@blamejs/core 0.9.12 → 0.9.15

package/lib/keychain.js

@@ -43,8 +43,8 @@
  *   OS keychain abstraction with encrypted-file fallback — stores / retrieves / removes a `(service, account) -> password` binding via the host operating system's native credential store.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
@@ -91,7 +91,7 @@ function _detectBackend() {
 
 function _existsExecutable(filepath) {
   try {
-    var st = fs.statSync(filepath);
+    var st = nodeFs.statSync(filepath);
     return st.isFile();
   } catch (_e) { return false; }
 }
@@ -124,7 +124,7 @@ function _resolveOnPath(binName) {
   for (var i = 0; i < parts.length; i += 1) {
     var dir = parts[i];
     if (typeof dir !== "string" || dir.length === 0) continue;
-    var candidate = path.join(dir, binName);
+    var candidate = nodePath.join(dir, binName);
     if (_existsExecutable(candidate)) return candidate;
   }
   return null;
@@ -159,9 +159,9 @@ function _validateCommonOpts(opts, primitive) {
 function _validateFallbackFile(filepath, primitive) {
   validateOpts.requireNonEmptyString(filepath, "fallbackFile",
     KeychainError, "keychain/bad-fallback-file");
-  if (!path.isAbsolute(filepath)) {
+  if (!nodePath.isAbsolute(filepath)) {
     throw new KeychainError("keychain/relative-fallback-file",
-      primitive + ": fallbackFile must be an absolute path; got " + filepath);
+      primitive + ": fallbackFile must be an absolute nodePath; got " + filepath);
   }
 }
 
@@ -613,7 +613,7 @@ function _isFallbackError(e) {
  *     service:       string,        // required, no NUL/CR/LF bytes
  *     account:       string,        // required, no NUL/CR/LF bytes
  *     password:      string,        // required, non-empty
- *     fallbackFile?: string,        // absolute path; required if file fallback may engage
+ *     fallbackFile?: string,        // absolute nodePath; required if file fallback may engage
  *     passphrase?:   string,        // required when fallbackFile engages (Argon2id-derived KEK)
  *     preferFile?:   boolean,       // default: false
  *     audit?:        boolean,       // default: true (emits keychain.stored)
@@ -685,7 +685,7 @@ async function store(opts) {
  *   {
  *     service:       string,        // required
  *     account:       string,        // required
- *     fallbackFile?: string,        // absolute path; required for file-backend lookup
+ *     fallbackFile?: string,        // absolute nodePath; required for file-backend lookup
  *     passphrase?:   string,        // required when fallbackFile engages
  *     preferFile?:   boolean,       // default: false
  *     audit?:        boolean,       // default: true (emits keychain.retrieved)
@@ -781,7 +781,7 @@ async function retrieve(opts) {
  *   {
  *     service:       string,        // required
  *     account:       string,        // required
- *     fallbackFile?: string,        // absolute path; required for file-backend cleanup
+ *     fallbackFile?: string,        // absolute nodePath; required for file-backend cleanup
  *     passphrase?:   string,        // required when fallbackFile engages
  *     preferFile?:   boolean,       // default: false
  *     audit?:        boolean,       // default: true (emits keychain.removed)

package/lib/legal-hold.js

@@ -59,7 +59,7 @@
  * missing/garbage subjectId at the API; emit + return shaped error
  * on policy denials (already-held / not-held / invalid-citation).
  */
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
@@ -96,7 +96,7 @@ function _subjectIdString(subjectId) {
 }
 
 function _hashSubject(subjectId) {
-  return crypto.sha3Hash("bj-legal-hold:" + subjectId);
+  return bCrypto.sha3Hash("bj-legal-hold:" + subjectId);
 }
 
 function create(opts) {

package/lib/local-db-thin.js

@@ -53,8 +53,8 @@
  *   localdb.thin.closed     { file }
  */
 
-var fs   = require("fs");
-var path = require("path");
+var nodeFs   = require("fs");
+var nodePath = require("path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var safeSql = require("./safe-sql");
@@ -77,7 +77,7 @@ var NUL_BYTE = String.fromCharCode(0);
 function _validateOpts(opts) {
   validateOpts.requireObject(opts, "localDb.thin", LocalDbThinError, "localdb-thin/bad-opts");
   validateOpts.requireNonEmptyString(opts.file, "file", LocalDbThinError, "localdb-thin/bad-file");
-  // `file` is operator-supplied (daemon's chosen storage path), not
+  // `file` is operator-supplied (daemon's chosen storage nodePath), not
   // request-driven input. Reject NUL bytes defensively — Node's path
   // routines silently truncate at the first NUL, which would let a
   // typo open a different file than the operator intended.
@@ -144,7 +144,7 @@ function thin(opts) {
   _validateOpts(opts);
 
