@blamejs/core 0.9.14 → 0.9.16

package/lib/atomic-file.js

@@ -11,8 +11,8 @@
  *   Every write goes through the same crash-safe sequence:
  *     1. write payload to a sibling temp file (`<filepath>.tmp-<token>`)
  *     2. fsync the file descriptor before close
- *     3. fs.rename() the temp file over the destination — POSIX rename
- *        is atomic on the same filesystem; on Windows, fs.rename uses
+ *     3. nodeFs.rename() the temp file over the destination — POSIX rename
+ *        is atomic on the same filesystem; on Windows, nodeFs.rename uses
  *        MoveFileEx with REPLACE_EXISTING for the same guarantee
  *     4. fsync the parent directory so the rename itself is durable
  *
@@ -38,8 +38,8 @@
  * @card
  *   Atomic file I/O with integrity verification, retry on transient errors, and cross-process locking.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var { generateToken, sha3Hash } = require("./crypto");
 var safeJson = require("./safe-json");
 var C = require("./constants");
@@ -47,7 +47,7 @@ var { boot } = require("./log");
 var safeBuffer = require("./safe-buffer");
 var numericBounds = require("./numeric-bounds");
 var safeAsync = require("./safe-async");
-var retry = require("./retry");
+var retryHelper = require("./retry");
 var { FrameworkError } = require("./framework-error");
 
 var log = boot("atomic-file");
@@ -89,7 +89,7 @@ function _isFsRetryable(e) {
 
 async function _withRetry(fn, opts) {
   opts = Object.assign({}, DEFAULTS, opts || {});
-  return retry.withRetry(function () { return fn(); }, {
+  return retryHelper.withRetry(function () { return fn(); }, {
     maxAttempts:  opts.retryAttempts,
     baseDelayMs:  opts.retryBaseMs,
     maxDelayMs:   opts.retryMaxMs,
@@ -114,7 +114,7 @@ async function _withRetry(fn, opts) {
  * @status    stable
  * @related   b.atomicFile.fsyncDir, b.atomicFile.write
  *
- * Best-effort fs.fsyncSync wrapper. Silently swallows errors because
+ * Best-effort nodeFs.fsyncSync wrapper. Silently swallows errors because
  * not every platform / fd type supports fsync (some FUSE mounts, some
  * device fds). Use this when you want the durability hint but don't
  * want a non-fsyncable target to crash the caller.
@@ -124,10 +124,10 @@ async function _withRetry(fn, opts) {
  *   var fd = fs.openSync("/tmp/note.txt", "w");
  *   fs.writeSync(fd, "hello\n");
  *   b.atomicFile.fsync(fd);
- *   fs.closeSync(fd);
+ *   nodeFs.closeSync(fd);
  */
 function fsync(fd) {
-  try { fs.fsyncSync(fd); } catch (_e) { /* not all platforms support fsync on every fd type */ }
+  try { nodeFs.fsyncSync(fd); } catch (_e) { /* not all platforms support fsync on every fd type */ }
 }
 
 /**
@@ -147,9 +147,9 @@ function fsync(fd) {
  */
 function fsyncDir(dirPath) {
   try {
-    var fd = fs.openSync(dirPath, "r");
-    try { fs.fsyncSync(fd); } catch (_e) { /* Windows rejects directory fsync */ }
-    finally { fs.closeSync(fd); }
+    var fd = nodeFs.openSync(dirPath, "r");
+    try { nodeFs.fsyncSync(fd); } catch (_e) { /* Windows rejects directory fsync */ }
+    finally { nodeFs.closeSync(fd); }
   } catch (_e) { /* dir fsync is best-effort across filesystems */ }
 }
 
@@ -180,7 +180,7 @@ function ensureDir(dirPath, mode) {
   if (typeof dirPath !== "string" || dirPath.length === 0) {
     throw new AtomicFileError("ensureDir: path must be a non-empty string", "atomic-file/bad-path");
   }
-  fs.mkdirSync(dirPath, { recursive: true, mode: typeof mode === "number" ? mode : 0o700 });
+  nodeFs.mkdirSync(dirPath, { recursive: true, mode: typeof mode === "number" ? mode : 0o700 });
   return dirPath;
 }
 
