@blamejs/core 0.9.14 → 0.9.15

package/lib/config-drift.js

@@ -35,11 +35,11 @@
  * @card
  *   Monitor + alert when runtime config diverges from a declared baseline.
  */
-var fs = require("node:fs");
-var path = require("node:path");
+var nodeFs = require("node:fs");
+var nodePath = require("node:path");
 var auditSign = require("./audit-sign");
 var canonicalJson = require("./canonical-json");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
@@ -57,12 +57,12 @@ var SIDECAR_VERSION = 1;
 // Deterministic key order so the same snapshot always hashes to the same
 // digest. Pre-v0.6.67 the in-line implementation silently lost Date /
 // Map / Set / Buffer / BigInt content; the shared walker handles all
-// of those + circular refs. Same bytes as audit-chain / audit-tools /
+// of those + circular renodeFs. Same bytes as audit-chain / audit-tools /
 // pagination would produce for the same input.
 function _stableStringify(value) { return canonicalJson.stringify(value); }
 
 function _hashSnapshot(snapshot) {
-  return crypto.sha3Hash(_stableStringify(snapshot));
+  return bCrypto.sha3Hash(_stableStringify(snapshot));
 }
 
 function _diffShallow(prev, next) {
@@ -155,7 +155,7 @@ function create(opts) {
   // (e.g. operator-tracked metadata that legitimately changes per
   // boot). Captured in the snapshot but never flagged.
   var ignoreKeys = Array.isArray(opts.ignoreKeys) ? opts.ignoreKeys.slice() : [];
-  var sidecarPath = path.join(dataDir,
+  var sidecarPath = nodePath.join(dataDir,
     baselineName === "default" ? SIDECAR_NAME : ("config-baseline-" + baselineName + ".sig"));
 
   function _emit(action, info, outcome) {
@@ -172,9 +172,9 @@ function create(opts) {
   }
 
   function _readSidecar() {
-    if (!fs.existsSync(sidecarPath)) return null;
+    if (!nodeFs.existsSync(sidecarPath)) return null;
     var raw;
-    try { raw = fs.readFileSync(sidecarPath, "utf8"); }
+    try { raw = nodeFs.readFileSync(sidecarPath, "utf8"); }
     catch (_e) { return null; }
     var parsed;
     try { parsed = safeJson.parse(raw); }
@@ -200,8 +200,8 @@ function create(opts) {
       snapshot:         snapshot,
     };
     var tmp = sidecarPath + ".tmp";
-    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
-    fs.renameSync(tmp, sidecarPath);
+    nodeFs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
+    nodeFs.renameSync(tmp, sidecarPath);
   }
 
   function _verifySidecar(parsed) {
@@ -366,10 +366,10 @@ function create(opts) {
  */
 function verifyVendorIntegrity(opts) {
   opts = opts || {};
-  var libVendorDir  = opts.libVendorDir  || path.join(process.cwd(), "lib", "vendor");
-  var manifestPath  = opts.manifestPath  || path.join(libVendorDir, "MANIFEST.json");
+  var libVendorDir  = opts.libVendorDir  || nodePath.join(process.cwd(), "lib", "vendor");
+  var manifestPath  = opts.manifestPath  || nodePath.join(libVendorDir, "MANIFEST.json");
   var raw;
-  try { raw = fs.readFileSync(manifestPath, "utf8"); }
+  try { raw = nodeFs.readFileSync(manifestPath, "utf8"); }
   catch (_e) {
     throw _err("VENDOR_MANIFEST_MISSING",
       "vendor MANIFEST.json missing at " + manifestPath, true);
@@ -389,10 +389,10 @@ function verifyVendorIntegrity(opts) {
       var rel = files[kind];
       var expected = hashes[kind];
       if (typeof rel !== "string" || typeof expected !== "string") return;
-      var abs = path.isAbsolute(rel) ? rel : path.join(process.cwd(), rel);
+      var abs = nodePath.isAbsolute(rel) ? rel : nodePath.join(process.cwd(), rel);
       var actual;
       try {
-        var bytes = fs.readFileSync(abs);
+        var bytes = nodeFs.readFileSync(abs);
         actual = "sha256:" + require("node:crypto")
           .createHash("sha256").update(bytes).digest("hex");
       } catch (_e) {

