@blamejs/core 0.9.14 → 0.9.15

package/lib/object-store/local.js

@@ -4,15 +4,15 @@
  *
  * Implements the uniform protocol surface (put / get / getStream / delete /
  * head / list) against a directory tree. Streaming is via Node's native
- * fs.createReadStream / createWriteStream — no in-memory buffering of
+ * nodeFs.createReadStream / createWriteStream — no in-memory buffering of
  * full files.
  *
  * Path safety: every key resolves under the configured rootDir, with an
  * alphanumeric + `_-./` charset whitelist and explicit rejection of any
  * path that escapes rootDir after resolution.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("../atomic-file");
 var cluster = require("../cluster");
 var { ObjectStoreError } = require("../framework-error");
@@ -24,10 +24,10 @@ function _resolveSafe(rootDir, key) {
     throw _err("INVALID_KEY", "key must be a non-empty string", true);
   }
   if (key.includes("\0")) throw _err("INVALID_KEY", "null byte in key", true);
-  if (path.isAbsolute(key)) throw _err("INVALID_KEY", "absolute key not allowed", true);
+  if (nodePath.isAbsolute(key)) throw _err("INVALID_KEY", "absolute key not allowed", true);
   if (!SAFE_KEY.test(key)) throw _err("INVALID_KEY", "invalid characters in key", true);
-  var full = path.resolve(rootDir, key);
-  var withSep = rootDir.endsWith(path.sep) ? rootDir : rootDir + path.sep;
+  var full = nodePath.resolve(rootDir, key);
+  var withSep = rootDir.endsWith(nodePath.sep) ? rootDir : rootDir + nodePath.sep;
   if (full !== rootDir && !full.startsWith(withSep)) {
     throw _err("INVALID_KEY", "key escapes rootDir", true);
   }
@@ -40,14 +40,14 @@ function create(config) {
   if (!config || !config.rootDir) {
     throw new Error("local protocol requires { rootDir }");
   }
-  var rootDir = path.resolve(config.rootDir);
-  if (!fs.existsSync(rootDir)) fs.mkdirSync(rootDir, { recursive: true });
+  var rootDir = nodePath.resolve(config.rootDir);
+  if (!nodeFs.existsSync(rootDir)) nodeFs.mkdirSync(rootDir, { recursive: true });
 
   function put(key, body, _opts) {
     cluster.requireLeader();
     var full = _resolveSafe(rootDir, key);
-    var dir = path.dirname(full);
-    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+    var dir = nodePath.dirname(full);
+    if (!nodeFs.existsSync(dir)) nodeFs.mkdirSync(dir, { recursive: true });
 
     if (Buffer.isBuffer(body)) {
       atomicFile.writeSync(full, body);
@@ -56,7 +56,7 @@ function create(config) {
     if (body && typeof body.pipe === "function") {
       // Streaming put — pipe directly to disk
       return new Promise(function (resolve, reject) {
-        var ws = fs.createWriteStream(full);
+        var ws = nodeFs.createWriteStream(full);
         var bytes = 0;
         body.on("data", function (chunk) { bytes += chunk.length; });
         body.pipe(ws);
@@ -75,26 +75,26 @@ function create(config) {
 
   function get(key) {
     var full = _resolveSafe(rootDir, key);
-    if (!fs.existsSync(full)) {
+    if (!nodeFs.existsSync(full)) {
       return Promise.reject(_err("NOT_FOUND", "key not found: " + key, true));
     }
-    return Promise.resolve(fs.readFileSync(full));
+    return Promise.resolve(nodeFs.readFileSync(full));
   }
 
   function getStream(key) {
     var full = _resolveSafe(rootDir, key);
-    if (!fs.existsSync(full)) {
+    if (!nodeFs.existsSync(full)) {
       throw _err("NOT_FOUND", "key not found: " + key, true);
     }
-    return fs.createReadStream(full);
+    return nodeFs.createReadStream(full);
   }
 