@@ -217,29 +217,29 @@ function copyDirRecursive(src, dest, opts) {
   if (typeof dest !== "string" || dest.length === 0) {
     throw new AtomicFileError("copyDirRecursive: dest must be a non-empty string", "atomic-file/bad-path");
   }
-  if (!fs.existsSync(src)) {
+  if (!nodeFs.existsSync(src)) {
     throw new AtomicFileError("copyDirRecursive: src does not exist: " + src, "atomic-file/missing-src");
   }
   opts = opts || {};
   var dirMode = typeof opts.dirMode === "number" ? opts.dirMode : 0o700;
   var overwrite = !!opts.overwrite;
-  var copyFlags = overwrite ? 0 : fs.constants.COPYFILE_EXCL;
+  var copyFlags = overwrite ? 0 : nodeFs.constants.COPYFILE_EXCL;
 
   ensureDir(dest, dirMode);
-  var entries = fs.readdirSync(src, { withFileTypes: true });
+  var entries = nodeFs.readdirSync(src, { withFileTypes: true });
   var fileCount = 0;
   var byteCount = 0;
   for (var i = 0; i < entries.length; i++) {
     var name = entries[i].name;
-    var s = path.join(src, name);
-    var d = path.join(dest, name);
+    var s = nodePath.join(src, name);
+    var d = nodePath.join(dest, name);
     if (entries[i].isDirectory()) {
       var sub = copyDirRecursive(s, d, opts);
       fileCount += sub.fileCount;
       byteCount += sub.byteCount;
     } else if (entries[i].isFile()) {
-      fs.copyFileSync(s, d, copyFlags);
-      try { byteCount += fs.statSync(d).size; } catch (_e) { /* size best-effort */ }
+      nodeFs.copyFileSync(s, d, copyFlags);
+      try { byteCount += nodeFs.statSync(d).size; } catch (_e) { /* size best-effort */ }
       fileCount++;
     }
     // Symlinks, sockets, devices: deliberately skipped
@@ -308,30 +308,30 @@ function writeSync(filepath, data, opts) {
     typeMessage: "data must be Buffer, Uint8Array, or string",
   });
 
-  var dir = path.dirname(filepath);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  var dir = nodePath.dirname(filepath);
+  if (!nodeFs.existsSync(dir)) nodeFs.mkdirSync(dir, { recursive: true, mode: 0o700 });
 
   var tmpPath = filepath + ".tmp-" + generateToken(C.BYTES.bytes(8));
   var renamed = false;
   try {
-    var fd = fs.openSync(tmpPath, "w", opts.fileMode);
+    var fd = nodeFs.openSync(tmpPath, "w", opts.fileMode);
     try {
       var pos = 0;
       while (pos < buf.length) {
-        pos += fs.writeSync(fd, buf, pos, buf.length - pos, null);
+        pos += nodeFs.writeSync(fd, buf, pos, buf.length - pos, null);
       }
       _fsync(fd);
     } finally {
-      try { fs.closeSync(fd); } catch (_e) { /* already closed? */ }
+      try { nodeFs.closeSync(fd); } catch (_e) { /* already closed? */ }
     }
-    fs.renameSync(tmpPath, filepath);
+    nodeFs.renameSync(tmpPath, filepath);
     renamed = true;
     _fsyncDir(dir);
   } finally {
     if (!renamed) {
       // Either the write or the rename failed — remove the tmp so the next
       // boot doesn't see a leaked partial file.
-      try { fs.unlinkSync(tmpPath); } catch (_e) { /* may not exist */ }
+      try { nodeFs.unlinkSync(tmpPath); } catch (_e) { /* may not exist */ }
     }
   }
 