package/lib/content-credentials.js

@@ -28,7 +28,7 @@
  *   C2PA 2.1 content provenance — sign assets with a manifest declaring origin, edits, AI involvement.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var canonicalJson = require("./canonical-json");
 var validateOpts = require("./validate-opts");
 var audit = require("./audit");
@@ -234,7 +234,7 @@ function sign(manifest, opts) {
   validateOpts.requireNonEmptyString(opts.privateKeyPem,
     "contentCredentials.sign: privateKeyPem", ContentCredentialsError, "BAD_KEY");
   var canonical = canonicalJson.stringify(manifest);
-  var signature = crypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
+  var signature = bCrypto.sign(Buffer.from(canonical, "utf8"), opts.privateKeyPem);
   var auditOn = opts.audit !== false;
   if (auditOn) {
     audit.safeEmit({
@@ -299,7 +299,7 @@ function verify(envelope, publicKeyPem, opts) {
   catch (_e) {
     return { valid: false, claims: null, reason: "signature-base64-bad" };
   }
-  var ok = crypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
+  var ok = bCrypto.verify(Buffer.from(canonical, "utf8"), sigBuf, publicKeyPem);
   if (!ok) {
     return { valid: false, claims: null, reason: "signature-mismatch" };
   }
@@ -519,7 +519,7 @@ function signCose(manifest, opts) {
   var toBeSigned = Buffer.concat(sigStructureBufs);
 
   // Sign with framework's b.crypto.sign — algorithm picked from the PEM.
-  var signature = crypto.sign(toBeSigned, opts.privateKeyPem);
+  var signature = bCrypto.sign(toBeSigned, opts.privateKeyPem);
 
   // COSE_Sign1 = tagged-18 array [protected, unprotected, payload, signature]
   var coseSign1 = Buffer.concat([

package/lib/credential-hash.js

@@ -41,7 +41,7 @@
  *   Derive a deterministic, verifiable hash for credential lookup (API-key secret, shared bearer token, webhook signing key) without storing the credential itself.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var { FrameworkError } = require("./framework-error");
@@ -73,7 +73,7 @@ function _shake256(secret, length) {
   // crypto.kdf wraps SHAKE256 with arbitrary output length. That's the
   // exact primitive we need — the framework's KDF and credential-hash
   // share one underlying XOF.
-  return crypto.kdf(secret, length);
+  return bCrypto.kdf(secret, length);
 }
 
 
@@ -291,7 +291,7 @@ async function verify(secret, envelope) {
       return false;
     }
     var expected = _shake256(secret, decoded.payload.length);
-    var ok = crypto.timingSafeEqual(expected, decoded.payload);
+    var ok = bCrypto.timingSafeEqual(expected, decoded.payload);
     _emitEvent("credentialHash.verify", 1,
       { outcome: ok ? "success" : "failure", algo: algoName });
     return ok;

package/lib/daemon.js

@@ -37,9 +37,9 @@
  *   Long-running process orchestration — supervisor wiring around `b.appShutdown`, foreground signal handling, detached-fork spawn via `b.processSpawn`, PID-file health probes, and a SIGTERM-then-SIGKILL restart policy on stop.
  */
 
-var fs = require("fs");
-var path = require("path");
-var nb = require("./numeric-bounds");
+var nodeFs = require("fs");
+var nodePath = require("path");
+var numericBounds = require("./numeric-bounds");
 var appShutdown = require("./app-shutdown");
 var processSpawn = require("./process-spawn");
 var lazyRequire = require("./lazy-require");
@@ -80,7 +80,7 @@ function _isLivePid(pid) {
 
 function _readPidFile(pidFile) {
   try {
-    var raw = fs.readFileSync(pidFile, "utf8");
+    var raw = nodeFs.readFileSync(pidFile, "utf8");
     var pid = parseInt(String(raw).trim(), 10);
     return isFinite(pid) && pid > 0 ? pid : null;
   } catch (_e) { return null; }
@@ -118,9 +118,9 @@ function _validateStopOpts(opts) {
     "daemon.stop: opts.pidFile", DaemonError, "daemon/bad-pid-file");
   validateOpts.optionalNonEmptyString(opts.signal,
     "daemon.stop: opts.signal", DaemonError, "daemon/bad-signal");
-  nb.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
     "daemon.stop: opts.timeoutMs", DaemonError, "daemon/bad-timeout");
-  nb.requirePositiveFiniteIntIfPresent(opts.pollMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.pollMs,
     "daemon.stop: opts.pollMs", DaemonError, "daemon/bad-poll");
 }
 