   function head(key) {
     var full = _resolveSafe(rootDir, key);
-    if (!fs.existsSync(full)) {
+    if (!nodeFs.existsSync(full)) {
       return Promise.reject(_err("NOT_FOUND", "key not found: " + key, true));
     }
-    var stat = fs.statSync(full);
+    var stat = nodeFs.statSync(full);
     return Promise.resolve({
       size:         stat.size,
       lastModified: stat.mtimeMs,
@@ -104,8 +104,8 @@ function create(config) {
   function deleteKey(key) {
     cluster.requireLeader();
     var full = _resolveSafe(rootDir, key);
-    if (!fs.existsSync(full)) return Promise.resolve(false);
-    fs.unlinkSync(full);
+    if (!nodeFs.existsSync(full)) return Promise.resolve(false);
+    nodeFs.unlinkSync(full);
     return Promise.resolve(true);
   }
 

package/lib/object-store/sigv4.js

@@ -29,7 +29,7 @@ var { Readable } = require("stream");
 var safeXml = require("../parsers/safe-xml");
 var sharedRequest = require("./http-request");
 var C = require("../constants");
-var nb = require("../numeric-bounds");
+var numericBounds = require("../numeric-bounds");
 var requestHelpers = require("../request-helpers");
 var { ObjectStoreError } = require("../framework-error");
 var safeUrl = require("../safe-url");
@@ -821,10 +821,10 @@ function create(config) {
         "POST-form policy enforces body size via the content-length-range condition; " +
         "use presignedUploadUrl if size enforcement is not needed", true);
     }
-    if (opts.minBytes !== undefined && !nb.isNonNegativeFiniteInt(opts.minBytes)) {
+    if (opts.minBytes !== undefined && !numericBounds.isNonNegativeFiniteInt(opts.minBytes)) {
       throw _err("INVALID_MIN_BYTES",
         "presignedUploadPolicy: minBytes must be a non-negative finite integer; got " +
-        nb.shape(opts.minBytes), true);
+        numericBounds.shape(opts.minBytes), true);
     }
     var minBytes = opts.minBytes !== undefined ? opts.minBytes : 0;
     var expiresIn = opts.expiresIn != null ? opts.expiresIn : PRESIGN_DEFAULT_EXPIRES_SECONDS;

package/lib/observability-tracer.js

@@ -73,14 +73,14 @@
  */
 
 var bCrypto = require("./crypto");
-var constants = require("./constants");
+var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var safeBuffer = require("./safe-buffer");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
 
-var TRACE_ID_BYTES = constants.BYTES.bytes(16);                                    // W3C §3.2.2.3 — 128-bit trace-id
-var SPAN_ID_BYTES  = constants.BYTES.bytes(8);                                     // W3C §3.2.2.4 — 64-bit span-id
+var TRACE_ID_BYTES = C.BYTES.bytes(16);                                    // W3C §3.2.2.3 — 128-bit trace-id
+var SPAN_ID_BYTES  = C.BYTES.bytes(8);                                     // W3C §3.2.2.4 — 64-bit span-id
 
 var TracerError = defineClass("TracerError", { alwaysPermanent: true });
 
@@ -168,7 +168,7 @@ function create(opts) {
   var resource = Object.assign({
     "service.name": opts.service,
   }, opts.resource || {});
-  var scope = opts.scope || { name: "blamejs", version: constants.version || null };
+  var scope = opts.scope || { name: "blamejs", version: C.version || null };
   var maxAttributes = opts.maxAttributes || DEFAULT_MAX_ATTRIBUTES;
   var maxEvents     = opts.maxEvents     || DEFAULT_MAX_EVENTS;
   var maxAttrValLen = opts.maxAttributeValueLength || DEFAULT_MAX_ATTR_VALUE_LEN;