@@ -354,7 +354,7 @@ function writeSync(filepath, data, opts) {
  * predict — only glob-by-prefix and prune by age. Operators should
  * call this at boot for every "important" filepath (vault.key.sealed,
  * audit-sign.key.sealed, db.enc, ...) BEFORE the first atomic write
- * to that path. Returns the number of orphans removed.
+ * to that nodePath. Returns the number of orphans removed.
  *
  * @opts
  *   olderThanMs: 300000,   // only prune temp files older than this many ms (default 5 minutes)
@@ -369,8 +369,8 @@ function writeSync(filepath, data, opts) {
 function cleanOrphans(filepath, opts) {
   opts = opts || {};
   var olderThanMs = opts.olderThanMs != null ? opts.olderThanMs : C.TIME.minutes(5);
-  var dir = path.dirname(filepath);
-  var basename = path.basename(filepath);
+  var dir = nodePath.dirname(filepath);
+  var basename = nodePath.basename(filepath);
   var prefix = basename + ".tmp-";
   var nowMs = Date.now();
   var removed = 0;
@@ -382,7 +382,7 @@ function cleanOrphans(filepath, opts) {
     var entry = entries[i];
     try {
       if (nowMs - entry.mtimeMs >= olderThanMs) {
-        fs.unlinkSync(entry.fullPath);
+        nodeFs.unlinkSync(entry.fullPath);
         removed += 1;
       }
     } catch (_e) { /* concurrent cleanup or permission — best effort */ }
@@ -433,24 +433,24 @@ async function write(filepath, data, opts) {
 
   return await _withRetry(function () {
     return new Promise(function (resolve, reject) {
-      var dir = path.dirname(filepath);
-      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+      var dir = nodePath.dirname(filepath);
+      if (!nodeFs.existsSync(dir)) nodeFs.mkdirSync(dir, { recursive: true, mode: 0o700 });
       var tmpPath = filepath + ".tmp-" + generateToken(C.BYTES.bytes(8));
       var renamed = false;
       try {
-        var fd = fs.openSync(tmpPath, "w", opts.fileMode);
+        var fd = nodeFs.openSync(tmpPath, "w", opts.fileMode);
         try {
           var pos = 0;
           while (pos < buf.length) {
-            pos += fs.writeSync(fd, buf, pos, buf.length - pos, null);
+            pos += nodeFs.writeSync(fd, buf, pos, buf.length - pos, null);
           }
           _fsync(fd);
         } finally {
-          try { fs.closeSync(fd); } catch (_e) { /* already closed? */ }
+          try { nodeFs.closeSync(fd); } catch (_e) { /* already closed? */ }
         }
         // Atomic rename — POSIX rename is atomic on the same FS; on Windows,
-        // fs.renameSync uses MoveFileEx with REPLACE_EXISTING.
-        fs.renameSync(tmpPath, filepath);
+        // nodeFs.renameSync uses MoveFileEx with REPLACE_EXISTING.
+        nodeFs.renameSync(tmpPath, filepath);
         renamed = true;
         _fsyncDir(dir);
         var hash = opts.computeHash ? sha3Hash(buf) : null;
@@ -459,7 +459,7 @@ async function write(filepath, data, opts) {
         reject(e);
       } finally {
         if (!renamed) {
-          try { fs.unlinkSync(tmpPath); } catch (_e) { /* may not exist */ }
+          try { nodeFs.unlinkSync(tmpPath); } catch (_e) { /* may not exist */ }
         }
       }
     });
@@ -560,20 +560,20 @@ function _validateMaxBytes(maxBytes) {
 }
 
 function _readSyncCore(filepath, opts) {
-  if (!fs.existsSync(filepath)) {
+  if (!nodeFs.existsSync(filepath)) {
     var e = new AtomicFileError("file not found: " + filepath, "atomic-file/not-found");
     e.code = "ENOENT";
     throw e;
   }
   _validateMaxBytes(opts.maxBytes);
-  var stat = fs.statSync(filepath);
+  var stat = nodeFs.statSync(filepath);
   if (stat.size > opts.maxBytes) {
     throw new AtomicFileError(
       "file size " + stat.size + " > maxBytes " + opts.maxBytes,
       "atomic-file/too-large"
     );
   }
-  var buf = fs.readFileSync(filepath);
+  var buf = nodeFs.readFileSync(filepath);
   if (opts.expectedHash) {
     var actual = sha3Hash(buf);
     if (actual !== opts.expectedHash) {
@@ -706,7 +706,7 @@ async function copy(src, dst, opts) {
  * @status    stable
  * @related   b.atomicFile.read, b.atomicFile.readSync
  *
- * Synchronous existence check. Thin wrapper over `fs.existsSync` that
+ * Synchronous existence check. Thin wrapper over `nodeFs.existsSync` that
  * normalises the answer for callers that already require this module
  * — saves an additional `require("fs")` in modules that otherwise
  * only need atomicFile.
@@ -717,7 +717,7 @@ async function copy(src, dst, opts) {
  *   }
  */
 function exists(filepath) {
-  return fs.existsSync(filepath);
+  return nodeFs.existsSync(filepath);
 }
 