   var auditOn  = opts.audit !== false;
-  // opts.file is operator-config (daemon-author chosen storage path),
+  // opts.file is operator-config (daemon-author chosen storage nodePath),
   // not request-driven input. Validation above already rejected non-
   // strings and NUL bytes. The operator picks the file location; the
   // wrapper opens it as-is.
@@ -168,7 +168,7 @@ function thin(opts) {
 
   // Ensure parent directory exists — operators commonly point this at
   // an OS app-data path that may not exist on first daemon launch.
-  try { fs.mkdirSync(path.dirname(file), { recursive: true }); } catch (_e) { /* best-effort */ }
+  try { nodeFs.mkdirSync(nodePath.dirname(file), { recursive: true }); } catch (_e) { /* best-effort */ }
 
   var database = null;
   var renamedTo = null;
@@ -203,13 +203,13 @@ function thin(opts) {
       var lastRenameErr = null;
       for (var attempt = 0; attempt < 20 && !renamed; attempt += 1) {
         try {
-          if (fs.existsSync(file)) fs.renameSync(file, renamedTo);
+          if (nodeFs.existsSync(file)) nodeFs.renameSync(file, renamedTo);
           renamed = true;
         } catch (re) {
           lastRenameErr = re;
           if (re && (re.code === "EBUSY" || re.code === "EPERM")) {
             // Synchronous spin — don't reach for setTimeout in a
-            // boot-time path. 100ms × 20 = 2s upper bound.
+            // boot-time nodePath. 100ms × 20 = 2s upper bound.
             var until = Date.now() + 100;
             while (Date.now() < until) { /* spin */ }
             continue;
@@ -227,8 +227,8 @@ function thin(opts) {
       // re-attach a half-open journal.
       ["-wal", "-shm"].forEach(function (suffix) {
         var sibling = file + suffix;
-        if (fs.existsSync(sibling)) {
-          try { fs.renameSync(sibling, sibling + ".corrupt-" + stamp); }
+        if (nodeFs.existsSync(sibling)) {
+          try { nodeFs.renameSync(sibling, sibling + ".corrupt-" + stamp); }
           catch (_se) { /* best-effort */ }
         }
       });

package/lib/log-stream-local.js

@@ -23,8 +23,8 @@
  *     fileNamePrefix:     'blamejs'
  *   }
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var zlib = require("zlib");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
@@ -48,19 +48,19 @@ var _err = LogStreamError.factory;
 function create(config) {
   if (!config || !config.dir) throw new Error("log-stream local requires { dir }");
   var cfg = Object.assign({}, DEFAULTS, config);
-  var dir = path.resolve(cfg.dir);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  var dir = nodePath.resolve(cfg.dir);
+  if (!nodeFs.existsSync(dir)) nodeFs.mkdirSync(dir, { recursive: true, mode: 0o700 });
 
-  var activePath = path.join(dir, cfg.fileNamePrefix + ".log");
+  var activePath = nodePath.join(dir, cfg.fileNamePrefix + ".log");
   var fd = null;
   var openedAt = 0;
   var bytesWritten = 0;
 