package/lib/otel-export.js

@@ -41,7 +41,7 @@
  */
 var C = require("./constants");
 var canonicalJson = require("./canonical-json");
-var defaultHttpClient = require("./http-client");
+var httpClient = require("./http-client");
 var safeAsync = require("./safe-async");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
@@ -110,7 +110,7 @@ function create(opts) {
     throw new OtelExportError("otel-export/bad-interval",
       "create: intervalMs must be a non-negative finite number");
   }
-  var httpClient = opts.httpClient || defaultHttpClient;
+  var effectiveHttpClient = opts.httpClient || httpClient;
   var scopeName = (opts.scope && opts.scope.name) || "blamejs";
   var scopeVersion = (opts.scope && opts.scope.version) || "0.5.x";
   var resourceAttrs = Object.assign({ "service.name": serviceName },
@@ -220,7 +220,7 @@ function create(opts) {
     if (!payload) return { sent: false, reason: "no-data" };
     var body = JSON.stringify(payload);
     try {
-      var res = await httpClient.request({
+      var res = await effectiveHttpClient.request({
         method:  "POST",
         url:     endpoint,
         headers: Object.assign({ "Content-Type": "application/json" }, headers),

package/lib/pagination.js

@@ -49,8 +49,8 @@
 var nodeCrypto = require("node:crypto");
 var C = require("./constants");
 var canonicalJson = require("./canonical-json");
-var crypto = require("./crypto");
-var nb = require("./numeric-bounds");
+var bCrypto = require("./crypto");
+var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
 var safeSql = require("./safe-sql");
 var { defineClass } = require("./framework-error");
@@ -185,7 +185,7 @@ function decodeCursor(token, secret) {
     throw new PaginationError("pagination/bad-cursor", "cursor base64 decode failed");
   }
   var expected = _tag(sb, json);
-  if (!crypto.timingSafeEqual(tag, expected)) {
+  if (!bCrypto.timingSafeEqual(tag, expected)) {
     throw new PaginationError("pagination/cursor-tag-mismatch",
       "cursor HMAC verification failed (tampered or wrong secret)");
   }
@@ -205,9 +205,9 @@ function decodeCursor(token, secret) {
 }
 
 function _resolveLimit(opts) {
-  nb.requirePositiveFiniteIntIfPresent(opts.max,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.max,
     "max", PaginationError, "pagination/bad-opt");
-  nb.requirePositiveFiniteIntIfPresent(opts.default,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.default,
     "default", PaginationError, "pagination/bad-opt");
   var max = opts.max || DEFAULT_MAX_LIMIT;
   var def = opts.default || DEFAULT_LIMIT;

package/lib/parsers/safe-xml.js

@@ -40,7 +40,7 @@
  */
 
 var C = require("../constants");
-var nb = require("../numeric-bounds");
+var numericBounds = require("../numeric-bounds");
 var safeBuffer = require("../safe-buffer");
 var { FrameworkError } = require("../framework-error");
 
@@ -77,10 +77,10 @@ var BUILT_IN_ENTITIES = { lt: "<", gt: ">", amp: "&", quot: "\"", apos: "'" };
 
 function _validateAndCap(name, value, defaultValue, ceiling) {
   if (value === undefined) return defaultValue;
-  if (!nb.isPositiveFiniteInt(value)) {
+  if (!numericBounds.isPositiveFiniteInt(value)) {
     throw new SafeXmlError("xml/bad-opt",
       "xml.parse: " + name + " must be a positive finite integer; got " +
-      nb.shape(value));
+      numericBounds.shape(value));
   }
   return Math.min(value, ceiling);
 }

package/lib/pqc-gate.js

@@ -39,7 +39,7 @@
 var net = require("node:net");
 var C = require("./constants");
 var { PQC_GROUPS } = require("./constants");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var validateOpts = require("./validate-opts");
 var { boot } = require("./log");
 