 /**
@@ -767,16 +767,16 @@ async function lock(filepath, fn, opts) {
   while (Date.now() < deadline) {
     try {
       // O_CREAT | O_EXCL — fails if file exists
-      fd = fs.openSync(lockPath, "wx", opts.fileMode);
+      fd = nodeFs.openSync(lockPath, "wx", opts.fileMode);
       break;
     } catch (e) {
       if (e.code !== "EEXIST") throw e;
       // Stale lock detection: if the .lock file is older than 5 minutes,
       // assume the holding process crashed and remove it.
       try {
-        var stat = fs.statSync(lockPath);
+        var stat = nodeFs.statSync(lockPath);
         if (Date.now() - stat.mtimeMs > C.TIME.minutes(5)) {
-          try { fs.unlinkSync(lockPath); }
+          try { nodeFs.unlinkSync(lockPath); }
           catch (uerr) { log.debug("stale-lock unlink failed", { path: lockPath, error: uerr.message }); }
           continue;
         }
@@ -791,7 +791,7 @@ async function lock(filepath, fn, opts) {
     );
   }
   try {
-    fs.writeSync(fd, Buffer.from(JSON.stringify({
+    nodeFs.writeSync(fd, Buffer.from(JSON.stringify({
       pid:        process.pid,
       acquiredAt: Date.now(),
     }), "utf8"));
@@ -801,9 +801,9 @@ async function lock(filepath, fn, opts) {
   try {
     return await fn();
   } finally {
-    try { fs.closeSync(fd); }
+    try { nodeFs.closeSync(fd); }
     catch (cerr) { log.debug("lock fd close failed", { error: cerr.message }); }
-    try { fs.unlinkSync(lockPath); }
+    try { nodeFs.unlinkSync(lockPath); }
     catch (uerr) { log.debug("lock release unlink failed", { path: lockPath, error: uerr.message }); }
   }
 }
@@ -848,7 +848,7 @@ function listDir(dir, opts) {
 
   var entries;
   try {
-    entries = fs.readdirSync(dir);
+    entries = nodeFs.readdirSync(dir);
   } catch (e) {
     if (missingOk && e.code === "ENOENT") return [];
     throw new AtomicFileError(
@@ -861,11 +861,11 @@ function listDir(dir, opts) {
   for (var i = 0; i < entries.length; i++) {
     var name = entries[i];
     if (filter && !filter(name)) continue;
-    var fullPath = path.join(dir, name);
+    var fullPath = nodePath.join(dir, name);
     var entry = { name: name, fullPath: fullPath };
     if (includeStat) {
       try {
-        var stat = fs.statSync(fullPath);
+        var stat = nodeFs.statSync(fullPath);
         entry.mtimeMs    = stat.mtimeMs;
         entry.sizeBytes  = stat.size;
         entry.isDirectory = stat.isDirectory();

package/lib/audit-sign.js

@@ -58,8 +58,8 @@
  * @card
  *   SLH-DSA-SHAKE-256f post-quantum signature for audit-chain checkpoints.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var nodeCrypto = require("crypto");
 var atomicFile = require("./atomic-file");
 var { sha3Hash } = require("./crypto");
@@ -118,8 +118,8 @@ var log = boot("audit-sign");
 function resolvePaths(dataDir) {
   return {
     dataDir:    dataDir,
-    plaintext:  path.join(dataDir, "audit-sign.key"),
-    sealed:     path.join(dataDir, "audit-sign.key.sealed"),
+    plaintext:  nodePath.join(dataDir, "audit-sign.key"),
+    sealed:     nodePath.join(dataDir, "audit-sign.key.sealed"),
   };
 }
 
@@ -200,13 +200,13 @@ async function init(opts) {
   currentMode = mode;
   paths = resolvePaths(opts.dataDir);
 
