
+
+  var results = new Array(filePaths.length);
+  var nextIdx = 0;
+  var completed = 0;
+  var total = filePaths.length;
+  function _worker() {
+    function _step() {
+      var idx = nextIdx;
+      nextIdx += 1;
+      if (idx >= total) return Promise.resolve();
+      return _hashFileMulti(filePaths[idx], algorithms).then(function (rec) {
+        results[idx] = rec;
+        completed += 1;
+        if (onProgress) {
+          try { onProgress(completed, total); }
+          catch (_e) { /* progress callback errors are not fatal */ }
+        }
+        return _step();
+      });
+    }
+    return _step();
+  }
+  var workerCount = Math.min(concurrency, total);
+  var workers = new Array(workerCount);
+  for (var w = 0; w < workerCount; w += 1) workers[w] = _worker();
+  return Promise.all(workers).then(function () { return results; });
+}
+
 function random(byteLength) {
   var n = byteLength || 32;
   // SHAKE256 over OS-RNG bytes. The OS RNG (nodeCrypto.randomBytes) is
@@ -1374,6 +1518,7 @@ module.exports = {
   sha3Hash:                    sha3Hash,
   hmacSha3:                    hmacSha3,
   hashFile:                    hashFile,
+  hashFilesParallel:           hashFilesParallel,
   hashStream:                  hashStream,
   namespaceHash:               namespaceHash,
   kdf:                         kdf,

package/lib/daemon.js

@@ -37,9 +37,9 @@
  *   Long-running process orchestration — supervisor wiring around `b.appShutdown`, foreground signal handling, detached-fork spawn via `b.processSpawn`, PID-file health probes, and a SIGTERM-then-SIGKILL restart policy on stop.
  */
 
-var fs = require("fs");
-var path = require("path");
-var nb = require("./numeric-bounds");
+var nodeFs = require("fs");
+var nodePath = require("path");
+var numericBounds = require("./numeric-bounds");
 var appShutdown = require("./app-shutdown");
 var processSpawn = require("./process-spawn");
 var lazyRequire = require("./lazy-require");
@@ -80,7 +80,7 @@ function _isLivePid(pid) {
 
 function _readPidFile(pidFile) {
   try {
-    var raw = fs.readFileSync(pidFile, "utf8");
+    var raw = nodeFs.readFileSync(pidFile, "utf8");
     var pid = parseInt(String(raw).trim(), 10);
     return isFinite(pid) && pid > 0 ? pid : null;
   } catch (_e) { return null; }
@@ -118,9 +118,9 @@ function _validateStopOpts(opts) {
     "daemon.stop: opts.pidFile", DaemonError, "daemon/bad-pid-file");
   validateOpts.optionalNonEmptyString(opts.signal,
     "daemon.stop: opts.signal", DaemonError, "daemon/bad-signal");
-  nb.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
     "daemon.stop: opts.timeoutMs", DaemonError, "daemon/bad-timeout");
-  nb.requirePositiveFiniteIntIfPresent(opts.pollMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.pollMs,
     "daemon.stop: opts.pollMs", DaemonError, "daemon/bad-poll");
 }
 
@@ -133,7 +133,7 @@ function _maybeReapStale(pidFile) {
   }
   if (existing === process.pid) return false;
   // Stale: PID is gone (or signal-0 returned ESRCH). Reap + audit.
-  try { fs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
   _safeAuditEmit("daemon.stale_pid_cleaned", "success", {
     pidFile:  pidFile,
     stalePid: existing,
@@ -146,13 +146,13 @@ function _maybeReapStale(pidFile) {
 // redirect of the current process' stdout/stderr.
 function _openLogFd(logFile) {
   if (typeof logFile !== "string" || logFile.length === 0) return null;
-  atomicFile.ensureDir(path.dirname(logFile));
-  var fd = fs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
+  atomicFile.ensureDir(nodePath.dirname(logFile));
+  var fd = nodeFs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
   return fd;
 }
 
 // Redirect the current process's stdout/stderr file descriptors at the
-// given fd. Implemented via fs.writeSync streams: Node doesn't expose a
+// given fd. Implemented via nodeFs.writeSync streams: Node doesn't expose a
 // portable dup2, so we replace process.stdout.write / process.stderr.write
 // with a writer that pushes to the log fd. This is the standard
 // pattern for foreground daemons that don't want to lose output when
@@ -163,7 +163,7 @@ function _redirectStdio(fd) {
     var enc = typeof encOrCb === "string" ? encOrCb : "utf8";
     var cb  = typeof encOrCb === "function" ? encOrCb : maybeCb;
     var buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk), enc);
-    try { fs.writeSync(fd, buf); }
+    try { nodeFs.writeSync(fd, buf); }
     catch (_e) { /* log fd closed underneath us — drop */ }
     if (typeof cb === "function") cb();
     return true;
@@ -246,21 +246,21 @@ function start(opts) {
         cwd:      typeof opts.cwd === "string" ? opts.cwd : undefined,
       });
     } catch (e) {
-      try { if (typeof logFd === "number") fs.closeSync(logFd); }
+      try { if (typeof logFd === "number") nodeFs.closeSync(logFd); }
       catch (_c) { /* best-effort */ }
       throw new DaemonError("daemon/spawn-failed",
         "daemon.start: spawn failed: " + ((e && e.message) || String(e)));
     }
     // Write the child's PID via atomic temp+rename so a concurrent
     // observer never sees a half-written pidFile.
-    atomicFile.ensureDir(path.dirname(pidFile));
+    atomicFile.ensureDir(nodePath.dirname(pidFile));
     var pidStr = String(child.pid) + "\n";
     atomicFile.writeSync(pidFile, pidStr, { fileMode: 0o600 });
     // Detach so the child survives parent exit.
     try { child.unref(); } catch (_u) { /* best-effort */ }
     if (typeof logFd === "number") {
       // Parent doesn't need its handle to the log; child inherited it.
-      try { fs.closeSync(logFd); } catch (_c) { /* best-effort */ }
+      try { nodeFs.closeSync(logFd); } catch (_c) { /* best-effort */ }
     }
     _safeAuditEmit("daemon.started", "success", {
       pidFile:     pidFile,
@@ -307,7 +307,7 @@ function start(opts) {
         run:  function () {
           try { lock.release(); } catch (_e) { /* best-effort */ }
           if (logFdForeground !== null) {
-            try { fs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
+            try { nodeFs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
           }
         },
         timeoutMs: C.TIME.seconds(2),
@@ -381,7 +381,7 @@ async function stop(opts) {
   }
   if (!_isLivePid(pid)) {
     // Stale — clean up and report.
-    try { fs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
+    try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
     _safeAuditEmit("daemon.stale_pid_cleaned", "success", { pidFile: pidFile, stalePid: pid });
     return { stopped: false, pid: pid, reason: "stale" };
   }
@@ -392,7 +392,7 @@ async function stop(opts) {
   catch (e) {
     if (e && e.code === "ESRCH") {
       // Died between read and kill — cleanup + report.
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -405,7 +405,7 @@ async function stop(opts) {
   var deadline = t0 + timeoutMs;
   while (Date.now() < deadline) {
     if (!_isLivePid(pid)) {
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -428,7 +428,7 @@ async function stop(opts) {
     if (!_isLivePid(pid)) break;
     await safeAsync.sleep(pollMs, { signal: opts.abortSignal });
   }
-  try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
   _safeAuditEmit("daemon.stopped", "success", {
     pidFile: pidFile, signal: "SIGKILL", waitMs: Date.now() - t0, escalated: true,
   });