@@ -155,14 +155,14 @@ function create(opts) {
   }
   var internalHost = typeof opts.internalHost === "string" ? opts.internalHost : "127.0.0.1";
   var bypass       = Array.isArray(opts.bypass) ? opts.bypass.slice() : DEFAULT_BYPASS.slice();
-  if (opts.clientHelloTimeoutMs !== undefined && !nb.isPositiveFiniteInt(opts.clientHelloTimeoutMs)) {
+  if (opts.clientHelloTimeoutMs !== undefined && !numericBounds.isPositiveFiniteInt(opts.clientHelloTimeoutMs)) {
     throw new Error("pqc-gate: clientHelloTimeoutMs must be a positive finite integer; got " +
-      nb.shape(opts.clientHelloTimeoutMs));
+      numericBounds.shape(opts.clientHelloTimeoutMs));
   }
   var clientHelloTimeoutMs = opts.clientHelloTimeoutMs || DEFAULT_CLIENTHELLO_TIMEOUT_MS;
-  if (opts.maxClientHelloBytes !== undefined && !nb.isPositiveFiniteInt(opts.maxClientHelloBytes)) {
+  if (opts.maxClientHelloBytes !== undefined && !numericBounds.isPositiveFiniteInt(opts.maxClientHelloBytes)) {
     throw new Error("pqc-gate: maxClientHelloBytes must be a positive finite integer; got " +
-      nb.shape(opts.maxClientHelloBytes));
+      numericBounds.shape(opts.maxClientHelloBytes));
   }
   var maxClientHelloBytes  = opts.maxClientHelloBytes || DEFAULT_MAX_CLIENTHELLO_BYTES;
   var log = opts.log || null;

package/lib/pubsub-redis.js

@@ -22,7 +22,7 @@
  * conventions of its own.
  */
 var C = require("./constants");
-var fwCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var redisClient = require("./redis-client");
 var safeJson = require("./safe-json");
@@ -39,7 +39,7 @@ function create(opts) {
   // the local dispatch synchronously before awaiting the remote
   // write — without this filter every same-instance publish would
   // double-fire local handlers).
-  var instanceNonce = fwCrypto.generateToken(C.BYTES.bytes(8));
+  var instanceNonce = bCrypto.generateToken(C.BYTES.bytes(8));
 
   var clientOpts = redisClient.pickClientOpts(opts, "redis");
 

package/lib/queue-local.js

@@ -35,7 +35,7 @@ var C = require("./constants");
 var { generateToken } = require("./crypto");
 var cryptoField = require("./crypto-field");
 var lazyRequire = require("./lazy-require");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
 var scheduler = require("./scheduler");
 var { QueueError } = require("./framework-error");
@@ -388,10 +388,10 @@ function create(_config) {
     opts = opts || {};
     var limit = 100;
     if (opts.limit !== undefined) {
-      if (!nb.isPositiveFiniteInt(opts.limit)) {
+      if (!numericBounds.isPositiveFiniteInt(opts.limit)) {
         throw new QueueError("queue/bad-opt",
           "queue.dlqList: limit must be a positive finite integer; got " +
-            nb.shape(opts.limit), true);
+            numericBounds.shape(opts.limit), true);
       }
       limit = opts.limit;
     }

package/lib/queue.js

@@ -43,7 +43,7 @@
  */
 var C = require("./constants");
 var clusterStorage = require("./cluster-storage");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var lazyRequire = require("./lazy-require");
 var { boot } = require("./log");
 var numericChecks = require("./numeric-checks");
@@ -877,7 +877,7 @@ function enqueueFlow(spec) {
     return Promise.reject(e);
   }
 
-  var flowId = "flow-" + crypto.generateToken(C.BYTES.bytes(8));
+  var flowId = "flow-" + bCrypto.generateToken(C.BYTES.bytes(8));
 
   return observability.tap("queue.enqueueFlow",
     { queueName: spec.queueName, flowId: flowId, childCount: spec.children.length },

package/lib/redis-client.js

@@ -25,8 +25,8 @@
  * callers can branch on transport vs server-side errors.
  */
 var net = require("node:net");
-var tls = require("node:tls");
-var url = require("node:url");
+var nodeTls = require("node:tls");
+var nodeUrl = require("node:url");
 var C = require("./constants");
 var safeAsync = require("./safe-async");
 var validateOpts = require("./validate-opts");
@@ -319,7 +319,7 @@ function create(opts) {
           var tlsConnectOpts = { host: host, port: port };
           if (servername) tlsConnectOpts.servername = servername;
           if (caBundle)   tlsConnectOpts.ca = caBundle;
-          sock = tls.connect(tlsConnectOpts, onOk);
+          sock = nodeTls.connect(tlsConnectOpts, onOk);
         } else {
           sock = net.connect({ host: host, port: port }, onOk);
         }
@@ -457,7 +457,7 @@ function create(opts) {
 // Empty-username + non-empty password is the legacy single-arg AUTH form.
 function _parseRedisUrl(s) {
   var u;
-  try { u = new url.URL(s); }
+  try { u = new nodeUrl.URL(s); }
   catch (e) {
     throw _err("BAD_URL", "redis url parse failed: " + ((e && e.message) || String(e)));
   }