-  if (!fs.existsSync(paths.dataDir)) fs.mkdirSync(paths.dataDir, { recursive: true });
+  if (!nodeFs.existsSync(paths.dataDir)) nodeFs.mkdirSync(paths.dataDir, { recursive: true });
   // Sweep tmp files from any prior crashed write
   atomicFile.cleanOrphans(paths.sealed);
   atomicFile.cleanOrphans(paths.plaintext);
 
-  var hasPlaintext = fs.existsSync(paths.plaintext);
-  var hasSealed    = fs.existsSync(paths.sealed);
+  var hasPlaintext = nodeFs.existsSync(paths.plaintext);
+  var hasSealed    = nodeFs.existsSync(paths.sealed);
   if (hasPlaintext && hasSealed) {
     throw _err("KEY_FILE_CONFLICT",
       "both audit-sign.key and audit-sign.key.sealed exist; resolve manually");
@@ -233,7 +233,7 @@ async function init(opts) {
 }
 
 function _initPlaintext() {
-  if (fs.existsSync(paths.plaintext)) {
+  if (nodeFs.existsSync(paths.plaintext)) {
     var loaded;
     try { loaded = safeJson.parse(atomicFile.readSync(paths.plaintext), { schema: SIGNING_KEY_SCHEMA }); }
     catch (e) {

package/lib/audit-tools.js

@@ -54,8 +54,8 @@
  *   Operator-side audit-chain inspection / export — verify chain integrity end-to-end, export RFC 8785 canonical-JSON slices, format rows for downstream SIEM (CADF / ISO 19395), and generate tamper-evident compliance-evidence bundles auditors can verify off-line.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var pkg = require("../package.json");
 var atomicFile = require("./atomic-file");
 var auditChain = require("./audit-chain");
@@ -65,7 +65,7 @@ var backupCrypto = require("./backup/crypto");
 var clusterStorage = require("./cluster-storage");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
-var jsonSafe = require("./safe-json");
+var safeJson = require("./safe-json");
 var { defineClass } = require("./framework-error");
 
 var FRAMEWORK_VERSION = (pkg && pkg.version) || "unknown";
@@ -117,7 +117,7 @@ function _requireOutDir(outDir, kind) {
     throw new AuditToolsError("audit-tools/no-outdir",
       kind + ": opts.out is required");
   }
-  if (fs.existsSync(outDir)) {
+  if (nodeFs.existsSync(outDir)) {
     throw new AuditToolsError("audit-tools/outdir-exists",
       kind + ": out already exists: " + outDir +
       " (refusing to overwrite — pick a fresh path)");
@@ -128,7 +128,7 @@ function _requireOutDir(outDir, kind) {
 // as audit-chain.canonicalize, config-drift._stableStringify, and
 // pagination._canonicalize for the same input. Pre-v0.6.67 each site
 // had its own copy of the walk, all carrying the same silent-loss bug
-// for Date / Buffer / Map / Set / BigInt / circular refs.
+// for Date / Buffer / Map / Set / BigInt / circular renodeFs.
 function _canonicalize(value) { return canonicalJson.stringify(value); }
 
 // Convert a single audit_log row to its on-disk-canonical JSON shape.
@@ -309,14 +309,14 @@ async function _writeBundle(args) {
     return JSON.stringify(_rowToWireForm(r));
   }).join("\n") + "\n";
   var rowsEnc = await backupCrypto.encryptWithFreshSalt(jsonl, passphrase);
-  atomicFile.writeSync(path.join(outDir, "rows.enc"), rowsEnc.encrypted, { fileMode: 0o600 });
+  atomicFile.writeSync(nodePath.join(outDir, "rows.enc"), rowsEnc.encrypted, { fileMode: 0o600 });
 
   // 2. (archive) Encrypt the checkpoint JSON
   var checkpointSalt = null;
   if (checkpoint) {
     var ckptJson = _canonicalize(_rowToWireForm(checkpoint));
     var ckptEnc = await backupCrypto.encryptWithFreshSalt(ckptJson, passphrase);
-    atomicFile.writeSync(path.join(outDir, "checkpoint.enc"), ckptEnc.encrypted, { fileMode: 0o600 });
+    atomicFile.writeSync(nodePath.join(outDir, "checkpoint.enc"), ckptEnc.encrypted, { fileMode: 0o600 });
     checkpointSalt = ckptEnc.salt;
   }
 