@@ -133,7 +133,7 @@ function _maybeReapStale(pidFile) {
   }
   if (existing === process.pid) return false;
   // Stale: PID is gone (or signal-0 returned ESRCH). Reap + audit.
-  try { fs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* race: another reaper */ }
   _safeAuditEmit("daemon.stale_pid_cleaned", "success", {
     pidFile:  pidFile,
     stalePid: existing,
@@ -146,13 +146,13 @@ function _maybeReapStale(pidFile) {
 // redirect of the current process' stdout/stderr.
 function _openLogFd(logFile) {
   if (typeof logFile !== "string" || logFile.length === 0) return null;
-  atomicFile.ensureDir(path.dirname(logFile));
-  var fd = fs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
+  atomicFile.ensureDir(nodePath.dirname(logFile));
+  var fd = nodeFs.openSync(logFile, "a", DEFAULT_LOG_FILE_MODE);
   return fd;
 }
 
 // Redirect the current process's stdout/stderr file descriptors at the
-// given fd. Implemented via fs.writeSync streams: Node doesn't expose a
+// given fd. Implemented via nodeFs.writeSync streams: Node doesn't expose a
 // portable dup2, so we replace process.stdout.write / process.stderr.write
 // with a writer that pushes to the log fd. This is the standard
 // pattern for foreground daemons that don't want to lose output when
@@ -163,7 +163,7 @@ function _redirectStdio(fd) {
     var enc = typeof encOrCb === "string" ? encOrCb : "utf8";
     var cb  = typeof encOrCb === "function" ? encOrCb : maybeCb;
     var buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk), enc);
-    try { fs.writeSync(fd, buf); }
+    try { nodeFs.writeSync(fd, buf); }
     catch (_e) { /* log fd closed underneath us — drop */ }
     if (typeof cb === "function") cb();
     return true;
@@ -246,21 +246,21 @@ function start(opts) {
         cwd:      typeof opts.cwd === "string" ? opts.cwd : undefined,
       });
     } catch (e) {
-      try { if (typeof logFd === "number") fs.closeSync(logFd); }
+      try { if (typeof logFd === "number") nodeFs.closeSync(logFd); }
       catch (_c) { /* best-effort */ }
       throw new DaemonError("daemon/spawn-failed",
         "daemon.start: spawn failed: " + ((e && e.message) || String(e)));
     }
     // Write the child's PID via atomic temp+rename so a concurrent
     // observer never sees a half-written pidFile.
-    atomicFile.ensureDir(path.dirname(pidFile));
+    atomicFile.ensureDir(nodePath.dirname(pidFile));
     var pidStr = String(child.pid) + "\n";
     atomicFile.writeSync(pidFile, pidStr, { fileMode: 0o600 });
     // Detach so the child survives parent exit.
     try { child.unref(); } catch (_u) { /* best-effort */ }
     if (typeof logFd === "number") {
       // Parent doesn't need its handle to the log; child inherited it.
-      try { fs.closeSync(logFd); } catch (_c) { /* best-effort */ }
+      try { nodeFs.closeSync(logFd); } catch (_c) { /* best-effort */ }
     }
     _safeAuditEmit("daemon.started", "success", {
       pidFile:     pidFile,
@@ -307,7 +307,7 @@ function start(opts) {
         run:  function () {
           try { lock.release(); } catch (_e) { /* best-effort */ }
           if (logFdForeground !== null) {
-            try { fs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
+            try { nodeFs.closeSync(logFdForeground); } catch (_c) { /* best-effort */ }
           }
         },
         timeoutMs: C.TIME.seconds(2),
@@ -381,7 +381,7 @@ async function stop(opts) {
   }
   if (!_isLivePid(pid)) {
     // Stale — clean up and report.
-    try { fs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
+    try { nodeFs.unlinkSync(pidFile); } catch (_e) { /* best-effort */ }
     _safeAuditEmit("daemon.stale_pid_cleaned", "success", { pidFile: pidFile, stalePid: pid });
     return { stopped: false, pid: pid, reason: "stale" };
   }
@@ -392,7 +392,7 @@ async function stop(opts) {
   catch (e) {
     if (e && e.code === "ESRCH") {
       // Died between read and kill — cleanup + report.
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -405,7 +405,7 @@ async function stop(opts) {
   var deadline = t0 + timeoutMs;
   while (Date.now() < deadline) {
     if (!_isLivePid(pid)) {
-      try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+      try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
       _safeAuditEmit("daemon.stopped", "success", {
         pidFile: pidFile, signal: signal, waitMs: Date.now() - t0, escalated: false,
       });
@@ -428,7 +428,7 @@ async function stop(opts) {
     if (!_isLivePid(pid)) break;
     await safeAsync.sleep(pollMs, { signal: opts.abortSignal });
   }
-  try { fs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
+  try { nodeFs.unlinkSync(pidFile); } catch (_u) { /* best-effort */ }
   _safeAuditEmit("daemon.stopped", "success", {
     pidFile: pidFile, signal: "SIGKILL", waitMs: Date.now() - t0, escalated: true,
   });