package/lib/restore-bundle.js

@@ -45,8 +45,8 @@
  *   Backup-bundle reader — verify the manifest signature, list bundle contents without decrypting, and cherry-pick a restore subset to a staging directory the caller atomically swaps into place.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var backupCrypto = require("./backup/crypto");
 var backupManifest = require("./backup/manifest");
@@ -65,7 +65,7 @@ function _cleanupStaging(stagingDir) {
   // Best-effort recursive remove — if cleanup fails, surface that to
   // the caller via stderr but never override the original error
   // we're already throwing.
-  try { fs.rmSync(stagingDir, { recursive: true, force: true }); }
+  try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); }
   catch (_e) { /* best-effort */ }
 }
 
@@ -123,15 +123,15 @@ function _cleanupStaging(stagingDir) {
 async function extract(opts) {
   var t0 = Date.now();
   opts = opts || {};
-  if (typeof opts.bundleDir !== "string" || !fs.existsSync(opts.bundleDir)) {
+  if (typeof opts.bundleDir !== "string" || !nodeFs.existsSync(opts.bundleDir)) {
     throw new RestoreBundleError("restore-bundle/no-bundle",
       "extract: opts.bundleDir is required and must exist");
   }
   validateOpts.requireNonEmptyString(opts.stagingDir, "extract: opts.stagingDir", RestoreBundleError, "restore-bundle/no-staging");
-  if (fs.existsSync(opts.stagingDir)) {
+  if (nodeFs.existsSync(opts.stagingDir)) {
     throw new RestoreBundleError("restore-bundle/staging-exists",
       "extract: stagingDir already exists: " + opts.stagingDir +
-      " (refusing to merge into existing directory — pick a fresh path)");
+      " (refusing to merge into existing directory — pick a fresh nodePath)");
   }
   if (!Buffer.isBuffer(opts.passphrase) && typeof opts.passphrase !== "string") {
     throw new RestoreBundleError("restore-bundle/no-passphrase",
@@ -145,14 +145,14 @@ async function extract(opts) {
 
   // 1. Read + parse + validate manifest
   _emit(progress, { phase: "read_manifest" });
-  var manifestPath = path.join(bundleDir, "manifest.json");
-  if (!fs.existsSync(manifestPath)) {
+  var manifestPath = nodePath.join(bundleDir, "manifest.json");
+  if (!nodeFs.existsSync(manifestPath)) {
     throw new RestoreBundleError("restore-bundle/missing-manifest",
       "extract: bundleDir has no manifest.json — bundle is incomplete or not a blamejs backup");
   }
   var manifest;
   try {
-    manifest = backupManifest.parse(fs.readFileSync(manifestPath, "utf8"));
+    manifest = backupManifest.parse(nodeFs.readFileSync(manifestPath, "utf8"));
   } catch (e) {
     if (e && e.isBackupManifestError) throw e;
     throw new RestoreBundleError("restore-bundle/bad-manifest",
@@ -215,13 +215,13 @@ async function extract(opts) {
         continue;
       }
 
-      var blobPath = path.join(bundleDir, entry.encryptedPath);
-      if (!fs.existsSync(blobPath)) {
+      var blobPath = nodePath.join(bundleDir, entry.encryptedPath);
+      if (!nodeFs.existsSync(blobPath)) {
         throw new RestoreBundleError("restore-bundle/missing-blob",
           "extract: manifest references '" + entry.encryptedPath +
           "' but the bundle has no such file");
       }
-      var blob = fs.readFileSync(blobPath);
+      var blob = nodeFs.readFileSync(blobPath);
       if (blob.length !== entry.encryptedSize) {
         throw new RestoreBundleError("restore-bundle/size-mismatch",
           "extract: blob '" + entry.encryptedPath + "' has size " + blob.length +
@@ -257,8 +257,8 @@ async function extract(opts) {
           " — bundle is corrupted or manifest tampered");
       }
 