   function _open() {
-    fd = fs.openSync(activePath, "a", cfg.fileMode);
+    fd = nodeFs.openSync(activePath, "a", cfg.fileMode);
     openedAt = Date.now();
     try {
-      var stat = fs.fstatSync(fd);
+      var stat = nodeFs.fstatSync(fd);
       bytesWritten = stat.size;
     } catch (_e) {
       bytesWritten = 0;
@@ -77,20 +77,20 @@ function create(config) {
   function _rotate() {
     try {
       if (fd != null) {
-        try { fs.closeSync(fd); }
+        try { nodeFs.closeSync(fd); }
         catch (e) { log.warn("rotate-close-failed: " + e.message); }
         fd = null;
       }
       // Build rotated filename: blamejs-YYYYMMDDTHHMMSSZ.log
       var stamp = time.toIso8601NoMs(new Date()).replace(/[-:]/g, "");
-      var rotated = path.join(dir, cfg.fileNamePrefix + "-" + stamp + ".log");
-      if (fs.existsSync(activePath)) {
-        fs.renameSync(activePath, rotated);
+      var rotated = nodePath.join(dir, cfg.fileNamePrefix + "-" + stamp + ".log");
+      if (nodeFs.existsSync(activePath)) {
+        nodeFs.renameSync(activePath, rotated);
         if (cfg.compressRotations) {
-          var data = fs.readFileSync(rotated);
+          var data = nodeFs.readFileSync(rotated);
           var gz = zlib.gzipSync(data);
           atomicFile.writeSync(rotated + ".gz", gz, { fileMode: cfg.fileMode });
-          fs.unlinkSync(rotated);
+          nodeFs.unlinkSync(rotated);
         }
       }
       _pruneOld();
@@ -109,7 +109,7 @@ function create(config) {
       includeStat: true,
     }).sort(function (a, b) { return b.mtimeMs - a.mtimeMs; });   // newest first
     for (var i = cfg.keepRotations; i < entries.length; i++) {
-      try { fs.unlinkSync(entries[i].fullPath); } catch (_e) { /* best effort */ }
+      try { nodeFs.unlinkSync(entries[i].fullPath); } catch (_e) { /* best effort */ }
     }
   }
 
@@ -117,15 +117,15 @@ function create(config) {
     if (_shouldRotate()) _rotate();
     var line = JSON.stringify(record) + "\n";
     var buf = Buffer.from(line, "utf8");
-    fs.writeSync(fd, buf, 0, buf.length, null);
+    nodeFs.writeSync(fd, buf, 0, buf.length, null);
     bytesWritten += buf.length;
     return Promise.resolve({ bytes: buf.length });
   }
 
   function close() {
     if (fd != null) {
-      try { fs.fsyncSync(fd); } catch (_e) { /* best effort */ }
-      try { fs.closeSync(fd); }
+      try { nodeFs.fsyncSync(fd); } catch (_e) { /* best effort */ }
+      try { nodeFs.closeSync(fd); }
       catch (e) { log.warn("close-failed: " + e.message); }
       fd = null;
     }

package/lib/log-stream-syslog.js

@@ -30,7 +30,7 @@
 var dgram = require("dgram");
 var net   = require("net");
 var os    = require("os");
-var tls   = require("tls");
+var nodeTls   = require("tls");
 var C = require("./constants");
 var { boot } = require("./log");
 var safeAsync = require("./safe-async");
@@ -223,7 +223,7 @@ function create(config) {
       });
       if (cfg.ca) tlsOpts.ca = cfg.ca;
       if (cfg.servername) tlsOpts.servername = cfg.servername;
-      sock = tls.connect(tlsOpts, onConnect);
+      sock = nodeTls.connect(tlsOpts, onConnect);
     } else {
       sock = net.connect(connectOpts, onConnect);
     }

package/lib/log-stream.js

@@ -55,7 +55,7 @@ var otlpGrpcProto   = require("./log-stream-otlp-grpc");
 var cloudwatchProto = require("./log-stream-cloudwatch");
 var syslogProto     = require("./log-stream-syslog");
 var { boot }        = require("./log");
-var redactor        = require("./redact");
+var redact          = require("./redact");
 var lazyRequire     = require("./lazy-require");
 var protocolDispatcher = require("./protocol-dispatcher");
 var { LogStreamError } = require("./framework-error");
@@ -215,7 +215,7 @@ function emit(level, message, meta) {
     message: message == null ? null : String(message),
   };
   if (meta) {
-    record.meta = redactor.redact(meta);
+    record.meta = redact.redact(meta);
   }
 
   // Fire-and-forget to all sinks. Sink errors don't bubble — they're
@@ -367,7 +367,7 @@ function onIncoming(handler) {
  */
 async function deliverIncoming(payload, opts) {
   opts = opts || {};
-  var redacted = redactor.redact(payload);
+  var redacted = redact.redact(payload);
   // Audit-log the inbound command BEFORE invoking handlers — even handler
   // exceptions don't lose the receipt.
   audit().safeEmit({

package/lib/mail-bounce.js

@@ -39,7 +39,7 @@
  *   Inbound mail bounce-handler — parse the vendor's webhook DSN / complaint / delivery payload, normalize it into one event shape, classify hard vs soft bounces, and feed an operator-supplied suppression-list hook.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var mimeParse = require("./mime-parse");
 var numericBounds = require("./numeric-bounds");
@@ -817,7 +817,7 @@ function _foldFieldValue(name, value) {
 }
 