package/lib/db-file-lifecycle.js

@@ -57,9 +57,9 @@
  *   bun:sqlite).
  */
 
-var fs   = require("fs");
+var nodeFs   = require("fs");
 var os   = require("os");
-var path = require("path");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var { generateBytes, generateToken, encryptPacked, decryptPacked } = require("./crypto");
@@ -92,7 +92,7 @@ function _resolveTmpDir(operatorTmpDir, allowDiskFallback) {
   // Linux: /dev/shm is the standard tmpfs mount.
   if (process.platform === "linux") {
     try {
-      var st = fs.statSync("/dev/shm");
+      var st = nodeFs.statSync("/dev/shm");
       if (st && st.isDirectory()) return "/dev/shm";
     } catch (_e) { /* fall through */ }
   }
@@ -115,8 +115,8 @@ function _resolveTmpDir(operatorTmpDir, allowDiskFallback) {
  * Returns an encrypted-DB-file lifecycle handle. Methods:
  *
  *   - `decryptToTmp()` — decrypt the encrypted DB file to a fresh
- *     tmpfs path and return the path. Idempotent: subsequent calls
- *     return the existing path.
+ *     tmpfs path and return the nodePath. Idempotent: subsequent calls
+ *     return the existing nodePath.
  *   - `dbPath` — the resolved plaintext-tmpfs path (set after
  *     `decryptToTmp()` runs).
  *   - `startFlushTimer(db, opts?)` — start a periodic flush timer
@@ -164,15 +164,15 @@ function fileLifecycle(opts) {
   var label = opts.label || "default";
   var encName = opts.encryptedDbName || "db.enc";
   var encPath = opts.encryptedDbPath
-    ? path.resolve(opts.encryptedDbPath)
-    : path.join(opts.dataDir, encName);
+    ? nodePath.resolve(opts.encryptedDbPath)
+    : nodePath.join(opts.dataDir, encName);
   var keyPath = opts.dbKeyPath
-    ? path.resolve(opts.dbKeyPath)
-    : path.join(opts.dataDir, "db.key.enc");
+    ? nodePath.resolve(opts.dbKeyPath)
+    : nodePath.join(opts.dataDir, "db.key.enc");
   var flushIntervalMs = opts.flushIntervalMs || DEFAULT_FLUSH_INTERVAL_MS;
   var tmpDir = _resolveTmpDir(opts.tmpDir, opts.allowDiskFallback === true);
-  if (!fs.existsSync(tmpDir)) fs.mkdirSync(tmpDir, { recursive: true });
-  if (!fs.existsSync(opts.dataDir)) fs.mkdirSync(opts.dataDir, { recursive: true });
+  if (!nodeFs.existsSync(tmpDir)) nodeFs.mkdirSync(tmpDir, { recursive: true });
+  if (!nodeFs.existsSync(opts.dataDir)) nodeFs.mkdirSync(opts.dataDir, { recursive: true });
 
   var dbPath = null;
   var encKey = null;
@@ -181,8 +181,8 @@ function fileLifecycle(opts) {
 