-      var destPath = path.join(stagingDir, entry.relativePath);
-      atomicFile.ensureDir(path.dirname(destPath));
+      var destPath = nodePath.join(stagingDir, entry.relativePath);
+      atomicFile.ensureDir(nodePath.dirname(destPath));
       atomicFile.writeSync(destPath, plaintext, { fileMode: 0o600 });
 
       fileCount++;
@@ -321,16 +321,16 @@ async function extract(opts) {
  */
 function inspect(opts) {
   opts = opts || {};
-  if (typeof opts.bundleDir !== "string" || !fs.existsSync(opts.bundleDir)) {
+  if (typeof opts.bundleDir !== "string" || !nodeFs.existsSync(opts.bundleDir)) {
     throw new RestoreBundleError("restore-bundle/no-bundle",
       "inspect: opts.bundleDir is required and must exist");
   }
-  var manifestPath = path.join(opts.bundleDir, "manifest.json");
-  if (!fs.existsSync(manifestPath)) {
+  var manifestPath = nodePath.join(opts.bundleDir, "manifest.json");
+  if (!nodeFs.existsSync(manifestPath)) {
     throw new RestoreBundleError("restore-bundle/missing-manifest",
       "inspect: bundleDir has no manifest.json");
   }
-  return backupManifest.parse(fs.readFileSync(manifestPath, "utf8"));
+  return backupManifest.parse(nodeFs.readFileSync(manifestPath, "utf8"));
 }
 
 module.exports = {

package/lib/restore-rollback.js

@@ -6,7 +6,7 @@
  *
  * @intro
  *   Backup-restore safety net — atomic dataDir swap with a versioned
- *   rollback path. The primitive `b.restore` calls to put a
+ *   rollback nodePath. The primitive `b.restore` calls to put a
  *   freshly-decrypted bundle into place: filesystem rename is atomic
  *   on POSIX (and on Windows when nothing has the dir open), so the
  *   swap either fully completes or the previous `dataDir` is
@@ -39,14 +39,14 @@
  *   corrupting state.
  *
  * @card
- *   Backup-restore safety net — atomic dataDir swap with a versioned rollback path.
+ *   Backup-restore safety net — atomic dataDir swap with a versioned rollback nodePath.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
 var { defineClass } = require("./framework-error");
 
@@ -94,7 +94,7 @@ function _resolveRollbackRoot(opts) {
  */
 function swap(opts) {
   opts = opts || {};
-  if (typeof opts.stagingDir !== "string" || !fs.existsSync(opts.stagingDir)) {
+  if (typeof opts.stagingDir !== "string" || !nodeFs.existsSync(opts.stagingDir)) {
     throw new RestoreRollbackError("restore-rollback/no-staging",
       "swap: opts.stagingDir is required and must exist");
   }
@@ -106,20 +106,20 @@ function swap(opts) {
   atomicFile.ensureDir(rollbackRoot);
 
   var swappedAt = atomicFile.pathTimestamp();
-  var rollbackPath = path.join(rollbackRoot, swappedAt);
-  var markerPath = path.join(rollbackRoot, swappedAt + ".marker.json");
+  var rollbackPath = nodePath.join(rollbackRoot, swappedAt);
+  var markerPath = nodePath.join(rollbackRoot, swappedAt + ".marker.json");
 
-  if (fs.existsSync(rollbackPath) || fs.existsSync(markerPath)) {
+  if (nodeFs.existsSync(rollbackPath) || nodeFs.existsSync(markerPath)) {
     throw new RestoreRollbackError("restore-rollback/collision",
       "swap: a rollback at " + rollbackPath + " already exists — refusing to overwrite");
   }
 
-  var hadDataDir = fs.existsSync(opts.dataDir);
+  var hadDataDir = nodeFs.existsSync(opts.dataDir);
 