 function _generateBoundary() {
-  return "blamejs-dsn-" + crypto.generateToken(C.BYTES.bytes(12));
+  return "blamejs-dsn-" + bCrypto.generateToken(C.BYTES.bytes(12));
 }
 
 function _buildDsn(opts) {

package/lib/mail-mdn.js

@@ -28,7 +28,7 @@
  *   RFC 3798 / RFC 8098 Message Disposition Notification builder + parser — generate "message read" return-receipts and parse inbound MDNs into a normalized event shape. Auto-generation refuses without explicit operator opt-in to prevent accidental privacy leaks.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var mimeParse = require("./mime-parse");
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -99,7 +99,7 @@ function _parseDisposition(value) {
 }
 
 function _generateBoundary() {
-  return "blamejs-mdn-" + crypto.generateToken(C.BYTES.bytes(12));
+  return "blamejs-mdn-" + bCrypto.generateToken(C.BYTES.bytes(12));
 }
 
 /**

package/lib/mail-srs.js

@@ -43,7 +43,7 @@
  */
 
 var nodeCrypto    = require("node:crypto");
-var blamejsCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var validateOpts  = require("./validate-opts");
 var { defineClass } = require("./framework-error");
 
@@ -239,7 +239,7 @@ function create(opts) {
 
 function _timingSafeStringEqual(a, b) {
   if (typeof a !== "string" || typeof b !== "string") return false;
-  return blamejsCrypto.timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
+  return bCrypto.timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
 }
 
 module.exports = {

package/lib/mail.js

@@ -56,7 +56,7 @@
  *   SMTP / HTTP-API email send with multipart RFC 5322 message composition, DKIM signing on the way out, and full inbound mail- authentication parsing on the way in.
  */
 var C = require("./constants");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeBuffer = require("./safe-buffer");
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -64,7 +64,7 @@ var httpClient = lazyRequire(function () { return require("./http-client"); });
 var guardEmail = lazyRequire(function () { return require("./guard-email"); });
 var guardFilename = lazyRequire(function () { return require("./guard-filename"); });
 var fileType = lazyRequire(function () { return require("./file-type"); });
-var mailDkim = require("./mail-dkim");
+var dkim = require("./mail-dkim");
 var mailAuth = require("./mail-auth");
 var mailBimi = require("./mail-bimi");
 var mailUnsubscribe = require("./mail-unsubscribe");
@@ -634,7 +634,7 @@ function _newBoundary(label) {
   // convention. RFC 5322 only requires uniqueness within a message,
   // but consistency with how every other identifier in lib/ is built
   // wins over premature differentiation.
-  return "blamejs-" + label + "-" + Date.now() + "-" + crypto.generateToken(C.BYTES.bytes(8));
+  return "blamejs-" + label + "-" + Date.now() + "-" + bCrypto.generateToken(C.BYTES.bytes(8));
 }
 
 // base64-encode the buffer with line wrapping at 76 chars (RFC 2045
@@ -1841,7 +1841,7 @@ module.exports = {
   // DKIM-Signature header generation for outbound mail (rsa-sha256
   // default, ed25519-sha256 opt-in). Wire it into the smtp transport
   // via opts.dkimSigner. See lib/mail-dkim.js for the full surface.
-  dkim:       mailDkim,
+  dkim:       dkim,
   // Inbound mail authentication-results verification: SPF (RFC 7208),
   // DMARC (RFC 7489), ARC (RFC 8617). Outbound DKIM signing lives in
   // .dkim above; per-hop DKIM verification is deferred (composes with

package/lib/mcp.js

@@ -31,7 +31,7 @@
  */
 
 var C = require("./constants");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeUrl = require("./safe-url");
 var safeJson = require("./safe-json");
 var safeBuffer = require("./safe-buffer");
@@ -261,7 +261,7 @@ function serverGuard(opts) {
   }
   var toolAllowlist     = Array.isArray(opts.toolAllowlist)     ? opts.toolAllowlist     : null;
   var resourceAllowlist = Array.isArray(opts.resourceAllowlist) ? opts.resourceAllowlist : null;
-  nb.requirePositiveFiniteIntIfPresent(opts.maxBodyBytes, "mcp.serverGuard: opts.maxBodyBytes", errorClass, "BAD_MAX_BYTES");
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBodyBytes, "mcp.serverGuard: opts.maxBodyBytes", errorClass, "BAD_MAX_BYTES");
   var maxBodyBytes = opts.maxBodyBytes || C.BYTES.mib(1);
   var auditOn = opts.audit !== false;