   function _loadOrGenerateKey() {
     if (encKey) return encKey;
-    if (fs.existsSync(keyPath)) {
-      var sealedKey = fs.readFileSync(keyPath, "utf8");
+    if (nodeFs.existsSync(keyPath)) {
+      var sealedKey = nodeFs.readFileSync(keyPath, "utf8");
       var keyB64;
       try { keyB64 = opts.vault.unseal(sealedKey); }
       catch (e) {
@@ -208,10 +208,10 @@ function fileLifecycle(opts) {
   function decryptToTmp() {
     if (decrypted) return dbPath;
     _loadOrGenerateKey();
-    dbPath = path.join(tmpDir, "blamejs-fl-" + label + "-" +
+    dbPath = nodePath.join(tmpDir, "blamejs-fl-" + label + "-" +
       generateToken(TMP_NAME_BYTES) + ".db");
-    if (fs.existsSync(encPath)) {
-      var packed = fs.readFileSync(encPath);
+    if (nodeFs.existsSync(encPath)) {
+      var packed = nodeFs.readFileSync(encPath);
       if (packed.length < 26) {                                                                  // allow:raw-byte-literal — minimum envelope length
         throw new DbFileLifecycleError("db-file-lifecycle/short-envelope",
           "fileLifecycle: " + encPath + " too short to be a valid envelope (" + packed.length + " bytes)");
@@ -231,7 +231,7 @@ function fileLifecycle(opts) {
       label:    label,
       encPath:  encPath,
       dbPath:   dbPath,
-      isEmpty:  !fs.existsSync(encPath),
+      isEmpty:  !nodeFs.existsSync(encPath),
     });
     _emitMetric("decrypted");
     return dbPath;
@@ -246,8 +246,8 @@ function fileLifecycle(opts) {
       try { db.prepare("PRAGMA wal_checkpoint(TRUNCATE)").run(); }
       catch (_e) { /* best-effort — operators on read-only handles or pre-init still flush */ }
     }
-    if (!fs.existsSync(dbPath)) return null;
-    var plain = fs.readFileSync(dbPath);
+    if (!nodeFs.existsSync(dbPath)) return null;
+    var plain = nodeFs.readFileSync(dbPath);
     var packed = encryptPacked(plain, encKey, _aad(opts.dataDir, label));
     atomicFile.writeSync(encPath, packed);
     _emitAudit("flushed", "success", { label: label, bytes: plain.length });
@@ -264,11 +264,11 @@ function fileLifecycle(opts) {
       try { db.prepare("PRAGMA wal_checkpoint(TRUNCATE)").run(); }
       catch (_e) { /* best-effort */ }
     }
-    if (!fs.existsSync(dbPath)) {
+    if (!nodeFs.existsSync(dbPath)) {
       throw new DbFileLifecycleError("db-file-lifecycle/no-source",
         "fileLifecycle.snapshot: " + dbPath + " is missing");
     }
-    var plain = fs.readFileSync(dbPath);
+    var plain = nodeFs.readFileSync(dbPath);
     return encryptPacked(plain, encKey, _aad(opts.dataDir, label));
   }
 
@@ -308,9 +308,9 @@ function fileLifecycle(opts) {
       try { db.close(); } catch (_e) { /* best-effort */ }
     }
     if (fopts.removePlaintext === true && dbPath) {
-      try { fs.unlinkSync(dbPath); } catch (_e) { /* best-effort */ }
-      try { fs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* best-effort */ }
-      try { fs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* best-effort */ }
     }
     _emitAudit("shutdown", "success", { label: label });
   }

package/lib/db-schema.js

@@ -36,7 +36,7 @@
  *                             surfaces a rollback throw without
  *                             swallowing the original error.
  */
-var path = require("path");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var safeSql = require("./safe-sql");
 