@@ -343,7 +343,7 @@ async function _writeBundle(args) {
     checksum: {
       rowsSha3_512:       backupCrypto.checksum(rowsEnc.encrypted),
       checkpointSha3_512: checkpointSalt
-        ? backupCrypto.checksum(fs.readFileSync(path.join(outDir, "checkpoint.enc")))
+        ? backupCrypto.checksum(nodeFs.readFileSync(nodePath.join(outDir, "checkpoint.enc")))
         : null,
     },
   };
@@ -355,7 +355,7 @@ async function _writeBundle(args) {
       checkpointId:         String(checkpoint._id),
     };
   }
-  var manifestPath = path.join(outDir, "manifest.json");
+  var manifestPath = nodePath.join(outDir, "manifest.json");
   atomicFile.writeSync(manifestPath, _canonicalize(manifest), { fileMode: 0o600 });
   return { manifest: manifest, manifestPath: manifestPath };
 }
@@ -363,16 +363,16 @@ async function _writeBundle(args) {
 // ---- Bundle reader ----
 
 async function _readBundle(inDir, passphrase) {
-  if (typeof inDir !== "string" || !fs.existsSync(inDir)) {
+  if (typeof inDir !== "string" || !nodeFs.existsSync(inDir)) {
     throw new AuditToolsError("audit-tools/no-bundle",
       "bundle directory does not exist: " + inDir);
   }
-  var manifestPath = path.join(inDir, "manifest.json");
-  if (!fs.existsSync(manifestPath)) {
+  var manifestPath = nodePath.join(inDir, "manifest.json");
+  if (!nodeFs.existsSync(manifestPath)) {
     throw new AuditToolsError("audit-tools/no-manifest",
       "manifest.json missing in " + inDir);
   }
-  var manifest = jsonSafe.parse(fs.readFileSync(manifestPath, "utf8"));
+  var manifest = safeJson.parse(nodeFs.readFileSync(manifestPath, "utf8"));
   if (!manifest || manifest.format !== BUNDLE_FORMAT) {
     throw new AuditToolsError("audit-tools/bad-format",
       "manifest.format is not " + BUNDLE_FORMAT);
@@ -382,12 +382,12 @@ async function _readBundle(inDir, passphrase) {
       "manifest.kind must be one of " + Object.keys(VALID_KINDS).join(", "));
   }
 
-  var rowsEncPath = path.join(inDir, "rows.enc");
-  if (!fs.existsSync(rowsEncPath)) {
+  var rowsEncPath = nodePath.join(inDir, "rows.enc");
+  if (!nodeFs.existsSync(rowsEncPath)) {
     throw new AuditToolsError("audit-tools/no-rows-blob",
       "rows.enc missing in " + inDir);
   }
-  var rowsEnc = fs.readFileSync(rowsEncPath);
+  var rowsEnc = nodeFs.readFileSync(rowsEncPath);
   if (manifest.checksum && manifest.checksum.rowsSha3_512 &&
       backupCrypto.checksum(rowsEnc) !== manifest.checksum.rowsSha3_512) {
     throw new AuditToolsError("audit-tools/rows-checksum-mismatch",
@@ -396,16 +396,16 @@ async function _readBundle(inDir, passphrase) {
   var rowsPlainBuf = await backupCrypto.decryptWithPassphrase(rowsEnc, passphrase, manifest.salts.rows);
   var rowsPlain = rowsPlainBuf.toString("utf8");
   var lines = rowsPlain.split("\n").filter(function (l) { return l.length > 0; });
-  var rows = lines.map(function (l) { return _wireFormToRow(jsonSafe.parse(l)); });
+  var rows = lines.map(function (l) { return _wireFormToRow(safeJson.parse(l)); });
 