-  // Step 1: rename current dataDir → rollback path. Skipped on first
+  // Step 1: rename current dataDir → rollback nodePath. Skipped on first
   // restore (no existing dataDir).
   if (hadDataDir) {
-    try { fs.renameSync(opts.dataDir, rollbackPath); }
+    try { nodeFs.renameSync(opts.dataDir, rollbackPath); }
     catch (e) {
       throw new RestoreRollbackError("restore-rollback/rename-existing-failed",
         "swap: could not move existing dataDir to rollback: " + ((e && e.message) || String(e)));
@@ -127,11 +127,11 @@ function swap(opts) {
   }
 
   // Step 2: rename staging → dataDir
-  try { fs.renameSync(opts.stagingDir, opts.dataDir); }
+  try { nodeFs.renameSync(opts.stagingDir, opts.dataDir); }
   catch (e) {
     // Step 2 failed — try to undo step 1 so the operator's dataDir is back
     if (hadDataDir) {
-      try { fs.renameSync(rollbackPath, opts.dataDir); }
+      try { nodeFs.renameSync(rollbackPath, opts.dataDir); }
       catch (_e) { /* dataDir is now in rollbackPath; operator must recover manually */ }
     }
     throw new RestoreRollbackError("restore-rollback/rename-staging-failed",
@@ -148,7 +148,7 @@ function swap(opts) {
     operator:     opts.marker || null,
   };
   try {
-    fs.writeFileSync(markerPath, JSON.stringify(marker, null, 2) + "\n", { mode: 0o600 });
+    nodeFs.writeFileSync(markerPath, JSON.stringify(marker, null, 2) + "\n", { mode: 0o600 });
   } catch (_e) { /* marker write is best-effort */ }
 
   return {
@@ -193,19 +193,19 @@ async function rollback(opts) {
     throw new RestoreRollbackError("restore-rollback/no-datadir",
       "rollback: opts.dataDir is required");
   }
-  if (typeof opts.rollbackPath !== "string" || !fs.existsSync(opts.rollbackPath)) {
+  if (typeof opts.rollbackPath !== "string" || !nodeFs.existsSync(opts.rollbackPath)) {
     throw new RestoreRollbackError("restore-rollback/no-rollback",
       "rollback: opts.rollbackPath is required and must exist");
   }
 
   // Move the current dataDir aside (so the rollback's rename target is empty)
   var discardedAt = null;
-  if (fs.existsSync(opts.dataDir)) {
+  if (nodeFs.existsSync(opts.dataDir)) {
     var rollbackRoot = _resolveRollbackRoot(opts);
     atomicFile.ensureDir(rollbackRoot);
     discardedAt = atomicFile.pathTimestamp();
-    var discardedPath = path.join(rollbackRoot, "discarded-" + discardedAt);
-    try { fs.renameSync(opts.dataDir, discardedPath); }
+    var discardedPath = nodePath.join(rollbackRoot, "discarded-" + discardedAt);
+    try { nodeFs.renameSync(opts.dataDir, discardedPath); }
     catch (e) {
       throw new RestoreRollbackError("restore-rollback/rename-existing-failed",
         "rollback: could not move current dataDir aside: " + ((e && e.message) || String(e)));
@@ -214,7 +214,7 @@ async function rollback(opts) {
   }
 
   // Rename the rollback dir back into dataDir's place
-  try { fs.renameSync(opts.rollbackPath, opts.dataDir); }
+  try { nodeFs.renameSync(opts.rollbackPath, opts.dataDir); }
   catch (e) {
     throw new RestoreRollbackError("restore-rollback/rollback-rename-failed",
       "rollback: could not move rollback into dataDir: " + ((e && e.message) || String(e)) +
@@ -223,7 +223,7 @@ async function rollback(opts) {
 