@@ -280,7 +280,7 @@ function runMigrations(database, migrationDir) {
       skipped.push(file);
       continue;
     }
-    var fullPath = path.join(migrationDir, file);
+    var fullPath = nodePath.join(migrationDir, file);
     var mig;
     try {
       // Operator-supplied migration file — by definition not statically

package/lib/db.js

@@ -41,8 +41,8 @@
  * @card
  *   Database core — SQLite (node:sqlite) wrapped in encrypted-at-rest storage, sealed-column field-level crypto, append-only audit-chain integration, declarative schema reconcile, and run-once migrations.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var { DatabaseSync } = require("node:sqlite");
 var { Readable } = require("node:stream");
 var atomicFile = require("./atomic-file");
@@ -92,7 +92,7 @@ var _dbErr = DbError.factory;
 
 // Lazy: cluster-storage's _localDb pulls db back in, so eager require
 // would deadlock the load order. cluster-storage is only used on the
-// purge-audit-chain external-db path, which always runs after init.
+// purge-audit-chain external-db nodePath, which always runs after init.
 var clusterStorage = lazyRequire(function () { return require("./cluster-storage"); });
 
 // Lazy refs for the test-reset cascade. Each module requires db.js
@@ -639,7 +639,7 @@ function resolveTmpDir(optsTmpDir) {
   if (optsTmpDir) return optsTmpDir;
   var envTmp = safeEnv.readVar("BLAMEJS_TMPDIR");
   if (envTmp) return envTmp;
-  if (fs.existsSync("/dev/shm")) return "/dev/shm";
+  if (nodeFs.existsSync("/dev/shm")) return "/dev/shm";
   return null;
 }
 
@@ -650,8 +650,8 @@ function loadOrCreateDbKey(dataDirPath, keyPathOverride) {
   // needs to live outside `dataDir` (e.g. a separate volume mounted
   // from a KMS-fronted secret store). Default places it next to the
   // encrypted DB so backup capture is one-tarball.
-  var keyPath = keyPathOverride || path.join(dataDirPath, "db.key.enc");
-  if (fs.existsSync(keyPath)) {
+  var keyPath = keyPathOverride || nodePath.join(dataDirPath, "db.key.enc");
+  if (nodeFs.existsSync(keyPath)) {
     var sealed = atomicFile.readSync(keyPath, { encoding: "utf8" }).trim();
     var b64 = vault.unseal(sealed);
     if (!b64) {
@@ -669,18 +669,18 @@ function loadOrCreateDbKey(dataDirPath, keyPathOverride) {
 }
 
 function decryptToTmp() {
-  if (!encPath || !fs.existsSync(encPath)) return;
+  if (!encPath || !nodeFs.existsSync(encPath)) return;
   // If a plaintext file already exists in tmpfs from a prior process, prefer
   // the newer mtime (crash recovery — operator's most recent state wins).
-  if (fs.existsSync(dbPath)) {
-    var plainStat = fs.statSync(dbPath);
-    var encStat = fs.statSync(encPath);
+  if (nodeFs.existsSync(dbPath)) {
+    var plainStat = nodeFs.statSync(dbPath);
+    var encStat = nodeFs.statSync(encPath);
     if (plainStat.mtimeMs > encStat.mtimeMs && plainStat.size > 0) {
       log("plaintext is newer than encrypted — keeping plaintext (crash recovery)");
       return;
     }
   }
-  var packed = fs.readFileSync(encPath);
+  var packed = nodeFs.readFileSync(encPath);
   if (packed.length < 26) return; // too short to be a valid envelope
   // AAD binds the envelope to this deployment's data dir so two
   // installs sharing the same operator passphrase can't swap each
@@ -703,8 +703,8 @@ function encryptToDisk() {
   if (!encPath) return;
   // Force WAL checkpoint so the .db file holds all committed transactions.
   try { runSql(database, "PRAGMA wal_checkpoint(TRUNCATE)"); } catch (_e) { /* best effort */ }
-  if (!fs.existsSync(dbPath)) return;
-  atomicFile.writeSync(encPath, encryptPacked(fs.readFileSync(dbPath), encKey, _dbEncAad(dataDir)));
+  if (!nodeFs.existsSync(dbPath)) return;
+  atomicFile.writeSync(encPath, encryptPacked(nodeFs.readFileSync(dbPath), encKey, _dbEncAad(dataDir)));
 }
 