   var checkpoint = null;
   if (manifest.kind === KIND_ARCHIVE) {
-    var ckptPath = path.join(inDir, "checkpoint.enc");
-    if (!fs.existsSync(ckptPath)) {
+    var ckptPath = nodePath.join(inDir, "checkpoint.enc");
+    if (!nodeFs.existsSync(ckptPath)) {
       throw new AuditToolsError("audit-tools/no-checkpoint-blob",
         "checkpoint.enc missing in " + inDir + " (archive bundles must include the covering checkpoint)");
     }
-    var ckptEnc = fs.readFileSync(ckptPath);
+    var ckptEnc = nodeFs.readFileSync(ckptPath);
     if (manifest.checksum && manifest.checksum.checkpointSha3_512 &&
         backupCrypto.checksum(ckptEnc) !== manifest.checksum.checkpointSha3_512) {
       throw new AuditToolsError("audit-tools/checkpoint-checksum-mismatch",
@@ -413,7 +413,7 @@ async function _readBundle(inDir, passphrase) {
     }
     var ckptPlain = (await backupCrypto.decryptWithPassphrase(ckptEnc, passphrase, manifest.salts.checkpoint))
       .toString("utf8");
-    checkpoint = _wireFormToRow(jsonSafe.parse(ckptPlain));
+    checkpoint = _wireFormToRow(safeJson.parse(ckptPlain));
   }
 
   return { manifest: manifest, rows: rows, checkpoint: checkpoint };
@@ -956,7 +956,7 @@ function _toCadfOutcome(outcome) {
 function _toCadfEvent(row) {
   var meta = null;
   if (row.metadata) {
-    try { meta = typeof row.metadata === "string" ? jsonSafe.parse(row.metadata) : row.metadata; }
+    try { meta = typeof row.metadata === "string" ? safeJson.parse(row.metadata) : row.metadata; }
     catch (_e) { meta = { raw: String(row.metadata) }; }
   }
   var ev = {

package/lib/auth/dpop.js

@@ -27,7 +27,7 @@
  */
 
 var nodeCrypto = require("crypto");
-var blamejsCrypto = require("../crypto");
+var bCrypto = require("../crypto");
 var safeJson = require("../safe-json");
 var safeUrl = require("../safe-url");
 var validateOpts = require("../validate-opts");
@@ -417,7 +417,7 @@ async function verify(proof, opts) {
   // Compute thumbprint for downstream binding (jkt → access-token cnf claim)
   var jkt = thumbprint(header.jwk);
   if (typeof opts.expectedThumbprint === "string" && opts.expectedThumbprint.length > 0) {
-    if (!blamejsCrypto.timingSafeEqual(jkt, opts.expectedThumbprint)) {
+    if (!bCrypto.timingSafeEqual(jkt, opts.expectedThumbprint)) {
       throw new AuthError("auth-dpop/thumbprint-mismatch",
         "proof key thumbprint does not match expected");
     }
@@ -461,7 +461,7 @@ async function verify(proof, opts) {
       throw new AuthError("auth-dpop/missing-ath",
         "accessToken supplied but proof has no ath claim");
     }
-    if (!blamejsCrypto.timingSafeEqual(payload.ath, expectedAth)) {
+    if (!bCrypto.timingSafeEqual(payload.ath, expectedAth)) {
       throw new AuthError("auth-dpop/ath-mismatch",
         "payload.ath does not match SHA-256 of access token");
     }

package/lib/auth/elevation-grant.js

@@ -36,7 +36,7 @@ var C             = require("../constants");
 var { AuthError } = require("../framework-error");
 
 var audit         = lazyRequire(function () { return require("../audit"); });
-var fwCrypto      = lazyRequire(function () { return require("../crypto"); });
+var bCrypto      = lazyRequire(function () { return require("../crypto"); });
 
 var DEFAULT_TTL_SEC      = C.TIME.minutes(15) / C.TIME.seconds(1);
 var MAX_TTL_SEC          = C.TIME.hours(1)    / C.TIME.seconds(1);
@@ -82,7 +82,7 @@ function _macFor(payloadB64) {
 
 function _timingSafeEqualBuf(a, b) {
   if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) return false;
-  return fwCrypto().timingSafeEqual(a, b);
+  return bCrypto().timingSafeEqual(a, b);
 }
 
 function create(opts) {
@@ -128,7 +128,7 @@ function create(opts) {
   }
   var nowSec = (typeof opts.now === "number" && isFinite(opts.now))
     ? opts.now : Math.floor(Date.now() / C.TIME.seconds(1));
-  var jti = fwCrypto().generateBytes(C.BYTES.bytes(16)).toString("base64url");
+  var jti = bCrypto().generateBytes(C.BYTES.bytes(16)).toString("base64url");
   var payload = {
     sub:      opts.subject,
     scope:    opts.scope,