   // Best-effort: clean up the marker file alongside the rollback path
   var markerPath = opts.rollbackPath + ".marker.json";
-  try { if (fs.existsSync(markerPath)) fs.unlinkSync(markerPath); }
+  try { if (nodeFs.existsSync(markerPath)) nodeFs.unlinkSync(markerPath); }
   catch (_e) { /* marker cleanup is best-effort */ }
 
   return {
@@ -258,22 +258,22 @@ async function rollback(opts) {
 function list(opts) {
   opts = opts || {};
   var rollbackRoot = _resolveRollbackRoot(opts);
-  if (!fs.existsSync(rollbackRoot)) return [];
-  var entries = fs.readdirSync(rollbackRoot, { withFileTypes: true });
+  if (!nodeFs.existsSync(rollbackRoot)) return [];
+  var entries = nodeFs.readdirSync(rollbackRoot, { withFileTypes: true });
   var out = [];
   for (var i = 0; i < entries.length; i++) {
     if (!entries[i].isDirectory()) continue;
     var name = entries[i].name;
     if (name.indexOf("discarded-") === 0) continue; // discarded dirs aren't restore points
-    var p = path.join(rollbackRoot, name);
+    var p = nodePath.join(rollbackRoot, name);
     var markerPath = p + ".marker.json";
     var marker = null;
-    if (fs.existsSync(markerPath)) {
-      try { marker = safeJson.parse(fs.readFileSync(markerPath, "utf8"), { maxBytes: C.BYTES.kib(64) }); }
+    if (nodeFs.existsSync(markerPath)) {
+      try { marker = safeJson.parse(nodeFs.readFileSync(markerPath, "utf8"), { maxBytes: C.BYTES.kib(64) }); }
       catch (_e) { marker = null; }
     }
     var stat;
-    try { stat = fs.statSync(p); } catch (_e) { continue; }
+    try { stat = nodeFs.statSync(p); } catch (_e) { continue; }
     out.push({
       rollbackPath: p,
       swappedAt:    (marker && marker.swappedAt) || stat.mtime.toISOString(),
@@ -311,18 +311,18 @@ function list(opts) {
  */
 function purge(opts) {
   opts = opts || {};
-  nb.requireNonNegativeFiniteIntIfPresent(opts.keep,
+  numericBounds.requireNonNegativeFiniteIntIfPresent(opts.keep,
     "restore-rollback.purge: opts.keep", RestoreRollbackError, "restore-rollback/bad-keep");
   var keep = opts.keep !== undefined ? opts.keep : 0;
   var rollbackRoot = _resolveRollbackRoot(opts);
-  if (!fs.existsSync(rollbackRoot)) return { kept: keep, deleted: [] };
+  if (!nodeFs.existsSync(rollbackRoot)) return { kept: keep, deleted: [] };
   // Always sweep "discarded-*" dirs — they're never restore points
-  var entries = fs.readdirSync(rollbackRoot, { withFileTypes: true });
+  var entries = nodeFs.readdirSync(rollbackRoot, { withFileTypes: true });
   var deleted = [];
   for (var i = 0; i < entries.length; i++) {
     if (entries[i].isDirectory() && entries[i].name.indexOf("discarded-") === 0) {
-      var p = path.join(rollbackRoot, entries[i].name);
-      try { fs.rmSync(p, { recursive: true, force: true }); deleted.push(p); }
+      var p = nodePath.join(rollbackRoot, entries[i].name);
+      try { nodeFs.rmSync(p, { recursive: true, force: true }); deleted.push(p); }
       catch (_e) { /* best-effort */ }
     }
   }
@@ -333,9 +333,9 @@ function purge(opts) {
   for (var j = 0; j < toDelete.length; j++) {
     var rbPath = toDelete[j].rollbackPath;
     var mkPath = rbPath + ".marker.json";
-    try { fs.rmSync(rbPath, { recursive: true, force: true }); deleted.push(rbPath); }
+    try { nodeFs.rmSync(rbPath, { recursive: true, force: true }); deleted.push(rbPath); }
     catch (_e) { /* best-effort */ }
-    try { if (fs.existsSync(mkPath)) fs.unlinkSync(mkPath); }
+    try { if (nodeFs.existsSync(mkPath)) nodeFs.unlinkSync(mkPath); }
     catch (_e) { /* best-effort */ }
   }
   return { kept: keep, deleted: deleted };