 /**
@@ -737,11 +737,11 @@ function snapshot() {
   // so the snapshot reflects the current logical state, not just the
   // pre-WAL pages.
   try { runSql(database, "PRAGMA wal_checkpoint(TRUNCATE)"); } catch (_e) { /* best effort */ }
-  if (!fs.existsSync(dbPath)) {
+  if (!nodeFs.existsSync(dbPath)) {
     throw _dbErr("db/snapshot-no-source",
       "snapshot: plaintext DB at " + dbPath + " is missing — did init complete?");
   }
-  var plain = fs.readFileSync(dbPath);
+  var plain = nodeFs.readFileSync(dbPath);
   if (!encPath || !encKey) {
     // atRest: 'plain' — return the raw bytes. Operators wanting an
     // encrypted snapshot under plain mode wrap with their own
@@ -756,9 +756,9 @@ function snapshot() {
 // database.close().
 function removePlaintextFiles() {
   if (!dbPath) return;
-  try { fs.unlinkSync(dbPath); } catch (_e) { /* cleanup */ }
-  try { fs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* cleanup */ }
-  try { fs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* cleanup */ }
+  try { nodeFs.unlinkSync(dbPath); } catch (_e) { /* cleanup */ }
+  try { nodeFs.unlinkSync(dbPath + "-wal"); } catch (_e) { /* cleanup */ }
+  try { nodeFs.unlinkSync(dbPath + "-shm"); } catch (_e) { /* cleanup */ }
 }
 
 // Clean up stale plaintext DB files left by previously-crashed processes.
@@ -771,9 +771,9 @@ function cleanStaleTmpDbs(tmpDir) {
   for (var i = 0; i < entries.length; i++) {
     var full = entries[i].fullPath;
     if (full === dbPath) continue;
-    try { fs.unlinkSync(full); } catch (_e) { /* concurrent cleanup */ }
-    try { fs.unlinkSync(full + "-wal"); } catch (_e) { /* may not exist */ }
-    try { fs.unlinkSync(full + "-shm"); } catch (_e) { /* may not exist */ }
+    try { nodeFs.unlinkSync(full); } catch (_e) { /* concurrent cleanup */ }
+    try { nodeFs.unlinkSync(full + "-wal"); } catch (_e) { /* may not exist */ }
+    try { nodeFs.unlinkSync(full + "-shm"); } catch (_e) { /* may not exist */ }
   }
 }
 
@@ -865,7 +865,7 @@ async function init(opts) {
     streamLimit = opts.streamLimit;
   }
   dataDir = opts.dataDir;
-  if (!fs.existsSync(dataDir)) fs.mkdirSync(dataDir, { recursive: true });
+  if (!nodeFs.existsSync(dataDir)) nodeFs.mkdirSync(dataDir, { recursive: true });
 
   if (atRest === "encrypted") {
     var tmpDir = resolveTmpDir(opts.tmpDir);
@@ -874,7 +874,7 @@ async function init(opts) {
         "FATAL: atRest: 'encrypted' (default) requires tmpfs but none was found. " +
         "Provide opts.tmpDir or set BLAMEJS_TMPDIR, or pass atRest: 'plain' (with warning).");
     }
-    if (!fs.existsSync(tmpDir)) fs.mkdirSync(tmpDir, { recursive: true });
+    if (!nodeFs.existsSync(tmpDir)) nodeFs.mkdirSync(tmpDir, { recursive: true });
 
     // D-H7 — if the resolved tmpDir is NOT actually tmpfs, the
     // plaintext DB file lives on persistent storage. statvfs/statfs
@@ -884,7 +884,7 @@ async function init(opts) {
     // out-of-band.
     if (process.platform === "linux") {
       var realTmp = "";
-      try { realTmp = fs.realpathSync(tmpDir); } catch (_e) { /* stat best-effort */ }
+      try { realTmp = nodeFs.realpathSync(tmpDir); } catch (_e) { /* stat best-effort */ }
       if (realTmp.indexOf("/dev/shm") !== 0 && realTmp.indexOf("/run/shm") !== 0 &&
           realTmp.indexOf("/run/user/") !== 0 && realTmp.indexOf("/tmp") !== 0) {
         log.warn("WARNING: db.init: tmpDir '" + tmpDir + "' (real: '" + realTmp +
@@ -894,13 +894,13 @@ async function init(opts) {
       }
     }
 