package/lib/auth/fido-mds3.js

@@ -47,8 +47,8 @@ var _wa          = require("../vendor/simplewebauthn-server.cjs");
 var { FidoMds3Error } = require("../framework-error");
 
 var httpClient = lazyRequire(function () { return require("../http-client"); });
-var cacheFwk   = lazyRequire(function () { return require("../cache"); });
-var auditFwk   = lazyRequire(function () { return require("../audit"); });
+var cache      = lazyRequire(function () { return require("../cache"); });
+var audit      = lazyRequire(function () { return require("../audit"); });
 
 var DEFAULT_URL          = "https://mds3.fidoalliance.org/";
 var DEFAULT_TIMEOUT_MS   = C.TIME.seconds(30);
@@ -289,7 +289,7 @@ function _verifyJws(jws, leafCert) {
 var _sharedCache = null;
 function _getCache() {
   if (_sharedCache) return _sharedCache;
-  _sharedCache = cacheFwk().create({
+  _sharedCache = cache().create({
     namespace:  "auth-fido-mds3.blob",
     ttlMs:      MAX_CACHE_TTL_MS,
     maxEntries: 8,                                                                 // allow:raw-byte-literal — operator-pinned URL set
@@ -440,7 +440,7 @@ async function fetch(opts) {   // allow:raw-outbound-http — function name is f
         },
       });
     } catch (e) {
-      try { auditFwk().safeEmit({
+      try { audit().safeEmit({
         action:   "auth.fido_mds3.fetch.network",
         outcome:  "failure",
         metadata: { url: url, reason: (e && e.message) || String(e) },
@@ -482,7 +482,7 @@ async function fetch(opts) {   // allow:raw-outbound-http — function name is f
     // wrap-call's safe-minimum seed).
     try { await c.set(cacheKey, record, _ttlFromNextUpdate(nextUpdate)); }
     catch (_e) { /* cache.set best-effort */ }
-    try { auditFwk().safeEmit({
+    try { audit().safeEmit({
       action:   "auth.fido_mds3.fetch",
       outcome:  "success",
       metadata: { url: url, no: payload.no, entries: payload.entries.length,
@@ -633,7 +633,7 @@ function verifyAuthenticator(blob, registrationInfo, vopts) {
   }
   var certifiedLevel = _certifiedLevel(statusReports);
   if (refusedStatus) {
-    try { auditFwk().safeEmit({
+    try { audit().safeEmit({
       action:   "auth.fido_mds3.verify.refused",
       outcome:  "denied",
       metadata: { aaguid: registrationInfo.aaguid, status: refusedStatus },

package/lib/auth/jwt-external.js

@@ -59,7 +59,7 @@ var { AuthError } = require("../framework-error");
 
 var httpClient = lazyRequire(function () { return require("../http-client"); });
 var cache      = lazyRequire(function () { return require("../cache"); });
-var auditFwk   = lazyRequire(function () { return require("../audit"); });
+var audit      = lazyRequire(function () { return require("../audit"); });
 
 // ---- constants ----
 
@@ -271,7 +271,7 @@ async function verifyExternal(token, opts) {
   // outright. Operators with JWE need a separate handler wired to
   // their KMS — never a defaulted JWE path on the JWS verifier.
   if (parts.length === 5) {
-    try { auditFwk().safeEmit({
+    try { audit().safeEmit({
       action:   "jwt.jwe.refused",
       outcome:  "denied",
       metadata: { reason: "jwe-on-jws-verifier" },

package/lib/auth/sd-jwt-vc.js

@@ -61,14 +61,14 @@
  */
 
 var nodeCrypto = require("node:crypto");
-var blamejsCrypto = require("../crypto");
+var bCrypto = require("../crypto");
 var safeBuffer = require("../safe-buffer");
 var safeJson = require("../safe-json");
 var validateOpts = require("../validate-opts");
 
 function _timingSafeEqStr(a, b) {
   if (typeof a !== "string" || typeof b !== "string") return false;
-  return blamejsCrypto.timingSafeEqual(a, b);
+  return bCrypto.timingSafeEqual(a, b);
 }
 var disclosure = require("./sd-jwt-vc-disclosure");
 var sdJwtVcIssuer = require("./sd-jwt-vc-issuer");