-    // Operator overrides for the encrypted-DB on-disk path. `opts.encryptedDbPath`
-    // takes a fully-qualified path; `opts.encryptedDbName` overrides
+    // Operator overrides for the encrypted-DB on-disk nodePath. `opts.encryptedDbPath`
+    // takes a fully-qualified nodePath; `opts.encryptedDbName` overrides
     // just the basename under `dataDir` (default "db.enc"). Helps when
     // multiple framework-shaped instances share a dataDir.
     encPath = opts.encryptedDbPath ||
-              path.join(dataDir, opts.encryptedDbName || "db.enc");
-    dbPath  = path.join(tmpDir, "blamejs-" + generateToken(C.BYTES.bytes(16)) + ".db");
+              nodePath.join(dataDir, opts.encryptedDbName || "db.enc");
+    dbPath  = nodePath.join(tmpDir, "blamejs-" + generateToken(C.BYTES.bytes(16)) + ".db");
     encKey  = loadOrCreateDbKey(dataDir, opts.dbKeyPath);
 
     cleanStaleTmpDbs(tmpDir);
@@ -910,7 +910,7 @@ async function init(opts) {
     log.warn("WARNING: atRest: 'plain' — DB structure and row counts visible on disk.");
     log.warn("         Field-level encryption (sealedFields) still protects sealed columns,");
     log.warn("         but the simpler at-rest model is opt-out only. Default is 'encrypted'.");
-    dbPath = path.join(dataDir, "blamejs.db");
+    dbPath = nodePath.join(dataDir, "blamejs.db");
     encPath = null;
     encKey = null;
   }
@@ -1479,7 +1479,7 @@ function stream(sql) {
           this.destroy(new DbError("db/stream-limit-exceeded",
             "db.stream: emitted " + emitted + " rows, exceeding streamLimit " +
             perCallLimit + ". Pass opts.streamLimit higher OR raise via " +
-            "db.init({ streamLimit }) after auditing the export path."));
+            "db.init({ streamLimit }) after auditing the export nodePath."));
           return;
         }
         var step = iter.next();
@@ -1499,7 +1499,7 @@ function stream(sql) {
 // review can reconstruct schema evolution from the chain alone (D-M1).
 var DDL_RE = /^\s*(CREATE|DROP|ALTER|TRUNCATE|RENAME|ATTACH|DETACH|REINDEX)\b/i;
 
-// D-L7 — slow-query observability buckets for the local SQLite path.
+// D-L7 — slow-query observability buckets for the local SQLite nodePath.
 // Highest matched bucket wins so the per-query emit is single-shot;
 // operators dashboard on the `bucket` label.
 var _SLOW_QUERY_BUCKETS_LOCAL = Object.freeze([
@@ -1907,7 +1907,7 @@ function exportCsv(opts) {
  * cluster leader, re-encrypts the live tmpfs database back to
  * `<dataDir>/db.enc`, closes the SQLite handle (releasing the file
  * lock on Windows), then unlinks the plaintext sidecar files in
- * tmpfs. Safe to call multiple times — no-ops after the first
+ * tmpnodeFs. Safe to call multiple times — no-ops after the first
  * successful close.
  *
  * @example
@@ -2327,8 +2327,8 @@ function eraseHard(tableName, rowId, opts) {
 // Read the audit.tip sidecar file in dataDir and compare to the current
 // audit_log MAX(monotonicCounter). Refuse boot on rollback (current < tip).
 function _checkRollback(dataDirPath) {
-  var tipPath = path.join(dataDirPath, "audit.tip");
-  if (!fs.existsSync(tipPath)) {
+  var tipPath = nodePath.join(dataDirPath, "audit.tip");
+  if (!nodeFs.existsSync(tipPath)) {
     log("no audit.tip sidecar — skipping rollback check (first boot or operator-cleared)");
     return;
   }
@@ -3104,7 +3104,7 @@ module.exports = {
   // Helper for audit.checkpoint to write the rollback-detection sidecar
   _writeAuditTip: function (tip) {
     if (!dataDir) return;
-    var tipPath = path.join(dataDir, "audit.tip");
+    var tipPath = nodePath.join(dataDir, "audit.tip");
     atomicFile.writeSync(tipPath, JSON.stringify(tip, null, 2), { fileMode: 0o600 });
   },
 };